Erroneous output regarding SSL Certificate generation
Summary
When purposely disabling as much as possible we get an erroneous message about certificates having been generated when they are in fact not.
End of the helm installation output:
NOTES:
The automatic generation of secrets has been disabled by `shared-secrets.enabled: false`.
The user should ensure all necessary secrets are created according to documentation, or
the deployment will fail to operate correctly.
WARNING: Automatic TLS certificate generation with cert-manager is disabled and no TLS certificates were provided. Self-signed certificates were generated.
You may retrieve the CA root for these certificates from the `jts-wildcard-tls-ca` secret, via the following command. It can then be imported to a web browser or system store.
kubectl get secret jts-wildcard-tls-ca -ojsonpath='{.data.cfssl_ca}' | base64 --decode > gitlab.example.com.ca.pem
If you do not wish to use self-signed certificates, please set the following properties:
- global.ingress.tls.secretName
OR
- registry.ingress.tls.secretName
But the secrets noted above do not exist. This is confusing and initially causes me to think something occurred without my knowledge, but in this case, it's just erroneous as none of the above actually occurred.
Steps to reproduce
Disable as much as possible, example values yaml: https://gitlab.com/gitlab-com/gl-infra/k8s-workloads/gitlab-com/blob/9f1fb7eb609747c2e277c03264a7a7433a35bf22/values.yaml
Then run a helm install command.
global:
hosts:
https: true
ingress:
enabled: false
configureCertmanager: false
tls:
enabled: false
certmanager:
install: false
shared-secrets:
enabled: false
Versions
- Chart:
0896c389388be8719f32ed551d9cfba45f81389c
- Platform:
- Cloud: GKE
- Kubernetes:
- Client: v1.13.6
- Server: v1.13.6-gke.13
- Helm: (
helm version
)- Client: v2.14.1
- Server: v2.14.1
Edited by Jason Plum