Deploy cert-manager to managed cluster for SSL certificates
What does this MR do?
Adds Cert-Manager application to GitLab 1-click deploy.
Note: For cert-manager to work with ingresses (e.g. our JupyterHub deployment), the ingress needs additional TLS section. That should be handled as a separate MR. But I have tested those changes manually and it does generate proper certificate and serves Jupyter over HTTPS. See steps for it below.
Note: This is WIP MR. Tests etc. are remaining.
How did I test this?
I tested it with Jupyter Ingress (steps below). @DylanGriffith and @tkuah are going to help QA this for AutoDevOps application. Ultimately any app deployed via Gitlab's K8s Cluster should be accessible over HTTPS.
- Verify that your Gitlab user's email address is real (and not email@example.com etc.). Let's Encrypt doesn't allow example.com and other fake emails.
- Create cluster & one click install Helm, Ingress, Cert-Manager, and Jupyter.
- Go to GKE console -> Your cluster -> Services -> JupyterHub Ingress. Click edit and add TLS section (as shown in picture), also add the annotation
kubernetes.io/tls-acme: "true"(as shown in same picture).
- Hit save. You should see certificate created under the events tab and Jupyter endpoint accessible via HTTPS.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
- Changelog entry added, if necessary
- Documentation created/updated
- Tests added for this feature/bug
- Conforms to the code review guidelines
- Conforms to the merge request performance guidelines
- Conforms to the style guides
- Conforms to the database guides
- Link to e2e tests MR added if this MR has Requires e2e tests label. See the Test Planning Process.