Wrong default value in the doc for global.ingress.tls.enabled
Hello!
Summary
Documentation for value global.ingress.tls.enabled
says the default value is true
. I think there is no default value.
As a result, the documentation snippet External cert-manager and Issuer (external) doesn't work as expected.
Steps to reproduce
The documentation states that global.ingress.tls.enabled
default value is true
while in the values.yaml
the global.ingress.tls
block is empty.
I discovered this because I was following the documentation for External cert-manager and Issuer (external) and I realized that with this configuration self-signed certificates are still generated.
The condition that triggers shared secret generation is here:
{{- if not (or .Values.global.ingress.configureCertmanager .Values.global.ingress.tls) -}}
So shared secrets generation is enabled if:
.Values.global.ingress.configureCertmanager=false
- AND
.Values.global.ingress.tls=false/null
If the default value of global.ingress.tls.enabled
was indeed true
then .Values.global.ingress.tls
would be truthy and shared-secrets generation would be disabled. But since global.ingress.tls
is falsy, the configuration proposed in the documentation does not disable shared secrets generation.
Configuration I'm talking about:
helm install gitlab gitlab/gitlab \
--set certmanager.install=false \
--set global.ingress.configureCertmanager=false \
--set global.ingress.annotations."kubernetes\.io/tls-acme"=true \
--set gitlab.webservice.ingress.tls.secretName=RELEASE-gitlab-tls \
--set registry.ingress.tls.secretName=RELEASE-registry-tls \
--set minio.ingress.tls.secretName=RELEASE-minio-tls \
--set gitlab.kas.ingress.tls.secretName=RELEASE-kas-tls
Configuration used
See above.
Current behavior
global.ingress.tls.enabled
has no default value. As a result, the following command installs gitlab with shared secrets generation:
helm install gitlab gitlab/gitlab \
--set certmanager.install=false \
--set global.ingress.configureCertmanager=false \
--set global.ingress.annotations."kubernetes\.io/tls-acme"=true \
--set gitlab.webservice.ingress.tls.secretName=RELEASE-gitlab-tls \
--set registry.ingress.tls.secretName=RELEASE-registry-tls \
--set minio.ingress.tls.secretName=RELEASE-minio-tls \
--set gitlab.kas.ingress.tls.secretName=RELEASE-kas-tls
Expected behavior
global.ingress.tls.enabled
is true
or the documentation is fixed.
Versions
- Chart: master
- Platform:
- Cloud: GKE, but I think it doesn't matter
- Kubernetes: (
kubectl version
)- Client: 1.21
- Server: 1.21
- Helm: (
helm version
)- Client: 3.9.2
- Server: 3.9.2
Relevant logs
N/A
Apologies if I got it wrong and/or if this is not the right place to raise this!
Thanks!