16. Version 3.4.0
16.1. quay / clair / quay-builder
Added/Changed:
- Clair V4 now GA and the default security scanner for Quay 3.4.0. New features include support for notifications and disconnected deployments.
- New ConfigTool replaces the older Config App, providing better configuration validation and integration with the new Quay Operator. Quay now uses same validator as the ConfigTool at start time to ensure its configuration is correct. You will see a table of configuration validation status (pass/fail) now when Quay boots up.
- Quay codebase now completely migrated to python 3 with numerous dependency updates.
(Tech Preview) Support for Helm V3 is no longer considered experimental. It can be enabled as follows:
# Enable Helm support- requires that general OCI support (Tech Preview) is enabled. FEATURE_GENERAL_OCI_SUPPORT: True FEATURE_HELM_OCI_SUPPORT: True
- (Tech Preview) Due to necessary changes, the existing Red Hat Quay builders had to be removed and entirely rewritten. This has resulted in a loss of functionality so the new builders are being released as Technology Preview. Currently, builds are only available on OpenShift/Kubernetes utilizing Red Hat CoreOS for the sandbox VMs. The internal build manager has also been completely re-written to use gRPC and numerous core issues have been addressed. Please follow the provided documentation carefully when setting up.
- NooBaa has graduated from Technical Preview (TP) and now has General Availability (GA) status.
Fixed:
- PROJQUAY-121 Build manager scheduling too many builds
- PROJQUAY-139 Quay starts unreasonable number of workers when running in a container
- PROJQUAY-206 Repo mirroring sometimes locks up
- PROJQUAY-357 Properly escape arguments in entrypoint config
- PROJQUAY-381 Existing tags get deleted when mirroring fails
- PROJQUAY-399 Cannot setup mysql 8 for Quay via config tool
- PROJQUAY-480 Defunct Gunicorn Processes
- PROJQUAY-551 LDAP_USER_FILTER causes errors when not quoted
- PROJQUAY-575 Broken link for webhook POST in the webhook notifications page
- PROJQUAY-607 Changing SERVER_HOSTNAME triggers storage replication and 100% database CPU
- PROJQUAY-632 Lost usage logs when set kinesis as the logs producer
- PROJQUAY-635 Error 500 on Applications tab with naboo
- PROJQUAY-659 Creating new tags via the UI on a schema 2 manifest creates a schema 1 manifest
- PROJQUAY-675 Quay export logs select date range less than a month redirect to 500 error page
- PROJQUAY-676 Wrong image vulnerabilities link in OCP4.4 Overview page
-
PROJQUAY-742
Quaycontainer crashes when no user exists in database - PROJQUAY-796 Mirrored images have new digest
- PROJQUAY-797 Config app does not copy database SSL file to correct place
- PROJQUAY-808 Dockerfile upload failure (LocalStorage)
- PROJQUAY-813 Quay cannot connect to mysql db when SSL/TLS is required
- PROJQUAY-822 Quay App POD log should not print out LDAP user’s password as plaintext
- PROJQUAY-850 Config app fails to generate clair security.pem
- PROJQUAY-861 Deploy Quay is failed with AWS S3 as backend storage registry
-
PROJQUAY-866 Possible name collisions when deplying multiple
QuayRegistries - PROJQUAY-867 Restrict Quay Operator to Single Namespace
- PROJQUAY-871 Kustomize secrets broken with prefixed resource names
- PROJQUAY-884 Add support for tar.gz config bundles
- PROJQUAY-887 Error when controller processes existing QuayRegistry
- PROJQUAY-907 Repo mirror start date not calculated correctly
- PROJQUAY-915 Simultaneously pushing the same manifest can result in a manifest error
- PROJQUAY-917 Incorrect encoding of CSRF token in UI
- PROJQUAY-923 Failed to set GCS as the storage backend for Quay via config tool
- PROJQUAY-930 Config bundle contains fields for unmanaged components
- PROJQUAY-933 Quay config app failed to validate Noobaa SSL configurations
- PROJQUAY-934 Quay edit permissions of robot account redirect to quay 500 error page
- PROJQUAY-935 Quay Image Repository Mirror was stuck
- PROJQUAY-940 Quay delete in use robot account get 500 error page
- PROJQUAY-942 Quay push image was failed when backend storage is Azure Blob Storage
- PROJQUAY-948 list_manifest_layers should not fail on shared blobs
- PROJQUAY-949 Have Clair V4 indexing handle manifest layer error
- PROJQUAY-953 Quay image repository Tags page can’t display existing image tags
- PROJQUAY-958 Unhandled date token outside the given date range used for elasticsearch pagination
- PROJQUAY-973 Transaction error if the same repository is created twice during auth flow
- PROJQUAY-988 Quay update tag expiration does not work
- PROJQUAY-1002 Helm 3 OCI Support Push Fails due to invalid MIME type
- PROJQUAY-1011 Accessing build logs from super user panel doesnt work
- PROJQUAY-1015 RPM command error when getting rpm packages from layer database
- PROJQUAY-1023 oraclelinux:7 causes matcher bug
- PROJQUAY-1035 Unable to override gunicorn worker count in k8s
- PROJQUAY-1087 Fail to pull from managed objectstorage
- PROJQUAY-1101 Typo in /tools/generatekeypair.py
- PROJQUAY-1103 Remove need to modify SCC
- PROJQUAY-1112 Quay database reaches connection limit
- PROJQUAY-1122 Specify pull secret for component images
- PROJQUAY-1132 Running as config should not try to set httppasswd
Deprecated:
- Clair V2 (clair-jwt): With the GA of Clair V4, this version of Clair is now marked as deprecated. Users are encouraged to migrate to Clair V4 with this release. Clair V2 will be removed completely in the near future.
- App Registry: Customers using the App Registry feature should begin migrating to another application storage solution such as Helm V3 which uses the OCI standard container format. App Registry will be completely removed in the near future.
Note:
- Upgrading to Quay 3.4 will require a database migration which does not support downgrading back to a prior version of Quay. Please back up your database before performing a migration.
Known Issues:
- PROJQUAY-649 "openssl passwd" incorrect on OCP4 with FIPS mode enabled
- PROJQUAY-841 Provide and document an egress firewall whitelist
- PROJQUAY-888 Config App cannot connect to Postgres RDS instance via SSL
- PROJQUAY-960 Bucket addressing with Ceph in Quay
- PROJQUAY-1056 Quay deployment was failed at setup DB on GCP when use GCP SQL Postgresql
- PROJQUAY-1181 Quay config editor doesn’t validate SMTP
- PROJQUAY-1390 Quay login with Openstack Keystone user was failed
- Official Red Hat repositories may now contain "source" images which will be included in Mirrored repositories. See Getting UBI Container Image Source Code for an example of a source image tag. There is no simple way to exclude these source containers using Quay’s current tag patterns. This will be addressed in future Quay versions.
