certs-and-proxies: mounting certs in mirror and renaming operator service reference (PROJQUAY-3599) #699
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As per each individual commit:
annotations: stop setting annotations on clair db deployment (PROJQUAY-3599)
These annotations make the database to be rolled out if one of the
annotations is change. As Clair database is not affected by these
annotations we better not set them (as we already do with the Quay
database).
cert: mount the user provided certs on mirror (PROJQUAY-3599)
If we don't mount quay-config-tls then mirror is not aware of the
cluster wildcard cert and can't access Quay through its route.
This commits mounts the cluster wildcard cert (or the cert manually
provided by the user) in the extra_ca_certs directory.
proxy: use the full service name (PROJQUAY-3599)
If we don't append the "full domain" to the service name it is quite
hard for the users to allow direct traffic to quay operator service
during reconfigure.
We want to allow users to bypass traffic to svc.cluster.local.