Configure an Edge site with a Google Artifact Registry
This topic explores how to configure an Edge site with Google Artifact Registry.
We support the following Google Artifact Registry authentication methods:
- Service Account Key
- Workload Identity Federation for GKE
- This method is only available for Edge sites installed on a GKE managed Kubernetes cluster.
- K3s
- Managed Kubernetes
Service Account Key
To install your Edge site on k3s with a Google Artifact Registry using the Service Account Key authentication method, add the following flags to the installation command:
-r registries.yaml
--registry-url <url_for_registry>
--registry-user _json_key
--registry-pass <path_to_json_key_file>sudo sh install-master.sh properties.yaml -r registries.yaml
--registry-url https://europe-west1-docker.pkg.dev/path/to/registry
--registry-user _json_key
--registry-pass /path/to/json_key_file.jsonFor more information, go to the Google Artifact Registry service account documentation.
Service Account Key
To install your Edge site on managed Kubernetes cluster with a Google Artifact Registry using the Service Account Key authentication method, add the following flags to the installation command:
--registry-url <url_for_registry>
--registry-user _json_key
# as a single lined version of what’s in the json_key json file wrapped in single quotes OR you can simply pass the path to the json_key json file
--registry-pass <path_to_json_key_file> OR <json_key_in_format_above>./edgecli install
--registry-url https://europe-west1-docker.pkg.dev/path/to/registry
--registry-user _json_key
--registry-pass /path/to/json_key_file.jsonFor more information, go to the Google Artifact Registry service account documentation.
Workload Identity Federation for GKE
Google Artifact Registries that use the Workload Identity Federation for GKE authentication method are only supported for Edge sites installed on a GKE managed Kubernetes cluster. We recommend using a service account with GAR access on the GKE node level, however, you can use IAM authentication that doesn't require a specific service account on the cluster to pull container images.
To install your Edge site on a GKE managed Kubernetes cluster with a Google Artifact Registry using the Workload Identity Federation for GKE authentication method, add the following flag to the installation command:
--registry-url <url_for_registry>./edgecli install
--registry-url https://europe-west1-docker.pkg.dev/path/to/registryFor more information about the Workload Identity Federation for GKE authentication method, go to Google's documentation: