Skip to content

Deploy GitLab with existing cert-manager

Summary

I installed a cert manager in my cluster with the following command:

helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.15.1 \
  --set crds.enabled=true

Now, when I try to deploy Gitlab to use this Cert-Manager, I get this error message:

Error: INSTALLATION FAILED: Unable to continue with install: CustomResourceDefinition "certificates.cert-manager.io" in namespace "" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-name" must equal "gitlab": current value is "cert-manager"; annotation validation error: key "meta.helm.sh/release-namespace" must equal "gitlab": current value is "cert-manager"

Steps to reproduce

Deploy Gitlab with the following values.yaml

Configuration used

global:
  edition: ce
  hosts:
    domain: mydomaine.fr
    hostSuffix:
    https: true
    externalIP:
    ssh:
    gitlab: {}
    minio: {}
    registry: {}
    tls: {}
    smartcard: {}
    kas: {}
    pages: {}
  ingress:
    apiVersion: ""
    configureCertmanager: false
    useNewIngressForCerts: false
    provider: traefik
    class: traefik
    annotations:
      "kubernetes.io/tls-acme": true
      "cert-manager.io/cluster-issuer": letsencrypt-prod
    enabled: true
    tls:
      enabled: true
      secretName:
    path: /
    pathType: Prefix
  minio:
    enabled: true
    ingress:
      enabled: true
      tls:
        enabled: true
        secretName: gitlab-minio-tls
  registry:
    bucket: registry
    tls:
      enabled: true
      secretName: gitlab-registry-tls
  webservice:
    workerTimeout: 60
    ingress:
      tls:
        enabled: true
        secretName: gitlab-webservice-tls
  certificates:
    image:
      repository: registry.gitlab.com/gitlab-org/build/cng/certificates
    customCAs: []   
  serviceAccount:
    enabled: false
    create: true
    annotations: {}
certmanager-issuer:
  email: myemail@gmail.com
certmanager:
  installCRDs: false
  nameOverride: certmanager
  install: false
  rbac:
    create: true

Current behavior

It give me an error using the CRDs

Expected behavior

Use CRDs already installed with Cert-Manager

Versions

  • Chart: 17.1
  • Platform:
    • Self-hosted: k3s
  • Kubernetes:
    • Client: v1.29.2
    • Server: v1.29.3+k3s1
  • Helm: (helm version)
    • Client: v3.14.1+ge8858f8
    • Server: none

Relevant logs

No logs

Edited by Jason Plum