From a1a0236bb725eaad62200f1ca1ff89497d749d45 Mon Sep 17 00:00:00 2001
From: Ricardo Maraschini <ricardo.maraschini@gmail.com>
Date: Fri, 29 Apr 2022 12:23:16 +0200
Subject: [PATCH] cert: mount the user provided certs on mirror (PROJQUAY-3599)

If we don't mount quay-config-tls then mirror is not aware of the
cluster wildcard cert and can't access Quay through its route.

This commits mounts the cluster wildcard cert (or the cert manually
provided by the user) in the extra_ca_certs directory.
---
 pkg/kustomize/kustomize.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/kustomize/kustomize.go b/pkg/kustomize/kustomize.go
index b0e2c4065..8ff549404 100644
--- a/pkg/kustomize/kustomize.go
+++ b/pkg/kustomize/kustomize.go
@@ -315,9 +315,11 @@ func KustomizationFor(
 	quayConfigTLSSources := []string{}
 	if ctx.ClusterWildcardCert != nil {
 		quayConfigTLSSources = append(quayConfigTLSSources, "ocp-cluster-wildcard.cert="+string(ctx.ClusterWildcardCert))
+		userProvidedCaCerts = append(userProvidedCaCerts, "ocp-cluster-wildcard.crt="+string(ctx.ClusterWildcardCert))
 	}
 	if ctx.TLSCert != nil {
 		quayConfigTLSSources = append(quayConfigTLSSources, "ssl.cert="+string(ctx.TLSCert))
+		userProvidedCaCerts = append(userProvidedCaCerts, "ssl.crt="+string(ctx.TLSCert))
 	}
 	if ctx.TLSKey != nil {
 		quayConfigTLSSources = append(quayConfigTLSSources, "ssl.key="+string(ctx.TLSKey))