If you can't effo using your own wildcard certificate and still want to get GitLab quickly up for testing or smaller use cases, you can also use autogenerated self-signed certificates. In this recipe, we will explain using self-signed certificates, which can be useful in environments where Let's Encrypt is not an option, but SSL security is still needed:
- In cases where your domain is not reachable from the Let's Encrypt servers, you can provide an autogenerated self-signed wildcard certificate:
$ helm upgrade --install gitlab gitlab/gitlab --namespace gitlab
--timeout 600
--set global.edition=ce
--version 2.1.6
--set certmanager.install=false
--set global.ingress.configureCertmanager=false
--set gitlab-runner.install=false
- Retrieve the certificate, which can be imported into a web browser or system store later:
$ kubectl get secret gitlab-wildcard-tls-ca -n gitlab
-ojsonpath='{.data.cfssl_ca}' | base64 --decode > gitlab.mydomain.com.ca.pem