From bd0686731c4d0bcf2bf1282f915bb20da3770c21 Mon Sep 17 00:00:00 2001 From: fibonacci1729 Date: Mon, 16 Jul 2018 15:16:21 -0600 Subject: [PATCH 01/12] fix(helm): fix(helm): add `--tls-hostname` flag to tls flags docs(*): update tiller_ssl.md to reflect IP SAN usage. When using helm/tiller in tls-verify mode, 127.0.0.1 should be listed as an IP SAN in the tiller certificate to pass hostname verficiation of the TLS handshake. Closes #4149 --- cmd/helm/helm.go | 11 +++++++-- docs/helm/helm_delete.md | 23 ++++++++++--------- docs/helm/helm_get.md | 15 +++++++------ docs/helm/helm_get_hooks.md | 15 +++++++------ docs/helm/helm_get_manifest.md | 15 +++++++------ docs/helm/helm_get_values.md | 17 +++++++------- docs/helm/helm_history.md | 19 ++++++++-------- docs/helm/helm_install.md | 3 ++- docs/helm/helm_list.md | 41 +++++++++++++++++----------------- docs/helm/helm_reset.md | 17 +++++++------- docs/helm/helm_rollback.md | 27 +++++++++++----------- docs/helm/helm_status.md | 17 +++++++------- docs/helm/helm_test.md | 17 +++++++------- docs/helm/helm_upgrade.md | 3 ++- docs/helm/helm_version.md | 21 ++++++++--------- docs/tiller_ssl.md | 17 ++++++++++++++ pkg/tlsutil/cfg.go | 11 +++++++-- 17 files changed, 167 insertions(+), 122 deletions(-) diff --git a/cmd/helm/helm.go b/cmd/helm/helm.go index 8607129e4..cdb6313e2 100644 --- a/cmd/helm/helm.go +++ b/cmd/helm/helm.go @@ -40,6 +40,7 @@ import ( ) var ( + tlsServerName string // overrides the server name used to verify the hostname on the returned certificates from the server. tlsCaCertFile string // path to TLS CA certificate file tlsCertFile string // path to TLS certificate file tlsKeyFile string // path to TLS key file @@ -285,8 +286,13 @@ func newClient() helm.Interface { if tlsKeyFile == "" { tlsKeyFile = settings.Home.TLSKey() } - debug("Key=%q, Cert=%q, CA=%q\n", tlsKeyFile, tlsCertFile, tlsCaCertFile) - tlsopts := tlsutil.Options{KeyFile: tlsKeyFile, CertFile: tlsCertFile, InsecureSkipVerify: true} + debug("Host=%q, Key=%q, Cert=%q, CA=%q\n", tlsKeyFile, tlsCertFile, tlsCaCertFile) + tlsopts := tlsutil.Options{ + ServerName: tlsServerName, + KeyFile: tlsKeyFile, + CertFile: tlsCertFile, + InsecureSkipVerify: true, + } if tlsVerify { tlsopts.CaCertFile = tlsCaCertFile tlsopts.InsecureSkipVerify = false @@ -306,6 +312,7 @@ func newClient() helm.Interface { func addFlagsTLS(cmd *cobra.Command) *cobra.Command { // add flags + cmd.Flags().StringVar(&tlsServerName, "tls-hostname", settings.TillerHost, "the server name used to verify the hostname on the returned certificates from the server") cmd.Flags().StringVar(&tlsCaCertFile, "tls-ca-cert", tlsCaCertDefault, "path to TLS CA certificate file") cmd.Flags().StringVar(&tlsCertFile, "tls-cert", tlsCertDefault, "path to TLS certificate file") cmd.Flags().StringVar(&tlsKeyFile, "tls-key", tlsKeyDefault, "path to TLS key file") diff --git a/docs/helm/helm_delete.md b/docs/helm/helm_delete.md index e181f439e..442e5e96c 100644 --- a/docs/helm/helm_delete.md +++ b/docs/helm/helm_delete.md @@ -20,16 +20,17 @@ helm delete [flags] RELEASE_NAME [...] ### Options ``` - --description string specify a description for the release - --dry-run simulate a delete - --no-hooks prevent hooks from running during deletion - --purge remove the release from the store and make its name free for later use - --timeout int time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks) (default 300) - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + --description string specify a description for the release + --dry-run simulate a delete + --no-hooks prevent hooks from running during deletion + --purge remove the release from the store and make its name free for later use + --timeout int time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks) (default 300) + --tls enable TLS for request + --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") + --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") + --tls-hostname string the server name used to verify the hostname on the returned certificates from the server + --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") + --tls-verify enable TLS for request and verify remote ``` ### Options inherited from parent commands @@ -47,4 +48,4 @@ helm delete [flags] RELEASE_NAME [...] ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 7-Aug-2018 diff --git a/docs/helm/helm_get.md b/docs/helm/helm_get.md index f233cd2a7..3a1b3d442 100644 --- a/docs/helm/helm_get.md +++ b/docs/helm/helm_get.md @@ -25,12 +25,13 @@ helm get [flags] RELEASE_NAME ### Options ``` - --revision int32 get the named release with revision - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + --revision int32 get the named release with revision + --tls enable TLS for request + --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") + --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") + --tls-hostname string the server name used to verify the hostname on the returned certificates from the server + --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") + --tls-verify enable TLS for request and verify remote ``` ### Options inherited from parent commands @@ -51,4 +52,4 @@ helm get [flags] RELEASE_NAME * [helm get manifest](helm_get_manifest.md) - download the manifest for a named release * [helm get values](helm_get_values.md) - download the values file for a named release -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 7-Aug-2018 diff --git a/docs/helm/helm_get_hooks.md b/docs/helm/helm_get_hooks.md index 4f9fa1887..9f3d5b0b2 100644 --- a/docs/helm/helm_get_hooks.md +++ b/docs/helm/helm_get_hooks.md @@ -18,12 +18,13 @@ helm get hooks [flags] RELEASE_NAME ### Options ``` - --revision int32 get the named release with revision - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + --revision int32 get the named release with revision + --tls enable TLS for request + --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") + --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") + --tls-hostname string the server name used to verify the hostname on the returned certificates from the server + --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") + --tls-verify enable TLS for request and verify remote ``` ### Options inherited from parent commands @@ -41,4 +42,4 @@ helm get hooks [flags] RELEASE_NAME ### SEE ALSO * [helm get](helm_get.md) - download a named release -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 7-Aug-2018 diff --git a/docs/helm/helm_get_manifest.md b/docs/helm/helm_get_manifest.md index 3ae55ef3e..6cae9001f 100644 --- a/docs/helm/helm_get_manifest.md +++ b/docs/helm/helm_get_manifest.md @@ -20,12 +20,13 @@ helm get manifest [flags] RELEASE_NAME ### Options ``` - --revision int32 get the named release with revision - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + --revision int32 get the named release with revision + --tls enable TLS for request + --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") + --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") + --tls-hostname string the server name used to verify the hostname on the returned certificates from the server + --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") + --tls-verify enable TLS for request and verify remote ``` ### Options inherited from parent commands @@ -43,4 +44,4 @@ helm get manifest [flags] RELEASE_NAME ### SEE ALSO * [helm get](helm_get.md) - download a named release -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 7-Aug-2018 diff --git a/docs/helm/helm_get_values.md b/docs/helm/helm_get_values.md index 12d973122..01fee2cd2 100644 --- a/docs/helm/helm_get_values.md +++ b/docs/helm/helm_get_values.md @@ -16,13 +16,14 @@ helm get values [flags] RELEASE_NAME ### Options ``` - -a, --all dump all (computed) values - --revision int32 get the named release with revision - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + -a, --all dump all (computed) values + --revision int32 get the named release with revision + --tls enable TLS for request + --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") + --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") + --tls-hostname string the server name used to verify the hostname on the returned certificates from the server + --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") + --tls-verify enable TLS for request and verify remote ``` ### Options inherited from parent commands @@ -40,4 +41,4 @@ helm get values [flags] RELEASE_NAME ### SEE ALSO * [helm get](helm_get.md) - download a named release -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 7-Aug-2018 diff --git a/docs/helm/helm_history.md b/docs/helm/helm_history.md index 437e70f03..e5028f9cb 100755 --- a/docs/helm/helm_history.md +++ b/docs/helm/helm_history.md @@ -28,14 +28,15 @@ helm history [flags] RELEASE_NAME ### Options ``` - --col-width uint specifies the max column width of output (default 60) - --max int32 maximum number of revision to include in history (default 256) - -o, --output string prints the output in the specified format (json|table|yaml) (default "table") - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + --col-width uint specifies the max column width of output (default 60) + --max int32 maximum number of revision to include in history (default 256) + -o, --output string prints the output in the specified format (json|table|yaml) (default "table") + --tls enable TLS for request + --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") + --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") + --tls-hostname string the server name used to verify the hostname on the returned certificates from the server + --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") + --tls-verify enable TLS for request and verify remote ``` ### Options inherited from parent commands @@ -53,4 +54,4 @@ helm history [flags] RELEASE_NAME ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 7-Aug-2018 diff --git a/docs/helm/helm_install.md b/docs/helm/helm_install.md index c266222b8..6e0948e8f 100644 --- a/docs/helm/helm_install.md +++ b/docs/helm/helm_install.md @@ -102,6 +102,7 @@ helm install [CHART] --tls enable TLS for request --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") + --tls-hostname string the server name used to verify the hostname on the returned certificates from the server --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") --tls-verify enable TLS for request and verify remote --username string chart repository username where to locate the requested chart @@ -126,4 +127,4 @@ helm install [CHART] ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jul-2018 +###### Auto generated by spf13/cobra on 7-Aug-2018 diff --git a/docs/helm/helm_list.md b/docs/helm/helm_list.md index c7e99e403..17b2573b8 100755 --- a/docs/helm/helm_list.md +++ b/docs/helm/helm_list.md @@ -39,25 +39,26 @@ helm list [flags] [FILTER] ### Options ``` - -a, --all show all releases, not just the ones marked DEPLOYED - --col-width uint specifies the max column width of output (default 60) - -d, --date sort by release date - --deleted show deleted releases - --deleting show releases that are currently being deleted - --deployed show deployed releases. If no other is specified, this will be automatically enabled - --failed show failed releases - -m, --max int maximum number of releases to fetch (default 256) - --namespace string show releases within a specific namespace - -o, --offset string next release name in the list, used to offset from start value - --output string output the specified format (json or yaml) - --pending show pending releases - -r, --reverse reverse the sort order - -q, --short output short (quiet) listing format - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + -a, --all show all releases, not just the ones marked DEPLOYED + --col-width uint specifies the max column width of output (default 60) + -d, --date sort by release date + --deleted show deleted releases + --deleting show releases that are currently being deleted + --deployed show deployed releases. If no other is specified, this will be automatically enabled + --failed show failed releases + -m, --max int maximum number of releases to fetch (default 256) + --namespace string show releases within a specific namespace + -o, --offset string next release name in the list, used to offset from start value + --output string output the specified format (json or yaml) + --pending show pending releases + -r, --reverse reverse the sort order + -q, --short output short (quiet) listing format + --tls enable TLS for request + --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") + --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") + --tls-hostname string the server name used to verify the hostname on the returned certificates from the server + --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") + --tls-verify enable TLS for request and verify remote ``` ### Options inherited from parent commands @@ -75,4 +76,4 @@ helm list [flags] [FILTER] ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 7-Aug-2018 diff --git a/docs/helm/helm_reset.md b/docs/helm/helm_reset.md index 507a94bfd..74d5ecc0e 100644 --- a/docs/helm/helm_reset.md +++ b/docs/helm/helm_reset.md @@ -18,13 +18,14 @@ helm reset ### Options ``` - -f, --force forces Tiller uninstall even if there are releases installed, or if Tiller is not in ready state. Releases are not deleted.) - --remove-helm-home if set deletes $HELM_HOME - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + -f, --force forces Tiller uninstall even if there are releases installed, or if Tiller is not in ready state. Releases are not deleted.) + --remove-helm-home if set deletes $HELM_HOME + --tls enable TLS for request + --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") + --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") + --tls-hostname string the server name used to verify the hostname on the returned certificates from the server + --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") + --tls-verify enable TLS for request and verify remote ``` ### Options inherited from parent commands @@ -42,4 +43,4 @@ helm reset ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 7-Aug-2018 diff --git a/docs/helm/helm_rollback.md b/docs/helm/helm_rollback.md index b40fb883a..40d3ad83b 100644 --- a/docs/helm/helm_rollback.md +++ b/docs/helm/helm_rollback.md @@ -20,18 +20,19 @@ helm rollback [flags] [RELEASE] [REVISION] ### Options ``` - --description string specify a description for the release - --dry-run simulate a rollback - --force force resource update through delete/recreate if needed - --no-hooks prevent hooks from running during rollback - --recreate-pods performs pods restart for the resource if applicable - --timeout int time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks) (default 300) - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote - --wait if set, will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment are in a ready state before marking the release as successful. It will wait for as long as --timeout + --description string specify a description for the release + --dry-run simulate a rollback + --force force resource update through delete/recreate if needed + --no-hooks prevent hooks from running during rollback + --recreate-pods performs pods restart for the resource if applicable + --timeout int time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks) (default 300) + --tls enable TLS for request + --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") + --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") + --tls-hostname string the server name used to verify the hostname on the returned certificates from the server + --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") + --tls-verify enable TLS for request and verify remote + --wait if set, will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment are in a ready state before marking the release as successful. It will wait for as long as --timeout ``` ### Options inherited from parent commands @@ -49,4 +50,4 @@ helm rollback [flags] [RELEASE] [REVISION] ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 7-Aug-2018 diff --git a/docs/helm/helm_status.md b/docs/helm/helm_status.md index 5317875e6..22b47c851 100644 --- a/docs/helm/helm_status.md +++ b/docs/helm/helm_status.md @@ -23,13 +23,14 @@ helm status [flags] RELEASE_NAME ### Options ``` - -o, --output string output the status in the specified format (json or yaml) - --revision int32 if set, display the status of the named release with revision - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + -o, --output string output the status in the specified format (json or yaml) + --revision int32 if set, display the status of the named release with revision + --tls enable TLS for request + --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") + --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") + --tls-hostname string the server name used to verify the hostname on the returned certificates from the server + --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") + --tls-verify enable TLS for request and verify remote ``` ### Options inherited from parent commands @@ -47,4 +48,4 @@ helm status [flags] RELEASE_NAME ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 7-Aug-2018 diff --git a/docs/helm/helm_test.md b/docs/helm/helm_test.md index 688b67a34..5a84c3b18 100644 --- a/docs/helm/helm_test.md +++ b/docs/helm/helm_test.md @@ -19,13 +19,14 @@ helm test [RELEASE] ### Options ``` - --cleanup delete test pods upon completion - --timeout int time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks) (default 300) - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + --cleanup delete test pods upon completion + --timeout int time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks) (default 300) + --tls enable TLS for request + --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") + --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") + --tls-hostname string the server name used to verify the hostname on the returned certificates from the server + --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") + --tls-verify enable TLS for request and verify remote ``` ### Options inherited from parent commands @@ -43,4 +44,4 @@ helm test [RELEASE] ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 7-Aug-2018 diff --git a/docs/helm/helm_upgrade.md b/docs/helm/helm_upgrade.md index ecd51e65c..679070233 100644 --- a/docs/helm/helm_upgrade.md +++ b/docs/helm/helm_upgrade.md @@ -62,6 +62,7 @@ helm upgrade [RELEASE] [CHART] --tls enable TLS for request --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") + --tls-hostname string the server name used to verify the hostname on the returned certificates from the server --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") --tls-verify enable TLS for request and verify remote --username string chart repository username where to locate the requested chart @@ -86,4 +87,4 @@ helm upgrade [RELEASE] [CHART] ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-May-2018 +###### Auto generated by spf13/cobra on 7-Aug-2018 diff --git a/docs/helm/helm_version.md b/docs/helm/helm_version.md index 61636c404..3db529120 100644 --- a/docs/helm/helm_version.md +++ b/docs/helm/helm_version.md @@ -30,15 +30,16 @@ helm version ### Options ``` - -c, --client client version only - -s, --server server version only - --short print the version number - --template string template for version string format - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + -c, --client client version only + -s, --server server version only + --short print the version number + --template string template for version string format + --tls enable TLS for request + --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") + --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") + --tls-hostname string the server name used to verify the hostname on the returned certificates from the server + --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") + --tls-verify enable TLS for request and verify remote ``` ### Options inherited from parent commands @@ -56,4 +57,4 @@ helm version ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 7-Aug-2018 diff --git a/docs/tiller_ssl.md b/docs/tiller_ssl.md index 6db195507..41e704653 100644 --- a/docs/tiller_ssl.md +++ b/docs/tiller_ssl.md @@ -284,6 +284,23 @@ the host name that Helm connects to matches the host name on the certificate. In some cases this is awkward, since Helm will connect over localhost, or the FQDN is not available for public resolution. +*If I use `--tls-verify` on the client, I get `Error: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs`* + +By default, the Helm client connects to Tiller via tunnel (i.e. kube proxy) at 127.0.0.1. During the TLS handshake, +a target, usually provided as a hostname (e.g. example.com), is checked against the subject and subject alternative +names of the certificate (i.e. hostname verficiation). However, because of the tunnel, the target is an IP address. +Therefore, to validate the certificate, the IP address 127.0.0.1 must be listed as an IP subject alternative name +(IP SAN) in the Tiller certificate. + +For example, to list 127.0.0.1 as an IP SAN when generating the Tiller certificate: + +```console +$ echo subjectAltName=IP:127.0.0.1 > extfile.cnf +$ openssl x509 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in tiller.csr.pem -out tiller.cert.pem -days 365 -extfile extfile.cnf +``` + +Alternatively, you can override the expected hostname of the tiller certificate using the `--tls-hostname` flag. + *If I use `--tls-verify` on the client, I get `Error: x509: certificate has expired or is not yet valid`* Your helm certificate has expired, you need to sign a new certificate using your private key and the CA (and consider increasing the number of days) diff --git a/pkg/tlsutil/cfg.go b/pkg/tlsutil/cfg.go index 408867db1..2c1dfd340 100644 --- a/pkg/tlsutil/cfg.go +++ b/pkg/tlsutil/cfg.go @@ -33,6 +33,9 @@ type Options struct { CertFile string // Client-only options InsecureSkipVerify bool + // Overrides the server name used to verify the hostname on the returned + // certificates from the server. + ServerName string // Server-only options ClientAuth tls.ClientAuthType } @@ -55,8 +58,12 @@ func ClientConfig(opts Options) (cfg *tls.Config, err error) { return nil, err } } - - cfg = &tls.Config{InsecureSkipVerify: opts.InsecureSkipVerify, Certificates: []tls.Certificate{*cert}, RootCAs: pool} + cfg = &tls.Config{ + InsecureSkipVerify: opts.InsecureSkipVerify, + Certificates: []tls.Certificate{*cert}, + ServerName: opts.ServerName, + RootCAs: pool, + } return cfg, nil } From 76f325322a2e76fca1c1ba9bec62a3fada173205 Mon Sep 17 00:00:00 2001 From: Matthew Fisher Date: Wed, 8 Aug 2018 11:02:39 -0700 Subject: [PATCH 02/12] bump version to v2.10 --- pkg/version/version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/version/version.go b/pkg/version/version.go index b2ea2c50f..c4ce4b381 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -26,7 +26,7 @@ var ( // Increment major number for new feature additions and behavioral changes. // Increment minor number for bug fixes and performance enhancements. // Increment patch number for critical fixes to existing releases. - Version = "v2.8" + Version = "v2.10" // BuildMetadata is extra build time data BuildMetadata = "unreleased" From c658639ccc96645286beb119ce2baa31c9512235 Mon Sep 17 00:00:00 2001 From: Martin Hickey Date: Fri, 10 Aug 2018 11:57:57 +0100 Subject: [PATCH 03/12] Add link to doc for Helm Stop plugin Link added to https://github.com/helm/helm/blob/master/docs/related.md#helm-plugins --- docs/related.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/related.md b/docs/related.md index bac9e899b..ca5fbf117 100644 --- a/docs/related.md +++ b/docs/related.md @@ -45,6 +45,7 @@ or [pull request](https://github.com/kubernetes/helm/pulls). - [helm-k8comp](https://github.com/cststack/k8comp) - Plugin to create Helm Charts from hiera using k8comp - [helm-hashtag](https://github.com/balboah/helm-hashtag) - Plugin for tracking docker tag hash digests as values - [helm-unittest](https://github.com/lrills/helm-unittest) - Plugin for unit testing chart locally with YAML +- [helm-stop](https://github.com/IBM/helm-stop) - Plugin for stopping a release pods We also encourage GitHub authors to use the [helm-plugin](https://github.com/search?q=topic%3Ahelm-plugin&type=Repositories) tag on their plugin repositories. From e8b003af9a4fd1f0dc9d3b4a3eae2fca422a2226 Mon Sep 17 00:00:00 2001 From: Matt Butcher Date: Fri, 10 Aug 2018 15:26:53 -0600 Subject: [PATCH 04/12] docs(alpine): quote release label value (#4460) Labels should be quoted so that values such as "true" or "1" are not interpolated to the wrong type. --- docs/examples/alpine/templates/alpine-pod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/examples/alpine/templates/alpine-pod.yaml b/docs/examples/alpine/templates/alpine-pod.yaml index da9caef78..41673d0fc 100644 --- a/docs/examples/alpine/templates/alpine-pod.yaml +++ b/docs/examples/alpine/templates/alpine-pod.yaml @@ -9,7 +9,7 @@ metadata: heritage: {{ .Release.Service }} # The "release" convention makes it easy to tie a release to all of the # Kubernetes resources that were created as part of that release. - release: {{ .Release.Name }} + release: {{ .Release.Name | quote }} # This makes it easy to audit chart usage. chart: {{ .Chart.Name }}-{{ .Chart.Version }} app: {{ template "alpine.name" . }} From 8f7c0079fe86319c7bca00624e39f49b3e67e2cd Mon Sep 17 00:00:00 2001 From: Matthew Fisher Date: Mon, 13 Aug 2018 09:26:40 -0700 Subject: [PATCH 05/12] sort links alphabetically --- docs/related.md | 75 +++++++++++++++++++++++++------------------------ 1 file changed, 38 insertions(+), 37 deletions(-) diff --git a/docs/related.md b/docs/related.md index ca5fbf117..ecd86f7e2 100644 --- a/docs/related.md +++ b/docs/related.md @@ -6,46 +6,47 @@ add to this list, please open an [issue](https://github.com/kubernetes/helm/issu or [pull request](https://github.com/kubernetes/helm/pulls). ## Article, Blogs, How-Tos, and Extra Documentation -- [Using Helm to Deploy to Kubernetes](https://daemonza.github.io/2017/02/20/using-helm-to-deploy-to-kubernetes/) -- [Honestbee's Helm Chart Conventions](https://gist.github.com/so0k/f927a4b60003cedd101a0911757c605a) + +- [Awesome Helm](https://github.com/cdwv/awesome-helm) - List of awesome Helm resources +- [CI/CD with Kubernetes, Helm & Wercker ](http://www.slideshare.net/Diacode/cicd-with-kubernetes-helm-wercker-madscalability) +- [Creating a Helm Plugin in 3 Steps](http://technosophos.com/2017/03/21/creating-a-helm-plugin.html) - [Deploying Kubernetes Applications with Helm](http://cloudacademy.com/blog/deploying-kubernetes-applications-with-helm/) +- [GitLab, Consumer Driven Contracts, Helm and Kubernetes](https://medium.com/@enxebre/gitlab-consumer-driven-contracts-helm-and-kubernetes-b7235a60a1cb#.xwp1y4tgi) +- [Honestbee's Helm Chart Conventions](https://gist.github.com/so0k/f927a4b60003cedd101a0911757c605a) - [Releasing backward-incompatible changes: Kubernetes, Jenkins, Prometheus Operator, Helm and Traefik](https://medium.com/@enxebre/releasing-backward-incompatible-changes-kubernetes-jenkins-plugin-prometheus-operator-helm-self-6263ca61a1b1#.e0c7elxhq) -- [CI/CD with Kubernetes, Helm & Wercker ](http://www.slideshare.net/Diacode/cicd-with-kubernetes-helm-wercker-madscalability) -- [The missing CI/CD Kubernetes component: Helm package manager](https://hackernoon.com/the-missing-ci-cd-kubernetes-component-helm-package-manager-1fe002aac680#.691sk2zhu) +- [The Missing CI/CD Kubernetes Component: Helm package manager](https://hackernoon.com/the-missing-ci-cd-kubernetes-component-helm-package-manager-1fe002aac680#.691sk2zhu) - [The Workflow "Umbrella" Helm Chart](https://deis.com/blog/2017/workflow-chart-assembly) -- [GitLab, Consumer Driven Contracts, Helm and Kubernetes](https://medium.com/@enxebre/gitlab-consumer-driven-contracts-helm-and-kubernetes-b7235a60a1cb#.xwp1y4tgi) +- [Using Helm to Deploy to Kubernetes](https://daemonza.github.io/2017/02/20/using-helm-to-deploy-to-kubernetes/) - [Writing a Helm Chart](https://www.influxdata.com/packaged-kubernetes-deployments-writing-helm-chart/) -- [Creating a Helm Plugin in 3 Steps](http://technosophos.com/2017/03/21/creating-a-helm-plugin.html) -- [Awesome Helm](https://github.com/cdwv/awesome-helm) - List of awesome Helm resources ## Video, Audio, and Podcast - [CI/CD with Jenkins, Kubernetes, and Helm](https://www.youtube.com/watch?v=NVoln4HdZOY): AKA "The Infamous Croc Hunter Video". -- [KubeCon2016: Delivering Kubernetes-Native Applications by Michelle Noorali](https://www.youtube.com/watch?v=zBc1goRfk3k&index=49&list=PLj6h78yzYM2PqgIGU1Qmi8nY7dqn9PCr4) - [Helm with Michelle Noorali and Matthew Butcher](https://gcppodcast.com/post/episode-50-helm-with-michelle-noorali-and-matthew-butcher/): The official Google CloudPlatform Podcast interviews Michelle and Matt about Helm. +- [KubeCon2016: Delivering Kubernetes-Native Applications by Michelle Noorali](https://www.youtube.com/watch?v=zBc1goRfk3k&index=49&list=PLj6h78yzYM2PqgIGU1Qmi8nY7dqn9PCr4) ## Helm Plugins -- [helm-tiller](https://github.com/adamreese/helm-tiller) - Additional commands to work with Tiller -- [Technosophos's Helm Plugins](https://github.com/technosophos/helm-plugins) - Plugins for GitHub, Keybase, and GPG -- [helm-template](https://github.com/technosophos/helm-template) - Debug/render templates client-side -- [Helm Value Store](https://github.com/skuid/helm-value-store) - Plugin for working with Helm deployment values -- [Helm Diff](https://github.com/databus23/helm-diff) - Preview `helm upgrade` as a coloured diff -- [helm-env](https://github.com/adamreese/helm-env) - Plugin to show current environment -- [helm-last](https://github.com/adamreese/helm-last) - Plugin to show the latest release -- [helm-nuke](https://github.com/adamreese/helm-nuke) - Plugin to destroy all releases -- [helm-local](https://github.com/adamreese/helm-local) - Plugin to run Tiller as a local daemon - [App Registry](https://github.com/app-registry/helm-plugin) - Plugin to manage charts via the [App Registry specification](https://github.com/app-registry/spec) -- [helm-secrets](https://github.com/futuresimple/helm-secrets) - Plugin to manage and store secrets safely +- [Helm Diff](https://github.com/databus23/helm-diff) - Preview `helm upgrade` as a coloured diff +- [Helm Value Store](https://github.com/skuid/helm-value-store) - Plugin for working with Helm deployment values +- [Technosophos's Helm Plugins](https://github.com/technosophos/helm-plugins) - Plugins for GitHub, Keybase, and GPG +- [helm-cos](https://github.com/imroc/helm-cos) - Plugin to manage repositories on Tencent Cloud Object Storage - [helm-edit](https://github.com/mstrzele/helm-edit) - Plugin for editing release's values +- [helm-env](https://github.com/adamreese/helm-env) - Plugin to show current environment - [helm-gcs](https://github.com/nouney/helm-gcs) - Plugin to manage repositories on Google Cloud Storage -- [helm-cos](https://github.com/imroc/helm-cos) - Plugin to manage repositories on Tencent Cloud Object Storage - [helm-github](https://github.com/sagansystems/helm-github) - Plugin to install Helm Charts from Github repositories -- [helm-monitor](https://github.com/ContainerSolutions/helm-monitor) - Plugin to monitor a release and rollback based on Prometheus/ElasticSearch query -- [helm-k8comp](https://github.com/cststack/k8comp) - Plugin to create Helm Charts from hiera using k8comp - [helm-hashtag](https://github.com/balboah/helm-hashtag) - Plugin for tracking docker tag hash digests as values -- [helm-unittest](https://github.com/lrills/helm-unittest) - Plugin for unit testing chart locally with YAML +- [helm-k8comp](https://github.com/cststack/k8comp) - Plugin to create Helm Charts from hiera using k8comp +- [helm-last](https://github.com/adamreese/helm-last) - Plugin to show the latest release +- [helm-local](https://github.com/adamreese/helm-local) - Plugin to run Tiller as a local daemon +- [helm-monitor](https://github.com/ContainerSolutions/helm-monitor) - Plugin to monitor a release and rollback based on Prometheus/ElasticSearch query +- [helm-nuke](https://github.com/adamreese/helm-nuke) - Plugin to destroy all releases +- [helm-secrets](https://github.com/futuresimple/helm-secrets) - Plugin to manage and store secrets safely - [helm-stop](https://github.com/IBM/helm-stop) - Plugin for stopping a release pods +- [helm-template](https://github.com/technosophos/helm-template) - Debug/render templates client-side +- [helm-tiller](https://github.com/adamreese/helm-tiller) - Additional commands to work with Tiller +- [helm-unittest](https://github.com/lrills/helm-unittest) - Plugin for unit testing chart locally with YAML We also encourage GitHub authors to use the [helm-plugin](https://github.com/search?q=topic%3Ahelm-plugin&type=Repositories) tag on their plugin repositories. @@ -55,33 +56,33 @@ tag on their plugin repositories. Tools layered on top of Helm or Tiller. - [AppsCode Swift](https://github.com/appscode/swift) - Ajax friendly Helm Tiller Proxy using [grpc-gateway](https://github.com/grpc-ecosystem/grpc-gateway) -- [Quay App Registry](https://coreos.com/blog/quay-application-registry-for-kubernetes.html) - Open Kubernetes application registry, including a Helm access client -- [Chartify](https://github.com/appscode/chartify) - Generate Helm charts from existing Kubernetes resources. -- [VIM-Kubernetes](https://github.com/andrewstuart/vim-kubernetes) - VIM plugin for Kubernetes and Helm -- [Landscaper](https://github.com/Eneco/landscaper/) - "Landscaper takes a set of Helm Chart references with values (a desired state), and realizes this in a Kubernetes cluster." -- [Rudder](https://github.com/AcalephStorage/rudder) - RESTful (JSON) proxy for Tiller's API -- [Helmfile](https://github.com/roboll/helmfile) - Helmfile is a declarative spec for deploying helm charts +- [Armada](https://github.com/att-comdev/armada) - Manage prefixed releases throughout various Kubernetes namespaces, and removes completed jobs for complex deployments. Used by the [Openstack-Helm](https://github.com/openstack/openstack-helm) team. - [Autohelm](https://github.com/reactiveops/autohelm) - Autohelm is _another_ simple declarative spec for deploying helm charts. Written in python and supports git urls as a source for helm charts. -- [Helmsman](https://github.com/Praqma/helmsman) - Helmsman is a helm-charts-as-code tool which enables installing/upgrading/protecting/moving/deleting releases from version controlled desired state files (described in a simple TOML format). -- [Schelm](https://github.com/databus23/schelm) - Render a Helm manifest to a directory -- [Drone.io Helm Plugin](http://plugins.drone.io/ipedrazas/drone-helm/) - Run Helm inside of the Drone CI/CD system +- [ChartMuseum](https://github.com/chartmuseum/chartmuseum) - Helm Chart Repository with support for Amazon S3 and Google Cloud Storage +- [Chartify](https://github.com/appscode/chartify) - Generate Helm charts from existing Kubernetes resources. +- [Codefresh](https://codefresh.io) - Kubernetes native CI/CD and management platform with UI dashboards for managing Helm charts and releases - [Cog](https://github.com/ohaiwalt/cog-helm) - Helm chart to deploy Cog on Kubernetes -- [Monocular](https://github.com/helm/monocular) - Web UI for Helm Chart repositories +- [Drone.io Helm Plugin](http://plugins.drone.io/ipedrazas/drone-helm/) - Run Helm inside of the Drone CI/CD system - [Helm Chart Publisher](https://github.com/luizbafilho/helm-chart-publisher) - HTTP API for publishing Helm Charts in an easy way -- [Armada](https://github.com/att-comdev/armada) - Manage prefixed releases throughout various Kubernetes namespaces, and removes completed jobs for complex deployments. Used by the [Openstack-Helm](https://github.com/openstack/openstack-helm) team. -- [ChartMuseum](https://github.com/chartmuseum/chartmuseum) - Helm Chart Repository with support for Amazon S3 and Google Cloud Storage - [Helm.NET](https://github.com/qmfrederik/helm) - A .NET client for Tiller's API -- [Codefresh](https://codefresh.io) - Kubernetes native CI/CD and management platform with UI dashboards for managing Helm charts and releases +- [Helmfile](https://github.com/roboll/helmfile) - Helmfile is a declarative spec for deploying helm charts +- [Helmsman](https://github.com/Praqma/helmsman) - Helmsman is a helm-charts-as-code tool which enables installing/upgrading/protecting/moving/deleting releases from version controlled desired state files (described in a simple TOML format). +- [Landscaper](https://github.com/Eneco/landscaper/) - "Landscaper takes a set of Helm Chart references with values (a desired state), and realizes this in a Kubernetes cluster." +- [Monocular](https://github.com/helm/monocular) - Web UI for Helm Chart repositories +- [Quay App Registry](https://coreos.com/blog/quay-application-registry-for-kubernetes.html) - Open Kubernetes application registry, including a Helm access client +- [Rudder](https://github.com/AcalephStorage/rudder) - RESTful (JSON) proxy for Tiller's API +- [Schelm](https://github.com/databus23/schelm) - Render a Helm manifest to a directory +- [VIM-Kubernetes](https://github.com/andrewstuart/vim-kubernetes) - VIM plugin for Kubernetes and Helm ## Helm Included Platforms, distributions, and services that include Helm support. -- [Kubernetic](https://kubernetic.com/) - Kubernetes Desktop Client - [Cabin](http://www.skippbox.com/cabin/) - Mobile App for Managing Kubernetes -- [Qstack](https://qstack.com) - [Fabric8](https://fabric8.io) - Integrated development platform for Kubernetes - [Jenkins X](http://jenkins-x.io/) - open source automated CI/CD for Kubernetes which uses Helm for [promoting](http://jenkins-x.io/about/features/#promotion) applications through [environments via GitOps](http://jenkins-x.io/about/features/#environments) +- [Kubernetic](https://kubernetic.com/) - Kubernetes Desktop Client +- [Qstack](https://qstack.com) ## Misc From 204f823b5eefe458b51a8d240cab611a06d03d84 Mon Sep 17 00:00:00 2001 From: muffin87 Date: Tue, 14 Aug 2018 19:13:02 +0200 Subject: [PATCH 06/12] Add basic tutorial for beginners (#4466) --- docs/related.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/related.md b/docs/related.md index ecd86f7e2..09501a598 100644 --- a/docs/related.md +++ b/docs/related.md @@ -18,6 +18,7 @@ or [pull request](https://github.com/kubernetes/helm/pulls). - [The Workflow "Umbrella" Helm Chart](https://deis.com/blog/2017/workflow-chart-assembly) - [Using Helm to Deploy to Kubernetes](https://daemonza.github.io/2017/02/20/using-helm-to-deploy-to-kubernetes/) - [Writing a Helm Chart](https://www.influxdata.com/packaged-kubernetes-deployments-writing-helm-chart/) +- [A basic walk through Kubernetes Helm](https://github.com/muffin87/helm-tutorial) ## Video, Audio, and Podcast From 38eb73760b44f25b517f6f2f3c48cbb7dc047bb8 Mon Sep 17 00:00:00 2001 From: Matt Tucker Date: Wed, 15 Aug 2018 15:03:18 -0600 Subject: [PATCH 07/12] fix(client): fix bug in list releases to append all releases --- pkg/helm/client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/helm/client.go b/pkg/helm/client.go index f9774392f..771c7f3d1 100644 --- a/pkg/helm/client.go +++ b/pkg/helm/client.go @@ -360,7 +360,7 @@ func (h *Client) list(ctx context.Context, req *rls.ListReleasesRequest) (*rls.L resp = r continue } - resp.Releases = append(resp.Releases, r.GetReleases()[0]) + resp.Releases = append(resp.Releases, r.GetReleases()...) } return resp, nil } From f15d65845019f549679d06e18db9ec7ce7686922 Mon Sep 17 00:00:00 2001 From: Alexey Volkov Date: Thu, 16 Aug 2018 01:31:40 +0300 Subject: [PATCH 08/12] fix: link to custom resource definitions section --- docs/chart_best_practices/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/chart_best_practices/README.md b/docs/chart_best_practices/README.md index 58cc65407..1160dc287 100644 --- a/docs/chart_best_practices/README.md +++ b/docs/chart_best_practices/README.md @@ -17,5 +17,5 @@ may find that their internal interests override our suggestions here. - Kubernetes Resources: - [Pods and Pod Specs](pods.md): See the best practices for working with pod specifications. - [Role-Based Access Control](rbac.md): Guidance on creating and using service accounts, roles, and role bindings. - - [Third Party Resources](third_party_resources.md): Third Party Resources (TPRs) have their own associated best practices. + - [Custom Resource Definitions](custom_resource_definitions.md): Custom Resource Definitions (CRDs) have their own associated best practices. From a8229323cd88bf8b4c457bf7b2a4b0d93f81f349 Mon Sep 17 00:00:00 2001 From: Matt Farina Date: Thu, 16 Aug 2018 13:28:08 -0400 Subject: [PATCH 09/12] docs(README): Updating for Helm in CNCF Signed-off-by: Matt Farina --- README.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 6a35c3f4d..018099e01 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,16 @@ -# Kubernetes Helm +# Helm [![CircleCI](https://circleci.com/gh/helm/helm.svg?style=svg)](https://circleci.com/gh/helm/helm) [![Go Report Card](https://goreportcard.com/badge/github.com/helm/helm)](https://goreportcard.com/report/github.com/helm/helm) -[![GoDoc](https://godoc.org/github.com/kubernetes/helm?status.svg)](https://godoc.org/github.com/kubernetes/helm) +[![GoDoc](https://godoc.org/k8s.io/helm?status.svg)](https://godoc.org/k8s.io/helm) Helm is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources. Use Helm to: -- Find and use [popular software packaged as Kubernetes charts](https://github.com/helm/charts) -- Share your own applications as Kubernetes charts +- Find and use [popular software packaged as Helm charts](https://github.com/helm/charts) to run in Kubernetes +- Share your own applications as Helm charts - Create reproducible builds of your Kubernetes applications - Intelligently manage your Kubernetes manifest files - Manage releases of Helm packages @@ -63,11 +63,10 @@ You can reach the Helm community and developers via the following channels: - [#helm-users](https://kubernetes.slack.com/messages/helm-users) - [#helm-dev](https://kubernetes.slack.com/messages/helm-dev) - [#charts](https://kubernetes.slack.com/messages/charts) -- Mailing Lists: - - [Helm Mailing List](https://lists.cncf.io/g/cncf-kubernetes-helm) - - [Kubernetes SIG Apps Mailing List](https://groups.google.com/forum/#!forum/kubernetes-sig-apps) -- Developer Call: Thursdays at 9:30-10:00 Pacific. [https://zoom.us/j/4526666954](https://zoom.us/j/4526666954) +- Mailing List: + - [Helm Mailing List](https://lists.cncf.io/g/cncf-helm) +- Developer Call: Thursdays at 9:30-10:00 Pacific. [https://zoom.us/j/696660622](https://zoom.us/j/696660622) ### Code of conduct -Participation in the Kubernetes community is governed by the [Kubernetes Code of Conduct](code-of-conduct.md). +Participation in the Helm community is governed by the [Code of Conduct](code-of-conduct.md). From 1ed6ffbdb08ab3c617ebe9b042a959a7aa098f49 Mon Sep 17 00:00:00 2001 From: Nick Schuch Date: Fri, 17 Aug 2018 13:23:19 +1000 Subject: [PATCH 10/12] Update zoom.us link --- README.md | 2 +- docs/release_checklist.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6a35c3f4d..8e8f87d65 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ You can reach the Helm community and developers via the following channels: - Mailing Lists: - [Helm Mailing List](https://lists.cncf.io/g/cncf-kubernetes-helm) - [Kubernetes SIG Apps Mailing List](https://groups.google.com/forum/#!forum/kubernetes-sig-apps) -- Developer Call: Thursdays at 9:30-10:00 Pacific. [https://zoom.us/j/4526666954](https://zoom.us/j/4526666954) +- Developer Call: Thursdays at 9:30-10:00 Pacific. [https://zoom.us/j/696660622](https://zoom.us/j/696660622) ### Code of conduct diff --git a/docs/release_checklist.md b/docs/release_checklist.md index fcd3429ad..96d7e5625 100644 --- a/docs/release_checklist.md +++ b/docs/release_checklist.md @@ -223,7 +223,7 @@ The community keeps growing, and we'd love to see you there! - Join the discussion in [Kubernetes Slack](https://slack.k8s.io/): - `#helm-users` for questions and just to hang out - `#helm-dev` for discussing PRs, code, and bugs -- Hang out at the Public Developer Call: Thursday, 9:30 Pacific via [Zoom](https://zoom.us/j/4526666954) +- Hang out at the Public Developer Call: Thursday, 9:30 Pacific via [Zoom](https://zoom.us/j/696660622) - Test, debug, and contribute charts: [GitHub/kubernetes/charts](https://github.com/kubernetes/charts) ## Installation and Upgrading From d92939119993174ae264dfec06db7cb1b07e37c9 Mon Sep 17 00:00:00 2001 From: Jon Huhn Date: Fri, 17 Aug 2018 09:34:59 -0500 Subject: [PATCH 11/12] Fix typo in parser.go --- pkg/strvals/parser.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/strvals/parser.go b/pkg/strvals/parser.go index 1fd9ab81e..532a8c4ac 100644 --- a/pkg/strvals/parser.go +++ b/pkg/strvals/parser.go @@ -94,7 +94,7 @@ func ParseIntoFile(s string, dest map[string]interface{}, runesToVal runesToVal) return t.parse() } -// ParseIntoString parses a strvals line nad merges the result into dest. +// ParseIntoString parses a strvals line and merges the result into dest. // // This method always returns a string as the value. func ParseIntoString(s string, dest map[string]interface{}) error { From c15a355da75570b74ad3b93ba70a7c38702169af Mon Sep 17 00:00:00 2001 From: Matthew Fisher Date: Fri, 17 Aug 2018 13:09:24 -0700 Subject: [PATCH 12/12] strip out all extra lines other than the first for parsing --- scripts/get | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/get b/scripts/get index 79dd69500..29cd47e1a 100755 --- a/scripts/get +++ b/scripts/get @@ -78,9 +78,9 @@ checkDesiredVersion() { # Use the GitHub releases webpage for the project to find the desired version for this project. local release_url="https://github.com/helm/helm/releases/${DESIRED_VERSION:-latest}" if type "curl" > /dev/null; then - TAG=$(curl -SsL $release_url | awk '/\/tag\//' | grep -v no-underline | cut -d '"' -f 2 | awk '{n=split($NF,a,"/");print a[n]}' | awk 'a !~ $0{print}; {a=$0}') + TAG=$(curl -SsL $release_url | awk '/\/tag\//' | grep -v no-underline | head -n 1 | cut -d '"' -f 2 | awk '{n=split($NF,a,"/");print a[n]}' | awk 'a !~ $0{print}; {a=$0}') elif type "wget" > /dev/null; then - TAG=$(wget -q -O - $release_url | awk '/\/tag\//' | grep -v no-underline | cut -d '"' -f 2 | awk '{n=split($NF,a,"/");print a[n]}' | awk 'a !~ $0{print}; {a=$0}') + TAG=$(wget -q -O - $release_url | awk '/\/tag\//' | grep -v no-underline | head -n 1 | cut -d '"' -f 2 | awk '{n=split($NF,a,"/");print a[n]}' | awk 'a !~ $0{print}; {a=$0}') fi if [ "x$TAG" == "x" ]; then echo "Cannot determine ${DESIRED_VERSION} tag."