Chapter 2. Red Hat Quay configuration disclaimer
With Red Hat Quay enterprise, certain features and configuration parameters are not actively used or implemented. As a result, feature flags, such as those that enable or disable certain features, and configuration parameters that are not explicitly documented or requested for documentation by Red Hat Support should only be modified with caution. Unused features or parameters might not be fully tested, supported, or compatible with Red Hat Quay, and modifying them could lead to unexpected issues or disruptions with your deployment.
2.1. Configuration updates for Red Hat Quay 3.9 Copy linkLink copied to clipboard!
The following sections detail new configuration fields added in Red Hat Quay 3.9.
2.1.1. Action log audit configuration Copy linkLink copied to clipboard!
With Red Hat Quay 3.9, audit logins are tracked by default.
Field | Type | Description |
---|---|---|
ACTION_LOG_AUDIT_LOGINS | Boolean |
When set to |
2.1.2. Addition of Splunk action logs Copy linkLink copied to clipboard!
With Red Hat Quay 3.9, Splunk can be configured under the LOGS_MODEL parameter.
Field | Type | Description |
---|---|---|
LOGS_MODEL | String |
Specifies the preferred method for handling log data. |
2.1.2.1. LOGS_MODEL_CONFIG additions Copy linkLink copied to clipboard!
The following LOGS_MODEL_CONFIG options are available when configuring Splunk.
LOGS_MODEL_CONFIG [object]: Logs model config for action logs
-
producer [string]:
splunk
splunk_config [object]: Logs model configuration for Splunk action logs or the Splunk cluster configuration
- host [string]: Splunk cluster endpoint.
- port [integer]: Splunk management cluster endpoint port.
- bearer_token [string]: The bearer token for Splunk.
-
verify_ssl [boolean]: Enable (
True
) or disable (False
) TLS/SSL verification for HTTPS connections. - index_prefix [string]: Splunk’s index prefix.
-
ssl_ca_path [string]: The relative container path to a single
.pem
file containing a certificate authority (CA) for SSL validation.
-
producer [string]:
2.1.2.2. Example configuration for Splunk Copy linkLink copied to clipboard!
The following YAML entry provides an example configuration for Splunk.
Splunk config.yaml example
2.1.3. Quota management configuration fields Copy linkLink copied to clipboard!
The following configuration fields have been added to enhance the Red Hat Quay quota management feature.
Field | Type | Description |
---|---|---|
QUOTA_BACKFILL | Boolean |
Enables the quota backfill worker to calculate the size of pre-existing blobs. |
QUOTA_TOTAL_DELAY_SECONDS | String |
The time delay for starting the quota backfill. Rolling deployments can cause incorrect totals. This field must be set to a time longer than it takes for the rolling deployment to complete. |
PERMANENTLY_DELETE_TAGS | Boolean |
Enables functionality related to the removal of tags from the time machine window. |
RESET_CHILD_MANIFEST_EXPIRATION | Boolean |
Resets the expirations of temporary tags targeting the child manifests. With this feature set to |
2.1.3.1. Possible quota management configuration settings Copy linkLink copied to clipboard!
The following table explains possible quota management configuration settings in Red Hat Quay 3.9.
FEATURE_QUOTA_MANAGEMENT | QUOTA_BACKFILL | OUTCOME |
---|---|---|
|
|
With these features configured as |
|
|
With |
|
|
With these features configured as |
|
|
With |
2.1.3.2. Suggested quota management configuration settings Copy linkLink copied to clipboard!
The following YAML is the suggested configuration when enabling quota management.
Suggested quota management configuration
FEATURE_QUOTA_MANAGEMENT: true FEATURE_GARBAGE_COLLECTION: true PERMANENTLY_DELETE_TAGS: true QUOTA_TOTAL_DELAY_SECONDS: 1800 RESET_CHILD_MANIFEST_EXPIRATION: true
FEATURE_QUOTA_MANAGEMENT: true
FEATURE_GARBAGE_COLLECTION: true
PERMANENTLY_DELETE_TAGS: true
QUOTA_TOTAL_DELAY_SECONDS: 1800
RESET_CHILD_MANIFEST_EXPIRATION: true
2.1.4. PostgreSQL PVC backup environment variable Copy linkLink copied to clipboard!
The following environment variable has been added to configure whether Red Hat Quay automatically removes old persistent volume claims (PVCs) when upgrading from version 3.8
Field | Type | Description |
---|---|---|
POSTGRES_UPGRADE_RETAIN_BACKUP | Boolean |
When set to
+ Default: |
2.1.4.1. Example configuration for PostgreSQL PVC backup Copy linkLink copied to clipboard!
The following Subscription
object provides an example configuration for backing up PostgreSQL 10 PVCs.
Subscription
object for PostgreSQL 10 PVCs
2.2. Editing the configuration file Copy linkLink copied to clipboard!
To deploy a standalone instance of Red Hat Quay, you must provide the minimal configuration information. The requirements for a minimal configuration can be found in "Red Hat Quay minimal configuration."
After supplying the required fields, you can validate your configuration. If there are any issues, they will be highlighted.
It is possible to use the configuration API to validate the configuration, but this requires starting the Quay container in configuration mode. For more information, see "Using the configuration tool."
For changes to take effect, the registry must be restarted.
2.3. Location of configuration file in a standalone deployment Copy linkLink copied to clipboard!
For standalone deployments of Red Hat Quay, the config.yaml
file must be specified when starting the Red Hat Quay registry. This file is located in the configuration volume. For example, the configuration file is located at $QUAY/config/config.yaml
when deploying Red Hat Quay by the following command:
sudo podman run -d --rm -p 80:8080 -p 443:8443 \ --name=quay \ -v $QUAY/config:/conf/stack:Z \ -v $QUAY/storage:/datastorage:Z \ registry.redhat.io/quay/quay-rhel8:v3.9.10
$ sudo podman run -d --rm -p 80:8080 -p 443:8443 \
--name=quay \
-v $QUAY/config:/conf/stack:Z \
-v $QUAY/storage:/datastorage:Z \
registry.redhat.io/quay/quay-rhel8:v3.9.10
2.4. Minimal configuration Copy linkLink copied to clipboard!
The following configuration options are required for a standalone deployment of Red Hat Quay:
- Server hostname
- HTTP or HTTPS
- Authentication type, for example, Database or Lightweight Directory Access Protocol (LDAP)
- Secret keys for encrypting data
- Storage for images
- Database for metadata
- Redis for build logs and user events
- Tag expiration options
2.4.1. Sample minimal configuration file Copy linkLink copied to clipboard!
The following example shows a sample minimal configuration file that uses local storage for images:
The SETUP_COMPLETE
field indicates that the configuration has been validated. You should use the configuration editor tool to validate your configuration before starting the registry.
2.4.2. Local storage Copy linkLink copied to clipboard!
Using local storage for images is only recommended when deploying a registry for proof of concept purposes.
When configuring local storage, storage is specified on the command line when starting the registry. The following command maps a local directory, $QUAY/storage
to the datastorage
path in the container:
sudo podman run -d --rm -p 80:8080 -p 443:8443 \ --name=quay \ -v $QUAY/config:/conf/stack:Z \ -v $QUAY/storage:/datastorage:Z \ registry.redhat.io/quay/quay-rhel8:v3.9.10
$ sudo podman run -d --rm -p 80:8080 -p 443:8443 \
--name=quay \
-v $QUAY/config:/conf/stack:Z \
-v $QUAY/storage:/datastorage:Z \
registry.redhat.io/quay/quay-rhel8:v3.9.10
2.4.3. Cloud storage Copy linkLink copied to clipboard!
Storage configuration is detailed in the Image storage section. For some users, it might be useful to compare the difference between Google Cloud Platform and local storage configurations. For example, the following YAML presents a Google Cloud Platform storage configuration:
$QUAY/config/config.yaml
When starting the registry using cloud storage, no configuration is required on the command line. For example:
sudo podman run -d --rm -p 80:8080 -p 443:8443 \ --name=quay \ -v $QUAY/config:/conf/stack:Z \ registry.redhat.io/quay/quay-rhel8:v3.9.10
$ sudo podman run -d --rm -p 80:8080 -p 443:8443 \
--name=quay \
-v $QUAY/config:/conf/stack:Z \
registry.redhat.io/quay/quay-rhel8:v3.9.10