Learn to Install Project Quay on Podman
Introduction
Project Quay is an open-source repository used to store and manage artifacts such as containers for use on cloud native platforms. Project Quay also offers additional functionality such as (in no particular order):
- Registry - High availability
- Security - Vulnerability scanning, Logging & Auditing, Notifications & Alerts
- Access Control - Role-based access control (RBAC)
- Integration - OAuth support
- Build Automation - Git/GitHub/GitLab integration
It can be deployed on either a Kubernetes cluster using an Operator, or as a standalone container or high availability cluster on Podman.
Objectives
This lab shows how to install and run Project Quay on Podman and then confirm it is working. The main steps described are outlined below:
- Install Project Quay on Podman
- Verify basic Quay functionality works
Note: The steps provided do not include how to configure the registry using certificates. Therefore its recommended for non-production purposes or an internal/air-gapped environment.
Requirements
- A system with Oracle Linux installed
- Podman installed (the 'container-tools' package)
- Access to the Internet
Setup the Lab Environment
Note: When using the free lab environment, see Oracle Linux Lab Basics for connection and other usage instructions.
Open a terminal and connect via ssh to the ol-server instance if not already connected.
ssh oracle@<ip_address_of_instance>
(Optional) Confirm Podman Works
The container-tools package in Oracle Linux provides the latest versions of Podman, Buildah, Skopeo, and associated dependencies.
Check the version of Podman.
podman -v
Confirm the Podman CLI is working.
podman run quay.io/podman/hello
Example Output:
[oracle@ol-server ~]$ podman run quay.io/podman/hello Trying to pull quay.io/podman/hello:latest... Getting image source signatures Copying blob f82b04e85914 done Copying config dbd85e09a1 done Writing manifest to image destination Storing signatures !... Hello Podman World ...! .--"--. / - - \ / (O) (O) \ ~~~| -=(,Y,)=- | .---. /` \ |~~ ~/ o o \~~~~.----. ~~ | =(X)= |~ / (O (O) \ ~~~~~~~ ~| =(Y_)=- | ~~~~ ~~~| U |~~ Project: https://github.com/containers/podman Website: https://podman.io Documents: https://docs.podman.io Twitter: @Podman_io
Configure Networking
Set Firewall Rules
Edit the system's firewall rules to open the ports required by Project Quay.
Update Firewall Rules
sudo firewall-cmd --permanent --add-port=80/tcp sudo firewall-cmd --permanent --add-port=443/tcp sudo firewall-cmd --permanent --add-port=5432/tcp sudo firewall-cmd --permanent --add-port=6379/tcp sudo firewall-cmd --reload
Example Output:
[oracle@ol-server ~]$ sudo firewall-cmd --permanent --add-port=80/tcp success [oracle@ol-server ~]$ sudo firewall-cmd --permanent --add-port=443/tcp success [oracle@ol-server ~]$ sudo firewall-cmd --permanent --add-port=5432/tcp success [oracle@ol-server ~]$ sudo firewall-cmd --permanent --add-port=6379/tcp success [oracle@ol-server ~]$ sudo firewall-cmd --reload success
Here is a list of how each port is used:
- Ports 80 and 443: Used by the Quay container
- Port 5432: Used by the PostgreSQL container
- Port 6379: Used by the Redis container
Setup Host File
Several ways exist to configure the networking used by the Project Quay containers to ensure they can communicate together, for details refer to the Project Quay documentation .
One of these options is to ensure the hostname of the Oracle Linux system is resolvable. This has already been completed in the provided free lab environment by adding the ol-server short hostname and FQDN hostname to the hosts file along with the associated IP address.
Check the current content of the
/etc/hosts
file.cat /etc/hosts
Example Output:
[oracle@ol-server ~]$ cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.0.150 ol-server.pub.linuxvirt.oraclevcn.com ol-server
(Optional) Install the PostgreSQL Client
This step allows accessing the PostgreSQL database from the command-line outside the container. This step is not required to configure and setup the container.
Install the PostgreSQL client.
sudo dnf -y install postgresql
Setup the Project Quay Datastore
Project Quay uses a database for storing metadata. Using Postgres is the default option and used in this tutorial. Users can also use MySQL as an alternative, but that is outside this lab's scope.
Create the a directory for the database container data storage.
sudo mkdir -p /var/lib/pgsql/data
Set the correct permissions on the data storage.
sudo chmod 0755 /var/lib/pgsql/data
sudo setfacl -m u:26:-wx /var/lib/pgsql/data
Define the environment variables.
These define the Postgres variables that will be used to start the Postgres container.
export POSTGRESQL_CONTAINER_NAME=postgres export POSTGRESQL_DB=quay export POSTGRESQL_USER=quayuser export POSTGRESQL_PASSWORD=quay-test
Note: These variable are used to define the following
POSTGRESQL_CONTAINER_NAME refers to the name used by the Postgres container.
POSTGRESSQL_DB, POSTGRES_USER and POSTGRES_PASSWORD refer to Postgres specfic values.
Start the
Postgres
container specifying details such as the User Name, Password, Database name, Port # and the Volume mount point for the database datastore.sudo podman run --detach --name ${POSTGRESQL_CONTAINER_NAME} \ --env POSTGRES_USER=${POSTGRESQL_USER} \ --env POSTGRES_PASSWORD=${POSTGRESQL_PASSWORD} \ --env POSTGRES_DB=${POSTGRESQL_DB} \ --publish 5432:5432 \ --volume /var/lib/pgsql/data:/var/lib/postgresql/data:Z \ docker.io/library/postgres:latest
NOTE: The
:Z
at the end of the-volume
setting enables this storage volume to work with SELinux enabled. SELinux is enabled by default on Oracle Linux.
Add the Trigram Module to PostgreSQL
(Optional) Use the PostgreSQL Client
These steps are only possible if the Postgres client packages were installed in the above optional step. Skip this optional step if those packages were not installed.
Connect to the database.
psql -h $(hostname -i) quay quayuser
The
Password for user quayuser:
isquay-test
, as defined in the export and container creation above.Create the trigram module.
CREATE EXTENSION IF NOT EXISTS pg_trgm;
Example Output:
quay=# CREATE EXTENSION IF NOT EXISTS pg_trgm; CREATE EXTENSION
Exit the PostgreSQL client by typing
\q
and then theRETURN
key.\q
Example Output:
quay=# \q [oracle@ol-server ~]$
Run Directly in the Container
Create the trigram module.
sudo podman exec -it postgres /bin/bash -c 'echo "CREATE EXTENSION IF NOT EXISTS pg_trgm" | psql -d quay -U quayuser'
Example Output:
[oracle@ol-server ~]$ sudo podman exec -it postgres /bin/bash -c 'echo "CREATE EXTENSION IF NOT EXISTS pg_trgm" | psql -d quay -U quayuser' CREATE EXTENSION
Verify the PostgreSQL Container Status
Confirm the database has started.
sudo podman ps
Example Output:
[oracle@ol-server ~]$ sudo podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1ec4a57b792d docker.io/library/postgres:10.12 postgres 27 minutes ago Up 26 minutes ago 0.0.0.0:5432->5432/tcp postgresql
Check the container logs.
sudo podman logs -f postgres
Note: Use
CTRL+C
to return to the command prompt.Example Output:
PostgreSQL init process complete; ready for start up. 2023-02-01 16:11:49.512 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432 2023-02-01 16:11:49.512 UTC [1] LOG: listening on IPv6 address "::", port 5432 2023-02-01 16:11:49.514 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432" 2023-02-01 16:11:49.524 UTC [64] LOG: database system was shut down at 2023-02-01 16:11:49 UTC 2023-02-01 16:11:49.528 UTC [1] LOG: database system is ready to accept connections
Confirm the IP address for the Postgres container. Make a note of it because it is required later.
sudo podman inspect -f "{{.NetworkSettings.IPAddress}}" postgres
Example Output:
[oracle@ol-server ~]$ sudo podman inspect -f "{{.NetworkSettings.IPAddress}}" postgres 10.88.0.2
An alternative way to achieve this is shown below.
sudo podman inspect postgres | grep IPAddress
Example Output:
[oracle@ol-server ~]$ sudo podman inspect postgres | grep IPAddress "IPAddress": "10.88.0.2", "IPAddress": "10.88.0.2",
Note: The name
postgres
used here matches the name used in the--name
variable used in the previous Podman command to create the PostgreSQL container.
Setup Redis
Redis is required by Project Quay to store ephemeral information.
Create the a directory for the Redis containers data storage.
sudo mkdir -p /var/lib/redis
Set the permissions.
sudo chmod 0755 /var/lib/redis
Start the Redis container.
sudo podman run --detach --name redis \ --restart=always \ --publish 6379:6379 \ --privileged=true \ --volume /var/lib/redis:/var/lib/redis:Z \ docker.io/library/redis:latest
Confirm the Redis container is running.
sudo podman ps
Check the Redis container's logs.
sudo podman logs -f redis
Note: Use
CTRL+C
to return to the command prompt.Confirm the IP address for the Redis container. Make a note of it because it is required later.
sudo podman inspect -f "{{.NetworkSettings.IPAddress}}" redis
Configure Project Quay
Project Quay includes a tool to provide the details to setup the PostgreSQL database and generate the Quay configuration files. The configuration tool itself is web-based and the Quay configuration files are generated as a tar/zipped YAML file, that needs to be expanded after being moved in place.
Launch the Project Quay ConfigTool.
sudo podman run -d --name quay-config -p 80:8080 -p 443:8443 quay.io/projectquay/quay config secret-pass
Example Output:
[oracle@ol-server ~]$ sudo podman run -d --name quay-config -p 80:8080 -p 443:8443 quay.io/projectquay/quay config secret-pass Trying to pull quay.io/projectquay/quay:latest... Getting image source signatures Copying blob ec924a250552 done Copying blob fd07da1562ac done Copying blob 3550ee360766 done Copying blob b68865894b50 done Copying blob ff46f0c54d73 done Copying blob 88956768f1ec done Copying blob 644b12ae1636 done Copying blob 9661ced91a5f done Copying config c1a4397f6e done Writing manifest to image destination Storing signatures cc84cafcc5bdc41dacc86c22ba7d0d52d2bf02c0b1fca9aa59879942c7669f13
Right-click on the Luna Desktop and select
Open Terminal Here
.In the newly opened terminal, configure an SSH tunnel.
ssh -L 8080:localhost:80 oracle@<ip_address_of_ol-server>
Example Output:
[luna.user@lunabox ~]$ ssh -L 8080:localhost:80 oracle@129.159.195.234 Activate the web console with: systemctl enable --now cockpit.socket Last login: Tue Feb 7 18:56:30 2023 from 138.1.16.50
Where
8080
is the port opened on the Luna Desktop to port80
on the host. Port80
is the externally mapped port for the Project Quay container.From the Luna Desktop, open a new browser session and enter the url of the Project Quay ConfigTool.
http://localhost:8080
Example Output:
Log in to the Quay Configuration editor using the provided values.
- Username -
quayconfig
- Password -
secret-pass
(Note: This matches the last parameter passed when starting the Quay config container.)
Example Output:
- Username -
Enter Quay Configuration Information
The following steps involve entering new details whilst others use some of the information collected/noted in the earlier steps whilst setting up Postgres, Redis, etc.
If not already visible after logging in, scroll down to the 'Basic Configuration' section. Notice there are several fields that can be populated.
- Registry Title, Registry Title Short, Enterprise Logo URL and Contact Information
For the purposes of this Lab/Tutorial no changes will be made.
Example Output:
Scroll down to the Server Configuration section, enter the server's hostname (as seen earlier in the /etc/hosts file).
- Server Hostname : ol-server.pub.linuxvirt.oraclevcn.com
Example Output:
Next, scroll down to the section called: Database.
Example Output:
Click on the drop-down box next to the field called Database Type. Two options are listed - MySQL and Postgres, select Postgres.
Note: The reason for selecting Postgres is to allow the option to select the Clair scanning tool at a later date, because the Clair scanning tool does not work with a MySQL Quay database.
Example Output:
The Postgres specific fields are now displayed, enter the details to enable Postgres to be accessed.
- Database Server : Choose either -
a) Enter the $HOSTNAME or FQDN as entered in the
/etc/hosts
file (which must resolve using DNS) or b) Use the container IP address noted in an earlier step (for example - 10.88.0.2) - Username : quayuser
- Password : quay-test
- Database Name : quay
**Note: All of these values MUST match those used when starting the Postgres container (see earlier), but otherwise are fully user configurable.
Example Output:
- Database Server : Choose either -
a) Enter the $HOSTNAME or FQDN as entered in the
Continue scrolling down to the Redis section, enter the IP address returned during the startup of the Redis container earlier.
- Redis Hostname - Choose either -
a) Enter the $HOSTNAME or FQDN as entered in the
/etc/hosts
file (which must resolve using DNS) or b) Use the container IP address noted in an earlier step (for example - 10.88.0.3)
Example Output:
- Redis Hostname - Choose either -
a) Enter the $HOSTNAME or FQDN as entered in the
Notice that at the bottom of the browser screen there is a floating dialogue box called Validate Configuration Changes.
Example Output:
Click on it to confirm that the minimum requirements for the Project Quay server to work have been met.
Example Output:
Click on the button to Download the configuration file. Confirm the file (
quay-config.tar.gz
) has been downloaded.NOTE: In the Lab environment the generated configuration file is saved to the ~/Downloads directory on the Luna Desktop not on the server where the Quay repository is being configured).
Example Output:
Right-click on the Luna Desktop and select
Open Terminal Here
. In the newly opened terminal confirm the configuration file has downloaded.ls -lsa ~/Downloads
Example Output:
[luna.user@lunabox Desktop]$ ls -lsa ~/Downloads total 12 0 drwx------. 2 luna.user luna.user 32 Feb 8 11:59 . 8 drwx------. 1 luna.user luna.user 4096 Feb 8 11:59 .. 4 -rw-rw-r--. 1 luna.user luna.user 1214 Feb 8 11:59 quay-config.tar.gz
Move the file from the Luna Desktop machine to the ol-server machine where Project Quay is being configured and installed.
scp ~/Downloads/quay-config.tar.gz oracle@<ip_address_of_ol-server>:~
IMPORTANT: Take care not to remove the
:~
at the end of the above command. If it is removed nothing will be copied to the ol-server instance.Example output:
[luna.user@lunabox Downloads]$ scp quay-config.tar.gz oracle@129.159.195.234:~ quay-config.tar.gz 100% 1214 64.1KB/s 00:00
Close the active terminal window used to copy the
quay-config.tar.gz
file by typingexit
.Switch to the terminal window used to open the SSH tunnel.
Close the SSH tunnel by typing
CTRL-C
. The SSH tunnel session should be terminated. Keep the terminal window itself open - it will be required once again in upcoming steps.NOTE: Closing the SSH tunnel session is required because the container session being connected to has been closed.
Switch to the original terminal window that is still logged on to
ol-server
, and check thequay-config.tar.gz
file shows in the oracle users home directory.ls ~
Example Output:
[oracle@ol-server ~]$ ls ~ quay-config.tar.gz
Stop the Project Quay configuration container process.
sudo podman stop quay-config
Example Output:
[oracle@ol-server config]$ sudo podman stop quay-config WARN[0010] StopSignal SIGTERM failed to stop container quay-config in 10 seconds, resorting to SIGKILL quay-config
Confirm the
quay-config
container has stopped.sudo podman ps
Prepare to Start Quay
The actual location for the Project Quay /config and /storage directories can be altered as needed as long as the correct permissions are applied and it is accesible.
Using the original terminal window connected to ol-server, create a location to hold the Project Quay configuration.
mkdir -p ~/quay/config
Create a location where Project Quay can store its artefacts.
mkdir -p ~/quay/storage
Expand the Gzipped Tar file into the Quay configuration directory.
tar -xzvf quay-config.tar.gz -C ~/quay/config/
Confirm the YAML configuration file exists.
cat ~/quay/config/config.yaml
Grant
root
'Read' access to the Project Quayconfig
directory.sudo setfacl -R -m u:1001:r ~/quay/config
Grant
root
'Read', 'Write' and 'Execute' access to the Project Quaystorage
directory.sudo setfacl -R -m u:1001:rwx ~/quay/storage
Start Project Quay
Start the Project Quay server.
sudo podman run --name quay --restart=always --publish 443:8443 --publish 80:8080 --privileged=true --volume ~/quay/config:/conf/stack:Z --volume ~/quay/storage:/datastorage:Z --detach quay.io/projectquay/quay:latest
Confirm it started.
sudo podman ps
Check the Project Quay logs - this can take upto 15-20 minutes to complete the first time Project Quay starts.
sudo podman logs -f quay
Switch to the terminal window previously used to configure an SSH tunnel, and open the SSH tunnel again.
ssh -L 8080:localhost:80 oracle@<ip_address_of_ol-server>
Example Output:
[luna.user@lunabox ~]$ ssh -L 8080:localhost:80 oracle@129.159.195.234 Activate the web console with: systemctl enable --now cockpit.socket Last login: Tue Feb 7 18:56:30 2023 from 138.1.16.50
On the Luna Desktop, open a new Browser window and connect to the Project Quay Registry login screen.
http://localhost:8080
Example Output:
Note: If the browser window returns an error message (often indicating an inability to load config), it means that the Project Quay server is still configuring itself for this initial startup. Please wait and retry in a few minutes.
Create New Project Quay User and Login
The first thing to do is to create a new user. At the Quay Login screen click on the link (below the Username & Password fields) called
Create Account
.Example Output:
The Create New Account page is displayed, enter the following information.
- Username - This will be the username displayed within the Quay Registry.
- E-mail Address - This should be a valid email address (not used in this Lab for verification)
- Password - Enter a password (must be a minimum of 8 characters long)
Note: If any of the fields display a red background it means an unexpected, or invalid, value has been entered. A green background indicates the entered values are valid.
Example Output:
Important: How to create a super user is documented here . A super user is a normal user that has been granted extended privileges, which includes the ability to perform the following actions.
- Manage Users
- Manage Organizations
- Query Usage logs
- View the Change log
Once all of the entry fields have a green background (see previous screenshot), click on the
Create Account
button. Project Quay creates the new account and logs in automatically.(Optional) Decide whether to save the username and password values based on either personal choice or Company Policy.
Example Output:
Project Quay is running and the first user is logged in.
Example Output:
Create a New Project Quay Registry Repository
A repository in Project Quay is usually named the same as the container image that will be stored (_'pushed') to it once setup. This makes it much clearer to locate container images from this locally hosted container registry afterwards. However for the purposes of the Lab steps there is no requirement to comply with this, hence why the screenshots show the repository name as being test01.
Click on the Create New Repository link (top right-hand side of the screen), the Create New Repository screen is displayed.
Example Output:
Complete the required values. These are shown below.
- Repository Name - Repository names must match [a-z0-9][.a-z0-9_-](/[a-z0-9][.a-z0-9_-])* (Note: Capital letters are invalid)
- Repostory Description - This is optional.
- Choose to either make the Repository Public or Private depending upon the intended purpose.
Note: Both the Repository Description and Public/Private settings can be altered at a later time
Example Output:
Click on the button to create the new repository. This will display showing either Create Private Repository or Create_Public_Repository, depending upon which repository type was selected in the previous step.
Example Output:
The newly created repository is displayed.
Example Output:
At this point the Project Quay Registry has been started, a new user created and logged in. Finally a new repository has been created within the Container Registry. The next step is to return to the command line and upload a container to this newly created container registry.
Using Project Quay
These steps demonstrate pulling an image from an external registry, then tagging the image, logging on to the newly created Project Quay Registry, before finally pushing the image into the newly created test01 repository.
Note: Because this install of Project Quay has not been configured using SSL Certificates the Login and Push operations need an extra flag (
--tls-verify=false
) to be used, otherwise they would fail. In a production environment the--tls-verify=false
flag should NOT be used.
Open a terminal and connect via ssh to the ol-server instance if not already connected.
ssh oracle@<ip_address_of_ol-server>
Pull an image that is to be stored on the locally hosted Project Quay Registry.
podman pull quay.io/operator-framework/operatorhubio:v4
Example Output:
podman pull quay.io/operator-framework/operatorhubio:v4 Trying to pull quay.io/operator-framework/operatorhubio:v4... Getting image source signatures Copying blob de07aeb713d7 done Copying blob ef32bf2cb8c7 done Copying blob bf5952930446 done Copying blob 84807cd1a858 done Copying blob 1e60e070fb81 done Copying blob a42b61b64a1a done Copying blob 4002c47008f9 done Copying blob 44e6bcd92ca9 done Copying blob f8baa3854da1 done Copying blob c0ea348411ae done Copying config 11fa238eb3 done Writing manifest to image destination Storing signatures 11fa238eb3e3aa3262cafd975a9ca787e4f0832cd369ce3d1cb1c9c70573f4be
Tag the downloaded image with details of the destination (the newly created Project Quay Registry). The tag used can be any value preferred - in this example it is 'latest".
podman tag quay.io/operator-framework/operatorhubio:v4 ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest
Where
user01
is the name of your username in the registry, andtest01
is the name of the registry.Login to the newly created Project Quay Registry and the repository just created.
podman login --tls-verify=false ol-server.pub.linuxvirt.oraclevcn.com/user01/test01
Note: Use the Username and Password values used when creating the Project Quay user in the previous steps.
Example Output:
[oracle@ol-server ~]$ podman login --tls-verify=false ol-server.pub.linuxvirt.oraclevcn.com/user01/test01 Username: user01 Password: Login Succeeded!
Push the image to the newly created Project Quay Registry.
podman push --tls-verify=false quay.io/operator-framework/operatorhubio:v4 ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest
Example Output:
podman push --tls-verify=false quay.io/operator-framework/operatorhubio:v4 ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest Getting image source signatures Copying blob 8d46fa734840 done Copying blob c5350d986805 done Copying blob 274132c050df done Copying blob d0f104dc0a1f done Copying blob 9d51489878a0 done Copying blob ed6469d35467 done Copying blob fa152f521d35 done Copying blob b277d564135b done Copying blob 5764184699a3 done Copying blob 15d6d3b2e9e6 done Copying config 76a6ea4d80 done Writing manifest to image destination Storing signatures
Return to the browser window and navigate to the Repository Tags section of the previously created user-1/test01 repository, the 'tagged' image is listed.
Example Output:
Before being able to test whether it is possible to retrieve the image from the local Project Quay Registry, it is neccessary to delete the local copy.
podman rmi ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest
Example Output:
[oracle@ol-server config]$ podman rmi ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest Untagged: ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest
Next pull the image, but this time from the locally hosted Project Quay Registry.
podman pull --tls-verify=false ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest
Example Output:
[oracle@ol-server config]$ podman pull --tls-verify=false ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest Trying to pull ol-server.pub.linuxvirt.oraclevcn.com/user01/test01:latest... Getting image source signatures Copying blob eacf9093f015 done Copying blob d204dcb236ad done Copying blob fcbc1d0b6248 done Copying blob 5dd584b7c36d done Copying blob 7940dd7814b2 done Copying blob a06d838fcfaf done Copying blob a783f1b4704a done Copying blob 8875926a3ee5 done Copying blob 622c87e26f84 done Copying blob 2ec61b0ec8cf done Copying config 76a6ea4d80 done Writing manifest to image destination Storing signatures 76a6ea4d8064c26288fd07db817a683ca476b8ca64de07a2568e7acf53c78ded
This confirms that the local Project Quay Registry is able to store, and then serve, Container images stored within it's own Repositories.
Next Steps
This completes this Lab demonstrating how to install and run a Project Quay Registry on Podman. However Project Quay has many more features and abilities which were outside of the scope of this Lab such as shown below.
- Can be deployed for high Availability (via Podman or Kubernetes)
- Can be deployed on Kubernetes via an Operator or Helm
- Can be integrated with OAuth & Email systems
- Support for Repository mirroring
- Clair-based image security scanning can be enabled
- Support for Dockerfile builds
More details can be located in the Project Quay Documentation.
In the meantime, many thanks for taking the time to try this Lab.