5.2. quay-operator

Note:

  • Only supported on OCP-4.2 or newer
  • UI supported on OCP-4.3 or newer

Added:

  • Enhanced logic for Quay Configuration route
  • Quay SSL Certificate uses TLS secret type
  • Updated example Quay Ecosystem Custom Resource examples
  • Retrofitted how external access is specified and managed
  • New Schema for defining externalAccess as a field in QuayEcoystem
  • Support for additional external access types (LoadBalancer and Ingress)
  • Add additional roles to CSV to manage ingresses.
  • Always use Port 8443 for Quay Config App’s health probes.
  • The Quay Config App now continues running by default.
  • The Redis and Hostname configuration are marked "Read Only" in the Quay Configuration App.
  • Support for managing superusers.
  • Add ability to inject certificates, and any other file, into the Quay and Clair secrets.
  • (OpenShift) SCC management refinement. Removal of SCCs when QuayEcosystem is deleted through the use of finalizers.
  • Certificates and other secrets are now mounted in a way that is compatible with Quay and Quay’s Config App.
  • The operator now verifies the configuration for the Hostname, Redis, and Postgres when Quay’s configuration secret is changed.

Fixed:

  • Resolved issues with GitHub Actions CI/CD pipeline
  • Resolved issue when specifying multiple replicas of a given component
  • The "Repo Mirror" pod is now health-checked using the correct port.

Known Issues:

  • Configuring Storage Geo-Replication for Azure in the CR causes the deployment to fail.
  • The Hostname is set to an IP Address when using Load Balancers on GCP which causes the self-signed certificate validation to fail in Quay’s Config Application.
  • Using the Postgres or Redis images from Dockerhub will fail.
  • For advanced persistance configurations, Quay’s PROXY_STORAGE feature is not exposed through the CR and can only be managed through Quay’s Config app.
  • Quay’s Config App will always using TLS; it is not possible to configure it as HTTP-only in the CR.
  • Node Ports do not currently work.
  • Cloudfront cannot be properly configured using the CR. It can be managed using Quay’s configuration app.
  • This version of the operator cannot be used for an automatic upgrade due to schema changes in the CR.