Manage certificates using external Cert-Manager
Summary
I installed a cert manager in my cluster with the following command:
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.15.1 \
--set crds.enabled=trueNow, when I deploy Gitlab specifying that it should use the previously installed Cert-Manager.
Steps to reproduce
Deploy Gitlab with the following values.yaml
Configuration used
(Please provide a sanitized version of the configuration used wrapped in a code block (```yaml))
global:
edition: ce
hosts:
domain: mydomaine.fr
hostSuffix:
https: true
ingress:
apiVersion: ""
configureCertmanager: true
useNewIngressForCerts: false
provider: traefik
class: traefik
annotations:
"cert-manager.io/cluster-issuer": letsencrypt-prod
enabled: true
tls:
enabled: true
secretName:
path: /
pathType: Prefix
certmanager:
installCRDs: false
nameOverride: certmanager
install: false
rbac:
create: trueCurrent behavior
I feel like it's not using my Cert-Manager properly to create and manage certificates.
Expected behavior
Automatically create and manage certificates without going through something like this:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: cer-webservice
namespace: gitlab
spec:
secretName: gitlab-webservice-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- gitlab.elormont.frVersions
- Chart: 17.1
- Platform:
- Self-hosted: k3s
- Kubernetes:
- Client: v1.29.2
- Server: v1.29.3+k3s1
- Helm:
- Client: v3.14.1+ge8858f8
- Server: none
Relevant logs
There is this in my Cert-Manager logs :
E0801 10:33:54.316983 1 sync.go:112] "failed to determine issuer to be used for ingress resource" err="both \"cert-manager.io/issuer\" and \"cert-manager.io/cluster-issuer\" may not be set" logger="cert-manager.controller.ingress-shim" resource_name="gitlab-registry" resour
ce_namespace="gitlab" resource_kind="" resource_version=""
E0801 10:33:54.318677 1 sync.go:112] "failed to determine issuer to be used for ingress resource" err="both \"cert-manager.io/issuer\" and \"cert-manager.io/cluster-issuer\" may not be set" logger="cert-manager.controller.ingress-shim" resource_name="gitlab-kas" resource_na
mespace="gitlab" resource_kind="" resource_version=""
E0801 10:33:54.318677 1 sync.go:112] "failed to determine issuer to be used for ingress resource" err="both \"cert-manager.io/issuer\" and \"cert-manager.io/cluster-issuer\" may not be set" logger="cert-manager.controller.ingress-shim" resource_name="gitlab-webservice-defau
lt" resource_namespace="gitlab" resource_kind="" resource_version=""
E0801 10:33:54.318916 1 sync.go:112] "failed to determine issuer to be used for ingress resource" err="both \"cert-manager.io/issuer\" and \"cert-manager.io/cluster-issuer\" may not be set" logger="cert-manager.controller.ingress-shim" resource_name="gitlab-minio" resource_
namespace="gitlab" resource_kind="" resource_version=""
E0801 10:33:54.325665 1 sync.go:112] "failed to determine issuer to be used for ingress resource" err="both \"cert-manager.io/issuer\" and \"cert-manager.io/cluster-issuer\" may not be set" logger="cert-manager.controller.ingress-shim" resource_name="gitlab-registry" resour
ce_namespace="gitlab" resource_kind="" resource_version=""
E0801 10:33:54.333473 1 sync.go:112] "failed to determine issuer to be used for ingress resource" err="both \"cert-manager.io/issuer\" and \"cert-manager.io/cluster-issuer\" may not be set" logger="cert-manager.controller.ingress-shim" resource_name="gitlab-webservice-defau
lt" resource_namespace="gitlab" resource_kind="" resource_version=""
E0801 10:33:54.337511 1 sync.go:112] "failed to determine issuer to be used for ingress resource" err="both \"cert-manager.io/issuer\" and \"cert-manager.io/cluster-issuer\" may not be set" logger="cert-manager.controller.ingress-shim" resource_name="gitlab-kas" resource_na
mespace="gitlab" resource_kind="" resource_version=""
E0801 10:33:54.339904 1 sync.go:112] "failed to determine issuer to be used for ingress resource" err="both \"cert-manager.io/issuer\" and \"cert-manager.io/cluster-issuer\" may not be set" logger="cert-manager.controller.ingress-shim" resource_name="gitlab-minio" resource_
namespace="gitlab" resource_kind="" resource_version=""