Customer is asking to have the ssl/tls custom certs to be encapsulated in separate kubernetes secret instead of the default secret i.e "<registry-name>-<config-bundle>" secret.
Here is what customer said:
The content of the config-bundle-secret is currently: config.yaml clair-config.yaml ssl.cert ssl.key I want the ssl.cert and ssl.key to be k8s secrets of type kubernetes.io/tls, and not to be included in the config-bundle-secret anymore. They can be placed in the same quay namespace. When the content of this certificate secret is changed, quay operator should detect this and restart the quay app. The issue we have when the ssl.cert and ssl.key are in the config-bundle-secret are two things: - The current setup that we use can only create k8s secrets of type kubernetes.io/tls, and replaces the complete secret - If deploy Quay by GitOps (ArgoCD), and we do want to have the config-bundle-secret synced by Argo, but we don't want the SSL certificate in it, because it's automatically managed by a different tool and not in git.