Components

Mirantis Secure Registry (MSR) is a containerized application that runs on a Mirantis Kubernetes Engine cluster. After deploying MSR, you can use your Docker CLI client to log in, push, and pull images. For high availability, you can deploy multiple MSR replicas, one on each MKE worker node.

All MSR replicas run the same set of services, and changes to the configuration of one is replica is automatically propagated to other replicas.

Installing MSR on a node starts the containers that are detailed in the following table:

Name	Description
dtr-api-<replica_id>	Executes the MSR business logic, serving the MSR web application and API.
dtr-garant-<replica_id>	Manages MSR authentication.
dtr-jobrunner-<replica_id>	Runs cleanup jobs in the background.
dtr-nginx-<replica_id>	Receives HTTP and HTTPS requests and proxies those requests to other MSR components. By default, the container listens to host ports 80 and 443.
dtr-notary-server-<replica_id>	Receives, validates, and serves Content Trust metadata, and is consulted when pushing to or pulling from MSR with Content Trust enabled.
dtr-notary-signer-<replica_id>	Performs server-side timestamp and snapshot signing for Content Trust metadata.
dtr-registry-<replica_id>	Implements pull and push functionality for Docker images and manages the storage of images.
dtr-rethinkdb-<replica_id>	Serves as a database for persisting repository metadata.
dtr-scanningstore-<replica_id>	Stores security scanning data.

Important

Do not use the MSR components in your applications, as they are for internal MSR use only.