search

nginxinc / nginx-ingress-helm-operator

NGINX Ingress Operator for NGINX and NGINX Plus Ingress Controllers. Based on the Helm chart for NGINX Ingress Controller - https://github.com/nginxinc/helm-charts
Apache License 2.0
35 stars 20 forks source link

Operator - Image registry consolidation #273

Open danielnginx opened 4 months ago

danielnginx commented 4 months ago

Review all the container registries that we use in the operator project and consolidate them to use Quay when possible.

Examples:

https://github.com/nginxinc/nginx-ingress-helm-operator/blob/61bf1f33815676ee9a14fef37196c12e9c099e7e/bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml#L418

https://github.com/nginxinc/nginx-ingress-helm-operator/blob/61bf1f33815676ee9a14fef37196c12e9c099e7e/config/default/manager_auth_proxy_patch.yaml#L34

Related issue, https://github.com/nginxinc/nginx-ingress-helm-operator/issues/336, was closed by issuer as "self resolved. the changes persisted."

### Tasks
- [ ] https://github.com/nginxinc/nginx-ingress-helm-operator/issues/348
brianehlert commented 4 months ago

The ask from the customer is to use trusted F5 NGINX container registries. The goal is that the operator is easy for customers that are offline.
And the installation of the operator cannot dynamically pull from registries because of corporate security policy. In this case each image registry needs to be expressly trusted and approved by the security team.

blediagolli commented 1 month ago

To add to this, is there a way to point to a private registry that is hosting the necessary images for the operator? I am having to host the kube-rbac-proxy image in our private repo and everywhere I change it, the operator reverts to the gcr.io registry.

vepatel commented 1 month ago

related: https://github.com/nginxinc/nginx-ingress-helm-operator/issues/336