Mirantis
Published in

Mirantis

Deploy Mirantis Secure Registry on any Kubernetes (Minikube, EKS, GKE, K0S, etc)

Docker Containers, Kubernetes, CNCF, and many other relevant projects completely changed how we package, ship, and run applications. As you all know, Kubernetes has become a defacto standard for running applications. At the same time, container registries and chart repositories play a crucial role in managing and delivering application packages to those Kubernetes clusters.

Google Container Registry, Docker Hub, Elastic Container Registry, Azure Container Registry, and Mirantis Secure Registry (MSR) are a few well-known registries, which can come in the form of on-prem solutions or hosted services.

In this article, you will learn about:

  • The capabilities of Mirantis Secure Registry

Mirantis Secure Registry enables users to store and manage container images and Helm chart repositories, automate development, and secure vulnerable free images. With the 3.0 release of MSR, the capabilities of MSR exploded with change from the ability to run it only in an enterprise environment to the ability to run it anywhere, locally or on-prem or in the cloud — all you need is a Kubernetes cluster to which you can deploy Helm charts.

Here are a few capabilities of Mirantis Secure Registry:

  • Access control

This is a multi-part series, In part #1 (this article), let us start by setting up MSR in a Minikube cluster to explore its capabilities.

To start, prepare your local workstation with the necessary tooling by following these steps:

Create and Access cluster

Now you’re ready to create the cluster. To do that, follow these steps.

  • Open a terminal.
$ minikube start — profile devmsr

This command creates a minikube cluster with the name “devmsr”.

  • Open Lens → Locate the “devmsr” cluster in the Catalog section.
  • Select the cluster to connect to it.
  • Browse around within Lens to view
    — Cluster configurations
    — Integrated Terminal pre-configured with kubectl
    — Cluster metrics
    — Create objects, etc

You can find more info on Lens here.

Install Mirantis Secure Registry

Now you’re ready to actually install MSR. To do that, follow these steps:

  • Verify that the Default Storage class is configured by choosing
    Navigate to Storage → Storage Classes → Check if Default is “Yes”
  • Install cert-manager on the cluster using the following command in the Lens Terminal tab:
$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.3.1/cert-manager.yaml
  • Wait for the pods to start.
  • Install the Postgres Operator on the cluster, including the spilo_* parameters, using these commands:
helm repo add postgres-operator https://opensource.zalando.com/postgres-operator/charts/postgres-operator/helm repo uphelm install postgres-operator postgres-operator/postgres-operator \
--set configKubernetes.spilo_runasuser=101 \
--set configKubernetes.spilo_runasgroup=103 \
--set configKubernetes.spilo_fsgroup=103
  • Wait for the pods to start.
  • Install MSR on the cluster using this command:
helm install msr msr \
--repo https://registry.mirantis.com/charts/msr/msr \
--version 1.0.0
  • Wait for the pods to start:

Note: Several pods might restart during the process, but eventually they will succeed.

Accessing Mirantis Secure Registry(MSR)

Now let’s look at accessing the MSR WebUI. Follow these steps:

  • Navigate to Network Section → Select Services
  • Now, select the “HTTPS Forward” button next to the ports in the connection section to open the MSR Web UI in the browser.
  • The following Web UI will open:
  • Use the default credentials to log in
    Username: admin
    Password: password

We have successfully deployed MSR on the minikube cluster.

In the next part, I’ll talk about Repositories, Pushing, and pulling images to MSR.

References

--

--

Mirantis is the leading provider of open source, cloud native data center as-a-service, designed to help developers ship their most valuable code faster on any infrastructure. Headquartered in Silicon Valley, Mirantis powers innovation for Global 2k organizations

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store