Jan 4, 2022
Deploy Mirantis Secure Registry on any Kubernetes (Minikube, EKS, GKE, K0S, etc)
Docker Containers, Kubernetes, CNCF, and many other relevant projects completely changed how we package, ship, and run applications. As you all know, Kubernetes has become a defacto standard for running applications. At the same time, container registries and chart repositories play a crucial role in managing and delivering application packages to those Kubernetes clusters.
Google Container Registry, Docker Hub, Elastic Container Registry, Azure Container Registry, and Mirantis Secure Registry (MSR) are a few well-known registries, which can come in the form of on-prem solutions or hosted services.
In this article, you will learn about:
- The capabilities of Mirantis Secure Registry
- How to deploy MSR in Minikube
Mirantis Secure Registry enables users to store and manage container images and Helm chart repositories, automate development, and secure vulnerable free images. With the 3.0 release of MSR, the capabilities of MSR exploded with change from the ability to run it only in an enterprise environment to the ability to run it anywhere, locally or on-prem or in the cloud — all you need is a Kubernetes cluster to which you can deploy Helm charts.
Here are a few capabilities of Mirantis Secure Registry:
- Access control
- Security scanning
- Repository automation
- Image management
- Helm chart repository
- Policy-based image promotion
- Caching and mirroring
This is a multi-part series, In part #1 (this article), let us start by setting up MSR in a Minikube cluster to explore its capabilities.
To start, prepare your local workstation with the necessary tooling by following these steps:
Create and Access cluster
Now you’re ready to create the cluster. To do that, follow these steps.
- Open a terminal.
- Create a minikube cluster with the profile name “devmsr” by typing the following command:
Note: the profile name is optional — the default profile uses minikube as the cluster name
$ minikube start — profile devmsrThis command creates a minikube cluster with the name “devmsr”.
- Open Lens → Locate the “devmsr” cluster in the Catalog section.
- Select the cluster to connect to it.
- Browse around within Lens to view
— Cluster configurations
— Integrated Terminal pre-configured with kubectl
— Cluster metrics
— Create objects, etc
You can find more info on Lens here.
Install Mirantis Secure Registry
Now you’re ready to actually install MSR. To do that, follow these steps:
- Verify that the Default Storage class is configured by choosing
Navigate to Storage → Storage Classes → Check if Default is “Yes”
- Install cert-manager on the cluster using the following command in the Lens Terminal tab:
$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.3.1/cert-manager.yaml- Wait for the pods to start.
- Install the Postgres Operator on the cluster, including the spilo_* parameters, using these commands:
helm repo add postgres-operator https://opensource.zalando.com/postgres-operator/charts/postgres-operator/helm repo uphelm install postgres-operator postgres-operator/postgres-operator \
--set configKubernetes.spilo_runasuser=101 \
--set configKubernetes.spilo_runasgroup=103 \
--set configKubernetes.spilo_fsgroup=103
- Wait for the pods to start.
- Install MSR on the cluster using this command:
helm install msr msr \
--repo https://registry.mirantis.com/charts/msr/msr \
--version 1.0.0- Wait for the pods to start:
Note: Several pods might restart during the process, but eventually they will succeed.
Accessing Mirantis Secure Registry(MSR)
Now let’s look at accessing the MSR WebUI. Follow these steps:
- Navigate to Network Section → Select Services
- Locate “MSR” and Select for more details
- Now, select the “HTTPS Forward” button next to the ports in the connection section to open the MSR Web UI in the browser.
- The following Web UI will open:
- Use the default credentials to log in
Username: admin
Password: password - Select “Skip Now” or upload the license file if you obtained it from Mirantis.
We have successfully deployed MSR on the minikube cluster.
In the next part, I’ll talk about Repositories, Pushing, and pulling images to MSR.
