Install an Edge site

Updated: March 6, 2026

Install the Edge software on a Linux server after you create the Edge site in Collibra Platform.

Choose one of the following options based on your infrastructure:

Bundled k3s: The easiest option for local installations on a Linux virtual machine running Red Hat. Edge provides the supported Kubernetes version.
A managed Kubernetes cluster: Use one of the following methods if you want to install Edge on an existing, supported Kubernetes cluster.
- Edge CLI: This recommended method grants you more control over the location and resources of your Edge site installation.
- Helm chart: Use this method only if you are familiar with Helm and Kubernetes.

For an overview of the Edge workflow, go to Steps Overview: Setup and use a site.

Prerequisites

You have a global role with the Install Edge sites and the User Administration global permission, for example Edge site administrator.
You configured the forward proxy, if a forward proxy is required for Edge to connect to Collibra, jFrog, and the OpenTelemtry endpoint, if it's different from the default.Contact your network administrator if this is applicable.
Your server meets all system requirements.

Steps

Download the installer:
1. Open a site.
  1. On the main toolbar, click → Settings.
    The Settings page opens.
  2. In the tab pane, click Edge.
    The Sites tab opens and shows a table with an overview of your sites.
  3. In the site overview, click the name of a site.
    The site page appears.
2. Click Download Installer.
  An Edge user is created in Collibra.
  Warning Every time you download an Edge site installer, the previously downloaded Edge site installer becomes outdated. If you use this outdated installer, the Edge site cannot communicate with Collibra.
3. Depending on your operating system and browser, follow the regular steps for downloading files.
  The installer file is a TGZ archive and contains the files proxy.properties and registries.yaml.
Extract the TGZ archive on the server on which you want to install the Edge site software.
Copy
```
tar -xf <edge-site-id>-installer.tgz
```
Note
- Keep the installer or the contents of the extracted installer in a secure location on your server. These contents contain various tools that you may need later, for example to troubleshoot issues.
- Ensure the directory is not mounted as noexec before you run scripts or executable files. If a directory is mounted as noexec, scripts and executable files can't be run within the directory. For example, you won't be able to use the Edge CLI if you mount the directory as noexec.

From inside the extracted TGZ archive directory, run the k3s installer script, including any additional flags you may need to configure. For example, if you want to configure a forward proxy or use a private docker registry for your Edge site.

Copy

sudo sh install-master.sh -r registries.yaml

Show me the k3s install script flags…

Flag	Description
`--proxy`	If you are using a forward proxy, add this flag to the installation prerequisite script. Note If your proxy properties are not in the default proxy.properties file in the root of the installer, you must add the file path the installation prerequisite script. For example: `--proxy temp/proxy/proxyproperties`
`--ca`	Add this flag to use a custom certificate, such as for a forward man-in-the-middle proxy. Note If your custom certificate are not in the default ca.pem file in the root of the installer, you must add the file path the installation prerequisite script. For example: `--ca temp/certs` You can also use this flag to add a custom certificate for data sources. More information… Your data source may require the injection of a custom certificate in order to connect with your Edge site. This custom certificate is typically signed by a private, untrusted Certificate Authority, and therefore must be added to your Edge site truststore. As you may not have a list of all required certificates at the time of installation, we recommend the `sudo ./edgecli config ca merge --path` command shown in the Edge CLI topic. The process functions as follows: Edge and the data source connect using the data source certificate. Edge communicates the data source metadata to your Collibra Platform using a Collibra certified certificate.
Private container image registry	Use these flags if you want to install your Edge site with a private container image registry to store and manage the container images included in an Edge site installation.
`--registry-url <registry-url>`	The URL of your registry. For more information about the flags and format required for the supported registries and authentication methods, go to the private container image registry documentation.
`--registry-user <registry-user>`	Your registry account username. For more information about the flags and format required for the supported registries and authentication methods, go to the private container image registry documentation.
`--registry-pass <registry-pass>`	Your registry account password. For more information about the flags and format required for the supported registries and authentication methods, go to the private container image registry documentation.
Private Helm registry	Use the following flags if you want to install your Edge site with a private Helm registry, which stores and manage the Helm charts included in an Edge site installation.
`--helm-url <helm-registry-url`	The URL of your registry. For more information about the flags and format required for the supported registries and authentication methods, go to the private Helm registry documentation.
`--helm-user <helm-registry-user>`	Your registry account username. This may look different depending on your authentication method, for example: Username Token name Service principal ID JSON key For more information about the flags and format required for the supported registries and authentication methods, go to the private Helm registry documentation.
`--helm-pass <helm-registry-pass>`	Your registry account password. This may look different depending on your authentication method, for example: Password Token password Service principal secret Path to JSON file For more information about the flags and format required for the supported registries and authentication methods, go to the private Helm registry documentation.
`--user-id <user_id>`	Add this flag to run all of your Edge site pods and containers with a specific user ID (UID).
`--group-id <group_id>`	Add this flag to run all of your Edge site pods and containers with a specific group ID (GID).

In the Edge sites overview, you can see the status of the deployment.

Run the following commands to verify the status of the installation.
- To ensure that Kubernetes is running and that there is an existing node:
  Copy
```
sudo /usr/local/bin/kubectl get nodes
```
- To ensure the state of all pods are installed and running:
  Copy
```
sudo /usr/local/bin/kubectl get pods --all-namespaces
```

Tip

What is your Edge site installation method?

Edge CLI (recommended)Helm Chart

Which Edge CLI method do you want to use?

Default (recommended)Restrictive

The default Edge CLI method automatically creates the required cluster level objects, such as namespaces and priority classes, for you. This reduces manual configuration and ensures your Edge site meets the cluster level requirements.

Prerequisites

You have a global role with the Install Edge sites and the User Administration global permission, for example Edge site administrator.
You configured the forward proxy, if a forward proxy is required for Edge to connect to Collibra, jFrog, and the OpenTelemtry endpoint, if it's different from the default.Contact your network administrator if this is applicable.
Your server meets all system requirements.
You must have admin level access to your the Kubernetes cluster where you want to install your Edge site.

Steps

Download the installer:
1. Open a site.
  1. On the main toolbar, click → Settings.
    The Settings page opens.
  2. In the tab pane, click Edge.
    The Sites tab opens and shows a table with an overview of your sites.
  3. In the site overview, click the name of a site.
    The site page appears.
2. Click Download Installer.
  An Edge user is created in Collibra.
  Warning Every time you download an Edge site installer, the previously downloaded Edge site installer becomes outdated. If you use this outdated installer, the Edge site cannot communicate with Collibra.
3. Depending on your operating system and browser, follow the regular steps for downloading files.
  The installer file is a TGZ archive and contains the files proxy.properties and registries.yaml.
Extract the TGZ archive on the external Linux server which will be used to install the Edge site on your managed Kubernetes cluster.
Copy
```
tar -xf <edge-site-id>-installer.tgz
```
Note
- Keep the installer or the contents of the extracted installer in a secure location on your server. These contents contain various tools that you may need later, for example to troubleshoot issues.
- Ensure the directory is not mounted as noexec before you run scripts or executable files. If a directory is mounted as noexec, scripts and executable files can't be run within the directory. For example, you won't be able to use the Edge CLI if you mount the directory as noexec.
Set the EDGE_INSTALLER_PATH environment variable to the path of the root of the extracted installer.
Example…
1. Go to the extracted installer and run pwd.The result should look similar to this:
  /path/to/installer/installer-111e8a59-b842-4f57-970c-32aa72000598
2. Set the environment variable to the result:
  export EDGE_INSTALLER_PATH=/path/to/installer/installer-111e8a59-b842-4f57-970c-32aa72000598
Run the following command to confirm that the Kubeconfig environment variable has been set to a valid kubeconfig:
Copy
```
echo $KUBECONFIG 
```
If you intend to have multiple Edge sites in your Kubernetes cluster, you must give each Edge site a unique namespace.
How to create a unique namespace…
1. Copy the following command, replacing <my-namespace> with a unique name for the namespace:
  Copy
  apiVersion: v1 kind: Namespace metadata: name: <my-namespace> labels: pod-security.kubernetes.io/enforce: baseline pod-security.kubernetes.io/enforce-version: v1.27
2. Store this copied yaml into a new file called collibra-edge-ns.yaml.
3. Create the namespace using kubectl:
  Copy
  kubectl apply -f collibra-edge-ns.yaml <my-namespace>
Note Throughout the remaining installation steps, add this new namespace to the provided commands.

If you are using an Openshift cluster, deploy Security Context Constraints (SCC) which provide Edge service accounts with the required permissions.

How to create and install security constraints…

Create the SCC file, for example, edge-scc-minimal.yaml, and paste the following information into it:

Copy

apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
  name: edge-scc-documented
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: false
allowPrivilegedContainer: false
allowedCapabilities: []
allowedUnsafeSysctls: []
defaultAddCapabilities: []
fsGroup:
  type: MustRunAs
priority: null
readOnlyRootFilesystem: true
requiredDropCapabilities: []
runAsUser:
  type: MustRunAs
  uid: 1000
seLinuxContext:
  type: MustRunAs
  seLinuxOptions:
    level: "s0"
    role: "system_r"
    type: "container_t"
    user: "system_u"
seccompProfiles:
  - 'runtime/default'
supplementalGroups:
  type: MustRunAs
# who can use it
users: []
groups: [system:authenticated]

Create the SCC-role file, for example, edge-scc-role-minimal.yaml, and paste the following information into it:

Copy

# File: edge-scc-role-minimal.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: edge-scc-minimal
rules:
- apiGroups:
  - security.openshift.io
  resourceNames:
  - edge-scc-minimal
  resources:
  - securitycontextconstraints
  verbs:
  - use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: edge-scc-minimal
subjects:
- kind: Group
  name: system:serviceaccounts
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: edge-scc-minimal
  apiGroup: rbac.authorization.k8s.io

Deploy both the SCC and SCC-role files:

Copy

kubectl apply -f edge-scc-minimal.yaml
kubectl apply -f edge-scc-role-minimal.yaml -n <my-namespace>

On the machine connected to Kubernetes, use the Edge CLI to run one of the following installation commands. Add specific flags to the command to configure your setup, such as for a forward proxy. To see a full list of available installation flags, run the edgecli install--help command in the Edge CLI:

Show me the additional installation flags

Use these flags to configure your installation for your organization's setup, such as if you use a forward proxy or private registry. To apply a flag, add it to the ./edgecli install command.

Example

./edgecli install -n edge-namespace
     --is-openshift
     --registry-url https://private-docker.registry.com 
     --registry-user user1 
     --registry-pass pass12

Flag	Description
`-n <my-namespace>`	If you created a custom namespace, add `-n <my-namespace>` to the command. For example: `./edgecli install -n <my-namespace>`
`--proxy`	If you are using a forward proxy, add this flag to the installation prerequisite script. Note If your proxy properties are not in the default proxy.properties file in the root of the installer, you must add the file path the installation prerequisite script. For example: `--proxy temp/proxy/proxyproperties`
`--ca`	Add this flag to use a custom certificate, such as for a forward man-in-the-middle proxy. Note If your custom certificate are not in the default ca.pem file in the root of the installer, you must add the file path the installation prerequisite script. For example: `--ca temp/certs` You can also use this flag to add a custom certificate for data sources. More information Some data sources require a custom certificat to connect to Edge. If a private Certificate Authority signed the certificate, add it to the Edge site truststore. As you may not have a list of all required certificates at the time of installation, we recommend the `./edgecli config ca merge --path` command shown in the Edge CLI topic. The process functions as follows: Edge and the data source connect using the data source certificate. Edge communicates the data source metadata to your Collibra Platform using a Collibra certified certificate.
`--disable-otel`	Add this flag to disable OpenTelemetry. Your metrics and logs will no longer be sent to Edge.
Private container image registry	Use these flags if you want to install your Edge site with a private container image registry to store and manage the container images included in an Edge site installation.
`--registry-url <registry-url>`	The URL of your registry. For more information about the flags and format required for the supported registries and authentication methods, go to the private container image registry documentation.
`--registry-user <registry-user>`	Your registry account username. For more information about the flags and format required for the supported registries and authentication methods, go to the private container image registry documentation.
`--registry-pass <registry-pass>`	Your registry account password. For more information about the flags and format required for the supported registries and authentication methods, go to the private container image registry documentation.
Private Helm registry	Use the following flags if you want to install your Edge site with a private Helm registry, which stores and manage the Helm charts included in an Edge site installation.
`--helm-url <helm-registry-url`	The URL of your registry. For more information about the flags and format required for the supported registries and authentication methods, go to the private Helm registry documentation.
`--helm-user <helm-registry-user>`	Your registry account username. This may look different depending on your authentication method, for example: Username Token name Service principal ID JSON key For more information about the flags and format required for the supported registries and authentication methods, go to the private Helm registry documentation.
`--helm-registry-pass <helm-pass>`	Your registry account password. This may look different depending on your authentication method, for example: Password Token password Service principal secret Note If your registry password is in a JSON file, the JSON file must be flattened into a single line string. For more information about the flags and format required for the supported registries and authentication methods, go to the private Helm registry documentation.
`--user-id <user_id>`	Add this flag to run all of your Edge site pods and containers with a specific user ID (UID).
`--group-id <group_id>`	Add this flag to run all of your Edge site pods and containers with a specific group ID (GID).
`--unset-run-as-ids`	Add this flag for OpenShift clusters to run all of your Edge site pods and containers from random UIDs and GIDs,
`--no-priority-class-install`	Warning Don't skip priority class configuration unless you have an experienced Kubernetes engineer in your organization, as doing so may result in Edge site failures. Add this flag to skip installing priority classes. Running this flag sets all Edge site pods to the default priority (0).
`--use-custom-priority-class`	Warning Don't configure custom priority classes unless you have an experienced Kubernetes engineer in your organization, as doing so may result in Edge site failures. Add this flag and the following `--set` flags to configure custom priority classes for your Edge site pods: `--set global.priorityClassName.platform=<priority>`: This flags sets the custom priority class name for Edge platform pods. This should be the highest priority class in Edge. `--set global.priorityClassName.application=<priority>`: This flag sets the custom priority class name for Edge application pods. This should be the second highest priority class in Edge. `--set global.priorityClassName.job=<priority>`:This flag sets the custom priority class name for Edge job pods. This should be the third highest priority class in Edge. Show an example `--set global.priorityClassName.platform=critical-priority --set global.priorityClassName.application=high-priority --set global.priorityClassName.job=low-priority`
`--b <backup-file`	Add this flag if you have a backup you want to use to restore an Edge site.

With terminal logging, which only saves the output to the Edge terminal:
Copy
```
./edgecli install -n <my-namespace>
```
With terminal and file logging, which saves the output both to the terminal and a separate file. This file will be saved in the current directory with the naming format: edge-installer-$(date +"%Y-%m-%d_%H-%M-%S").log:
Copy
```
./edgecli install -n <my-namespace> 2>&1 | tee "edge-installer-$(date +"%Y-%m-%d_%H-%M-%S").log"
```

In the Edge site's overview, you see the status of the installation.

Run the following command to verify the status of the installation.
Copy
```
kubectl get pods -n collibra-edge
```

The restrictive Edge CLI method allows you to create the required cluster-level objects like namespaces and priority classes. Use this method if your organization has strict security requirements that prevent Edge from creating these objects automatically.

Prerequisites

You have a global role with the Install Edge sites and the User Administration global permission, for example Edge site administrator.
You configured the forward proxy, if a forward proxy is required for Edge to connect to Collibra, jFrog, and the OpenTelemtry endpoint, if it's different from the default.Contact your network administrator if this is applicable.
Your server meets all system requirements.
You must have namespace level access to the Kubernetes cluster where you want to install your Edge site.

Steps

Download the installer:
1. Open a site.
  1. On the main toolbar, click → Settings.
    The Settings page opens.
  2. In the tab pane, click Edge.
    The Sites tab opens and shows a table with an overview of your sites.
  3. In the site overview, click the name of a site.
    The site page appears.
2. Click Download Installer.
  An Edge user is created in Collibra.
  Warning Every time you download an Edge site installer, the previously downloaded Edge site installer becomes outdated. If you use this outdated installer, the Edge site cannot communicate with Collibra.
3. Depending on your operating system and browser, follow the regular steps for downloading files.
  The installer file is a TGZ archive and contains the files proxy.properties and registries.yaml.
Extract the TGZ archive on the external Linux server which will be used to install the Edge site on your managed Kubernetes cluster.
Copy
```
tar -xf <edge-site-id>-installer.tgz
```
Note
- Keep the installer or the contents of the extracted installer in a secure location on your server. These contents contain various tools that you may need later, for example to troubleshoot issues.
- Ensure the directory is not mounted as noexec before you run scripts or executable files. If a directory is mounted as noexec, scripts and executable files can't be run within the directory. For example, you won't be able to use the Edge CLI if you mount the directory as noexec.
Set the EDGE_INSTALLER_PATH environment variable to the path of the root of the extracted installer.
Example…
1. Go to the extracted installer and run pwd.The result should look similar to this:
  /path/to/installer/installer-111e8a59-b842-4f57-970c-32aa72000598
2. Set the environment variable to the result:
  export EDGE_INSTALLER_PATH=/path/to/installer/installer-111e8a59-b842-4f57-970c-32aa72000598
Run the following command to confirm that the Kubeconfig environment variable has been set to a valid kubeconfig:
Copy
```
echo $KUBECONFIG  
```

Deploy cluster level objects:

Create the namespace for collibra-edge.
Note Clusters that have more than one Edge site installed must have unique namespaces.
1. Copy the following command, replacing <my-namespace> with a unique name for the namespace:
  Copy
```
apiVersion: v1
kind: Namespace
metadata:
  name: <my-namespace>
  labels:
    pod-security.kubernetes.io/enforce: baseline
    pod-security.kubernetes.io/enforce-version: v1.27
```
2. Store this copied yaml into a new file called collibra-edge-ns.yaml.
3. Create the namespace using kubectl:
  Copy
```
kubectl apply -f collibra-edge-ns.yaml
```
Note Throughout the remaining installation steps, replace <my-namespace> in the provided commands with this new namespace name. Example commands will have edge-namespace as an example namespace name.

For all cluster types, deploy priority classes:

Copy

kubectl apply -f resources/custom/priorityclass.yaml

If you are using an Openshift cluster, deploy Security Context Constraints (SCC) which provide Edge service accounts with the required permissions.

How to create and install security constraints…

Create the SCC file, for example, edge-scc-minimal.yaml, and paste the following information into it:

Copy

apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
  name: edge-scc-documented
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: false
allowPrivilegedContainer: false
allowedCapabilities: []
allowedUnsafeSysctls: []
defaultAddCapabilities: []
fsGroup:
  type: MustRunAs
priority: null
readOnlyRootFilesystem: true
requiredDropCapabilities: []
runAsUser:
  type: MustRunAs
  uid: 1000
seLinuxContext:
  type: MustRunAs
  seLinuxOptions:
    level: "s0"
    role: "system_r"
    type: "container_t"
    user: "system_u"
seccompProfiles:
  - 'runtime/default'
supplementalGroups:
  type: MustRunAs
# who can use it
users: []
groups: [system:authenticated]

Create the SCC-role file, for example, edge-scc-role-minimal.yaml, and paste the following information into it:

Copy

# File: edge-scc-role-minimal.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: edge-scc-minimal
rules:
- apiGroups:
  - security.openshift.io
  resourceNames:
  - edge-scc-minimal
  resources:
  - securitycontextconstraints
  verbs:
  - use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: edge-scc-minimal
subjects:
- kind: Group
  name: system:serviceaccounts
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: edge-scc-minimal
  apiGroup: rbac.authorization.k8s.io

Deploy both the SCC and SCC-role files:

Copy

kubectl apply -f edge-scc-minimal.yaml
kubectl apply -f edge-scc-role-minimal.yaml -n <my-namespace>

Show me the additional installation flags

Use these flags to configure your installation for your organization's setup, such as if you use a forward proxy or private registry. To apply a flag, add it to the ./edgecli install command.

Example

./edgecli install -n edge-namespace
     --is-openshift
     --registry-url https://private-docker.registry.com 
     --registry-user user1 
     --registry-pass pass12

Flag	Description
`-n <my-namespace>`	If you created a custom namespace, add `-n <my-namespace>` to the command. For example: `./edgecli install -n <my-namespace>`
`--proxy`	If you are using a forward proxy, add this flag to the installation prerequisite script. Note If your proxy properties are not in the default proxy.properties file in the root of the installer, you must add the file path the installation prerequisite script. For example: `--proxy temp/proxy/proxyproperties`
`--ca`	Add this flag to use a custom certificate, such as for a forward man-in-the-middle proxy. Note If your custom certificate are not in the default ca.pem file in the root of the installer, you must add the file path the installation prerequisite script. For example: `--ca temp/certs` You can also use this flag to add a custom certificate for data sources. More information Some data sources require a custom certificat to connect to Edge. If a private Certificate Authority signed the certificate, add it to the Edge site truststore. As you may not have a list of all required certificates at the time of installation, we recommend the `./edgecli config ca merge --path` command shown in the Edge CLI topic. The process functions as follows: Edge and the data source connect using the data source certificate. Edge communicates the data source metadata to your Collibra Platform using a Collibra certified certificate.
`--disable-otel`	Add this flag to disable OpenTelemetry. Your metrics and logs will no longer be sent to Edge.
Private container image registry	Use these flags if you want to install your Edge site with a private container image registry to store and manage the container images included in an Edge site installation.
`--registry-url <registry-url>`	The URL of your registry. For more information about the flags and format required for the supported registries and authentication methods, go to the private container image registry documentation.
`--registry-user <registry-user>`	Your registry account username. For more information about the flags and format required for the supported registries and authentication methods, go to the private container image registry documentation.
`--registry-pass <registry-pass>`	Your registry account password. For more information about the flags and format required for the supported registries and authentication methods, go to the private container image registry documentation.
Private Helm registry	Use the following flags if you want to install your Edge site with a private Helm registry, which stores and manage the Helm charts included in an Edge site installation.
`--helm-url <helm-registry-url`	The URL of your registry. For more information about the flags and format required for the supported registries and authentication methods, go to the private Helm registry documentation.
`--helm-user <helm-registry-user>`	Your registry account username. This may look different depending on your authentication method, for example: Username Token name Service principal ID JSON key For more information about the flags and format required for the supported registries and authentication methods, go to the private Helm registry documentation.
`--helm-registry-pass <helm-pass>`	Your registry account password. This may look different depending on your authentication method, for example: Password Token password Service principal secret Note If your registry password is in a JSON file, the JSON file must be flattened into a single line string. For more information about the flags and format required for the supported registries and authentication methods, go to the private Helm registry documentation.
`--user-id <user_id>`	Add this flag to run all of your Edge site pods and containers with a specific user ID (UID).
`--group-id <group_id>`	Add this flag to run all of your Edge site pods and containers with a specific group ID (GID).
`--unset-run-as-ids`	Add this flag for OpenShift clusters to run all of your Edge site pods and containers from random UIDs and GIDs,
`--no-priority-class-install`	Warning Don't skip priority class configuration unless you have an experienced Kubernetes engineer in your organization, as doing so may result in Edge site failures. Add this flag to skip installing priority classes. Running this flag sets all Edge site pods to the default priority (0).
`--use-custom-priority-class`	Warning Don't configure custom priority classes unless you have an experienced Kubernetes engineer in your organization, as doing so may result in Edge site failures. Add this flag and the following `--set` flags to configure custom priority classes for your Edge site pods: `--set global.priorityClassName.platform=<priority>`: This flags sets the custom priority class name for Edge platform pods. This should be the highest priority class in Edge. `--set global.priorityClassName.application=<priority>`: This flag sets the custom priority class name for Edge application pods. This should be the second highest priority class in Edge. `--set global.priorityClassName.job=<priority>`:This flag sets the custom priority class name for Edge job pods. This should be the third highest priority class in Edge. Show an example `--set global.priorityClassName.platform=critical-priority --set global.priorityClassName.application=high-priority --set global.priorityClassName.job=low-priority`
`--b <backup-file`	Add this flag if you have a backup you want to use to restore an Edge site.

With terminal logging, which only saves the output to the Edge terminal:
Copy
```
./edgecli install -n <my-namespace>
```
With terminal and file logging, which saves the output both to the terminal and a separate file. This file will be saved in the current directory with the naming format: edge-installer-$(date +"%Y-%m-%d_%H-%M-%S").log:
Copy
```
./edgecli install -n <my-namespace> 2>&1 | tee "edge-installer-$(date +"%Y-%m-%d_%H-%M-%S").log"
```

In the Edge site's overview, you see the status of the installation.

Run the following command to verify the status of the installation.
Copy
```
kubectl get pods -n <my-namespace>
```

Install your Edge site using the Helm chart method for more control over your deployment. This method organizes Kubernetes objects into a single package that you can deploy to your Kubernetes cluster. Only use this method if you are familiar with Helm and Kubernetes.

You can add custom annotations and labels to values in the values.yaml file during or after installation. This file is available when you download the Edge site installer. If you change annotations or labels after installation, you must restart your Edge site for these changes to take effect.

For example:

Copy

global:
  collibra: 
    # Will apply to all pods on cluster 
    podExtraAnnotations: {"com.company.vault/secret-path": "${value}"}
    podExtraLabels: {"com.company.vault/role":"edgeRole"}
    # Will apply to only job pods on cluster
    jobPodExtraLabels: {"edge.collibra.com/job-type":"profiling"}
    jobPodExtraAnnotations: {"com.company.vault/role":"edgeJob"}

Warning Collibra Support will not assist with custom Helm or Kubernetes configurations. The following steps are an example, and any assistance for configurations or issues outside of these steps is unsupported. We recommend using the Edge CLI method for managed Kubernetes installations.

A common example of custom Helm configurations is, but not limited to, using an unsupported private repository. For more information, go to our supported private helm registries documentation.

Prerequisites

You have a global role with the Install Edge sites and the User Administration global permission, for example Edge site administrator.
You created an Edge site.
You configured the forward proxy, if a forward proxy is required for Edge to connect to Collibra, jFrog, and the OpenTelemtry endpoint, if it's different from the default.Contact your network administrator if this is applicable.
Your server meets all system requirements.
You will install your Edge site on a supported Kubernetes cluster.
You must have admin privileges to create the collibra-edge namespace, priority classes, and CRD’s when executing the install script.
You must run the following commands on a virtual machine where yq version 4.18.1 or later, and jq can be executed.

Steps

Download the installer:
1. Open a site.
  1. On the main toolbar, click → Settings.
    The Settings page opens.
  2. In the tab pane, click Edge.
    The Sites tab opens and shows a table with an overview of your sites.
  3. In the site overview, click the name of a site.
    The site page appears.
2. Click Download Installer.
  An Edge user is created in Collibra.
  Warning Every time you download an Edge site installer, the previously downloaded Edge site installer becomes outdated. If you use this outdated installer, the Edge site cannot communicate with Collibra.
3. Depending on your operating system and browser, follow the regular steps for downloading files.
  The installer file is a TGZ archive and contains the files proxy.properties and registries.yaml.
Extract the TGZ archive on the external Linux server which will be used to install the Edge site on your managed Kubernetes cluster.
Copy
```
tar -xf <edge-site-id>-installer.tgz
```
Note
- Keep the installer or the contents of the extracted installer in a secure location on your server. These contents contain various tools that you may need later, for example to troubleshoot issues.
- Ensure the directory is not mounted as noexec before you run scripts or executable files. If a directory is mounted as noexec, scripts and executable files can't be run within the directory.

From inside the extracted TGZ archive directory, run the helm installer prerequisite script, including any additional helm install script flags you may need to configure. For example, if you want to use a custom namespace or install your Edge site on an OpenShift cluster.

Copy

sh collibra-edge-helm-chart/helm-install-prerequisites.sh --namespace <my-namespace> --installer .

Show me the Helm install prerequisite script flags…

When you run the installation command, a list of all of these flags are listed. When you run the full command, every command and property run is listed.

Flag	Description
`--installer <path_to_extracted_installer>` Note This property is required for all Edge site installations	The path to the downloaded, extracted Edge installer.
`--namespace <my-namespace>`	The identifier of the Edge site. If you are installing multiple Edge sites in the same Kubernetes cluster, each Edge site namespace must be unique. For example, `--namespace edge-namespace`. If you do not specify a namespace, the default `collibra-edge` namespace is used. Note Throughout the remaining installation steps, replace `<my-namespace>` in the provided scripts with this new namespace name. Example scripts will have `edge-namespace` as an example namespace name.
`--is-openshift`	Add this flag for OpenShift clusters to deploy Security Context Constraints (SCC). SCC provide the required permissions to the Edge service accounts.
`--proxy`	If you are using a forward proxy, add this flag to the install prerequisite script. Note If your proxy properties are not in the default proxy.properties file in the root of the Edge installer, you must: Add your proxy properties to a folder relative to the Edge installer. Add the file path of the proxy properties file, relative to the Edge installer, to the install prerequisite script. For example, if you added the proxy properties file to a folder called proxy within the Edge installer folder, add the following to the script: `--proxy proxy/myproxy.properties`
`--ca`	Add this flag to use a custom certificate, such as for a forward man-in-the-middle proxy. Note If your custom certificate is not in the default ca.pem file in the root of the Edge installer, you must: Add your certificate file to a folder relative to the Edge installer. Add the file path of the custom certificate file, relative to the Edge installer, to the installation prerequisite script. For example, if you added the custom certificate file to a folder called mycerts within the Edge installer folder, add the following to the script: `--ca mycerts/certs.pem`
`--disable-otel`	Add this flag to disable OpenTelemetry. Your metrics and logs will no longer be sent to Edge.
Private container image registry	Use these flags if you want to install your Edge site with a private container image registry to store and manage the container images included in an Edge site installation.
`--registry-url <registry-url>`	The URL of your registry. For more information about the flags and format required for the supported registries and authentication methods, go to the private container image registry documentation.
`--registry-user <registry-user>`	Your registry account username. For more information about the flags and format required for the supported registries and authentication methods, go to the private container image registry documentation.
`--registry-pass <registry-pass>`	Your registry account password. For more information about the flags and format required for the supported registries and authentication methods, go to the private container image registry documentation.
Private Helm registry	Use the following flags if you want to install your Edge site with a private Helm registry, which stores and manage the Helm charts included in an Edge site installation.
`--helm-url <helm-registry-url`	The URL of your registry. For more information about the flags and format required for the supported registries and authentication methods, go to the private Helm registry documentation.
`--helm-user <helm-registry-user>`	Your registry account username. This may look different depending on your authentication method, for example: Username Token name Service principal ID JSON key For more information about the flags and format required for the supported registries and authentication methods, go to the private Helm registry documentation.
`--helm-pass <helm-registry-pass>`	Your registry account password. This may look different depending on your authentication method, for example: Password Token password Service principal secret Path to JSON file Note If your registry password is in a JSON file, the JSON file must be flattened into a single line string. For more information about the flags and format required for the supported registries and authentication methods, go to the private Helm registry documentation.
`--user-id <user_id>`	Add this flag to run all of your Edge site pods and containers with a specific user ID (UID).
`--group-id <group_id>`	Add this flag to run all of your Edge site pods and containers with a specific group ID (GID).
`--unset-run-as-ids`	Add this flag for OpenShift clusters to run all of your Edge site pods and containers from random UIDs and GIDs,
`--no-priority-class-install`	Warning Don't skip priority class configuration unless you have an experienced Kubernetes engineer in your organization, as doing so may result in Edge site failures. Add this flag to skip installing priority classes. Running this flag sets all Edge site pods to the default priority (0).
`--use-custom-priority-class`	Warning Don't configure custom priority classes unless you have an experienced Kubernetes engineer in your organization, as doing so may result in Edge site failures. Add this flag and the following `--set` flags to configure custom priority classes for your Edge site pods: `--global.priorityClassName.platform <priority>`: This flags sets the custom priority class name for Edge platform pods. This should be the highest priority class in Edge. `--global.priorityClassName.application <priority>`: This flag sets the custom priority class name for Edge application pods. This should be the second highest priority class in Edge. `--global.priorityClassName.job <priority>`:This flag sets the custom priority class name for Edge job pods. This should be the third highest priority class in Edge. Show an example `--use-custom-priority-class --global.priorityClassName.platform critical-priority --global.priorityClassName.application high-priority --global.priorityClassName.job low-priority`

Install your Edge site using the Helm installer script. Replace <my-namespace> with your Edge site namespace.
Copy
```
helm install collibra-edge collibra-edge-helm-chart/collibra-edge -n <my-namespace> --values site-values.yaml
```
Note
- If you need to review the default collibra-edge chart values included when you run the Helm installer script, you can either inspect the values.yaml or README.md files in ./collibra-edge-helm-chart/collibra-edge. If you need to override, manually add the value to the command using the --set flag.

What's next

Create an Edge site connection.
Create an Edge site capability.