Configure registry-facade secrets without using external dependencies (#17027)

Signed-off-by: Manuel de Brito Fontes <[email protected]>

Author: aledbf

install/installer/pkg/components/registry-facade/configmap.go

@@ -20,14 +20,6 @@ import (
 )
 
 func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
-	var tls regfac.TLS
-	if ctx.Config.Certificate.Name != "" {
-		tls = regfac.TLS{
-			Certificate: "/mnt/certificates/tls.crt",
-			PrivateKey:  "/mnt/certificates/tls.key",
-		}
-	}
-
 	var (
 		ipfsCache  *regfac.IPFSCacheConfig
 		redisCache *regfac.RedisCacheConfig
@@ -86,9 +78,12 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
 		Registry: regfac.Config{
 			Port:               ServicePort,
 			RemoteSpecProvider: remoteSpecProviders,
-			TLS:                &tls,
-			Store:              "/mnt/cache/registry",
-			RequireAuth:        false,
+			TLS: &regfac.TLS{
+				Certificate: "/mnt/certificates/tls.crt",
+				PrivateKey:  "/mnt/certificates/tls.key",
+			},
+			Store:       "/mnt/cache/registry",
+			RequireAuth: false,
 			StaticLayer: []regfac.StaticLayerCfg{
 				{
 					Ref:  ctx.ImageName(ctx.Config.Repository, SupervisorImage, ctx.VersionManifest.Components.Workspace.Supervisor.Version),

install/installer/pkg/components/registry-facade/daemonset.go

@@ -36,26 +36,23 @@ func daemonset(ctx *common.RenderContext) ([]runtime.Object, error) {
 	}
 
 	var (
-		volumes      []corev1.Volume
-		volumeMounts []corev1.VolumeMount
-	)
-
-	if ctx.Config.Certificate.Name != "" {
-		name := "config-certificates"
-		volumes = append(volumes, corev1.Volume{
-			Name: name,
-			VolumeSource: corev1.VolumeSource{
-				Secret: &corev1.SecretVolumeSource{
-					SecretName: ctx.Config.Certificate.Name,
+		volumes = []corev1.Volume{
+			{
+				Name: "config-certificates",
+				VolumeSource: corev1.VolumeSource{
+					Secret: &corev1.SecretVolumeSource{
+						SecretName: "builtin-registry-facade-cert",
+					},
 				},
 			},
-		})
-
-		volumeMounts = append(volumeMounts, corev1.VolumeMount{
-			Name:      name,
-			MountPath: "/mnt/certificates",
-		})
-	}
+		}
+		volumeMounts = []corev1.VolumeMount{
+			{
+				Name:      "config-certificates",
+				MountPath: "/mnt/certificates",
+			},
+		}
+	)
 
 	if objs, err := common.DockerRegistryHash(ctx); err != nil {
 		return nil, err

install/installer/pkg/components/ws-proxy/deployment.go

@@ -28,23 +28,23 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 		return nil, err
 	}
 
-	var volumes []corev1.Volume
-	var volumeMounts []corev1.VolumeMount
-	if ctx.Config.Certificate.Name != "" {
-		volumes = append(volumes, corev1.Volume{
+	volumes := []corev1.Volume{
+		{
 			Name: "config-certificates",
 			VolumeSource: corev1.VolumeSource{
 				Secret: &corev1.SecretVolumeSource{
 					SecretName: ctx.Config.Certificate.Name,
 				},
 			},
-		})
+		},
+	}
 
-		volumeMounts = append(volumeMounts, corev1.VolumeMount{
+	volumeMounts := []corev1.VolumeMount{
+		{
 			Name:      "config-certificates",
-			MountPath: "/mnt/certificates",
-		})
+			MountPath: "/mnt/certificates"},
 	}
+
 	if ctx.Config.SSHGatewayHostKey != nil {
 		volumes = append(volumes, corev1.Volume{
 			Name: "host-key",