About private registries with Edge

You can use a private registry with your Edge site to have more control over the security and deployment of your Edge site.

There are 2 types of custom registries you can use with Edge:

  • A private container image registry - a repository that allows you to store and manage the container images included in an Edge site installation.
  • A private Helm registry - a repository that allows you to store and manage the Helm charts included in an Edge site installation.

Both registry types are supported for Edge sites installed on bunlded k3s, or via the Edge CLI or Helm chart methods.

Note 
  • Other forms of security scanning, such as penetration tests, can be performed either independently or as a part of the security flow that includes a private container image registry.
  • Security scan reports are only accepted for supported Edge versions. This is because security fixes are not applied to old, out-dated versions of Edge. For example, from November 19, 2023 to February 24, 2024, security scans are only accepted for Edge version 2023.11 and subsequent weekly updates (2023.11.x). For information on which Edge versions are supported with the latest release, go to the Compatibility between Edge and Collibra Data Intelligence Cloud.

A private container image registry allows you to use your own infrastructure to perform security scans and audit container images consumed by your Edge site. Before you configure a private container registry, keep the following in mind:

  • Switching to a private container image registry is only possible during installation. If you want to add a private container image registry for an existing Edge site, you need to reinstall your Edge site with your registry.
  • All Edge site container images must live in the same registry.
  • When copying images to your private container image registry, make sure only the domain name is updated when tagging the new images.

Supported private container image registries

Note The above list shows the tested and supported private container image registries. If your private container image registry is not listed but uses user/pass authentication, you can attempt to install your Edge site with your registry. However, Collibra Support can't provide assistance for untested registries.

A private Helm registry can be used to store and serve Helm charts for Edge. Before you configure a private Helm registry, keep the following in mind:

  • As the authentication happens inside of the edge-cd pod, and not at the kubelet level, only user/pass authentication is supported with private Helm registries.
  • Your Edge site must have Manual Upgrade mode enabled, to avoid your Edge site upgrading to a version of Edge that has not been published in your private registry yet.

How to retrieve Helm charts

If you want to have a private Helm registry, you need to pull the Helm chart information when you install or upgrade an Edge site. The commands you use depend upon your Edge site installation method.

Steps

  1. Get the Edge site site version:
    1. When installing an Edge site, download the Edge site installer and copy the version of Edge you are installing.
    2. When upgrading an Edge site, copy the version you are upgrading to from the Manual Upgrade version list.
  2. Go to the following file located in the extracted Edge site installer: /resources/manifests/sc-collibra-edge-repo-creds.yaml
  3. Copy the following information:
    1. URL
    2. Username
    3. Password
  4. To pull the Collibra Helm repository, enter the information you copied in the above steps into the commands relevant to your Edge site installation method:
    1. For Helm chart installations:
      Copy
      helm pull <url_from_step_3>edge-helm-platinum/api/charts/collibra-edge-<version_from_step_1>.tgz 
      --username <username_from_step_3> 
      --password <password_from_step_3> 
    2. For bundled k3s or Edge CLI installations, as you need to pull 2 Helm charts, you need to enter this information into 2 commands:
      1. Copy
        helm pull <url_from_step_3>edge-helm-platinum/api/charts/collibra-edge-<version_from_step_1>.tgz 
        --username <username_from_step_3> 
        --password <password_from_step_3> 
      2. Copy
        helm pull <url_from_step_3>edge-helm-gold/api/charts/edge-cd-<version_from_step_1>.tgz 
        --username <username_from_step_3> 
        --password <password_from_step_3> 

 

Supported private Helm registries

Note The above list shows the tested and supported private container image registries. If your private container image registry is not listed but uses user/pass authentication, you can attempt to install your Edge site with your registry. However, Collibra Support can't provide assistance for untested registries.