Setting up Quay on an ARO cluster via CLI

Pre Requisites

• An ARO cluster
• oc cli
• azure cli

Steps

Create Azure Resources

1. Create Storage Account

   az login
   az group create --name <resource-group>  --location <location>
   az storage account create --name <storage-account> --resource-group <resource-group> \ --location eastus --sku Standard_LRS --kind  StorageV2
   

2. Create Storage Container

   az storage account keys list --account-name <storage_account_name> --resource-group <resource_group> --output yaml
   

   Note: this command returns a json by default with your keyName and Values, command above specifies yaml

   az storage container create --name <container_name> --public-access blob \ --account-name <AZURE_STORAGE_ACCOUNT> --account-key <AZURE_STORAGE_ACCOUNT_KEY>
   

   Note: Will need the storage container creds for later use

Install Quay-Operator and Create Quay Registry

1. Login to your cluster’s OCM

2. Create a sub.yaml file with this template to install the quay operator

   apiVersion: operators.coreos.com/v1alpha1
   kind: Subscription
   metadata:
       name: quay-operator
       namespace: <namespace>
   spec:
       channel: <release_channel>
       name: quay-operator
       source: redhat-operators
       sourceNamespace: openshift-marketplace
       startingCSV: quay-operator.<version>
   

   oc apply -f sub.yaml
   

3. Create the Quay Registry

   1. Create the Azure Storage Secret Bundle

      • Create a config.yaml file that injects the azure resource info from the storage container created in step 2 of Create Azure Resources

      DISTRIBUTED_STORAGE_CONFIG:
          local_us:
          - AzureStorage
          - azure_account_key: <AZURE_STORAGE_ACCOUNT_KEY>
            azure_account_name: <AZURE_STORAGE_ACCOUNT>
            azure_container: <AZURE_CONTAINER_NAME>
            storage_path: /datastorage/registry
      DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS:
      - local_us
      DISTRIBUTED_STORAGE_PREFERENCE:
      - local_us
      

      oc create secret generic --from-file config.yaml=./config.yaml -n <namespace> <config_bundle_secret_name>
      

   2. Create the Quay Registry with the Secret

      • Create a quayregistry.yaml file with this format

        apiVersion: quay.redhat.com/v1
        kind: QuayRegistry
        metadata:
            name: <registry_name>
            namespace: <namespace>
            finalizers:
                - quay-operator/finalizer
            generation: 3
        spec:
            configBundleSecret: <config_bundle_secret_name>
            components:
                - kind: clair
                  managed: true
                - kind: postgres
                  managed: true
                - kind: objectstorage
                  managed: false
                - kind: redis
                  managed: true
                - kind: horizontalpodautoscaler
                  managed: true
                - kind: route
                  managed: true
                - kind: mirror
                  managed: true
                - kind: monitoring
                  managed: true
                - kind: tls
                  managed: true
                - kind: quay
                  managed: true
                - kind: clairpostgres
                  managed: true```
        

      oc create -n <namespace> -f quayregistry.yaml
      

4. Login to your Quay Registry and begin pushing images to it!

Note: This configuration does not support in-cluster authentication integration with the quay deployment. User Management with the registry is handled by the registry.