Home GitHub

IMPORTANT NOTE: This site is not official Red Hat documentation and is provided for informational purposes only. These guides may be experimental, proof of concept, or early adoption. Officially supported documentation is available at docs.openshift.com and access.redhat.com.

Setting up Quay on an ARO cluster using Azure Container Storage

Kristopher White x Connor Wooley


Pre Requisites


Create Azure Resources

  1. Create Storage Account
     az login
     az group create --name <resource-group>  --location <location>
     az storage account create --name <storage-account> --resource-group <resource-group> \ --location eastus --sku Standard_LRS --kind  StorageV2
  2. Create Storage Container
     az storage account keys list --account-name <storage_account_name> --resource-group <resource_group> --output yaml

    Note: this command returns a json by default with your keyName and Values, command above specifies yaml

     az storage container create --name <container_name> --public-access blob \ --account-name <AZURE_STORAGE_ACCOUNT> --account-key <AZURE_STORAGE_ACCOUNT_KEY>

    Note: Will need the storage container creds for later use

Install Quay-Operator and Create Quay Registry

  1. Login to your cluster’s OCM
  2. Create a sub.yaml file with this template to install the quay operator

     apiVersion: operators.coreos.com/v1alpha1
     kind: Subscription
         name: quay-operator
         namespace: <namespace>
         channel: <release_channel>
         name: quay-operator
         source: redhat-operators
         sourceNamespace: openshift-marketplace
         startingCSV: quay-operator.<version>
     oc apply -f sub.yaml
  3. Create the Quay Registry
    1. Create the Azure Storage Secret Bundle
      • Create a config.yaml file that injects the azure resource info from the storage container created in step 2 of Create Azure Resources ```yaml DISTRIBUTED_STORAGE_CONFIG: local_us:
        • AzureStorage
        • azure_account_key: azure_account_name: azure_container: storage_path: /datastorage/registry DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS:
      • local_us ```
       oc create secret generic --from-file config.yaml=./config.yaml -n <namespace> <config_bundle_secret_name>
    2. Create the Quay Registry with the Secret
      • Create a quayregistry.yaml file with this format
          apiVersion: quay.redhat.com/v1
          kind: QuayRegistry
              name: <registry_name>
              namespace: <namespace>
                  - quay-operator/finalizer
              generation: 3
              configBundleSecret: <config_bundle_secret_name>
                  - kind: clair
                  managed: true
                  - kind: postgres
                  managed: true
                  - kind: objectstorage
                  managed: false
                  - kind: redis
                  managed: true
                  - kind: horizontalpodautoscaler
                  managed: true
                  - kind: route
                  managed: true
                  - kind: mirror
                  managed: true
                  - kind: monitoring
                  managed: true
                  - kind: tls
                  managed: true
                  - kind: quay
                  managed: true
                  - kind: clairpostgres
                  managed: true```
         oc create -n <namespace> -f quayregistry.yaml
  4. Login to your Quay Registry and begin pushing images to it!

Note: This configuration does not support in-cluster authentication integration with the quay deployment. User Management with the registry is handled by the registry.