Container Registry: Create import jobs for metadata database migration
Context
As we work towards Container Registry Self-Managed Rollout::BlocksOff by Default we need to allow users to execute the migration of their registry data into the metadata database.
The migration runs in 3 steps:
- import repositories without tags
- import tags
- import dangling blobs
Users can choose to run a) all 3 steps in one, or b) one step at a time.
For option a) the registry must remain in read-only
mode or be shutdown. For option b), the registry can operate normally for steps 1 and 3, but must be set to read-only
for step 2.
See gitlab-org/gitlab#436406 (comment 1745537301) for more details.
Problem
Since these steps must execute in one go without being interrupted by the scheduler, we should find a way to define either a job
or a deployment
that is less likely to be interrupted.
Jobs do seem like the k8s tool that fits our use case, despite this. We should investigate giving the job (or registry deployment, should we go that route) a priorityClassName: system-node-critical
and restartPolicy: Never
, so that the k8s scheduler is more likely to leave the pod running the import alone, at least for step two.
Solution
Define jobs for both variants of the import steps:
- all-in-one-import-job
- multi-step jobs:
- Step 1
- Step 2
- Step 3
Related to gitlab-org/gitlab#436406 (closed) and #5292 (closed)