Configure a private docker registry

You can set up a private docker registry using JFrog's Artifactory. A private docker registry allows you to use your own infrastructure to perform your own security scans and audit docker images consumed by Edge. It also reduces the risk of a compromised Collibra registry running compromised code on your network.

Your private docker registry, or the location where you pull your images from, must be behind a secure firewall that is not accessible via the internet. Otherwise, unintended users may gain access to proprietary information, which will trigger a security incident within your organization and Collibra.

Note 
  • Custom Helm registries are not supported.
  • Other forms of security scanning, such as penetration tests, can be performed either independently or as a part of the security flow that includes a private docker registry.
  • Security scan reports are only be accepted for supported Edge site versions. This is because security fixes are not applied to old, out-dated versions of Edge. For example, from November 19 2023 to February 24, 2024, security scans are only accepted for Edge site version 2023.11 and subsequent weekly updates (2023.11.x). For information on which Edge versions are supported with the latest release, go to the Compatibility between Edge sites and Collibra Data Intelligence Cloud.

Before you begin

  • Switching to a private docker registry is only possible during installation.

Requirements and permissions

  • You must have admin access to JFrog Artifactory.
  • You have the Edge site administrator global role.
  • The registry user should have read/pull permissions for the docker registry. This should be validated manually prior to installing Edge.

We use JFrog's Artifactory, which is a repository manager that allows for dynamic mirroring of docker registries, to manage our repository. If your company has their own JFrog Artifactory, you can configure it to automatically mirror images from Collibra's Artifactory.

This method is easy to set up and supports both manual and automatic upgrade modes. However, it has limited options for security scanning.

Steps

  1. Mirror Collibra's registry.
    Note When configuring a private Artifactory docker registry, the registry must follow the "subdomain first" method for pulling images.
    • Correct example: <repository-key>.artifactory.my.org
    • Incorrect example: artifactory.my.org/<repository-key>
  2. Install or reinstall your Edge site.
    Note The Helm chart method only supports setting up a private docker registry during installation.