Skip to content

Deploy cert-manager to managed cluster for SSL certificates

Problem to solve

Our k8s integration does not currently support https.

Further details

https is necessary for mission critical/production grade deployments.

Now that we have support to deploy an Ingress and show the provisioned IP, we should move to support HTTPS as well.

We can make this turn key with Let's Encrypt, by adding the option to deploy cert-manager to a managed Kubernetes cluster, which automates the certificate provisioning process.

Proposal

Add cert-manager as an additional application within the apps section of the cluster page.

Add the ability to view and change the email address provided for the issuer. As a maintainer or owner, I should be able to update the issuer email.

The issuer email will default to the users email before the app is installed.

Copy

cert-manager

cert-manager is a native Kubernetes certificate management controller that helps with issuing certificates. Installing cert-manager on your cluster will issue a certificate by Let's Encrypt (icn-external) and ensure that certificates are valid and up to date.

Issuer email

[taurie@gitlab.com]

Issuers represent a certificate authority. You must provide an email address for your Issuer. More information (icn-external)

Mockup

cert-manager

Image

cert-manager.svg

What does success look like, and how can we measure that?

clusters are able to serve https apps out of the box.

Links / references

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.

Edited by 🤖 GitLab Bot 🤖