In this guide, we will walk through the steps to configure AWS S3 storage for Quay. Follow these instructions to set up an S3 bucket and integrate it with Quay for object storage.
Create an IAM User and Assign Permissions
First, you need to create an IAM user and assign the necessary permissions.
Create an IAM User:
- Navigate to the AWS Management Console.
- Go to IAM (Identity and Access Management) > Users.
- Click on Add user and provide a username.
- Under Permissions select Attach existing policies directly and assign the AmazonS3FullAccess policy to the user.
- Complete the process by clicking Next: Tags and then Next: Review before clicking Create user
Create Access Key:
- Navigate to IAM > Users > Click on your new user.
- Go to the Security credentials tab.
- Under Access keys, click Create access key.
- Select Application running outside AWS, give the key name, and create it.
- Note down the access key and secret key. These will be used in the
config.yaml
file later.
Create and Configure an S3 Bucket
Create a New Bucket:
- Log in to the AWS Management Console.
- Go to the S3 service.
- Click Create bucket and choose General Purpose.
- Provide a unique bucket name.
- Ensure ACLs are disabled.
- Uncheck Block all public access and click Create bucket.
Configure Bucket Policy:
- Navigate to your bucket.
- Go to Permissions and then Bucket policy.
- Add the following policy, replacing
quaybucket
with your actual bucket name:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::quaybucket/*"
}
]
}
Configure Quay to Use AWS S3 Storage by updating the config.yaml
quaybucket
with your actual bucket name:{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::quaybucket/*"
}
]
}
config.yaml
Replace placeholders with the access_key, secret_key, and bucket name you noted earlier. Ensure the region is set correctly. Here's how your config.yaml
should look:
DISTRIBUTED_STORAGE_CONFIG:
s3Storage::
- S3Storage
- host: s3.us-east-1.amazonaws.com
s3_bucket: quaybucket
s3_access_key: ******************
s3_secret_key: *************************
s3_region: us-east-1
storage_path: /datastorage/registry
DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS: []
DISTRIBUTED_STORAGE_PREFERENCE:
- s3Storage
Create a Secret in OpenShift:
- Run the following command to create a secret with the
config.yaml
:
oc create secret generic --from-file config.yaml=./config.yaml config-bundle-secret -n openshift-operators
Create the Quay Registry Instance:
- Specify the
config-bundle-secret
in your Quay registry instance YAML. - For objectstorage set managed to
false
in yaml configuration file.apiVersion: quay.redhat.com/v1 kind: QuayRegistry metadata: name: example-registry namespace: quay-enterprise spec: configBundleSecret: config-bundle-secret components: - kind: quay managed: true - kind: postgres managed: true - kind: clair managed: true - kind: redis managed: true - kind: horizontalpodautoscaler managed: true - kind: objectstorage managed: false >>>>>>>>>>>>>>>>>>>>>>>>>>>> Here - kind: route managed: true - kind: mirror managed: true - kind: monitoring managed: true - kind: tls managed: true - kind: clairpostgres managed: true