Today, we’re pleased to announce the availability of Red Hat Quay 3.3. The latest version of Red Hat’s distributed and highly-available enterprise container registry focuses on deeper integrations with Red Hat OpenShift through the introduction of Quay Bridge Operator. This release also introduces Clair version 4, the latest version of the image vulnerability scanner, and enhances and stabilizes features introduced in previous Quay releases.
Continued Focus on Operators
With this release we’re introducing a third Operator as part of the Quay and OpenShift ecosystem: Quay Bridge Operator. Quay Bridge Operator automates common workflows when Red Hat OpenShift and Quay are used in conjunction with one another. Built in collaboration with the Red Hat internal and customer communities, the new operator is a big step towards providing users the same seamless user experience that is found in the Red Hat OpenShift internal registry.
Red Hat Quay 3.3 also makes enhancements to the Quay Operator. Previously, Quay Operator had been limited to the set up process. With the latest version of Red Hat Quay, Quay Operator no longer needs to be stopped after initial deployment and has now been enhanced to focus on Day 2 management operations. Quay Operator is now aware of ongoing configuration changes after the initial deployment and is able to detect and configure those changes -- streamlining the deployment of future versions and automating Day 2 management.
Introducing Clair version 4
Available in tech preview, Quay 3.3 introduces a completely overhauled version of the Clair container security scanner, Clair version 4. Designed to keep pace with the scale that modern enterprises demand, Clair version 4 was refactored to make several new enhancements possible, including:
- Support for programming language package managers, starting with python. This means Quay 3.3 and future iterations can scan not just the operating system content within images but also python packages as part of those images.
- A new manifest-oriented API
- New architecture consisting of Clair Core and a service wrapper
- Treating both hashes and layer hashes as content addressable, making it possible to uniquely identify an image as a whole.
OCI MIME type and artifact support
Red Hat is an active member of the Open Container Initiative (OCI), the open source community for creating open standards around containers. In late 2018, OCI launched the OCI Distribution Specification project to standardize container image distribution based on the specification for the Docker Registry HTTP API V2 protocol.
Available in tech preview, Red Hat Quay 3.3 implements the OCI distribution specification in its current state, making Quay the first open source hosted and private registry which is fully compliant to the current pre-release version of the OCI Distribution Specification.
Related to the OCI distribution specification is the OCI artifact specification, which allows registries to store any type of artifacts beyond OCI compliant images. Working closely with the Helm community and having an already existing implementation of the current version of the OCI Artifact spec has allowed us to technically support Helm v3 charts in Quay.
OCI artifact is currently an experimental feature and needs to be explicitly enabled on both Quay and the Helm client side.
Additional new features and enhancements
Red Hat Quay 3.3 includes numerous additional new features and enhancements to improve the overall user experience and help users better run at scale. New features include:
- OpenShift console enhancements for Clair vulnerability data which extends vulnerability information shown inside the OpenShift Console via the Container Security Operator. This expands upon the capabilities of the Container Security Operator introduced in Quay 3.2 and OpenShift 4.3. Additional information now includes image vulnerabilities lists in the administrator section, pod view for image vulnerabilities specific to a particular pod and more.
- Custom tagging to give users of Quay’s build trigger feature more flexibility with how to define their tags including static tags and dynamic templated tags.
- Logs via ElasticSearch to enable users who are running large Quay deployments with many transactions to now offload the logs stored into the database into an external elasticsearch stack. This makes freeing up resources easier when running Quay at scale, helping to prevent performance limitations.
- Log Exporter to allow the exporting of Logfiles both on an organization or repository level inside the usage logs tab, with the option to filter by a date range.
- LDAP Filtering, allows users to apply additional filters to lookup queries if LDAP / AD authentication is used.
Get started with Quay
Red Hat Quay is based on the recently open sourced Project Quay, so the community is welcome to provide feedback and contribute to the code.