Red Hat Quay: A private container registry for distributed, secure development
Red Hat® Quay is a private container registry that stores, builds, and deploys container images. It analyzes your images for security vulnerabilities, identifying potential issues that can help you mitigate security risks. Additionally, it delivers georeplication and BitTorrent distribution to increase performance across distributed development sites and increase resiliency and redundancy for disaster recovery.
Container registries allow developers to store and easily retrieve approved container images, which speeds provisioning and enhances DevOps workflows by creating highly available, consistent development resources.
With Red Hat Quay, you can:
- Store your containers with added security. Red Hat Quay ensures your applications are stored privately, with powerful access and authentication settings you can control.
- Easily build and deploy new containers. Red Hat Quay automates your container builds with integration to GitHub, Bitbucket, and more. Robot accounts allow for automatic software deployments.
- Scan containers to provide security. Red Hat Quay scans your containers for vulnerabilities, giving you visibility into known issues and how to fix them.
Features and benefits of Red Hat Quay
- Time machine. Red Hat Quay offers a two-week, configurable history of all tags in your repository with the ability to revert tags through image rollback to a previous state.
- Geographic replication. Continuous geographic distribution provides improved performance, ensuring your content is always available close to where it is needed most.
- Security vulnerability detection integration. Red Hat Quay integrates automatically with vulnerability detectors, such as Clair, and scans your container images to identify and notify you of known vulnerabilities that could be used to exploit your images.
- Continuous garbage collection. Automatic and continuous image garbage collection efficiently uses resources for active objects and reduces costs without requiring scheduled downtime or read-only mode.
- Unlimited storage. Multiple storage backends are supported to store your containers.
- Automated container builds. Red Hat Quay allows you to use build triggers to streamline your continuous integration/continuous delivery (CI/CD) pipeline. They are robust and easy-to-configure events based on security scanning results, successful new git builds, or other criteria.
- Audit logging. Red Hat Quay tracks control and data plane event logging, as well as application programming interface (API) and user interface (UI) actions.
- High availability. Multiple instances of Red Hat Quay can be run for redundancy, and a high-availability reference architecture prevents critical single points of failure.
- Enterprise authorization and authentication. Red Hat Quay allows you to integrate your existing identity infrastructure—including Lightweight Directory Access Protocol (LDAP), open authorization (OAuth) and open ID connect (OIDC), and Keystone—and use a fine-grained permissions system to map to your organizational structure and grant access to whole teams to manage specific repositories.
- Metrics. Built-in Prometheus metrics export to enable ephemeral and batch job metrics on each instance for easy monitoring and alerting.
- Continuous integration. Red Hat Quay allows you to automatically build and push images when developers commit code. You can build your containers in response to git pushes from GitHub (hosted and enterprise), Bitbucket, GitLab (hosted and enterprise), and others.
- Robot accounts. These accounts create credentials to deploy software automatically.
- Torrent distribution. Red Hat Quay has support for pulling container images using BitTorrent. The result is reduced download and deployment time, as well as increased stability from having multiple machines serving your binary data.
- Multiple architecture manifests supported. Customers can run containers on multiple architectures such as IBM Power LE and z System, ARM based IoT devices, or Windows based workloads.
Red Hat Quay.io
Red Hat Quay is available as a hosted service called Red Hat Quay.io. The hosted service has the same core feature set as Red Hat Quay and is priced per number of private repositories.
|Default OpenShift® Registry||Red Hat Quay||Red Hat Quay.io|
|Hosted||X, Red Hat OpenShift Online and Red Hat OpenShift Dedicated||X|
|Basic registry features|
|Role-based access control||X||X||X|
|Vulnerability scanning||X, only for images with Red Hat Enterprise Linux®||X||X|
|High availability||X, OpenShift Dedicated||X||X|
|Automatic layer squashing||X||X|
|Georeplication||X||Data replication via global content distribution network (CDN)|
|Multiple authentication providers supported (LDAP, OAuth/OIDC, Keystone, etc.)||X|