Components

Mirantis Secure Registry (MSR) is a containerized application that runs on a Mirantis Kubernetes Engine cluster.

Once you have MSR deployed, you use your Docker CLI client to login, push, and pull images.

For high-availability you can deploy multiple MSR replicas, one on each MKE worker node.

All MSR replicas run the same set of services and changes to their configuration are automatically propagated to other replicas.

When you install MSR on a node, the following containers are started:

Name

Description

dtr-api-<replica_id>

Executes the MSR business logic. It serves the MSR web application and API

dtr-garant-<replica_id>

Manages MSR authentication

dtr-jobrunner-<replica_id>

Runs cleanup jobs in the background

dtr-nginx-<replica_id>

Receives http and https requests and proxies them to other MSR components. By default it listens to ports 80 and 443 of the host

dtr-notary-server-<replica_id>

Receives, validates, and serves content trust metadata, and is consulted when pushing or pulling to MSR with content trust enabled

dtr-notary-signer-<replica_id>

Performs server-side timestamp and snapshot signing for content trust metadata

dtr-registry-<replica_id>

Implements the functionality for pulling and pushing Docker images. It also handles how images are stored

dtr-rethinkdb-<replica_id>

A database for persisting repository metadata

dtr-scanningstore-<replica_id>

Stores security scanning data

All these components are for internal use of MSR. Don’t use them in your applications.