IMPORTANT NOTE: This site is not official Red Hat documentation and is provided for informational purposes only. These guides may be experimental, proof of concept, or early adoption. Officially supported documentation is available at docs.openshift.com and access.redhat.com.

Setting up Quay on an ARO cluster via CLI

Authors: Kristopher White, Connor Wooley
Last Editor: flozanorht
Published Date: 25 July 2022
Modified Date: 13 September 2023

Pre Requisites

Steps

Create Azure Resources

  1. Create Storage Account

    az login
az group create --name <resource-group>  --location <location>
az storage account create --name <storage-account> --resource-group <resource-group> \ --location eastus --sku Standard_LRS --kind  StorageV2

  2. Create Storage Container

    az storage account keys list --account-name <storage_account_name> --resource-group <resource_group> --output yaml

    Note: this command returns a json by default with your keyName and Values, command above specifies yaml

    az storage container create --name <container_name> --public-access blob \ --account-name <AZURE_STORAGE_ACCOUNT> --account-key <AZURE_STORAGE_ACCOUNT_KEY>

    Note: Will need the storage container creds for later use

Install Quay-Operator and Create Quay Registry

  1. Login to your cluster’s OCM

  2. Create a sub.yaml file with this template to install the quay operator

    apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
    name: quay-operator
    namespace: <namespace>
spec:
    channel: <release_channel>
    name: quay-operator
    source: redhat-operators
    sourceNamespace: openshift-marketplace
    startingCSV: quay-operator.<version>

    oc apply -f sub.yaml

  3. Create the Quay Registry

    1. Create the Azure Storage Secret Bundle

      • Create a config.yaml file that injects the azure resource info from the storage container created in step 2 of Create Azure Resources
      DISTRIBUTED_STORAGE_CONFIG:
    local_us:
    - AzureStorage
    - azure_account_key: <AZURE_STORAGE_ACCOUNT_KEY>
      azure_account_name: <AZURE_STORAGE_ACCOUNT>
      azure_container: <AZURE_CONTAINER_NAME>
      storage_path: /datastorage/registry
DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS:
- local_us
DISTRIBUTED_STORAGE_PREFERENCE:
- local_us

      oc create secret generic --from-file config.yaml=./config.yaml -n <namespace> <config_bundle_secret_name>

    2. Create the Quay Registry with the Secret

      • Create a quayregistry.yaml file with this format
        apiVersion: quay.redhat.com/v1
kind: QuayRegistry
metadata:
    name: <registry_name>
    namespace: <namespace>
    finalizers:
        - quay-operator/finalizer
    generation: 3
spec:
    configBundleSecret: <config_bundle_secret_name>
    components:
        - kind: clair
          managed: true
        - kind: postgres
          managed: true
        - kind: objectstorage
          managed: false
        - kind: redis
          managed: true
        - kind: horizontalpodautoscaler
          managed: true
        - kind: route
          managed: true
        - kind: mirror
          managed: true
        - kind: monitoring
          managed: true
        - kind: tls
          managed: true
        - kind: quay
          managed: true
        - kind: clairpostgres
          managed: true```

      oc create -n <namespace> -f quayregistry.yaml

  4. Login to your Quay Registry and begin pushing images to it!

Note: This configuration does not support in-cluster authentication integration with the quay deployment. User Management with the registry is handled by the registry.