mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
49 lines
2.7 KiB
Plaintext
49 lines
2.7 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/container_security/security-registries.adoc
|
|
|
|
:_mod-docs-content-type: CONCEPT
|
|
[id="security-registries-quay_{context}"]
|
|
= Storing containers using {quay}
|
|
|
|
link:https://access.redhat.com/products/red-hat-quay[{quay}] is an
|
|
enterprise-quality container registry product from Red Hat.
|
|
Development for {quay} is done through the upstream
|
|
link:https://docs.projectquay.io/welcome.html[Project Quay].
|
|
{quay} is available to deploy on-premise or through the hosted
|
|
version of {quay} at link:https://quay.io[Quay.io].
|
|
|
|
Security-related features of {quay} include:
|
|
|
|
* *Time machine*: Allows images with older tags to expire after a set
|
|
period of time or based on a user-selected expiration time.
|
|
|
|
* *link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#repo-mirroring-in-red-hat-quay[Repository mirroring]*: Lets you mirror
|
|
other registries for security reasons, such hosting a public repository
|
|
on {quay} behind a company firewall, or for performance reasons, to
|
|
keep registries closer to where they are used.
|
|
|
|
* *Action log storage*: Save {quay} logging output to link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#proc_manage-log-storage[Elasticsearch storage or Splunk] to allow for later search and analysis.
|
|
|
|
* *link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/vulnerability_reporting_with_clair_on_red_hat_quay/index[Clair]*: Scan images against a variety of Linux
|
|
vulnerability databases, based on the origins of each container image.
|
|
|
|
* *Internal authentication*: Use the default local database to handle RBAC
|
|
authentication to {quay} or choose from LDAP, Keystone (OpenStack),
|
|
JWT Custom Authentication, or External Application Token authentication.
|
|
|
|
* *External authorization (OAuth)*: Allow authorization to {quay}
|
|
from GitHub, GitHub Enterprise, or Google Authentication.
|
|
|
|
* *Access settings*: Generate tokens to allow access to {quay}
|
|
from docker, rkt, anonymous access, user-created accounts, encrypted
|
|
client passwords, or prefix username autocompletion.
|
|
|
|
Ongoing integration of {quay} with {product-title} continues,
|
|
with several {product-title} Operators of particular interest.
|
|
The link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/red_hat_quay_operator_features/index#quay-bridge-operator[Quay Bridge Operator]
|
|
lets you replace the internal {product-registry} with {quay}.
|
|
The link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/red_hat_quay_operator_features/index#container-security-operator-setup[{rhq-cso}]
|
|
lets you check vulnerabilities of images running in {product-title} that were
|
|
pulled from {quay} registries.
|