Prerequisites

You must have cert-manager and the Postgres Operator in place before you can install MSR using the offline method.

Tip

To mitigate the risk of security breaches and exploits, Mirantis strongly recommends upgrading any third-party components that are already installed to the latest supported version before proceeding with installation.

Install cert-manager

Important

The cert-manager version must be 1.7.2 or later.

1. Run the following helm install command:

   helm install cert-manager jetstack/cert-manager \
   --version 1.12.3 \
   --set installCRDs=true \
   -f my_certmanager_values.yaml
   

2. Verify that cert-manager is in the Running state:

   kubectl get pods
   

   If any of the cert-manager Pods are not in the Running state, run kubectl describe on each Pod:

   kubectl describe <cert-manager-pod-name>
   

   Note

   To troubleshoot the issues that present in the kubectl describe command output, refer to Troubleshooting in the official cert-manager documentation.

Install Postgres Operator

Important

The Postgres Operator version you install must be 1.10.0 or later, as all versions up through 1.8.2 use the PodDisruptionBudget policy/v1beta1 Kubernetes API, which is no longer served as of Kubernetes 1.25. This being the case, various MSR features may not function properly if a Postgres Operator prior to 1.10.0 is installed alongside MSR on Kubernetes 1.25 or later.

1. Run the following helm install command, including spilo_* parameters:

   helm install postgres-operator postgres-operator/postgres-operator \
   --version 1.12.2 \
   --set configKubernetes.spilo_runasuser=101 \
   --set configKubernetes.spilo_runasgroup=103 \
   --set configKubernetes.spilo_fsgroup=103 \
   -f my_postgres_values.yaml
   

2. Verify that Postgres Operator is in the Running state:

   kubectl get pods
   

   To troubleshoot a failing Postgres Operator Pod, run the following command:

   kubectl describe <postgres-operator-pod-name>
   

   Review the Pod logs for more detailed results:

   kubectl logs <postgres-operator-pod-name>
   

Note

By default, MSR uses the persistent volume claims detailed in Volumes.

If you have a pre-existing PersistentVolume that contains image blob data that you intend to use with a new instance of MSR, you can use Helm to provide the new instance with the name of the associated PersistentVolumeClaim:

--set registry.storage.persistentVolume.existingClaim=<pre-existing-msr-pvc>

This setting indicates the <release-name> PVC referred to in Volumes.

See also

• Helm official documentation: Helm Install

• cert-manager official documentation

• Postgres Operator official documentation