Skip to content

Registry: internal TLS behaviors do not function as documented

Summary

In !2764 (merged), we changed the Deployment template for Registry such that it consumed gitlab.registry.tls.secret. This has resulted in a bug, where by you can not directly specify the internal TLS secretName in a functional means. The template there only consumes global.registry.tls.secretName, while documentation explicitly states that it should be configured via registry.tls.secretName.

Steps to reproduce

global:
  registry:
    tls:
      secretName:
registry:
  tls:
    enabled: true
    secretName: internal-hosts-tls

Current Behavior

Only consumes global.registry.tls.secretName

Expected Behavior

Consumes either global.registry.tls.secretName or registry.tls.secretName, or documentation is updated for accuracy.

Versions

  • Chart: 15.4+