Mirantis
Published in

Mirantis

Repositories, Container Images and Tags in Mirantis Secure Registry

In Part 1, we explored the capabilities of Mirantis Secure Registry (MSR) deployed on Minikube, and accessed its WebUI using Lens and the port forward capability.

In part 2, I will demonstrate how to:

  • Extend our deployment to access MSR using a friendly URL

Accessing MSR on a Friendly URL

If we take a closer look at the URL on which we accessed MSR in part 1 — it is using “https://localhost:64852/” (maybe a random port in your case). This URL is not convenient to use all the time.

Let’s configure MSR to be accessed on the URL https://devmsr.local.io.

There are 4 steps involved in patching our existing deployment to support this URL:

  1. Enable Ingress Add-on on Minikube

Let’s look at how to do that.

Enable Ingress Add-on on Minikube

To enable Minikube ingress add-on, follow these steps:

  • Open a terminal
$ minikube addons enable ingress --profile devmsr

Now let’s create the certificates.

Create Certificates

By default, MSR deployment uses self-signed certificates with SAN names “nginx, localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1”. To support custom DNS names, we need to create certificates with in this case, the SAN name “devmsr.local.io”. To do that, follow these steps:

  • Navigate to Lens → Select “devmsr” → Open Terminal
[req]
distinguished_name=req
[SAN]
subjectAltName=DNS:devmsr.local.io
  • Create the config file devmsr.local.io.conf with this content:
openssl req -newkey rsa:2048 -nodes -keyout devmsr.local.io.key -x509 -days 365 -out devmsr.local.io.cert -subj /CN=devmsr.local.io -extensions SAN -config 'devmsr.local.io.conf'
  • To use the certificate, create a Kubernetes secret using certificate and key files using the following kubectl command:
kubectl create secret tls devmsr.local.io --cert devmsr.local.io.cert --key devmsr.local.io.key
  • Update our deployment to use these certificates using the following helm command:
helm upgrade msr msr --repo https://registry.mirantis.com/charts/msr/msr --version 1.0.0 --set nginx.webtls.create=false --set nginx.webtls.secretName="devmsr.local.io"

Now we need to configure the Ingress object.

Configure the Ingress Object for MSR

To configure Ingress, follow these steps:

  • Create Ingress Object for MSR to receive traffic via devmsr.local.io by creating a YAML file:

$ vi msr-ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: msr-ingress
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
rules:
- host: devmsr.local.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: msr
port:
number: 443

Deploy Ingress object using the following command:

kubectl apply -f msr-ingress.yaml
  • Obtain the IP address from the Lens UI or use this kubectl command:
kubectl get ingress
  • Add the entry to /etc/hosts file on your workstation (you will need administrator access):
192.168.205.5 devmsr.local.io

Now we have our MSR accessible on a Friendly URI — https://devmsr.local.io

We now can successfully access MSR on a friendly URL.

“You have no repositories…”, that’s right, it is empty because we have not created one yet.

Before we jump right into creating it. Let’s talk about “Repositories”

A Repository is a path to the directory of images and charts on a registry. It stores a collection of different image and chart versions. It can provide additional functionality such as access control, versioning, security checks, auditing, and so on.

A repository is represented using the format:

[REGISTRY_HOST]/[ACCOUNT]/[NAME]

The entire string makes the repository unique.

Now, let us create a new repository. Follow these steps:

  • Click on New Repository
  • This creates a “hello-world” repository
  • Select the repository by clicking on it.

Upon selecting the repository you’ll see several options tabs representing operations you can perform on the repository.

  • Repository Info tab includes README, Repository Permissions and the Docker Pull Command

This repository is empty; you can add images into this repository using:

  • The Docker push operation from CLI

A Container Image (Aka Docker Image) is the core foundational artifact for an application to be Cloud-Native, where the application is packaged and shipped to the target environment. The executable form of the image is referred to as a Container.

Container Images are stored within Repositories in a Registry such as Mirantis Secure Registry, Docker Hub, Google Container Registry, and so on.

In the following section, we’ll look at pushing images to our “hello-world” repository using the Docker CLI.

In order to interact with the Registry using the Docker CLI, you need to have Docker installed on your workstation. If you haven’t yet done that, follow the instructions here:

Once you’ve done the install, verify that the docker engine is running from the terminal.

In order to push an image to the repository, first we need to have an image locally available in the workstation.

Download the “hello-world” image from Docker Hub to the local workstation.

docker image pull docker.io/library/hello-world:linux

The image we pulled is from:

  • Registry “docker.io”

Keyword “linux” after “:” (colon) refers to the “tag” name. The full repository string + tag is referred to as an image.

Now, let us push this “hello-world” image to our “devmsr.local.io” registry.

  • Rename docker.io/library/hello-world:linux
$ docker image tag docker.io/library/hello-world:linux devmsr.local.io/admin/hello-world:linux
  • Authenticate with “devmsr.local.io”
$ docker login devmsr.local.io
  • Push image to “devmsr.local.io”
$ docker image push devmsr.local.io/admin/hello-world:linux
  • To verify, go to the WebUI, and from the repositories, view under “Tags” section

We have now successfully pushed an image into MSR.

In the next part, I’ll talk about Helm Charts, and how to write a Helm chart and publish it to MSR.

References

--

--

Mirantis is the leading provider of open source, cloud native data center as-a-service, designed to help developers ship their most valuable code faster on any infrastructure. Headquartered in Silicon Valley, Mirantis powers innovation for Global 2k organizations

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store