Red Hat Quay 3.2: Welcome to the Container Security Operator

Today Red Hat announces Red Hat Quay 3.2. This enterprise container registry release focuses on improving the management of Quay and hardens features introduced in past Quay releases. Based on customer input and feedback we've stabilized repository mirroring and the Quay Setup Operator to bring them to general availability. This release also introduces the general availability of the Container Security Operator, which integrates Quay’s image vulnerability scanning capabilities to Kubernetes for improved security.

Repository mirroring and Quay Setup Operator

Repository mirroring is designed for mirroring content between distinct, different registries, and complements Quay’s geographic replication features. Repository mirroring allows a user to synchronize explicitly selected repositories from any source registry into Quay. It helps mirror content that is used in more than one registry to all other clusters and registries that are designated to use it. By having this additional layer of manageability when getting content into and distributing content through Quay, customers get an additional level of freedom and independence for distributed registries. 

Additionally, the Quay Setup Operator, which helps deploy and manage the container registry, is also generally available. The Quay Setup Operator helps to deploy and maintain Quay on Red Hat OpenShift, the industry’s most comprehensive enterprise Kubernetes platform.

Container Security Operator for Quay

Operators, which encode the operational knowledge of the lifecycle and management of a Kubernetes-native application, have been on the rise in the Kubernetes ecosystem. Operators play an important role not only for the Kubernetes ecosystem, but also for Red Hat Quay in particular. With this new release we’re introducing a new Operator as part of the Quay and OpenShift ecosystem: the Container Security Operator.

The Container Security Operator for Quay is available on OperatorHub.io and embedded into OperatorHub in Red Hat OpenShift. This Operator brings Quay and Clair vulnerability scanning metadata to Kubernetes and OpenShift. Kubernetes cluster administrators can monitor known container image vulnerabilities in pods running on their Kubernetes cluster. If the container registry supports image scanning, such as Quay with Clair, then the Operator will expose any vulnerabilities found via the Kubernetes API.

While security scanning has already been a part of the Quay product since 2015, this is the next major step in helping to enable enhanced security for containers on Kubernetes because of its functionality through the Kubernetes API. With the Container Security Operator for Quay on OpenShift, it can be easier to identify known container vulnerabilities, and customers can feel more empowered to know what to fix. Having important vulnerability information stored on the platform allows us to also visualize it in the corresponding user interface, which is our OpenShift console. We look forward to continue working on this Operator to bring in more features and functionality.

Support for OpenShift Container Storage leveraging NooBaa Multi-Cloud Gateway

Red Hat Quay already supports a variety of storage backends for both on-premise and cloud deployments. With Quay 3.2 we proudly introduce support for the upcoming OpenShift Container Storage 4, leveraging the NooBaa Operator for data management. NooBaa is a flexible, lightweight and scalable S3 API which supports various storage services underneath. The community version of the NooBaa Operator is available on OperatorHub.io. For customers, it will be known as the Red Hat Multi-Cloud Object Gateway Operator, as part of Red Hat OpenShift Container Storage 4 and deployed via the OperatorHub in Red Hat OpenShift 4. Support for NooBaa S3 can help customers use Red Hat OpenShift Container Storage version 3 and upcoming version 4 as their storage backend for Quay.

Get started with Quay

Red Hat Quay is being used by customers of all sizes around the globe. Some customer highlights of using Red Hat Quay or Red Hat Quay.io:

"At Solo.io, we use Red Hat Quay as our hosted registry to store and distribute the container images behind our products like Gloo, Service Mesh Hub and more. We can focus on building our products without spending time maintaining a registry. Quay provides us with secure and efficient collaboration and insight into useful statistics like downloads, versions and more," said Rick Ducott, director of engineering at Solo.io.

“Red Hat Quay.io is easy to implement into DevOps toolsets, delivers efficient build and release time and can deal with millions of current container delivery requests at ease. Using Quay has sped up our development and container management worldwide, including follow-the-sun update strategies. With Quay.io, infinimesh is able to serve our customers worldwide in a fully automated deployment," said Alexander Alten-Lorenz, Founder and CEO, Infinite Devices, Inc.

Red Hat Quay is based on the recently open sourced Project Quay, so the community is welcome to provide feedback and contribute to the code. 

Customers can check out the release notes and get started with Red Hat Quay 3.2 today. New users are welcome to try out the product for a trial period at no cost.