Chapter 4. Using the config tool to reconfigure Red Hat Quay on OpenShift Container Platform
4.1. Accessing the config editor
In the Details section of the QuayRegistry object, the endpoint for the config editor is available, along with a link to the Secret object that contains the credentials for logging into the config editor. For example:
4.1.1. Retrieving the config editor credentials
Use the following procedure to retrieve the config editor credentials.
Procedure
Click on the link for the config editor secret:
In the Data section of the Secret details page, click Reveal values to see the credentials for logging into the config editor. For example:
4.1.2. Logging into the config editor
Use the following procedure to log into the config editor.
Procedure
Navigate the config editor endpoint. When prompted, enter the username, for example,
quayconfig, and the password. For example:
4.1.3. Changing configuration
In the following example, you will update your configuration file by changing the default expiration period of deleted tags.
Procedure
- On the config editor, locate the Time Machine section.
Add an expiration period to the Allowed expiration periods box, for example,
4w:
- Select Validate Configuration Changes to ensure that the changes are valid.
Apply the changes by pressing Reconfigure Quay:
After applying the changes, the config tool notifies you that the changes made have been submitted to your Red Hat Quay deployment:
Reconfiguring Red Hat Quay using the config tool UI can lead to the registry being unavailable for a short time while the updated configuration is applied.
4.2. Monitoring reconfiguration in the Red Hat Quay UI
You can monitor the reconfiguration of Red Hat Quay in real-time.
4.2.1. QuayRegistry resource
After reconfiguring the Red Hat Quay Operator, you can track the progress of the redeployment in the YAML tab for the specific instance of QuayRegistry, in this case, example-registry:
Each time the status changes, you will be prompted to reload the data to see the updated version. Eventually, the Red Hat Quay Operator reconciles the changes, and there are be no unhealthy components reported.
4.2.2. Events
The Events tab for the QuayRegistry shows some events related to the redeployment. For example:
Streaming events, for all resources in the namespace that are affected by the reconfiguration, are available in the OpenShift Container Platform console under Home → Events. For example:
4.3. Accessing updated information after reconfiguration
Use the following procedure to access the updated config.yaml file using the Red Hat Quay UI and the config bundle.
Procedure
-
On the
QuayRegistryDetails screen, click on the Config Bundle Secret. -
In the Data section of the
Secretdetails screen, click Reveal values to see theconfig.yamlfile. Check that the change has been applied. In this case,
4wshould be in the list ofTAG_EXPIRATION_OPTIONS. For example:--- SERVER_HOSTNAME: example-quay-openshift-operators.apps.docs.quayteam.org SETUP_COMPLETE: true SUPER_USERS: - quayadmin TAG_EXPIRATION_OPTIONS: - 2w - 4w ---
4.4. Custom SSL/TLS certificates UI
The config tool can be used to load custom certificates to facilitate access to resources like external databases. Select the custom certs to be uploaded, ensuring that they are in PEM format, with an extension .crt.
The config tool also displays a list of any uploaded certificates. After you upload your custom SSL/TLS cert, it will appear in the list. For example:
4.5. External Access to the Registry
When running on OpenShift Container Platform, the Routes API is available and is automatically used as a managed component. After creating the QuayRegistry object, the external access point can be found in the status block of the QuayRegistry object. For example:
status: registryEndpoint: some-quay.my-namespace.apps.mycluster.com
4.6. QuayRegistry API
The Red Hat Quay Operator provides the QuayRegistry custom resource API to declaratively manage Quay container registries on the cluster. Use either the OpenShift Container Platform UI or a command-line tool to interact with this API.
-
Creating a
QuayRegistryresults in the Red Hat Quay Operator deploying and configuring all necessary resources needed to run Red Hat Quay on the cluster. -
Editing a
QuayRegistryresults in the Red Hat Quay Operator reconciling the changes and creating, updating, and deleting objects to match the desired configuration. -
Deleting a
QuayRegistryresults in garbage collection of all previously created resources. After deletion, theQuaycontainer registry is no longer be available.
QuayRegistry API fields are outlined in the following sections.