Quota - Manage Quay Container Registry organizations quota

The Quota custom resource relies on a Secret resource to provide the connection parameters to the Quay instance. This Secret resource must include the following data:

• host: URL for accessing the Quay API, such as https://quay.example.com:8443 for example.
• validateCerts: Whether to allow insecure connections to the API. By default, insecure connections are refused.
• token: OAuth access token for authenticating against the API. To create such a token see the Creating an OAuth Access Token documentation. You can also use the ApiToken custom resource to create this token.
• username: The username to use for authenticating against the API. If token is set, then username is ignored.
• password: The password to use for authenticating against the API. If token is set, then password is ignored.

You can create the secret by using the kubectl create secret command:

kubectl create secret generic quay-credentials --from-literal host=https://quay.example.com:8443 --from-literal validateCerts=false --from-literal token=vFYyU2D0fHYXvcA3Y5TYfMrIMyVIH9YmxoVLsmku

Or you can create the secret from a resource file:

---
apiVersion: v1
kind: Secret
metadata:
  name: quay-credentials
stringData:
  host: https://quay.example.com:8443
  validateCerts: "false"
  token: vFYyU2D0fHYXvcA3Y5TYfMrIMyVIH9YmxoVLsmku

You refer to this secret in your Quota custom resource by using the connSecretRef property. See the usage example.

Usage Example

---
apiVersion: quay.herve4m.github.io/v1alpha1
kind: Quota
metadata:
  name: quota-sample
spec:
  # Connection parameters in a Secret resource
  connSecretRef:
    name: quay-credentials
    # By default, the operator looks for the secret in the same namespace as
    # the quota resource, but you can specify a different namespace.
    # namespace: mynamespace

  # Whether to preserve the quota configuration in Quay when you
  # delete the Quota resource.
  preserveInQuayOnDeletion: false

  organization: production
  quota: 1.5 TiB
  warningPct: 80
  rejectPct: 95

Properties

connSecretRef

Reference to the secret resource that stores the connection parameters to the Quay Container Registry API. The secret must include the host, token (or username and password), and optionally the validateCerts keys.

Type: object (see the following properties)

Required: True

Default value: None

connSecretRef.name

Name of the secret resource.

Type: string

Required: True

Default value: None

connSecretRef.namespace

Namespace of the secret resource. By default, the secret resource is retrieved from the same namespace as the current Quota resource.

Type: string

Required: False

Default value: None

organization

Name of the organization. This organization must exist.

Type: string

Required: True

Default value: None

preserveInQuayOnDeletion

Whether to preserve the corresponding Quay object when you delete the Quota resource. When set to false (the default), the object is deleted from Quay.

Type: boolean

Required: False

Default value: False

quota

Quota that Quay uses to compute the warning and reject limits for the organization. You specify a quota in bytes, but you can also use the K[i]B, M[i]B, G[i]B, or T[i]B suffixes.

Type: string

Required: False

Default value: None

rejectPct

Reject (hard) limit as a percentage of the quota. Quay terminates any image push in the organization when the limit is reached. Set rejectPct to 0 to remove the reject limit.

Type: integer

Required: False

Default value: None

warningPct

Warning (soft) limit as a percentage of the quota. Quay notifies the users when the limit is reached. Set warningPct to 0 to remove the warning limit.

Type: integer

Required: False

Default value: None

Listing the Quota Resources

You can retrieve the list of the Quota custom resources in a namespace by using the kubectl get command:

kubectl get quotas.quay.herve4m.github.io -n <namespace>