How to Install Mirantis Secure Registry on Rancher

Eric Gregory - February 8, 2022 - , , , , ,

Howdy, Rancher users! If you’re looking for a private container registry on your Rancher Kubernetes Engine cluster, we’ve got good news: Mirantis Secure Registry now integrates with any Kubernetes distribution, making it a simple, secure, and easy-to-install foundation for your secure software supply chain.

In this article, we’ll walk you through the simple set up process using Helm and the open source Lens Kubernetes platform. But first, let’s briefly break down why your organization would want to use a private container registry in the first place.

Why do I need a private container registry?

A registry is a repository for container images, the building blocks of cloud native applications. It provides a “single source of truth” for application components that can be used across your organization and across the software supply chain.

Many individual developers and small teams use a public registry such as Docker Hub when they’re first starting with containerization, but anyone can contribute to a public registry, making it a prime target for malicious actors looking to corrupt containers and quietly insinuate themselves into supply chains. For enterprises and other security-conscious organizations, using a public registry is a huge risk — a lot like storing valuable physical assets out on the sidewalk. As Edward Ionel notes, “public repositories do not have security features such as privacy and access control, making it impossible for them to meet enterprise requirements.”

So these organizations need a private registry, which is a repository for container images that they control, and for which they can determine criteria for access. That security is essential, but the right private registry can offer much more.

Why use Mirantis Secure Registry?

Many private registries like Amazon Elastic Container Registry are cloud-based solutions that can’t integrate very tightly with your infrastructure, and are ultimately out of your hands, charging you for all data storage and transfer. But Mirantis Secure Registry 3.0 deploys on your Kubernetes cluster — perfect for Rancher users seeking a secure registry solution that works with a variety of architectures. Public cloud, private cloud, hybrid, on-prem…however you’re running Rancher, your secure registry is there for you, right on your clusters.

And that means that Mirantis Secure Registry can integrate tightly with your tools and processes — from role-based access control to CI/CD tools, the secure registry synergizes with your existing infrastructure while adding new functionality like automatic image signing and promotion.

Security teams will be able to breathe easier, too, because Mirantis Secure Registry provides binary-level image scanning for vulnerabilities from our vulnerability database that is updated daily. Not only do you not have to worry about contaminated public registries, but you can scan the binaries and libraries that may underlie common open source components in your software.

How to install Mirantis Secure Registry on Rancher

In this walkthrough, we’re going to install Mirantis Secure Registry on a cluster managed by Rancher using Helm.

From the Global view in Rancher, select your cluster and select Launch kubectl.

Mirantis Secure Registry has a few prerequisites that you need to install on the cluster. The first is cert-manager, which is required to manage certificates on the cluster. In the shell, run the following command to install cert-manager:

kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.3.1/cert-manager.yaml

Once those pods have started, you will need to install the Postgres Operator, which gives Mirantis Secure Registry a place to store its vulnerability database. Use the following command:

helm repo add postgres-operator https://opensource.zalando.com/postgres-operator/charts/postgres-operator/
helm repo up
helm install postgres-operator postgres-operator/postgres-operator \
--set configKubernetes.spilo_runasuser=101 \
--set configKubernetes.spilo_runasgroup=103 \
--set configKubernetes.spilo_fsgroup=103

Now all you need to do is run a simple Helm install command:

helm install msr msr \
--repo https://registry.mirantis.com/charts/msr/msr \
--version 1.0.0

The pods will take a few minutes to launch and get ready. You can check on their status with:

kubectl get pods

Once all “msr-*” pods have the status “Running,” you’re ready to go. Installation is as simple as that!

To explore Mirantis Secure Registry further, click here.

banner-img
From Virtualization to Containerization
Learn how to move from monolithic to microservices in this free eBook
Download Now
Radio Cloud Native – Week of May 11th, 2022

Every Wednesday, Nick Chase and Eric Gregory from Mirantis go over the week’s cloud native and industry news. This week they discussed: Docker Extensions Artificial Intelligence shows signs that it's reaching the common person Google Cloud TPU VMs reach general availability Google buys MobileX, folds into Google Cloud NIST changes Palantir is back, and it's got a Blanket Purchase Agreement at the Department of Health and Human …

Radio Cloud Native – Week of May 11th, 2022
Where do Ubuntu 20.04, OpenSearch, Tungsten Fabric, and more all come together? In the latest Mirantis Container Cloud releases!

In the last several weeks we have released two updates to Mirantis Container Cloud - versions 2.16 and 2.17, which bring a number of important changes and enhancements. These are focused on both keeping key components up to date to provide the latest functionality and security fixes, and also delivering new functionalities for our customers to take advantage of in …

Where do Ubuntu 20.04, OpenSearch, Tungsten Fabric, and more all come together? In the latest Mirantis Container Cloud releases!
Monitoring Kubernetes costs using Kubecost and Mirantis Kubernetes Engine [Transcript]

Cloud environments & Kubernetes are becoming more and more expensive to operate and manage. In this demo-rich workshop, Mirantis and Kubecost demonstrate how to deploy Kubecost as a Helm chart on top of Mirantis Kubernetes Engine. Lens users will be able to visualize their Kubernetes spend directly in the Lens desktop application, allowing users to view spend and costs efficiently …

Monitoring Kubernetes costs using Kubecost and Mirantis Kubernetes Engine [Transcript]
FREE EBOOK!
Service Mesh for Mere Mortals
A Guide to Istio and How to Use Service Mesh Platforms
DOWNLOAD
Technical training
Learn Kubernetes & OpenStack from Deployment Experts
Prep for certification!
View schedule
Mirantis Webstore
Purchase Kubernetes support
SHOP NOW