This is an issue found when use Quay Operator to deploy Quay, when create quay config bundle secret, not provide TLS cert/key pairs, and in QuayRegistry set route is managed, TLS is unmanaged, as the design docs mentioned, in this condition Quay operator should report error with message like "TLS Cert/Key must be provided". However, the results is Quay Operator continue to deploy using OCP default Cert.
Quay Operator: quay-operator-container-v3.6.0-2
- Deploy Quay Operator in Single OCP Namespace
- Create quay config bundle secret, run "oc create secret generic --from-file config.yaml=./config.yaml config-bundle-secret"
- Create QuayRegistry, run "oc create -f quayregistry.yaml"
QuayRegistry deployment should be failed with error message "TLS Cert/Key should be provided"
QuayRegistry deployment completed successfully by using OCP default Route Cert
The following is the design Docs:
|route||tls||TLS cert/key pair provided||Expected result|
|Managed||Managed||No||Edge Route with default wildcard cert|
|Managed||Managed||Yes||Edge Route with default wildcard cert (Ignore provided TLS)|
|Managed||Unmanaged||No||Error, TLS cert/key pair must be provided|
|Managed||Unmanaged||Yes||Edge Route with provided TLS|
|Unmanaged||Unmanaged||No||Do nothing, Quay expects HTTP traffic|
|Unmanaged||Unmanaged||Yes||Do nothing, Quay expects HTTP traffic|
|Unmanaged||Managed||No||Error, tls component can only be used with route|
|Unmanaged||Managed||Yes||Error, tls component can only be used with route|