Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 5. Using the Quay Bridge Operator

Use the following procedure to use the Quay Bridge Operator.

Prerequisites

  • You have installed the Red Hat Quay Operator.
  • You have logged into OpenShift Container Platform as a cluster administrator.
  • You have logged into your Red Hat Quay registry.
  • You have installed the Quay Bridge Operator.
  • You have configured the QuayIntegration custom resource.

Procedure

  1. Enter the following command to create a new OpenShift Container Platform project called e2e-demo: 

    $ oc new-project e2e-demo
    Copy to Clipboard Toggle word wrap

  2. After you have created a new project, a new Organization is created in Red Hat Quay. Navigate to the Red Hat Quay registry and confirm that you have created a new Organization named openshift_e2e-demo.

    Note

    The openshift value of the Organization might different if the clusterID in your QuayIntegration resource used a different value.

  3. On the Red Hat Quay UI, click the name of the new Organization, for example, openshift_e2e-demo.

  4. Click Robot Accounts in the navigation pane. As part of new project, the following Robot Accounts should have been created:

    • openshift_e2e-demo+deployer
    • openshift_e2e-demo+default
    • openshift_e2e-demo+builder

  5. Enter the following command to confirm three secrets containing Docker configuration associated with the applicable Robot Accounts were created: 

    $ oc get secrets builder-quay-openshift deployer-quay-openshift default-quay-openshift
    Copy to Clipboard Toggle word wrap

    Example output

    stevsmit@stevsmit ocp-quay $ oc get secrets builder-quay-openshift deployer-quay-openshift default-quay-openshift
NAME                      TYPE                             DATA   AGE
builder-quay-openshift    kubernetes.io/dockerconfigjson   1      77m
deployer-quay-openshift   kubernetes.io/dockerconfigjson   1      77m
default-quay-openshift    kubernetes.io/dockerconfigjson   1      77m
    Copy to Clipboard Toggle word wrap

  6. Enter the following command to display detailed information about builder ServiceAccount (SA), including its secrets, token expiration, and associated roles and role bindings. This ensures that the project is integrated via the Quay Bridge Operator. 

    $ oc describe sa builder default deployer
    Copy to Clipboard Toggle word wrap

    Example output

    ...
Name:                builder
Namespace:           e2e-demo
Labels:              <none>
Annotations:         <none>
Image pull secrets:  builder-dockercfg-12345
                     builder-quay-openshift
Mountable secrets:   builder-dockercfg-12345
                     builder-quay-openshift
Tokens:              builder-token-12345
Events:              <none>
...
    Copy to Clipboard Toggle word wrap

  7. Enter the following command to create and deploy a new application called httpd-template: 

    $ oc new-app --template=httpd-example
    Copy to Clipboard Toggle word wrap

    Example output

    --> Deploying template "e2e-demo/httpd-example" to project e2e-demo
...
--> Creating resources ...
    service "httpd-example" created
    route.route.openshift.io "httpd-example" created
    imagestream.image.openshift.io "httpd-example" created
    buildconfig.build.openshift.io "httpd-example" created
    deploymentconfig.apps.openshift.io "httpd-example" created
--> Success
    Access your application via route 'httpd-example-e2e-demo.apps.quay-ocp.gcp.quaydev.org'
    Build scheduled, use 'oc logs -f buildconfig/httpd-example' to track its progress.
    Run 'oc status' to view your app.
    Copy to Clipboard Toggle word wrap

    After running this command, BuildConfig, ImageStream, Service, Route, and DeploymentConfig resources are created. When the ImageStream resource is created, an associated repository is created in Red Hat Quay.

  8. The ImageChangeTrigger for the BuildConfig triggers a new Build when the Apache HTTPD image, located in the openshift namespace, is resolved. As the new Build is created, the MutatingWebhookConfiguration automatically rewriters the output to point at Red Hat Quay. You can confirm that the build is complete by querying the output field of the build by running the following command: 

    $ oc get build httpd-example-1 --template='{{ .spec.output.to.name }}'
    Copy to Clipboard Toggle word wrap

    Example output

    example-registry-quay-quay-enterprise.apps.quay-ocp.gcp.quaydev.org/openshift_e2e-demo/httpd-example:latest
    Copy to Clipboard Toggle word wrap

  9. On the Red Hat Quay UI, navigate to the openshift_e2e-demo Organization and select the httpd-example repository.
  10. Click Tags in the navigation pane and confirm that the latest tag has been successfully pushed.

  11. Enter the following command to ensure that the latest tag has been resolved: 

    $ oc describe is httpd-example
    Copy to Clipboard Toggle word wrap

    Example output

    Name:			httpd-example
Namespace:		e2e-demo
Created:		55 minutes ago
Labels:			app=httpd-example
			template=httpd-example
Description:		Keeps track of changes in the application image
Annotations:		openshift.io/generated-by=OpenShiftNewApp
			openshift.io/image.dockerRepositoryCheck=2023-10-02T17:56:45Z
Image Repository:	image-registry.openshift-image-registry.svc:5000/e2e-demo/httpd-example
Image Lookup:		local=false
Unique Images:		0
Tags:			1

latest
  tagged from example-registry-quay-quay-enterprise.apps.quay-ocp.gcp.quaydev.org/openshift_e2e-demo/httpd-example:latest
    Copy to Clipboard Toggle word wrap

  12. After the ImageStream is resolved, a new deployment should have been triggered. Enter the following command to generate a URL output: 

    $ oc get route httpd-example --template='{{ .spec.host }}'
    Copy to Clipboard Toggle word wrap

    Example output

    httpd-example-e2e-demo.apps.quay-ocp.gcp.quaydev.org
    Copy to Clipboard Toggle word wrap

  13. Navigate to the URL. If a sample webpage appears, the deployment was successful.

  14. Enter the following command to delete the resources and clean up your Red Hat Quay repository: 

    $ oc delete project e2e-demo
    Copy to Clipboard Toggle word wrap
    Note

    The command waits until the project resources have been removed. This can be bypassed by adding the --wait=false to the above command

  15. After the command completes, navigate to your Red Hat Quay repository and confirm that the openshift_e2e-demo Organization is no longer available.

Additional resources

  • Best practices dictate that all communication between a client and an image registry be facilitated through secure means. Communication should leverage HTTPS/TLS with a certificate trust between the parties. While Red Hat Quay can be configured to serve an insecure configuration, proper certificates should be utilized on the server and configured on the client. Follow the OpenShift Container Platform documentation for adding and managing certificates at the container runtime level.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat