Components

Mirantis Secure Registry (MSR) is a containerized application that runs on a Kubernetes cluster. After deploying MSR, you can use your Docker CLI client to log in, push images, and pull images. For high availability, you can horizontally scale your MSR workloads across multiple Kubernetes worker nodes.

Workloads

Descriptions for each of the workloads that MSR creates during installation are available in the table below.

Caution

Do not use these components in your applications, as they are for internal MSR use only.

MSR installation workloads

Name

Description

deployment/<release-name>-msr-api

Executes the MSR business logic, serving the MSR web application and API.

deployment/<release-name>-msr-garant

Manages MSR authentication.

deployment/<release-name>-msr-jobrunner-<deployment>

Runs asynchronous background jobs, including garbage collection and image vulnerability scans.

deployment/<release-name>-msr-nginx

Receives HTTP and HTTPS requests and proxies those requests to other MSR components.

deployment/<release-name>-msr-notary-server

Provides signing and verification for images that are pushed to or pulled from the secure registry.

deployment/<release-name>-msr-notary-signer

Performs server-side timestamp and snapshot signing for Content Trust metadata.

deployment/<release-name>-msr-registry

Implements pull and push functionality for Docker images and manages how images are stored.

statefulset/<release-name>-msr-rethinkdb-cluster, deployment/<release-name>-msr-rethinkdb-proxy

Stores persisting repository metadata.

statefulset/<release-name>-msr-scanningstore

Stores security scanning data.

deployment/<release-name>-enzi-api, statefulset/<release-name>-enzi-worker

Authenticates and authorizes MSR users.

JobRunner

Descriptions for each of the job types that are run by MSR are available in the table below.

MSR job types

Job type

Description

analytics_report

Uploads an analytics report to Mirantis.

helm_chart_lint

Lints a Helm chart.

helm_chart_lint_all

Lints all charts in all repositories.

onlinegc

Performs garbage collection for all types of MSR data and metadata.

onlinegc_blobs

Performs garbage collection of orphaned image layer data.

onlinegc_events

Performs auto-deletion of repository events.

onlinegc_joblogs

Performs auto-deletion of job logs.

onlinegc_metadata

Performs garbage collection of image metadata.

onlinegc_scans

Performs garbage collection of security scan results for deleted layers.

poll_mirror

Pulls tags from remote repositories as determined by mirroring policies.

push_mirror_tag

Pushes image tags to remote repositories as determined by mirroring policies.

scan_check

Scans image by digest.

scan_check_all

Rescans all previously scanned images.

scan_check_single

Scans single layer of the image.

tag_prune

Deletes tags from remote repositories, as determined by the pruning policies of the repositories.

update_vuln_db

Updates vulnerability database (CVE list).

webhook

Sends a webhook.