As we see new users starting to explore Quay.io, we wanted to provide a straightforward introduction in getting started on the registry and what to expect as part of your experience not only with the technology but also the community
Whether you're an open-source enthusiast, a software developer, or a business owner, Quay.io has got you covered. Powered by Red Hat, this public registry service provides a centralized, secure, and reliable platform for hosting and sharing open-source projects container images.
We understand that sudden policy changes in public registry services can cause doubt and unplanned work for open source users. With the recent announcements in the public container registry landscape, many open source projects are looking for a more reliable and no-cost place to host their work. At Red Hat, open source is more than just a philosophy, it's in our DNA, and we are proud to support FOSS projects with Quay.io.
How to get Started with Quay.io
Quay.io is easy to set up with a free account, and our open source policy caters to the needs of most open source projects and communities. With a wide range of features and functionalities, Quay.io has become the go-to choice for developers worldwide.
Migrating to Quay
Migrating from another registry to Quay.io involves several steps, but the good news is that Quay supports the Docker Registry v2 and OCI APIs, making the transition relatively seamless for most container-based workflows. Here are the basic steps:
- Create a Quay.io account: If you don't already have a Quay.io account, create one. Quay offers free accounts for public repositories, and paid plans for private repositories.
- (optional): If you plan to collaborate with others on container images or want to create a shared space for an open-source project, you can create an Organization first and store content there instead of your own Quay.io account
- Set up a repository: Once you've signed up, you can create a new repository by clicking the "New Repository" button. You can then configure your repository settings, including the repository name, description, and access control.
- Push your Docker images to Quay.io: Quay.io supports the standard Docker Registry v2 and OCI Distribution APIs, OCI artifact and docker v2s2 image specifications, so you can use the same docker push command that you would use with other registries to push your Docker images to Quay.io.
- Update your Dockerfile: Update your Dockerfile / Containerfile to reference the new location of your base images on Quay.io.
- Update your CI/CD pipeline: If you have a CI/CD pipeline set up, you'll need to update it to use Quay.io for your images, you can use Quay.io robot tokens to provide your pipeline with a separate set of credentials if they need to push images to your repository
- Test your application: Once you've pushed your images to Quay.io and updated your CI/CD pipeline, you'll need to test your application to make sure everything is working correctly. Again, you can use Quay.io robot tokens to give your container platform credentials your content in Quay.io in case you have made repositories
- Update any references: Finally, you'll need to update any references to your Docker images in any documentation, README files, or other places where you've referenced your previous registry.
- Review vulnerabilities: Quay.io constantly updates security vulnerabilities reports of your container images, so consult these regularly to get ahead of CVEs in your image content
Overall, migrating from other registries to Quay.io should be done in stages. Start with copying your image content into Quay.io and set up Quay.io as a fallback mirror in your local podman, docker or Kubernetes configuration. The key is to take your time, double-check your work, and test your application thoroughly to make sure everything is working as expected. Then you can start using Quay.io as your primary registry service.
Congrats!! You're now ready to use Quay.io as your container registry.
What Quay.io offers
- A modern OCI compatible registry with support for artifacts and tools such as ‘cosign’ or helm
- Free container vulnerability scanning
- An integrated build system that can (re-)build your container images directly from source repositories like GitHub triggered by source code changes
- A rich permission system with support for robot accounts, teams and granular access to control to facilitate collaboration in an open source project
- Flexible API access via OAuth
- Unique features to control content lifecycle with image expiration timers or undo accidental deletes or tag overwrites
- Basic analytics on image pulls and repository activity
- Paid private repositories
- No pull rate limiting
The software stack that powers Quay.io is fully open source. Check it out in the official code repository.
Especially important for open source projects is the fact that Quay.io’s pricing model is based on private repositories. If you don’t need private repositories, then the service is free. Free users maintain broad insights into their image content and any known vulnerabilities associated with this content, all cataloged across a wide range operating system package managers and language package managers, such as Python and (soon) Java and Golang.
We strongly believe that image security is of utmost importance for open source projects as well, given the recent focus on software supply chain security throughout the IT industry. That’s why Quay.io‘s image scanning happens automatically in the background without any additional user intervention required: it presents the most up-to-date CVE findings in your image when you fetch a report, so no manual rescanning is required.
Quay.io is a battle-tested public registry service. As one of the first public container registries, it has a long track record and continued focus on reliability and scalability. Red Hat trusts it with the distribution of our own enterprise container platform, Red Hat OpenShift, and many open source projects do too, including Prometheus, Strimzi Kafka, cert-manager and ArgoCD.
Acceptable use policy of the free-tier
As some may know, Quay.io's pricing model is quite generous, with only private repositories requiring a paid plan. However, users on the free-tier should be mindful of their usage as per the acceptable use policies. Red Hat shoulders the cost as a commitment to the open source community however going forward we want to ensure all users have access to fair usage of the service while maintaining the longevity and sustainability of the platform.
Abusive use of the service with content that violates rights of third parties or with a usage pattern / content that leads to a degradation of the service experience for other users is considered outside of acceptable use. Although the free-tier provides access to all features except private repositories, organizations and accounts that consume excessive storage or egress traffic may face quota limits. Excessive storage is defined as anything above 100 GB of image layers stored, and excessive egress traffic is anything over 1 TB of downloads, both per month. In these instances, the Quay team will contact the owner of the organization to find a solution that is mutually beneficial. If you are an open source project and anticipate exceeding these limits, please reach out to email@example.com beforehand to address any potential issues that may arise.
Call for Community
We believe that every open source image deserves a safe, security-conscious place to call home. With Projectquay.io, we provide an open source platform for community collaboration and support for Quay.io and the Red Hat Quay enterprise product. Looking to run your own Quay registry in production? Read here.
Quay.io has open source projects and open source hobbyists covered with free public image hosting, free security reporting and introspection of image content, advanced image lifecycle features and rich collaboration features ranging from personal accounts to organizations for projects with multiple contributors. If you need private repositories, affordable monthly subscriptions are available to cover needs for individuals all the way to large organizations and projects.
Want to shape the future of Quay? Join our community! Stay tuned for events in the future! Find us at https://www.projectquay.io/, chime in firstname.lastname@example.org, and participate on the Quay GitHub. Here is a sneak peek at new features we are working on.
So what are you waiting for? Join the Quay.io community today and experience the peace of mind that comes with hosting your open source images. Got feedback about our product? Take this survey to let us know! Let’s envision the next generation of Quay together!