How to run GitLab in Kubernetes with an existing cert-manager

by | 12.04.2021 | Engineering

Assuming you have an existing cert-manager and nginx in your Kubernetes cluster, the GitLab Helm Chart needs a few tweaks to make use of your existing infrastructure and the ingress.

If you start from scratch, check the following posts to learn how to setup a Kubernetes cluster and install cert-manager and nginx:

Install GitLab

The following steps are taken from the official documentation.

First, add the GitLab Helm repository to your local Helm installation and get the default values for GitLab’s configuration.

helm repo add gitlab https://charts.gitlab.io/
helm repo update
helm get values gitlab > gitlab.yaml

Then, adjust the default values to match your installation (and make use of the existing components).

Note: we disable the built-in nginx and cert-manager and provide the necessary annotations to the chart so all GitLab deployments can make use of our existing ingress and tls infrastructure.

      nginx-ingress:
        enabled: False
      global:
        ingress:
          configureCertmanager: False
          class: nginx
          annotations:
            kubernetes.io/tls-acme: True
            kubernetes.io/ingress.class: "nginx"
            cert-manager.io/cluster-issuer: "letsencrypt-prod"
            acme.cert-manager.io/http01-ingress-class: "nginx"
        hosts:
          domain: "YOURINGRESSDOMAIN"
      gitlab:
        webservice:
          ingress:
            tls:
              secretName: gitlab-tls
      registry:
        ingress:
          tls:
            secretName: registry-tls
      minio:
        ingress:
          tls:
            secretName: minio-tls
      certmanager:
        install: False
      postgresql:
        install: True

Now just install the chart using Helm.

helm upgrade gitlab gitlab/gitlab -f gitlab.yaml

CommunityNew

The DevOps Awareness Program

Subscribe to the newsletter

Join 100+ cloud native ethusiasts

#wearep3r

Join the community Slack

Discuss all things Kubernetes, DevOps and Cloud Native

Related articles6

How to clean up disk space occupied by Docker images?

How to clean up disk space occupied by Docker images?

Docker has revolutionised containers even if they weren't the first to walk the path of containerisation. The ease and agility docker provide makes it the preferred engine to explore for any beginner or enterprise looking towards containers. The one problem most of...

Parsing Packages with Porter

Parsing Packages with Porter

Porter works as a containerized tool that helps users to package the elements of any existing application or codebase along with client tools, configuration resources and deployment logic in a single bundle. This bundle can be further moved, exported, shared and distributed with just simple commands.

eBPF – The Next Frontier In Linux (Introduction)

eBPF – The Next Frontier In Linux (Introduction)

The three great giants of the operating system even today are well regarded as Linux, Windows and Mac OS. But when it comes to creating all purpose and open source applications, Linux still takes the reign as a crucial piece of a developer’s toolkit. However, you...

Falco: A Beginner’s Guide

Falco: A Beginner’s Guide

Falco shines through in resolving these issues by detecting and alerting any behaviour that makes Linux system calls. This system of alerting rules is made possible with the use of Sysdig’s filtering expressions to detect potentially suspicious activity. Users can also specify alerts for specific calls, arguments related to the calls and through the properties of the calling process.

Why DevOps Engineers Love Fluentd?

Why DevOps Engineers Love Fluentd?

Fluentd’s main operational forte lies in the exchange of communication and platforming for creating pipelines where log data can be easily transferred from log generators (such as a host or application) to their preferred destinations (data sinks such as Elasticsearch).

Operating On OpenTracing: A Beginner’s Guide

Operating On OpenTracing: A Beginner’s Guide

OpenTracing is a largely ignored variant of the more popular distributed tracing technique, commonly used in microservice architectures. Users may be familiar with the culture of using distributed tracing for profiling and monitoring applications. For the newcomers,...