Prerequisites

You must have the following key components in place before you can install MSR using the online method: a Kubernetes platform, cert-manager, and the Postgres Operator.

To prepare your Kubernetes environment:

  1. Install and configure your Kubernetes distribution.

  2. Ensure that the default StorageClass on your cluster supports the dynamic provisioning of volumes. If necessary, refer to the Kubernetes documentation Change the default StorageClass.

    If no default StorageClass is set, you can specify a StorageClass for MSR to use by providing the following additional parameters to MSR when running the helm install command:

    --set registry.storage.persistentVolume.storageClass=<my-storageclass>
    --set postgresql.volume.storageClass=<my-storageclass>
    --set rethinkdb.cluster.persistentVolume.storageClass=<my-storageclass>
    

    The first of these three parameters is only applicable when you install MSR with a persistentVolume back end, the default setting:

    --set registry.storage.backend=persistentVolume
    

    MSR creates PersistentVolumeClaims with either the ReadWriteOnce or the ReadWriteMany access modes, depending on the purpose for which they are created. Thus the StorageClass provisioner that MSR uses must be able to provision PersistentVolumes with at least the ReadWriteOnce and ReadWriteMany access modes.

    The <release-name> PVC is created by default with the ReadWriteMany access mode. If you choose to install MSR with a persistentVolume back end, you can override this default access mode with the following parameter when running the helm install command:

    --set registry.storage.persistentVolume.accessMode=<new-access-mode>
    

To install cert-manager:

Important

The cert-manager version must be 1.7.2 or later.

  1. Run the following helm install command:

    helm repo add jetstack https://charts.jetstack.io
    
    helm repo update
    
    helm install cert-manager jetstack/cert-manager \
       --version 1.7.2 \
       --set installCRDs=true
    
  2. Verify that cert-manager is in the Running state:

    kubectl get pods
    

    If any of the cert-manager Pods are not in the Running state, run kubectl describe on each Pod:

    kubectl describe <cert-manager-pod-name>
    

    Note

    To troubleshoot the issues that present in the kubectl describe command output, refer to Troubleshooting in the official cert-manager documentation.

To install Postgres Operator:

Important

The Postgres Operator version must be 1.9.0 or later. 1

  1. Run the following helm install command, including spilo_* parameters:

    helm repo add postgres-operator \
      https://opensource.zalando.com/postgres-operator/charts/postgres-operator/
    
    helm repo update
    
    helm install postgres-operator postgres-operator/postgres-operator \
      --version <version> \
      --set configKubernetes.spilo_runasuser=101 \
      --set configKubernetes.spilo_runasgroup=103 \
      --set configKubernetes.spilo_fsgroup=103
    
  2. Verify that Postgres Operator is in the Running state:

    kubectl get pods
    

    To troubleshoot a failing Postgres Operator Pod, run the following command:

    kubectl describe <postgres-operator-pod-name>
    

    Review the Pod logs for more detailed results:

    kubectl logs <postgres-operator-pod-name>
    

Note

By default, MSR uses the persistent volume claims detailed in Volumes.

If you have a pre-existing PersistentVolume that contains image blob data that you intend to use with a new instance of MSR, you can use Helm to provide the new instance with the name of the associated PersistentVolumeClaim:

--set registry.storage.persistentVolume.existingClaim=<pre-existing-msr-pvc>

This setting indicates the <release-name> PVC referred to in volumes.

1

Postgres Operator up through 1.8.2 uses the PodDisruptionBudget policy/v1beta1 Kubernetes API, which is no longer served as of Kubernetes 1.25. As such, various features of MSR may not function properly if Postgres Operator 1.8.2 or earlier is installed alongside MSR on Kube v1.25 or later.