Self-signed registry certificates

Adding self-signed certificates to knative/serverless

The --namespace knative-serving deployment controller needs the root certificate to pull images from a private registry, such as the in-project registry. This can be configured by kubectl editing the deployment and adding

1. an environment variable to the certificate location
2. a volume for the certificate mounted to same place
3. a secret or configmap containing the certificate

However, the --namespace knative-build deployment build-controller does not work the same way. At the moment there's no way to push serverless builds to a registry with a self-signed certificate.

apiVersion: v1
kind: ConfigMap
metadata:
  name: config-registry-certificate
  namespace: knative-serving
data:
  ca.crt: |
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: controller
  namespace: knative-serving
spec:
  template:
    spec:
      containers:
      - name: controller
        env:
        - name: SSL_CERT_DIR
          value: /etc/config-registry-certificate
        volumeMounts:
        - mountPath: /etc/config-registry-certificate
          name: config-registry-certificate
      volumes:
      - configMap:
          name: config-registry-certificate
          items:
          - key: ca.crt
            path: <registry-url>.crt
        name: config-registry-certificate