Components¶
Mirantis Secure Registry (MSR) is a containerized application that runs on a Mirantis Kubernetes Engine cluster.
Once you have MSR deployed, you use your Docker CLI client to login, push, and pull images.
For high-availability you can deploy multiple MSR replicas, one on each MKE worker node.
All MSR replicas run the same set of services and changes to their configuration are automatically propagated to other replicas.
When you install MSR on a node, the following containers are started:
Name |
Description |
---|---|
dtr-api-<replica_id> |
Executes the MSR business logic. It serves the MSR web application and API |
dtr-garant-<replica_id> |
Manages MSR authentication |
dtr-jobrunner-<replica_id> |
Runs cleanup jobs in the background |
dtr-nginx-<replica_id> |
Receives http and https requests and proxies them to other MSR components. By default it listens to ports 80 and 443 of the host |
dtr-notary-server-<replica_id> |
Receives, validates, and serves content trust metadata, and is consulted when pushing or pulling to MSR with content trust enabled |
dtr-notary-signer-<replica_id> |
Performs server-side timestamp and snapshot signing for content trust metadata |
dtr-registry-<replica_id> |
Implements the functionality for pulling and pushing Docker images. It also handles how images are stored |
dtr-rethinkdb-<replica_id> |
A database for persisting repository metadata |
dtr-scanningstore-<replica_id> |
Stores security scanning data |
All these components are for internal use of MSR. Don’t use them in your applications.