docs(*): update tiller_ssl.md to reflect IP SAN usage.
When using helm/tiller in tls-verify mode, 127.0.0.1 should
be listed as an IP SAN in the tiller certificate to pass
hostname verficiation of the TLS handshake.
Closes#4149
pull/4444/head
fibonacci17297 years agocommitted byMatthew Fisher
cmd.Flags().StringVar(&tlsServerName,"tls-hostname",settings.TillerHost,"the server name used to verify the hostname on the returned certificates from the server")
cmd.Flags().StringVar(&tlsCaCertFile,"tls-ca-cert",tlsCaCertDefault,"path to TLS CA certificate file")
cmd.Flags().StringVar(&tlsCertFile,"tls-cert",tlsCertDefault,"path to TLS certificate file")
cmd.Flags().StringVar(&tlsKeyFile,"tls-key",tlsKeyDefault,"path to TLS key file")
--description string specify a description for the release
--dry-run simulate a rollback
--force force resource update through delete/recreate if needed
--no-hooks prevent hooks from running during rollback
--recreate-pods performs pods restart for the resource if applicable
--timeout int time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks) (default 300)
--tls enable TLS for request
--tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
--tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem")
--tls-key string path to TLS key file (default "$HELM_HOME/key.pem")
--tls-verify enable TLS for request and verify remote
--wait if set, will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment are in a ready state before marking the release as successful. It will wait for as long as --timeout
--description string specify a description for the release
--dry-run simulate a rollback
--force force resource update through delete/recreate if needed
--no-hooks prevent hooks from running during rollback
--recreate-pods performs pods restart for the resource if applicable
--timeout int time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks) (default 300)
--tls enable TLS for request
--tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
--tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem")
--tls-hostname string the server name used to verify the hostname on the returned certificates from the server
--tls-key string path to TLS key file (default "$HELM_HOME/key.pem")
--tls-verify enable TLS for request and verify remote
--wait if set, will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment are in a ready state before marking the release as successful. It will wait for as long as --timeout