From e35a87e3eb903027cae0fcc8f007926a772ae4c8 Mon Sep 17 00:00:00 2001 From: zhengtianbao Date: Mon, 22 Nov 2021 04:45:09 -0600 Subject: [PATCH] Update registry template (#8198) * Add registry replica setting * Add registry liveness and readiness probe * Set the security context for registry * Add registry pvc access mode option * registry add replica requirement check * docs: add registry replicas setting note * Update docs/kubernetes-apps/registry.md Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com> Co-authored-by: Cristian Calin <6627509+cristicalin@users.noreply.github.com> --- docs/kubernetes-apps/registry.md | 2 ++ roles/kubernetes-apps/registry/defaults/main.yml | 2 ++ .../registry/templates/registry-pvc.yml.j2 | 2 +- .../registry/templates/registry-rs.yml.j2 | 15 +++++++++++++++ 4 files changed, 20 insertions(+), 1 deletion(-) diff --git a/docs/kubernetes-apps/registry.md b/docs/kubernetes-apps/registry.md index 77ff08caf..6ca814013 100644 --- a/docs/kubernetes-apps/registry.md +++ b/docs/kubernetes-apps/registry.md @@ -140,6 +140,8 @@ spec: ``` +*Note:* that if you have set multiple replicas, make sure your CSI driver has support for the `ReadWriteMany` accessMode. + ## Expose the registry in the cluster Now that we have a registry `Pod` running, we can expose it as a Service: diff --git a/roles/kubernetes-apps/registry/defaults/main.yml b/roles/kubernetes-apps/registry/defaults/main.yml index 6c7900d52..f3f55e2d7 100644 --- a/roles/kubernetes-apps/registry/defaults/main.yml +++ b/roles/kubernetes-apps/registry/defaults/main.yml @@ -1,5 +1,7 @@ --- registry_namespace: "kube-system" registry_storage_class: "" +registry_storage_access_mode: "ReadWriteOnce" registry_disk_size: "10Gi" registry_port: 5000 +registry_replica_count: 1 diff --git a/roles/kubernetes-apps/registry/templates/registry-pvc.yml.j2 b/roles/kubernetes-apps/registry/templates/registry-pvc.yml.j2 index 30b707460..dc3fa5a8c 100644 --- a/roles/kubernetes-apps/registry/templates/registry-pvc.yml.j2 +++ b/roles/kubernetes-apps/registry/templates/registry-pvc.yml.j2 @@ -8,7 +8,7 @@ metadata: addonmanager.kubernetes.io/mode: Reconcile spec: accessModes: - - ReadWriteOnce + - {{ registry_storage_access_mode }} storageClassName: {{ registry_storage_class }} resources: requests: diff --git a/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2 b/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2 index b3e46ff0e..9470db46d 100644 --- a/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2 +++ b/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2 @@ -9,7 +9,11 @@ metadata: version: v{{ registry_image_tag }} addonmanager.kubernetes.io/mode: Reconcile spec: +{% if registry_storage_class != "" and registry_storage_access_mode == "ReadWriteMany" %} + replicas: {{ registry_replica_count }} +{% else %} replicas: 1 +{% endif %} selector: matchLabels: k8s-app: registry @@ -22,6 +26,9 @@ spec: spec: priorityClassName: {% if registry_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}} serviceAccountName: registry + securityContext: + fsGroup: 1000 + runAsUser: 1000 containers: - name: registry image: {{ registry_image_repo }}:{{ registry_image_tag }} @@ -38,6 +45,14 @@ spec: - containerPort: {{ registry_port }} name: registry protocol: TCP + livenessProbe: + httpGet: + path: / + port: {{ registry_port }} + readinessProbe: + httpGet: + path: / + port: {{ registry_port }} volumes: - name: registry-pvc {% if registry_storage_class != "" %}