-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
quay-v3.15.0
-
None
-
False
-
-
False
-
-
OpenShift 4.19.5, x86_64, bare metal. Storage Class ODF-cephfs
Quay Operator channel stable-3.15, version v.3.15.0
QuayRegistry CR:
```yaml
apiVersion: quay.redhat.com/v1
kind: QuayRegistry
metadata:
creationTimestamp: '2025-08-05T22:08:32Z'
finalizers:
- quay-operator/finalizer
generation: 1
managedFields:
- apiVersion: quay.redhat.com/v1
fieldsType: FieldsV1
fieldsV1:
'f:spec':
.: {}
'f:components': {}
'f:configBundleSecret': {}
manager: Mozilla
operation: Update
time: '2025-08-05T22:08:32Z'
- apiVersion: quay.redhat.com/v1
fieldsType: FieldsV1
fieldsV1:
'f:metadata':
'f:finalizers':
.: {}
'v:"quay-operator/finalizer"': {}
manager: manager
operation: Update
time: '2025-08-05T22:09:20Z'
- apiVersion: quay.redhat.com/v1
fieldsType: FieldsV1
fieldsV1:
'f:status':
.: {}
'f:conditions': {}
'f:currentVersion': {}
'f:lastUpdated': {}
'f:registryEndpoint': {}
manager: manager
operation: Update
subresource: status
time: '2025-08-07T15:05:49Z'
name: quay
namespace: hub-infra
resourceVersion: '10660042'
uid: 41e07bc1-0413-4f6a-80eb-97d2edf8ccb8
spec:
components:
- kind: clair
managed: true
- kind: postgres
managed: true
- kind: objectstorage
managed: false
- kind: redis
managed: true
- kind: horizontalpodautoscaler
managed: false
- kind: route
managed: true
- kind: mirror
managed: true
- kind: monitoring
managed: true
- kind: tls
managed: true
- kind: quay
managed: true
- kind: clairpostgres
managed: true
configBundleSecret: quay-config
status:
conditions:
- lastTransitionTime: '2025-08-05T22:08:32Z'
lastUpdateTime: '2025-08-07T15:05:49Z'
message: Horizontal pod autoscaler not managed by the operator
reason: ComponentNotManaged
status: 'True'
type: ComponentHPAReady
- lastTransitionTime: '2025-08-05T22:08:36Z'
lastUpdateTime: '2025-08-07T15:05:49Z'
message: Route admitted
reason: ComponentReady
status: 'True'
type: ComponentRouteReady
- lastTransitionTime: '2025-08-05T22:08:36Z'
lastUpdateTime: '2025-08-07T15:05:49Z'
message: ServiceMonitor and PrometheusRules created
reason: ComponentReady
status: 'True'
type: ComponentMonitoringReady
- lastTransitionTime: '2025-08-05T22:48:09Z'
lastUpdateTime: '2025-08-07T15:05:49Z'
message: Deployment quay-quay-database healthy
reason: ComponentReady
status: 'True'
type: ComponentPostgresReady
- lastTransitionTime: '2025-08-05T22:08:32Z'
lastUpdateTime: '2025-08-07T15:05:49Z'
message: Object storage not managed by the operator
reason: ComponentNotManaged
status: 'True'
type: ComponentObjectStorageReady
- lastTransitionTime: '2025-08-05T22:09:20Z'
lastUpdateTime: '2025-08-07T15:05:49Z'
message: Clair component healthy
reason: ComponentReady
status: 'True'
type: ComponentClairReady
- lastTransitionTime: '2025-08-05T22:49:10Z'
lastUpdateTime: '2025-08-07T15:05:49Z'
message: ClairPostgres component healthy
reason: ComponentReady
status: 'True'
type: ComponentClairPostgresReady
- lastTransitionTime: '2025-08-05T22:08:32Z'
lastUpdateTime: '2025-08-07T15:05:49Z'
message: Using cluster wildcard certs
reason: ComponentReady
status: 'True'
type: ComponentTLSReady
- lastTransitionTime: '2025-08-05T22:09:06Z'
lastUpdateTime: '2025-08-07T15:05:49Z'
message: Deployment quay-quay-redis healthy
reason: ComponentReady
status: 'True'
type: ComponentRedisReady
- lastTransitionTime: '2025-08-05T22:49:10Z'
lastUpdateTime: '2025-08-07T15:05:49Z'
message: Quay component healthy
reason: ComponentReady
status: 'True'
type: ComponentQuayReady
- lastTransitionTime: '2025-08-05T22:55:18Z'
lastUpdateTime: '2025-08-07T15:05:49Z'
message: Deployment quay-quay-mirror healthy
reason: ComponentReady
status: 'True'
type: ComponentMirrorReady
- lastTransitionTime: '2025-08-05T22:55:18Z'
lastUpdateTime: '2025-08-07T15:05:49Z'
message: All components reporting as healthy
reason: HealthChecksPassing
status: 'True'
type: Available
- lastTransitionTime: '2025-08-05T22:09:06Z'
lastUpdateTime: '2025-08-05T22:09:06Z'
message: All registry components created
reason: ComponentsCreationSuccess
status: 'True'
type: ComponentsCreated
- lastTransitionTime: '2025-08-07T15:05:49Z'
lastUpdateTime: '2025-08-07T15:05:49Z'
message: All objects created/updated successfully
reason: ComponentsCreationSuccess
status: 'False'
type: RolloutBlocked
currentVersion: v3.15.0
lastUpdated: '2025-08-07 15:05:49.687166118 +0000 UTC'
registryEndpoint: 'https://quay-quay-hub-infra.apps.acm.hpe-openshift.lab'
```
Secret: quay-config
.data.config\.yaml:
```
AUTHENTICATION_TYPE: Database
ALLOW_PULLS_WITHOUT_STRICT_LOGGING: true
ENTERPRISE_LOGO_URL: /static/img/RH_Logo_Quay_Black_UX-horizontal.svg
FEATURE_BUILD_SUPPORT: false
FEATURE_DIRECT_LOGIN: true
FEATURE_MAILING: false
FEATURE_UI_V2: true
FEATURE_UI_V2_REPO_SETTINGS: true
FEATURE_AUTO_PRUNE: true
FEATURE_PROXY_CACHE: true
FEATURE_QUOTA_MANAGEMENT: true
BROWSER_API_CALLS_XHR_ONLY: false
REGISTRY_TITLE: Red Hat Quay
REGISTRY_TITLE_SHORT: Red Hat Quay
DATABASE_SECRET_KEY: 0ce4f796-c295-415b-bf9d-b315114704b8
SECRET_KEY: e8f9fe68-1f84-48a8-a05f-02d72e6eccba
SUPER_USERS:
- quayadmin
- admin
- kemo
DISTRIBUTED_STORAGE_CONFIG:
default:
- LocalStorage
- storage_path: /datastorage/registry
DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS: []
DISTRIBUTED_STORAGE_PREFERENCE:
- default
PREFERRED_URL_SCHEME: http
DEFAULT_TAG_EXPIRATION: 2w
TAG_EXPIRATION_OPTIONS:
- 0s
- 1d
- 1w
- 2w
- 4w
- 3y
```
When deploying Quay to OpenShift, I cannot get the proxy cache to work.
A set of Organizations were set up, they are configured to point to a registry - the owners have full access and have been authenticated to the command line.
When testing with `podman pull quay-quay-hub-infra.apps.acm.hpe-openshift.lab/quay-io-ptc/kenmoini/banana-phone` the proxying works.
However, when configured with an OpenShift release mirroring process, it fails to pull container images.
