Deploy cert-manager to managed cluster for SSL certificates
Problem to solve
Our k8s integration does not currently support https.
Further details
https is necessary for mission critical/production grade deployments.
Now that we have support to deploy an Ingress and show the provisioned IP, we should move to support HTTPS as well.
We can make this turn key with Let's Encrypt, by adding the option to deploy cert-manager
to a managed Kubernetes cluster, which automates the certificate provisioning process.
Proposal
Add cert-manager
as an additional application within the apps section of the cluster page.
Add the ability to view and change the email address provided for the issuer. As a maintainer or owner, I should be able to update the issuer email.
The issuer email will default to the users email before the app is installed.
Copy
cert-manager is a native Kubernetes certificate management controller that helps with issuing certificates. Installing cert-manager on your cluster will issue a certificate by Let's Encrypt (icn-external) and ensure that certificates are valid and up to date.
Issuer email
[taurie@gitlab.com]
Issuers represent a certificate authority. You must provide an email address for your Issuer. More information (icn-external)
Mockup
Image
What does success look like, and how can we measure that?
clusters are able to serve https apps out of the box.
Links / references
- Docs for how to set this up manually without this feature implemented: https://gitlab.com/gitlab-org/gitlab-ce/issues/40635#note_107461860
- Problems with long auto devops domain names not being supported by let's encrypt: https://gitlab.com/gitlab-org/gitlab-ce/issues/49563
- Let's encrypt will rate limit our
nip.io
domain names: https://gitlab.com/gitlab-org/gitlab-ce/issues/40635#note_107605370
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.