►
Description
Introduction to the latest features in the Red Hat Quay 3.3 release.
To learn more about the Quay 3.3 features, please visit: https://www.redhat.com/en/blog/red-hat-quay-33-deeper-integration-red-hat-openshift
A
Hello
and
welcome
to
this
what's
new
in
cuase,
we
don't
recession.
Well,
I
would
like
to
briefly
show
you
all
the
great
stuff
which
is
coming
out
with
our
most
recent
version
of
redhead
quake.
I,
hope
that
you
are
as
excited
as
I
am
because
there's
really
something
for
everybody
in
this
new
release.
Let
me
start
with
an
high-level
overview
of
all
the
stuff
we
were
introduced
with
this
new
over
the
big.
A
The
two
big
features
are
we
will
ship
an
entirely
over
old,
a
new
version
of
clear
the
vulnerability
scanner
which
is
used
by
Claire.
We
will
ship
the
initial
Claire
before
version
as
a
tech
preview
feature
to
get
over
square.
The
other
thing
is
the
quake
Bridge
operator,
which
runs
on
all
the
object:
a
stock,
we're
serving
content
to
and
integrates
quai
into
the
various
openshift
workflows
and
user
experience
somewhat
similar
to
the
existing
internal
registry
user
experience.
A
We
again
enhanced
the
container
security
operator
and
D
console
integration
of
ratted
Quay
into
the
object
console.
So
let
me
start
with
clear
version.
Four
in
case
you
don't
know,
quick
clear
is
not
only
used
by
a
quake
whether
the
hoenn
project
way,
it's
also
used
by
various
other
products
and
offerings
out
there,
such
as
a
WCC,
our
wall
be
available.
We
are
using
clear
as
the
scanning
backends
for
both
corridor
and
breadhead
Quay,
and
that's
why
scalability
and
sustainability
is
probably
really
important
to
us
and
effectively.
A
We
obviously
skipped
the
version
3,
because
the
current
we
are
using
ink
way
sweeter
SB,
and
this
has
been
caused
by
a
decision.
We
made
pretty
early
basically
saying
that
if
we
want
to
support
all
the
items
we
plan
to
support
or
all
the
support
today,
then
we
probably
need
to
change
Claire
in
such
a
significant
way
that
it
might
make
sense.
We
do
we
factor
the
entire
application
and
that's
that's
exactly
what
we
did
right.
A
So
we
introduced
an
entirely
new,
manifest
oriented
API
instead
of
the
layer
based
one
and
we
had
in
the
past,
and
we
also
introduced
an
entirely
new
architecture
consisting
of
Claire,
coy
the
service
well,
but
there
is
a
great
recording
out
there,
which
explains
the
technology
changes.
We
did
underneath
a
little
bit
more
detail.
We
also
introduced
from
an
end
user
perspective.
Probably
the
most
important
thing
is
that
we
introduced
the
support
for
programming
languages
and
initially
we
were
start
to
support
pison,
probably
because
quai
has
been
written
in
Python.
A
An
initial
languages
are
planned
for
future
releases,
of
both
creating
clear
and,
of
course,
and
another
change
we
did
is
the
way
how
Claire
is
integrated
or
speaks
to
Quay,
and
this
is
no
based
on
content-addressable
idea
to
really
ensure
that
it's
uniquely
identifies
the
image
as
a
whole
and
contrast
to
what
we
did
in
previous
versions
of
quick
healthcare.
So
from
a
side-by-side
comparison,
there
are
a
couple
of
big
differences.
A
If
you
just
look
at
what
we've
done
with
Claire
version,
2
versus
what
we
do
now
with
learn
4,
and
so
it's
no
longer
in
monolithic
application
yeah.
So
we
extended
the
report
of
the
content
of
the
containers
of
significant
X
and
M,
and
we
introduced
that
package
management
support.
We
introduced
his
support
for
source
rpm
package,
which
is
required
in
order
to
leverage
other
security
metadata
than
the
ones
we've
used
before,
and
this
finally
helps
us
to
detect
more
more
availabilities.
A
Another
big
thing
we
introduced
is
the
brave
kwai
bridge
operator.
In
the
past.
We
sometimes
call
it
the
Kwai
open
trade
integration
operator.
We
just
renamed
it,
and
this
is
an
operator.
We
really
build
and
very
strong
collaboration
with
both
our
internal
communities
and
the
custom
and
community
as
well
so
out
of
the
box.
It
supports,
of
course,
multi
cluster
set
up.
A
It
has
two
because
the
primary
purpose
of
Quay
is
to
sort
of
content
to
multiple
chef
clusters,
and
it
also
features
an
open
shift,
both
integration
to
change
a
couple
of
things
which
otherwise,
you
would
have
to
configure
our
manually
so
from
a
very
high-level
perspective
and
open
shift,
namespace
or
the
equivalent
to
an
overshift
name.
Space
is
equate
organization
and
there
are
a
couple
of
downsides
associated
with
this
simple
mapping.
So
an
organization
is
also
used
as
a
tenant,
which
means
in
order
to
create
a
new
organization.
A
We
need
to
ensure
that
the
different
users
and
teams
in
this
organization
are
mapped
to
the
corresponding
permissions
on
the
opposite
side.
So,
basically,
what
we
do
here
is
if
it
was
in
open
shared
somebody
creates
a
new
project.
We
automatically
create
the
corresponding
organization,
was
in
quake
and
then
automatically
creates.
We
different,
robotic
horns
in
this
organization.
One
was
white
permission
and
two
others
was
big
permission.
A
The
support
for
multi-class
term
setups
is
of
course,
important,
because
we
need
to
avoid
that
there
are
any
name
collisions
because
obviously
the
organization
name
was
in
a
crane
registry
needs
to
be
unique
and
we
also
do
all
the
magic
which
is
required
in
order
to
have
the
sequence
management
on
the
on
the
album
shift
size
or
the
robotic.
Current
tokens
are
stored
as
a
secret
automatically.
A
The
service
accounts
are
configured
and
we
also
change
the
build
configuration
in
order
to
leverage
Norquay
as
the
output
destination
for
all
images
which
have
been
built
on
an
outward
shift.
Indeed,
the
key
takeaway
is,
if
you're
using
the
quadrature
operator,
then
you
probably
don't
need
to
use
the
whole
truth.
Internal
registry
anymore,
at
least
not
for
those
bills
which
are
executed
in
this
way
using
the
quadrature
operator
yeah.
So
it
runs
on
all
the
orbit
of
testers
square
serving
hunter
tools.
A
So
it's
not
limited
to
the
orbit
of
cluster
where
quays
running
on,
but
it's
really
about
all
the
other
clusters.
Quake-Hit
serving
content,
and
so
in
a
couple
of
sample
use.
Kids
are
shown
here.
So
I
already
explained
the
new
project.
Of
course
the
same
applies
to
a
new
application
in
order
in
your
deployment
and
so
on
and
so
on.
So
there
are
plenty
of
use
cases
we
will
cover
with
the
bridge
operator
and
we
will
extend
the
list
and
amount
of
those
use
cases
over
time
in
future
versions.
A
It's
important
to
call
our
debt
in
its
current
versions
or
the
initial
version
we
will
ship
as
part
of
spirits.
We
there
are
a
couple
of
manual
steps
required
before
you
can
initially
deploy
the
kwai
bridge
operator
on
an
oak
leaf
cluster.
All
of
them
are
called
odd
in
the
operator
description
shown
in
the
embedded
operator
half
so
you
just
need
to
go
through
those
description.
We
also
did
a
recording
explaining
those
a
little
bit
in
further
detail
as
well.
A
Now
the
operator
becomes
aware
of
the
changes
which
happen
in
the
background,
either
using
the
quake
on
trigger
or,
if
really
needed,
the
changes
directly
happen
in
the
quake.
Config
younger
file
as
well.
So
the
operator
now
is
responsible
for
manage
a
couple
of
quai
specific
items
which
means
in
the
future
versions
those
files
will
even
with
mark
as
read
only
in
the
config
act.
Will
you
affect?
Okay,
those
items
have
to
be
managed.
Why
are
the
operator
we
simplified
a
couple
of
things?
A
We
changed
a
couple
of
things
we
extending
the
capabilities,
but
the
biggest
change
is
really
that
now
the
boss,
the
config,
have
anything
operator
doesn't
need
to
be
stopped
or
killed
anymore
right.
So
you
can
continue
to
run
both
and
use
both
side
by
side.
Again.
You
also
can
directly
edit
the
config
Yama
file,
which
is
absolutely
not
recommended,
but
it's
still
an
option
and
for
some
of
the
changes
which
either
happen,
why
they
can't
forget
all
the
config
on
the
file.
A
The
operator
even
does
a
reconciliation
loop
for
those
changes
which
is
pretty
powerful
and,
as
I
said,
we
will
continue
the
list
after
all,
those
changes
and
a
better
management
over
time,
and
then
there
are
two
features
on
the
lock
management
side.
So
one
is
the
log
export
and
the
other
one
is
the
locks
by
elastic.
So
let
me
start
with
the
lock
explorer
what
the
log
Explorer
or
feature
provides.
A
You
can
basically
go
through
the
Quai
UI
or
you
can
also
use
the
API
and
you
can
define
what
kind
locks
I
wanna
export,
so
you
can
define
a
date
range
and
whether
you're
using
the
export,
the
lock
exporter,
feature
on
a
repository
or
an
annexation
level.
This,
of
course,
has
an
impact
on
the
amount
of
log
files
which
are
captured
and
then
exported.
So
there
are
two
main
export
methods.
The
first
one
is
email.
A
We
have
another
item
which
have
hasn't
found
its
way
into
these
sweet
as
we
release,
which
is
that
those
lock
exporting
functions
are
triggered
in
the
pod
track
in
the
quality
lock
as
well.
Another
feature
we
originally
developed
for
query
their
own
is
instead
of
storing
all
the
audit
logs
in
the
database.
A
We
basically
move
them
out
into
an
elastic
search,
take
which
allows
us
to,
of
course
way
better
scale
immediate
before,
and
this
is
especially
required
for
large-scale
query
deployments
and
we
have
plenty
of
customers
who
are
using
quite
F
scale,
and
that's
why
these
features
we
do
put
them
pretty
important.
So
from
an
end-user
standpoint,
looking
at
UI,
nothing
changes
just
it's
just
a
change
which
happens
in
the
backend.
A
Instead
of
pushing
the
logs
to
post
quest,
we
are
pushing
them
to
a
last
edge,
but
still
in
the
UI,
you
can
see
the
same
audit
logs.
You
can
see
the
same
information,
the
same
statistics,
nothing
really
changes
from
and
from
a
user
perspective.
In
addition
to
just
moving
the
logs
a
how
to
elastic
search,
you
can
also
use
an
alternative.
Lock
could
use
so
currently
it's
kinases
only
in
future
version
consider
to
also
support
Cup
coverage
deployment
as
well.
A
So,
basically,
you
just
need
to
configure
the
lock
storage
configuration
so
there's
a
new
section
in
the
quick
config
app
and
then
you
need
to
follow
the
data
and
the
same
for
Kinesis.
If
you
plan
to
use
it
and
that's
it
and
start
up
from
there,
the
locks
are
no
longer
stored
in
the
database
and
instead
pushed
to
elastic
search,
as
I
mentioned,
we
already
shipped
together
with
the
newest
version
of
OpenShift,
a
couple
of
changes
and
extensions
for
the
overshift
console
and
effectively.
We
now
have
a
couple
of
additional
list
views.
A
We
have
a
part
use
really
the
vulnerability
information
associated
with
a
particular
part,
and
we
also
have
a
couple
of
other
views.
We
added
to
the
openshift
console
and
there
was
a
very
good
blog
post
out
there,
written
by
our
user
experience
team,
which
describes
all
those
changes
and
new
things
we
added
with
openshift
Snoozeville.
A
Another
feature
we
introduced,
which
is
pretty
powerful
as
well,
is
a
custom
tagging
for
the
builders.
So
it's
important
to
know
that
in
the
past
we
have
been
very
opinionated
on
the
way
how
we
defined
the
resulting
text
of
an
image
which
has
been
build.
We're
equipping
automation,
so
it
has
been
either
the
branch
name
of
what
the
branch
which
has
triggered
a
build
or
has
been
the
latest
tag.
A
If
it
was
the
default
branch
and
now
we
allowed
to
specify
custom
text,
so
you
can
deselect
the
default
walls
and
then
you
can
specify
your
custom
text
and
this
could
be
a
static
tag
or
dynamically
Playtex.
So
it's
pretty
powerful
in
order
to
have
more
sophisticated
ways
to
take,
and
of
course,
you
can
combine
them
and
use
multiple
of
them
side
by
side.
A
Another
feature
which
is
marked
a
sec
preview
as
of
today,
simply
because
the
OCI
distribution
spec
is
still
not
an
official
standard.
Yet
we
introduced
the
full
support
of
the
OCI,
a
distribution
spec
as
it
is
as
it
exists
today,
and
this
probably
makes
us
the
first
open-source
registry
both
hosted
on
on-prem,
which
does
support
it.
Also
yeah
OCI
distribution
spec
in
its
current
form,
and
this
also
allows
us
to
do
a
couple
of
things.
A
This
audio
CI
mine
turns
upon
has
been
pretty
important
for
us
because
we
are
driving
a
couple
of
things
on
the
reddit
site,
such
as
source
container,
which
require
the
mine
type
support,
and
initially
some
of
the
OCI
provided
test
didn't
pass
and
we
submitted
plans
in
order
to
fix
them
any
meantime,
most
of
those
PRS
have
been
got
accepted
and
by
the
OCI
initiative,
and
that's
why
we
are.
We
are
really
proud
that
this
has
been
passed
now
and
we
don't
expect
any
really
big
changes
before
the
final
or
CI
distribution.
A
Spec
comes
out
so
probably
from
day
one.
We
will
be
able
to
support
the
OCI
spec
after
it
has
been
finalized
and
published.
Then
another
feature
which
is
not
even
experimental
about
tech
AB,
which
is
not
human
tech
preview
of
an
experimental,
is
this
report
for
the
OCI
artifacts
back.
So
this
is
another
initiative
driven
by
OCI,
which
is
primarily
driven
by
Microsoft,
IBM,
redhead
and
docker,
and
the
goal
here
is
that
you're,
the
the
goal
of
the
spec
is
to
allow
that
you
can
store
arbitrary
content
types
in
the
registry.
A
So
it's
no
longer
limited
to
images,
which
also
includes
how
charts
inner
boundaries
company's
deployment
templates
over
your
diploma
templates.
Whatever
else
so
one
of
the
co-founders
and
the
the
lead
architect
of
rennet
Quay
is
one
of
the
maintenance
of
the
spec,
and
this,
of
course
enabled
us
to
have
a
very
early
implementation
and
effectively
working
closely
with
the
young
community
allowed
us
to
introduce
an
initial
hungry
sweet
child
support
as
an
experimental
feature,
an
experimental
really
Unbounce,
the
Quay
and
the
home
client
side.
A
It's
not
available
incredible
yet
because
Queiroz,
a
production
environment
and
we
do
not
enable
experimental
what
even
take
beer
officials
who
even
do
see.
My
entire
support
is
only
enabled
on
selected
namespace.
So,
which
means
you
need
to
enable
or
switch
on
a
feature
which
is
clearly
marked
as
excrement
on
both
the
quayside
in
the
config
Yama
file
and
on
the
home
client
side,
and
as
of
today,
it's
it's
just
for
us.
It's
a
very
early
pilot.
A
We
want
to
get
it
out
as
early
as
we
can
in
order
to
get
the
additional
feedback
and
input
from
the
community
and
our
end
users.
We
don't
have
any
specific
UI
support,
which
means,
if
you
go
to
the
query,
Y
and
push
a
hump
out
there,
then,
from
a
UI
perspective,
the
hump
shot
looks
similar
like
an
image,
but
if
you
try
to
dock
or
pull
a
ham
child,
obviously
it
will
fail.
A
Of
course
we
will
change
and
improve
this
over
time,
but
keep
in
mind
there
is
a
certain
risk
that
there
won't
be
any
upgrade
pass
from
the
experimental
stairs
to
the
final
production
version.
We
hopefully
ship
in
one
of
the
future
version
of
quake.
So,
technically,
you
should
be
able
to
run
a
couple
of
a
commands
against
Quay
400,
as
you
previously
did
for
Katrina
images
you
can
log
in
and
log
over
to
the
registry.
You
can
push
and
pull
those
home
trials
as
you
do
for
container
images
again,
it's
experimental
feature.
A
We
are
working
closely
with
the
Absalom
community
order
to
improve
this
over
time,
and
this
is
the
last
slide
and
in
addition
to
all
the
stuff
we
introduced,
we
continue
to
deprecated
a
couple
of
feature
which
are
no
longer
used,
no
longer
maintainable
or
just
they
don't.
They
are
not
needed
anymore.
With
the
previous
version
of
the
oddest
audited,
application
of
rocket
conversion
between
distribution,
empty
dhaka,
v1
push
support
and
was
no
mystery
is
now
for
the
apps
for
the
downstream
product
we
did.
A
We
started
replication
squashing,
the
application
registry,
which
is
hopefully
being
replaced
with
the
artefact
spec
support.
We
just
talked
about
it
and
we
deprecated
the
images
API.
Obviously
this
has
been
replaced
by
the
manifest
API
and
we
started
to
deprecate
the
commercial
support
for
NFS
and
was
this
newest
version
software.
That
way-
and
this
brings
me
to
an
end
thanks
for
watching
and
enjoy
our
newest
version
of
redhead
quake.