About private registries with Edge

A private container image registry allows you to use your own infrastructure to perform security scans and audit container images consumed by your Edge site. Before you configure a private container registry, keep the following in mind:

• Switching to a private container image registry is only possible during installation. If you want to add a private container image registry for an existing Edge site, you need to reinstall your Edge site with your registry.
• All Edge site container images must live in the same registry.
• When copying images to your private container image registry, make sure only the domain name is updated when tagging the new images.

Supported private container image registries

• Amazon Elastic Container Registry
• Azure Container Registry
• Google Artifact Registry
• JFrog
• Nexus

Note The above list shows the tested and supported private container image registries. If your private container image registry is not listed but uses user/pass authentication, you can attempt to install your Edge site with your registry. However, Collibra Support can't provide assistance for untested registries.

 

A private Helm registry can be used to store and serve Helm charts for Edge. Before you configure a private Helm registry, keep the following in mind:

• As the authentication happens inside of the edge-cd pod, and not at the kubelet level, only user/pass authentication is supported with private Helm registries.
• Your Edge site must have Manual Upgrade mode enabled, to avoid your Edge site upgrading to a version of Edge that has not been published in your private registry yet.

How to retrieve Helm charts

If you want to have a private Helm registry, you need to pull the Helm chart information when you install or upgrade an Edge site. The commands you use depend upon your Edge site installation method.

Steps

1. Get the Edge site site version:
   1. When installing an Edge site, download the Edge site installer and copy the version of Edge you are installing.
   2. When upgrading an Edge site, copy the version you are upgrading to from the Manual Upgrade version list.
2. Go to the following file located in the extracted Edge site installer: /resources/manifests/sc-collibra-edge-repo-creds.yaml
3. Copy the following information:
   1. URL
   2. Username
   3. Password
4. To pull the Collibra Helm repository, enter the information you copied in the above steps into the commands relevant to your Edge site installation method:
   1. For Helm chart installations:
      Copy

      helm pull <url_from_step_3>edge-helm-platinum/api/charts/collibra-edge-<version_from_step_1>.tgz 
      --username <username_from_step_3> 
      --password <password_from_step_3> 

   2. For bundled k3s or Edge CLI installations, as you need to pull 2 Helm charts, you need to enter this information into 2 commands:
      1. Copy

         helm pull <url_from_step_3>edge-helm-platinum/api/charts/collibra-edge-<version_from_step_1>.tgz 
         --username <username_from_step_3> 
         --password <password_from_step_3> 

      2. Copy

         helm pull <url_from_step_3>edge-helm-gold/api/charts/edge-cd-<version_from_step_1>.tgz 
         --username <username_from_step_3> 
         --password <password_from_step_3> 

 

Supported private Helm registries

• Azure Container Registry
• Google Artifact Registry
• JFrog

Note The above list shows the tested and supported private container image registries. If your private container image registry is not listed but uses user/pass authentication, you can attempt to install your Edge site with your registry. However, Collibra Support can't provide assistance for untested registries.