Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-7066

[RFE] Requesting to add custom the SSL/TLS certs in a separate kubernetes secret instead of the default registry-config-bundle secret

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • quay-v3.11.0
    • quay
    • BU Product Work
    • False
    • None
    • False
    • Not Selected

      Customer is asking to have the ssl/tls custom certs to be encapsulated in separate kubernetes secret instead of the default secret i.e "<registry-name>-<config-bundle>" secret.

      Here is what customer said:

      The content of the config-bundle-secret is currently: 
      
      config.yaml
      clair-config.yaml
      ssl.cert
      ssl.key
      
      I want the ssl.cert and ssl.key to be k8s secrets of type kubernetes.io/tls, and not to be included in the config-bundle-secret anymore. They can be placed in the same quay namespace. 
      When the content of this certificate secret is changed, quay operator should detect this and restart the quay app.
      The issue we have when the ssl.cert and ssl.key are in the config-bundle-secret are two things:
      
      - The current setup that we use can only create k8s secrets of type kubernetes.io/tls, and replaces the complete secret
      - If deploy Quay by GitOps (ArgoCD), and we do want to have the config-bundle-secret synced by Argo, but we don't want the SSL certificate in it, because it's automatically managed by a different tool and not in git.
       

              Unassigned Unassigned
              rhn-support-mjahangi Muhammad Selim Jahangir
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: