Organization - Manage Quay Container Registry organizations

The Organization custom resource relies on a Secret resource to provide the connection parameters to the Quay instance. This Secret resource must include the following data:

• host: URL for accessing the Quay API, such as https://quay.example.com:8443 for example.
• validateCerts: Whether to allow insecure connections to the API. By default, insecure connections are refused.
• token: OAuth access token for authenticating against the API. To create such a token see the Creating an OAuth Access Token documentation. You can also use the ApiToken custom resource to create this token.
• username: The username to use for authenticating against the API. If token is set, then username is ignored.
• password: The password to use for authenticating against the API. If token is set, then password is ignored.

You can create the secret by using the kubectl create secret command:

kubectl create secret generic quay-credentials --from-literal host=https://quay.example.com:8443 --from-literal validateCerts=false --from-literal token=vFYyU2D0fHYXvcA3Y5TYfMrIMyVIH9YmxoVLsmku

Or you can create the secret from a resource file:

---
apiVersion: v1
kind: Secret
metadata:
  name: quay-credentials
stringData:
  host: https://quay.example.com:8443
  validateCerts: "false"
  token: vFYyU2D0fHYXvcA3Y5TYfMrIMyVIH9YmxoVLsmku

You refer to this secret in your Organization custom resource by using the connSecretRef property. See the usage example.

Usage Example

---
apiVersion: quay.herve4m.github.io/v1alpha1
kind: Organization
metadata:
  name: organization-sample
spec:
  # Connection parameters in a Secret resource
  connSecretRef:
    name: quay-credentials
    # By default, the operator looks for the secret in the same namespace as
    # the organization resource, but you can specify a different namespace.
    # namespace: mynamespace

  # Whether to preserve the corresponding Quay object when you
  # delete the Organization resource.
  preserveInQuayOnDeletion: false

  name: production
  email: prodlist@example.com
  timeMachineExpiration: 7d

Properties

autoPruneMethod

The autoPruneMethod parameter is deprecated and will be removed in future versions of the collection. Use the OrganizationPrune and the RepositoryPrune resources instead. Method to use for the auto-pruning tags policy. If none, then the resource ensures that no policy is in place. The tags are not pruned. If several policies are available, then the resource removes them all. If tags, then the policy keeps only the number of tags that you specify in autoPruneValue. If date, then the policy deletes the tags older than the time period that you specify in autoPruneValue. autoPruneValue is required when autoPruneMethod is tags or date.

Type: string

Required: False

Default value: None

autoPruneValue

The autoPruneValue parameter is deprecated and will be removed in future versions of the collection. Use the OrganizationPrune and the RepositoryPrune resources instead. Number of tags to keep when autoPruneMethod is tags. The value must be 1 or more. Period of time when autoPruneMethod is date. The value must be 1 or more, and must be followed by a suffix; s (for second), m (for minute), h (for hour), d (for day), or w (for week). autoPruneMethod is required when autoPruneValue is set.

Type: string

Required: False

Default value: None

connSecretRef

Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. The secret must include the host, token (or username and password), and optionally the validateCerts keys.

Type: object (see the following properties)

Required: True

Default value: None

connSecretRef.name

Name of the secret resource.

Type: string

Required: True

Default value: None

connSecretRef.namespace

Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current Organization resource.

Type: string

Required: False

Default value: None

email

Email address to associate with the new organization. If your Quay administrator has enabled the mailing capability of your Quay installation (FEATURE_MAILING to true in config.yaml), then this email parameter is mandatory. You cannot use the same address as your account email.

Type: string

Required: False

Default value: None

name

Name of the organization to create, remove, or modify. The name must be in lowercase and must not contain white spaces. For compatibility with earlier versions of Docker, the name must be at least four characters long.

Type: string

Required: True

Default value: None

newName

New name for the organization. Setting this option changes the name of the organization which current name is provided in name. The token you use to connect to the API (in quayToken) must have the "Super User Access" permission.

Type: string

Required: False

Default value: None

preserveInQuayOnDeletion

Whether to preserve the corresponding Quay object when you delete the Organization resource. When set to false (the default), the object is deleted from Quay.

Type: boolean

Required: False

Default value: False

timeMachineExpiration

After a tag is deleted, the amount of time in seconds it is kept in time machine before being garbage collected. The timeMachineExpiration parameter accepts a time unit as a suffix; s for seconds, m for minutes, h for hours, d for days, and w for weeks. For example, 2w for two weeks. Only the expiration times that your Quay administrator declares in config.yaml with the TAG_EXPIRATION_OPTIONS option are allowed. The default value for the TAG_EXPIRATION_OPTIONS option is 0s, 1d, 1w, 2w, and 4w.

Type: string

Required: False

Default value: None

Listing the Organization Resources

You can retrieve the list of the Organization custom resources in a namespace by using the kubectl get command:

kubectl get organizations.quay.herve4m.github.io -n <namespace>

You can also use the short version for the resource type:

kubectl get org -n <namespace>