Deploy cert-manager to managed cluster for SSL certificates
Problem to solve
Our k8s integration does not currently support https.
https is necessary for mission critical/production grade deployments.
Now that we have support to deploy an Ingress and show the provisioned IP, we should move to support HTTPS as well.
We can make this turn key with Let's Encrypt, by adding the option to deploy
cert-manager to a managed Kubernetes cluster, which automates the certificate provisioning process.
cert-manager as an additional application within the apps section of the cluster page.
Add the ability to view and change the email address provided for the issuer. As a maintainer or owner, I should be able to update the issuer email.
The issuer email will default to the users email before the app is installed.
cert-manager is a native Kubernetes certificate management controller that helps with issuing certificates. Installing cert-manager on your cluster will issue a certificate by Let's Encrypt (icn-external) and ensure that certificates are valid and up to date.
Issuers represent a certificate authority. You must provide an email address for your Issuer. More information (icn-external)
What does success look like, and how can we measure that?
clusters are able to serve https apps out of the box.
Links / references
- Docs for how to set this up manually without this feature implemented: https://gitlab.com/gitlab-org/gitlab-ce/issues/40635#note_107461860
- Problems with long auto devops domain names not being supported by let's encrypt: https://gitlab.com/gitlab-org/gitlab-ce/issues/49563
- Let's encrypt will rate limit our
nip.iodomain names: https://gitlab.com/gitlab-org/gitlab-ce/issues/40635#note_107605370
/label ~"feature proposal"