Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-8275

Enforce Registry-Wide Default Image Expiration Policy with Per-Org Customization

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • False
    • None
    • False
    • Not Selected

      Overview:
      This feature introduces the ability to enforce a default image expiration policy across a Quay registry. End users can set image expiration values lower than the default but not exceed it. Additionally, the feature provides flexibility to adjust the default expiration policy at the organization level or even per repository, enabling tailored expiration policies based on specific needs.

      Business Requirements:

      • Allow registry administrators to define a default image expiration policy that applies to the entire registry.
      • Enable organizations to adjust the default expiration policy at their level while adhering to the global upper limit.
      • Support adjustments at the repository level to accommodate specific use cases.
      • Similar to default quota management, this feature allows for fine-tuned control, offering administrators flexibility while maintaining governance.

      Customer Benefit:

      • Improved image expiration management for better storage optimization and resource control.
      • Aligns with organizational and repository-specific use cases without sacrificing the registry-wide consistency of policies.
      • Simplifies compliance with organizational policies while ensuring flexibility for unique workloads.

      Scope:

      1. Add functionality to enforce a default image expiration policy across the registry.
      2. Enable configuration of default expiration values at the organization level.
      3. Allow administrators to modify upper limits at the repository level.

      Acceptance Criteria:

      Global Configuration:

        • Administrators can set a default image expiration value for the entire registry.

      Organization-Level Customization:

        • Organizations can adjust expiration policies within the range allowed by the global default.

      Repository-Level Adjustments:

        • Support repository-specific expiration values, adhering to organization-level or global policies.

      Policy Enforcement:

        • End users cannot set expiration values exceeding the defined default limits.

      Out of Scope (for Initial Release):

      • Integration with external policy management tools.
      • Advanced reporting or analytics around expiration policy usage.

      Components Affected:

      • Quay Admin Panel: For configuring default and organization-level settings.
      • Quay API: To support programmatic updates and enforcement of expiration policies.
      • Quay UI: To display and manage expiration settings for organizations and repositories.

              Unassigned Unassigned
              qberry@redhat.com Quiana Berry
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: