Merge branch 'master' into update-labels

README.md

@@ -1,16 +1,16 @@
-# Kubernetes Helm
+# Helm
 
 [![CircleCI](https://circleci.com/gh/helm/helm.svg?style=svg)](https://circleci.com/gh/helm/helm)
 [![Go Report Card](https://goreportcard.com/badge/github.com/helm/helm)](https://goreportcard.com/report/github.com/helm/helm)
-[![GoDoc](https://godoc.org/github.com/kubernetes/helm?status.svg)](https://godoc.org/github.com/kubernetes/helm)
+[![GoDoc](https://godoc.org/k8s.io/helm?status.svg)](https://godoc.org/k8s.io/helm)
 
 Helm is a tool for managing Kubernetes charts. Charts are packages of
 pre-configured Kubernetes resources.
 
 Use Helm to:
 
-- Find and use [popular software packaged as Kubernetes charts](https://github.com/helm/charts)
+- Find and use [popular software packaged as Helm charts](https://github.com/helm/charts) to run in Kubernetes
-- Share your own applications as Kubernetes charts
+- Share your own applications as Helm charts
 - Create reproducible builds of your Kubernetes applications
 - Intelligently manage your Kubernetes manifest files
 - Manage releases of Helm packages
@@ -63,11 +63,10 @@ You can reach the Helm community and developers via the following channels:
   - [#helm-users](https://kubernetes.slack.com/messages/helm-users)
   - [#helm-dev](https://kubernetes.slack.com/messages/helm-dev)
   - [#charts](https://kubernetes.slack.com/messages/charts)
-- Mailing Lists:
+- Mailing List:
-  - [Helm Mailing List](https://lists.cncf.io/g/cncf-kubernetes-helm)
+  - [Helm Mailing List](https://lists.cncf.io/g/cncf-helm)
-  - [Kubernetes SIG Apps Mailing List](https://groups.google.com/forum/#!forum/kubernetes-sig-apps)
+- Developer Call: Thursdays at 9:30-10:00 Pacific. [https://zoom.us/j/696660622](https://zoom.us/j/696660622)
-- Developer Call: Thursdays at 9:30-10:00 Pacific. [https://zoom.us/j/4526666954](https://zoom.us/j/4526666954)
 
 ### Code of conduct
 
-Participation in the Kubernetes community is governed by the [Kubernetes Code of Conduct](code-of-conduct.md).
+Participation in the Helm community is governed by the [Code of Conduct](code-of-conduct.md).

cmd/helm/helm.go

@@ -40,6 +40,7 @@ import (
 )
 
 var (
+	tlsServerName string // overrides the server name used to verify the hostname on the returned certificates from the server.
 	tlsCaCertFile string // path to TLS CA certificate file
 	tlsCertFile   string // path to TLS certificate file
 	tlsKeyFile    string // path to TLS key file
@@ -285,8 +286,13 @@ func newClient() helm.Interface {
 		if tlsKeyFile == "" {
 			tlsKeyFile = settings.Home.TLSKey()
 		}
-		debug("Key=%q, Cert=%q, CA=%q\n", tlsKeyFile, tlsCertFile, tlsCaCertFile)
+		debug("Host=%q, Key=%q, Cert=%q, CA=%q\n", tlsKeyFile, tlsCertFile, tlsCaCertFile)
-		tlsopts := tlsutil.Options{KeyFile: tlsKeyFile, CertFile: tlsCertFile, InsecureSkipVerify: true}
+		tlsopts := tlsutil.Options{
+			ServerName:         tlsServerName,
+			KeyFile:            tlsKeyFile,
+			CertFile:           tlsCertFile,
+			InsecureSkipVerify: true,
+		}
 		if tlsVerify {
 			tlsopts.CaCertFile = tlsCaCertFile
 			tlsopts.InsecureSkipVerify = false
@@ -306,6 +312,7 @@ func newClient() helm.Interface {
 func addFlagsTLS(cmd *cobra.Command) *cobra.Command {
 
 	// add flags
+	cmd.Flags().StringVar(&tlsServerName, "tls-hostname", settings.TillerHost, "the server name used to verify the hostname on the returned certificates from the server")
 	cmd.Flags().StringVar(&tlsCaCertFile, "tls-ca-cert", tlsCaCertDefault, "path to TLS CA certificate file")
 	cmd.Flags().StringVar(&tlsCertFile, "tls-cert", tlsCertDefault, "path to TLS certificate file")
 	cmd.Flags().StringVar(&tlsKeyFile, "tls-key", tlsKeyDefault, "path to TLS key file")

docs/chart_best_practices/README.md

@@ -17,5 +17,5 @@ may find that their internal interests override our suggestions here.
 - Kubernetes Resources:
 	- [Pods and Pod Specs](pods.md): See the best practices for working with pod specifications.
 	- [Role-Based Access Control](rbac.md): Guidance on creating and using service accounts, roles, and role bindings.
-	- [Third Party Resources](third_party_resources.md): Third Party Resources (TPRs) have their own associated best practices.
+	- [Custom Resource Definitions](custom_resource_definitions.md): Custom Resource Definitions (CRDs) have their own associated best practices.
 

docs/examples/alpine/templates/alpine-pod.yaml

@@ -9,7 +9,7 @@ metadata:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     # The "app.kubernetes.io/instance" convention makes it easy to tie a release to all of the
     # Kubernetes resources that were created as part of that release.
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
     # This makes it easy to audit chart usage.
     helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
     app.kubernetes.io/name: {{ template "alpine.name" . }}

docs/helm/helm_delete.md

@@ -28,6 +28,7 @@ helm delete [flags] RELEASE_NAME [...]
       --tls                   enable TLS for request
       --tls-ca-cert string    path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
       --tls-cert string       path to TLS certificate file (default "$HELM_HOME/cert.pem")
+      --tls-hostname string   the server name used to verify the hostname on the returned certificates from the server
       --tls-key string        path to TLS key file (default "$HELM_HOME/key.pem")
       --tls-verify            enable TLS for request and verify remote
 ```
@@ -47,4 +48,4 @@ helm delete [flags] RELEASE_NAME [...]
 ### SEE ALSO
 * [helm](helm.md)	 - The Helm package manager for Kubernetes.
 
-###### Auto generated by spf13/cobra on 17-Jun-2018
+###### Auto generated by spf13/cobra on 7-Aug-2018

docs/helm/helm_get.md

@@ -29,6 +29,7 @@ helm get [flags] RELEASE_NAME
       --tls                   enable TLS for request
       --tls-ca-cert string    path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
       --tls-cert string       path to TLS certificate file (default "$HELM_HOME/cert.pem")
+      --tls-hostname string   the server name used to verify the hostname on the returned certificates from the server
       --tls-key string        path to TLS key file (default "$HELM_HOME/key.pem")
       --tls-verify            enable TLS for request and verify remote
 ```
@@ -51,4 +52,4 @@ helm get [flags] RELEASE_NAME
 * [helm get manifest](helm_get_manifest.md)	 - download the manifest for a named release
 * [helm get values](helm_get_values.md)	 - download the values file for a named release
 
-###### Auto generated by spf13/cobra on 17-Jun-2018
+###### Auto generated by spf13/cobra on 7-Aug-2018

docs/helm/helm_get_hooks.md

@@ -22,6 +22,7 @@ helm get hooks [flags] RELEASE_NAME
       --tls                   enable TLS for request
       --tls-ca-cert string    path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
       --tls-cert string       path to TLS certificate file (default "$HELM_HOME/cert.pem")
+      --tls-hostname string   the server name used to verify the hostname on the returned certificates from the server
       --tls-key string        path to TLS key file (default "$HELM_HOME/key.pem")
       --tls-verify            enable TLS for request and verify remote
 ```
@@ -41,4 +42,4 @@ helm get hooks [flags] RELEASE_NAME
 ### SEE ALSO
 * [helm get](helm_get.md)	 - download a named release
 
-###### Auto generated by spf13/cobra on 17-Jun-2018
+###### Auto generated by spf13/cobra on 7-Aug-2018

docs/helm/helm_get_manifest.md

@@ -24,6 +24,7 @@ helm get manifest [flags] RELEASE_NAME
       --tls                   enable TLS for request
       --tls-ca-cert string    path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
       --tls-cert string       path to TLS certificate file (default "$HELM_HOME/cert.pem")
+      --tls-hostname string   the server name used to verify the hostname on the returned certificates from the server
       --tls-key string        path to TLS key file (default "$HELM_HOME/key.pem")
       --tls-verify            enable TLS for request and verify remote
 ```
@@ -43,4 +44,4 @@ helm get manifest [flags] RELEASE_NAME
 ### SEE ALSO
 * [helm get](helm_get.md)	 - download a named release
 
-###### Auto generated by spf13/cobra on 17-Jun-2018
+###### Auto generated by spf13/cobra on 7-Aug-2018

docs/helm/helm_get_values.md

@@ -21,6 +21,7 @@ helm get values [flags] RELEASE_NAME
       --tls                   enable TLS for request
       --tls-ca-cert string    path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
       --tls-cert string       path to TLS certificate file (default "$HELM_HOME/cert.pem")
+      --tls-hostname string   the server name used to verify the hostname on the returned certificates from the server
       --tls-key string        path to TLS key file (default "$HELM_HOME/key.pem")
       --tls-verify            enable TLS for request and verify remote
 ```
@@ -40,4 +41,4 @@ helm get values [flags] RELEASE_NAME
 ### SEE ALSO
 * [helm get](helm_get.md)	 - download a named release
 
-###### Auto generated by spf13/cobra on 17-Jun-2018
+###### Auto generated by spf13/cobra on 7-Aug-2018

docs/helm/helm_history.md

@@ -34,6 +34,7 @@ helm history [flags] RELEASE_NAME
       --tls                   enable TLS for request
       --tls-ca-cert string    path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
       --tls-cert string       path to TLS certificate file (default "$HELM_HOME/cert.pem")
+      --tls-hostname string   the server name used to verify the hostname on the returned certificates from the server
       --tls-key string        path to TLS key file (default "$HELM_HOME/key.pem")
       --tls-verify            enable TLS for request and verify remote
 ```
@@ -53,4 +54,4 @@ helm history [flags] RELEASE_NAME
 ### SEE ALSO
 * [helm](helm.md)	 - The Helm package manager for Kubernetes.
 
-###### Auto generated by spf13/cobra on 17-Jun-2018
+###### Auto generated by spf13/cobra on 7-Aug-2018

docs/helm/helm_install.md

@@ -102,6 +102,7 @@ helm install [CHART]
       --tls                      enable TLS for request
       --tls-ca-cert string       path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
       --tls-cert string          path to TLS certificate file (default "$HELM_HOME/cert.pem")
+      --tls-hostname string      the server name used to verify the hostname on the returned certificates from the server
       --tls-key string           path to TLS key file (default "$HELM_HOME/key.pem")
       --tls-verify               enable TLS for request and verify remote
       --username string          chart repository username where to locate the requested chart
@@ -126,4 +127,4 @@ helm install [CHART]
 ### SEE ALSO
 * [helm](helm.md)	 - The Helm package manager for Kubernetes.
 
-###### Auto generated by spf13/cobra on 17-Jul-2018
+###### Auto generated by spf13/cobra on 7-Aug-2018

docs/helm/helm_list.md

@@ -56,6 +56,7 @@ helm list [flags] [FILTER]
       --tls                   enable TLS for request
       --tls-ca-cert string    path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
       --tls-cert string       path to TLS certificate file (default "$HELM_HOME/cert.pem")
+      --tls-hostname string   the server name used to verify the hostname on the returned certificates from the server
       --tls-key string        path to TLS key file (default "$HELM_HOME/key.pem")
       --tls-verify            enable TLS for request and verify remote
 ```
@@ -75,4 +76,4 @@ helm list [flags] [FILTER]
 ### SEE ALSO
 * [helm](helm.md)	 - The Helm package manager for Kubernetes.
 
-###### Auto generated by spf13/cobra on 17-Jun-2018
+###### Auto generated by spf13/cobra on 7-Aug-2018

docs/helm/helm_reset.md

@@ -23,6 +23,7 @@ helm reset
       --tls                   enable TLS for request
       --tls-ca-cert string    path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
       --tls-cert string       path to TLS certificate file (default "$HELM_HOME/cert.pem")
+      --tls-hostname string   the server name used to verify the hostname on the returned certificates from the server
       --tls-key string        path to TLS key file (default "$HELM_HOME/key.pem")
       --tls-verify            enable TLS for request and verify remote
 ```
@@ -42,4 +43,4 @@ helm reset
 ### SEE ALSO
 * [helm](helm.md)	 - The Helm package manager for Kubernetes.
 
-###### Auto generated by spf13/cobra on 17-Jun-2018
+###### Auto generated by spf13/cobra on 7-Aug-2018

docs/helm/helm_rollback.md

@@ -29,6 +29,7 @@ helm rollback [flags] [RELEASE] [REVISION]
       --tls                   enable TLS for request
       --tls-ca-cert string    path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
       --tls-cert string       path to TLS certificate file (default "$HELM_HOME/cert.pem")
+      --tls-hostname string   the server name used to verify the hostname on the returned certificates from the server
       --tls-key string        path to TLS key file (default "$HELM_HOME/key.pem")
       --tls-verify            enable TLS for request and verify remote
       --wait                  if set, will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment are in a ready state before marking the release as successful. It will wait for as long as --timeout
@@ -49,4 +50,4 @@ helm rollback [flags] [RELEASE] [REVISION]
 ### SEE ALSO
 * [helm](helm.md)	 - The Helm package manager for Kubernetes.
 
-###### Auto generated by spf13/cobra on 17-Jun-2018
+###### Auto generated by spf13/cobra on 7-Aug-2018

docs/helm/helm_status.md

@@ -28,6 +28,7 @@ helm status [flags] RELEASE_NAME
       --tls                   enable TLS for request
       --tls-ca-cert string    path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
       --tls-cert string       path to TLS certificate file (default "$HELM_HOME/cert.pem")
+      --tls-hostname string   the server name used to verify the hostname on the returned certificates from the server
       --tls-key string        path to TLS key file (default "$HELM_HOME/key.pem")
       --tls-verify            enable TLS for request and verify remote
 ```
@@ -47,4 +48,4 @@ helm status [flags] RELEASE_NAME
 ### SEE ALSO
 * [helm](helm.md)	 - The Helm package manager for Kubernetes.
 
-###### Auto generated by spf13/cobra on 17-Jun-2018
+###### Auto generated by spf13/cobra on 7-Aug-2018

docs/helm/helm_test.md

@@ -24,6 +24,7 @@ helm test [RELEASE]
       --tls                   enable TLS for request
       --tls-ca-cert string    path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
       --tls-cert string       path to TLS certificate file (default "$HELM_HOME/cert.pem")
+      --tls-hostname string   the server name used to verify the hostname on the returned certificates from the server
       --tls-key string        path to TLS key file (default "$HELM_HOME/key.pem")
       --tls-verify            enable TLS for request and verify remote
 ```
@@ -43,4 +44,4 @@ helm test [RELEASE]
 ### SEE ALSO
 * [helm](helm.md)	 - The Helm package manager for Kubernetes.
 
-###### Auto generated by spf13/cobra on 17-Jun-2018
+###### Auto generated by spf13/cobra on 7-Aug-2018

docs/helm/helm_upgrade.md

@@ -62,6 +62,7 @@ helm upgrade [RELEASE] [CHART]
       --tls                      enable TLS for request
       --tls-ca-cert string       path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
       --tls-cert string          path to TLS certificate file (default "$HELM_HOME/cert.pem")
+      --tls-hostname string      the server name used to verify the hostname on the returned certificates from the server
       --tls-key string           path to TLS key file (default "$HELM_HOME/key.pem")
       --tls-verify               enable TLS for request and verify remote
       --username string          chart repository username where to locate the requested chart
@@ -86,4 +87,4 @@ helm upgrade [RELEASE] [CHART]
 ### SEE ALSO
 * [helm](helm.md)	 - The Helm package manager for Kubernetes.
 
-###### Auto generated by spf13/cobra on 17-May-2018
+###### Auto generated by spf13/cobra on 7-Aug-2018

docs/helm/helm_version.md

@@ -37,6 +37,7 @@ helm version
       --tls                   enable TLS for request
       --tls-ca-cert string    path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
       --tls-cert string       path to TLS certificate file (default "$HELM_HOME/cert.pem")
+      --tls-hostname string   the server name used to verify the hostname on the returned certificates from the server
       --tls-key string        path to TLS key file (default "$HELM_HOME/key.pem")
       --tls-verify            enable TLS for request and verify remote
 ```
@@ -56,4 +57,4 @@ helm version
 ### SEE ALSO
 * [helm](helm.md)	 - The Helm package manager for Kubernetes.
 
-###### Auto generated by spf13/cobra on 17-Jun-2018
+###### Auto generated by spf13/cobra on 7-Aug-2018

docs/related.md

@@ -6,44 +6,47 @@ add to this list, please open an [issue](https://github.com/kubernetes/helm/issu
 or [pull request](https://github.com/kubernetes/helm/pulls).
 
 ## Article, Blogs, How-Tos, and Extra Documentation
-- [Using Helm to Deploy to Kubernetes](https://daemonza.github.io/2017/02/20/using-helm-to-deploy-to-kubernetes/)
+
-- [Honestbee's Helm Chart Conventions](https://gist.github.com/so0k/f927a4b60003cedd101a0911757c605a)
+- [Awesome Helm](https://github.com/cdwv/awesome-helm) - List of awesome Helm resources
+- [CI/CD with Kubernetes, Helm & Wercker ](http://www.slideshare.net/Diacode/cicd-with-kubernetes-helm-wercker-madscalability)
+- [Creating a Helm Plugin in 3 Steps](http://technosophos.com/2017/03/21/creating-a-helm-plugin.html)
 - [Deploying Kubernetes Applications with Helm](http://cloudacademy.com/blog/deploying-kubernetes-applications-with-helm/)
+- [GitLab, Consumer Driven Contracts, Helm and Kubernetes](https://medium.com/@enxebre/gitlab-consumer-driven-contracts-helm-and-kubernetes-b7235a60a1cb#.xwp1y4tgi)
+- [Honestbee's Helm Chart Conventions](https://gist.github.com/so0k/f927a4b60003cedd101a0911757c605a)
 - [Releasing backward-incompatible changes: Kubernetes, Jenkins, Prometheus Operator, Helm and Traefik](https://medium.com/@enxebre/releasing-backward-incompatible-changes-kubernetes-jenkins-plugin-prometheus-operator-helm-self-6263ca61a1b1#.e0c7elxhq)
-- [CI/CD with Kubernetes, Helm & Wercker ](http://www.slideshare.net/Diacode/cicd-with-kubernetes-helm-wercker-madscalability)
+- [The Missing CI/CD Kubernetes Component: Helm package manager](https://hackernoon.com/the-missing-ci-cd-kubernetes-component-helm-package-manager-1fe002aac680#.691sk2zhu)
-- [The missing CI/CD Kubernetes component: Helm package manager](https://hackernoon.com/the-missing-ci-cd-kubernetes-component-helm-package-manager-1fe002aac680#.691sk2zhu)
 - [The Workflow "Umbrella" Helm Chart](https://deis.com/blog/2017/workflow-chart-assembly)
-- [GitLab, Consumer Driven Contracts, Helm and Kubernetes](https://medium.com/@enxebre/gitlab-consumer-driven-contracts-helm-and-kubernetes-b7235a60a1cb#.xwp1y4tgi)
+- [Using Helm to Deploy to Kubernetes](https://daemonza.github.io/2017/02/20/using-helm-to-deploy-to-kubernetes/)
 - [Writing a Helm Chart](https://www.influxdata.com/packaged-kubernetes-deployments-writing-helm-chart/)
-- [Creating a Helm Plugin in 3 Steps](http://technosophos.com/2017/03/21/creating-a-helm-plugin.html)
+- [A basic walk through Kubernetes Helm](https://github.com/muffin87/helm-tutorial)
-- [Awesome Helm](https://github.com/cdwv/awesome-helm) - List of awesome Helm resources
 
 ## Video, Audio, and Podcast
 
 - [CI/CD with Jenkins, Kubernetes, and Helm](https://www.youtube.com/watch?v=NVoln4HdZOY): AKA "The Infamous Croc Hunter Video".
-- [KubeCon2016: Delivering Kubernetes-Native Applications by Michelle Noorali](https://www.youtube.com/watch?v=zBc1goRfk3k&index=49&list=PLj6h78yzYM2PqgIGU1Qmi8nY7dqn9PCr4)
 - [Helm with Michelle Noorali and Matthew Butcher](https://gcppodcast.com/post/episode-50-helm-with-michelle-noorali-and-matthew-butcher/): The official Google CloudPlatform Podcast interviews Michelle and Matt about Helm.
+- [KubeCon2016: Delivering Kubernetes-Native Applications by Michelle Noorali](https://www.youtube.com/watch?v=zBc1goRfk3k&index=49&list=PLj6h78yzYM2PqgIGU1Qmi8nY7dqn9PCr4)
 
 ## Helm Plugins
 
-- [helm-tiller](https://github.com/adamreese/helm-tiller) - Additional commands to work with Tiller
-- [Technosophos's Helm Plugins](https://github.com/technosophos/helm-plugins) - Plugins for GitHub, Keybase, and GPG
-- [helm-template](https://github.com/technosophos/helm-template) - Debug/render templates client-side
-- [Helm Value Store](https://github.com/skuid/helm-value-store) - Plugin for working with Helm deployment values
-- [Helm Diff](https://github.com/databus23/helm-diff) - Preview `helm upgrade` as a coloured diff
-- [helm-env](https://github.com/adamreese/helm-env) - Plugin to show current environment
-- [helm-last](https://github.com/adamreese/helm-last) - Plugin to show the latest release
-- [helm-nuke](https://github.com/adamreese/helm-nuke) - Plugin to destroy all releases
-- [helm-local](https://github.com/adamreese/helm-local) - Plugin to run Tiller as a local daemon
 - [App Registry](https://github.com/app-registry/helm-plugin) - Plugin to manage charts via the [App Registry specification](https://github.com/app-registry/spec)
-- [helm-secrets](https://github.com/futuresimple/helm-secrets) - Plugin to manage and store secrets safely
+- [Helm Diff](https://github.com/databus23/helm-diff) - Preview `helm upgrade` as a coloured diff
+- [Helm Value Store](https://github.com/skuid/helm-value-store) - Plugin for working with Helm deployment values
+- [Technosophos's Helm Plugins](https://github.com/technosophos/helm-plugins) - Plugins for GitHub, Keybase, and GPG
+- [helm-cos](https://github.com/imroc/helm-cos) - Plugin to manage repositories on Tencent Cloud Object Storage
 - [helm-edit](https://github.com/mstrzele/helm-edit) - Plugin for editing release's values
+- [helm-env](https://github.com/adamreese/helm-env) - Plugin to show current environment
 - [helm-gcs](https://github.com/nouney/helm-gcs) - Plugin to manage repositories on Google Cloud Storage
-- [helm-cos](https://github.com/imroc/helm-cos) - Plugin to manage repositories on Tencent Cloud Object Storage
 - [helm-github](https://github.com/sagansystems/helm-github) - Plugin to install Helm Charts from Github repositories
-- [helm-monitor](https://github.com/ContainerSolutions/helm-monitor) - Plugin to monitor a release and rollback based on Prometheus/ElasticSearch query
-- [helm-k8comp](https://github.com/cststack/k8comp) - Plugin to create Helm Charts from hiera using k8comp
 - [helm-hashtag](https://github.com/balboah/helm-hashtag) - Plugin for tracking docker tag hash digests as values
+- [helm-k8comp](https://github.com/cststack/k8comp) - Plugin to create Helm Charts from hiera using k8comp
+- [helm-last](https://github.com/adamreese/helm-last) - Plugin to show the latest release
+- [helm-local](https://github.com/adamreese/helm-local) - Plugin to run Tiller as a local daemon
+- [helm-monitor](https://github.com/ContainerSolutions/helm-monitor) - Plugin to monitor a release and rollback based on Prometheus/ElasticSearch query
+- [helm-nuke](https://github.com/adamreese/helm-nuke) - Plugin to destroy all releases
+- [helm-secrets](https://github.com/futuresimple/helm-secrets) - Plugin to manage and store secrets safely
+- [helm-stop](https://github.com/IBM/helm-stop) - Plugin for stopping a release pods
+- [helm-template](https://github.com/technosophos/helm-template) - Debug/render templates client-side
+- [helm-tiller](https://github.com/adamreese/helm-tiller) - Additional commands to work with Tiller
 - [helm-unittest](https://github.com/lrills/helm-unittest) - Plugin for unit testing chart locally with YAML
 
 We also encourage GitHub authors to use the [helm-plugin](https://github.com/search?q=topic%3Ahelm-plugin&type=Repositories)
@@ -54,33 +57,33 @@ tag on their plugin repositories.
 Tools layered on top of Helm or Tiller.
 
 - [AppsCode Swift](https://github.com/appscode/swift) - Ajax friendly Helm Tiller Proxy using [grpc-gateway](https://github.com/grpc-ecosystem/grpc-gateway)
-- [Quay App Registry](https://coreos.com/blog/quay-application-registry-for-kubernetes.html) - Open Kubernetes application registry, including a Helm access client
+- [Armada](https://github.com/att-comdev/armada) - Manage prefixed releases throughout various Kubernetes namespaces, and removes completed jobs for complex deployments. Used by the [Openstack-Helm](https://github.com/openstack/openstack-helm) team.
-- [Chartify](https://github.com/appscode/chartify) - Generate Helm charts from existing Kubernetes resources.
-- [VIM-Kubernetes](https://github.com/andrewstuart/vim-kubernetes) - VIM plugin for Kubernetes and Helm
-- [Landscaper](https://github.com/Eneco/landscaper/) - "Landscaper takes a set of Helm Chart references with values (a desired state), and realizes this in a Kubernetes cluster."
-- [Rudder](https://github.com/AcalephStorage/rudder) - RESTful (JSON) proxy for Tiller's API
-- [Helmfile](https://github.com/roboll/helmfile) - Helmfile is a declarative spec for deploying helm charts
 - [Autohelm](https://github.com/reactiveops/autohelm) - Autohelm is _another_ simple declarative spec for deploying helm charts. Written in python and supports git urls as a source for helm charts.
-- [Helmsman](https://github.com/Praqma/helmsman) - Helmsman is a helm-charts-as-code tool which enables installing/upgrading/protecting/moving/deleting releases from version controlled desired state files (described in a simple TOML format).  
+- [ChartMuseum](https://github.com/chartmuseum/chartmuseum) - Helm Chart Repository with support for Amazon S3 and Google Cloud Storage
-- [Schelm](https://github.com/databus23/schelm) - Render a Helm manifest to a directory
+- [Chartify](https://github.com/appscode/chartify) - Generate Helm charts from existing Kubernetes resources.
-- [Drone.io Helm Plugin](http://plugins.drone.io/ipedrazas/drone-helm/) - Run Helm inside of the Drone CI/CD system
+- [Codefresh](https://codefresh.io) - Kubernetes native CI/CD and management platform with UI dashboards for managing Helm charts and releases
 - [Cog](https://github.com/ohaiwalt/cog-helm) - Helm chart to deploy Cog on Kubernetes
-- [Monocular](https://github.com/helm/monocular) - Web UI for Helm Chart repositories
+- [Drone.io Helm Plugin](http://plugins.drone.io/ipedrazas/drone-helm/) - Run Helm inside of the Drone CI/CD system
 - [Helm Chart Publisher](https://github.com/luizbafilho/helm-chart-publisher) - HTTP API for publishing Helm Charts in an easy way
-- [Armada](https://github.com/att-comdev/armada) - Manage prefixed releases throughout various Kubernetes namespaces, and removes completed jobs for complex deployments. Used by the [Openstack-Helm](https://github.com/openstack/openstack-helm) team.
-- [ChartMuseum](https://github.com/chartmuseum/chartmuseum) - Helm Chart Repository with support for Amazon S3 and Google Cloud Storage
 - [Helm.NET](https://github.com/qmfrederik/helm) - A .NET client for Tiller's API
-- [Codefresh](https://codefresh.io) - Kubernetes native CI/CD and management platform with UI dashboards for managing Helm charts and releases
+- [Helmfile](https://github.com/roboll/helmfile) - Helmfile is a declarative spec for deploying helm charts
+- [Helmsman](https://github.com/Praqma/helmsman) - Helmsman is a helm-charts-as-code tool which enables installing/upgrading/protecting/moving/deleting releases from version controlled desired state files (described in a simple TOML format).  
+- [Landscaper](https://github.com/Eneco/landscaper/) - "Landscaper takes a set of Helm Chart references with values (a desired state), and realizes this in a Kubernetes cluster."
+- [Monocular](https://github.com/helm/monocular) - Web UI for Helm Chart repositories
+- [Quay App Registry](https://coreos.com/blog/quay-application-registry-for-kubernetes.html) - Open Kubernetes application registry, including a Helm access client
+- [Rudder](https://github.com/AcalephStorage/rudder) - RESTful (JSON) proxy for Tiller's API
+- [Schelm](https://github.com/databus23/schelm) - Render a Helm manifest to a directory
+- [VIM-Kubernetes](https://github.com/andrewstuart/vim-kubernetes) - VIM plugin for Kubernetes and Helm
 
 ## Helm Included
 
 Platforms, distributions, and services that include Helm support.
 
-- [Kubernetic](https://kubernetic.com/) - Kubernetes Desktop Client
 - [Cabin](http://www.skippbox.com/cabin/) - Mobile App for Managing Kubernetes
-- [Qstack](https://qstack.com)
 - [Fabric8](https://fabric8.io) - Integrated development platform for Kubernetes
 - [Jenkins X](http://jenkins-x.io/) - open source automated CI/CD for Kubernetes which uses Helm for [promoting](http://jenkins-x.io/about/features/#promotion) applications through [environments via GitOps](http://jenkins-x.io/about/features/#environments)
+- [Kubernetic](https://kubernetic.com/) - Kubernetes Desktop Client
+- [Qstack](https://qstack.com)
 
 ## Misc
 

docs/release_checklist.md

@@ -223,7 +223,7 @@ The community keeps growing, and we'd love to see you there!
 - Join the discussion in [Kubernetes Slack](https://slack.k8s.io/):
   - `#helm-users` for questions and just to hang out
   - `#helm-dev` for discussing PRs, code, and bugs
-- Hang out at the Public Developer Call: Thursday, 9:30 Pacific via [Zoom](https://zoom.us/j/4526666954)
+- Hang out at the Public Developer Call: Thursday, 9:30 Pacific via [Zoom](https://zoom.us/j/696660622)
 - Test, debug, and contribute charts: [GitHub/kubernetes/charts](https://github.com/kubernetes/charts)
 
 ## Installation and Upgrading

docs/tiller_ssl.md

@@ -284,6 +284,23 @@ the host name that Helm connects to matches the host name on the certificate. In
 some cases this is awkward, since Helm will connect over localhost, or the FQDN is
 not available for public resolution.
 
+*If I use `--tls-verify` on the client, I get `Error: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs`*
+
+By default, the Helm client connects to Tiller via tunnel (i.e. kube proxy) at 127.0.0.1. During the TLS handshake,
+a target, usually provided as a hostname (e.g. example.com), is checked against the subject and subject alternative
+names of the certificate (i.e. hostname verficiation). However, because of the tunnel, the target is an IP address.
+Therefore, to validate the certificate, the IP address 127.0.0.1 must be listed as an IP subject alternative name
+(IP SAN) in the Tiller certificate.
+
+For example, to list 127.0.0.1 as an IP SAN when generating the Tiller certificate:
+
+```console
+$ echo subjectAltName=IP:127.0.0.1 > extfile.cnf
+$ openssl x509 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in tiller.csr.pem -out tiller.cert.pem -days 365 -extfile extfile.cnf
+```
+
+Alternatively, you can override the expected hostname of the tiller certificate using the `--tls-hostname` flag.
+
 *If I use `--tls-verify` on the client, I get `Error: x509: certificate has expired or is not yet valid`*
 
 Your helm certificate has expired, you need to sign a new certificate using your private key and the CA (and consider increasing the number of days)

pkg/helm/client.go

@@ -360,7 +360,7 @@ func (h *Client) list(ctx context.Context, req *rls.ListReleasesRequest) (*rls.L
 			resp = r
 			continue
 		}
-		resp.Releases = append(resp.Releases, r.GetReleases()[0])
+		resp.Releases = append(resp.Releases, r.GetReleases()...)
 	}
 	return resp, nil
 }

pkg/strvals/parser.go

@@ -94,7 +94,7 @@ func ParseIntoFile(s string, dest map[string]interface{}, runesToVal runesToVal)
 	return t.parse()
 }
 
-// ParseIntoString parses a strvals line nad merges the result into dest.
+// ParseIntoString parses a strvals line and merges the result into dest.
 //
 // This method always returns a string as the value.
 func ParseIntoString(s string, dest map[string]interface{}) error {

pkg/tlsutil/cfg.go

@@ -33,6 +33,9 @@ type Options struct {
 	CertFile string
 	// Client-only options
 	InsecureSkipVerify bool
+	// Overrides the server name used to verify the hostname on the returned
+	// certificates from the server.
+	ServerName string
 	// Server-only options
 	ClientAuth tls.ClientAuthType
 }
@@ -55,8 +58,12 @@ func ClientConfig(opts Options) (cfg *tls.Config, err error) {
 			return nil, err
 		}
 	}
-
+	cfg = &tls.Config{
-	cfg = &tls.Config{InsecureSkipVerify: opts.InsecureSkipVerify, Certificates: []tls.Certificate{*cert}, RootCAs: pool}
+		InsecureSkipVerify: opts.InsecureSkipVerify,
+		Certificates:       []tls.Certificate{*cert},
+		ServerName:         opts.ServerName,
+		RootCAs:            pool,
+	}
 	return cfg, nil
 }
 

pkg/version/version.go

@@ -26,7 +26,7 @@ var (
 	// Increment major number for new feature additions and behavioral changes.
 	// Increment minor number for bug fixes and performance enhancements.
 	// Increment patch number for critical fixes to existing releases.
-	Version = "v2.8"
+	Version = "v2.10"
 
 	// BuildMetadata is extra build time data
 	BuildMetadata = "unreleased"

scripts/get

@@ -78,9 +78,9 @@ checkDesiredVersion() {
   # Use the GitHub releases webpage for the project to find the desired version for this project.
   local release_url="https://github.com/helm/helm/releases/${DESIRED_VERSION:-latest}"
   if type "curl" > /dev/null; then
-    TAG=$(curl -SsL $release_url | awk '/\/tag\//' | grep -v no-underline | cut -d '"' -f 2 | awk '{n=split($NF,a,"/");print a[n]}' | awk 'a !~ $0{print}; {a=$0}')
+    TAG=$(curl -SsL $release_url | awk '/\/tag\//' | grep -v no-underline | head -n 1 | cut -d '"' -f 2 | awk '{n=split($NF,a,"/");print a[n]}' | awk 'a !~ $0{print}; {a=$0}')
   elif type "wget" > /dev/null; then
-    TAG=$(wget -q -O - $release_url | awk '/\/tag\//' | grep -v no-underline | cut -d '"' -f 2 | awk '{n=split($NF,a,"/");print a[n]}' | awk 'a !~ $0{print}; {a=$0}')
+    TAG=$(wget -q -O - $release_url | awk '/\/tag\//' | grep -v no-underline | head -n 1 | cut -d '"' -f 2 | awk '{n=split($NF,a,"/");print a[n]}' | awk 'a !~ $0{print}; {a=$0}')
   fi
   if [ "x$TAG" == "x" ]; then
     echo "Cannot determine ${DESIRED_VERSION} tag."