Install cert-manager with a cluster management project
DETAILS: Tier: Free, Premium, Ultimate Offering: SaaS, self-managed
- Introduced in GitLab 14.0.
- Support for cert-manager v1.4 was introduced in GitLab 14.3.
- Upgraded to cert-manager 1.7 in GitLab 14.8.
Assuming you already have a project created from a
management project template, to install cert-manager you should
uncomment this line from your helmfile.yaml
:
- path: applications/cert-manager/helmfile.yaml
And update the applications/cert-manager/helmfile.yaml
with a valid email address.
values:
- letsEncryptClusterIssuer:
#
# IMPORTANT: This value MUST be set to a valid email.
#
email: example@example.com
NOTE:
If your Kubernetes version is earlier than 1.20 and you are
migrating from GitLab Managed Apps to a cluster management project,
then you can instead use - path: applications/cert-manager-legacy/helmfile.yaml
to
take over an existing release of cert-manager v0.10.
cert-manager:
- Is installed by default into the
gitlab-managed-apps
namespace of your cluster. - Includes a
Let's Encrypt
ClusterIssuer
enabled by default. In thecertmanager-issuer
release, the issuer requires a valid email address forletsEncryptClusterIssuer.email
. Let's Encrypt uses this email address to contact you about expiring certificates and issues related to your account. - Can be customized in
applications/cert-manager/helmfile.yaml
by passing customvalues
to thecertmanager
release. Refer to the chart for the available configuration options.