Support disabling webhook self-signed cert (!562) · Merge requests · GitLab.org / Cloud Native / GitLab Operator

Mitchell Nielsen requested to merge fix-configure-certmanager into master Jan 03, 2023

Supports disabling the manager webhook's self-signed certificate by only deploying the CertManager Issuer and Certificate resources if manager.webhook.selfSignedCert.create=true.

This is a follow-up to !561 (merged), accounting for the scenario where cert-manager.install is indeed false because we aren't deploying it, but that doesn't mean we aren't using it - instead, we're using an externally-managed instance of it. In this case, we still need the self- signed certificate for the webhook. Without this change, the Controller Pod won't start in CI because it's waiting for that self-signed certificate Secret to be available in the namespace.

Changelog: fixed

Related to #989 (closed)

Edited Jan 03, 2023 by Mitchell Nielsen

Support disabling webhook self-signed cert

Merge request reports