Skip to content

Commit

Permalink
cert: mount the user provided certs on mirror (PROJQUAY-3599)
Browse files Browse the repository at this point in the history 
If we don't mount quay-config-tls then mirror is not aware of the
cluster wildcard cert and can't access Quay through its route.

This commits mounts the cluster wildcard cert (or the cert manually
provided by the user) in the extra_ca_certs directory.
  • Loading branch information
@ricardomaraschini @jonathankingfc
ricardomaraschini authored and jonathankingfc committed Apr 29, 2022
1 parent 4775644 commit a1a0236
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions pkg/kustomize/kustomize.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -315,9 +315,11 @@ func KustomizationFor(
quayConfigTLSSources := []string{}
if ctx.ClusterWildcardCert != nil {
quayConfigTLSSources = append(quayConfigTLSSources, "ocp-cluster-wildcard.cert="+string(ctx.ClusterWildcardCert))
userProvidedCaCerts = append(userProvidedCaCerts, "ocp-cluster-wildcard.crt="+string(ctx.ClusterWildcardCert))
}
if ctx.TLSCert != nil {
quayConfigTLSSources = append(quayConfigTLSSources, "ssl.cert="+string(ctx.TLSCert))
userProvidedCaCerts = append(userProvidedCaCerts, "ssl.crt="+string(ctx.TLSCert))
}
if ctx.TLSKey != nil {
quayConfigTLSSources = append(quayConfigTLSSources, "ssl.key="+string(ctx.TLSKey))
Expand Down

0 comments on commit a1a0236

Please sign in to comment.