Red Hat SummitChapter 8. Mirroring images with Red Hat Quay
To mirror images from external registries into your Red Hat Quay cluster and synchronize by repository or organization names and tags, you can repository mirroring.
From your Red Hat Quay cluster with mirroring enabled, you can perform the following:
- Choose a repository or organization from an external registry to mirror
- Add credentials to access the external registry
- Identify specific container image repository or organization names and tags to sync
- Set intervals at which a repository or organization is synced
- Check the current state of synchronization
- Filter the architectures that are mirrored
To use the mirroring functionality, you need to perform the following actions:
- Enable mirroring in the Red Hat Quay configuration file
- Run a mirroring worker
- Create mirrored repositories
All mirroring configurations can be performed by using the configuration tool UI or by the Red Hat Quay API.
8.1. Verifying authentication and permissions
To verify authentication and permissions for Red Hat Quay repository mirroring and resolve mirroring issues, you can ensure credentials have the necessary access on source and destination instances.
On the Red Hat Quay UI, check the following settings:
- The access control settings. Ensure that the user or service account performing the mirroring operation has the required privileges.
- The permissions of your robot account on the Red Hat Quay registry.
8.2. Clair security scanner
Clair is an open source security scanner that analyzes container images and reports vulnerabilities. You can use Clair to automatically scan images and identify security issues in your container registry.
8.2.1. Troubleshooting Clair issue
To troubleshoot Clair vulnerability scanning in Red Hat Quay and resolve scan issues, you can verify image compatibility, allowlist Clair updaters when using a proxy, check the Clair config.yaml, and inspect image metadata.
8.2.1.1. Verifying image compatibility
If you are using Clair, ensure that the images you are trying to scan are supported by Clair. Clair has certain requirements and does not support all image formats or configurations.
For more information, see Clair vulnerability databases.
8.2.1.2. Allowlisting Clair updaters
If you are using Clair behind a proxy configuration, you must allowlist the updaters in your proxy or firewall configuration. For more information about updater URLs, see Clair updater URLs.
8.2.1.3. Checking Clair configuration
Check your Clair config.yaml file to ensure that there are no misconfigurations or inconsistencies that could lead to issues. For more information, see Clair configuration overview.
8.2.1.4. Inspect image metadata
In some cases, you might receive an Unsupported message. This might indicate that the scanner is unable to extract the necessary metadata from the image. Check if the image metadata is properly formatted and accessible.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}