Use self-signed certificate as last resort
With this change, we'll never run without TLS. The default is using cert-manager. Users can choose to turn off cert-manager. If cert-manager is off and the user uses global.ingress.tls.secretName
to pass in a Secret
pre-populated with a valid certificate, that certificate will be used. If cert-manager is off and the user doesn't set global.ingress.tls.secretName
, we'll generate a wildcard self-signed certificate.
If we're using a self-signed certificate, gitlab-runner won't work, so automatically fail in that case. Issue a warning all other times we use self-signed.
Self-signed certificates are generated by https://github.com/paulczar/omgwtfssl
Edited by Jason Plum