Prerequisites

You must have cert-manager and the Postgres Operator in place before you can install MSR using the offline method.

Install cert-manager

Important

The cert-manager version must be 1.7.2 or later.

  1. Run the following helm install command:

    helm install cert-manager jetstack/cert-manager \
    --version 1.7.2 \
    --set installCRDs=true \
    -f my_certmanager_values.yaml
    
  2. Verify that cert-manager is in the Running state:

    kubectl get pods
    

    If any of the cert-manager Pods are not in the Running state, run kubectl describe on each Pod:

    kubectl describe <cert-manager-pod-name>
    

    Note

    To troubleshoot the issues that present in the kubectl describe command output, refer to Troubleshooting in the official cert-manager documentation.

Install Postgres Operator

Important

The Postgres Operator version you install must be 1.10.0 or later, as all versions up through 1.8.2 use the PodDisruptionBudget policy/v1beta1 Kubernetes API, which is no longer served as of Kubernetes 1.25. This being the case, various MSR features may not function properly if a Postgres Operator prior to 1.10.0 is installed alongside MSR on Kubernetes 1.25 or later.

  1. Run the following helm install command, including spilo_* parameters:

    helm install postgres-operator postgres-operator/postgres-operator \
    --version <version> \
    --set configKubernetes.spilo_runasuser=101 \
    --set configKubernetes.spilo_runasgroup=103 \
    --set configKubernetes.spilo_fsgroup=103 \
    -f my_postgres_values.yaml
    
  2. Verify that Postgres Operator is in the Running state:

    kubectl get pods
    

    To troubleshoot a failing Postgres Operator Pod, run the following command:

    kubectl describe <postgres-operator-pod-name>
    

    Review the Pod logs for more detailed results:

    kubectl logs <postgres-operator-pod-name>
    

Note

By default, MSR uses the persistent volume claims detailed in Volumes.

If you have a pre-existing PersistentVolume that contains image blob data that you intend to use with a new instance of MSR, you can use Helm to provide the new instance with the name of the associated PersistentVolumeClaim:

--set registry.storage.persistentVolume.existingClaim=<pre-existing-msr-pvc>

This setting indicates the <release-name> PVC referred to in Volumes.