Description of problem:
Before api freeze we need to switch the registry service port from 5000 to 443 so that the service hostname does not need to include a port suffix.
The internal registry itself can stay on :5000, only the service port needs to change.
I think this may also necessitate a change to the service account controller which generates the docker config secret since that includes the registry hostname. There is a goal to make that controller use the cluster image config info, but it does not currently.
Per thread in aos-devel, targeting this for 4.2 and removing from the 4.1 beta blocker list.
Increasing target to 4.3.0. Downgrading severity to "medium" since we will need to simultaneously support port 443 and port 5000 for quite some time.
Per @Oleg there are several touch points that need to know all possible internal registry host locations, such as the registry itself and the image pruner.