Use a web proxy

Mirantis Secure Registry (MSR) makes outgoing connections to check for new versions, automatically renew its license, and update its vulnerability database. If MSR cannot access the Internet, you must manually apply any updates.

One way to keep your environment secure while still allowing MSR access to the Internet is to deploy a web proxy. If you have an HTTP or HTTPS proxy, you can configure MSR to use it.

To configure MSR for web proxy usage:

  1. In values.yaml, insert the following snippet to add the HTTP_PROXY and HTTPS_PROXY environment variables to all containers in your MSR deployment:

    global:
      extraEnv:
        HTTP_PROXY: "<domain>:<port>"
        HTTPS_PROXY: "username:password@<domain>:<port>"
    
  2. Apply the newly inserted values:

    helm upgrade msr msrofficial/msr --version 1.0.0 -f values.yaml
    
  3. Verify the MSR configuration by reviewing the Pod resources that the MSR Helm chart deploys for the environment variables:

    kubectl get deploy/msr-registry -o jsonpath='{@.spec.template.spec.containers[].env}'
    

    Example output:

    [{"name":"HTTP_PROXY","value":"example.com:444"}]%