diff --git a/config_quay/master.adoc b/config_quay/master.adoc index 980668aa9..8a3d0874a 100644 --- a/config_quay/master.adoc +++ b/config_quay/master.adoc @@ -52,6 +52,7 @@ include::modules/config-fields-jwt.adoc[leveloffset=+2] include::modules/config-fields-app-tokens.adoc[leveloffset=+2] include::modules/config-fields-misc.adoc[leveloffset=+2] include::modules/config-fields-legacy.adoc[leveloffset=+2] +include::modules/config-fields-nested-repositories.adoc[leveloffset=+2] include::modules/config-envvar-intro.adoc[leveloffset=+1] @@ -63,7 +64,7 @@ include::modules/config-envvar-worker-count.adoc[leveloffset=+2] include::modules/operator-config-ui.adoc[leveloffset=+1] include::modules/operator-config-ui-access.adoc[leveloffset=+2] include::modules/operator-config-ui-change.adoc[leveloffset=+2] -include::modules/operator-config-monitoring.adoc[leveloffset=+2] +//include::modules/operator-config-monitoring.adoc[leveloffset=+2] include::modules/operator-config-ui-updated.adoc[leveloffset=+2] include::modules/operator-components-intro.adoc[leveloffset=+2] diff --git a/modules/config-fields-nested-repositories.adoc b/modules/config-fields-nested-repositories.adoc new file mode 100644 index 000000000..3df2dd5c8 --- /dev/null +++ b/modules/config-fields-nested-repositories.adoc @@ -0,0 +1,19 @@ +[[config-fields-nested-repositories]] += Configuring nested repositories with the Operator + +With {productname} {producty}, support for nested repository path names has been added under the `FEATURE_EXTENDED_REPOSITORY_NAMES` property. This optional configuration must be manually added to the config.yaml by the user to enable support. Enablement allows the use of `/` in repository names. + +[source,yaml] +---- +FEATURE_EXTENDED_REPOSITORY_NAMES: true +---- + +.OCI and nested repositories configuration +[cols="3a,1a,2a",options="header"] +|=== +| Field | Type | Description +| **FEATURE_EXTENDED_REPOSITORY_NAMES** | Boolean | Enable support for nested repositories + + + +**Default:** False + +|=== diff --git a/modules/rn_3_60.adoc b/modules/rn_3_60.adoc index eaa182997..9e0003a38 100644 --- a/modules/rn_3_60.adoc +++ b/modules/rn_3_60.adoc @@ -26,23 +26,23 @@ ALLOWED_OCI_ARTIFACT_TYPES: When adding OCI media types that are not configured by default, users will also need to manually add support for cosign and Helm if desired. The ztsd compression scheme is supported by default, so users will not need to add that OCI media type to their config.yaml to enable support. ==== + -For more information, see https://issues.redhat.com/browse/PROJQUAY-1417?filter=12382147[PROQUAY-1417] and link:https://issues.redhat.com/browse/PROJQUAY-1032?filter=12382147[PROJQUAY-1032]. +For more information, see https://issues.redhat.com/browse/PROJQUAY-1417[PROQUAY-1417] and link:https://issues.redhat.com/browse/PROJQUAY-1032[PROJQUAY-1032]. -* You can now use the API to create a first user. (link:https://issues.redhat.com/browse/PROJQUAY-1926?filter=12382147[PROJQUAY-1926]) +* You can now use the API to create a first user. (link:https://issues.redhat.com/browse/PROJQUAY-1926[PROJQUAY-1926]) -* Support for nested repositories and extended repository names has been added. This change allows the use of `/` in repository names needed for certain OpenShift Container Platform use cases. (link:https://issues.redhat.com/browse/PROJQUAY-1535?filter=12382147[PROJQUAY-1535]) +* Support for nested repositories and extended repository names has been added. This change allows the use of `/` in repository names needed for certain OpenShift Container Platform use cases. (link:https://issues.redhat.com/browse/PROJQUAY-1535[PROJQUAY-1535]) -* Registry users now have the option to set `CREATE_PRIVATE_REPO_ON_PUSH` in their config.yaml to `True` or `False` depending on their security needs. (link:https://issues.redhat.com/browse/PROJQUAY-1929?filter=12382147[PROJQUAY-1929]) +* Registry users now have the option to set `CREATE_PRIVATE_REPO_ON_PUSH` in their config.yaml to `True` or `False` depending on their security needs. (link:https://issues.redhat.com/browse/PROJQUAY-1929[PROJQUAY-1929]) -* Pushing to a non-existent organization can now be configured to automatically create the organization. (link:https://issues.redhat.com/browse/PROJQUAY-1928?filter=12382147[PROJQUAY-1928]) +* Pushing to a non-existent organization can now be configured to automatically create the organization. (link:https://issues.redhat.com/browse/PROJQUAY-1928[PROJQUAY-1928]) -* Users are now required to enter namespace and repository names when deleting a repository. (link:https://issues.redhat.com/browse/PROJQUAY-763?filter=12382147[PROJQUAY-763]) +* Users are now required to enter namespace and repository names when deleting a repository. (link:https://issues.redhat.com/browse/PROJQUAY-763[PROJQUAY-763]) -* Support for Ceph virtual-hosted-style bucket addressing has been added. (link:https://issues.redhat.com/browse/PROJQUAY-922?filter=12382147[PROJQUAY-922]) +* Support for Ceph virtual-hosted-style bucket addressing has been added. (link:https://issues.redhat.com/browse/PROJQUAY-922[PROJQUAY-922]) -* Users can now view Clair v4.2 enrichment data in the Quay UI. Additionally, Clair v4.2 shows vulnerability status for detected vulnerabilities in Alpine Images. (link:https://issues.redhat.com/browse/PROJQUAY-2102?filter=12382147[PROJQUAY-2102]) +* Users can now view Clair v4.2 enrichment data in the Quay UI. Additionally, Clair v4.2 shows vulnerability status for detected vulnerabilities in Alpine Images. (link:https://issues.redhat.com/browse/PROJQUAY-2102[PROJQUAY-2102]) -* The Quay Repository now shows *Repository Status* when repository mirroring is enabled. (link:https://issues.redhat.com/browse/PROJQUAY-591?filter=12382147[PROJQUAY-591]) +* The Quay Repository now shows *Repository Status* when repository mirroring is enabled. (link:https://issues.redhat.com/browse/PROJQUAY-591[PROJQUAY-591]) * Memory usage across Clair, notably around the `affected_manifests` call, has been improved. These changesets include: @@ -50,48 +50,48 @@ For more information, see https://issues.redhat.com/browse/PROJQUAY-1417?filter= ** `encoding/JSON` has been replaced with `github.com/ugorji/go/codec` configured for JSON in order to allow streaming the JSON encoding; ** `affected_manifests` calls in the notifier, which should prevent large vulnerability turnovers from causing extremely large API calls. + -For more information, see link:https://issues.redhat.com/browse/PROJQUAY-1693?filter=12382147[PROJQUAY-1963]. +For more information, see link:https://issues.redhat.com/browse/PROJQUAY-1693[PROJQUAY-1963]. Fixed: -* link:https://issues.redhat.com/browse/PROJQUAY-1918?filter=12382147[PROJQUAY-1918]. Clair v4.1.0.alpha2 indexer now works in {productname} 3.6. +* link:https://issues.redhat.com/browse/PROJQUAY-1918[PROJQUAY-1918]. Clair v4.1.0.alpha2 indexer now works in {productname} 3.6. -* link:https://issues.redhat.com/browse/PROJQUAY-1610?filter=12382147[PROJQUAY-1610]. The `initContainer` from the Quay migration pod has been removed, which blocked the deployment process until Clair responded. As a result, Quay deployments now progress without waiting on the Clair deployment to finish. +* link:https://issues.redhat.com/browse/PROJQUAY-1610[PROJQUAY-1610]. The `initContainer` from the Quay migration pod has been removed, which blocked the deployment process until Clair responded. As a result, Quay deployments now progress without waiting on the Clair deployment to finish. -* link:https://issues.redhat.com/browse/PROJQUAY-1857?filter=12382147[PROJQUAY-1857]. NamespaceGCWorker and RepositoryGCWorker shuts down when unable to acquire lock +* link:https://issues.redhat.com/browse/PROJQUAY-1857[PROJQUAY-1857]. NamespaceGCWorker and RepositoryGCWorker shuts down when unable to acquire lock -* link:https://issues.redhat.com/browse/PROJQUAY-1872?filter=12382147[PROJQUAY-1872]. GC workers will sometimes fail to grab a lock due to Redis running out of connections +* link:https://issues.redhat.com/browse/PROJQUAY-1872[PROJQUAY-1872]. GC workers will sometimes fail to grab a lock due to Redis running out of connections -* link:https://issues.redhat.com/browse/PROJQUAY-2414?filter=12382147[PROJQUAY-2414]. Quay config editor was failed to validate AWS RDS TLS Cert +* link:https://issues.redhat.com/browse/PROJQUAY-2414[PROJQUAY-2414]. Quay config editor was failed to validate AWS RDS TLS Cert -* link:https://issues.redhat.com/browse/PROJQUAY-1626?filter=12382147[PROJQUAY-1626]. Config validation fails if no AWS access keys are provided +* link:https://issues.redhat.com/browse/PROJQUAY-1626[PROJQUAY-1626]. Config validation fails if no AWS access keys are provided -* link:https://issues.redhat.com/browse/PROJQUAY-1710?filter=12382147[PROJQUAY-1710]. Notifications are getting lost +* link:https://issues.redhat.com/browse/PROJQUAY-1710[PROJQUAY-1710]. Notifications are getting lost -* link:https://issues.redhat.com/browse/PROJQUAY-1813?filter=12382147[PROJQUAY-1813]. Need ratelimiter for updaters +* link:https://issues.redhat.com/browse/PROJQUAY-1813[PROJQUAY-1813]. Need ratelimiter for updaters -* link:https://issues.redhat.com/browse/PROJQUAY-1815?filter=12382147[PROJQUAY-1815]. Quay config editor can't validate the expire time of uploaded LDAPS CA Cert +* link:https://issues.redhat.com/browse/PROJQUAY-1815[PROJQUAY-1815]. Quay config editor can't validate the expire time of uploaded LDAPS CA Cert -* link:https://issues.redhat.com/browse/PROJQUAY-1816?filter=12382147[PROJQUAY-1816]. Quay export logs API return 200 when export logs mail not delivered to target address +* link:https://issues.redhat.com/browse/PROJQUAY-1816[PROJQUAY-1816]. Quay export logs API return 200 when export logs mail not delivered to target address -* link:https://issues.redhat.com/browse/PROJQUAY-1912?filter=12382147[PROJQUAY-1912]. Internal notifier queue clogging with events +* link:https://issues.redhat.com/browse/PROJQUAY-1912[PROJQUAY-1912]. Internal notifier queue clogging with events -* link:https://issues.redhat.com/browse/PROJQUAY-2119?filter=12382147[PROJQUAY-2119]. Quay config validation fails on PostgreSQL 11 backed by SSL +* link:https://issues.redhat.com/browse/PROJQUAY-2119[PROJQUAY-2119]. Quay config validation fails on PostgreSQL 11 backed by SSL -* link:https://issues.redhat.com/browse/PROJQUAY-2167?filter=12382147[PROJQUAY-2167]. Mirroring stopped working in 3.5.2 +* link:https://issues.redhat.com/browse/PROJQUAY-2167[PROJQUAY-2167]. Mirroring stopped working in 3.5.2 -* link:https://issues.redhat.com/browse/PROJQUAY-2269?filter=12382147[PROJQUAY-2269]. SecurityWorker fails when indexing a manifest layer's location is remote +* link:https://issues.redhat.com/browse/PROJQUAY-2269[PROJQUAY-2269]. SecurityWorker fails when indexing a manifest layer's location is remote -* link:https://issues.redhat.com/browse/PROJQUAY-2200?filter=12382147[PROJQUAY-2200]. Quay Config editor need to support sslmode=verify-full in config.yaml after uploading database SSL Cert +* link:https://issues.redhat.com/browse/PROJQUAY-2200[PROJQUAY-2200]. Quay Config editor need to support sslmode=verify-full in config.yaml after uploading database SSL Cert -* link:https://issues.redhat.com/browse/PROJQUAY-2185?filter=12382147[PROJQUAY-2185]. Quay CR modified after making changes via the config tool +* link:https://issues.redhat.com/browse/PROJQUAY-2185[PROJQUAY-2185]. Quay CR modified after making changes via the config tool Deprecated: * *FEATURE_HELM_OCI_SUPPORT*: This feature has been deprecated and will be removed in a future version of {productname}. In {productname} {producty}, Helm artifacts are supported by default and included under the `FEATURE_GENERAL_OCI_SUPPORT` property. Users are no longer required to update their config.yaml files to enable support. (link:https://issues.redhat.com/browse/PROJQUAY-2334[PROJQUAY-2334]) -* *MySQL and MariaDB database support*: The MySQL and mariaDB databases have been deprecated as of {productname} 3.6. Support for these databases will be removed in a future version of {productname}. If starting a new {productname} installation, it is strongly recommended to use PostgreSQL. (link:https://issues.redhat.com/browse/PROJQUAY-1998?filter=12382147[PROJQUAY-1998]) +* *MySQL and MariaDB database support*: The MySQL and mariaDB databases have been deprecated as of {productname} 3.6. Support for these databases will be removed in a future version of {productname}. If starting a new {productname} installation, it is strongly recommended to use PostgreSQL. (link:https://issues.redhat.com/browse/PROJQUAY-1998[PROJQUAY-1998]) === quay-operator @@ -104,25 +104,25 @@ metadata: operators.openshift.io/infrastructure-features: '["disconnected"]' ---- + -For more information, see link:https://issues.redhat.com/browse/PROJQUAY-1583?filter=12382147[PROJQUAY-1583]. +For more information, see link:https://issues.redhat.com/browse/PROJQUAY-1583[PROJQUAY-1583]. -* In order to properly support Github actions, `RELATED_IMAGE` values can now be referenced by tag name (`name:tag`) or by digest (`name@sha256:123`). (link:https://issues.redhat.com/browse/PROJQUAY-1887?filter=12382147[PROJQUAY-1887]), (link:https://issues.redhat.com/browse/PROJQUAY-1890?filter=12382147[PROJQUAY-1890]) +* In order to properly support Github actions, `RELATED_IMAGE` values can now be referenced by tag name (`name:tag`) or by digest (`name@sha256:123`). (link:https://issues.redhat.com/browse/PROJQUAY-1887[PROJQUAY-1887]), (link:https://issues.redhat.com/browse/PROJQUAY-1890[PROJQUAY-1890]) -* `HorizontalPodAutoscalers` have been added to the Clair, Quay, and Mirror pods, so that they now automatically scale during load spikes. (link:https://issues.redhat.com/browse/PROJQUAY-1449?filter=12382147[PROJQUAY-1449]) +* `HorizontalPodAutoscalers` have been added to the Clair, Quay, and Mirror pods, so that they now automatically scale during load spikes. (link:https://issues.redhat.com/browse/PROJQUAY-1449[PROJQUAY-1449]) -* The Quay Operator now reports the status of each managed component in a separate index inside of the same status property so that users can see the progress of a deployment or update. (link:https://issues.redhat.com/browse/PROJQUAY-1609?filter=12382147[PROJQUAY-1609]) +* The Quay Operator now reports the status of each managed component in a separate index inside of the same status property so that users can see the progress of a deployment or update. (link:https://issues.redhat.com/browse/PROJQUAY-1609[PROJQUAY-1609]) -* `ssl.cert` and `ssl.key` are now moved to a separate, persistent Secret, which ensures that the cert/key pair is not re-generated upon every reconcile. These are now formatted as `edge` routes and mounted to the same directory in the Quay container. (link:https://issues.redhat.com/browse/PROJQUAY-1883?filter=12382147[PROJQUAY-1883]) +* `ssl.cert` and `ssl.key` are now moved to a separate, persistent Secret, which ensures that the cert/key pair is not re-generated upon every reconcile. These are now formatted as `edge` routes and mounted to the same directory in the Quay container. (link:https://issues.redhat.com/browse/PROJQUAY-1883[PROJQUAY-1883]) -* Support for OpenShift Container Platform Edge-Termination Routes has been added by way of a new managed component--`tls`. This separates the `Route` component from TLS and allows users to configure both separate. `EXTERNAL_TLS_TERMINATION: true` is the opinionated setting. Managed `tls` means that the default cluster wildcart cert is used. Unamanged `tls` means that the user provided cert/key pair will be injected into the `Route`. (link:https://issues.redhat.com/browse/PROJQUAY-2050?filter=12382147[PROJQUAY-2050]) +* Support for OpenShift Container Platform Edge-Termination Routes has been added by way of a new managed component--`tls`. This separates the `Route` component from TLS and allows users to configure both separate. `EXTERNAL_TLS_TERMINATION: true` is the opinionated setting. Managed `tls` means that the default cluster wildcart cert is used. Unamanged `tls` means that the user provided cert/key pair will be injected into the `Route`. (link:https://issues.redhat.com/browse/PROJQUAY-2050[PROJQUAY-2050]) -* The {productname} Operator can now be directly upgraded from 3.3 to 3.6 without regressions in `Route` handling, rollout speed, stability, and reconciliation robustness. (link:https://issues.redhat.com/browse/PROJQUAY-2100?filter=12382147[PROJQUAY-2100]) +* The {productname} Operator can now be directly upgraded from 3.3 to 3.6 without regressions in `Route` handling, rollout speed, stability, and reconciliation robustness. (link:https://issues.redhat.com/browse/PROJQUAY-2100[PROJQUAY-2100]) -* The Quay Operator now allows for more than one Mirroring pod. Users are also no longer required to manually adjust the Mirroring Pod deployment.(link:https://issues.redhat.com/browse/PROJQUAY-1327?filter=12382147[PROJQUAY-1327]) +* The Quay Operator now allows for more than one Mirroring pod. Users are also no longer required to manually adjust the Mirroring Pod deployment.(link:https://issues.redhat.com/browse/PROJQUAY-1327[PROJQUAY-1327]) -* Previously, when running a 3.3.x version of {productname} with edge routing enabled, users were unable to upgrade to 3.4.x versions of {productname}. This has been resolved with the release of {productname} 3.6. (link:https://issues.redhat.com/browse/PROJQUAY-1694?filter=12382147[PROJQUAY-1694]) +* Previously, when running a 3.3.x version of {productname} with edge routing enabled, users were unable to upgrade to 3.4.x versions of {productname}. This has been resolved with the release of {productname} 3.6. (link:https://issues.redhat.com/browse/PROJQUAY-1694[PROJQUAY-1694]) -* Users now have the option to set a minimum number of replica Quay pods when `HorizontalPodAutoscaler` is set. This reduces downtime when updating or reconfiguring Quay via the Operator during rescheduling events. (link:https://issues.redhat.com/browse/PROJQUAY-1763?filter=12382147[PROJQUAY-1763]) +* Users now have the option to set a minimum number of replica Quay pods when `HorizontalPodAutoscaler` is set. This reduces downtime when updating or reconfiguring Quay via the Operator during rescheduling events. (link:https://issues.redhat.com/browse/PROJQUAY-1763[PROJQUAY-1763]) Known issues: @@ -132,20 +132,20 @@ Known issues: Fixed: -* link:https://issues.redhat.com/browse/PROJQUAY-1709?filter=12382147[PROJQUAY-1709]. Upgrading from an older operator with edge route breaks Quay +* link:https://issues.redhat.com/browse/PROJQUAY-1709[PROJQUAY-1709]. Upgrading from an older operator with edge route breaks Quay -* link:https://issues.redhat.com/browse/PROJQUAY-1974?filter=12382147[PROJQUAY-1974]. Quay operator doesnt reconciles changes made by config app +* link:https://issues.redhat.com/browse/PROJQUAY-1974[PROJQUAY-1974]. Quay operator doesnt reconciles changes made by config app -* link:https://issues.redhat.com/browse/PROJQUAY-1838?filter=12382147[PROJQUAY-1838]. Quay Operator creates with every restart a new root ca +* link:https://issues.redhat.com/browse/PROJQUAY-1838[PROJQUAY-1838]. Quay Operator creates with every restart a new root ca -* link:https://issues.redhat.com/browse/PROJQUAY-2068?filter=12382147[PROJQUAY-2068]. Operator doesn't check for deployment failures +* link:https://issues.redhat.com/browse/PROJQUAY-2068[PROJQUAY-2068]. Operator doesn't check for deployment failures -* link:https://issues.redhat.com/browse/PROJQUAY-2121?filter=12382147[PROJQUAY-2121]. Quay upgrade pods running all workers instead of just database upgrade +* link:https://issues.redhat.com/browse/PROJQUAY-2121[PROJQUAY-2121]. Quay upgrade pods running all workers instead of just database upgrade === quay-container-security-operator -* The Operator Lifecycle Manager now supports the new v1 CRD API, `apiextensions.k8s.io.v1.CustomResourceDefinition` for the Container Security Operator. This CRD should be used instead of the `v1beta1` CRD, which has been deprecated as of OpenShift Container Platform 4.9. (link:https://issues.redhat.com/browse/PROJQUAY-613?filter=12382147[PROJQUAY-613]), (link:https://issues.redhat.com/browse/PROJQUAY-1791?filter=12382147[PROJQUAY-1791]) +* The Operator Lifecycle Manager now supports the new v1 CRD API, `apiextensions.k8s.io.v1.CustomResourceDefinition` for the Container Security Operator. This CRD should be used instead of the `v1beta1` CRD, which has been deprecated as of OpenShift Container Platform 4.9. (link:https://issues.redhat.com/browse/PROJQUAY-613[PROJQUAY-613]), (link:https://issues.redhat.com/browse/PROJQUAY-1791[PROJQUAY-1791]) === quay-openshift-bridge-operators @@ -156,6 +156,6 @@ Fixed: ** The QBO leverages the Operator Lifecycle Manager feature of auto-generating certificates and webhook configurations. ** The number of manual steps required to get the Quay Bridge Operator running has been decreased. + -For more information, see link:https://issues.redhat.com/browse/PROJQUAY-672?filter=12382147[PROJQUAY-672]. +For more information, see link:https://issues.redhat.com/browse/PROJQUAY-672[PROJQUAY-672]. -* The certificate manager is now delegated by the Operator Lifecycle Manager. Certificates can now be valid for more than 65 days. (link:https://issues.redhat.com/browse/PROJQUAY-1062?filter=12382147[PROJQUAY-1062]) +* The certificate manager is now delegated by the Operator Lifecycle Manager. Certificates can now be valid for more than 65 days. (link:https://issues.redhat.com/browse/PROJQUAY-1062[PROJQUAY-1062])