Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 2. Configuring the OpenShift Container Platform TLS component for builds
The tls component of the QuayRegistry custom resource definition (CRD) allows you to control whether SSL/TLS are managed by the Red Hat Quay Operator, or self managed. In its current state, Red Hat Quay does not support the builds feature, or the builder workers, when the tls component is managed by the Red Hat Quay Operator.
When setting the tls component to unmanaged, you must supply your own ssl.cert and ssl.key files. Additionally, if you want your cluster to support builders, or the worker nodes that are responsible for building images, you must add both the Quay route and the builder route name to the SAN list in the certificate. Alternatively, however, you could use a wildcard.
The following procedure shows you how to add the builder route.
Prerequisites
-
You have set the
tlscomponent tounmanagedand uploaded custom SSL/TLS certificates to the Red Hat Quay Operator. For more information, see SSL and TLS for Red Hat Quay.
Procedure
In the configuration file that defines your SSL/TLS certificate parameters, for example,
openssl.cnf, add the following information to the certificate’s Subject Alternative Name (SAN) field. For example:# ... [alt_names] <quayregistry-name>-quay-builder-<namespace>.<domain-name>:443 # ...
For example:
# ... [alt_names] example-registry-quay-builder-quay-enterprise.apps.cluster-new.gcp.quaydev.org:443 # ...
