From 1b34a511d4ae38e43518e99a8250330515e3a93c Mon Sep 17 00:00:00 2001 From: aswinkarthik Date: Wed, 15 Aug 2018 18:20:15 +0530 Subject: [PATCH] fix(helm): Add --tiller-tls-hostname flag to 'helm init' This will fix the bug where 'helm init --wait' fails when TLS is used. Signed-off-by: aswinkarthik --- cmd/helm/helm.go | 2 +- cmd/helm/init.go | 1 + docs/helm/helm_init.md | 49 +++++++++++++++++++++--------------------- 3 files changed, 27 insertions(+), 25 deletions(-) diff --git a/cmd/helm/helm.go b/cmd/helm/helm.go index cdb6313e2..6cb1c78ea 100644 --- a/cmd/helm/helm.go +++ b/cmd/helm/helm.go @@ -286,7 +286,7 @@ func newClient() helm.Interface { if tlsKeyFile == "" { tlsKeyFile = settings.Home.TLSKey() } - debug("Host=%q, Key=%q, Cert=%q, CA=%q\n", tlsKeyFile, tlsCertFile, tlsCaCertFile) + debug("Host=%q, Key=%q, Cert=%q, CA=%q\n", tlsServerName, tlsKeyFile, tlsCertFile, tlsCaCertFile) tlsopts := tlsutil.Options{ ServerName: tlsServerName, KeyFile: tlsKeyFile, diff --git a/cmd/helm/init.go b/cmd/helm/init.go index 138fa14d7..630847f3b 100644 --- a/cmd/helm/init.go +++ b/cmd/helm/init.go @@ -126,6 +126,7 @@ func newInitCmd(out io.Writer) *cobra.Command { f.StringVar(&tlsKeyFile, "tiller-tls-key", "", "path to TLS key file to install with Tiller") f.StringVar(&tlsCertFile, "tiller-tls-cert", "", "path to TLS certificate file to install with Tiller") f.StringVar(&tlsCaCertFile, "tls-ca-cert", "", "path to CA root certificate") + f.StringVar(&tlsServerName, "tiller-tls-hostname", settings.TillerHost, "the server name used to verify the hostname on the returned certificates from Tiller") f.StringVar(&stableRepositoryURL, "stable-repo-url", stableRepositoryURL, "URL for stable repository") f.StringVar(&localRepositoryURL, "local-repo-url", localRepositoryURL, "URL for local repository") diff --git a/docs/helm/helm_init.md b/docs/helm/helm_init.md index 430cc3d0e..f1aad3159 100644 --- a/docs/helm/helm_init.md +++ b/docs/helm/helm_init.md @@ -32,29 +32,30 @@ helm init [flags] ### Options ``` - --canary-image use the canary Tiller image - -c, --client-only if set does not install Tiller - --dry-run do not install local or remote - --force-upgrade force upgrade of Tiller to the current helm version - -h, --help help for init - --history-max int limit the maximum number of revisions saved per release. Use 0 for no limit. - --local-repo-url string URL for local repository (default "http://127.0.0.1:8879/charts") - --net-host install Tiller with net=host - --node-selectors string labels to specify the node on which Tiller is installed (app=tiller,helm=rocks) - -o, --output OutputFormat skip installation and output Tiller's manifest in specified format (json or yaml) - --override stringArray override values for the Tiller Deployment manifest (can specify multiple or separate values with commas: key1=val1,key2=val2) - --replicas int amount of tiller instances to run on the cluster (default 1) - --service-account string name of service account - --skip-refresh do not refresh (download) the local repository cache - --stable-repo-url string URL for stable repository (default "https://kubernetes-charts.storage.googleapis.com") - -i, --tiller-image string override Tiller image - --tiller-tls install Tiller with TLS enabled - --tiller-tls-cert string path to TLS certificate file to install with Tiller - --tiller-tls-key string path to TLS key file to install with Tiller - --tiller-tls-verify install Tiller with TLS enabled and to verify remote certificates - --tls-ca-cert string path to CA root certificate - --upgrade upgrade if Tiller is already installed - --wait block until Tiller is running and ready to receive requests + --canary-image use the canary Tiller image + -c, --client-only if set does not install Tiller + --dry-run do not install local or remote + --force-upgrade force upgrade of Tiller to the current helm version + -h, --help help for init + --history-max int limit the maximum number of revisions saved per release. Use 0 for no limit. + --local-repo-url string URL for local repository (default "http://127.0.0.1:8879/charts") + --net-host install Tiller with net=host + --node-selectors string labels to specify the node on which Tiller is installed (app=tiller,helm=rocks) + -o, --output OutputFormat skip installation and output Tiller's manifest in specified format (json or yaml) + --override stringArray override values for the Tiller Deployment manifest (can specify multiple or separate values with commas: key1=val1,key2=val2) + --replicas int amount of tiller instances to run on the cluster (default 1) + --service-account string name of service account + --skip-refresh do not refresh (download) the local repository cache + --stable-repo-url string URL for stable repository (default "https://kubernetes-charts.storage.googleapis.com") + -i, --tiller-image string override Tiller image + --tiller-tls install Tiller with TLS enabled + --tiller-tls-cert string path to TLS certificate file to install with Tiller + --tiller-tls-hostname string the server name used to verify the hostname on the returned certificates from Tiller + --tiller-tls-key string path to TLS key file to install with Tiller + --tiller-tls-verify install Tiller with TLS enabled and to verify remote certificates + --tls-ca-cert string path to CA root certificate + --upgrade upgrade if Tiller is already installed + --wait block until Tiller is running and ready to receive requests ``` ### Options inherited from parent commands @@ -73,4 +74,4 @@ helm init [flags] * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 1-Aug-2018 +###### Auto generated by spf13/cobra on 1-Sep-2018