Chapter 6. Using the config tool to reconfigure Quay on OpenShift
6.1. Accessing the config editor
In the Details section of the QuayRegistry screen, the endpoint for the config editor is available, along with a link to the secret containing the credentials for logging into the config editor:
6.1.1. Retrieving the config editor credentials
Click on the link for the config editor secret:
In the Data section of the Secret details screen, click
Reveal values
to see the credentials for logging in to the config editor:
6.1.2. Logging in to the config editor
Browse to the config editor endpoint and then enter the username, typically quayconfig
, and the corresponding password to access the config tool:
6.1.3. Changing configuration
In this example of updating the configuration, a superuser is added via the config editor tool:
Add an expiration period, for example
4w
, for the time machine functionality:-
Select
Validate Configuration Changes
to ensure that the changes are valid Apply the changes by pressing the
Reconfigure Quay
button:The config tool notifies you that the change has been submitted to Quay:
Reconfiguring Red Hat Quay using the config tool UI can lead to the registry being unavailable for a short time, while the updated configuration is applied.
6.2. Monitoring reconfiguration in the UI
6.2.1. QuayRegistry resource
After reconfiguring the Operator, you can track the progress of the redeployment in the YAML tab for the specific instance of QuayRegistry, in this case, example-registry
:
Each time the status changes, you will be prompted to reload the data to see the updated version. Eventually, the Operator will reconcile the changes, and there will be no unhealthy components reported.
6.2.2. Events
The Events tab for the QuayRegistry shows some events related to the redeployment:
Streaming events, for all resources in the namespace that are affected by the reconfiguration, are available in the OpenShift console under Home
6.3. Accessing updated information after reconfiguration
6.3.1. Accessing the updated config tool credentials in the UI
Since a new pod has been created for the config tool, a new secret will have been created, and you will need to use the updated password when you next attempt to login:
6.3.2. Accessing the updated config.yaml in the UI
Use the config bundle to access the updated config.yaml
file.
- On the QuayRegistry details screen, click on the Config Bundle Secret
-
In the Data section of the Secret details screen, click Reveal values to see the
config.yaml
file Check that the change has been applied. In this case,
4w
should be in the list ofTAG_EXPIRATION_OPTIONS
:... SERVER_HOSTNAME: example-quay-openshift-operators.apps.docs.quayteam.org SETUP_COMPLETE: true SUPER_USERS: - quayadmin TAG_EXPIRATION_OPTIONS: - 2w - 4w ...
6.4. Custom SSL certificates UI
The config tool can be used to load custom certificates to facilitate access to resources such as external databases. Select the custom certs to be uploaded, ensuring that they are in PEM format, with an extension .crt
.
The config tool also displays a list of any uploaded certificates. Once you upload your custom SSL cert, it will appear in the list:
6.5. External Access to the Registry
When running on OpenShift, the Routes
API is available and will automatically be used as a managed component. After creating the QuayRegistry
, the external access point can be found in the status block of the QuayRegistry
:
status: registryEndpoint: some-quay.my-namespace.apps.mycluster.com