
Red Hat Introduces Open Source Project Quay Container Registry - iamd3vil
https://www.redhat.com/en/blog/red-hat-introduces-open-source-project-quay-container-registry?sc_cid=701f2000000tyBjAAI
======
Pythondj
ProjectQuay.io landing page is now live!
[https://projectquay.io](https://projectquay.io)

~~~
yebyen
This is really great!

I recognize your username because I met you at Kubernetes Community Day AMS,
after Helm Summit, when you told everyone your username from up on the
stage...

By the way I loved your talk "Convergence of Communities" and everything about
the Jellyfish modeling, so for the benefit of anyone who maybe does not know
who you are, or why you posted this one-liner... this is Diane, Director of
Community Development at RedHat, and you can find that talk on YouTube.

So, thanks for doing this!

------
thebouv
From the basic installation page:

[https://docs.projectquay.io/deploy_quay.html](https://docs.projectquay.io/deploy_quay.html)

"For a Project Quay Registry installation (appropriate for non-production
purposes), you need one system (physical or virtual machine) that has the
following attributes:

    
    
        Red Hat Enterprise Linux (RHEL): Obtain the latest Red Hat Enterprise Linux server media from the Downloads page and follow instructions from the Red Hat Enterprise Linux 7 Installation Guide.
    
        Valid Red Hat Subscription: Obtain a valid Red Hat Enterprise Linux server subscription.

"

So, is it truly tied to RHEL and a subscription, or is that page just making
me FEEL that way?

Annoying either way. :/

~~~
johannkokos
The RHEL version linked is 7.5, not 8.1. They might just forget to update the
doc.

~~~
thebouv
The docs right now refer to using `docker` as well, but `docker` isn't
officially supported in RHEL 8+.

So guessing the docs will slowly shift to RHEL8 and podman.

------
badrequest
Prerequisites: CPUs: Two or more virtual CPUs RAM: 4GB or more

Why does a container registry need so many resources?

~~~
ecnahc515
First, this prereqs are about what you could get on a netbook in 2012 and on a
modern day cell phone.

Second, I think it would help to know why you think a container registry
wouldn't need a moderate amount of resources.

I don't necessarily disagree that the resources could be lower at the minimum
(and in fact, I recall they are quite a bit lower than this when running it on
your laptop without any load), but is this really anything unexpected?

It's written in Python so it's not going to be as efficient as Go or C++ but
it certainly isn't Java levels of resources being requested here.

~~~
heavyset_go
> _First, this prereqs are about what you could get on a netbook in 2012 and
> on a modern day cell phone._

High resource requirements mean that I need to spend more on compute, whether
that means paying a cloud provider for a beefier instance, or spending more
money on hardware and electricity.

~~~
moondev
2C/4G is hardly "beefy". If that is too much to run then use the quay.io
service and not worry about self hosting your registry?

~~~
polynomial
"640 kB ought to be enough for anybody"

(yes, that was in reference to a PC, not a server.)

------
akavel
Newbie question: How does quay differ to docker hub?

~~~
SEJeff
Once of the nicer features is that they offer an "encrypted password" where
you login to quay and click the "generate encrypted password" option in your
user preferences. Then instead of hardcoding your plaintext password into your
docker config json, it puts the encrypted password that is only applicable to
quay.

For those that use LDAP authentication for this, it makes is a much smaller
attack vector.

The per-team "organizations" is very nice and allows you to give teams their
own flexibility while still running things within your own firewalls (on-prem
or in a vpc). It is an alternative to docker hub with a lot of really nice
features.

The ability to do scheduled mirroring of images from other registries (such as
docker hub) and replication between different instances of quay is also really
beneficial.

Disclaimer: commercial quay enterprise user for some time.

~~~
freedomben
Quay also integrates very well with OpenShift. It works fine stand-alone too,
but if you're already using OpenShift it's worth looking into.

~~~
oso2k
DISCLAIMER: I work for Red Hat Consulting focusing on OpenShift.

In fact, a version without the Container Scanning bits and some of the user
management is the default internal registry in OpenShift 4.x.

------
freedomben
Love this. After Red Hat acquired Ansible I thought for sure they would cave
on their open source principles, but _they didn 't_. They really believe in
open source, and we are all the better as a world for it.

Disclaimer: I work for Red Hat but have been a fan decades longer than I've
worked there.

~~~
throwaway9147
A competing product (Harbor) is already open-source and part of CNCF. Quay
wouldn't have had any future if it was to stay proprietary.

Regarding RedHat (or IBM) truly committing to open-source, I'll believe when
OpenShift 4.x is open-sourced.

~~~
ecnahc515
Openshift 4.x is open-source. I'm guessing what your speaking towards is the
fact that there is no prebuilt distribution of it that doesn't require a
subscription, ie: OKD, which is something being worked on. Clayon started off
the conversation on this back in June:
[https://lists.openshift.redhat.com/openshift-
archives/users/...](https://lists.openshift.redhat.com/openshift-
archives/users/2019-June/msg00043.html)

But everything it's being built with is entirely FOSS. Making OKD happen is a
high priority and is being worked on.

From my understanding, most of it's been blocked on Fedora CoreOS being at a
state that it can be used for OKD and just putting resources onto setting up
the automation for building everything for OKD.

Remember that Openshift 4.x fundamentally changed how Openshift does updates
and that affects OKD a lot. Claytons email touches on this quite a bit.

Disclosure: I work at Red Hat, on projects related to Openshift.

~~~
throwaway9147
> Openshift 4.x is open-source.

That's great to hear. My mistake then, last time I've opened
[http://github.com/openshift/origin](http://github.com/openshift/origin), I
saw OpenShift 3.11 even though latest release was 4.2 at the time. From that,
and given the fact that all other RedHat products are upstream first, I've
made a conclusion that OpenShift 4 is no longer open-source.

> From my understanding, most of it's been blocked on Fedora CoreOS being at a
> state that it can be used for OKD and just putting resources onto setting up
> the automation for building everything for OKD.

What's the difference between OKD and OpenShift? Why does OKD use Fedora
CoreOS, while OpenShift doesn't? Is it not the same code?

> Remember that Openshift 4.x fundamentally changed how Openshift does updates
> and that affects OKD a lot. Claytons email touches on this quite a bit.

Don't know Clayton or seen his email. I'm confused why would OKD use a
different code than OpenShift. I though that the only difference between OKD
and OpenShift would be the subscription.

~~~
smarterclayton
We needed fedora coreos. OpenShift used RHEL CoreOS. It took longer for fedora
coreos because we also wanted fedora coreos to be a sufficient replacement for
ContainerLinux. That integration started passing CI with openshift today.

Readme updates and lots of this stuff need to be done - we left the readme at
3.11 because that was a coherent install (vs the more work in progress of
fedora coreos).

Every bit of source code was there (and developed in the open), but it wasn’t
all “pulled together”

~~~
ibotty
Is there already some documentation on how to play with it?

~~~
smarterclayton
Coming very soon - hopefully ready for KubeCon

------
self_awareness
"What is Project Quay? It's an open-source distribution of Red Hat Quay."

So, what is Quay? And why the information pages assume everyone knows what it
is?

~~~
emidln
A quay is a the platform you load or unload containers to. It's usually paired
with a wharf in a harbor.

~~~
sg47
In that case, I'll be a software longshoreman going forward.

------
technofiend
How to pronounce Quay: [https://www.grammarphobia.com/blog/2018/04/cay-key-
quay.html](https://www.grammarphobia.com/blog/2018/04/cay-key-quay.html)

Edit: I called it Kway myself and googled it after getting puzzled looks from
my UK peers. The referenced article says "key" is the older pronunciation but
either is acceptable.

~~~
crb
The "most correct" pronunciation of Quay is "key", as that link says, but the
CoreOS team always pronounced it "kway".

(I assume this has carried through to Red Hat.)

~~~
SEJeff
I asked Brandon Phillips (Then CoreOS CTO) on a call how they said it. He was
quite frank it was pronounced "kway" and not "key", much to the chagrin of our
Aussie coworker who still calls it "key". I've called it "kway" since.

~~~
philips
Yes, the team calls it kway.

However, when I worked at SUSE a running joke was: as long as you love using
it we don't care how you pronounce it.

~~~
crtlaltdel
"You can call me he. You can call me she. You can call me Regis & Cathy Lee; I
don't care! Just as long as you call me" \- @RuPaul

~~~
chrissnell
RuPaul cribbed that one from Bill Saluga's Raymond J. Johnson Jr. character.
Saluga basically made an entire career out of this stupid spiel.

[https://en.m.wikipedia.org/wiki/Bill_Saluga](https://en.m.wikipedia.org/wiki/Bill_Saluga)

------
kapilvt
Worth noting this is happening after the incorporation of VMware’s harbor
registry into cncf. Harbor provides a solid enterprise registry with auth,
Clair scanning, and a reasonable ux.
[https://goharbor.io/](https://goharbor.io/)

Still, it’s great to see quay make it out into the open.

~~~
freedomben
I'd be interested in hearing more analysis on why it is "worth noting." What
are your thoughts?

~~~
znpy
It's probably because after Harbor got incorporated into CNCF its development
kinda skyrocketed.

It was in a mostly stagnant state, a release once in a while, and now it's
going regular and strong.

The thing is, after things get the "CNCF" stamp they kinda go viral and become
the "de facto" standard.

This means that Harbor would become the most usual way to run a private
registry and thus Quay would lose ground (=> harder to sell).

Source: just implemented Harbor at work. Quay would probably have been better
(probably "production ready") but Harbor was free & open source.

~~~
freedomben
Thanks znpy. Can I ask what your orchestration stack looks like?

------
cygned
Does Quay support deleting images/tags/repositories in the registry? That's a
huge pain point with the official registry image, it's storage requirements
grow constantly and we have yet to find a way to actually remove data
completely (the garbage collector never worked for us).

------
mfer
> IRC: #quay on freenode.net

They're note using Slack!

~~~
heavyset_go
That's very refreshing. I'm glad that more teams are choosing open chat
options like Matrix or IRC.

~~~
throwaway9147
RedHat has been using IRC a long time.

------
mikece
"...the on-premise offering of Quay was released."

It's my premise that the author of that press release doesn't know the
difference between "premise" and "premises." I know we have a habit in
American English to evolve the meaning of words faster than any other language
but surely IBM's press team could offer to proof-read things like this before
posting.

[https://www.merriam-webster.com/dictionary/premise](https://www.merriam-
webster.com/dictionary/premise)

(And yes, I die inside a bit when someone on NPR ends a sentence with a
preposition...)

~~~
kitd
IBM use "on-premise" all the time. Like it or loathe it, it's become the
accepted neologism for "self-hosted".

~~~
ghaff
My personal preference is to use "on-prem" because:

1.) There are arguments but no definitive justification for choosing between
on-premise and on-premises.

2.) A lot of what gets lumped under on-prem is not actually on your premises
anyway. It's in a colo or a managed hosting provider, etc.

