A cloud-native, security-enhanced private registry platform

16. August 2022
Ressourcentyp: Datenblatt
PDF herunterladen

Product overview

Red Hat® Quay is a security-focussed and scalable private registry platform for managing content across global datacenter and cloud environments, focusing on cloud-native and DevSecOps development models and environments. It provides a single, resilient, distributed content repository for delivering containerized software to development and production clusters across OpenShift® and other Kubernetes clusters.

Why Red Hat Quay?

Container registries are the backbone of any modern container platform. Container runtimes and orchestration systems do not have long-term storage and image distribution capabilities. Container platforms rely on a registry as a critical part of the initial deployment before a container can run. Beyond the initial deployment, the life cycle of running containerized workloads on modern platforms requires a reliable and highly fault-tolerant registry.

Many events in an OpenShift cluster, or other Kubernetes environment, involve the registry. For example, rolling out configuration changes, reacting to scaling events, handling node maintenance or downtime, or rolling out updates all require interaction with the registry. Even minutes of downtime of a registry can disrupt developers and production applications.

In a multicluster environment spanning multiple sites and cloud services, a resilient central registry is even more important. Red Hat Quay provides a purpose-built, central, scalable registry platform with a proven track record using the same code base as the public Quay.io service that delivers millions of images daily.

Features and benefits

Red Hat Quay analyzes container images for security vulnerabilities, identifying potential issues that can help you mitigate security risks. It delivers the foundation for a multicluster deployment with a highly available, scale-out architecture that can span geographically-distributed deployments to increase performance and resiliency. Red Hat Quay offers fine-grained access control to stored content and allows members of teams to collaborate on shared content.

Quay capabilities

Subscriptions

Red Hat Quay is:

  • Included with Red Hat OpenShift Platform Plus subscriptions.
  • Available as a standalone subscription.

Supported platforms

  • Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Red Hat Enterprise Linux 9
  • Red Hat OpenShift Container Platform 4
  • Other supported integrations.
Capability Description
Store containers with added security Red Hat Quay stores your applications privately, with powerful access and authentication settings you can control.
Efficiently builds and deploys new containers Red Hat Quay automates your container builds integrating with GitHub, Bitbucket, and more. Robot accounts allow for automatic software deployments without giving user credentials away
Scans containers to provide added security Red Hat Quay indexes package content in your container images and continuously scans vulnerabilities, giving you visibility into known issues and how to fix them before you execute a container.
Scalability Start small and scale with your demands using Red Hat Quays horizontal scale-out architecture and proven track record as a central registry service at the massive scale of Quay.io.
Geo-replication Run a geographically distributed, federated Red Hat Quay deployment with a single entry point for clients to boost image pull performance and transparent replication of content.
Quota management For multiple clusters from different departments or businesses, registrywide default and custom quotas allow you to manage storage growth.
Container image builds Simplify continuous integration (CI) pipelines by letting Quay build container images in the registry with source code management integration.
Protect against accidental deletion A time machine setting in Red Hat Quay allows tracking of image tag overwrites and deletions and can revert those if they unintentionally remove content.
Image cache for external registries Use Red Hat Quay to provide a transparent cache of images stored in other container registries to increase performance and avoid pull rate limiting.
Runs natively on Red Hat OpenShift Automate the deployment, update and full life cycle of Red Hat Quay on OpenShift using the Red Hat Quay operator, use OpenShift Monitoring for observability of your registry.
Integrates with Red Hat OpenShift Red Hat Quay can integrate with Red Hat OpenShift’s source-to-image build and image stream features for automated deployments and integrated credential management.
Enterprise authentication Integrate into existing authentication providers with LDAP or OIDC
Security auditing Log and audit every security-relevant event in the system in long-term log storage.
Support for hybrid cloud and offline environments Run Red Hat Quay wherever Red Hat OpenShift and Red Hat Enterprise Linux® is supported including fully disconnected environments.
Third-party database and storage support Select from a range of supported object storage services and third-party database systems.

Red Hat Quay is included with Red Hat OpenShift Platform Plus subscriptions or is available as a standalone subscription.

Technical specifications

Supported platforms

  • Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Red Hat Enterprise Linux 9
  • Red Hat OpenShift Container Platform 4
  • See more information on supported integrations

Subscription entitlements

  • One Red Hat Quay subscription is required per Quay deployment.
  • One Quay deployment is characterized by one or more instances of the Quay software running in one or more containers accessing the same object storage backend.
  • In instances where Red Hat Quay is part of a Red Hat OpenShift Platform Plus subscription, the entitlement includes unlimited Quay deployments. For more information, see the OpenShift Sizing and Subscription Guide.

Tags:Container, Entwicklung, DevOps, Open Hybrid Cloud