Use a web proxy¶
Mirantis Secure Registry (MSR) makes outgoing connections to check for new versions, automatically renew its license, and update its vulnerability database. If MSR cannot access the Internet, you must manually apply any updates.
One way to keep your environment secure while still allowing MSR access to the Internet is to deploy a web proxy. If you have an HTTP or HTTPS proxy, you can configure MSR to use it.
To configure MSR for web proxy usage:
In
values.yaml
, insert the following snippet to add theHTTP_PROXY
andHTTPS_PROXY
environment variables to all containers in your MSR deployment:global: extraEnv: HTTP_PROXY: "<domain>:<port>" HTTPS_PROXY: "username:password@<domain>:<port>"
Apply the newly inserted values:
helm upgrade msr msrofficial/msr --version 1.0.0 -f values.yaml
Verify the MSR configuration by reviewing the Pod resources that the MSR Helm chart deploys for the environment variables:
kubectl get deploy/msr-registry -o jsonpath='{@.spec.template.spec.containers[].env}'
Example output:
[{"name":"HTTP_PROXY","value":"example.com:444"}]%