spectrocloud · lennessyy · Sep 3, 2024 · Aug 20, 2024 · Aug 20, 2024 · Aug 23, 2024
@@ -45,7 +45,9 @@ to <VersionedLink text="Harbor Edge-Native Config pack" url="/integrations/packs
 - An Edge cluster profile. For information about how to create a cluster profile for Edge, refer to
   [Model Edge Cluster Profile](../../site-deployment/model-profile.md).
 
-## Enable Local Harbor Registry
+## Enablement
+
+### Enable Local Harbor Registry
 
 1. Log in to [Palette](https://console.spectrocloud.com).
 
@@ -78,6 +80,90 @@ to <VersionedLink text="Harbor Edge-Native Config pack" url="/integrations/packs
 7. In the `harbor-config.storage` parameter, make sure you allocate enough storage in the `registry` field to store all
    your images.
 
+### Provide Credentials to Private Registries (Optional)
+
+If your cluster profile does not reference a private registry for images or helm charts or you have configured the
+Palette agent to download all images from an external private registry, you can skip this step.
+
+:::info
+
+Configuring external registries through user data will instruct the Palette agent to download all images from the
+external registry and prepend the registry URL to every image referenced in the cluster profile. Therefore, if you have
+configured an external registry through user data, you no longer need to provide credentials to the private registries
+referenced in the profile because those private registries will not be used. You are instead responsible for ensuring
+that all images are present in the external registry. For more information, refer to
+[Deploy with External Private Registry](./deploy-external-registry.md).
+
+:::
+
+If your have not configured an external registry for your Edge host through the Edge installer configuration user data,
+and your cluster profile references private registries, you must provide credentials to those private registries through
+[Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret/) using a manifest in your cluster
+profile.
+
+8. Add a new manifest to your cluster profile. For more information, refer to
+   [Add a Manifest](../../../../profiles/cluster-profiles/create-cluster-profiles/create-addon-profile/create-manifest-addon.md).
+
+9. In your manifest, provide the following YAML configuration. Replace the placeholders with the correct values
+   according to the table below. You need to do this for every private registry referenced and may use dividers `---` to
+   separate the secrets .
+
+   ```yaml
+   apiVersion: v1
+   data:
+     password: <base64-encdoded-password>
+     url: <base64-encoded-url>
+     username: <base64-encoded-username>
+   kind: Secret
+   metadata:
+     labels:
+       spectrocloud.com/registry: "true"
+       spectrocloud.com/copyToTarget: "true"
+     name: <registry-name>
+   type: Opaque
+   ```
+
+   | Parameter       | Description                                                                                                                                                                                                                                                                                                   |
+   | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+   | `data.url`      | The URL of the registry in base-64 encoded format. For image registries, this includes only the hostname. For example, `aHR0cHM6Ly9kb2NrZXIuaW8=` for `docker.io`. For helm registries, include both scheme and hostname. For example, `https://blr-artifactory.apps.beehive.net` in based-64 encoded format. |
+   | `data.username` | The username used to log in to the registry in base-64 encoded format.                                                                                                                                                                                                                                        |
+   | `data.password` | The password of the user in base-64 encoded format.                                                                                                                                                                                                                                                           |
+   | `metadata.name` | Optional. A human-readable name you may give the registry.                                                                                                                                                                                                                                                    |
+
+   The following is an example of a manifest providing the credentials providing credentials to multiple registries,
+   including both image registries and helm registries.
+
+   ```yaml
+   apiVersion: v1
+   data:
+     password: <base64-encdoded-password>
+     url: ZWRnZS51cy13ZXN0Mi5hcnRpZmFjdG9yeS5jb20=
+     username: dXNlcjE=
+   kind: Secret
+   metadata:
+     labels:
+       spectrocloud.com/registry: "true"
+     name: image-registry1
+   type: Opaque
+   ---
+   apiVersion: v1
+   data:
+     password: <base64-encdoded-password>
+     url: aHR0cHM6Ly9lZGdlLnVzLXdlc3QyLmFydGlmYWN0b3J5LmNvbQ==
+     username: dXNlcjE=
+   kind: Secret
+   metadata:
+     labels:
+       spectrocloud.com/registry: "true"
+     name: helm-registry1
+   type: Opaque
+   ```
+
+10. Use the cluster profile to create your Edge cluster. For more information, refer to
+    [Create Cluster Definition](../cluster-deployment.md).
+
+### Save Profile and Deploy Cluster
+
 8. Click **Save Changes**.
 
 9. Deploy a new Edge cluster with your updated profile. Or, if you have an active cluster, update the cluster to use the