Use a web proxy

Mirantis Secure Registry (MSR) makes outgoing connections to check for new versions, automatically renew its license, and update its vulnerability database. If MSR is unable to access the Internet, you must manually apply any updates.

One way to keep your environment secure while still allowing MSR access to the Internet is to deploy a web proxy. If you have an HTTP or HTTPS proxy, you can configure MSR to use it.

To add the HTTP_PROXY and HTTPS_PROXY environment variables to all of the containers in your MSR deployment, insert the following into the values.yaml file:

global:
  extraEnv:
    HTTP_PROXY: "<domain>:<port>"
    HTTPS_PROXY: "username:password@<domain>:<port>"

To apply the newly inserted values:

helm upgrade msr msrofficial/msr --version 1.0.0 -f values.yaml

To confirm the MSR configuration, use kubectl to review the Pod resources that the MSR Helm chart deploys for the environment variables:

kubectl get deploy/msr-registry -o jsonpath='{@.spec.template.spec.containers[].env}'
[{"name":"HTTP_PROXY","value":"example.com:444"}]%