A cloud-native, security-enhanced private registry platform
Why Red Hat Quay?
Container registries are the backbone of any modern container platform. Container runtimes and orchestration systems do not have long-term storage and image distribution capabilities. Container platforms rely on a registry as a critical part of the initial deployment before a container can run. Beyond the initial deployment, the life cycle of running containerized workloads on modern platforms requires a reliable and highly fault-tolerant registry.
Many events in an OpenShift cluster, or other Kubernetes environment, involve the registry. For example, rolling out configuration changes, reacting to scaling events, handling node maintenance or downtime, or rolling out updates all require interaction with the registry. Even minutes of downtime of a registry can disrupt developers and production applications.
In a multicluster environment spanning multiple sites and cloud services, a resilient central registry is even more important. Red Hat Quay provides a purpose-built, central, scalable registry platform with a proven track record using the same code base as the public Quay.io service that delivers millions of images daily.
Product overview
Red Hat Quay is a security-focused and scalable private registry platform for managing content across global datacenter and cloud environments, focusing on cloud-native and DevSecOps development models and environments. It provides a single, resilient, and distributed content repository for delivering containerized software to development and production across Red Hat OpenShift® and other Kubernetes clusters.
Red Hat Quay analyzes container images for security vulnerabilities, identifying potential issues that can help you mitigate security risks even before running an image. It delivers the foundation for a multicluster deployment with a highly available, scale-out architecture that can span geographically-distributed deployments to increase performance and resiliency. Red Hat Quay offers granular access control to stored content and allows members of teams to collaborate on shared content.
Key benefits:
- A central registry for all your container images and cloud-native artifacts
- Scalable geo-replication architecture to serve thousands of clusters and host millions of images
- Continuous, always–on vulnerability scanning in the background
- Granular access and permission management with full audit trail
Features and benefits
Capability | Description |
Store containers with added security | Red Hat Quay stores your applications privately, with powerful access and authentication settings you can control. |
Granular access control |
Apply fine-grained access rules to either isolate different user groups or effectively enable collaboration on shared content. |
Efficiently builds and deploys new containers | Red Hat Quay automates your container builds integrating with GitHub, Bitbucket, and more. Robot accounts allow for automatic software deployments without giving user credentials away |
Scans containers to provide added security | Red Hat Quay indexes package content in your container images and continuously scans vulnerabilities, giving you visibility into known issues and how to fix them before you execute a container. |
Continuous scanning for most current vulnerability reports | Scanning image content in Red Hat Quay is completely automated. The embedded scanner is automatically indexing newly pushed images and is providing reports on matched CVEs in real time due to constant updates of the vulnerability databases in the background, even in offline environments. |
Scalability | Start small and scale with your demands using Red Hat Quays horizontal scale-out architecture and proven track record as a central registry service at the massive scale of Quay.io. |
Geo-replication | Run a geographically distributed, federated Red Hat Quay deployment with a single entry point for clients to boost image pull performance and transparent replication of content. |
Quota management | For multiple clusters from different departments or businesses, registrywide default and custom quotas allow you to manage storage growth. |
Container image builds | Simplify continuous integration (CI) pipelines by letting Red Hat Quay build container images in the registry with source code management integration. |
Protect against accidental deletion | A time machine setting in Red Hat Quay allows tracking of image tag overwrites and deletions and can revert those if they unintentionally remove content. |
Image cache for external registries | Use Red Hat Quay to provide a transparent cache of images stored in other container registries to increase performance and avoid pull rate limiting. |
Runs natively on Red Hat OpenShift | Automate the deployment, update and full life cycle of Red Hat Quay on Red Hat OpenShift using the Red Hat Quay operator, use Red Hat OpenShift Monitoring for observability of your registry. |
Integrates with Red Hat OpenShift | Red Hat Quay can integrate with Red Hat OpenShift’s source-to-image build and image stream features for automated deployments and integrated credential management. |
Enterprise authentication | Integrate into existing authentication providers with Lightweight Directory Access Protocol (LDAP) or OpenID Connect (OIDC). |
Security auditing | Log and audit every security-relevant event in the system in long-term log storage. |
Support for hybrid cloud and offline environments | Run Red Hat Quay wherever Red Hat OpenShift and Red Hat Enterprise Linux® are supported including fully disconnected environments. |
Third-party database and storage support | Select from a range of supported object storage services and third-party database systems. |
Red Hat Quay is included with Red Hat OpenShift Platform Plus subscriptions or is available as a standalone subscription.
Technical specifications
Supported platforms
- Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Red Hat Enterprise Linux 9
- Red Hat OpenShift Container Platform 4
- See more information on supported integrations
Subscription entitlements
- One Red Hat Quay subscription is required per Red Hat Quay deployment.
- One Red Hat Quay deployment is characterized by one or more instances of the Red Hat Quay software running in one or more containers accessing the same object storage backend.
- In instances where Red Hat Quay is part of a Red Hat OpenShift Platform Plus subscription, the entitlement includes unlimited Quay deployments. For more information, visit OpenShift Sizing and Subscription Offerings guide.