Describe your problem. Include specific actions and error messages.

We help customers installing OpenShift on premise. The preferred way of installation is often by whitelisting the Red Hat URLs in a forwarding HTTP proxy. The configuration works perfectly for the OpenShift base install. However, it is more complex for Certified operators. Currently certified operators can reference ANY registry to pull images from. We recently encountered an issue with the Nutanix CSI operator that pulls from k8s.registry.io. Such a registry is NON whitelistable because it does not publish a full list of FQDN's to whitelist and it is actually actively discouraged by the owners (see https://github.com/kubernetes/registry.k8s.io). This renders the OpenShift installation setup in which you do not need an additional (mirror) registry for your openshift images, almost useless (For a critical component such as a CSI driver), because you still a mirror registry for your certified operators.
Our suggestion is to add an additional criteria to Operator certification for OpenShift that the third party behind the operator should use a whitelistable registry and (preferably) a registry on which the third party provides an SLA.
 
Describe the impact to you or the business
Seriously increases the complexity of an OpenShift installation behind a HTTP proxy.