Mirantis Secure Registry is designed to scale horizontally as your usage increases. You can add more replicas to make MSR scale to your demand and for high availability.
All MSR replicas run the same set of services and changes to their configuration are automatically propagated to other replicas.
To make MSR tolerant to failures, add additional replicas to the MSR cluster.
MSR replicas | Failures tolerated |
---|---|
1 | 0 |
3 | 1 |
5 | 2 |
7 | 3 |
When sizing your MSR installation for high-availability, follow these rules of thumb:
To have high-availability on MKE and MSR, you need a minimum of:
You also need to configure the MSR replicas to share the same object storage.
To add replicas to an existing MSR deployment:
Use ssh to log into any node that is already part of MKE.
Run the MSR join command:
docker run -it --rm \
docker/dtr:2.7.5 join \
--ucp-node <mke-node-name> \
--ucp-insecure-tls
Where the --ucp-node
is the hostname of the MKE node where you
want to deploy the MSR replica. --ucp-insecure-tls
tells the
command to trust the certificates used by MKE.
If you have a load balancer, add this MSR replica to the load balancing pool.
To remove a MSR replica from your deployment:
Use ssh to log into any node that is part of MKE.
Run the MSR remove command:
docker run -it --rm \
docker/dtr:2.7.5 remove \
--ucp-insecure-tls
You will be prompted for:
If you’re load-balancing user requests across multiple MSR replicas, don’t forget to remove this replica from the load balancing pool.