Gitlab Pages Let's Encrypt Integration for Helm Chart Installs
Release notes
Wildcard certs can now be generated automatically using Let's Encrypt for self-managed Helm Chart installs.
Problem to solve
As a system administrator, I think it makes sense to generate and renew certificates automatically for Gitlab Pages on Helm Chart installs (wildcard certificates). This will remove the need to manually renew and maintain certificates (frequently) or purchase wildcard certificates.
Intended users
User experience goal
The user should be able to create a wildcard DNS record in their DNS provider and then configure Cert-Manager appropriately. Once this is done GitLab should be able to generate and maintain the resulting wildcard certificate for the Gitlab Pages domain.
Proposal
Potentially by implementing something that will deploy a Certificate resource into the cluster, then pages can retrieve the resulting secret.
Another option would be to implement GitLab Pages in a more K8S native way and use ingresses instead of a LoadBalanced service. CertManager would then pick up the ingress automatically and generate the appropriate certificate. I'm not sure how this would look on GitLab's end, possibly using the k8s API to modify/create ingress resources as pages are added/changed.
I am unsure of implementation specifics.