Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 3. Deploying the Red Hat Quay registry

To deploy the Red Hat Quay registry after installing the Operator, you must create an instance based on the QuayRegistry custom resource (CR), which can be done using the OpenShift Container Platform web console or the oc cli (command-line interface). For the registry to deploy successfully, you must have, or configure, an object storage provider.

The following sections provide you with the information necessary to configure managed or unmanaged object storage, and then deploy the Red Hat Quay registry.

Note

The following procedures show you how to create a basic Red Hat Quay registry in all namespaces of the OpenShift Container Platform deployment. Depending on your needs, advanced configuration might be necessary. For example, you might need to configure SSL/TLS for your deployment or disable certain components. Advanced configuration practices are covered in later chapters of this guide.

Use the OpenShift Container Platform web console to create and deploy a basic Red Hat Quay registry instance.

Prerequisites

  • You have installed the Red Hat Quay Operator.
  • You have have administrative privileges to the cluster.

Procedure

  1. On the OpenShift Container Platform web console, click Operators Installed Operators Red Hat Quay.
  2. On the Red Hat Quay dashboard, click Create instance.

  3. On the Create QuayRegistry page, review the default settings of the QuayRegistry custom resource (CR). Here, you decide whether to to use managed or unmanaged object storage.

    1. If you are using the Multicloud Object Gateway or Red Hat OpenShift Data Foundation as your object storage, keep the following settings: 

          - kind: objectstorage
      managed: true
      Copy to Clipboard Toggle word wrap

    2. If you are using a different storage provider, such as Google Cloud Platform, AWS S3, or Nutanix, set the objectstorage component as follows: 

          - kind: objectstorage
      managed: false
      Copy to Clipboard Toggle word wrap
  4. Click Create. You are redirected to the Quay Registry tab on the Operator page.

  5. Click the name of the Red Hat Quay registry that you created, then click Events to view the status of creation. If you used managed storage and leveraged the Multicloud Object Gateway, the registry completes creation. If you are using Red Hat OpenShift Data Foundation or an unmanaged storage backend provider, complete the following steps:

    1. Click the Details page of the Red Hat Quay registry.
    2. Click the name of the Config Bundle Secret resource, for example, <example_registry_name_config-bundle-secret-12345>.

    3. Click Actions Edit Secret, and pass in the following information from your backend storage provider: 

      # ...
DISTRIBUTED_STORAGE_CONFIG:
    <storage_provider>:
        - <storage_provider_name>
        - access_key: <access_key>
          bucket_name: <bucket_name>
          secret_key: <secret_key>
          storage_path: /datastorage/registry
# ...
      Copy to Clipboard Toggle word wrap
      Note

      Depending on your storage provider, different information is required. For more information, see see Storage object configuration fields.

    4. Click Save, and then re-navigate to the Events page of the registry to ensure successful deployment.

Use the oc command-line interface (CLI) to create and deploy a basic Red Hat Quay registry instance.

Note

The following config.yaml file includes automation configuration options. Collectively, these options streamline using the CLI with your registry, helping reduce dependency on the UI. Adding these fields to your config.yaml file is optional if you plan to use the UI, but recommended if you plan to use the CLI.

For more information, see Automation configuration options.

Prerequisites

  • You have logged into OpenShift Container Platform using the CLI.

Procedure

  1. Create a namespace, for example, quay-enterprise, by entering the following command: 

    $ oc new-project quay-enterprise
    Copy to Clipboard Toggle word wrap

  2. Create the QuayRegistry custom resource (CR).

    1. If the objectstorage component is set to managed: true, complete the following steps:

      1. Create the QuayRegistry CR by entering the following command: 

        $ cat <<EOF | oc create -n quay-enterprise -f -
apiVersion: quay.redhat.com/v1
kind: QuayRegistry
metadata:
  name: example-registry
  namespace: quay-enterprise
EOF
        Copy to Clipboard Toggle word wrap

    2. If the objectstorage component is set to managed: false, complete the following steps:

      1. Create the config.yaml file for Red Hat Quay by entering the following command. You must include the information required for your backend storage provider. During this step, you can enable additional Red Hat Quay features. The following example is for a minimal configuration that includes the configuration options for automating early setup tasks: 

        $ cat <<EOF > config.yaml
ALLOW_PULLS_WITHOUT_STRICT_LOGGING: false
AUTHENTICATION_TYPE: Database
DEFAULT_TAG_EXPIRATION: 2w
FEATURE_USER_INITIALIZE: true
        1 
        
SUPER_USERS:
        2 
        
     -  <username>
BROWSER_API_CALLS_XHR_ONLY: false
        3 
        
FEATURE_USER_CREATION: false
        4 
        
DISTRIBUTED_STORAGE_CONFIG:
    <storage_provider>:
        - <storage_provider_name>
        - access_key: <access_key>
          bucket_name: <bucket_name>
          secret_key: <secret_key>
          storage_path: /datastorage/registry
ENTERPRISE_LOGO_URL: /static/img/RH_Logo_Quay_Black_UX-horizontal.svg
FEATURE_BUILD_SUPPORT: false
FEATURE_DIRECT_LOGIN: true
FEATURE_MAILING: false
REGISTRY_TITLE: Red Hat Quay
REGISTRY_TITLE_SHORT: Red Hat Quay
SETUP_COMPLETE: true
TAG_EXPIRATION_OPTIONS:
- 2w
TEAM_RESYNC_STALE_TIME: 60m
TESTING: false
EOF
        Copy to Clipboard Toggle word wrap
        1
        Set this field to true if you plan to create the first user by using API.
        2
        Include this field and the username that you plan to leverage as a Red Hat Quay administrator.
        3
        When set to False, allows general browser-based access to the API.
        4
        When set to False, relegates the creation of new users to only superusers.

    3. Create a secret for the configuration by entering the following command: 

      $ oc create secret generic <quay_config_bundle_name> \
  --from-file=config.yaml=</path/to/config.yaml> \
  -n quay-enterprise \
  --dry-run=client -o yaml | oc apply -f -
      Copy to Clipboard Toggle word wrap

    4. Create the QuayRegistry CR by entering the following command: 

      $ cat <<EOF | oc create -n quay-enterprise -f -
apiVersion: quay.redhat.com/v1
kind: QuayRegistry
metadata:
  name: example-registry
  namespace: quay-enterprise
spec:
  configBundleSecret: <quay_config_bundle_name>
  components:
    - kind: clair
      managed: true
    - kind: objectstorage
      managed: false
      1 
      
    - kind: mirror
      managed: true
    - kind: monitoring
      managed: true
EOF
      Copy to Clipboard Toggle word wrap
      1
      Must be set to false when providing your own storage backend.

Verification

  1. Check the status of your registry by entering the following command: 

    $ oc describe quayregistry <registry_name> -n quay-enterprise
    Copy to Clipboard Toggle word wrap

    Example output

    ...
Events:
  Type    Reason                     Age                   From                     Message
  ----    ------                     ----                  ----                     -------
  Normal  ComponentsCreationSuccess  23s (x2458 over 42h)  quayregistry-controller  All objects created/updated successfully
    Copy to Clipboard Toggle word wrap

  2. Alternatively, you can check pod statuses for your registry deployment by entering the following command:

  3. Enter the following command to view the deployed components: 

    $ oc get pods -n quay-enterprise
    Copy to Clipboard Toggle word wrap

    Example output

    NAME                                                   READY   STATUS      RESTARTS   AGE
example-registry-clair-app-5ffc9f77d6-jwr9s            1/1     Running     0          3m42s
example-registry-clair-app-5ffc9f77d6-wgp7d            1/1     Running     0          3m41s
example-registry-clair-postgres-54956d6d9c-rgs8l       1/1     Running     0          3m5s
example-registry-quay-app-79c6b86c7b-8qnr2             1/1     Running     4          3m42s
example-registry-quay-app-79c6b86c7b-xk85f             1/1     Running     4          3m41s
example-registry-quay-app-upgrade-5kl5r                0/1     Completed   4          3m50s
example-registry-quay-database-b466fc4d7-tfrnx         1/1     Running     2          3m42s
example-registry-quay-mirror-6d9bd78756-6lj6p          1/1     Running     0          2m58s
example-registry-quay-mirror-6d9bd78756-bv6gq          1/1     Running     0          2m58s
example-registry-quay-postgres-init-dzbmx              0/1     Completed   0          3m43s
example-registry-quay-redis-8bd67b647-skgqx            1/1     Running     0          3m42s
    Copy to Clipboard Toggle word wrap

Additional resources

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat