Download Mirantis Secure Registry
Deploy the leading enterprise secure container registry quickly and easily on Mirantis Kubernetes Engine
Mirantis Secure Registry duplicates and extends public- and desktop- container image registry functionality to provide a private registry for curating, versioning, and managing important container images on your premises. Automated image scanning, Content Trust, image signing and other Secure Registry features integrate with Mirantis Container Runtime and other Mirantis Cloud Native Platform components to ensure (among other things) that:
- Developers only use approved and validated base and component images imported from outside sources
- Image layers are continually scanned for CVEs
- Built images cannot be executed on privileged clusters (e.g., on production) until appropriately promoted
Mirantis Secure Registry is a cornerstone of Mirantis best-practice in creating secure software supply chains.
This tutorial details one, fairly-simple way of deploying Mirantis Secure Registry for evaluation, using built-in features of Mirantis Kubernetes Engine.
To follow this tutorial, you’ll need:
- A Mirantis Kubernetes Engine cluster with one spare Kubernetes worker node, that node appropriately provisioned to host Mirantis Secure Registry (2+ vCPU, 30+GB SSD). You can quickly deploy a Mirantis Kubernetes Engine cluster with multiple worker nodes using Mirantis Launchpad – please see our Mirantis Kubernetes Engine download tutorial for complete instructions. A three-node cluster (one manager, one Kubernetes worker, one additional worker to host Mirantis Secure Registry) is sufficient.
- Administrative access to the cluster — ideally from the laptop, VM or other computer you used to deploy Mirantis Kubernetes Engine with Launchpad. This laptop should have kubectl and open source Docker installed. For instructions on how to do this, please see our tutorial How to Build a Kubernetes Development Environment.
Step 1: Retrieve an authentication bundle from Mirantis Kubernetes Engine
Log into Mirantis Kubernetes Engine’s webUI as your administrative user, then navigate via the left-hand menu to admin>profile>client bundles.
As part of deployment, Launchpad generates and downloads an initial client bundle for this user. If you want to generate a new one, click New Client Bundle>Generate Client Bundle, name the bundle, and download it to a convenient directory, then unzip it.
The client bundle contains PKI for your cluster, along with important helper files like a kubeconfig (kube.yml). There’s also a file called env.sh that can be sourced/evaluated on your desktop to link the docker CLI, kubectl, and other applications to the cluster as a remote endpoint.
Step 2: Retrieve from the Mirantis Kubernetes Engine webUI the code for deploying Mirantis Secure Registry on a node
Now return to the Mirantis Kubernetes Engine webUI, and navigate to admin settings>mirantis secure registry.
You’ll see a dialog with popdowns that let you select a node onto which you wish to install Secure Registry.
Pick your ‘spare’ node. For a typical trial installation of Mirantis Kubernetes Engine (lacking full production certificates management), you’ll also want to check the box Disable TLS Verification for MKE.
Mirantis Kubernetes Engine will provide you with a docker CLI command to drive the Mirantis Secure Registry deployment from your laptop. Copy this into your clipboard.
Step 3: Return to your laptop and paste in the code to deploy Secure Registry
Having evaluated the env.sh file, your shell context should be authenticated to the cluster. So just paste in the code line provided by Mirantis Kubernetes Engine and hit Enter. Mirantis Secure Registry should deploy. Once it starts up, refreshing the Mirantis Kubernetes Engine webUI should show a Mirantis Secure Registry link. Clicking this link will let you log into Mirantis Secure Registry using the same username/password that works for Mirantis Kubernetes Engine.
Step 4: Next steps
To fully exercise the functionality of Mirantis Secure Registry, you’ll need to initiate a docker workflow to store container images there. We also encourage you to experiment with integrating Secure Registry with select public image repositories, enabling automatic import of latest releases of validated third-party images. All this is detailed in Mirantis Secure Registry documentation.