Update registry template (#8198)

* Add registry replica setting * Add registry liveness and readiness probe * Set the security context for registry * Add registry pvc access mode option * registry add replica requirement check * docs: add registry replicas setting note * Update docs/kubernetes-apps/registry.md Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com> Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
3 years ago · e35a87e3eb
4 changed files with 20 additions and 1 deletions
--- a/docs/kubernetes-apps/registry.md
+++ b/docs/kubernetes-apps/registry.md
@ -140,6 +140,8 @@ spec:
 ```
 <!-- END MUNGE: EXAMPLE registry-rc.yaml -->

+*Note:* that if you have set multiple replicas, make sure your CSI driver has support for the `ReadWriteMany` accessMode.
+
 ## Expose the registry in the cluster

 Now that we have a registry `Pod` running, we can expose it as a Service:
--- a/roles/kubernetes-apps/registry/defaults/main.yml
+++ b/roles/kubernetes-apps/registry/defaults/main.yml
@ -1,5 +1,7 @@
 ---
 registry_namespace: "kube-system"
 registry_storage_class: ""
+registry_storage_access_mode: "ReadWriteOnce"
 registry_disk_size: "10Gi"
 registry_port: 5000
+registry_replica_count: 1
--- a/roles/kubernetes-apps/registry/templates/registry-pvc.yml.j2
+++ b/roles/kubernetes-apps/registry/templates/registry-pvc.yml.j2
@ -8,7 +8,7 @@ metadata:
    addonmanager.kubernetes.io/mode: Reconcile
 spec:
  accessModes:
-    - ReadWriteOnce
+    - {{ registry_storage_access_mode }}
  storageClassName: {{ registry_storage_class }}
  resources:
    requests:
--- a/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2
+++ b/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2
@ -9,7 +9,11 @@ metadata:
    version: v{{ registry_image_tag }}
    addonmanager.kubernetes.io/mode: Reconcile
 spec:
+{% if registry_storage_class != "" and registry_storage_access_mode == "ReadWriteMany" %}
+  replicas: {{ registry_replica_count }}
+{% else %}
  replicas: 1
+{% endif %}
  selector:
    matchLabels:
      k8s-app: registry
@ -22,6 +26,9 @@ spec:
    spec:
      priorityClassName: {% if registry_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
      serviceAccountName: registry
+      securityContext:
+        fsGroup: 1000
+        runAsUser: 1000
      containers:
        - name: registry
          image: {{ registry_image_repo }}:{{ registry_image_tag }}
@ -38,6 +45,14 @@ spec:
            - containerPort: {{ registry_port }}
              name: registry
              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: {{ registry_port }}
+          readinessProbe:
+            httpGet:
+              path: /
+              port: {{ registry_port }}
      volumes:
        - name: registry-pvc
 {% if registry_storage_class != "" %}