diff --git a/docs/kubernetes-apps/registry.md b/docs/kubernetes-apps/registry.md
index 77ff08caf3f6d5eb64ab8c0e31c7007253e2a336..6ca814013f8b74983b7b102fcd92cb0b4c24f5ad 100644
--- a/docs/kubernetes-apps/registry.md
+++ b/docs/kubernetes-apps/registry.md
@@ -140,6 +140,8 @@ spec:
 ```
 <!-- END MUNGE: EXAMPLE registry-rc.yaml -->
 
+*Note:* that if you have set multiple replicas, make sure your CSI driver has support for the `ReadWriteMany` accessMode.
+
 ## Expose the registry in the cluster
 
 Now that we have a registry `Pod` running, we can expose it as a Service:
diff --git a/roles/kubernetes-apps/registry/defaults/main.yml b/roles/kubernetes-apps/registry/defaults/main.yml
index 6c7900d52874595dfd1ef5a91e910c6407a6cbb5..f3f55e2d7ac8fb4117ce2c168e721a76dfb448d6 100644
--- a/roles/kubernetes-apps/registry/defaults/main.yml
+++ b/roles/kubernetes-apps/registry/defaults/main.yml
@@ -1,5 +1,7 @@
 ---
 registry_namespace: "kube-system"
 registry_storage_class: ""
+registry_storage_access_mode: "ReadWriteOnce"
 registry_disk_size: "10Gi"
 registry_port: 5000
+registry_replica_count: 1
diff --git a/roles/kubernetes-apps/registry/templates/registry-pvc.yml.j2 b/roles/kubernetes-apps/registry/templates/registry-pvc.yml.j2
index 30b707460cead835b1c9a6a2931e2bd21b70eac9..dc3fa5a8cbf5d92022150eb6a8421e9505514849 100644
--- a/roles/kubernetes-apps/registry/templates/registry-pvc.yml.j2
+++ b/roles/kubernetes-apps/registry/templates/registry-pvc.yml.j2
@@ -8,7 +8,7 @@ metadata:
     addonmanager.kubernetes.io/mode: Reconcile
 spec:
   accessModes:
-    - ReadWriteOnce
+    - {{ registry_storage_access_mode }}
   storageClassName: {{ registry_storage_class }}
   resources:
     requests:
diff --git a/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2 b/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2
index b3e46ff0edf1eebac1952bb40f416679cf35acfe..9470db46db378d7b3094739a32fd95169183bf7b 100644
--- a/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2
+++ b/roles/kubernetes-apps/registry/templates/registry-rs.yml.j2
@@ -9,7 +9,11 @@ metadata:
     version: v{{ registry_image_tag }}
     addonmanager.kubernetes.io/mode: Reconcile
 spec:
+{% if registry_storage_class != "" and registry_storage_access_mode == "ReadWriteMany" %}
+  replicas: {{ registry_replica_count }}
+{% else %}
   replicas: 1
+{% endif %}
   selector:
     matchLabels:
       k8s-app: registry
@@ -22,6 +26,9 @@ spec:
     spec:
       priorityClassName: {% if registry_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
       serviceAccountName: registry
+      securityContext:
+        fsGroup: 1000
+        runAsUser: 1000
       containers:
         - name: registry
           image: {{ registry_image_repo }}:{{ registry_image_tag }}
@@ -38,6 +45,14 @@ spec:
             - containerPort: {{ registry_port }}
               name: registry
               protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: {{ registry_port }}
+          readinessProbe:
+            httpGet:
+              path: /
+              port: {{ registry_port }}
       volumes:
         - name: registry-pvc
 {% if registry_storage_class != "" %}