{"id":47938,"date":"2022-01-07T12:00:28","date_gmt":"2022-01-07T03:00:28","guid":{"rendered":"https:\/\/www.creationline.com\/?p=47938"},"modified":"2026-05-27T22:20:59","modified_gmt":"2026-05-27T13:20:59","slug":"miranits-secure-registry-3-msr%e3%82%92k0s%e3%81%a7%e5%8b%95%e3%81%8b%e3%81%9d%e3%81%86-k0s-msr-k8s-kubernetes-mirantis","status":"publish","type":"post","link":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker\/47938","title":{"rendered":"Mirantis Secure Registry 3 (MSR)\u3092k0s\u3067\u52d5\u304b\u305d\u3046 #k0s #msr #k8s #kubernetes #mirantis"},"content":{"rendered":"<p><a href=\"\/docker\/mirantis-secure-registry\">Mirantis Secure Registry<\/a>\u3068\u306f\u3001Docker\u30b3\u30f3\u30c6\u30ca\u30a4\u30e1\u30fc\u30b8\u3084Helm Chart\u3092\u5b89\u5168\u306b\u4fdd\u7ba1\u30fb\u5171\u6709\u30fb\u7ba1\u7406\u3067\u304d\u308b\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30ec\u30b8\u30b9\u30c8\u30ea\u3067\u3059\u30022021\u5e74\u672b\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f<a href=\"https:\/\/docs.mirantis.com\/msr\/3.0\/release-notes\/3-0-0.html\">\u30d0\u30fc\u30b8\u30e7\u30f33.0.0<\/a>\u306b\u3066\u3001\u5f93\u6765\u3088\u308a\u7d71\u5408\u3055\u308c\u3066\u3044\u305f<a href=\"\/docker\">Mirantis Kubernetes Engine<\/a>\u304b\u3089\u72ec\u7acb\u3057\u3001<a href=\"https:\/\/docs.mirantis.com\/msr\/3.0\/release-notes\/3-0-0\/enhancements.html#msr-on-kubernetes\">\u6a19\u6e96\u7684\u306aKubernetes\u4e0a\u3067\u52d5\u4f5c\u53ef\u80fd<\/a>\u3068\u306a\u308a\u307e\u3057\u305f\u3002<br \/>\n\u672c\u7a3f\u3067\u306fMirantis Secure Registry (\u4ee5\u4e0bMSR)\u30d0\u30fc\u30b8\u30e7\u30f33.0.0\u3092\u3001\u30ef\u30f3\u30d0\u30a4\u30ca\u30ea\u3067\u52d5\u4f5c\u3059\u308b\u8efd\u91cf\u306a\u30d5\u30eb\u6a5f\u80fdKubernetes\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u3067\u3042\u308b<a href=\"\/lab\/43863\">k0s<\/a>\u306b\u30c7\u30d7\u30ed\u30a4\u3057\u3066\u307f\u307e\u3059\u3002<br \/>\n\u306a\u304a\u3001\u672c\u7a3f\u3067\u306fMSR\u306e\u8a73\u7d30\u306a\u8a2d\u5b9a\u624b\u9806\u3084\u5229\u7528\u65b9\u6cd5\u306f\u7701\u7565\u3057\u307e\u3059\u3002<a href=\"https:\/\/docs.mirantis.com\/msr\/3.0\/\">\u516c\u5f0f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8<\/a>\u3092\u53c2\u7167\u3044\u305f\u3060\u304f\u304b\u3001\u4eca\u5f8c\u4e88\u5b9a\u3055\u308c\u3066\u3044\u308b<a href=\"\/training\">Mirantis\u793e\u516c\u8a8d\u30c8\u30ec\u30fc\u30cb\u30f3\u30b0<\/a>\u306e\u958b\u50ac\u3092\u304a\u5f85\u3061\u304f\u3060\u3055\u3044\u3002<\/p>\n<h2>Vagrantfile<\/h2>\n<p>Virtualbox\u3068Vagrant\u3067\u4eee\u60f3\u30de\u30b7\u30f3\u30921\u53f0\u4f5c\u6210\u3057\u3001\u305d\u3061\u3089\u306bk0s\u3068MSR\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"ruby\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">base_install =&lt;&lt;-SHELL\ntimedatectl set-timezone Asia\/Tokyo\nyum install -y ntp\nsystemctl enable ntpd\nsystemctl start ntpd\nSHELL\nVagrant.configure(&quot;2&quot;) do |config|\nconfig.vm.box = &quot;centos\/7&quot;\nconfig.vm.box_check_update = false\nconfig.vm.define &quot;node1&quot; do |cf|\ncf.vm.hostname = &quot;node1&quot;\ncf.vm.network &quot;private_network&quot;, ip: &quot;192.168.56.101&quot;\ncf.vm.provision &quot;shell&quot;, inline: base_install\ncf.vm.provider &quot;virtualbox&quot; do |vb|\nvb.memory = 12288\nvb.cpus = 4\nend\nend\nend<\/pre>\n<p>k0s\u81ea\u4f53\u306f\u8efd\u91cf\u3067\u3059\u304c\u3001MSR\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b9\u30ad\u30e3\u30f3\u3092\u5229\u7528\u3059\u308b\u5834\u5408\u306f\u30d1\u30ef\u30d5\u30eb\u306a\u74b0\u5883\u304c\u5fc5\u8981\u3067\u3042\u308b\u305f\u3081\u30e1\u30e2\u30ea12GB\u30fb4vCPU\u3068\u8a2d\u5b9a\u3057\u3066\u3044\u307e\u3059\u3002\u5f53\u521d\u306f\u30e1\u30e2\u30ea4GB\u30fb1vCPU\u3067\u3057\u305f\u304c\u6b63\u5e38\u306b\u52d5\u4f5c\u305b\u305a\u3001\u6b21\u306b\u30e1\u30e2\u30ea8GB\u30fb2vCPU\u3068\u500d\u306b\u3057\u3066\u3082\u52d5\u4f5c\u306b\u652f\u969c\u304c\u898b\u3089\u308c\u305f\u305f\u3081\u3067\u3059\u3002\u8a73\u7d30\u306f<a href=\"https:\/\/docs.mirantis.com\/msr\/3.0\/common\/msr-system-reqs.html\">System requirements<\/a>\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<h2>k0s\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h2>\n<p>Virtualbox\/Vagrant\u3067\u306ek0s\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306b\u3064\u3044\u3066\u306e\u8a73\u7d30\u306f\u904e\u53bb\u8a18\u4e8b\u300c<a href=\"\/lab\/43993\">k0s\u3067Kubernetes\u3092Virtualbox\/Vagrant\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u307f\u3088\u3046<\/a>\u300d\u3092\u3054\u89a7\u304f\u3060\u3055\u3044\u3002\u4ee5\u964d\u3067\u306f\u624b\u9806\u3092\u304b\u3044\u3064\u307e\u3093\u3067\u8a18\u8ff0\u3057\u307e\u3059\u3002<\/p>\n<p><a href=\"https:\/\/k0sproject.io\/\">k0s<\/a>\u306f\u672c\u7a3f\u57f7\u7b46\u6642\u70b9\u3067\u6700\u65b0\u306e v1.23.1+k0s.0 \u3092\u5229\u7528\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[vagrant@node1 ~]$ \/usr\/local\/bin\/k0s version\nv1.23.1+k0s.0<\/pre>\n<p>\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306b\u3066\u3001IP\u30a2\u30c9\u30ec\u30b9\u3092\u5909\u66f4\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[vagrant@node1 ~]$ k0s config create &gt; k0s.yaml.orig\n[vagrant@node1 ~]$ cp -a k0s.yaml.orig k0s.yaml\n[vagrant@node1 ~]$ vi k0s.yaml\n[vagrant@node1 ~]$ sudo mkdir \/etc\/k0s\n[vagrant@node1 ~]$ sudo mv k0s.yaml \/etc\/k0s\/<\/pre>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"diff\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[vagrant@node1 ~]$ diff -u k0s.yaml.orig \/etc\/k0s\/k0s.yaml\n--- k0s.yaml.orig 2022-01-04 15:08:14.826736210 +0900\n+++ \/etc\/k0s\/k0s.yaml 2022-01-04 15:10:39.865766191 +0900\n@@ -5,11 +5,10 @@\nname: k0s\nspec:\napi:\n- address: 10.0.2.15\n+ address: 192.168.56.101\nk0sApiPort: 9443\nport: 6443\nsans:\n- - 10.0.2.15\n- 192.168.56.101\n- fe80::5054:ff:fe4d:77d3\n- fe80::a00:27ff:fefc:8421\n@@ -81,7 +80,7 @@\nscheduler: {}\nstorage:\netcd:\n- peerAddress: 10.0.2.15\n+ peerAddress: 192.168.56.101\ntype: etcd\ntelemetry:\nenabled: true<\/pre>\n<p><a href=\"https:\/\/docs.k0sproject.io\/v1.23.1+k0s.0\/install\/#install-k0s\">\u30b7\u30f3\u30b0\u30eb\u30ce\u30fc\u30c9<\/a>\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002k0s\u306f\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30ce\u30fc\u30c9\u3067\u30ef\u30fc\u30af\u30ed\u30fc\u30c9\u3092\u52d5\u4f5c\u3067\u304d\u306a\u3044\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u304c\u3001 --single \u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u4ed8\u4e0e\u3057\u3066\u30b7\u30f3\u30b0\u30eb\u30ce\u30fc\u30c9\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3092\u884c\u3046\u3068\u3001\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30ce\u30fc\u30c9\u304c\u30ef\u30fc\u30ab\u30fc\u30ce\u30fc\u30c9\u3092\u517c\u7528\u3057\u30011\u30ce\u30fc\u30c9\u3067Kubernetes\u3092\u8d77\u52d5\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[vagrant@node1 ~]$ sudo \/usr\/local\/bin\/k0s install controller -c \/etc\/k0s\/k0s.yaml --single --kubelet-extra-args &quot;--node-ip=192.168.56.101&quot;\n[vagrant@node1 ~]$ sudo \/usr\/local\/bin\/k0s start\n[vagrant@node1 ~]$ sudo \/usr\/local\/bin\/k0s status\nVersion: v1.23.1+k0s.0\nProcess ID: 3862\nRole: controller\nWorkloads: true\nSingleNode: true<\/pre>\n<p>Role\u304c\u300ccontroller\u300d\u3067\u3042\u308a\u3064\u3064\u3001Workloads\u3082\u300ctrue\u300d\u3068\u306a\u3063\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3059\u3002kubectl get nodes\u3067\u3082\u898b\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[vagrant@node1 ~]$ mkdir .kube\n[vagrant@node1 ~]$ sudo cp \/var\/lib\/k0s\/pki\/admin.conf .kube\/config\n[vagrant@node1 ~]$ sudo chown $USER:$USER .kube\/config\n[vagrant@node1 ~]$ chmod 600 .kube\/config\n[vagrant@node1 ~]$ export KUBECONFIG=~\/.kube\/config\n[vagrant@node1 ~]$ k0s kubectl get nodes\nNAME STATUS ROLES AGE VERSION\nnode1 Ready control-plane 82s v1.23.1+k0s<\/pre>\n<p>\u30c7\u30d5\u30a9\u30eb\u30c8\u306ek0s\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306a\u3089\u300cNo resources found\u300d\u3068\u306a\u3063\u3066\u3057\u307e\u3044\u307e\u3059\u304c\u3001\u30b7\u30f3\u30b0\u30eb\u30ce\u30fc\u30c9\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3067\u3042\u308c\u3070\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30ce\u30fc\u30c9\u3082\u30ef\u30fc\u30af\u30ed\u30fc\u30c9\u3092\u52d5\u4f5c\u53ef\u80fd\u3067\u3042\u308b\u305f\u3081\u3001\u3053\u306e\u3088\u3046\u306a\u7d50\u679c\u3068\u306a\u308a\u307e\u3059\u3002<\/p>\n<p>\u4ee5\u4e0a\u3067k0s\u306b\u3088\u308bKubernetes\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306f\u5b8c\u4e86\u3067\u3059\u3002<\/p>\n<h2>Helm\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h2>\n<p>MSR\u30d0\u30fc\u30b8\u30e7\u30f33\u3068\u95a2\u9023\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306f<a href=\"https:\/\/helm.sh\/\">Helm<\/a>\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u308b\u306e\u3067\u3001\u307e\u305aHelm\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3057\u3087\u3046\u3002\u672c\u7a3f\u57f7\u7b46\u6642\u70b9\u3067\u6700\u65b0\u306ev3.7.2\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[vagrant@node1 ~]$ curl -LO https:\/\/get.helm.sh\/helm-v3.7.2-linux-amd64.tar.gz -LO https:\/\/get.helm.sh\/helm-v3.7.2-linux-amd64.tar.gz.sha256sum\n[vagrant@node1 ~]$ sha256sum -c helm-v3.7.2-linux-amd64.tar.gz.sha256sum\nhelm-v3.7.2-linux-amd64.tar.gz: OK\n[vagrant@node1 ~]$ tar xf helm-v3.7.2-linux-amd64.tar.gz\n[vagrant@node1 ~]$ sudo mv linux-amd64\/helm \/usr\/local\/bin\/\n[vagrant@node1 ~]$ helm version\nversion.BuildInfo{Version:&quot;v3.7.2&quot;, GitCommit:&quot;663a896f4a815053445eec4153677ddc24a0a361&quot;, GitTreeState:&quot;clean&quot;, GoVersion:&quot;go1.16.10&quot;}<\/pre>\n<p>\u4ee5\u4e0a\u3067Helm\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306f\u5b8c\u4e86\u3067\u3059\u3002<\/p>\n<h2>\u30dc\u30ea\u30e5\u30fc\u30e0\u306e\u6e96\u5099<\/h2>\n<p>MSR\u30d0\u30fc\u30b8\u30e7\u30f33\u3067\u306f\u6c38\u7d9a\u30c7\u30fc\u30bf\u306e\u683c\u7d0d\u7528\u306b\u3001<a href=\"https:\/\/docs.mirantis.com\/msr\/3.0\/ref-arch\/volumes.html\">3\u3064\u306e\u30dc\u30ea\u30e5\u30fc\u30e0<\/a>\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002<a href=\"https:\/\/docs.mirantis.com\/msr\/3.0\/install\/install-online.html#prerequisites\">Prerequisites<\/a>\u3067\u306fPersistent Volume (PV)\u306e\u52d5\u7684\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u3092\u8981\u6c42\u3057\u3066\u3044\u307e\u3059\u304c\u3001\u672c\u7a3f\u306f1\u30ce\u30fc\u30c9\u3067\u3042\u308a\u5185\u5bb9\u3092\u5358\u7d14\u5316\u3059\u308b\u305f\u3081\u306b\u3001<a href=\"https:\/\/kubernetes.io\/docs\/concepts\/storage\/volumes\/#hostpath\">hostPath<\/a>\u306e\u9759\u7684PV\u3092\u6e96\u5099\u30fb\u5229\u7528\u3059\u308b\u3053\u3068\u3068\u3057\u307e\u3059\u3002<\/p>\n<p>\u307e\u305a\u3001\u8106\u5f31\u6027\u30b9\u30ad\u30e3\u30f3\u30c7\u30fc\u30bf\u7528\u30dc\u30ea\u30e5\u30fc\u30e0\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u3001\u6240\u6709\u8005\u30fb\u6240\u5c5e\u30b0\u30eb\u30fc\u30d7\u3092 101:103 \u3067\u8a2d\u5b9a\u3057\u3066\u304a\u304d\u307e\u3059\u3002\u30dc\u30ea\u30e5\u30fc\u30e0\u7528\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306f\u5272\u308a\u5f53\u3066\u306e\u969b\u306b\u81ea\u52d5\u7684\u306b\u4f5c\u6210\u3055\u308c\u308b\u306e\u3067\u3059\u304c\u3001\u6240\u6709\u8005\u30fb\u6240\u5c5e\u30b0\u30eb\u30fc\u30d7\u304c root:root \u3068\u306a\u308a\u66f8\u304d\u8fbc\u307f\u3067\u304d\u305a\u30a8\u30e9\u30fc\u3068\u306a\u308b\u305f\u3081\u3001\u3042\u3089\u304b\u3058\u3081\u4f5c\u6210\u30fb\u8a2d\u5b9a\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u4ed6\u3001\u30a4\u30e1\u30fc\u30b8\u30c7\u30fc\u30bf\u7528\u30fb\u30ec\u30dd\u30b8\u30c8\u30ea\u30e1\u30bf\u30c7\u30fc\u30bf\u7528\u306e2\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306f\u81ea\u52d5\u4f5c\u6210\u30fb\u8a2d\u5b9a\u3055\u308c\u308b root:root \u3067\u554f\u984c\u306a\u3044\u305f\u3081\u3001\u3053\u3053\u3067\u306f\u4f5c\u6210\u3057\u307e\u305b\u3093\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[vagrant@node1 ~]$ sudo mkdir -p \/vols\/msr-scanningstore\n[vagrant@node1 ~]$ sudo chown 101:103 \/vols\/msr-scanningstore\n[vagrant@node1 ~]$ ls -ld \/vols\/msr-scanningstore\ndrwxr-xr-x. 2 101 103 6 Jan 4 15:58 \/vols\/msr-scanningstore<\/pre>\n<p>\u6b21\u306eYAML\u30de\u30cb\u30d5\u30a7\u30b9\u30c8\u3067PV\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"yaml\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">apiVersion: v1\nkind: PersistentVolume\nmetadata:\nname: msr-hostpath\nspec:\naccessModes:\n- ReadWriteMany\ncapacity:\nstorage: 20Gi\nhostPath:\npath: \/vols\/msr<\/pre>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"yaml\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">apiVersion: v1\nkind: PersistentVolume\nmetadata:\nname: rethinkdb-cluster-hostpath\nspec:\naccessModes:\n- ReadWriteOnce\ncapacity:\nstorage: 1Gi\nhostPath:\npath: \/vols\/msr-rethinkdb-cluster<\/pre>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"yaml\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">apiVersion: v1\nkind: PersistentVolume\nmetadata:\nname: scanningstore-hostpath\nspec:\naccessModes:\n- ReadWriteOnce\ncapacity:\nstorage: 24Gi\nhostPath:\npath: \/vols\/msr-scanningstore<\/pre>\n<p>\u5404PV\u306espec.accessModes\u3001access.capacity.storage\u306f\u3001MSR\u306eHelm Chart\u5185\u3067\u6307\u5b9a\u3055\u308c\u3066\u3044\u308b\u5024\u3092\u7528\u3044\u3066\u3044\u307e\u3059\u3002<a href=\"https:\/\/docs.mirantis.com\/msr\/3.0\/common\/msr-system-reqs.html#id2\">Recommended system requirements<\/a>\u306bImage data storage\u306f25\u301c100GB\u63a8\u5968\u3068\u3042\u308b\u306e\u3067 msr-hostpath\u306f20Gi\u3067\u306f\u8db3\u308a\u306a\u3044\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u5fc5\u8981\u3067\u3042\u308c\u3070\u9069\u5b9c\u5909\u66f4\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>\u3067\u306f\u3001PV\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[vagrant@node1 ~]$ k0s kubectl apply -f static-pv.yaml\npersistentvolume\/msr-hostpath created\npersistentvolume\/rethinkdb-cluster-hostpath created\npersistentvolume\/scanningstore-hostpath created\n[vagrant@node1 ~]$ k0s kubectl get pv\nNAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE\nmsr-hostpath 20Gi RWX Retain Available 21s\nrethinkdb-cluster-hostpath 1Gi RWO Retain Available 21s\nscanningstore-hostpath 24Gi RWO Retain Available 21s<\/pre>\n<p>\u4f5c\u6210\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n<h2>\u95a2\u9023\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h2>\n<p><a href=\"https:\/\/docs.mirantis.com\/msr\/3.0\/install\/install-online.html#prerequisites\">Prerequisites<\/a>\u3067\u306f\u3001\u95a2\u9023\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3068\u3057\u3066<a href=\"http:\/\/cert-manager.io\/\">cert-manager<\/a>\u3068<a href=\"https:\/\/postgres-operator.readthedocs.io\/en\/latest\/\">Postgres Operator<\/a>\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u304c\u6c42\u3081\u3089\u308c\u3066\u3044\u308b\u306e\u3067\u3001\u624b\u9806\u306b\u5f93\u3063\u3066\u5b9f\u65bd\u3057\u307e\u3059\u3002<\/p>\n<h3>cert-manager<\/h3>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[vagrant@node1 ~]$ k0s kubectl apply -f https:\/\/github.com\/jetstack\/cert-manager\/releases\/download\/v1.3.1\/cert-manager.yaml\ncustomresourcedefinition.apiextensions.k8s.io\/certificaterequests.cert-manager.io created\ncustomresourcedefinition.apiextensions.k8s.io\/certificates.cert-manager.io created\ncustomresourcedefinition.apiextensions.k8s.io\/challenges.acme.cert-manager.io created\ncustomresourcedefinition.apiextensions.k8s.io\/clusterissuers.cert-manager.io created\ncustomresourcedefinition.apiextensions.k8s.io\/issuers.cert-manager.io created\ncustomresourcedefinition.apiextensions.k8s.io\/orders.acme.cert-manager.io created\nnamespace\/cert-manager created\nserviceaccount\/cert-manager-cainjector created\nserviceaccount\/cert-manager created\nserviceaccount\/cert-manager-webhook created\nclusterrole.rbac.authorization.k8s.io\/cert-manager-cainjector created\nclusterrole.rbac.authorization.k8s.io\/cert-manager-controller-issuers created\nclusterrole.rbac.authorization.k8s.io\/cert-manager-controller-clusterissuers created\nclusterrole.rbac.authorization.k8s.io\/cert-manager-controller-certificates created\nclusterrole.rbac.authorization.k8s.io\/cert-manager-controller-orders created\nclusterrole.rbac.authorization.k8s.io\/cert-manager-controller-challenges created\nclusterrole.rbac.authorization.k8s.io\/cert-manager-controller-ingress-shim created\nclusterrole.rbac.authorization.k8s.io\/cert-manager-view created\nclusterrole.rbac.authorization.k8s.io\/cert-manager-edit created\nclusterrole.rbac.authorization.k8s.io\/cert-manager-controller-approve:cert-manager-io created\nclusterrole.rbac.authorization.k8s.io\/cert-manager-webhook:subjectaccessreviews created\nclusterrolebinding.rbac.authorization.k8s.io\/cert-manager-cainjector created\nclusterrolebinding.rbac.authorization.k8s.io\/cert-manager-controller-issuers created\nclusterrolebinding.rbac.authorization.k8s.io\/cert-manager-controller-clusterissuers created\nclusterrolebinding.rbac.authorization.k8s.io\/cert-manager-controller-certificates created\nclusterrolebinding.rbac.authorization.k8s.io\/cert-manager-controller-orders created\nclusterrolebinding.rbac.authorization.k8s.io\/cert-manager-controller-challenges created\nclusterrolebinding.rbac.authorization.k8s.io\/cert-manager-controller-ingress-shim created\nclusterrolebinding.rbac.authorization.k8s.io\/cert-manager-controller-approve:cert-manager-io created\nclusterrolebinding.rbac.authorization.k8s.io\/cert-manager-webhook:subjectaccessreviews created\nrole.rbac.authorization.k8s.io\/cert-manager-cainjector:leaderelection created\nrole.rbac.authorization.k8s.io\/cert-manager:leaderelection created\nrole.rbac.authorization.k8s.io\/cert-manager-webhook:dynamic-serving created\nrolebinding.rbac.authorization.k8s.io\/cert-manager-cainjector:leaderelection created\nrolebinding.rbac.authorization.k8s.io\/cert-manager:leaderelection created\nrolebinding.rbac.authorization.k8s.io\/cert-manager-webhook:dynamic-serving created\nservice\/cert-manager created\nservice\/cert-manager-webhook created\ndeployment.apps\/cert-manager-cainjector created\ndeployment.apps\/cert-manager created\ndeployment.apps\/cert-manager-webhook created\nmutatingwebhookconfiguration.admissionregistration.k8s.io\/cert-manager-webhook created\nvalidatingwebhookconfiguration.admissionregistration.k8s.io\/cert-manager-webhook created\n[vagrant@node1 ~]$ k0s kubectl apply -f https:\/\/github.com\/jetstack\/cert-manager\/releases\/download\/v1.3.1\/cert-manager.crds.yaml\ncustomresourcedefinition.apiextensions.k8s.io\/certificaterequests.cert-manager.io configured\ncustomresourcedefinition.apiextensions.k8s.io\/certificates.cert-manager.io configured\ncustomresourcedefinition.apiextensions.k8s.io\/challenges.acme.cert-manager.io configured\ncustomresourcedefinition.apiextensions.k8s.io\/clusterissuers.cert-manager.io configured\ncustomresourcedefinition.apiextensions.k8s.io\/issuers.cert-manager.io configured\ncustomresourcedefinition.apiextensions.k8s.io\/orders.acme.cert-manager.io configured<\/pre>\n<p>cert-manager\u30cd\u30fc\u30e0\u30b9\u30da\u30fc\u30b9\u3092\u78ba\u8a8d\u3057\u3001\u5404\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u304c\u554f\u984c\u306a\u3044\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[vagrant@node1 ~]$ k0s kubectl -n cert-manager get all\nNAME READY STATUS RESTARTS AGE\npod\/cert-manager-748f4d667d-7s7xk 1\/1 Running 0 79s\npod\/cert-manager-cainjector-6cd5988f45-n7f5d 1\/1 Running 0 79s\npod\/cert-manager-webhook-7498ddfd98-l78p2 1\/1 Running 0 79s\n\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nservice\/cert-manager ClusterIP 10.107.197.71 9402\/TCP 79s\nservice\/cert-manager-webhook ClusterIP 10.105.218.129 443\/TCP 79s\n\nNAME READY UP-TO-DATE AVAILABLE AGE\ndeployment.apps\/cert-manager 1\/1 1 1 79s\ndeployment.apps\/cert-manager-cainjector 1\/1 1 1 79s\ndeployment.apps\/cert-manager-webhook 1\/1 1 1 79s\n\nNAME DESIRED CURRENT READY AGE\nreplicaset.apps\/cert-manager-748f4d667d 1 1 1 79s\nreplicaset.apps\/cert-manager-cainjector-6cd5988f45 1 1 1 79s\nreplicaset.apps\/cert-manager-webhook-7498ddfd98 1 1 1 79s<\/pre>\n<h3>Postgres Operator<\/h3>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[vagrant@node1 ~]$ helm repo add postgres-operator https:\/\/opensource.zalando.com\/postgres-operator\/charts\/postgres-operator\/\n&quot;postgres-operator&quot; has been added to your repositories\n[vagrant@node1 ~]$ helm repo up\nHang tight while we grab the latest from your chart repositories...\n...Successfully got an update from the &quot;postgres-operator&quot; chart repository\nUpdate Complete. Happy Helming!\n[vagrant@node1 ~]$ helm install postgres-operator postgres-operator\/postgres-operator \\\n--set configKubernetes.spilo_runasuser=101 \\\n--set configKubernetes.spilo_runasgroup=103 \\\n--set configKubernetes.spilo_fsgroup=103\nmanifest_sorter.go:192: info: skipping unknown hook: &quot;crd-install&quot;\nmanifest_sorter.go:192: info: skipping unknown hook: &quot;crd-install&quot;\nmanifest_sorter.go:192: info: skipping unknown hook: &quot;crd-install&quot;\nNAME: postgres-operator\nLAST DEPLOYED: Tue Jan 4 16:07:15 2022\nNAMESPACE: default\nSTATUS: deployed\nREVISION: 1\nTEST SUITE: None\nNOTES:\nTo verify that postgres-operator has started, run:\n\nkubectl --namespace=default get pods -l &quot;app.kubernetes.io\/name=postgres-operator&quot;<\/pre>\n<p>\u6700\u5f8c\u306b\u8868\u793a\u3055\u308c\u305f\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066\u3001\u554f\u984c\u304c\u306a\u3044\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[vagrant@node1 ~]$ k0s kubectl --namespace=default get pods -l &quot;app.kubernetes.io\/name=postgres-operator&quot;\nNAME READY STATUS RESTARTS AGE\npostgres-operator-867bf8f978-tw4f9 1\/1 Running 0 35s<\/pre>\n<h2>MSR\u30d0\u30fc\u30b8\u30e7\u30f33\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h2>\n<p>\u3067\u306f\u3001MSR\u30d0\u30fc\u30b8\u30e7\u30f33\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3092\u884c\u3044\u307e\u3057\u3087\u3046\u3002<\/p>\n<p>\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306fMSR\u306eWebUI\u304cClusterIP\u30b5\u30fc\u30d3\u30b9\u3067\u5185\u90e8\u516c\u958b\u3055\u308c\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u308b\u306e\u3067\u3001NodePort\u30b5\u30fc\u30d3\u30b9\u3067\u5916\u90e8\u516c\u958b\u3059\u308b\u3088\u3046\u306b\u5909\u66f4\u3057\u307e\u3059\u3002<br \/>\n\u307e\u305f\u3001\u3053\u3053\u3067\u306f\u30e9\u30a4\u30bb\u30f3\u30b9\u30d5\u30a1\u30a4\u30eb\u300clicense.lic\u300d\u3092\u4e0e\u3048\u3066\u3044\u307e\u3059\u304c\u3001<a href=\"https:\/\/docs.mirantis.com\/msr\/3.0\/install\/obtain-license.html\">\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u5f8c\u306b\u30e9\u30a4\u30bb\u30f3\u30b9\u30d5\u30a1\u30a4\u30eb\u3092\u9069\u7528\u3059\u308b<\/a>\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002\u306a\u304a\u3001\u4ee5\u524d\u306eMSR\u3068\u7570\u306a\u308a\u3001\u30e9\u30a4\u30bb\u30f3\u30b9\u30d5\u30a1\u30a4\u30eb\u3092WebUI\u304b\u3089\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u306e\u3067\u306f\u306a\u304f\u3001Helm\u30b3\u30de\u30f3\u30c9\u3067\u9069\u7528\u3059\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[vagrant@node1 ~]$ helm install msr msr \\\n--repo https:\/\/registry.mirantis.com\/charts\/msr\/msr \\\n--version 1.0.0 \\\n--set-file license=license.lic \\\n--set service.type=NodePort\nNAME: msr\nLAST DEPLOYED: Tue Jan 4 16:24:04 2022\nNAMESPACE: default\nSTATUS: deployed\nREVISION: 1\nTEST SUITE: None\nNOTES:\nRelease Notes: http:\/\/docs.mirantis.com\/msr-3.0-01\n\n1. Get the application URL by running these commands:\nexport NODE_PORT=$(kubectl get --namespace default -o jsonpath='{.spec.ports[?(@.name==&quot;https&quot;)].nodePort}' services msr)\nexport NODE_IP=$(kubectl get nodes --namespace default -o jsonpath=&quot;{.items[0].status.addresses[0].address}&quot;)\necho https:\/\/$NODE_IP:$NODE_PORT\n\n2. Run MSR CLI commands as follows:\nkubectl -n default exec -it deploy\/msr-api -- msr &lt;command&gt;\n\n3. Modifying rethinkdb.cluster.replicaCount requires additional steps to scale\nthe MSR and eNZi databases (table replicas):\n\nAFTER increasing replicaCount, run the command:\nkubectl -n default exec -it deploy\/msr-api -- msr db scale\n\nBEFORE decreasing replicaCount:\n- Decommission RethinkDB servers from highest to lowest:\n- Get a list of servers to decommission:\nkubectl -n default exec -it deploy\/msr-api -- msr rethinkdb list\n- Decommission servers with:\nkubectl -n default exec -it deploy\/msr-api -- msr rethinkdb decommission\n- Scale the database:\nkubectl -n default exec -it deploy\/msr-api -- msr db scale<\/pre>\n<p>\u3082\u3057\u300ctimed out waiting for the condition\u300d\u30a8\u30e9\u30fc\u3068\u306a\u3063\u3066\u3057\u307e\u3063\u305f\u3089\u3001\u3057\u3070\u3089\u304f\u5f85\u3063\u3066\u304b\u3089\u300chelm status msr\u300d\u3092\u5b9f\u884c\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u540c\u3058\u3088\u3046\u306a\u4f7f\u7528\u65b9\u6cd5\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u304c\u8868\u793a\u3055\u308c\u308b\u306f\u305a\u3067\u3059\u3002\u3055\u308c\u306a\u3044\u5834\u5408\u306f\u305d\u306e\u4ed6\u306e\u554f\u984c\u304c\u767a\u751f\u3057\u3066\u3044\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u306e\u3067\u3001Pod\u306e\u30ed\u30b0\u306a\u3069\u3092\u78ba\u8a8d\u3057\u3066\u307f\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>\u3088\u304f\u3042\u308b\u30d1\u30bf\u30fc\u30f3\u3068\u3057\u3066\u306f\u5fc5\u8981\u306aPV\u304c\u3046\u307e\u304f\u6e96\u5099\u3067\u304d\u3066\u3044\u306a\u3044\u5834\u5408\u306a\u3069\u3067\u3059\u3002\u4f8b\u3048\u3070\u8106\u5f31\u6027\u30b9\u30ad\u30e3\u30f3\u30c7\u30fc\u30bf\u7528\u30dc\u30ea\u30e5\u30fc\u30e0\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u6240\u6709\u8005\u30fb\u6240\u5c5e\u30b0\u30eb\u30fc\u30d7\u304c root:root \u3068\u306a\u3063\u3066\u3044\u3066\u66f8\u304d\u8fbc\u307f\u304c\u3067\u304d\u306a\u3044\u3068\u3001msr-scanningstore-0 Pod\u306e\u30ed\u30b0\u304c\u6b21\u306e\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[vagrant@node1 ~]$ k0s kubectl logs msr-scanningstore-0\nmkdir: cannot create directory \u2018\/home\/postgres\/pgdata\/pgroot\u2019: Permission denied\nmkdir: cannot create directory \u2018\/home\/postgres\/pgdata\/pgroot\u2019: Permission denied\ntouch: cannot touch '\/home\/postgres\/pgdata\/pgroot\/pg_log\/postgresql-0.csv': No such file or directory\n(\u7565)<\/pre>\n<h2>MSR\u306eWebUI\u3078\u306e\u30a2\u30af\u30bb\u30b9<\/h2>\n<p>MSR\u306eWebUI\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u305f\u3081\u306eURL\u306f\u3001\u30c7\u30d7\u30ed\u30a4\u6210\u529f\u6642\u306b\u8868\u793a\u3055\u308c\u305f\u30b3\u30de\u30f3\u30c9\u3067\u5f97\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u672c\u7a3f\u3067\u306f\u7d20\u306ekubectl\u3067\u306f\u306a\u304fk0s\u540c\u68b1\u306e\u3082\u306e\u3092\u4f7f\u3063\u3066\u3044\u308b\u305f\u3081\u3001kubectl\u306e\u524d\u306bk0s\u3092\u4ed8\u4e0e\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[vagrant@node1 ~]$ export NODE_PORT=$(k0s kubectl get --namespace default -o jsonpath='{.spec.ports[?(@.name==&quot;https&quot;)].nodePort}' services msr)\n[vagrant@node1 ~]$ export NODE_IP=$(k0s kubectl get nodes --namespace default -o jsonpath=&quot;{.items[0].status.addresses[0].address}&quot;)\n[vagrant@node1 ~]$ echo https:\/\/$NODE_IP:$NODE_PORT\nhttps:\/\/192.168.56.101:30211<\/pre>\n<p>\u3053\u3061\u3089\u306b\u30a6\u30a7\u30d6\u30d6\u30e9\u30a6\u30b6\u3067\u30a2\u30af\u30bb\u30b9\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<p><img decoding=\"async\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/01\/msr-3-01-login.png\" alt=\"\"><\/p>\n<p>\u7ba1\u7406\u8005\u306eID\u306f\u300cadmin\u300d\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u300cpassword\u300d\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3089\u306fMSR\u306eHelm Chart\u5185\u3067\u6307\u5b9a\u3055\u308c\u3066\u3044\u308b\u306e\u3067\u3001\u8208\u5473\u306e\u3042\u308b\u65b9\u306fHelm Chart\u3092\u53d6\u5f97\u3057\u3066\u8abf\u3079\u3066\u307f\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<h2>\u8106\u5f31\u6027\u30b9\u30ad\u30e3\u30f3\u306e\u6709\u52b9\u5316<\/h2>\n<p>\u7ba1\u7406\u8005\u3068\u3057\u3066\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u305f\u3089\u3001\u307e\u305a\u306f<a href=\"https:\/\/docs.mirantis.com\/msr\/3.0\/ops\/vulnerability-scanning.html\">\u8106\u5f31\u6027\u30b9\u30ad\u30e3\u30f3<\/a>\u3092\u6709\u52b9\u306b\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002\u5de6\u306e\u30b5\u30a4\u30c9\u30d0\u30fc\u304b\u3089 System \u3092\u958b\u304d\u3001\u4e0a\u306e Security \u30bf\u30d6\u3092\u958b\u304d\u307e\u3059\u3002Enable Scanning \u3092\u30c8\u30b0\u30eb\u3057\u3001Sync Database now \u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u307e\u3059\u3002\u8106\u5f31\u6027\u30b9\u30ad\u30e3\u30f3\u7528\u306e\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u521d\u671f\u5316\u304c\u59cb\u307e\u308a\u307e\u3059\u3002\u30e1\u30e2\u30ea12GB\u30fb4vCPU\u3067\u3059\u304c\u300130\u5206\u4ee5\u4e0a\u304b\u304b\u308a\u307e\u3057\u305f\u306e\u3067\u6c17\u9577\u306b\u5f85\u3061\u307e\u3057\u3087\u3046\u3002<\/p>\n<p><img decoding=\"async\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/01\/msr-3-03-enable-scanning.png\" alt=\"\"><\/p>\n<h2>\u30e6\u30fc\u30b6\u3001\u30aa\u30fc\u30ac\u30cb\u30bc\u30fc\u30b7\u30e7\u30f3\u3001\u30c1\u30fc\u30e0\u306e\u4f5c\u6210<\/h2>\n<p>MSR\u306b\u306f<a href=\"https:\/\/docs.mirantis.com\/msr\/3.0\/ops\/manage-users\/authentication-and-authorization.html\">\u30e6\u30fc\u30b6\u3001\u30aa\u30fc\u30ac\u30cb\u30bc\u30fc\u30b7\u30e7\u30f3\u3001\u30c1\u30fc\u30e0<\/a>\u3068\u3044\u3046\u6982\u5ff5\u304c\u3042\u308a\u3001\u7d30\u304b\u306a\u6a29\u9650\u8a2d\u5b9a\u3084\u30e6\u30fc\u30b6\u306e\u30b0\u30eb\u30fc\u30d4\u30f3\u30b0\u3092\u884c\u3048\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002<br \/>\n\u3053\u3053\u3067\u306f\u3059\u3079\u3066\u3092\u307e\u3068\u3081\u308b\u30aa\u30fc\u30ac\u30cb\u30bc\u30fc\u30b7\u30e7\u30f3\u3068\u3057\u3066\u300ccreationline\u300d\u304c\u3042\u308a\u3001\u300cdev\u300d\u3068\u300cops\u300d\u306e2\u30c1\u30fc\u30e0\u304c\u6240\u5c5e\u3057\u3066\u304a\u308a\u3001\u300cdev\u300d\u30c1\u30fc\u30e0\u306b\u306f\u300calice\u300d\u30e6\u30fc\u30b6\u304c\u3001\u300cops\u300d\u30c1\u30fc\u30e0\u306b\u306f\u300cbob\u300d\u30e6\u30fc\u30b6\u304c\u6240\u5c5e\u3057\u3066\u3044\u308b\u3068\u3057\u307e\u3059\u3002<br \/>\n\u3055\u3089\u306b\u300ccreationline\u300d\u30aa\u30fc\u30ac\u30cb\u30bc\u30fc\u30b7\u30e7\u30f3\u306f\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u306a\u30b3\u30f3\u30c6\u30ca\u30a4\u30e1\u30fc\u30b8\u30ec\u30dd\u30b8\u30c8\u30ea\u3068\u3057\u3066\u300clogstash\u300d\u3092\u6301\u3063\u3066\u304a\u308a\u3001\u3053\u306e\u30ec\u30dd\u30b8\u30c8\u30ea\u306b\u5bfe\u3057\u3066\u300cdev\u300d\u30c1\u30fc\u30e0\u306f\u8aad\u307f\u66f8\u304d\u6a29\u9650\u3092\u6301\u3061\u3001\u300cops\u300d\u30c1\u30fc\u30e0\u306f\u8aad\u307f\u8fbc\u307f\u5c02\u7528\u6a29\u9650\u3092\u6301\u3063\u3066\u3044\u308b\u3068\u3057\u307e\u3059\u3002<br \/>\n\u7b87\u6761\u66f8\u304d\u3067\u307e\u3068\u3081\u308b\u3068\u6b21\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li>\u30aa\u30fc\u30ac\u30cb\u30bc\u30fc\u30b7\u30e7\u30f3: creationline\n<ul>\n<li>\u30ec\u30dd\u30b8\u30c8\u30ea: logstash<\/li>\n<li>\u30c1\u30fc\u30e0: dev\n<ul>\n<li>creationline\/logstash \u30ec\u30dd\u30b8\u30c8\u30ea\u306b R\/W \u6a29\u9650\u3092\u6301\u3064<\/li>\n<li>\u30e6\u30fc\u30b6 alice \u304c\u6240\u5c5e<\/li>\n<\/ul>\n<\/li>\n<li>\u30c1\u30fc\u30e0: ops\n<ul>\n<li>creationline\/logstash \u30ec\u30dd\u30b8\u30c8\u30ea\u306b R\/O \u6a29\u9650\u3092\u6301\u3064<\/li>\n<li>\u30e6\u30fc\u30b6 bob \u304c\u6240\u5c5e<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>MSR\u306e\u30ec\u30dd\u30b8\u30c8\u30ea\u306bDocker\u30b3\u30f3\u30c6\u30ca\u30a4\u30e1\u30fc\u30b8\u3092\u30d7\u30c3\u30b7\u30e5\u30fb\u30d7\u30eb<\/h2>\n<p>MSR\u306e creationline\/logstash \u30ec\u30dd\u30b8\u30c8\u30ea\u306b\u30a4\u30e1\u30fc\u30b8\u3092\u30d7\u30c3\u30b7\u30e5\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002MSR\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305f\u4eee\u60f3\u30de\u30b7\u30f3\u3067\u306f\u306a\u304f\u3001\u30db\u30b9\u30c8\u5074\u3067\u5b9f\u65bd\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<p>\u307e\u305a\u4e8b\u524d\u6e96\u5099\u3068\u3057\u3066\u3001MSR (192.168.56.101:30211) \u3092Docker\u30c7\u30fc\u30e2\u30f3\u306b\u4fe1\u983c\u3055\u305b\u307e\u3059\u3002\/etc\/docker\/daemon.json \u306b insecure-registries \u30ad\u30fc\u3092\u8ffd\u52a0\u3057\u3001Docker\u30c7\u30fc\u30e2\u30f3\u3092\u518d\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"json\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">{\n&quot;insecure-registries&quot;: [ &quot;192.168.56.101:30211&quot; ]\n}<\/pre>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">% sudo systemctl restart docker<\/pre>\n<p>\u3053\u308c\u3092\u884c\u308f\u306a\u3044\u3068\u3001docker login\u5b9f\u65bd\u6642\u306b\u300cError response from daemon: Get &quot;https:\/\/192.168.56.101:30211\/v2\/&quot;: x509: certificate is valid for 127.0.0.1, ::1, not 192.168.56.101\u300d\u3068\u3044\u3046\u30a8\u30e9\u30fc\u3068\u306a\u3063\u3066\u3057\u307e\u3046\u306e\u3067\u5fd8\u308c\u305a\u306b\u5b9f\u65bd\u3057\u307e\u3057\u3087\u3046\u3002<\/p>\n<p>\u3067\u306falice\u30e6\u30fc\u30b6\u3067MSR\u306b\u30ed\u30b0\u30a4\u30f3\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">% docker login 192.168.56.101:30211\nUsername: alice\nPassword:\nLogin Succeeded<\/pre>\n<p>\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3057\u305f\u3002<br \/>\nelastic\/logstash:7.13.3 \u30a4\u30e1\u30fc\u30b8\u3092MSR\u306b\u30d7\u30c3\u30b7\u30e5\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">% docker image tag elastic\/logstash:7.13.3 192.168.56.101:30211\/creationline\/logstash:7.13.3\n% docker image push 192.168.56.101:30211\/creationline\/logstash:7.13.3\nThe push refers to repository [192.168.56.101:30211\/creationline\/logstash]\n752595536bdb: Pushed\nd83131943e63: Pushed\n3865b0219f35: Pushed\n2d7bcb60ab83: Pushed\n8939b09a3291: Pushed\nc49f4b89350d: Pushed\n9a543ee7f3be: Pushed\n25709602f08b: Pushed\n627247ba7b32: Pushed\nc646254d9f2f: Pushed\n174f56854903: Pushed\n7.13.3: digest: sha256:a24e6faa2337f4deaa903eb9036f01387414252d3f6649f0bfe471b897310c63 size: 2823<\/pre>\n<p>\u30d7\u30c3\u30b7\u30e5\u6210\u529f\u3057\u307e\u3057\u305f\u3002WebUI\u3067\u3082\u78ba\u8a8d\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<p><img decoding=\"async\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/01\/msr-3-09-scan-pending.png\" alt=\"\"><\/p>\n<p>\u3053\u306e\u3088\u3046\u306bGUI\u3067\u78ba\u8a8d\u3059\u308b\u3053\u3068\u304c\u53ef\u80fd\u3067\u3059\u3002Vulnerabilities\u304cPending\u3068\u306a\u3063\u3066\u3044\u308b\u306e\u306f\u8106\u5f31\u6027\u30b9\u30ad\u30e3\u30f3\u4e2d\u3068\u3044\u3046\u610f\u5473\u3067\u3059\u3002\u5b8c\u4e86\u307e\u3067\u5c11\u3005\u6642\u9593\u304c\u304b\u304b\u308b\u306e\u3067\u3001\u4ed6\u306e\u3053\u3068\u3092\u3057\u3066\u5f85\u3061\u307e\u3057\u3087\u3046\u3002<\/p>\n<p>alice\u306fcreationline\/logstash\u306b\u66f8\u304d\u8fbc\u307f\u6a29\u9650\u304c\u3042\u308a\u307e\u3057\u305f\u304c\u3001\u8aad\u307f\u8fbc\u307f\u5c02\u7528\u6a29\u9650\u306ebob\u3067\u306f\u3069\u3046\u3067\u3057\u3087\u3046\u304b\u3002\u307e\u305aalice\u306f\u30ed\u30b0\u30a2\u30a6\u30c8\u3057\u3001bob\u3067\u30ed\u30b0\u30a4\u30f3\u3057\u76f4\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">% docker logout 192.168.56.101:30211\nRemoving login credentials for 192.168.56.101:30211\n% docker login 192.168.56.101:30211\nUsername: bob\nPassword:\nLogin Succeeded<\/pre>\n<p>\u6b21\u306b elastic\/logstash:7.16.2 \u3092\u30d7\u30c3\u30b7\u30e5\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">% docker image tag elastic\/logstash:7.16.2 192.168.56.101:30211\/creationline\/logstash:7.16.2\n% docker image push 192.168.56.101:30211\/creationline\/logstash:7.16.2\nThe push refers to repository [192.168.56.101:30211\/creationline\/logstash]\ne4cc9a5205b5: Preparing\n22cadb4a5d42: Preparing\n046452805d26: Preparing\na9d36c36d24e: Preparing\n4800551e926b: Preparing\n0fc8b3a8b4d0: Waiting\n15b6bb42d46c: Waiting\nae62b93394a2: Waiting\nefb4c1e5fa42: Waiting\n409c69e46596: Waiting\n174f56854903: Waiting\ndenied: requested access to the resource is denied<\/pre>\n<p>\u60f3\u5b9a\u901a\u308a\u3001\u66f8\u304d\u8fbc\u307f\u6a29\u9650\u306e\u306a\u3044bob\u3067\u306f\u30d7\u30c3\u30b7\u30e5\u304c\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002\u4e00\u65b9\u3001\u8aad\u307f\u8fbc\u307f\u6a29\u9650\u306f\u3042\u308b\u306e\u3067\u30d7\u30eb\u306f\u53ef\u80fd\u3067\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">% docker image rm 192.168.56.101:30211\/creationline\/logstash:7.13.3\nUntagged: 192.168.56.101:30211\/creationline\/logstash:7.13.3\nUntagged: 192.168.56.101:30211\/creationline\/logstash@sha256:a24e6faa2337f4deaa903eb9036f01387414252d3f6649f0bfe471b897310c63\n% docker image rm elastic\/logstash:7.13.3\nUntagged: elastic\/logstash:7.13.3\nUntagged: elastic\/logstash@sha256:9cc4f59ac3b393bd503d6d8da3700433868d42ffd3f311c348eb32df0c253f04\nDeleted: sha256:289a765558773dc7dd973c3d04680c0d0ceddafc2584034ad02473460d7342dd\nDeleted: sha256:45cec05d815e103ec7ba60b0eb474609e8473539be5923edf7e87b5bfe18a612\nDeleted: sha256:3c713164fa71c59dafe691e6a46400bc73f661169c59ccfc5098cdd082188a9c\nDeleted: sha256:5c34fc522aa05f888841ea414476fcd6720fc487c6b48b18abdc07b37356e4eb\nDeleted: sha256:56da02333067501293ef10bbf8bc5372ff688517f3e033a4698202bddbbae281\nDeleted: sha256:dd7f5008374c9cc9352db5a678281473e09e4d4353d7648b5621e1b3de43b80c\nDeleted: sha256:6e788512c81251cc71dbb7c1bb5ccaa3dc68ed6dd54df53645ad41c3e431558e\nDeleted: sha256:4b8fd99c44be485efecea68c665517b4c201b5dd994b4a73b060cc5bb8b409c7\nDeleted: sha256:01771379ef4293584918fe3e7ac03cd9914f9340b9bf4ecc16e73f7bcb96a32b\nDeleted: sha256:0e5d2b96638ea2d7a72eb2a4bbed989d4b51e669ec762789c990a81df92e7025\nDeleted: sha256:ef3bce480b0f7489a66c12559f64f6155c7031261d58e6dda91f438aa7a79969\nDeleted: sha256:5b0b92f3990e2772d58c559c866d08436febf471792ad8502fce1f6ef568449e\n% docker image pull 192.168.56.101:30211\/creationline\/logstash:7.13.3\n7.13.3: Pulling from creationline\/logstash\n2d473b07cdd5: Already exists\nf653a67c9318: Pull complete\ne9bd4c4e6834: Pull complete\nf7098d0fdf1a: Pull complete\nd3c2fac25849: Pull complete\n3910b894cabf: Pull complete\ne264eba4146d: Pull complete\nf2690d75a5da: Pull complete\na974cf3861bb: Pull complete\n4931f440d283: Pull complete\n79ac8791bae4: Pull complete\nDigest: sha256:a24e6faa2337f4deaa903eb9036f01387414252d3f6649f0bfe471b897310c63\nStatus: Downloaded newer image for 192.168.56.101:30211\/creationline\/logstash:7.13.3\n192.168.56.101:30211\/creationline\/logstash:7.13.3<\/pre>\n<p>\u3064\u3044\u3067\u306bbob\u3082\u30ed\u30b0\u30a2\u30a6\u30c8\u3057\u3066\u3001\u533f\u540d\u30e6\u30fc\u30b6\u3068\u3057\u3066MSR\u304b\u3089\u30d7\u30eb\u3092\u8a66\u307f\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">% docker logout 192.168.56.101:30211\nRemoving login credentials for 192.168.56.101:30211\n% docker image rm 192.168.56.101:30211\/creationline\/logstash:7.13.3\nUntagged: 192.168.56.101:30211\/creationline\/logstash:7.13.3\nUntagged: 192.168.56.101:30211\/creationline\/logstash@sha256:a24e6faa2337f4deaa903eb9036f01387414252d3f6649f0bfe471b897310c63\nDeleted: sha256:289a765558773dc7dd973c3d04680c0d0ceddafc2584034ad02473460d7342dd\nDeleted: sha256:45cec05d815e103ec7ba60b0eb474609e8473539be5923edf7e87b5bfe18a612\nDeleted: sha256:3c713164fa71c59dafe691e6a46400bc73f661169c59ccfc5098cdd082188a9c\nDeleted: sha256:5c34fc522aa05f888841ea414476fcd6720fc487c6b48b18abdc07b37356e4eb\nDeleted: sha256:56da02333067501293ef10bbf8bc5372ff688517f3e033a4698202bddbbae281\nDeleted: sha256:dd7f5008374c9cc9352db5a678281473e09e4d4353d7648b5621e1b3de43b80c\nDeleted: sha256:6e788512c81251cc71dbb7c1bb5ccaa3dc68ed6dd54df53645ad41c3e431558e\nDeleted: sha256:4b8fd99c44be485efecea68c665517b4c201b5dd994b4a73b060cc5bb8b409c7\nDeleted: sha256:01771379ef4293584918fe3e7ac03cd9914f9340b9bf4ecc16e73f7bcb96a32b\nDeleted: sha256:0e5d2b96638ea2d7a72eb2a4bbed989d4b51e669ec762789c990a81df92e7025\nDeleted: sha256:ef3bce480b0f7489a66c12559f64f6155c7031261d58e6dda91f438aa7a79969\nDeleted: sha256:5b0b92f3990e2772d58c559c866d08436febf471792ad8502fce1f6ef568449e\n% docker image pull 192.168.56.101:30211\/creationline\/logstash:7.13.3\nError response from daemon: pull access denied for 192.168.56.101:30211\/creationline\/logstash, repository does not exist or may require 'docker login': denied: requested access to the resource is denied<\/pre>\n<p>\u60f3\u5b9a\u901a\u308a\u3001MSR\u306b\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u3044\u306a\u3044\u533f\u540d\u30e6\u30fc\u30b6\u3067\u306f\u30d7\u30eb\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002<\/p>\n<p>\u3053\u306e\u3088\u3046\u306b\u3001MSR\u3067\u306f\u30ec\u30dd\u30b8\u30c8\u30ea\u306b\u5bfe\u3059\u308b\u30a2\u30af\u30bb\u30b9\u5236\u9650\u3092\u884c\u3046\u6a5f\u80fd\u3092\u5099\u3048\u3066\u3044\u308b\u305f\u3081\u3001\u3055\u307e\u3056\u307e\u306a\u30e6\u30fc\u30b6\u3084\u30c1\u30fc\u30e0\u304c\u540c\u4e00\u306e\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30ec\u30b8\u30b9\u30c8\u30ea\u3092\u5229\u7528\u3057\u3066\u5171\u540c\u4f5c\u696d\u3059\u308b\u969b\u306b\u975e\u5e38\u306b\u5f37\u529b\u306a\u9078\u629e\u80a2\u3068\u306a\u308a\u3046\u308b\u3067\u3057\u3087\u3046\u3002<\/p>\n<h2>MSR\u306e\u30ec\u30dd\u30b8\u30c8\u30ea\u3092\u4ed6\u306eKubernetes\u304b\u3089\u5229\u7528<\/h2>\n<p>\u3067\u306f\u3001\u5b9f\u969b\u306bMSR\u306e\u30ec\u30dd\u30b8\u30c8\u30ea\u3092\u4ed6\u306eKubernetes\u30af\u30e9\u30b9\u30bf\u304b\u3089\u5229\u7528\u3057\u3066\u307f\u307e\u3059\u3002\u3053\u3053\u3067\u306f\u30db\u30b9\u30c8\u30de\u30b7\u30f3\u4e0a\u306b<a href=\"https:\/\/kind.sigs.k8s.io\/\">kind<\/a>\u3067Kubernetes\u3092\u6e96\u5099\u3057\u3001\u305d\u3061\u3089\u3067\u5b9f\u65bd\u3057\u307e\u3059\u3002kind\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u7b49\u306b\u3064\u3044\u3066\u306f\u7701\u7565\u3057\u307e\u3059\u3002<\/p>\n<p>\u307e\u305a\u3001\u6b21\u306eYAML\u30de\u30cb\u30d5\u30a7\u30b9\u30c8\u3092\u6e96\u5099\u3057\u3001kind\u306eKubernetes\u30af\u30e9\u30b9\u30bf\u304cMSR\u3092\u4fe1\u983c\u3059\u308b\u3088\u3046\u306b\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"yaml\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">kind: Cluster\napiVersion: kind.x-k8s.io\/v1alpha4\ncontainerdConfigPatches:\n- |-\n[plugins.&quot;io.containerd.grpc.v1.cri&quot;.registry.configs.&quot;192.168.56.101:30211&quot;.tls]\ninsecure_skip_verify = true<\/pre>\n<p>\u3053\u306eYAML\u30de\u30cb\u30d5\u30a7\u30b9\u30c8\u3092\u4f7f\u3063\u3066\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">% kind version\nkind v0.11.1 go1.16.4 linux\/amd64\n% kind create cluster --config kind.yaml\nCreating cluster &quot;kind&quot; ...\n\u2713 Ensuring node image (kindest\/node:v1.21.1)\n\u2713 Preparing nodes\n\u2713 Writing configuration\n\u2713 Starting control-plane\n\u2713 Installing CNI\n\u2713 Installing StorageClass\nSet kubectl context to &quot;kind-kind&quot;\nYou can now use your cluster with:\n\nkubectl cluster-info --context kind-kind\n\nNot sure what to do next?  Check out https:\/\/kind.sigs.k8s.io\/docs\/user\/quick-start\/\n% kubectl cluster-info --context kind-kind\nKubernetes control plane is running at https:\/\/127.0.0.1:40377\nCoreDNS is running at https:\/\/127.0.0.1:40377\/api\/v1\/namespaces\/kube-system\/services\/kube-dns:dns\/proxy\n\nTo further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.\n% kubectl get nodes\nNAME STATUS ROLES AGE VERSION\nkind-control-plane Ready control-plane,master 109s v1.21.1<\/pre>\n<p>\u3067\u306f\u3053\u306eKubernetes\u4e0a\u306b\u3001MSR\u304b\u3089\u30a4\u30e1\u30fc\u30b8\u3092\u30d7\u30eb\u3057\u3066Pod\u3092\u8d77\u52d5\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002\u30ed\u30b0\u30a4\u30f3\u304c\u5fc5\u8981\u306a\u30b3\u30f3\u30c6\u30ca\u30a4\u30e1\u30fc\u30b8\u30ec\u30b8\u30b9\u30c8\u30ea\u304b\u3089\u30d7\u30eb\u3059\u308b\u306b\u306fSecret\u3092\u4f7f\u3044\u307e\u3059\u3002\u8a73\u7d30\u306f<a href=\"https:\/\/kubernetes.io\/docs\/tasks\/configure-pod-container\/pull-image-private-registry\/#create-a-secret-by-providing-credentials-on-the-command-line\">Create a Secret by providing credentials on the command line<\/a>\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>\u307e\u305a\u3001MSR\u306eWebUI\u306bbob\u30e6\u30fc\u30b6\u3067\u30ed\u30b0\u30a4\u30f3\u3057\u307e\u3059\u3002\u5de6\u306e\u30b5\u30a4\u30c9\u30d0\u30fc\u306e bob \u3092\u30af\u30ea\u30c3\u30af\u3057\u3001Profile\u3092\u958b\u304d\u3001\u4e0a\u306eAccess Tokens\u30bf\u30d6\u3092\u958b\u304d\u307e\u3059\u3002<\/p>\n<p><img decoding=\"async\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/01\/msr-3-10-token-list.png\" alt=\"\"><\/p>\n<p>New access token\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u307e\u3059\u3002\u3053\u3053\u3067\u306fDescription\u306b\u300ckind\u300d\u3068\u5165\u529b\u3057\u3001Create\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u307e\u3059\u3002<\/p>\n<p><img decoding=\"async\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/01\/msr-3-11-token-desc.png\" alt=\"\"><\/p>\n<p>\u8868\u793a\u3055\u308c\u305f\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3092\u3069\u3053\u304b\u5b89\u5168\u306a\u5834\u6240\u306b\u4fdd\u5b58\u3057\u3066\u304a\u304d\u307e\u3059\u3002\u4e8c\u5ea6\u3068\u8868\u793a\u3055\u308c\u306a\u3044\u306e\u3067\u6ce8\u610f\u3057\u307e\u3057\u3087\u3046\u3002\u3053\u306e\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u306f\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u4ee3\u308f\u308a\u3068\u3057\u3066\u5229\u7528\u3067\u304d\u307e\u3059\u3002\u305f\u3060\u3057WebUI\u306e\u30ed\u30b0\u30a4\u30f3\u7528\u306b\u306f\u4f7f\u3048\u307e\u305b\u3093\u3002<\/p>\n<p><img decoding=\"async\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/01\/msr-3-12-token-create.png\" alt=\"\"><\/p>\n<p>\u3053\u306e\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3092Kubernetes\u306eSecret\u3068\u3057\u3066\u4fdd\u5b58\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">% kubectl create secret docker-registry bob-msr --docker-server=https:\/\/192.168.56.101:30211\/ --docker-username=bob --docker-password=cd22a466-4fd5-43d7-9e0a-d27d0380ca9c\nsecret\/bob-msr created<\/pre>\n<p>\u6b21\u306eYAML\u30de\u30cb\u30d5\u30a7\u30b9\u30c8\u3067Pod\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"yaml\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">apiVersion: v1\nkind: Pod\nmetadata:\nname: bob-logstash\nspec:\nrestartPolicy: Never\ncontainers:\n- image: 192.168.56.101:30211\/creationline\/logstash:7.13.3\nname: logstash\ncommand: [ &quot;echo&quot;, &quot;hello-world&quot; ]\nimagePullSecrets:\n- name: bob-msr<\/pre>\n<p>\u3067\u306f\u3001\u3053\u306ePod\u3092\u30c7\u30d7\u30ed\u30a4\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">% kubectl apply -f bob-msr.yaml\npod\/bob-logstash created\n% kubectl get pod\nNAME READY STATUS RESTARTS AGE\nbob-logstash 0\/1 Completed 0 13s\n% kubectl logs bob-logstash\nhello-world<\/pre>\n<p>\u60f3\u5b9a\u901a\u308a\u306b\u52d5\u4f5c\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u78ba\u8a8d\u3067\u304d\u307e\u3057\u305f\u3002\u5ff5\u306e\u305f\u3081describe\u306e\u7d50\u679c\u3082\u898b\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">% kubectl describe pod bob-logstash\nName: bob-logstash\nNamespace: default\nPriority: 0\nNode: kind-control-plane\/172.20.0.2\nStart Time: Wed, 05 Jan 2022 15:14:20 +0900\nLabels:\nAnnotations:\nStatus: Succeeded\nIP: 10.244.0.6\nIPs:\nIP: 10.244.0.6\nContainers:\nlogstash:\nContainer ID: containerd:\/\/9f25e41641b7cc77a321e111eeee954047d7d75e72c4d3087420fa97aab09ce2\nImage: 192.168.56.101:30211\/creationline\/logstash:7.13.3\nImage ID: 192.168.56.101:30211\/creationline\/logstash@sha256:a24e6faa2337f4deaa903eb9036f01387414252d3f6649f0bfe471b897310c63\nPort:\nHost Port:\nCommand:\necho\nhello-world\nState: Terminated\nReason: Completed\nExit Code: 0\nStarted: Wed, 05 Jan 2022 15:14:22 +0900\nFinished: Wed, 05 Jan 2022 15:14:22 +0900\nReady: False\nRestart Count: 0\nEnvironment:\nMounts:\n\/var\/run\/secrets\/kubernetes.io\/serviceaccount from kube-api-access-sn5bz (ro)\nConditions:\nType Status\nInitialized True\nReady False\nContainersReady False\nPodScheduled True\nVolumes:\nkube-api-access-sn5bz:\nType: Projected (a volume that contains injected data from multiple sources)\nTokenExpirationSeconds: 3607\nConfigMapName: kube-root-ca.crt\nConfigMapOptional:\nDownwardAPI: true\nQoS Class: BestEffort\nNode-Selectors:\nTolerations: node.kubernetes.io\/not-ready:NoExecute op=Exists for 300s\nnode.kubernetes.io\/unreachable:NoExecute op=Exists for 300s\nEvents:\nType Reason Age From Message\n---- ------ ---- ---- -------\nNormal Scheduled 109s default-scheduler Successfully assigned default\/bob-logstash to kind-control-plane\nNormal Pulling 108s kubelet Pulling image &quot;192.168.56.101:30211\/creationline\/logstash:7.13.3&quot;\nNormal Pulled 65s kubelet Successfully pulled image &quot;192.168.56.101:30211\/creationline\/logstash:7.13.3&quot; in 42.99685449s\nNormal Pulled 6s kubelet Container image &quot;192.168.56.101:30211\/creationline\/logstash:7.13.3&quot; already present on machine\nNormal Created 4s kubelet Created container logstash\nNormal Started 4s kubelet Started container logstash<\/pre>\n<p>MSR\u304b\u3089\u30a4\u30e1\u30fc\u30b8\u3092\u30d7\u30eb\u3057\u3066Pod\u3092\u8d77\u52d5\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3059\u3002<\/p>\n<h2>MSR\u306e\u8106\u5f31\u6027\u30b9\u30ad\u30e3\u30f3\u3068\u305d\u306e\u5fdc\u7528\u4f8b<\/h2>\n<p>\u3055\u3066\u3001\u5148\u307b\u3069MSR\u306b\u30d7\u30c3\u30b7\u30e5\u3057\u305f logstash:7.13.3 \u306e\u8106\u5f31\u6027\u30b9\u30ad\u30e3\u30f3\u3082\u305d\u308d\u305d\u308d\u7d42\u308f\u3063\u3066\u3044\u308b\u3053\u308d\u3067\u3057\u3087\u3046\u3002WebUI\u304b\u3089\u78ba\u8a8d\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<p><img decoding=\"async\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/01\/msr-3-13-scan-complete.png\" alt=\"\"><\/p>\n<p>Vulnerabilities\u304c\u66f4\u65b0\u3055\u308c\u3066\u3001Critical\u304c14\u3001High\u304c95\u3082\u3042\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3059\u3002View details\u3092\u30af\u30ea\u30c3\u30af\u3057\u3066\u8a73\u7d30\u3092\u898b\u3066\u307f\u307e\u3059\u3002<\/p>\n<p><img decoding=\"async\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/01\/msr-3-14-scan-detail.png\" alt=\"\"><\/p>\n<p>\u3053\u306e\u3088\u3046\u306b\u30012021\u5e74\u672b\u306b\u8a71\u984c\u3068\u306a\u3063\u305f<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-44228\">log4shell\u306e\u8106\u5f31\u6027<\/a>\u3082\u304d\u3061\u3093\u3068\u691c\u51fa\u3067\u304d\u3066\u3044\u307e\u3059\u3002MSR\u306e\u8106\u5f31\u6027\u30b9\u30ad\u30e3\u30f3\u3092\u5229\u7528\u3059\u308b\u3053\u3068\u3067\u5371\u967a\u306a\u30a4\u30e1\u30fc\u30b8\u3092\u767a\u898b\u3059\u308b\u3060\u3051\u3067\u306a\u304f\u3001\u4f7f\u7528\u3092\u7981\u6b62\u3059\u308b\u3053\u3068\u3082\u53ef\u80fd\u3067\u3059\u3002<br \/>\n\u4f8b\u3048\u3070\u3001\u300cCritical\u306a\u8106\u5f31\u6027\u306e\u6570\u304c3\u672a\u6e80\u3067\u3042\u308c\u3070\u30d7\u30eb\u3092\u8a31\u53ef\u3059\u308b\u300d\u3068\u3044\u3046\u30dd\u30ea\u30b7\u30fc\u3092\u5b9a\u7fa9\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n<p><img decoding=\"async\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/01\/msr-3-15-enfocement.png\" alt=\"\"><\/p>\n<p>\u3053\u306e\u72b6\u614b\u3067 logstash:7.13.3 \u3092\u30d7\u30eb\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">% docker image pull 192.168.56.101:30211\/creationline\/logstash:7.13.3\nError response from daemon: unknown: pull access denied against creationline\/logstash: enforcement policies '381ef99c-d2c9-4a8e-a45f-42812d18c763' blocked request<\/pre>\n<p>\u3053\u306e\u3088\u3046\u306b\u3001\u30dd\u30ea\u30b7\u30fc\u9055\u53cd\u306e\u305f\u3081\u30d7\u30eb\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002\u30dd\u30ea\u30b7\u30fc\u306e\u8a2d\u5b9a\u6b21\u7b2c\u3067\u3001\u5b89\u5168\u306a\u30a4\u30e1\u30fc\u30b8\u306e\u307f\u3092\u30b3\u30f3\u30c6\u30ca\u3042\u308b\u3044\u306fPod\u3068\u3057\u3066\u5229\u7528\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<h2>\u307e\u3068\u3081<\/h2>\n<p>\u672c\u7a3f\u3067\u306f\u3001MKE\u304b\u3089\u72ec\u7acb\u3057\u3066\u5229\u7528\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u3063\u305fMirantis Secure Registry (MSR)\u30d0\u30fc\u30b8\u30e7\u30f33.0.0\u3092\u3001Vagrant\/Virtualbox\u4e0a\u306bk0s\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305f1\u30ce\u30fc\u30c9Kubernetes\u306b\u30c7\u30d7\u30ed\u30a4\u3057\u3001\u30e6\u30fc\u30b6\u30fb\u30c1\u30fc\u30e0\u30fb\u30aa\u30fc\u30ac\u30cb\u30bc\u30fc\u30b7\u30e7\u30f3\u3092\u4f5c\u6210\u3057\u3066\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u6a5f\u80fd\u3092\u7c21\u5358\u306b\u78ba\u8a8d\u3057\u3001MSR\u306b\u30d7\u30c3\u30b7\u30e5\u3057\u305f\u30a4\u30e1\u30fc\u30b8\u3092\u5225\u306eKubernetes\u3067\u5229\u7528\u3057\u3066\u307f\u307e\u3057\u305f\u3002\u307e\u305fMSR\u306e\u76ee\u7389\u6a5f\u80fd\u306e\u4e00\u3064\u3067\u3042\u308b\u8106\u5f31\u6027\u30b9\u30ad\u30e3\u30f3\u306b\u3088\u308b\u30a4\u30e1\u30fc\u30b8\u306e\u5229\u7528\u53ef\u80fd\u30dd\u30ea\u30b7\u30fc\u306e\u8a2d\u5b9a\u3082\u7c21\u5358\u306b\u898b\u3066\u307f\u307e\u3057\u305f\u3002<br \/>\n\u300c\u8106\u5f31\u6027\u30b9\u30ad\u30e3\u30f3\u3084\u30e6\u30fc\u30b6\u7ba1\u7406\u306f\u884c\u3044\u305f\u3044\u304c\u3001Docker Hub\u3067\u306f\u306a\u304f\u81ea\u793e\u30a4\u30f3\u30d5\u30e9\u5185\u306b\u30a4\u30e1\u30fc\u30b8\u30ec\u30b8\u30b9\u30c8\u30ea\u3092\u7f6e\u304d\u305f\u3044\u300d\u300cMSR\u306e\u6a5f\u80fd\u306f\u9b45\u529b\u3060\u304c\u3001\u65e2\u306bKubernetes\u30af\u30e9\u30b9\u30bf\u3092\u6301\u3063\u3066\u3044\u308b\u306e\u3067\u3001MKE\u5fc5\u9808\u3067\u306f\u96e3\u3057\u3044\u300d\u3068\u3044\u3063\u305f\u30cb\u30fc\u30ba\u3092\u6e80\u305f\u305b\u308b\u88fd\u54c1\u3068\u306a\u3063\u305f\u3068\u601d\u3044\u307e\u3059\u3002<br \/>\n\u3054\u89a7\u3044\u305f\u3060\u3044\u305f\u3088\u3046\u306b\u3001k0s\u4e0a\u306b\u3082\u7c21\u5358\u306b\u30c7\u30d7\u30ed\u30a4\u3067\u304d\u308b\u306e\u3067\u3001\u6c17\u8efd\u306b\u304a\u8a66\u3057\u3044\u305f\u3060\u304f\u3053\u3068\u3082\u53ef\u80fd\u3067\u3059\u3002<br \/>\n\u88fd\u54c1\u306b\u95a2\u3059\u308b\u8cea\u554f\u3084\u4fa1\u683c\u3001\u30e9\u30a4\u30bb\u30f3\u30b9\u4f53\u7cfb\u306a\u3069\u306b\u3064\u304d\u307e\u3057\u3066\u306f<a href=\"\/contact\">\u3053\u3061\u3089\u304b\u3089\u304a\u554f\u3044\u5408\u308f\u305b<\/a>\u304f\u3060\u3055\u3044\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mirantis Secure Registry\u3068\u306f\u3001Docker\u30b3\u30f3\u30c6\u30ca\u30a4\u30e1\u30fc\u30b8\u3084Helm Chart\u3092\u5b89\u5168\u306b\u4fdd\u7ba1\u30fb\u5171\u6709\u30fb\u7ba1\u7406\u3067\u304d\u308b\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30ec\u30b8\u30b9\u30c8\u30ea\u3067\u3059\u30022021\u5e74\u672b\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f\u30d0\u30fc\u30b8\u30e7\u30f33.0.0\u306b\u3066\u3001\u5f93\u6765 [&#8230;]<\/p>\n","protected":false},"author":2,"featured_media":44839,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[31,43,122,540],"tags":[],"class_list":["post-47938","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-higuchi","category-docker","category-kubernetes","category-mirantis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Mirantis Secure Registry 3 (MSR)\u3092k0s\u3067\u52d5\u304b\u305d\u3046 #k0s #msr #k8s #kubernetes #mirantis - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3<\/title>\n<meta name=\"description\" content=\"d-higuchi, Docker, Kubernetes, Mirantis |Mirantis Secure Registry\u3068\u306f\u3001Docker\u30b3\u30f3\u30c6\u30ca\u30a4\u30e1\u30fc\u30b8\u3084Helm\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker\/47938\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mirantis Secure Registry 3 (MSR)\u3092k0s\u3067\u52d5\u304b\u305d\u3046 #k0s #msr #k8s #kubernetes #mirantis - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3\" \/>\n<meta property=\"og:description\" content=\"d-higuchi, Docker, Kubernetes, Mirantis |Mirantis Secure Registry\u3068\u306f\u3001Docker\u30b3\u30f3\u30c6\u30ca\u30a4\u30e1\u30fc\u30b8\u3084Helm\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker\/47938\" \/>\n<meta property=\"og:site_name\" content=\"Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/creationline\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-07T03:00:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-27T13:20:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/09\/msr-blog-image-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"768\" \/>\n\t<meta property=\"og:image:height\" content=\"576\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Daisuke Higuchi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@creationline\" \/>\n<meta name=\"twitter:site\" content=\"@creationline\" \/>\n<meta name=\"twitter:label1\" content=\"\u57f7\u7b46\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"Daisuke Higuchi\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"15\u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/docker\\\/47938#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/docker\\\/47938\"},\"author\":{\"name\":\"Daisuke Higuchi\",\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/#\\\/schema\\\/person\\\/16f1373831fb6fd17387f16ae1195206\"},\"headline\":\"Mirantis Secure Registry 3 (MSR)\u3092k0s\u3067\u52d5\u304b\u305d\u3046 #k0s #msr #k8s #kubernetes #mirantis\",\"datePublished\":\"2022-01-07T03:00:28+00:00\",\"dateModified\":\"2026-05-27T13:20:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/docker\\\/47938\"},\"wordCount\":347,\"image\":{\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/docker\\\/47938#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cms_x3GWkuX\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/msr-blog-image-1.png\",\"articleSection\":[\"d-higuchi\",\"Docker\",\"Kubernetes\",\"Mirantis\"],\"inLanguage\":\"ja\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/docker\\\/47938\",\"url\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/docker\\\/47938\",\"name\":\"Mirantis Secure Registry 3 (MSR)\u3092k0s\u3067\u52d5\u304b\u305d\u3046 #k0s #msr #k8s #kubernetes #mirantis - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/docker\\\/47938#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/docker\\\/47938#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cms_x3GWkuX\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/msr-blog-image-1.png\",\"datePublished\":\"2022-01-07T03:00:28+00:00\",\"dateModified\":\"2026-05-27T13:20:59+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/#\\\/schema\\\/person\\\/16f1373831fb6fd17387f16ae1195206\"},\"description\":\"d-higuchi, Docker, Kubernetes, Mirantis |Mirantis Secure Registry\u3068\u306f\u3001Docker\u30b3\u30f3\u30c6\u30ca\u30a4\u30e1\u30fc\u30b8\u3084Helm\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/docker\\\/47938#breadcrumb\"},\"inLanguage\":\"ja\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/docker\\\/47938\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/docker\\\/47938#primaryimage\",\"url\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cms_x3GWkuX\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/msr-blog-image-1.png\",\"contentUrl\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cms_x3GWkuX\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/msr-blog-image-1.png\",\"width\":768,\"height\":576},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/docker\\\/47938#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"HOME\",\"item\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u30af\u30e9\u30a6\u30c9\u30cd\u30a4\u30c6\u30a3\u30d6\",\"item\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Docker\",\"item\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cloudnative\\\/docker\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Mirantis Secure Registry 3 (MSR)\u3092k0s\u3067\u52d5\u304b\u305d\u3046 #k0s #msr #k8s #kubernetes #mirantis\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/#website\",\"url\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/\",\"name\":\"Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3\",\"description\":\"\u30a2\u30b8\u30e3\u30a4\u30eb\uff06DevOps\u3001\u30af\u30e9\u30a6\u30c9\u30cd\u30a4\u30c6\u30a3\u30d6\u3001AI\uff06LLM\u306e\u5148\u7aef\u6280\u8853\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ja\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/#\\\/schema\\\/person\\\/16f1373831fb6fd17387f16ae1195206\",\"name\":\"Daisuke Higuchi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cms_x3GWkuX\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/pngout-25-230x230.png\",\"url\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cms_x3GWkuX\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/pngout-25-230x230.png\",\"contentUrl\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/cms_x3GWkuX\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/pngout-25-230x230.png\",\"caption\":\"Daisuke Higuchi\"},\"description\":\"\u306f\u3084\u308a\u306e\u6280\u8853\u8981\u7d20\u306b\u52a0\u3048\u3066\u3001\u4f1a\u8b70\u306e\u9032\u3081\u65b9\u30fb\u6587\u7ae0\u306e\u66f8\u304d\u65b9\u306a\u3069\u306e\u696d\u52d9\u6539\u5584\u306b\u3082\u53d6\u308a\u7d44\u3093\u3067\u3044\u307e\u3059\u3002\u300cChef\u6d3b\u7528\u30ac\u30a4\u30c9\u300d\u5171\u8457\u306e\u307b\u304b\u3001Debian Official Developer\u3082\u3084\u3063\u3066\u3044\u307e\u3059\u3002\",\"url\":\"https:\\\/\\\/www.creationline.com\\\/tech-blog\\\/author\\\/higuchi\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mirantis Secure Registry 3 (MSR)\u3092k0s\u3067\u52d5\u304b\u305d\u3046 #k0s #msr #k8s #kubernetes #mirantis - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","description":"d-higuchi, Docker, Kubernetes, Mirantis |Mirantis Secure Registry\u3068\u306f\u3001Docker\u30b3\u30f3\u30c6\u30ca\u30a4\u30e1\u30fc\u30b8\u3084Helm","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker\/47938","og_locale":"ja_JP","og_type":"article","og_title":"Mirantis Secure Registry 3 (MSR)\u3092k0s\u3067\u52d5\u304b\u305d\u3046 #k0s #msr #k8s #kubernetes #mirantis - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","og_description":"d-higuchi, Docker, Kubernetes, Mirantis |Mirantis Secure Registry\u3068\u306f\u3001Docker\u30b3\u30f3\u30c6\u30ca\u30a4\u30e1\u30fc\u30b8\u3084Helm","og_url":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker\/47938","og_site_name":"Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","article_publisher":"https:\/\/www.facebook.com\/creationline","article_published_time":"2022-01-07T03:00:28+00:00","article_modified_time":"2026-05-27T13:20:59+00:00","og_image":[{"width":768,"height":576,"url":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/09\/msr-blog-image-1.png","type":"image\/png"}],"author":"Daisuke Higuchi","twitter_card":"summary_large_image","twitter_creator":"@creationline","twitter_site":"@creationline","twitter_misc":{"\u57f7\u7b46\u8005":"Daisuke Higuchi","\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593":"15\u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker\/47938#article","isPartOf":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker\/47938"},"author":{"name":"Daisuke Higuchi","@id":"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/16f1373831fb6fd17387f16ae1195206"},"headline":"Mirantis Secure Registry 3 (MSR)\u3092k0s\u3067\u52d5\u304b\u305d\u3046 #k0s #msr #k8s #kubernetes #mirantis","datePublished":"2022-01-07T03:00:28+00:00","dateModified":"2026-05-27T13:20:59+00:00","mainEntityOfPage":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker\/47938"},"wordCount":347,"image":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker\/47938#primaryimage"},"thumbnailUrl":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/09\/msr-blog-image-1.png","articleSection":["d-higuchi","Docker","Kubernetes","Mirantis"],"inLanguage":"ja"},{"@type":"WebPage","@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker\/47938","url":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker\/47938","name":"Mirantis Secure Registry 3 (MSR)\u3092k0s\u3067\u52d5\u304b\u305d\u3046 #k0s #msr #k8s #kubernetes #mirantis - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","isPartOf":{"@id":"https:\/\/www.creationline.com\/tech-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker\/47938#primaryimage"},"image":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker\/47938#primaryimage"},"thumbnailUrl":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/09\/msr-blog-image-1.png","datePublished":"2022-01-07T03:00:28+00:00","dateModified":"2026-05-27T13:20:59+00:00","author":{"@id":"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/16f1373831fb6fd17387f16ae1195206"},"description":"d-higuchi, Docker, Kubernetes, Mirantis |Mirantis Secure Registry\u3068\u306f\u3001Docker\u30b3\u30f3\u30c6\u30ca\u30a4\u30e1\u30fc\u30b8\u3084Helm","breadcrumb":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker\/47938#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker\/47938"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker\/47938#primaryimage","url":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/09\/msr-blog-image-1.png","contentUrl":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/09\/msr-blog-image-1.png","width":768,"height":576},{"@type":"BreadcrumbList","@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker\/47938#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"HOME","item":"https:\/\/www.creationline.com\/tech-blog"},{"@type":"ListItem","position":2,"name":"\u30af\u30e9\u30a6\u30c9\u30cd\u30a4\u30c6\u30a3\u30d6","item":"https:\/\/www.creationline.com\/tech-blog\/cloudnative"},{"@type":"ListItem","position":3,"name":"Docker","item":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/docker"},{"@type":"ListItem","position":4,"name":"Mirantis Secure Registry 3 (MSR)\u3092k0s\u3067\u52d5\u304b\u305d\u3046 #k0s #msr #k8s #kubernetes #mirantis"}]},{"@type":"WebSite","@id":"https:\/\/www.creationline.com\/tech-blog\/#website","url":"https:\/\/www.creationline.com\/tech-blog\/","name":"Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","description":"\u30a2\u30b8\u30e3\u30a4\u30eb\uff06DevOps\u3001\u30af\u30e9\u30a6\u30c9\u30cd\u30a4\u30c6\u30a3\u30d6\u3001AI\uff06LLM\u306e\u5148\u7aef\u6280\u8853","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.creationline.com\/tech-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/16f1373831fb6fd17387f16ae1195206","name":"Daisuke Higuchi","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2026\/05\/pngout-25-230x230.png","url":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2026\/05\/pngout-25-230x230.png","contentUrl":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2026\/05\/pngout-25-230x230.png","caption":"Daisuke Higuchi"},"description":"\u306f\u3084\u308a\u306e\u6280\u8853\u8981\u7d20\u306b\u52a0\u3048\u3066\u3001\u4f1a\u8b70\u306e\u9032\u3081\u65b9\u30fb\u6587\u7ae0\u306e\u66f8\u304d\u65b9\u306a\u3069\u306e\u696d\u52d9\u6539\u5584\u306b\u3082\u53d6\u308a\u7d44\u3093\u3067\u3044\u307e\u3059\u3002\u300cChef\u6d3b\u7528\u30ac\u30a4\u30c9\u300d\u5171\u8457\u306e\u307b\u304b\u3001Debian Official Developer\u3082\u3084\u3063\u3066\u3044\u307e\u3059\u3002","url":"https:\/\/www.creationline.com\/tech-blog\/author\/higuchi"}]}},"_links":{"self":[{"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/posts\/47938","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/comments?post=47938"}],"version-history":[{"count":17,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/posts\/47938\/revisions"}],"predecessor-version":[{"id":84032,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/posts\/47938\/revisions\/84032"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/media\/44839"}],"wp:attachment":[{"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/media?parent=47938"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/categories?post=47938"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/tags?post=47938"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}