Update certmanager installation tooling to use version 1.6.1 (!401) · Merge requests · GitLab.org / Cloud Native / GitLab Operator

Dustin Collins requested to merge update-certmanager-161 into master Feb 28, 2022

This MR updates the version of cert-manager we use for OpenShift and Kubernetes CI clusters from 1.1.0 to 1.6.1.

As noted in gitlab-org/charts/gitlab#2843 (comment 842204756), newer (4.8+) versions of OpenShift have issues with the 1.1.0 certmanger images, seeing them as running as root when they are not running as root. This causes the cert-manager deployment to fail. The cert-manager team stopped creating UBI images after 1.1.0 in favor of distroless images.

Relates to issue https://gitlab.com/gitlab-org/distribution/infrastructure/openshift-provisioning/-/issues/8, where we have a similar approach to fixing the problem. But this repository and method of provisioning clusers in pipelines is new and shouldn't hold up launching new OpenShift clusters. We will eventually transition to this method of launching clusters, but this shouldn't block 4.9 and FIPS cluster issues.

To test this, checkout the branch and either create a new OpenShift cluster or run ./scripts/install_certmanager.sh with environment variables set to an existing cluster. cert-manager should deploy without issue.

Edited Mar 04, 2022 by Mitchell Nielsen

Update certmanager installation tooling to use version 1.6.1

Merge request reports