Chapter 4. Using the config tool to reconfigure Red Hat Quay on OpenShift Container Platform

4.1. Accessing the config editor

In the Details section of the QuayRegistry object, the endpoint for the config editor is available, along with a link to the Secret object that contains the credentials for logging into the config editor. For example:

Config editor details

4.1.1. Retrieving the config editor credentials

Use the following procedure to retrieve the config editor credentials.

Procedure

  1. Click on the link for the config editor secret:

    Config editor secret

  2. In the Data section of the Secret details page, click Reveal values to see the credentials for logging into the config editor. For example:

    Config editor secret reveal

4.1.2. Logging into the config editor

Use the following procedure to log into the config editor.

Procedure

  • Navigate the config editor endpoint. When prompted, enter the username, for example, quayconfig, and the password. For example:

    Config editor user interface

4.1.3. Changing configuration

In the following example, you will update your configuration file by changing the default expiration period of deleted tags.

Procedure

  1. On the config editor, locate the Time Machine section.
  2. Add an expiration period to the Allowed expiration periods box, for example, 4w:

    Add expiration period

  3. Select Validate Configuration Changes to ensure that the changes are valid.
  4. Apply the changes by pressing Reconfigure Quay:

    Reconfigure

After applying the changes, the config tool notifies you that the changes made have been submitted to your Red Hat Quay deployment:

Reconfigured

Note

Reconfiguring Red Hat Quay using the config tool UI can lead to the registry being unavailable for a short time while the updated configuration is applied.

4.2. Monitoring reconfiguration in the Red Hat Quay UI

You can monitor the reconfiguration of Red Hat Quay in real-time.

4.2.1. QuayRegistry resource

After reconfiguring the Red Hat Quay Operator, you can track the progress of the redeployment in the YAML tab for the specific instance of QuayRegistry, in this case, example-registry:

ui monitor deploy update

Each time the status changes, you will be prompted to reload the data to see the updated version. Eventually, the Red Hat Quay Operator reconciles the changes, and there are be no unhealthy components reported.

ui monitor deploy done

4.2.2. Events

The Events tab for the QuayRegistry shows some events related to the redeployment. For example:

ui monitor deploy streaming events

Streaming events, for all resources in the namespace that are affected by the reconfiguration, are available in the OpenShift Container Platform console under HomeEvents. For example:

ui monitor deploy streaming events

4.3. Accessing updated information after reconfiguration

Use the following procedure to access the updated config.yaml file using the Red Hat Quay UI and the config bundle.

Procedure

  1. On the QuayRegistry Details screen, click on the Config Bundle Secret.
  2. In the Data section of the Secret details screen, click Reveal values to see the config.yaml file.
  3. Check that the change has been applied. In this case, 4w should be in the list of TAG_EXPIRATION_OPTIONS. For example:

    ---
    SERVER_HOSTNAME: example-quay-openshift-operators.apps.docs.quayteam.org
    SETUP_COMPLETE: true
    SUPER_USERS:
    - quayadmin
    TAG_EXPIRATION_OPTIONS:
    - 2w
    - 4w
    ---

4.4. Custom SSL/TLS certificates UI

The config tool can be used to load custom certificates to facilitate access to resources like external databases. Select the custom certs to be uploaded, ensuring that they are in PEM format, with an extension .crt.

Custom SSL/TLS certificates

The config tool also displays a list of any uploaded certificates. After you upload your custom SSL/TLS cert, it will appear in the list. For example:

Custom SSL/TLS certificates

4.5. External Access to the Registry

When running on OpenShift Container Platform, the Routes API is available and is automatically used as a managed component. After creating the QuayRegistry object, the external access point can be found in the status block of the QuayRegistry object. For example:

status:
  registryEndpoint: some-quay.my-namespace.apps.mycluster.com

4.6. QuayRegistry API

The Red Hat Quay Operator provides the QuayRegistry custom resource API to declaratively manage Quay container registries on the cluster. Use either the OpenShift Container Platform UI or a command-line tool to interact with this API.

  • Creating a QuayRegistry results in the Red Hat Quay Operator deploying and configuring all necessary resources needed to run Red Hat Quay on the cluster.
  • Editing a QuayRegistry results in the Red Hat Quay Operator reconciling the changes and creating, updating, and deleting objects to match the desired configuration.
  • Deleting a QuayRegistry results in garbage collection of all previously created resources. After deletion, the Quay container registry is no longer be available.

QuayRegistry API fields are outlined in the following sections.