Quay Repositories
Creating an image repository
-
Click on the
Create New Repository
button.
-
Select the organization from the drop-down list, name the repository
kafka
, and set the visibility topublic
.
-
Click
Create Public Repository
.
Push (and tag) an image into the repository
-
Pull an image from the public registry by running the
podman pull
command followed by the name of the image.
podman pull quay.io/strimzi/kafka:latest-kafka-3.2.1
-
Tag the image with a name and a version number using the
podman tag
command.
podman tag quay.io/strimzi/kafka:latest-kafka-3.2.1 ${QUAY_HOSTNAME}/olleb/kafka:3.2.1
-
Sign into our Quay repository using your account credentials, if you are not already signed in.
podman login ${QUAY_HOSTNAME}
-
Push the image to the Quay repository using the
podman push
command.
podman push ${QUAY_HOSTNAME}/olleb/kafka:3.2.1
-
Verify that the image has been successfully pushed into our Quay repository by checking that the image is listed.
Inspecting image layers
-
Navigate to the
olleb/kafka
repository. -
Click on the
Tags
icon. -
Click on the
SHA256
value located underMANIFEST
section of the3.2.1
tag to view the layers dashboard.
Pull an image from the repository
-
From the Quay dashboard, locate and select the
olleb/kafka
repository. -
Click on the
Tags
tab. -
Select any of the repository's tags by clicking on it, click on the
Fetch Tag
icon.
-
Select
Podman Pull (by tag)
from theImage Format
drop-down menu and click on theCopy Command
button.
-
Switch to a terminal, paste the command you copied from the Quay UI, and then execute it. Make sure you have
Podman
installed on your system. Since we created the repository asPublic
, no login is required to pull the image.
Image rollback
Quay provides us with a convenient way to review the history of tags associated with an image repository.
-
Create a new image repository as already explained. In this case, create a public repository named
olleb/rollback
on Quay. -
Build an image, tag it and push it.
echo "FROM scratch" > Containerfile.rbk
podman build . -t rollback:1.0 -f Containerfile.rbk
podman tag localhost/rollback:1.0 ${QUAY_HOSTNAME}/olleb/rollback:latest
podman push ${QUAY_HOSTNAME}/olleb/rollback:latest
-
Verify that the image has been pushed into Quay repository. Check also the manifest digest and the layers.
-
Add a new layer to the Containerfile, rebuild the image, and overwrite the old one by tagging and pushing it with the same remote tag.
echo "LABEL org.opencontainers.image.authors=[email protected]" >> Containerfile.rbk
podman build . -t rollback:2.0 -f Containerfile.rbk
podman tag localhost/rollback:2.0 ${QUAY_HOSTNAME}/olleb/rollback:latest
podman push ${QUAY_HOSTNAME}/olleb/rollback:latest
-
Verify that the new image has been pushed to the Quay repository and check its manifest digest and layers in the Quay UI. You should observe that the manifest digest and layers are different from the previous image.
-
To rollback the image to the previous one, navigate to the Quay UI and click on the
Tag History
option for the repository. From there, select the tag for the previous image that you want to rollback to.
-
Click on
Revert to …
.
-
Click on the
Restore Tag
button. This will restore the image for that tag to the previous image.
-
To verify that the image has been restored to the previous one in the tag history, go to the
Tag History
section in the Quay UI and check that the restored tag has the same manifest digest and layers as the previous image that was reverted to.
Image expiration
To configure an image tag to expire from Quay on a specific time and date, follow these steps:
-
Create a new image repository as already explained. I created the
olleb/expiration
repository. -
Build a
1.0
image, tag it and push it to theolleb/expiration
repository.
echo "FROM scratch" > Containerfile.exp
podman build . -t exp:1.0 -f Containerfile.exp
podman tag localhost/exp:1.0 ${QUAY_HOSTNAME}/olleb/expiration:1.0
podman push ${QUAY_HOSTNAME}/olleb/expiration:1.0
-
The label
quay.expires-after
is used to indicate the expiration time for the tag. The value of the label can be specified in a number of different formats, including a specific time and date, a relative time offset from the time of image creation, or a relative time offset from the time of tag creation. In this case, we will use the relative time offset of5m
, which specifies that the image should expire 5 minutes after it is tagged with the2.0
and latesttags
.
echo "LABEL org.opencontainers.image.authors=[email protected]" >> Containerfile.exp
echo "LABEL quay.expires-after=5m" >> Containerfile.exp
podman build . -t exp:2.0 -f Containerfile.exp
podman tag localhost/exp:2.0 ${QUAY_HOSTNAME}/olleb/expiration:2.0
podman push ${QUAY_HOSTNAME}/olleb/expiration:2.0
podman tag localhost/exp:2.0 ${QUAY_HOSTNAME}/olleb/expiration:latest
podman push ${QUAY_HOSTNAME}/olleb/expiration:latest
-
We now have two images and three tags in our
olleb/expiration
repository. The1.0
image has a1.0
tag, the2.0
image has2.0
andlatest
tags. Thelatest
and the2.0
tag are marked as expiring soon.
After 5 minutes, both tags will be removed from the repository automatically.
-
Select the
1.0
tag, in theActions
drop-down list, selectChange Tags Expiration
. Set the desiredExpiration Date
.
Alternatively, the expiration can also be set by clicking on the Options icon and selecting Change Expiration .
|
When the tag is about to expire, a message will be displayed:
By default, the minimum expiration time is one hour and the maximum is 104 weeks (approximately 2 years) at the time of this writing. If you want to allow for earlier or later minimum expiration times, you can set the LABELED_EXPIRATION_MINIMUM property to a different time value, such as 60s (seconds), 5m (minutes), 24h (hours), 7d (days), or 2w (weeks). This configuration must be placed in the Config Bundle Secret of your registry instance. An example of how to do this is explained in section 2.5.1 Configuring allowed OCI artifact types.
|
When the tag expires, it is deleted automatically.
Note that even though the tag is deleted, we can still restore the image. The reason is that when a tag is deleted and there are no other tags pointing to the same image, the image is not immediately deleted. Instead, it is marked for garbage collection, which by default occurs after 14 days (2w
). Quay has a garbage collection worker enabled by default which runs periodically and removes the expired images when the configured Time Machine amount of time has passed.
As we stored the image inside olleb
organization, we can check that value by browsing to /organization/olleb?tab=settings
.
If the image stored is under the user account instead on an organization, the value can be found under user settings
The Time Machine amount time can be modified by changing the value of the TAG_EXPIRATION_OPTIONS
array property, which must include the default expiration value DEFAULT_TAG_EXPIRATION
in the list. An example of how to modify this value is explained in section 2.5.1 Configuring allowed OCI artifact types.
For example, with the following custom configuration:
we will see: