-
Epic
-
Resolution: Done
-
Critical
-
None
-
Quay Operator supports advanced Clair configuration
-
False
-
False
-
Green
-
To Do
-
0% To Do, 0% In Progress, 100% Done
-
Undefined
Epic Goal
- Customers can disable certain or all updaters in Clair in disconnected environments
- Customers can leverage Clair in a geo-replication setup via the Operator where the database is centralized and a global load balancer is used which FQDN is different from the cluster-level routes for Clair
- Customers can override the default volume size for the Postgres Database
Why is this important?
- The Quay Operator currently deploys Clair in a very opinionated way where the database is always local but in geo-replication Clair should use a central database
- The Quay Operator currently does not allow adjusting the Clair config in any way at all, which is needed for Clair to work correctly in disconnected environments where all remote update sources are unavailable
Scenarios
- A Quay administrator can configure the updater set of Clair via the Operator
- A Quay administrator can configure the database connection string via the Operator
- A Quay administrator can configure a set of custom certificates into the Clair deployment to support internal HTTPS proxies
- A Quay administrator can override/ or resize (increase) the size and storage class of the Postgres Database PVC
- A Quay administrator can use a different FQDN for Clair than that of the Route so that they leverage a global load balancing mechanism fronting different clusters running Clair
Acceptance Criteria
- All scenarios above must be fulfilled via the Operator
- CI - MUST be running successfully with tests automated
- Release Technical Enablement - Provide necessary release enablement details and documents.
- Downstream documentation how to deploy Clair via the Operator geo-replication or disconnected environments
Open questions:
- What is faster? Implementing this change or writing a Clair Operator that has this level of customization?
- Should we support adding a custom clair config referenced by the QuayRegistry CR and process it in sync with the rest of the managed components like we do today with the Quay config bundle?
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
- DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
- DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>
- blocks
-
PROJQUAY-2504 Quay Operator supports geo-replication
- Closed
- is duplicated by
-
PROJQUAY-2128 Make Clair DB connection string configurable when deployed via the Operator
- Closed
- relates to
-
PROJQUAY-1696 Allow Clair's database to be unmanaged
- Closed
-
PROJQUAY-3225 DOCS Quay Operator supports advanced Clair configuration
- Closed
There are no Sub-Tasks for this issue.