Chapter 13. Schema for Red Hat Quay

AUTHENTICATION_TYPE [string] required: The authentication engine to use for credential authentication.

BUILDLOGS_REDIS [object] required: Connection information for Redis for build logs caching.

DB_URI [string] required: The URI at which to access the database, including any credentials.

DEFAULT_TAG_EXPIRATION [string] required: The default, configurable tag expiration time for time machine. Defaults to 2w.

DISTRIBUTED_STORAGE_CONFIG [object] required: Configuration for storage engine(s) to use in Quay. Each key is a unique ID for a storage engine, with the value being a tuple of the type and configuration for that engine.

DISTRIBUTED_STORAGE_PREFERENCE [array] required: The preferred storage engine(s) (by ID in DISTRIBUTED_STORAGE_CONFIG) to use. A preferred engine means it is first checked for pulling and images are pushed to it.

SERVER_HOSTNAME [string] required: The URL at which Quay is accessible, without the scheme.

TAG_EXPIRATION_OPTIONS [array] required: The options that users can select for expiration of tags in their namespace (if enabled).

USER_EVENTS_REDIS [object] required: Connection information for Redis for user event handling.

ACTION_LOG_ARCHIVE_LOCATION [string]: If action log archiving is enabled, the storage engine in which to place the archived data.

ACTION_LOG_ARCHIVE_PATH' [string]: If action log archiving is enabled, the path in storage in which to place the archived data.

APP_SPECIFIC_TOKEN_EXPIRATION [string, null]: The expiration for external app tokens. Defaults to None.

ALLOW_PULLS_WITHOUT_STRICT_LOGGING [boolean]: If true, pulls in which the pull audit log entry cannot be written will still succeed. Useful if the database can fallback into a read-only state and it is desired for pulls to continue during that time. Defaults to False.

AVATAR_KIND [string]: The types of avatars to display, either generated inline (local) or Gravatar (gravatar)

BITBUCKET_TRIGGER_CONFIG ['object', 'null']: Configuration for using BitBucket for build triggers.

BITTORRENT_ANNOUNCE_URL [string]: The URL of the announce endpoint on the bittorrent tracker.

BITTORRENT_PIECE_SIZE [number]: The bittorent piece size to use. If not specified, defaults to 512 * 1024.

BROWSER_API_CALLS_XHR_ONLY [boolean]: If enabled, only API calls marked as being made by an XHR will be allowed from browsers. Defaults to True.

CONTACT_INFO [array]: If specified, contact information to display on the contact page. If only a single piece of contact information is specified, the contact footer will link directly.

BLACKLIST_V2_SPEC [string]: The Docker CLI versions to which Quay will respond that V2 is unsupported. Defaults to <1.6.0.

DB_CONNECTION_ARGS [object]: If specified, connection arguments for the database such as timeouts and SSL.

DEFAULT_NAMESPACE_MAXIMUM_BUILD_COUNT [number, null]: If not None, the default maximum number of builds that can be queued in a namespace.

DIRECT_OAUTH_CLIENTID_WHITELIST [array]: A list of client IDs of Quay-managed applications that are allowed to perform direct OAuth approval without user approval.

DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS [array]: The list of storage engine(s) (by ID in DISTRIBUTED_STORAGE_CONFIG) whose images should be fully replicated, by default, to all other storage engines.

EXTERNAL_TLS_TERMINATION [boolean]: If TLS is supported, but terminated at a layer before Quay, must be true.

ENABLE_HEALTH_DEBUG_SECRET [string, null]: If specified, a secret that can be given to health endpoints to see full debug info when not authenticated as a superuser.

EXPIRED_APP_SPECIFIC_TOKEN_GC [string, null]: Duration of time expired external app tokens will remain before being garbage collected. Defaults to 1d.

FEATURE_ACI_CONVERSION [boolean]: Whether to enable conversion to ACIs. Defaults to False.

FEATURE_ACTION_LOG_ROTATION [boolean]: Whether or not to rotate old action logs to storage. Defaults to False.

FEATURE_ADVERTISE_V2 [boolean]: Whether the v2/ endpoint is visible. Defaults to True.

FEATURE_ANONYMOUS_ACCESS [boolean]: Whether to allow anonymous users to browse and pull public repositories. Defaults to True.

FEATURE_APP_REGISTRY [boolean]: Whether to enable support for App repositories. Defaults to False.

FEATURE_APP_SPECIFIC_TOKENS [boolean]: If enabled, users can create tokens for use by the Docker CLI. Defaults to True.

FEATURE_BITBUCKET_BUILD [boolean]: Whether to support Bitbucket build triggers. Defaults to False.

FEATURE_BITTORRENT [boolean]: Whether to allow using Bittorrent-based pulls. Defaults to False.

FEATURE_BUILD_SUPPORT [boolean]: Whether to support Dockerfile build. Defaults to True.

FEATURE_CHANGE_TAG_EXPIRARTION [boolean]: Whether users and organizations are allowed to change the tag expiration for tags in their namespace. Defaults to True.

FEATURE_DIRECT_LOGIN [boolean]: Whether users can directly login to the UI. Defaults to True.

FEATURE_GITHUB_BUILD [boolean]: Whether to support GitHub build triggers. Defaults to False.

FEATURE_GITHUB_LOGIN [boolean]: Whether GitHub login is supported. Defaults to False.

FEATURE_GITLAB_BUILD[boolean]: Whether to support GitLab build triggers. Defaults to False.

FEATURE_GOOGLE_LOGIN [boolean]: Whether Google login is supported. Defaults to False.

FEATURE_INVITE_ONLY_USER_CREATION [boolean]: Whether users being created must be invited by another user. Defaults to False.

FEATURE_LIBRARY_SUPPORT [boolean]: Whether to allow for "namespace-less" repositories when pulling and pushing from Docker. Defaults to True.

FEATURE_MAILING [boolean]: Whether emails are enabled. Defaults to True.

FEATURE_NONSUPERUSER_TEAM_SYNCING_SETUP [boolean]: If enabled, non-superusers can setup syncing on teams to backing LDAP or Keystone. Defaults To False.

FEATURE_PARTIAL_USER_AUTOCOMPLETE [boolean]: If set to true, autocompletion will apply to partial usernames. Defaults to True.

FEATURE_PERMANENT_SESSIONS [boolean]: Whether sessions are permanent. Defaults to True.

FEATURE_PROXY_STORAGE [boolean]: Whether to proxy all direct download URLs in storage via the registry nginx. Defaults to False.

FEATURE_PUBLIC_CATALOG [boolean]: If set to true, the _catalog endpoint returns public repositories. Otherwise, only private repositories can be returned. Defaults to False.

FEATURE_READER_BUILD_LOGS [boolean]: If set to true, build logs may be read by those with read access to the repo, rather than only write access or admin access. Defaults to False.

FEATURE_RECAPTCHA [boolean]: Whether Recaptcha is necessary for user login and recovery. Defaults to False.

FEATURE_REQUIRE_ENCRYPTED_BASIC_AUTH [boolean]: Whether non-encrypted passwords (as opposed to encrypted tokens) can be used for basic auth. Defaults to False.

FEATURE_REQUIRE_TEAM_INVITE [boolean]: Whether to require invitations when adding a user to a team. Defaults to True.

FEATURE_SECURITY_NOTIFICATIONS [boolean]: If the security scanner is enabled, whether to turn on/off security notifications. Defaults to False.

FEATURE_SECURITY_SCANNER [boolean]: Whether to turn on/off the security scanner. Defaults to False.

FEATURE_STORAGE_REPLICATION [boolean]: Whether to automatically replicate between storage engines. Defaults to False.

FEATURE_SUPER_USERS [boolean]: Whether super users are supported. Defaults to True.

FEATURE_TEAM_SYNCING [boolean]: Whether to allow for team membership to be synced from a backing group in the authentication engine (LDAP or Keystone).

FEATURE_USER_CREATION [boolean] :Whether users can be created (by non-super users). Defaults to True.

FEATURE_USER_LOG_ACCESS [boolean]: If set to true, users will have access to audit logs for their namespace. Defaults to False.

FEATURE_USER_METADATA [boolean]: Whether to collect and support user metadata. Defaults to False.

FEATURE_USER_RENAME [boolean]: If set to true, users can rename their own namespace. Defaults to False.

GITHUB_LOGIN_CONFIG [object, 'null']: Configuration for using GitHub (Enterprise) as an external login provider.

GITHUB_TRIGGER_CONFIG [object, null]: Configuration for using GitHub (Enterprise) for build triggers.

GITLAB_TRIGGER_CONFIG [object]: Configuration for using Gitlab (Enterprise) for external authentication.

GOOGLE_LOGIN_CONFIG [object, null]: Configuration for using Google for external authentication

HEALTH_CHECKER [string]: The configured health check.

LOG_ARCHIVE_LOCATION [string]:If builds are enabled, the storage engine in which to place the archived build logs.

LOG_ARCHIVE_PATH [string]: If builds are enabled, the path in storage in which to place the archived build logs.

MAIL_DEFAULT_SENDER [string, null]: If specified, the e-mail address used as the from when Quay sends e-mails. If none, defaults to support@quay.io.

MAIL_PASSWORD [string, null]: The SMTP password to use when sending e-mails.

MAIL_PORT [number]: The SMTP port to use. If not specified, defaults to 587.

MAIL_SERVER [string]: The SMTP server to use for sending e-mails. Only required if FEATURE_MAILING is set to true.

MAIL_USERNAME [string, 'null']: The SMTP username to use when sending e-mails.

MAIL_USE_TLS [boolean]: If specified, whether to use TLS for sending e-mails.

MAXIMUM_LAYER_SIZE [string]: Maximum allowed size of an image layer. Defaults to 20G.

PUBLIC_NAMESPACES [array]: If a namespace is defined in the public namespace list, then it will appear on all user’s repository list pages, regardless of whether that user is a member of the namespace. Typically, this is used by an enterprise customer in configuring a set of "well-known" namespaces.

PROMETHEUS_NAMESPACE [string]: The prefix applied to all exposed Prometheus metrics. Defaults to quay.

REGISTRY_TITLE [string]: If specified, the long-form title for the registry. Defaults to Quay Enterprise.

REGISTRY_TITLE_SHORT [string]: If specified, the short-form title for the registry. Defaults to Quay Enterprise.

SECURITY_SCANNER_ENDPOINT [string]: The endpoint for the security scanner.

SECURITY_SCANNER_INDEXING_INTERVAL [number]: The number of seconds between indexing intervals in the security scanner. Defaults to 30.

SESSION_COOKIE_SECURE [boolean]: Whether the secure property should be set on session cookies. Defaults to False. Recommended to be True for all installations using SSL.

SUPER_USERS [array]: Quay usernames of those users to be granted superuser privileges.

TEAM_RESYNC_STALE_TIME [string]: If team syncing is enabled for a team, how often to check its membership and resync if necessary (Default: 30m).

USERFILES_LOCATION [string]: ID of the storage engine in which to place user-uploaded files.

USERFILES_PATH [string]: Path under storage in which to place user-uploaded files.

USER_RECOVERY_TOKEN_LIFETIME [string]: The length of time a token for recovering a user accounts is valid. Defaults to 30m.

V2_PAGINATION_SIZE [number]: The number of results returned per page in V2 registry APIs.