Update registry template (kubernetes-sigs#8198)

* Add registry replica setting * Add registry liveness and readiness probe * Set the security context for registry * Add registry pvc access mode option * registry add replica requirement check * docs: add registry replicas setting note * Update docs/kubernetes-apps/registry.md Co-authored-by: Cristian Calin <[email protected]> Co-authored-by: Cristian Calin <[email protected]>
southbridgeio · Jun 28, 2023 · e79ebad · e79ebad
1 parent 98299a1
commit e79ebad
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 1 deletion.
diff --git a/docs/kubernetes-apps/registry.md b/docs/kubernetes-apps/registry.md
@@ -140,6 +140,8 @@ spec:
 ```
 <!-- END MUNGE: EXAMPLE registry-rc.yaml -->
 
+*Note:* that if you have set multiple replicas, make sure your CSI driver has support for the `ReadWriteMany` accessMode.
+
 ## Expose the registry in the cluster
 
 Now that we have a registry `Pod` running, we can expose it as a Service:

diff --git a/roles/kubernetes-apps/registry/defaults/main.yml b/roles/kubernetes-apps/registry/defaults/main.yml
@@ -1,5 +1,7 @@
 ---
 registry_namespace: "kube-system"
 registry_storage_class: ""
+registry_storage_access_mode: "ReadWriteOnce"
 registry_disk_size: "10Gi"
 registry_port: 5000
+registry_replica_count: 1
diff --git a/roles/kubernetes-apps/registry/templates/registry-pvc.yml.j2 b/roles/kubernetes-apps/registry/templates/registry-pvc.yml.j2
@@ -8,7 +8,7 @@ metadata:
     addonmanager.kubernetes.io/mode: Reconcile
 spec:
   accessModes:
-    - ReadWriteOnce
+    - {{ registry_storage_access_mode }}
   storageClassName: {{ registry_storage_class }}
   resources:
     requests:

diff --git a/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2 b/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2
@@ -9,7 +9,11 @@ metadata:
     version: v{{ registry_image_tag }}
     addonmanager.kubernetes.io/mode: Reconcile
 spec:
+{% if registry_storage_class != "" and registry_storage_access_mode == "ReadWriteMany" %}
+  replicas: {{ registry_replica_count }}
+{% else %}
   replicas: 1
+{% endif %}
   selector:
     matchLabels:
       k8s-app: registry
@@ -22,6 +26,9 @@ spec:
     spec:
       priorityClassName: {% if registry_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
       serviceAccountName: registry
+      securityContext:
+        fsGroup: 1000
+        runAsUser: 1000
       containers:
         - name: registry
           image: {{ registry_image_repo }}:{{ registry_image_tag }}
@@ -38,6 +45,14 @@ spec:
             - containerPort: {{ registry_port }}
               name: registry
               protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: {{ registry_port }}
+          readinessProbe:
+            httpGet:
+              path: /
+              port: {{ registry_port }}
       volumes:
         - name: registry-pvc
 {% if registry_storage_class != "" %}