Fail to deploy with external cert-manager
Summary
I am trying to deploy gitlab using an external cert-manager utilising letsencrypt to generate my certificates. I have verified that my existing cert-manager is working. I also have an external nginx ingress controller deployed which I am using.
How shall I configure the values file to use an external cert-manager? I have tried to follow the documentation but it either generates a self-signed wild-card cert or one for the global ingress. I do not get certificates for gitlab-unicron-tls , gitlab-minio-tls and gitlab-registry-tls as I expect
Steps to reproduce
Installed via helm upgrade --install gitlab --namespace gitlab gitlab/gitlab -f values.yaml
Configuration used
global:
## doc/charts/globals.md#configure-host-settings
hosts:
domain: ##########.###
hostSuffix:
https: true
externalIP: ###.###.###.###
ssh: ~
## doc/charts/globals.md#configure-ingress-settings
ingress:
configureCertmanager: false
annotations:
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: nginx
enabled: true
tls:
enabled: true
#secretName: gitlab-gitlab-tls #If I specify this I only get this certificate and and not one for unicorn, minio and registry. If I do not include this I get the self-signed wild-card cert
gitlab:
## Enterprise license for this GitLab installation
## Secret created according to doc/installation/secrets.md#initial-enterprise-license
## If allowing shared-secrets generation, this is OPTIONAL.
license: {}
# secret: RELEASE-gitlab-license
# key: license
unicron:
enabled: true
ingress:
tls:
secretName: gitlab-unicorn-tls
## doc/charts/globals.md#configure-minio-settings
minio:
enabled: true
credentials: {}
# secret:
ingress:
tls:
secretName: gitlab-minio-tls
## doc/charts/globals.md#configure-registry-settings
registry:
ingress:
tls:
secretName: gitlab-registry-tls
## End of global
## Settings to for the Let's Encrypt ACME Issuer
# certmanager-issuer:
## The email address to register certificates requested from Let's Encrypt.
## Required if using Let's Encrypt.
# email: email@example.com
## Installation & configuration of jetstack/cert-manager
## See requirements.yaml for current version
certmanager:
install: false
## doc/charts/nginx/index.md
## doc/architecture/decisions.md#nginx-ingress
## Installation & configuration of charts/nginx
nginx-ingress:
enabled: false
Current behavior
Certificates are not generated correctly for unicorn, minio and registry
Expected behavior
I should get 3 certificates generated for each ingress (unicorn, minio and registry)
Versions
- Chart: 3.1.4
- Platform:
- Self-hosted: Ubuntu installed via kubeadm
- Kubernetes: (
kubectl version
)- Client: Major:"1", Minor:"17", GitVersion:"v1.17.3"
- Server: Major:"1", Minor:"17", GitVersion:"v1.17.3"
- Helm: (
helm version
) Version:"v3.0.0"
Relevant logs
Note: @WarheadsSE trimmed provided configuration down, removing unaltered default values.