Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-2110

Quay Operator supports advanced Clair configuration

XMLWordPrintable

    • Quay Operator supports advanced Clair configuration
    • False
    • False
    • Green
    • To Do
    • 0% To Do, 0% In Progress, 100% Done
    • Undefined

      Epic Goal

      • Customers can disable certain or all updaters in Clair in disconnected environments
      • Customers can leverage Clair in a geo-replication setup via the Operator where the database is centralized and a global load balancer is used which FQDN is different from the cluster-level routes for Clair
      • Customers can override the default volume size for the Postgres Database

      Why is this important?

      • The Quay Operator currently deploys Clair in a very opinionated way where the database is always local but in geo-replication Clair should use a central database
      • The Quay Operator currently does not allow adjusting the Clair config in any way at all, which is needed for Clair to work correctly in disconnected environments where all remote update sources are unavailable

      Scenarios

      1. A Quay administrator can configure the updater set of Clair via the Operator
      2. A Quay administrator can configure the database connection string via the Operator
      3. A Quay administrator can configure a set of custom certificates into the Clair deployment to support internal HTTPS proxies
      4. A Quay administrator can override/ or resize (increase) the size and storage class of the Postgres Database PVC
      5. A Quay administrator can use a different FQDN for Clair than that of the Route so that they leverage a global load balancing mechanism fronting different clusters running Clair

      Acceptance Criteria

      • All scenarios above must be fulfilled via the Operator
      • CI - MUST be running successfully with tests automated
      • Release Technical Enablement - Provide necessary release enablement details and documents.
      • Downstream documentation how to deploy Clair via the Operator geo-replication or disconnected environments

      Open questions:

      1. What is faster? Implementing this change or writing a Clair Operator that has this level of customization?
      2. Should we support adding a custom clair config referenced by the QuayRegistry CR and process it in sync with the rest of the managed components like we do today with the Quay config bundle?

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

              rmarasch@redhat.com Ricardo Maraschini (Inactive)
              DanielMesser Daniel Messer
              luffy zhang luffy zhang
              Votes:
              2 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: