SSO/ User management/ SLA/ CDN features in quay.io

106 views
Skip to first unread message

Binh Pham

unread,
Dec 23, 2022, 1:39:29 AM12/23/22
to quay-sig
Hi there,

I'm evaluating quay.io for our SAAS container image/ OCI artifacts registry solution. I'd to ask for these informations (I have tried to check around your document, but fail to find them):
  • What are kind of SSO integration currently supported by quay.io? It would be nice if quay.io can be integrated with Okta.
  • What are the user management features we have? I'm looking for auto provisioning/terminating accounts, create team/group mapping with SSO attributes..
  • Any detail information of CDN infrastructure behind quay.io, such as the list of edge nodes locations to reduce network latency when connect to quay.io from multiple regions?
  • Do we have any SLA commitment provide to customer?
Thanks and appreciated for your help!

Daniel Messer

unread,
Jan 9, 2023, 4:39:15 AM1/9/23
to Binh Pham, quay-sig
Hi Binh,

Product Manager for Quay.io here.

Quay.io is integrated with redhat.com's SSO implementation, which in turn is connected to a wide variety of OIDC providers like GitHub, Google or Microsoft. As a Red Hat customer it's also possible to integrate your own IdP provider with redhat.com SSO.

User management in Quay.io is implemented on a per-organization basis, see the product documentation for more information (it's for Red Hat Quay but the same applies to quay.io). There is currently no synchronization of team definitions with SSO attributes. Out of curiosity, which other products are you using that currently support this?

The CDN infrastructure is not managed by Red Hat. It's currently relying on AWS CloudFront for the most part but we are in the process of transitioning to CloudFlare. There is no definite list of edge nodes, but since this is one of the largest CDN providers in the world we think you should be fine.

Our SLAs are covered in the Red Hat Online Services Agreements.

Hope this helps,
Daniel

--
You received this message because you are subscribed to the Google Groups "quay-sig" group.
To unsubscribe from this group and stop receiving emails from it, send an email to quay-sig+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/quay-sig/21d707d2-ad5e-49f2-a516-466e3ad56a48n%40googlegroups.com.


--
Daniel Messer

Product Manager Operator Framework & Quay

Red Hat OpenShift

Binh Pham

unread,
Jan 10, 2023, 9:55:47 AM1/10/23
to quay-sig
Hi Daniel,

Thanks for your information, it definitely helps.
Regarding your question, AFAIK some providers like GitHub/Jfrog do support that feature.

Best,
Binh Pham

Daniel Messer

unread,
Jan 11, 2023, 9:41:02 AM1/11/23
to Binh Pham, quay-sig
Thanks. Groups in Quay exists in organizations. How would you use SAML groups in Quay?

To view this discussion on the web visit https://groups.google.com/d/msgid/quay-sig/19e9aaf1-9053-45ae-ae10-2938e4ab3de8n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages