Configure cert-manager when enabled

Mitchell Nielsenrequested to merge
fix-certmanager-configuration into master

Enables using the cert-manager operator's certificates with the GitLab Operator's ingresses.

Closes https://gitlab.com/gitlab-org/gl-openshift/gitlab-operator/-/issues/125.

Test instructions

Configure your CR:

global:
  hosts:
    domain: yourdomain.com
  ingress:
    configureCertmanager: true
certmanager-issuer:
  email: youremail@example.com # make sure to set a real address

Deploy the Operator to the cluster and upload this CR. Confirm that eventually:

  • Issuer is deployed to the namespace
  • Certificates (stored as Secrets) are created for Minio, Registry, and Webservice ingresses (gitlab-{minio,registry,webservice}-tls)
  • Minio, Registry, and Webservice ingresses are configured to use the Secrets defined above
  • Each URL is accessible and presents the valid certificate

CertManager disabled and then enabled

You can test converting to CertManager by starting with global.ingress.configureCertmanager=false in the CR, wait for the release to finish (all pods running), and then update it to true and submit the CR again.

Note: you will likely run into https://gitlab.com/gitlab-org/gl-openshift/gitlab-operator/-/issues/134. The workaround for now is to manually delete the RELEASE_NAME-migrations-1 job.

Edited by Mitchell Nielsen

Merge request reports