agnosticd · treddy08 · Mar 13, 2026 · Mar 13, 2026 · Mar 13, 2026 · Mar 13, 2026
@@ -119,3 +119,31 @@ ocp4_workload_quay_operator_registry_enable_clairpostgres: false
 # Startup probe override (disabled by default)
 ocp4_workload_quay_operator_registry_startup_probe_update: false
 ocp4_workload_quay_operator_registry_startup_probe_failure_threshold: 30
+
+# --------------------------------
+# Storage Backend Configuration
+# --------------------------------
+# Set to true to use S4 storage, false to use Noobaa (OCS)
+# Default: false (uses Noobaa/OpenShift Container Storage)
+ocp4_workload_quay_operator_s4_storage_enabled: false
+
+# --------------------------------
+# S3 Storage Configuration (S4)
+# --------------------------------
+# Only used when ocp4_workload_quay_operator_s4_storage_enabled: true
+# Quay uses S4 storage for object storage backend
+
+# S4 S3 endpoint configuration
+ocp4_workload_quay_operator_s4_namespace: s4
+ocp4_workload_quay_operator_s4_bucket_name: quay-registry
+
+# S4 S3 credentials (should match S4 deployment)
+ocp4_workload_quay_operator_s4_access_key: s4admin
+ocp4_workload_quay_operator_s4_secret_key: s4secret
+
+# S3 endpoint - uses internal service endpoint
+# Format: http://s4.<namespace>.svc.cluster.local:7480
+ocp4_workload_quay_operator_s4_endpoint: "http://s4.{{ ocp4_workload_quay_operator_s4_namespace }}.svc.cluster.local:7480"
+
+# S3 region
+ocp4_workload_quay_operator_s4_region: us-east-1
@@ -5,7 +5,8 @@
 * This role can
 ** install the Quay Operator
 ** use a previously installed Red Hat Quay Operator to deploy a Quay Registry into an OpenShift Cluster.
-* The cluster *must* have OpenShift Container Storage installed.
+* By default, the cluster *must* have OpenShift Container Storage (Noobaa) installed.
+* Optionally, S4 S3-compatible storage can be used instead of Noobaa.
 
 * The role consists of the following tasks files:
 ** Tasks: link:./tasks/pre_workload.yml[pre_workload.yml] - Sets up an
@@ -26,6 +27,68 @@
 *** This role removes the Red Hat Quay Registry project (and therefore Red Hat Quay Registry)
 *** Debug task will print out: `remove_workload Tasks completed successfully.`
 
+== Prerequisites
+
+=== Storage Backend Options
+
+This role supports two storage backends for Quay:
+
+1. **Noobaa/OpenShift Container Storage** (default)
+2. **S4 Storage** (optional, S3-compatible)
+
+==== Option 1: Noobaa Storage (Default)
+
+The cluster *must* have OpenShift Container Storage installed with Noobaa.
+
+[source,yaml]
+----
+workloads:
+- agnosticd.core_workloads.ocp4_workload_quay_operator
+
+# Uses default storage (Noobaa/OCS)
+# No additional configuration required
+----
+
+==== Option 2: S4 Storage (Optional)
+
+To use S4 storage instead of Noobaa, S4 must be deployed first using the `ocp4_workload_s4` role.
+
+[source,yaml]
+----
+workloads:
+- agnosticd.core_workloads.ocp4_workload_s4
+- agnosticd.core_workloads.ocp4_workload_quay_operator
+
+# Enable S4 storage backend
+ocp4_workload_quay_operator_s4_storage_enabled: true
+
+# S4 configuration
+ocp4_workload_s4_buckets:
+- quay-registry  # Required bucket for Quay
+
+# S4 credentials (must match Quay configuration)
+ocp4_workload_s4_access_key_id: s4admin
+ocp4_workload_s4_secret_access_key: s4secret
+
+# Quay S4 settings (optional, uses defaults if not specified)
+ocp4_workload_quay_operator_s4_namespace: s4
+ocp4_workload_quay_operator_s4_bucket_name: quay-registry
+ocp4_workload_quay_operator_s4_access_key: s4admin
+ocp4_workload_quay_operator_s4_secret_key: s4secret
+----
+
+=== S4 Storage Configuration Variables
+
+When using S4 storage (`ocp4_workload_quay_operator_s4_storage_enabled: true`), these variables control the S3 storage backend:
+
+* `ocp4_workload_quay_operator_s4_storage_enabled`: Enable S4 storage backend (default: `false`)
+* `ocp4_workload_quay_operator_s4_namespace`: Namespace where S4 is deployed (default: `s4`)
+* `ocp4_workload_quay_operator_s4_bucket_name`: S3 bucket name for Quay (default: `quay-registry`)
+* `ocp4_workload_quay_operator_s4_access_key`: S3 access key (default: `s4admin`)
+* `ocp4_workload_quay_operator_s4_secret_key`: S3 secret key (default: `s4secret`)
+* `ocp4_workload_quay_operator_s4_endpoint`: S3 endpoint URL (default: auto-configured internal endpoint)
+* `ocp4_workload_quay_operator_s4_region`: S3 region (default: `us-east-1`)
+
 == Review the defaults variable file
 
 * This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you need to define to control the deployment of your workload.

@@ -1,18 +1,37 @@
 ---
-# Quay needs OpenShift Container Storage (Noobaa in particular)
-# Check that the correct storage class exists on the cluster
-- name: Retrieve Bucket Class
-  kubernetes.core.k8s_info:
-    api_version: noobaa.io/v1alpha1
-    kind: BucketClass
-    namespace: openshift-storage
-  register: r_bucket_class
-
-- name: Assert that there is a Bucket Storage Class
-  ansible.builtin.assert:
-    that:
-    - r_bucket_class.resources | length == 1
-    fail_msg: Quay must be installed on a cluster with OpenShift Container Storage configured - and a Bucket Class deployed.
+# Validate storage backend based on configuration
+- name: Validate storage backend
+  block:
+  - name: Check S4 service exists
+    when: ocp4_workload_quay_operator_s4_storage_enabled | bool
+    kubernetes.core.k8s_info:
+      api_version: v1
+      kind: Service
+      name: s4
+      namespace: "{{ ocp4_workload_quay_operator_s4_namespace }}"
+    register: r_s4_service
+
+  - name: Assert that S4 service exists
+    when: ocp4_workload_quay_operator_s4_storage_enabled | bool
+    ansible.builtin.assert:
+      that:
+      - r_s4_service.resources | length == 1
+      fail_msg: "S4 storage service not found in namespace {{ ocp4_workload_quay_operator_s4_namespace }}. Deploy S4 first using ocp4_workload_s4 role."
+
+  - name: Check Noobaa BucketClass exists
+    when: not (ocp4_workload_quay_operator_s4_storage_enabled | bool)
+    kubernetes.core.k8s_info:
+      api_version: noobaa.io/v1alpha1
+      kind: BucketClass
+      namespace: openshift-storage
+    register: r_bucket_class
+
+  - name: Assert that Noobaa BucketClass exists
+    when: not (ocp4_workload_quay_operator_s4_storage_enabled | bool)
+    ansible.builtin.assert:
+      that:
+      - r_bucket_class.resources | length == 1
+      fail_msg: "Quay must be installed on a cluster with OpenShift Container Storage configured - and a Bucket Class deployed."
 
 - name: Install Quay Operator
   when: ocp4_workload_quay_operator_install_operator | bool

@@ -6,3 +6,19 @@ SUPER_USERS:
 - {{ ocp4_workload_quay_operator_registry_admin_user }}
 FEATURE_USER_INITIALIZE: true
 {% endif %}
+{% if ocp4_workload_quay_operator_s4_storage_enabled | bool %}
+# S4 Storage Configuration
+DISTRIBUTED_STORAGE_CONFIG:
+  s4storage:
+    - RadosGWStorage
+    - hostname: s4.{{ ocp4_workload_quay_operator_s4_namespace }}.svc.cluster.local
+      port: 7480
+      is_secure: false
+      bucket_name: {{ ocp4_workload_quay_operator_s4_bucket_name }}
+      storage_path: /datastorage/registry
+      access_key: {{ ocp4_workload_quay_operator_s4_access_key }}
+      secret_key: {{ ocp4_workload_quay_operator_s4_secret_key }}
+DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS: []
+DISTRIBUTED_STORAGE_PREFERENCE:
+- s4storage
+{% endif %}
@@ -10,7 +10,7 @@ spec:
   - kind: postgres
     managed: true
   - kind: objectstorage
-    managed: true
+    managed: {{ 'false' if ocp4_workload_quay_operator_s4_storage_enabled | bool else 'true' }}
   - kind: redis
     managed: true
   - kind: tls

@@ -0,0 +1,107 @@
+---
+# S4 (Super Simple Storage Service) workload configuration
+
+# --------------------------------------------------
+# Namespace configuration
+# --------------------------------------------------
+ocp4_workload_s4_namespace: s4
+ocp4_workload_s4_namespace_create: true
+
+# --------------------------------------------------
+# ArgoCD Application configuration
+# --------------------------------------------------
+ocp4_workload_s4_application_name: s4
+ocp4_workload_s4_gitops_namespace: openshift-gitops
+
+# Helm chart configuration
+ocp4_workload_s4_chart_repo: https://github.com/rh-aiservices-bu/s4
+ocp4_workload_s4_chart_revision: v0.3.2
+ocp4_workload_s4_chart_path: charts/s4
+
+# --------------------------------------------------
+# S4 Deployment configuration
+# --------------------------------------------------
+# Image configuration
+ocp4_workload_s4_image_repository: quay.io/rh-aiservices-bu/s4
+ocp4_workload_s4_image_tag: 0.3.2
+ocp4_workload_s4_image_pull_policy: IfNotPresent
+
+# S3 credentials
+ocp4_workload_s4_access_key_id: s4admin
+ocp4_workload_s4_secret_access_key: s4secret
+
+# Authentication configuration
+# Username and password can be passed in as parameters.
+# If not provided, username defaults to 'admin' and password is auto-generated.
+ocp4_workload_s4_auth_enabled: true
+ocp4_workload_s4_auth_username: admin  # Default username (can be overridden)
+ocp4_workload_s4_auth_password: ""  # Pass in a password or leave empty for auto-generation
+ocp4_workload_s4_auth_password_length: 16  # Length of auto-generated password
+ocp4_workload_s4_auth_jwt_expiration_hours: 8
+ocp4_workload_s4_auth_cookie_require_https: true
+
+# --------------------------------------------------
+# Storage configuration
+# --------------------------------------------------
+# RGW data volume (Ceph/SQLite storage)
+ocp4_workload_s4_storage_data_size: 10Gi
+ocp4_workload_s4_storage_data_storage_class: ""  # Empty for default
+ocp4_workload_s4_storage_data_access_mode: ReadWriteOnce
+
+# Local storage volume (optional, for local file browser)
+ocp4_workload_s4_storage_local_enabled: false
+ocp4_workload_s4_storage_local_size: 50Gi
+ocp4_workload_s4_storage_local_storage_class: ""
+ocp4_workload_s4_storage_local_access_mode: ReadWriteOnce
+ocp4_workload_s4_storage_local_paths: ""  # Comma-separated paths
+
+# Storage limits
+ocp4_workload_s4_storage_max_file_size_gb: 20
+ocp4_workload_s4_storage_max_concurrent_transfers: 2
+
+# --------------------------------------------------
+# Resource configuration
+# --------------------------------------------------
+ocp4_workload_s4_resources_requests_cpu: 250m
+ocp4_workload_s4_resources_requests_memory: 512Mi
+ocp4_workload_s4_resources_limits_cpu: 2000m
+ocp4_workload_s4_resources_limits_memory: 2Gi
+
+# --------------------------------------------------
+# Route configuration
+# --------------------------------------------------
+ocp4_workload_s4_route_enabled: true
+ocp4_workload_s4_route_host: ""  # Auto-generated if empty
+ocp4_workload_s4_route_tls_termination: edge
+ocp4_workload_s4_route_tls_insecure_policy: Redirect
+
+# S3 API Route (enabled by default for S3 API access)
+ocp4_workload_s4_route_s3_api_enabled: true
+ocp4_workload_s4_route_s3_api_host: ""  # Auto-generated if empty
+
+# --------------------------------------------------
+# Bucket creation configuration
+# --------------------------------------------------
+# List of S3 buckets to create automatically
+# If empty or not defined, no buckets will be created
+# Example: ['datasets', 'ml-models', 'backups']
+ocp4_workload_s4_buckets: []
+
+# --------------------------------------------------
+# ArgoCD sync configuration
+# --------------------------------------------------
+ocp4_workload_s4_sync_policy_automated: true
+ocp4_workload_s4_sync_policy_self_heal: true
+ocp4_workload_s4_sync_policy_prune: true
+ocp4_workload_s4_sync_retry_limit: 5
+
+# --------------------------------------------------
+# User info configuration
+# --------------------------------------------------
+ocp4_workload_s4_enable_user_info_messages: true
+ocp4_workload_s4_enable_user_info_data: true
+
+# --------------------------------------------------
+# Wait for deployment
+# --------------------------------------------------
+ocp4_workload_s4_wait_for_deployment: true
@@ -0,0 +1,18 @@
+---
+galaxy_info:
+  role_name: ocp4_workload_s4
+  author: Red Hat GPTE
+  description: |
+    Deploy S4 (Super Simple Storage Service) on OpenShift using GitOps.
+    S4 provides S3-compatible object storage with a modern web UI.
+  license: MIT
+  min_ansible_version: "2.9"
+  platforms: []
+  galaxy_tags:
+  - ocp
+  - openshift
+  - s3
+  - storage
+  - gitops
+  - argocd
+dependencies: []