Skip to main content

Deployment in Kubernetes

The Registry API server can be deployed in various environments, from local development to production Kubernetes clusters.

Kubernetes deployment

The Registry API is designed to run as an independent deployment, possibly alongside the ToolHive Operator.

Although it is possible to run ToolHive Registry to use an in-memory store, it is unreliable to run multiple replicas as they would not share state, and we recommend running it with a proper Postgres database.

Deployment Example

deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: registry-api
spec:
  replicas: 1
  selector:
    matchLabels:
      app: registry-api
  template:
    metadata:
      labels:
        app: registry-api
    spec:
      containers:
        - name: registry-api
          image: ghcr.io/stacklok/thv-registry-api:latest
          args:
            - serve
            - --config=/etc/registry/config.yaml
          env:
            - name: PGPASSFILE
              value: /pgpass/.pgpass
          ports:
            - containerPort: 8080
              name: http
          volumeMounts:
            - name: config
              mountPath: /etc/registry/config.yaml
              subPath: config.yaml
              readOnly: true
            - name: pgpass
              mountPath: /etc/registry/pgpass
              subPath: pgpass
              readOnly: true
          livenessProbe:
            httpGet:
              path: /health
              port: 8080
            initialDelaySeconds: 30
            periodSeconds: 10
          readinessProbe:
            httpGet:
              path: /readiness
              port: 8080
            initialDelaySeconds: 5
            periodSeconds: 5
      volumes:
        - name: config
          configMap:
            name: registry-api-config
            items:
              - key: config.yaml
                path: config.yaml
        - name: pgpass
          secret:
            secretName: registry-api-pgpass
            items:
              - key: pgpass
                path: pgpass
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: registry-api-config
data:
  config.yaml: |
    registryName: my-registry
    registries:
    - name: git-registry
      format: toolhive
      git:
        repository: https://github.com/stacklok/toolhive.git
        branch: main
        path: pkg/registry/data/registry.json
      syncPolicy:
        interval: "15m"
    auth:
      mode: anonymous
    database:
      host: db.example.com
      port: 5432
      user: db_app
      migrationUser: db_migrator
      database: registry
      sslMode: verify-full
---
apiVersion: v1
kind: Secret
metadata:
  name: registry-api-pgpass
type: Opaque
stringData:
  pgpass: |
    *:5432:registry:db_app:app_password
    *:5432:registry:db_migrator:migrator_password
---
apiVersion: v1
kind: Service
metadata:
  name: registry-api
spec:
  selector:
    app: registry-api
  ports:
    - port: 80
      targetPort: 8080
      protocol: TCP
  type: ClusterIP

Apply the deployment:

kubectl apply -f deployment.yaml