Red Hat SummitChapter 9. Customizing Red Hat Quay on OpenShift Container Platform
After deployment, you can customize the Red Hat Quay application by editing the Red Hat Quay configuration bundle secret spec.configBundleSecret. You can also change the managed status of components and configure resource requests for some components in the spec.components object of the QuayRegistry resource.
9.1. Editing the config bundle secret in the OpenShift Container Platform console
Use the following procedure to edit the config bundle secret in the OpenShift Container Platform console.
Procedure
On the Red Hat Quay Registry overview screen, click the link for the Config Bundle Secret.
To edit the secret, click Actions
Edit Secret. 
Modify the configuration and save the changes.
- Monitor the deployment to ensure successful completion and that the configuration changes have taken effect.
9.2. Determining QuayRegistry endpoints and secrets
Use the following procedure to find QuayRegistry endpoints and secrets.
Procedure
You can examine the
QuayRegistryresource, usingoc describe quayregistryoroc get quayregistry -o yaml, to find the current endpoints and secrets by entering the following command:Copy to Clipboard Copied! Toggle word wrap Toggle overflow oc get quayregistry example-registry -n quay-enterprise -o yaml
$ oc get quayregistry example-registry -n quay-enterprise -o yamlExample output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow apiVersion: quay.redhat.com/v1 kind: QuayRegistry metadata: ... name: example-registry namespace: quay-enterprise ... spec: components: - kind: quay managed: true ... - kind: clairpostgres managed: true configBundleSecret: init-config-bundle-secret status: currentVersion: 3.7.0 lastUpdated: 2022-05-11 13:28:38.199476938 +0000 UTC registryEndpoint: https://example-registry-quay-quay-enterprise.apps.docs.gcp.quaydev.orgapiVersion: quay.redhat.com/v1 kind: QuayRegistry metadata: ... name: example-registry namespace: quay-enterprise ... spec: components: - kind: quay managed: true ... - kind: clairpostgres managed: true configBundleSecret: init-config-bundle-secret1 status: currentVersion: 3.7.0 lastUpdated: 2022-05-11 13:28:38.199476938 +0000 UTC registryEndpoint: https://example-registry-quay-quay-enterprise.apps.docs.gcp.quaydev.org2
9.3. Modifying the configuration file by using the CLI
You can modify the config.yaml file that is stored by the configBundleSecret by downloading the existing configuration using the CLI. After making changes, you can re-upload the configBundleSecret resource to make changes to the Red Hat Quay registry.
Modifying the config.yaml file that is stored by the configBundleSecret resource is a multi-step procedure that requires base64 decoding the existing configuration file and then uploading the changes. For most cases, using the OpenShift Container Platform web console to make changes to the config.yaml file is simpler.
Prerequisites
- You are logged in to the OpenShift Container Platform cluster as a user with admin privileges.
Procedure
Describe the
QuayRegistryresource by entering the following command:Copy to Clipboard Copied! Toggle word wrap Toggle overflow oc describe quayregistry -n <quay_namespace>
$ oc describe quayregistry -n <quay_namespace>Copy to Clipboard Copied! Toggle word wrap Toggle overflow ... ...
# ... Config Bundle Secret: example-registry-config-bundle-v123x # ...Obtain the secret data by entering the following command:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow oc get secret -n <quay_namespace> <example-registry-config-bundle-v123x> -o jsonpath='{.data}'$ oc get secret -n <quay_namespace> <example-registry-config-bundle-v123x> -o jsonpath='{.data}'Example output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow { "config.yaml": "RkVBVFVSRV9VU0 ... MDAwMAo=" }{ "config.yaml": "RkVBVFVSRV9VU0 ... MDAwMAo=" }Decode the data into a YAML file into the current directory by passing in the
>> config.yamlflag. For example:Copy to Clipboard Copied! Toggle word wrap Toggle overflow echo 'RkVBVFVSRV9VU0 ... MDAwMAo=' | base64 --decode >> config.yaml
$ echo 'RkVBVFVSRV9VU0 ... MDAwMAo=' | base64 --decode >> config.yaml-
Make the desired changes to your
config.yamlfile, and then save the file asconfig.yaml. Create a new
configBundleSecretYAML by entering the following command.Copy to Clipboard Copied! Toggle word wrap Toggle overflow touch <new_configBundleSecret_name>.yaml
$ touch <new_configBundleSecret_name>.yamlCreate the new
configBundleSecretresource, passing in theconfig.yamlfile` by entering the following command:Copy to Clipboard Copied! Toggle word wrap Toggle overflow oc -n <namespace> create secret generic <secret_name> \ --from-file=config.yaml=</path/to/config.yaml> \ --dry-run=client -o yaml > <new_configBundleSecret_name>.yaml
$ oc -n <namespace> create secret generic <secret_name> \ --from-file=config.yaml=</path/to/config.yaml> \1 --dry-run=client -o yaml > <new_configBundleSecret_name>.yaml- 1
- Where
<config.yaml>is yourbase64 decodedconfig.yamlfile.
Create the
configBundleSecretresource by entering the following command:Copy to Clipboard Copied! Toggle word wrap Toggle overflow oc create -n <namespace> -f <new_configBundleSecret_name>.yaml
$ oc create -n <namespace> -f <new_configBundleSecret_name>.yamlExample output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow secret/config-bundle created
secret/config-bundle createdUpdate the
QuayRegistryYAML file to reference the newconfigBundleSecretobject by entering the following command:Copy to Clipboard Copied! Toggle word wrap Toggle overflow oc patch quayregistry <registry_name> -n <namespace> --type=merge -p '{"spec":{"configBundleSecret":"<new_configBundleSecret_name>"}}'$ oc patch quayregistry <registry_name> -n <namespace> --type=merge -p '{"spec":{"configBundleSecret":"<new_configBundleSecret_name>"}}'Example output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow quayregistry.quay.redhat.com/example-registry patched
quayregistry.quay.redhat.com/example-registry patched
Verification
Verify that the
QuayRegistryCR has been updated with the newconfigBundleSecret:Copy to Clipboard Copied! Toggle word wrap Toggle overflow oc describe quayregistry -n <quay_namespace>
$ oc describe quayregistry -n <quay_namespace>Copy to Clipboard Copied! Toggle word wrap Toggle overflow ... ...
# ... Config Bundle Secret: <new_configBundleSecret_name> # ...After patching the registry, the Red Hat Quay Operator automatically reconciles the changes.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}