kubernetes managed app Cert-manager is not installable in cluster which already includes cert=manager

Summary

Using kubernetes integration on a cluster which already has cert-manager installed is non optimal. Mainly installing cert-manager is not possible, hence

Steps to reproduce

  • Install a k8s cluster
  • Install cert-manager (in my case I installed the gitlab chart, but this is probably not needed)
  • Configure the k8s cluster integration in a gitlab instance
  • Try to install the cert-manager app (it fails, see logs)
  • Hope that it still does work with the existing cert-manager, and deploy an app
  • Observe that it gets a self-signed certificate, and not a letsencrypt one (Kubernetes ingress controller fake certificate)

Example Project

Not applicable

What is the current bug behavior?

Cert-manager is not installable, and auto devops domains do not get https

What is the expected correct behavior?

Mostly the end result, devops domains do get https with widely approved certificate. Either via the cert-manager I was able to install, or the pre-existing cert-manager

Relevant logs and/or screenshots

 kubectl.exe logs -n gitlab-managed-apps install-certmanager
+ helm init --upgrade
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.

Tiller (the Helm server-side component) has been upgraded to the current version.
+ seq 1 30
+ helm version --tls --tls-ca-cert /data/helm/certmanager/config/ca.pem --tls-cert /data/helm/certmanager/config/cert.pem --tls-key /data/helm/certmanager/config/key.pem
Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
+ break
+ helm upgrade certmanager stable/cert-manager --install --reset-values --tls --tls-ca-cert /data/helm/certmanager/config/ca.pem --tls-cert /data/helm/certmanager/config/cert.pem --tls-key /data/helm/certmanager/config/key.pem --version v0.5.2 --set 'rbac.create=true,rbac.enabled=true' --namespace gitlab-managed-apps -f /data/helm/certmanager/config/values.yaml
Release "certmanager" does not exist. Installing it now.
Error: customresourcedefinitions.apiextensions.k8s.io "certificates.certmanager.k8s.io" already exists

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info 
git@gitlab-unicorn-bbbd94495-jpkpm:/srv/gitlab$ bundle exec rake gitlab:env:info RAILS_ENV=production
WARNING: This version of GitLab depends on gitlab-shell 9.3.0, but you're running Unknown. Please update gitlab-shell.


System information
System:
Current User:   git
Using RVM:      no
Ruby Version:   2.6.3p62
Gem Version:    2.7.9
Bundler Version:1.17.3
Rake Version:   12.3.2
Redis Version:  unknown
Git Version:    unknown
Sidekiq Version:5.2.7
Go Version:     unknown


GitLab information
Version:        12.2.3
Revision:       13598699
Directory:      /srv/gitlab
DB Adapter:     PostgreSQL
DB Version:     10.10
URL:            https://git.k8s.nathansamson.be
HTTP Clone URL: https://git.k8s.nathansamson.be/some-group/some-project.git
SSH Clone URL:  git@git.k8s.nathansamson.be:some-group/some-project.git
Using LDAP:     no
Using Omniauth: no


GitLab Shell
Version:        unknown
Repository storage paths:
  • default: /var/opt/gitlab/repo GitLab Shell path: /home/git/gitlab-shell Git: /usr/bin/git

Results of GitLab application Check

Expand for output related to the GitLab application check 
WARNING: This version of GitLab depends on gitlab-shell 9.3.0, but you're running Unknown. Please update gitlab-shell.
Checking GitLab subtasks ...

Checking GitLab Shell ...


GitLab Shell: ... GitLab Shell version >= 9.3.0 ? ... FAIL. Please update gitlab-shell to 9.3.0 from Unknown
Running /home/git/gitlab-shell/bin/check
gitlab-shell self-check failed
Try fixing it:
Make sure GitLab is running;
Check the gitlab-shell configuration file:
sudo -u git -H editor /home/git/gitlab-shell/config.yml
Please fix the error above and rerun the checks.


Checking GitLab Shell ... Finished


Checking Gitaly ...


Gitaly: ... default ... OK


Checking Gitaly ... Finished


Checking Sidekiq ...


Sidekiq: ... Running? ... no
Try fixing it:
sudo -u git -H RAILS_ENV=production bin/background_jobs start
For more information see:
doc/install/installation.md in section "Install Init Script"
see log/sidekiq.log for possible errors
Please fix the error above and rerun the checks.


Checking Sidekiq ... Finished


Checking Incoming Email ...


Incoming Email: ... Reply by email is disabled in config/gitlab.yml


Checking Incoming Email ... Finished


Checking LDAP ...


LDAP: ... LDAP is disabled in config/gitlab.yml


Checking LDAP ... Finished


Checking GitLab App ...


Git configured correctly? ... no
Trying to fix error automatically. ...Failed
Try fixing it:
sudo -u git -H "/usr/bin/git" config --global core.autocrlf "input"
For more information see:
doc/install/installation.md in section "GitLab"
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config up to date? ... yes
Log directory writable? ... yes
Tmp directory writable? ... no
Try fixing it:
sudo chown -R gitlab /srv/gitlab/tmp
sudo chmod -R u+rwX /srv/gitlab/tmp
For more information see:
doc/install/installation.md in section "GitLab"
Please fix the error above and rerun the checks.
Uploads directory exists? ... yes
Uploads directory has correct permissions? ... yes
Uploads directory tmp has correct permissions? ... no
Try fixing it:
sudo chown -R git /srv/gitlab/public/uploads
sudo find /srv/gitlab/public/uploads -type f -exec chmod 0644 {} ;
sudo find /srv/gitlab/public/uploads -type d -not -path /srv/gitlab/public/uploads -exec chmod 0700 {} ;
For more information see:
doc/install/installation.md in section "GitLab"
Please fix the error above and rerun the checks.
Init script exists? ... no
Try fixing it:
Install the init script
For more information see:
doc/install/installation.md in section "Install Init Script"
Please fix the error above and rerun the checks.
Init script up-to-date? ... can't check because of previous errors
Projects have namespace: ...
2/1 ... yes
Redis version >= 2.8.0? ... no
Try fixing it:
Update your redis server to a version >= 2.8.0
For more information see:
gitlab-public-wiki/wiki/Trouble-Shooting-Guide in section sidekiq
Please fix the error above and rerun the checks.
Ruby version >= 2.5.3 ? ... yes (2.6.3)
Git version >= 2.22.0 ? ... no
Your git bin path is "/usr/bin/git"
Try fixing it:
Update your git to a version >= 2.22.0 from Unknown
Please fix the error above and rerun the checks.
Git user has default SSH configuration? ... yes
Active users: ... 2


Checking GitLab App ... Finished


Checking GitLab subtasks ... Finished

I realize not everything is okay, but I think this is because it is containerized and the checks do not fully account for that (and if they do I really need to log an issue with the charts team ;))

Possible fixes

No idea :)

Edited by Nathan