RFC-0011: quay.io

• RFC PR: iver-wharf/rfcs#11
• Feature name: quay.io
• Author: Kalle Jillheden (@jilleJr)
• Implementation issue: iver-wharf/iver-wharf.github.io#49
• Implementation status:

Summary

Hosting our built Docker images of our main API, web frontend, and provider APIs over at https://quay.io/ by Red Hat.

Motivation

We can no longer host our Docker images over at an internal Harbor as we have been doing up until now as we want to make the built images public for easier access and updating.

Choosing quay.io is mainly for their analysing toolchain that you get for hosting your images there.

Explanation

Run the Wharf web locally by doing:

docker run --rm -it quay.io/iver-wharf/wharf-web

All our built Docker images can be found over at:

• docker pull quay.io/iver-wharf/wharf-web (https://quay.io/repositories/iver-wharf/wharf-web)

• docker pull quay.io/iver-wharf/wharf-api (https://quay.io/repositories/iver-wharf/wharf-api)

• docker pull quay.io/iver-wharf/wharf-provider-github (https://quay.io/repositories/iver-wharf/wharf-provider-github)

• docker pull quay.io/iver-wharf/wharf-provider-gitlab (https://quay.io/repositories/iver-wharf/wharf-provider-gitlab)

• docker pull quay.io/iver-wharf/wharf-provider-azuredevops (https://quay.io/repositories/iver-wharf/wharf-provider-azuredevops)

To run a full instance of Wharf and its providers using Docker Compose, pull the repository https://github.com/iver-wharf/wharf-docker-compose and run:

docker-compose pull

# The --abort-on-container-exit is a good flag to pass
# It shuts down the entire suite if one of the containers errors out
docker-compose up --abort-on-container-exit

To run one of the Wharf components from local source code then follow the “Getting started with development of Wharf” guide to clone the repos you wish to edit and then link the docker-compose.yml file as instructed there. Then you can build the component you have modified and run the suite of containers like so:

# Builds the "api" service, which should be located in a folder named wharf-api
# next to the docker-compose.yml file
docker-compose build api

# Now the main API service is based on your source code, while the other
# components use our latest upstream prebuilt images.
docker-compose up --abort-on-container-exit

Compatibility

Nothing comes to mind.

Alternative solutions

Docker Hub (https://hub.docker.com) is more common, however with their lack of image security scanning in their free tier and the fact that Quay is an OSS project (https://github.com/quay/quay) this makes Quay.io the prominent choice.

Quay also uses Clair for its security analysis. We are already using Clair in our internal Harbor installations for code scanning, so we’re already used to its behavior.

We could host Quay or Harbor publicly ourselves, but it’s more hassle than it’s worth when we have solutions like Quay.io available. Maybe in the future we move to self-hosted public instances of Harbor/Quay and some Git forge like GitLab, Gitea, Gogs, etc. But for now: no.

Future possibilities

Nothing comes to mind.

Unresolved questions

Nothing comes to mind.