LLMpediaThe first transparent, open encyclopedia generated by LLMs

Red Hat Quay

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: CRI-O Hop 5
Expansion Funnel Raw 90 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted90
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Red Hat Quay
NameQuay
DeveloperRed Hat
Initial release2014
Programming languageGo, Python
Operating systemLinux
LicenseProprietary, open core

Red Hat Quay Red Hat Quay is a container registry platform for storing, signing, and distributing container images and OCI artifacts, designed for enterprise use and integration with cloud and on-premises infrastructures. It targets users of Kubernetes, OpenShift, Docker, Google Cloud Platform, Amazon Web Services, and Microsoft Azure, offering features aimed at registries used by organizations such as IBM, Intel, Oracle, SAP, and VMware. Quay competes and interoperates with projects and products like Harbor, Artifactory, GitLab, JFrog, and Docker Hub.

Overview

Quay provides a registry service supporting OCI and Docker image formats, container image signing, vulnerability scanning, and repository mirroring for enterprises including users of Red Hat Enterprise Linux, CentOS, Fedora, and Debian. The platform is positioned within Red Hat's portfolio alongside OpenShift Container Platform, Ansible, Satellite, and Red Hat Enterprise Linux CoreOS. Quay emphasizes high-availability deployments used by organizations like NASA, The New York Times, Pinterest, BBC, and Shopify for resilient image distribution.

Architecture and Components

Quay's architecture separates control plane services, storage backends, and worker processes; common storage integrations include Amazon S3, Google Cloud Storage, Microsoft Azure Blob Storage, and Ceph. Core components include a web UI service, a registry API compatible with Docker Registry API v2, a database (typically PostgreSQL), and background workers for tasks such as image garbage collection and vulnerability scanning. Supporting subsystems and integrations reference projects like Clair, Notary, TLS, and OAuth 2.0 providers including Keycloak and Auth0. For orchestration and scaling, deployments commonly use Kubernetes, OpenShift, Systemd, and container runtimes like containerd and CRI-O.

Features and Functionality

Quay implements features such as image storage and distribution, image signing, automated builds, replicated registry mirrors, and repository-level access controls. It supports vulnerability scanning through integrations with scanners like Clair and SCA solutions used by Snyk, Black Duck, and Anchore, as well as image signing workflows compatible with Notary and Sigstore. Operational features include immutable repositories, content trust, image promotion pipelines used in CI systems such as Jenkins, GitHub Actions, GitLab CI/CD, and Tekton, and automated garbage collection and layer deduplication for storage efficiency.

Deployment and Integration

Quay can be deployed as a hosted offering, running on Red Hat OpenShift, Kubernetes, or installed on virtual machines running Red Hat Enterprise Linux, Ubuntu, SUSE, or CentOS Stream. Integration points cover CI/CD tools like Jenkins, CircleCI, Travis CI, GitLab, and Bamboo, artifact repositories like Artifactory, and cloud-native networking and observability stacks including Prometheus, Grafana, Elasticsearch, Fluentd, and Jaeger. For enterprise identity and policy, Quay integrates with LDAP, Active Directory, SAML 2.0, and OAuth 2.0 providers, and can participate in supply-chain workflows that reference The Update Framework and Sigstore.

Security and Compliance

Security features include vulnerability scanning, image signing, role-based access control, audit logging, and content trust mechanisms compatible with Notary, Sigstore, and COSIGN. Quay supports compliance and governance workflows used by organizations subject to standards such as ISO/IEC 27001, SOC 2, PCI DSS, and HIPAA by providing audit trails, immutable repositories, and encryption at rest using storage backends like Amazon S3 with KMS and Azure Key Vault. Network and authentication integrations utilize TLS, LDAP, Active Directory, and federated identity providers like Keycloak and Okta for single sign-on and policy enforcement.

Editions and Licensing

Quay is available in different editions including a commercially supported enterprise edition by Red Hat and upstream community or open-core variants. Licensing and subscription models align with Red Hat offerings alongside Red Hat OpenShift Container Platform subscriptions and Red Hat Enterprise Linux support plans. Alternatives and comparable licensing models exist from vendors such as JFrog, JFrog Artifactory, GitLab Inc., Docker, Inc., and cloud providers Amazon Web Services, Google Cloud Platform, and Microsoft Azure which offer managed registry services.

History and Development

Quay originated as an independent project and evolved through acquisitions and integration into Red Hat's portfolio, paralleling developments in container standards like the Open Container Initiative and the rise of Kubernetes orchestrators. Its development trajectory intersects with projects and organizations such as CoreOS, Docker, Inc., Project Atomic, Clair, and standards bodies like Linux Foundation initiatives. Major milestones include adoption by enterprise users, integration into OpenShift, and enhancements for security scanning and high-availability deployments driven by demands from enterprises including Intel, IBM, Cisco, Google, and Amazon.

Category:Container registries