Chapter 3. Deploying the Red Hat Quay registry

Procedure

1. On the OpenShift Container Platform web console, click Operators Installed Operators Red Hat Quay.
2. On the Red Hat Quay dashboard, click Create instance.

3. On the Create QuayRegistry page, review the default settings of the QuayRegistry custom resource (CR). Here, you decide whether to to use managed or unmanaged object storage.

   1. If you are using the Multicloud Object Gateway or Red Hat OpenShift Data Foundation as your object storage, keep the following settings:

          - kind: objectstorage
            managed: true

   2. If you are using a different storage provider, such as Google Cloud Platform, AWS S3, or Nutanix, set the objectstorage component as follows:

          - kind: objectstorage
            managed: false

4. Click Create. You are redirected to the Quay Registry tab on the Operator page.

5. Click the name of the Red Hat Quay registry that you created, then click Events to view the status of creation. If you used managed storage and leveraged the Multicloud Object Gateway, the registry completes creation. If you are using Red Hat OpenShift Data Foundation or an unmanaged storage backend provider, complete the following steps:

   1. Click the Details page of the Red Hat Quay registry.
   2. Click the name of the Config Bundle Secret resource, for example, <example_registry_name_config-bundle-secret-12345>.

   3. Click Actions Edit Secret, and pass in the following information from your backend storage provider:

      # ...
      DISTRIBUTED_STORAGE_CONFIG:
          <storage_provider>:
              - <storage_provider_name>
              - access_key: <access_key>
                bucket_name: <bucket_name>
                secret_key: <secret_key>
                storage_path: /datastorage/registry
      # ...

      Note

      Depending on your storage provider, different information is required. For more information, see see Storage object configuration fields.

   4. Click Save, and then re-navigate to the Events page of the registry to ensure successful deployment.

Procedure

1. Create a namespace, for example, quay-enterprise, by entering the following command:

   $ oc new-project quay-enterprise

2. Create the QuayRegistry custom resource (CR).

   1. If the objectstorage component is set to managed: true, complete the following steps:

      1. Create the QuayRegistry CR by entering the following command:

         $ cat <<EOF | oc create -n quay-enterprise -f -
         apiVersion: quay.redhat.com/v1
         kind: QuayRegistry
         metadata:
           name: example-registry
           namespace: quay-enterprise
         EOF

   2. If the objectstorage component is set to managed: false, complete the following steps:

      1. Create the config.yaml file for Red Hat Quay by entering the following command. You must include the information required for your backend storage provider. During this step, you can enable additional Red Hat Quay features. The following example is for a minimal configuration that includes the configuration options for automating early setup tasks:

         $ cat <<EOF > config.yaml
         ALLOW_PULLS_WITHOUT_STRICT_LOGGING: false
         AUTHENTICATION_TYPE: Database
         DEFAULT_TAG_EXPIRATION: 2w
         FEATURE_USER_INITIALIZE: true
         SUPER_USERS:
              -  <username>
         BROWSER_API_CALLS_XHR_ONLY: false
         FEATURE_USER_CREATION: false
         DISTRIBUTED_STORAGE_CONFIG:
             <storage_provider>:
                 - <storage_provider_name>
                 - access_key: <access_key>
                   bucket_name: <bucket_name>
                   secret_key: <secret_key>
                   storage_path: /datastorage/registry
         ENTERPRISE_LOGO_URL: /static/img/RH_Logo_Quay_Black_UX-horizontal.svg
         FEATURE_BUILD_SUPPORT: false
         FEATURE_DIRECT_LOGIN: true
         FEATURE_MAILING: false
         REGISTRY_TITLE: Red Hat Quay
         REGISTRY_TITLE_SHORT: Red Hat Quay
         SETUP_COMPLETE: true
         TAG_EXPIRATION_OPTIONS:
         - 2w
         TEAM_RESYNC_STALE_TIME: 60m
         TESTING: false
         EOF

         • FEATURE_USER_INITIALIZE: Set this field to true if you plan to create the first user by using API.
         • SUPER_USERS: Include this field and the username that you plan to leverage as a Red Hat Quay administrator.
         • BROWSER_API_CALLS_XHR_ONLY: Set this field to false to allow general browser-based access to the API.
         • FEATURE_USER_CREATION: Set this field to false to relegate the creation of new users to only superusers.

   3. Create a secret for the configuration by entering the following command:

      $ oc create secret generic <quay_config_bundle_name> \
        --from-file=config.yaml=</path/to/config.yaml> \
        -n quay-enterprise \
        --dry-run=client -o yaml | oc apply -f -

   4. Create the QuayRegistry CR by entering the following command:

      $ cat <<EOF | oc create -n quay-enterprise -f -
      apiVersion: quay.redhat.com/v1
      kind: QuayRegistry
      metadata:
        name: example-registry
        namespace: quay-enterprise
      spec:
        configBundleSecret: <quay_config_bundle_name>
        components:
          - kind: clair
            managed: true
          - kind: objectstorage
            managed: false
          - kind: mirror
            managed: true
          - kind: monitoring
            managed: true
      EOF

      objectstorage: Set this field to false when providing your own storage backend.

Verification

1. Check the status of your registry by entering the following command:

   $ oc describe quayregistry <registry_name> -n quay-enterprise

   ...
   Events:
     Type    Reason                     Age                   From                     Message
     ----    ------                     ----                  ----                     -------
     Normal  ComponentsCreationSuccess  23s (x2458 over 42h)  quayregistry-controller  All objects created/updated successfully

2. Alternatively, you can check pod statuses for your registry deployment by entering the following command:

3. Enter the following command to view the deployed components:

   $ oc get pods -n quay-enterprise

   NAME                                                   READY   STATUS      RESTARTS   AGE
   example-registry-clair-app-5ffc9f77d6-jwr9s            1/1     Running     0          3m42s
   example-registry-clair-app-5ffc9f77d6-wgp7d            1/1     Running     0          3m41s
   example-registry-clair-postgres-54956d6d9c-rgs8l       1/1     Running     0          3m5s
   example-registry-quay-app-79c6b86c7b-8qnr2             1/1     Running     4          3m42s
   example-registry-quay-app-79c6b86c7b-xk85f             1/1     Running     4          3m41s
   example-registry-quay-app-upgrade-5kl5r                0/1     Completed   4          3m50s
   example-registry-quay-database-b466fc4d7-tfrnx         1/1     Running     2          3m42s
   example-registry-quay-mirror-6d9bd78756-6lj6p          1/1     Running     0          2m58s
   example-registry-quay-mirror-6d9bd78756-bv6gq          1/1     Running     0          2m58s
   example-registry-quay-postgres-init-dzbmx              0/1     Completed   0          3m43s
   example-registry-quay-redis-8bd67b647-skgqx            1/1     Running     0          3m42s