Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 9. Customizing Red Hat Quay on OpenShift Container Platform

After deployment, you can customize the Red Hat Quay application by editing the Red Hat Quay configuration bundle secret spec.configBundleSecret. You can also change the managed status of components and configure resource requests for some components in the spec.components object of the QuayRegistry resource.

9.1. Editing the config bundle secret in the OpenShift Container Platform console

Use the following procedure to edit the config bundle secret in the OpenShift Container Platform console.

Procedure

  1. On the Red Hat Quay Registry overview screen, click the link for the Config Bundle Secret.

    Red Hat Quay Registry overview

  2. To edit the secret, click Actions Edit Secret.

    Edit secret

  3. Modify the configuration and save the changes.

    Save changes

  4. Monitor the deployment to ensure successful completion and that the configuration changes have taken effect.

9.2. Determining QuayRegistry endpoints and secrets

Use the following procedure to find QuayRegistry endpoints and secrets.

Procedure

  1. You can examine the QuayRegistry resource, using oc describe quayregistry or oc get quayregistry -o yaml, to find the current endpoints and secrets by entering the following command: 

    $ oc get quayregistry example-registry -n quay-enterprise -o yaml
    Copy to Clipboard

    Example output

    apiVersion: quay.redhat.com/v1
kind: QuayRegistry
metadata:
  ...
  name: example-registry
  namespace: quay-enterprise
  ...
spec:
  components:
  - kind: quay
    managed: true
  ...
  - kind: clairpostgres
    managed: true
  configBundleSecret: init-config-bundle-secret
    1 
    
status:
  currentVersion: 3.7.0
  lastUpdated: 2022-05-11 13:28:38.199476938 +0000 UTC
  registryEndpoint: https://example-registry-quay-quay-enterprise.apps.docs.gcp.quaydev.org
    2
    Copy to Clipboard

    1
    The config bundle secret, containing the config.yaml file and any SSL/TLS certificates.
    2
    The URL for your registry, for browser access to the registry UI, and for the registry API endpoint.

9.3. Modifying the configuration file by using the CLI

You can modify the config.yaml file that is stored by the configBundleSecret by downloading the existing configuration using the CLI. After making changes, you can re-upload the configBundleSecret resource to make changes to the Red Hat Quay registry.

Note

Modifying the config.yaml file that is stored by the configBundleSecret resource is a multi-step procedure that requires base64 decoding the existing configuration file and then uploading the changes. For most cases, using the OpenShift Container Platform web console to make changes to the config.yaml file is simpler.

Prerequisites

  • You are logged in to the OpenShift Container Platform cluster as a user with admin privileges.

Procedure

  1. Describe the QuayRegistry resource by entering the following command: 

    $ oc describe quayregistry -n <quay_namespace>
    Copy to Clipboard 
    # ...
  Config Bundle Secret:  example-registry-config-bundle-v123x
# ...
    Copy to Clipboard

  2. Obtain the secret data by entering the following command: 

    $ oc get secret -n <quay_namespace> <example-registry-config-bundle-v123x> -o jsonpath='{.data}'
    Copy to Clipboard

    Example output

    {
    "config.yaml": "RkVBVFVSRV9VU0 ... MDAwMAo="
}
    Copy to Clipboard

  3. Decode the data into a YAML file into the current directory by passing in the >> config.yaml flag. For example: 

    $ echo 'RkVBVFVSRV9VU0 ... MDAwMAo=' | base64 --decode >> config.yaml
    Copy to Clipboard
  4. Make the desired changes to your config.yaml file, and then save the file as config.yaml.

  5. Create a new configBundleSecret YAML by entering the following command. 

    $ touch <new_configBundleSecret_name>.yaml
    Copy to Clipboard

  6. Create the new configBundleSecret resource, passing in the config.yaml file` by entering the following command: 

    $ oc -n <namespace> create secret generic <secret_name> \
  --from-file=config.yaml=</path/to/config.yaml> \
    1 
    
  --dry-run=client -o yaml > <new_configBundleSecret_name>.yaml
    Copy to Clipboard
    1
    Where <config.yaml> is your base64 decoded config.yaml file.

  7. Create the configBundleSecret resource by entering the following command: 

    $ oc create -n <namespace> -f <new_configBundleSecret_name>.yaml
    Copy to Clipboard

    Example output

    secret/config-bundle created
    Copy to Clipboard

  8. Update the QuayRegistry YAML file to reference the new configBundleSecret object by entering the following command: 

    $ oc patch quayregistry <registry_name> -n <namespace> --type=merge -p '{"spec":{"configBundleSecret":"<new_configBundleSecret_name>"}}'
    Copy to Clipboard

    Example output

    quayregistry.quay.redhat.com/example-registry patched
    Copy to Clipboard

Verification

  1. Verify that the QuayRegistry CR has been updated with the new configBundleSecret: 

    $ oc describe quayregistry -n <quay_namespace>
    Copy to Clipboard

    Example output

    # ...
  Config Bundle Secret: <new_configBundleSecret_name>
# ...
    Copy to Clipboard

    After patching the registry, the Red Hat Quay Operator automatically reconciles the changes.

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat