Components

Mirantis Secure Registry (MSR) is a containerized application that runs on a Kubernetes cluster. After deploying MSR, you can use your Docker CLI client to log in, push, and pull images. For high availability, you can horizontally scale your MSR workloads across multiple Kubernetes worker nodes.

Workloads

Detail on the various workloads created during MSR installation is available below.

Caution

Do not use these components in your applications, as they are for internal MSR use only.

MSR installation workloads

Name

Description

deployment/<release-name>-msr-api

Executes the MSR business logic, serves the MSR web application and API.

deployment/<release-name>-msr-garant

Manages MSR authentication.

deployment/<release-name>-msr-jobrunner-<deployment>

Runs asynchronous background jobs, including garbage collection and image vulnerability scans.

deployment/<release-name>-msr-nginx

Receives HTTP and HTTPS requests and proxies these requests to other MSR components.

deployment/<release-name>-msr-notary-server

Provides signing and verification for images that are pushed to or pulled from the secure registry.

deployment/<release-name>-msr-notary-signer

Performs server-side timestamp and snapshot signing for Content Trust metadata.

deployment/<release-name>-msr-registry

Implements pull and push functionality for Docker images, manages how images are stored.

statefulset/<release-name>-msr-rethinkdb-cluster, deployment/<release-name>-msr-rethinkdb-proxy

Stores persisting repository metadata.

statefulset/<release-name>-msr-scanningstore

Stores security scanning data.

deployment/<release-name>-enzi-api, statefulset/<release-name>-enzi-worker

Authenticates and authorizes MSR users.

Jobrunner

Detail on the various job types run by MSR is available below.

MSR job types

Job type

Description

analytics_report

Uploads an analytics report to Mirantis.

helm_chart_lint

Lints a Helm chart.

helm_chart_lint_all

Lints all charts in all repositories.

onlinegc

Performs garbage collection for all types of MSR data and metadata.

onlinegc_blobs

Performs garbage collection of orphaned image layer data.

onlinegc_events

Performs auto-deletion of repository events.

onlinegc_joblogs

Performs auto-deletion of job logs.

onlinegc_metadata

Performs garbage collection of image metadata.

onlinegc_scans

Performs garbage collection of security-scan results for deleted layers.

poll_mirror

Pulls tags from remote repositories as determined by mirroring policies.

push_mirror_tag

Pushes image tags to remote repositories as determined by mirroring policies.

scan_check

Scans image by digest.

scan_check_all

Rescans all previously-scanned images.

scan_check_single

Scans single layer of the image.

tag_prune

Deletes tags from remote repositories, as determined by the pruning policies of the repositories.

update_vuln_db

Updates vulnerability database (CVE list).

webhook

Sends a webhook.