-
Bug
-
Resolution: Done
-
Normal
-
None
-
quay-v3.12.0
The procedure in chapter "Using the config bundle to configure custom SSL/TLS certs" [0] has some problems, in order of importance:
1. [IMPORTANT] The first step (set TLS component to unmanaged) is wrong and could leave the QuayRegistry in error. This step must be removed.
2. The steps 4.ii and 4.iii don't have to belong to point 4. They are mandatory, while the point 4 is optional. They should be under a dedicated step (point 5)
3. The title ("Using the config bundle to configure custom SSL/TLS certs") is misleading and it gives the impression that it is about Quay TLS exposed certificates instead of CA trusted certificates. In my opinion it should be more explicit about that.
4. The example in point 3 shows 1 certificate in a single `extra_ca_cert_my-custom-ssl.crt` key but, reading the operator source code, it turns out that it loops all the `extra_ca_cert_` keys, importing the certificates. What if I want to configure more ca certificates? Should I put them all in a single `extra_ca_cert_my-custom-ssl.crt` key or should I create a single `extra_ca_cert_` for each of them?
5. The points 4.ii and 4.iii are inconsistent with point 1: in point 1 the QuayRegistry is assumed to by already created, while in points 4.ii and 4.iii it's not.