Application - Manage Quay Container Registry applications

The Application custom resource relies on a Secret resource to provide the connection parameters to the Quay instance. This Secret resource must include the following data:

  • host: URL for accessing the Quay API, such as https://quay.example.com:8443 for example.
  • validateCerts: Whether to allow insecure connections to the API. By default, insecure connections are refused.
  • token: OAuth access token for authenticating against the API. To create such a token see the Creating an OAuth Access Token documentation. You can also use the ApiToken custom resource to create this token.
  • username: The username to use for authenticating against the API. If token is set, then username is ignored.
  • password: The password to use for authenticating against the API. If token is set, then password is ignored.

You can create the secret by using the kubectl create secret command:

kubectl create secret generic quay-credentials --from-literal host=https://quay.example.com:8443 --from-literal validateCerts=false --from-literal token=vFYyU2D0fHYXvcA3Y5TYfMrIMyVIH9YmxoVLsmku

Or you can create the secret from a resource file:

---
apiVersion: v1
kind: Secret
metadata:
  name: quay-credentials
stringData:
  host: https://quay.example.com:8443
  validateCerts: "false"
  token: vFYyU2D0fHYXvcA3Y5TYfMrIMyVIH9YmxoVLsmku

You refer to this secret in your Application custom resource by using the connSecretRef property. See the usage example.

Warning

Do not delete the Secret resource if a Quay custom resource still references it. If you delete the Secret resource, then the Operator cannot connect to the Quay API anymore, and cannot synchronize the Quay custom resource with its corresponding object in Quay. In addition, deleting the Quay custom resource does not complete because the Operator cannot delete the corresponding object in Quay.

If you face this issue, then edit the custom resource (kubectl edit), and set the .spec.preserveInQuayOnDeletion property to true. Alternatively, you can remove the .metadata.finalizers section. In both case, you must manually delete the corresponding object in Quay.

Usage Example

---
apiVersion: quay.herve4m.github.io/v1alpha1
kind: Application
metadata:
  name: application-sample
spec:
  # Connection parameters in a Secret resource
  connSecretRef:
    name: quay-credentials
    # By default, the operator looks for the secret in the same namespace as
    # the application resource, but you can specify a different namespace.
    # namespace: mynamespace

  # Whether to preserve the corresponding Quay object when you
  # delete the resource.
  preserveInQuayOnDeletion: false

  name: extapp
  organization: production
  description: External application
  applicationUri: http://applicationuri.example.com
  avatarEmail: avatarextapp@example.com
  redirectUri: http://redirecturi.example.com

  # The Secret resource is created or updated, and stores the returned data.
  # You can use that secret with an ApiToken custom resource to create an
  # OAuth access token.
  retSecretRef:
    name: application-secret
    # By default, the operator stores the secret in the same namespace as the
    # application resource, but you can specify a different namespace.
    # namespace: mynamespace

Properties

applicationUri

URL to the application home page.

Type: string

Required: False

Default value: None

avatarEmail

Email address that represents the avatar for the application.

Type: string

Required: False

Default value: None

connSecretRef

Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. The secret must include the host, token (or username and password), and optionally the validateCerts keys.

Type: object (see the following properties)

Required: True

Default value: None

connSecretRef.name

Name of the secret resource.

Type: string

Required: True

Default value: None

connSecretRef.namespace

Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current Application resource.

Type: string

Required: False

Default value: None

description

Description for the application.

Type: string

Required: False

Default value: None

name

Name of the application to create, update, or delete. Application names must be at least two characters long.

Type: string

Required: True

Default value: None

newName

New name for the application. Setting this option changes the name of the application which current name is provided in name.

Type: string

Required: False

Default value: None

organization

Name of the organization in which to manage the application.

Type: string

Required: True

Default value: None

preserveInQuayOnDeletion

Whether to preserve the corresponding Quay object when you delete the Application resource. When set to false (the default), the object is deleted from Quay.

Type: boolean

Required: False

Default value: False

redirectUri

Prefix of the application's OAuth redirection/callback URLs.

Type: string

Required: False

Default value: None

retSecretRef

RetSecretRef is the secret resource that the Application resource creates. This secret will store the data that the resource generates:

  • clientId - ID if the client associated with the application object.
  • clientSecret - Secret for the client associated with the application object.
  • name - Application name.

Type: object (see the following properties)

Required: False

Default value: None

retSecretRef.name

Name of the secret resource.

Type: string

Required: True

Default value: None

retSecretRef.namespace

Namespace of the secret resource. By default, the secret resource is created in the same namespace as the current Application resource.

Type: string

Required: False

Default value: None

Listing the Application Resources

You can retrieve the list of the Application custom resources in a namespace by using the kubectl get command:

kubectl get applications.quay.herve4m.github.io -n <namespace>