Injecting centralized TLS configuration from the cluster APIServer into scheduler pods is critical for maintaining consistent security posture across the entire OpenShift cluster. When administrators configure TLS security profiles at the cluster level (via the APIServer resource), these settings must be propagated to all control plane components, including the Image Registry, to ensure uniform enforcement of cryptographic standards.

Without this propagation, the Image Registry could operate with weaker or inconsistent TLS settings compared to the rest of the cluster, creating security gaps where attackers could exploit older cipher suites or TLS protocol versions that have been intentionally disabled cluster-wide.

The config observer pattern enables operators to automatically observe changes to cluster TLS policies and adjust the Image Registry configuration, ensuring that security policies are centrally managed, consistently applied, and automatically updated.