Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 18. Migrating a standalone Red Hat Quay deployment to a Red Hat Quay Operator deployment

The following procedures allow you to back up a standalone Red Hat Quay deployment and migrate it to the Red Hat Quay Operator on OpenShift Container Platform.

Procedure

  1. Back up the config.yaml of your standalone Red Hat Quay deployment: 

    $ mkdir /tmp/quay-backup
$ cp /path/to/Quay/config/directory/config.yaml /tmp/quay-backup
    Copy to Clipboard Toggle word wrap

  2. Create a backup of the database that your standalone Red Hat Quay deployment is using: 

    $ pg_dump -h DB_HOST -p 5432 -d QUAY_DATABASE_NAME -U QUAY_DATABASE_USER -W -O > /tmp/quay-backup/quay-database-backup.sql
    Copy to Clipboard Toggle word wrap
  3. Install the AWS CLI if you do not have it already.

  4. Create an ~/.aws/ directory: 

    $ mkdir ~/.aws/
    Copy to Clipboard Toggle word wrap

  5. Obtain the access_key and secret_key from the config.yaml of your standalone deployment: 

    $ grep -i DISTRIBUTED_STORAGE_CONFIG -A10 /tmp/quay-backup/config.yaml
    Copy to Clipboard Toggle word wrap

    Example output: 

    DISTRIBUTED_STORAGE_CONFIG:
    minio-1:
        - RadosGWStorage
        - access_key: ##########
          bucket_name: quay
          hostname: 172.24.10.50
          is_secure: false
          port: "9000"
          secret_key: ##########
          storage_path: /datastorage/registry
    Copy to Clipboard Toggle word wrap

  6. Store the access_key and secret_key from the config.yaml file in your ~/.aws directory: 

    $ touch ~/.aws/credentials
    Copy to Clipboard Toggle word wrap

  7. Optional: Check that your access_key and secret_key are stored: 

    $ cat > ~/.aws/credentials << EOF
[default]
aws_access_key_id = ACCESS_KEY_FROM_QUAY_CONFIG
aws_secret_access_key = SECRET_KEY_FROM_QUAY_CONFIG
EOF
    Copy to Clipboard Toggle word wrap

    Example output: 

    aws_access_key_id = ACCESS_KEY_FROM_QUAY_CONFIG
aws_secret_access_key = SECRET_KEY_FROM_QUAY_CONFIG
    Copy to Clipboard Toggle word wrap
    Note

    If the aws cli does not automatically collect the access_key and secret_key from the `~/.aws/credentials file, you can, you can configure these by running aws configure and manually inputting the credentials.

  8. In your quay-backup directory, create a bucket_backup directory: 

    $ mkdir /tmp/quay-backup/bucket-backup
    Copy to Clipboard Toggle word wrap

  9. Backup all blobs from the S3 storage: 

    $ aws s3 sync --no-verify-ssl --endpoint-url https://PUBLIC_S3_ENDPOINT:PORT s3://QUAY_BUCKET/ /tmp/quay-backup/bucket-backup/
    Copy to Clipboard Toggle word wrap
    Note

    The PUBLIC_S3_ENDPOINT can be read from the Red Hat Quay config.yaml file under hostname in the DISTRIBUTED_STORAGE_CONFIG. If the endpoint is insecure, use http instead of https in the endpoint URL.

Up to this point, you should have a complete backup of all Red Hat Quay data, blobs, the database, and the config.yaml file stored locally. In the following section, you will migrate the standalone deployment backup to Red Hat Quay on OpenShift Container Platform.

Prerequisites

  • Your standalone Red Hat Quay data, blobs, database, and config.yaml have been backed up.
  • Red Hat Quay is deployed on OpenShift Container Platform using the Red Hat Quay Operator.
  • A QuayRegistry with all components set to managed.
Procedure

The procedure in this documents uses the following namespace: quay-enterprise.

  1. Scale down the Red Hat Quay Operator: 

    $ oc scale --replicas=0 deployment quay-operator.v3.6.2 -n openshift-operators
    Copy to Clipboard Toggle word wrap

  2. Scale down the application and mirror deployments: 

    $ oc scale --replicas=0 deployment QUAY_MAIN_APP_DEPLOYMENT QUAY_MIRROR_DEPLOYMENT
    Copy to Clipboard Toggle word wrap

  3. Copy the database SQL backup to the Quay PostgreSQL database instance: 

    $ oc cp /tmp/user/quay-backup/quay-database-backup.sql quay-enterprise/quayregistry-quay-database-54956cdd54-p7b2w:/var/lib/pgsql/data/userdata
    Copy to Clipboard Toggle word wrap

  4. Obtain the database password from the Operator-created config.yaml file: 

    $ oc get deployment quay-quay-app -o json | jq '.spec.template.spec.volumes[].projected.sources' | grep -i config-secret
    Copy to Clipboard Toggle word wrap

    Example output: 

          "name": "QUAY_CONFIG_SECRET_NAME"
    Copy to Clipboard Toggle word wrap 
    $ oc get secret quay-quay-config-secret-9t77hb84tb -o json | jq '.data."config.yaml"' | cut -d '"' -f2 | base64 -d -w0 > /tmp/quay-backup/operator-quay-config-yaml-backup.yaml
    Copy to Clipboard Toggle word wrap 
    cat /tmp/quay-backup/operator-quay-config-yaml-backup.yaml | grep -i DB_URI
    Copy to Clipboard Toggle word wrap

    Example output: 

    postgresql://QUAY_DATABASE_OWNER:PASSWORD@DATABASE_HOST/QUAY_DATABASE_NAME
    Copy to Clipboard Toggle word wrap

  5. Execute a shell inside of the database pod: 

    # oc exec -it quay-postgresql-database-pod -- /bin/bash
    Copy to Clipboard Toggle word wrap

  6. Enter psql: 

    bash-4.4$ psql
    Copy to Clipboard Toggle word wrap

  7. Drop the database: 

    postgres=# DROP DATABASE "example-restore-registry-quay-database";
    Copy to Clipboard Toggle word wrap

    Example output: 

    DROP DATABASE
    Copy to Clipboard Toggle word wrap

  8. Create a new database and set the owner as the same name: 

    postgres=# CREATE DATABASE "example-restore-registry-quay-database" OWNER "example-restore-registry-quay-database";
    Copy to Clipboard Toggle word wrap

    Example output: 

    CREATE DATABASE
    Copy to Clipboard Toggle word wrap

  9. Connect to the database: 

    postgres=# \c "example-restore-registry-quay-database";
    Copy to Clipboard Toggle word wrap

    Example output: 

    You are now connected to database "example-restore-registry-quay-database" as user "postgres".
    Copy to Clipboard Toggle word wrap

  10. Create a pg_trmg extension of your Quay database: 

    example-restore-registry-quay-database=# create extension pg_trgm ;
    Copy to Clipboard Toggle word wrap

    Example output: 

    CREATE EXTENSION
    Copy to Clipboard Toggle word wrap

  11. Exit the postgres CLI to re-enter bash-4.4: 

    \q
    Copy to Clipboard Toggle word wrap

  12. Set the password for your PostgreSQL deployment: 

    bash-4.4$ psql -h localhost -d "QUAY_DATABASE_NAME" -U QUAY_DATABASE_OWNER -W < /var/lib/pgsql/data/userdata/quay-database-backup.sql
    Copy to Clipboard Toggle word wrap

    Example output: 

    SET
SET
SET
SET
SET
    Copy to Clipboard Toggle word wrap

  13. Exit bash mode: 

    bash-4.4$ exit
    Copy to Clipboard Toggle word wrap

  14. Create a new configuration bundle for the Red Hat Quay Operator. 

    $ touch config-bundle.yaml
    Copy to Clipboard Toggle word wrap

  15. In your new config-bundle.yaml, include all of the information that the registry requires, such as LDAP configuration, keys, and other modifications that your old registry had. Run the following command to move the secret_key to your config-bundle.yaml: 

    $ cat /tmp/quay-backup/config.yaml | grep SECRET_KEY > /tmp/quay-backup/config-bundle.yaml
    Copy to Clipboard Toggle word wrap
    Note

    You must manually copy all the LDAP, OIDC and other information and add it to the /tmp/quay-backup/config-bundle.yaml file.

  16. Create a configuration bundle secret inside of your OpenShift cluster: 

    $ oc create secret generic new-custom-config-bundle --from-file=config.yaml=/tmp/quay-backup/config-bundle.yaml
    Copy to Clipboard Toggle word wrap

  17. Scale up the Quay pods: 

    $ oc scale --replicas=1 deployment quayregistry-quay-app
deployment.apps/quayregistry-quay-app scaled
    Copy to Clipboard Toggle word wrap

  18. Scale up the mirror pods: 

    $ oc scale --replicas=1  deployment quayregistry-quay-mirror
deployment.apps/quayregistry-quay-mirror scaled
    Copy to Clipboard Toggle word wrap

  19. Patch the QuayRegistry CRD so that it contains the reference to the new custom configuration bundle: 

    $ oc patch quayregistry QUAY_REGISTRY_NAME --type=merge -p '{"spec":{"configBundleSecret":"new-custom-config-bundle"}}'
    Copy to Clipboard Toggle word wrap
    Note

    If Red Hat Quay returns a 500 internal server error, you might have to update the location of your DISTRIBUTED_STORAGE_CONFIG to default.

  20. Create a new AWS credentials.yaml in your /.aws/ directory and include the access_key and secret_key from the Operator-created config.yaml file: 

    $ touch credentials.yaml
    Copy to Clipboard Toggle word wrap 
    $ grep -i DISTRIBUTED_STORAGE_CONFIG -A10 /tmp/quay-backup/operator-quay-config-yaml-backup.yaml
    Copy to Clipboard Toggle word wrap 
    $ cat > ~/.aws/credentials << EOF
[default]
aws_access_key_id = ACCESS_KEY_FROM_QUAY_CONFIG
aws_secret_access_key = SECRET_KEY_FROM_QUAY_CONFIG
EOF
    Copy to Clipboard Toggle word wrap
    Note

    If the aws cli does not automatically collect the access_key and secret_key from the `~/.aws/credentials file, you can configure these by running aws configure and manually inputting the credentials.

  21. Record the NooBaa’s publicly available endpoint: 

    $ oc get route s3 -n openshift-storage -o yaml -o jsonpath="{.spec.host}{'\n'}"
    Copy to Clipboard Toggle word wrap

  22. Sync the backup data to the NooBaa backend storage: 

    $ aws s3 sync --no-verify-ssl --endpoint-url https://NOOBAA_PUBLIC_S3_ROUTE /tmp/quay-backup/bucket-backup/* s3://QUAY_DATASTORE_BUCKET_NAME
    Copy to Clipboard Toggle word wrap

  23. Scale the Operator back up to 1 pod: 

    $ oc scale –replicas=1 deployment quay-operator.v3.6.4 -n openshift-operators
    Copy to Clipboard Toggle word wrap

The Operator uses the custom configuration bundle provided and reconciles all secrets and deployments. Your new Red Hat Quay deployment on OpenShift Container Platform should contain all of the information that the old deployment had. You should be able to pull all images.

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat