diff --git a/cmd/helm/get.go b/cmd/helm/get.go index 5744beb62..359ae37e0 100644 --- a/cmd/helm/get.go +++ b/cmd/helm/get.go @@ -72,9 +72,9 @@ func newGetCmd(client helm.Interface, out io.Writer) *cobra.Command { cmd.Flags().Int32Var(&get.version, "revision", 0, "get the named release with revision") - cmd.AddCommand(addFlagsTLS(newGetValuesCmd(nil, out))) - cmd.AddCommand(addFlagsTLS(newGetManifestCmd(nil, out))) - cmd.AddCommand(addFlagsTLS(newGetHooksCmd(nil, out))) + cmd.AddCommand(newGetValuesCmd(nil, out)) + cmd.AddCommand(newGetManifestCmd(nil, out)) + cmd.AddCommand(newGetHooksCmd(nil, out)) return cmd } diff --git a/cmd/helm/helm.go b/cmd/helm/helm.go index 8607129e4..79da2d272 100644 --- a/cmd/helm/helm.go +++ b/cmd/helm/helm.go @@ -40,16 +40,6 @@ import ( ) var ( - tlsCaCertFile string // path to TLS CA certificate file - tlsCertFile string // path to TLS certificate file - tlsKeyFile string // path to TLS key file - tlsVerify bool // enable TLS and verify remote certificates - tlsEnable bool // enable TLS - - tlsCaCertDefault = "$HELM_HOME/ca.pem" - tlsCertDefault = "$HELM_HOME/cert.pem" - tlsKeyDefault = "$HELM_HOME/key.pem" - tillerTunnel *kube.Tunnel settings helm_env.EnvSettings ) @@ -76,6 +66,11 @@ Environment: $HELM_NO_PLUGINS disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins. $TILLER_NAMESPACE set an alternative Tiller namespace (default "kube-system") $KUBECONFIG set an alternative Kubernetes configuration file (default "~/.kube/config") + $HELM_TLS_CA_CERT path to TLS CA certificate used to verify the Helm client and Tiller server certificates (default "$HELM_HOME/ca.pem") + $HELM_TLS_CERT path to TLS client certificate file for authenticating to Tiller (default "$HELM_HOME/cert.pem") + $HELM_TLS_KEY path to TLS client key file for authenticating to Tiller (default "$HELM_HOME/key.pem") + $HELM_TLS_VERIFY enable TLS connection between Helm and Tiller and verify Tiller server certificate (default "false") + $HELM_TLS_ENABLE enable TLS connection between Helm and Tiller (default "false") ` func newRootCmd(args []string) *cobra.Command { @@ -84,11 +79,6 @@ func newRootCmd(args []string) *cobra.Command { Short: "The Helm package manager for Kubernetes.", Long: globalUsage, SilenceUsage: true, - PersistentPreRun: func(*cobra.Command, []string) { - tlsCaCertFile = os.ExpandEnv(tlsCaCertFile) - tlsCertFile = os.ExpandEnv(tlsCertFile) - tlsKeyFile = os.ExpandEnv(tlsKeyFile) - }, PersistentPostRun: func(*cobra.Command, []string) { teardown() }, @@ -113,18 +103,18 @@ func newRootCmd(args []string) *cobra.Command { newVerifyCmd(out), // release commands - addFlagsTLS(newDeleteCmd(nil, out)), - addFlagsTLS(newGetCmd(nil, out)), - addFlagsTLS(newHistoryCmd(nil, out)), - addFlagsTLS(newInstallCmd(nil, out)), - addFlagsTLS(newListCmd(nil, out)), - addFlagsTLS(newRollbackCmd(nil, out)), - addFlagsTLS(newStatusCmd(nil, out)), - addFlagsTLS(newUpgradeCmd(nil, out)), - - addFlagsTLS(newReleaseTestCmd(nil, out)), - addFlagsTLS(newResetCmd(nil, out)), - addFlagsTLS(newVersionCmd(nil, out)), + newDeleteCmd(nil, out), + newGetCmd(nil, out), + newHistoryCmd(nil, out), + newInstallCmd(nil, out), + newListCmd(nil, out), + newRollbackCmd(nil, out), + newStatusCmd(nil, out), + newUpgradeCmd(nil, out), + + newReleaseTestCmd(nil, out), + newResetCmd(nil, out), + newVersionCmd(nil, out), newCompletionCmd(out), newHomeCmd(out), @@ -275,20 +265,11 @@ func ensureHelmClient(h helm.Interface) helm.Interface { func newClient() helm.Interface { options := []helm.Option{helm.Host(settings.TillerHost), helm.ConnectTimeout(settings.TillerConnectionTimeout)} - if tlsVerify || tlsEnable { - if tlsCaCertFile == "" { - tlsCaCertFile = settings.Home.TLSCaCert() - } - if tlsCertFile == "" { - tlsCertFile = settings.Home.TLSCert() - } - if tlsKeyFile == "" { - tlsKeyFile = settings.Home.TLSKey() - } - debug("Key=%q, Cert=%q, CA=%q\n", tlsKeyFile, tlsCertFile, tlsCaCertFile) - tlsopts := tlsutil.Options{KeyFile: tlsKeyFile, CertFile: tlsCertFile, InsecureSkipVerify: true} - if tlsVerify { - tlsopts.CaCertFile = tlsCaCertFile + if settings.TLSVerify || settings.TLSEnable { + debug("Key=%q, Cert=%q, CA=%q\n", settings.TLSKeyFile, settings.TLSCertFile, settings.TLSCaCertFile) + tlsopts := tlsutil.Options{KeyFile: settings.TLSKeyFile, CertFile: settings.TLSCertFile, InsecureSkipVerify: true} + if settings.TLSVerify { + tlsopts.CaCertFile = settings.TLSCaCertFile tlsopts.InsecureSkipVerify = false } tlscfg, err := tlsutil.ClientConfig(tlsopts) @@ -300,16 +281,3 @@ func newClient() helm.Interface { } return helm.NewClient(options...) } - -// addFlagsTLS adds the flags for supporting client side TLS to the -// helm command (only those that invoke communicate to Tiller.) -func addFlagsTLS(cmd *cobra.Command) *cobra.Command { - - // add flags - cmd.Flags().StringVar(&tlsCaCertFile, "tls-ca-cert", tlsCaCertDefault, "path to TLS CA certificate file") - cmd.Flags().StringVar(&tlsCertFile, "tls-cert", tlsCertDefault, "path to TLS certificate file") - cmd.Flags().StringVar(&tlsKeyFile, "tls-key", tlsKeyDefault, "path to TLS key file") - cmd.Flags().BoolVar(&tlsVerify, "tls-verify", false, "enable TLS for request and verify remote") - cmd.Flags().BoolVar(&tlsEnable, "tls", false, "enable TLS for request") - return cmd -} diff --git a/cmd/helm/init.go b/cmd/helm/init.go index 138fa14d7..4d03f6801 100644 --- a/cmd/helm/init.go +++ b/cmd/helm/init.go @@ -90,6 +90,11 @@ type initCmd struct { maxHistory int replicas int wait bool + tlsEnable bool + tlsVerify bool + tlsKeyFile string + tlsCertFile string + tlsCaCertFile string } func newInitCmd(out io.Writer) *cobra.Command { @@ -105,6 +110,7 @@ func newInitCmd(out io.Writer) *cobra.Command { } i.namespace = settings.TillerNamespace i.home = settings.Home + i.tlsCaCertFile = settings.TLSCaCertFile i.client = ensureHelmClient(i.client) return i.run() @@ -121,11 +127,10 @@ func newInitCmd(out io.Writer) *cobra.Command { f.BoolVar(&i.skipRefresh, "skip-refresh", false, "do not refresh (download) the local repository cache") f.BoolVar(&i.wait, "wait", false, "block until Tiller is running and ready to receive requests") - f.BoolVar(&tlsEnable, "tiller-tls", false, "install Tiller with TLS enabled") - f.BoolVar(&tlsVerify, "tiller-tls-verify", false, "install Tiller with TLS enabled and to verify remote certificates") - f.StringVar(&tlsKeyFile, "tiller-tls-key", "", "path to TLS key file to install with Tiller") - f.StringVar(&tlsCertFile, "tiller-tls-cert", "", "path to TLS certificate file to install with Tiller") - f.StringVar(&tlsCaCertFile, "tls-ca-cert", "", "path to CA root certificate") + f.BoolVar(&i.tlsEnable, "tiller-tls", false, "install Tiller with TLS enabled") + f.BoolVar(&i.tlsVerify, "tiller-tls-verify", false, "install Tiller with TLS and Helm client certificate verification enabled") + f.StringVar(&i.tlsKeyFile, "tiller-tls-key", "", "path to Tiller TLS server key file") + f.StringVar(&i.tlsCertFile, "tiller-tls-cert", "", "path to Tiller TLS server certificate file") f.StringVar(&stableRepositoryURL, "stable-repo-url", stableRepositoryURL, "URL for stable repository") f.StringVar(&localRepositoryURL, "local-repo-url", localRepositoryURL, "URL for local repository") @@ -145,22 +150,22 @@ func newInitCmd(out io.Writer) *cobra.Command { // tlsOptions sanitizes the tls flags as well as checks for the existence of required // tls files indicated by those flags, if any. func (i *initCmd) tlsOptions() error { - i.opts.EnableTLS = tlsEnable || tlsVerify - i.opts.VerifyTLS = tlsVerify + i.opts.EnableTLS = i.tlsEnable || i.tlsVerify + i.opts.VerifyTLS = i.tlsVerify if i.opts.EnableTLS { missing := func(file string) bool { _, err := os.Stat(file) return os.IsNotExist(err) } - if i.opts.TLSKeyFile = tlsKeyFile; i.opts.TLSKeyFile == "" || missing(i.opts.TLSKeyFile) { - return errors.New("missing required TLS key file") + if i.opts.TLSKeyFile = i.tlsKeyFile; i.opts.TLSKeyFile == "" || missing(i.opts.TLSKeyFile) { + return errors.New("missing required TLS server key file") } - if i.opts.TLSCertFile = tlsCertFile; i.opts.TLSCertFile == "" || missing(i.opts.TLSCertFile) { - return errors.New("missing required TLS certificate file") + if i.opts.TLSCertFile = i.tlsCertFile; i.opts.TLSCertFile == "" || missing(i.opts.TLSCertFile) { + return errors.New("missing required TLS server certificate file") } if i.opts.VerifyTLS { - if i.opts.TLSCaCertFile = tlsCaCertFile; i.opts.TLSCaCertFile == "" || missing(i.opts.TLSCaCertFile) { + if i.opts.TLSCaCertFile = i.tlsCaCertFile; i.opts.TLSCaCertFile == "" || missing(i.opts.TLSCaCertFile) { return errors.New("missing required TLS CA file") } } @@ -282,7 +287,7 @@ func (i *initCmd) run() error { } } else { fmt.Fprintln(i.out, "\nTiller (the Helm server-side component) has been installed into your Kubernetes Cluster.") - if !tlsVerify { + if !i.tlsVerify { fmt.Fprintln(i.out, "\nPlease note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.\n"+ "To prevent this, run `helm init` with the --tiller-tls-verify flag.\n"+ "For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation") diff --git a/cmd/helm/init_test.go b/cmd/helm/init_test.go index fd6ef97c4..050b1c83e 100644 --- a/cmd/helm/init_test.go +++ b/cmd/helm/init_test.go @@ -280,13 +280,14 @@ func TestInitCmd_tlsOptions(t *testing.T) { } for _, tt := range tests { - // emulate tls file specific flags - tlsCaCertFile, tlsCertFile, tlsKeyFile = tt.caFile, tt.certFile, tt.keyFile - - // emulate tls enable/verify flags - tlsEnable, tlsVerify = tt.enable, tt.verify - - cmd := &initCmd{} + // emulate tls flags + cmd := &initCmd{ + tlsCaCertFile: tt.caFile, + tlsCertFile: tt.certFile, + tlsKeyFile: tt.keyFile, + tlsVerify: tt.verify, + tlsEnable: tt.enable, + } if err := cmd.tlsOptions(); err != nil { t.Fatalf("unexpected error: %v", err) } diff --git a/docs/helm/helm.md b/docs/helm/helm.md index ae27de401..19f4efda1 100644 --- a/docs/helm/helm.md +++ b/docs/helm/helm.md @@ -27,6 +27,11 @@ Environment: $HELM_NO_PLUGINS disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins. $TILLER_NAMESPACE set an alternative Tiller namespace (default "kube-system") $KUBECONFIG set an alternative Kubernetes configuration file (default "~/.kube/config") + $HELM_TLS_CA_CERT path to TLS CA certificate used to verify the Helm client and Tiller server certificates (default "$HELM_HOME/ca.pem") + $HELM_TLS_CERT path to TLS client certificate file for authenticating to Tiller (default "$HELM_HOME/cert.pem") + $HELM_TLS_KEY path to TLS client key file for authenticating to Tiller (default "$HELM_HOME/key.pem") + $HELM_TLS_VERIFY enable TLS connection between Helm and Tiller and verify Tiller server certificate (default "false") + $HELM_TLS_ENABLE enable TLS connection between Helm and Tiller (default "false") ### Options @@ -39,6 +44,11 @@ Environment: --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO @@ -69,4 +79,4 @@ Environment: * [helm verify](helm_verify.md) - verify that a chart at the given path has been signed and is valid * [helm version](helm_version.md) - print the client/server version information -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_completion.md b/docs/helm/helm_completion.md index 64a6056f8..04fc9eb87 100644 --- a/docs/helm/helm_completion.md +++ b/docs/helm/helm_completion.md @@ -31,9 +31,14 @@ helm completion SHELL --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_create.md b/docs/helm/helm_create.md index 7ae947ed7..06012b495 100644 --- a/docs/helm/helm_create.md +++ b/docs/helm/helm_create.md @@ -50,9 +50,14 @@ helm create NAME --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_delete.md b/docs/helm/helm_delete.md index e181f439e..182d3b3e5 100644 --- a/docs/helm/helm_delete.md +++ b/docs/helm/helm_delete.md @@ -25,11 +25,6 @@ helm delete [flags] RELEASE_NAME [...] --no-hooks prevent hooks from running during deletion --purge remove the release from the store and make its name free for later use --timeout int time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks) (default 300) - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote ``` ### Options inherited from parent commands @@ -42,9 +37,14 @@ helm delete [flags] RELEASE_NAME [...] --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_dependency.md b/docs/helm/helm_dependency.md index b0085c6c7..c8e82aec1 100644 --- a/docs/helm/helm_dependency.md +++ b/docs/helm/helm_dependency.md @@ -64,6 +64,11 @@ for this case. --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO @@ -72,4 +77,4 @@ for this case. * [helm dependency list](helm_dependency_list.md) - list the dependencies for the given chart * [helm dependency update](helm_dependency_update.md) - update charts/ based on the contents of requirements.yaml -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_dependency_build.md b/docs/helm/helm_dependency_build.md index eea2fa02c..f0a15d53e 100644 --- a/docs/helm/helm_dependency_build.md +++ b/docs/helm/helm_dependency_build.md @@ -37,9 +37,14 @@ helm dependency build [flags] CHART --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm dependency](helm_dependency.md) - manage a chart's dependencies -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_dependency_list.md b/docs/helm/helm_dependency_list.md index d6bc0175a..784a04288 100644 --- a/docs/helm/helm_dependency_list.md +++ b/docs/helm/helm_dependency_list.md @@ -29,9 +29,14 @@ helm dependency list [flags] CHART --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm dependency](helm_dependency.md) - manage a chart's dependencies -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_dependency_update.md b/docs/helm/helm_dependency_update.md index 90b81ecea..6c317c543 100644 --- a/docs/helm/helm_dependency_update.md +++ b/docs/helm/helm_dependency_update.md @@ -42,9 +42,14 @@ helm dependency update [flags] CHART --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm dependency](helm_dependency.md) - manage a chart's dependencies -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_fetch.md b/docs/helm/helm_fetch.md index c347d1620..467d21071 100644 --- a/docs/helm/helm_fetch.md +++ b/docs/helm/helm_fetch.md @@ -53,9 +53,14 @@ helm fetch [flags] [chart URL | repo/chartname] [...] --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_get.md b/docs/helm/helm_get.md index f233cd2a7..e525e0f97 100644 --- a/docs/helm/helm_get.md +++ b/docs/helm/helm_get.md @@ -25,12 +25,7 @@ helm get [flags] RELEASE_NAME ### Options ``` - --revision int32 get the named release with revision - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + --revision int32 get the named release with revision ``` ### Options inherited from parent commands @@ -43,6 +38,11 @@ helm get [flags] RELEASE_NAME --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO @@ -51,4 +51,4 @@ helm get [flags] RELEASE_NAME * [helm get manifest](helm_get_manifest.md) - download the manifest for a named release * [helm get values](helm_get_values.md) - download the values file for a named release -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_get_hooks.md b/docs/helm/helm_get_hooks.md index 4f9fa1887..e9bf95e10 100644 --- a/docs/helm/helm_get_hooks.md +++ b/docs/helm/helm_get_hooks.md @@ -18,12 +18,7 @@ helm get hooks [flags] RELEASE_NAME ### Options ``` - --revision int32 get the named release with revision - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + --revision int32 get the named release with revision ``` ### Options inherited from parent commands @@ -36,9 +31,14 @@ helm get hooks [flags] RELEASE_NAME --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm get](helm_get.md) - download a named release -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_get_manifest.md b/docs/helm/helm_get_manifest.md index 3ae55ef3e..f7aff7e73 100644 --- a/docs/helm/helm_get_manifest.md +++ b/docs/helm/helm_get_manifest.md @@ -20,12 +20,7 @@ helm get manifest [flags] RELEASE_NAME ### Options ``` - --revision int32 get the named release with revision - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + --revision int32 get the named release with revision ``` ### Options inherited from parent commands @@ -38,9 +33,14 @@ helm get manifest [flags] RELEASE_NAME --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm get](helm_get.md) - download a named release -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_get_values.md b/docs/helm/helm_get_values.md index 12d973122..f8226eb8d 100644 --- a/docs/helm/helm_get_values.md +++ b/docs/helm/helm_get_values.md @@ -16,13 +16,8 @@ helm get values [flags] RELEASE_NAME ### Options ``` - -a, --all dump all (computed) values - --revision int32 get the named release with revision - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + -a, --all dump all (computed) values + --revision int32 get the named release with revision ``` ### Options inherited from parent commands @@ -35,9 +30,14 @@ helm get values [flags] RELEASE_NAME --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm get](helm_get.md) - download a named release -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_history.md b/docs/helm/helm_history.md index 437e70f03..ac03a27f8 100755 --- a/docs/helm/helm_history.md +++ b/docs/helm/helm_history.md @@ -28,14 +28,9 @@ helm history [flags] RELEASE_NAME ### Options ``` - --col-width uint specifies the max column width of output (default 60) - --max int32 maximum number of revision to include in history (default 256) - -o, --output string prints the output in the specified format (json|table|yaml) (default "table") - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + --col-width uint specifies the max column width of output (default 60) + --max int32 maximum number of revision to include in history (default 256) + -o, --output string prints the output in the specified format (json|table|yaml) (default "table") ``` ### Options inherited from parent commands @@ -48,9 +43,14 @@ helm history [flags] RELEASE_NAME --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_home.md b/docs/helm/helm_home.md index 9af12c91a..dfb2aeeb4 100644 --- a/docs/helm/helm_home.md +++ b/docs/helm/helm_home.md @@ -24,9 +24,14 @@ helm home --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_init.md b/docs/helm/helm_init.md index ec775520a..558272169 100644 --- a/docs/helm/helm_init.md +++ b/docs/helm/helm_init.md @@ -49,10 +49,9 @@ helm init --stable-repo-url string URL for stable repository (default "https://kubernetes-charts.storage.googleapis.com") -i, --tiller-image string override Tiller image --tiller-tls install Tiller with TLS enabled - --tiller-tls-cert string path to TLS certificate file to install with Tiller - --tiller-tls-key string path to TLS key file to install with Tiller - --tiller-tls-verify install Tiller with TLS enabled and to verify remote certificates - --tls-ca-cert string path to CA root certificate + --tiller-tls-cert string path to Tiller TLS server certificate file + --tiller-tls-key string path to Tiller TLS server key file + --tiller-tls-verify install Tiller with TLS and Helm client certificate verification enabled --upgrade upgrade if Tiller is already installed --wait block until Tiller is running and ready to receive requests ``` @@ -67,9 +66,14 @@ helm init --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_inspect.md b/docs/helm/helm_inspect.md index 4bc904f63..0551578fd 100644 --- a/docs/helm/helm_inspect.md +++ b/docs/helm/helm_inspect.md @@ -40,6 +40,11 @@ helm inspect [CHART] --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO @@ -48,4 +53,4 @@ helm inspect [CHART] * [helm inspect readme](helm_inspect_readme.md) - shows inspect readme * [helm inspect values](helm_inspect_values.md) - shows inspect values -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_inspect_chart.md b/docs/helm/helm_inspect_chart.md index 257f26051..fb503ff4d 100644 --- a/docs/helm/helm_inspect_chart.md +++ b/docs/helm/helm_inspect_chart.md @@ -38,9 +38,14 @@ helm inspect chart [CHART] --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm inspect](helm_inspect.md) - inspect a chart -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_inspect_readme.md b/docs/helm/helm_inspect_readme.md index 8ff7d892e..5bef5d1e1 100644 --- a/docs/helm/helm_inspect_readme.md +++ b/docs/helm/helm_inspect_readme.md @@ -36,9 +36,14 @@ helm inspect readme [CHART] --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm inspect](helm_inspect.md) - inspect a chart -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_inspect_values.md b/docs/helm/helm_inspect_values.md index 50ff6ac24..707cea369 100644 --- a/docs/helm/helm_inspect_values.md +++ b/docs/helm/helm_inspect_values.md @@ -38,9 +38,14 @@ helm inspect values [CHART] --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm inspect](helm_inspect.md) - inspect a chart -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_install.md b/docs/helm/helm_install.md index c266222b8..85c6562c7 100644 --- a/docs/helm/helm_install.md +++ b/docs/helm/helm_install.md @@ -99,11 +99,6 @@ helm install [CHART] --set-file stringArray set values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2) --set-string stringArray set STRING values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2) --timeout int time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks) (default 300) - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote --username string chart repository username where to locate the requested chart -f, --values valueFiles specify values in a YAML file or a URL(can specify multiple) (default []) --verify verify the package before installing it @@ -121,9 +116,14 @@ helm install [CHART] --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jul-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_lint.md b/docs/helm/helm_lint.md index 9c328a086..751af5846 100644 --- a/docs/helm/helm_lint.md +++ b/docs/helm/helm_lint.md @@ -39,9 +39,14 @@ helm lint [flags] PATH --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 25-Jul-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_list.md b/docs/helm/helm_list.md index c7e99e403..6cedee7a6 100755 --- a/docs/helm/helm_list.md +++ b/docs/helm/helm_list.md @@ -39,25 +39,20 @@ helm list [flags] [FILTER] ### Options ``` - -a, --all show all releases, not just the ones marked DEPLOYED - --col-width uint specifies the max column width of output (default 60) - -d, --date sort by release date - --deleted show deleted releases - --deleting show releases that are currently being deleted - --deployed show deployed releases. If no other is specified, this will be automatically enabled - --failed show failed releases - -m, --max int maximum number of releases to fetch (default 256) - --namespace string show releases within a specific namespace - -o, --offset string next release name in the list, used to offset from start value - --output string output the specified format (json or yaml) - --pending show pending releases - -r, --reverse reverse the sort order - -q, --short output short (quiet) listing format - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + -a, --all show all releases, not just the ones marked DEPLOYED + --col-width uint specifies the max column width of output (default 60) + -d, --date sort by release date + --deleted show deleted releases + --deleting show releases that are currently being deleted + --deployed show deployed releases. If no other is specified, this will be automatically enabled + --failed show failed releases + -m, --max int maximum number of releases to fetch (default 256) + --namespace string show releases within a specific namespace + -o, --offset string next release name in the list, used to offset from start value + --output string output the specified format (json or yaml) + --pending show pending releases + -r, --reverse reverse the sort order + -q, --short output short (quiet) listing format ``` ### Options inherited from parent commands @@ -70,9 +65,14 @@ helm list [flags] [FILTER] --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_package.md b/docs/helm/helm_package.md index 30d06fcf0..1beed40f3 100644 --- a/docs/helm/helm_package.md +++ b/docs/helm/helm_package.md @@ -43,9 +43,14 @@ helm package [flags] [CHART_PATH] [...] --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_plugin.md b/docs/helm/helm_plugin.md index bb0498d87..d9bef7213 100644 --- a/docs/helm/helm_plugin.md +++ b/docs/helm/helm_plugin.md @@ -19,6 +19,11 @@ Manage client-side Helm plugins. --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO @@ -28,4 +33,4 @@ Manage client-side Helm plugins. * [helm plugin remove](helm_plugin_remove.md) - remove one or more Helm plugins * [helm plugin update](helm_plugin_update.md) - update one or more Helm plugins -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_plugin_install.md b/docs/helm/helm_plugin_install.md index ab45850bf..fc515a193 100644 --- a/docs/helm/helm_plugin_install.md +++ b/docs/helm/helm_plugin_install.md @@ -32,9 +32,14 @@ helm plugin install [options] ... --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm plugin](helm_plugin.md) - add, list, or remove Helm plugins -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_plugin_list.md b/docs/helm/helm_plugin_list.md index dc13cdf7a..0ad119fa7 100644 --- a/docs/helm/helm_plugin_list.md +++ b/docs/helm/helm_plugin_list.md @@ -21,9 +21,14 @@ helm plugin list --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm plugin](helm_plugin.md) - add, list, or remove Helm plugins -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_plugin_remove.md b/docs/helm/helm_plugin_remove.md index 2ef833217..7c0e6dacc 100644 --- a/docs/helm/helm_plugin_remove.md +++ b/docs/helm/helm_plugin_remove.md @@ -21,9 +21,14 @@ helm plugin remove ... --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm plugin](helm_plugin.md) - add, list, or remove Helm plugins -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_plugin_update.md b/docs/helm/helm_plugin_update.md index 93bc3e764..7f738d7c2 100644 --- a/docs/helm/helm_plugin_update.md +++ b/docs/helm/helm_plugin_update.md @@ -21,9 +21,14 @@ helm plugin update ... --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm plugin](helm_plugin.md) - add, list, or remove Helm plugins -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_repo.md b/docs/helm/helm_repo.md index 32e9d02b2..1281d3f78 100644 --- a/docs/helm/helm_repo.md +++ b/docs/helm/helm_repo.md @@ -23,6 +23,11 @@ Example usage: --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO @@ -33,4 +38,4 @@ Example usage: * [helm repo remove](helm_repo_remove.md) - remove a chart repository * [helm repo update](helm_repo_update.md) - update information of available charts locally from chart repositories -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_repo_add.md b/docs/helm/helm_repo_add.md index 1deb0cb5c..daefc1d76 100644 --- a/docs/helm/helm_repo_add.md +++ b/docs/helm/helm_repo_add.md @@ -32,9 +32,14 @@ helm repo add [flags] [NAME] [URL] --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm repo](helm_repo.md) - add, list, remove, update, and index chart repositories -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_repo_index.md b/docs/helm/helm_repo_index.md index baa1291de..07612640d 100644 --- a/docs/helm/helm_repo_index.md +++ b/docs/helm/helm_repo_index.md @@ -37,9 +37,14 @@ helm repo index [flags] [DIR] --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm repo](helm_repo.md) - add, list, remove, update, and index chart repositories -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_repo_list.md b/docs/helm/helm_repo_list.md index 00221ed24..2459e733e 100644 --- a/docs/helm/helm_repo_list.md +++ b/docs/helm/helm_repo_list.md @@ -21,9 +21,14 @@ helm repo list [flags] --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm repo](helm_repo.md) - add, list, remove, update, and index chart repositories -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_repo_remove.md b/docs/helm/helm_repo_remove.md index 272ecea47..8db094172 100644 --- a/docs/helm/helm_repo_remove.md +++ b/docs/helm/helm_repo_remove.md @@ -21,9 +21,14 @@ helm repo remove [flags] [NAME] --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm repo](helm_repo.md) - add, list, remove, update, and index chart repositories -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_repo_update.md b/docs/helm/helm_repo_update.md index f0215da48..72fbc40bf 100644 --- a/docs/helm/helm_repo_update.md +++ b/docs/helm/helm_repo_update.md @@ -27,9 +27,14 @@ helm repo update --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm repo](helm_repo.md) - add, list, remove, update, and index chart repositories -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_reset.md b/docs/helm/helm_reset.md index 507a94bfd..ca488f012 100644 --- a/docs/helm/helm_reset.md +++ b/docs/helm/helm_reset.md @@ -18,13 +18,8 @@ helm reset ### Options ``` - -f, --force forces Tiller uninstall even if there are releases installed, or if Tiller is not in ready state. Releases are not deleted.) - --remove-helm-home if set deletes $HELM_HOME - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + -f, --force forces Tiller uninstall even if there are releases installed, or if Tiller is not in ready state. Releases are not deleted.) + --remove-helm-home if set deletes $HELM_HOME ``` ### Options inherited from parent commands @@ -37,9 +32,14 @@ helm reset --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_rollback.md b/docs/helm/helm_rollback.md index b40fb883a..3e0ad98dd 100644 --- a/docs/helm/helm_rollback.md +++ b/docs/helm/helm_rollback.md @@ -26,11 +26,6 @@ helm rollback [flags] [RELEASE] [REVISION] --no-hooks prevent hooks from running during rollback --recreate-pods performs pods restart for the resource if applicable --timeout int time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks) (default 300) - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote --wait if set, will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment are in a ready state before marking the release as successful. It will wait for as long as --timeout ``` @@ -44,9 +39,14 @@ helm rollback [flags] [RELEASE] [REVISION] --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_search.md b/docs/helm/helm_search.md index ffee22ce4..032a21b48 100644 --- a/docs/helm/helm_search.md +++ b/docs/helm/helm_search.md @@ -35,9 +35,14 @@ helm search [keyword] --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_serve.md b/docs/helm/helm_serve.md index e300ee633..37abdbbad 100644 --- a/docs/helm/helm_serve.md +++ b/docs/helm/helm_serve.md @@ -42,9 +42,14 @@ helm serve --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_status.md b/docs/helm/helm_status.md index 5317875e6..944de6bbe 100644 --- a/docs/helm/helm_status.md +++ b/docs/helm/helm_status.md @@ -23,13 +23,8 @@ helm status [flags] RELEASE_NAME ### Options ``` - -o, --output string output the status in the specified format (json or yaml) - --revision int32 if set, display the status of the named release with revision - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + -o, --output string output the status in the specified format (json or yaml) + --revision int32 if set, display the status of the named release with revision ``` ### Options inherited from parent commands @@ -42,9 +37,14 @@ helm status [flags] RELEASE_NAME --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_template.md b/docs/helm/helm_template.md index f456f74be..ae3561c11 100644 --- a/docs/helm/helm_template.md +++ b/docs/helm/helm_template.md @@ -49,9 +49,14 @@ helm template [flags] CHART --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jul-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_test.md b/docs/helm/helm_test.md index 688b67a34..bc96161a5 100644 --- a/docs/helm/helm_test.md +++ b/docs/helm/helm_test.md @@ -19,13 +19,8 @@ helm test [RELEASE] ### Options ``` - --cleanup delete test pods upon completion - --timeout int time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks) (default 300) - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + --cleanup delete test pods upon completion + --timeout int time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks) (default 300) ``` ### Options inherited from parent commands @@ -38,9 +33,14 @@ helm test [RELEASE] --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_upgrade.md b/docs/helm/helm_upgrade.md index ecd51e65c..6695e3ecc 100644 --- a/docs/helm/helm_upgrade.md +++ b/docs/helm/helm_upgrade.md @@ -59,11 +59,6 @@ helm upgrade [RELEASE] [CHART] --set-file stringArray set values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2) --set-string stringArray set STRING values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2) --timeout int time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks) (default 300) - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote --username string chart repository username where to locate the requested chart -f, --values valueFiles specify values in a YAML file or a URL(can specify multiple) (default []) --verify verify the provenance of the chart before upgrading @@ -81,9 +76,14 @@ helm upgrade [RELEASE] [CHART] --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-May-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_verify.md b/docs/helm/helm_verify.md index 866b3fbd8..010b19edc 100644 --- a/docs/helm/helm_verify.md +++ b/docs/helm/helm_verify.md @@ -36,9 +36,14 @@ helm verify [flags] PATH --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/docs/helm/helm_version.md b/docs/helm/helm_version.md index 61636c404..6287ed529 100644 --- a/docs/helm/helm_version.md +++ b/docs/helm/helm_version.md @@ -30,15 +30,10 @@ helm version ### Options ``` - -c, --client client version only - -s, --server server version only - --short print the version number - --template string template for version string format - --tls enable TLS for request - --tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem") - --tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem") - --tls-key string path to TLS key file (default "$HELM_HOME/key.pem") - --tls-verify enable TLS for request and verify remote + -c, --client client version only + -s, --server server version only + --short print the version number + --template string template for version string format ``` ### Options inherited from parent commands @@ -51,9 +46,14 @@ helm version --kubeconfig string absolute path to the kubeconfig file to use --tiller-connection-timeout int the duration (in seconds) Helm will wait to establish a connection to tiller (default 300) --tiller-namespace string namespace of Tiller (default "kube-system") + --tls enable TLS connection between Helm and Tiller + --tls-ca-cert string path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + --tls-cert string path to Helm TLS client certificate file for authenticating to Tiller + --tls-key string path to Helm TLS client key file for authenticating to Tiller + --tls-verify enable TLS connection between Helm and Tiller and verify Tiller server certificate ``` ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 17-Jun-2018 +###### Auto generated by spf13/cobra on 27-Jul-2018 diff --git a/pkg/helm/environment/environment.go b/pkg/helm/environment/environment.go index 4241bbb8a..7f4d5681f 100644 --- a/pkg/helm/environment/environment.go +++ b/pkg/helm/environment/environment.go @@ -51,6 +51,16 @@ type EnvSettings struct { KubeContext string // KubeConfig is the path to an explicit kubeconfig file. This overwrites the value in $KUBECONFIG KubeConfig string + // TLSCaCertFile is the path to TLS CA certificate file used to verify the Helm client and Tiller server certificates + TLSCaCertFile string + // TLSCertFile is the path to Helm TLS client certificate file for authenticating to Tiller + TLSCertFile string + // TLSKeyFile is the path to Helm TLS client key file for authenticating to Tiller + TLSKeyFile string + // TLSVerify enables TLS between Helm and Tiller and verification of the Tiller server certificate + TLSVerify bool + // TLSEnable enables TLS between Helm and Tiller + TLSEnable bool } // AddFlags binds flags to the given flagset. @@ -62,6 +72,11 @@ func (s *EnvSettings) AddFlags(fs *pflag.FlagSet) { fs.BoolVar(&s.Debug, "debug", false, "enable verbose output") fs.StringVar(&s.TillerNamespace, "tiller-namespace", "kube-system", "namespace of Tiller") fs.Int64Var(&s.TillerConnectionTimeout, "tiller-connection-timeout", int64(300), "the duration (in seconds) Helm will wait to establish a connection to tiller") + fs.StringVar(&s.TLSCaCertFile, "tls-ca-cert", "", "path to TLS CA certificate file used to verify the Helm client and Tiller server certificates") + fs.StringVar(&s.TLSCertFile, "tls-cert", "", "path to Helm TLS client certificate file for authenticating to Tiller") + fs.StringVar(&s.TLSKeyFile, "tls-key", "", "path to Helm TLS client key file for authenticating to Tiller") + fs.BoolVar(&s.TLSVerify, "tls-verify", false, "enable TLS connection between Helm and Tiller and verify Tiller server certificate") + fs.BoolVar(&s.TLSEnable, "tls", false, "enable TLS connection between Helm and Tiller") } // Init sets values from the environment. @@ -69,6 +84,16 @@ func (s *EnvSettings) Init(fs *pflag.FlagSet) { for name, envar := range envMap { setFlagFromEnv(name, envar, fs) } + // TLS defaults that depend on Home value + if s.TLSCaCertFile == "" { + s.TLSCaCertFile = s.Home.TLSCaCert() + } + if s.TLSCertFile == "" { + s.TLSCertFile = s.Home.TLSCert() + } + if s.TLSKeyFile == "" { + s.TLSKeyFile = s.Home.TLSKey() + } } // PluginDirs is the path to the plugin directories. @@ -85,6 +110,11 @@ var envMap = map[string]string{ "home": "HELM_HOME", "host": "HELM_HOST", "tiller-namespace": "TILLER_NAMESPACE", + "tls-ca-cert": "HELM_TLS_CA_CERT", + "tls-cert": "HELM_TLS_CERT", + "tls-key": "HELM_TLS_KEY", + "tls-verify": "HELM_TLS_VERIFY", + "tls": "HELM_TLS_ENABLE", } func setFlagFromEnv(name, envar string, fs *pflag.FlagSet) { @@ -92,7 +122,7 @@ func setFlagFromEnv(name, envar string, fs *pflag.FlagSet) { return } if v, ok := os.LookupEnv(envar); ok { - fs.Set(name, v) + fs.Set(name, os.ExpandEnv(v)) } } diff --git a/pkg/helm/environment/environment_test.go b/pkg/helm/environment/environment_test.go index 35958e791..9ab6fdf4c 100644 --- a/pkg/helm/environment/environment_test.go +++ b/pkg/helm/environment/environment_test.go @@ -37,43 +37,118 @@ func TestEnvSettings(t *testing.T) { // expected values home, host, ns, kcontext, kconfig, plugins string debug bool + tlsca, tlscert, tlskey string + tlsenable, tlsverify bool }{ { - name: "defaults", - args: []string{}, - home: DefaultHelmHome, - plugins: helmpath.Home(DefaultHelmHome).Plugins(), - ns: "kube-system", + name: "defaults", + args: []string{}, + home: DefaultHelmHome, + plugins: helmpath.Home(DefaultHelmHome).Plugins(), + ns: "kube-system", + tlsca: helmpath.Home(DefaultHelmHome).TLSCaCert(), + tlscert: helmpath.Home(DefaultHelmHome).TLSCert(), + tlskey: helmpath.Home(DefaultHelmHome).TLSKey(), + tlsenable: false, + tlsverify: false, }, { - name: "with flags set", - args: []string{"--home", "/foo", "--host=here", "--debug", "--tiller-namespace=myns", "--kubeconfig", "/bar"}, - home: "/foo", - plugins: helmpath.Home("/foo").Plugins(), - host: "here", - ns: "myns", - kconfig: "/bar", - debug: true, + name: "with flags set", + args: []string{"--home", "/foo", "--host=here", "--debug", "--tiller-namespace=myns", "--kubeconfig", "/bar"}, + home: "/foo", + plugins: helmpath.Home("/foo").Plugins(), + host: "here", + ns: "myns", + kconfig: "/bar", + debug: true, + tlsca: helmpath.Home("/foo").TLSCaCert(), + tlscert: helmpath.Home("/foo").TLSCert(), + tlskey: helmpath.Home("/foo").TLSKey(), + tlsenable: false, + tlsverify: false, }, { - name: "with envvars set", - args: []string{}, - envars: map[string]string{"HELM_HOME": "/bar", "HELM_HOST": "there", "HELM_DEBUG": "1", "TILLER_NAMESPACE": "yourns"}, - home: "/bar", - plugins: helmpath.Home("/bar").Plugins(), - host: "there", - ns: "yourns", - debug: true, + name: "with flags set", + args: []string{"--home", "/foo", "--host=here", "--debug", "--tiller-namespace=myns"}, + home: "/foo", + plugins: helmpath.Home("/foo").Plugins(), + host: "here", + ns: "myns", + debug: true, + tlsca: helmpath.Home("/foo").TLSCaCert(), + tlscert: helmpath.Home("/foo").TLSCert(), + tlskey: helmpath.Home("/foo").TLSKey(), + tlsenable: false, + tlsverify: false, }, { - name: "with flags and envvars set", - args: []string{"--home", "/foo", "--host=here", "--debug", "--tiller-namespace=myns"}, - envars: map[string]string{"HELM_HOME": "/bar", "HELM_HOST": "there", "HELM_DEBUG": "1", "TILLER_NAMESPACE": "yourns", "HELM_PLUGIN": "glade"}, - home: "/foo", - plugins: "glade", - host: "here", - ns: "myns", - debug: true, + name: "with envvars set", + args: []string{}, + envars: map[string]string{"HELM_HOME": "/bar", "HELM_HOST": "there", "HELM_DEBUG": "1", "TILLER_NAMESPACE": "yourns"}, + home: "/bar", + plugins: helmpath.Home("/bar").Plugins(), + host: "there", + ns: "yourns", + debug: true, + tlsca: helmpath.Home("/bar").TLSCaCert(), + tlscert: helmpath.Home("/bar").TLSCert(), + tlskey: helmpath.Home("/bar").TLSKey(), + tlsenable: false, + tlsverify: false, + }, + { + name: "with flags and envvars set", + args: []string{"--home", "/foo", "--host=here", "--debug", "--tiller-namespace=myns"}, + envars: map[string]string{"HELM_HOME": "/bar", "HELM_HOST": "there", "HELM_DEBUG": "1", "TILLER_NAMESPACE": "yourns", "HELM_PLUGIN": "glade"}, + home: "/foo", + plugins: "glade", + host: "here", + ns: "myns", + debug: true, + tlsca: helmpath.Home("/foo").TLSCaCert(), + tlscert: helmpath.Home("/foo").TLSCert(), + tlskey: helmpath.Home("/foo").TLSKey(), + tlsenable: false, + tlsverify: false, + }, + { + name: "with TLS flags set", + args: []string{"--home", "/bar", "--tls-ca-cert", "/a/ca.crt", "--tls-cert=/a/client.crt", "--tls-key", "/a/client.key", "--tls-verify", "--tls"}, + home: "/bar", + plugins: helmpath.Home("/bar").Plugins(), + ns: "kube-system", + debug: false, + tlsca: "/a/ca.crt", + tlscert: "/a/client.crt", + tlskey: "/a/client.key", + tlsenable: true, + tlsverify: true, + }, + { + name: "with TLS envvars set", + args: []string{}, + envars: map[string]string{"HELM_HOME": "/bar", "HELM_TLS_CA_CERT": "/e/ca.crt", "HELM_TLS_CERT": "/e/client.crt", "HELM_TLS_KEY": "/e/client.key", "HELM_TLS_VERIFY": "true", "HELM_TLS_ENABLE": "true"}, + home: "/bar", + plugins: helmpath.Home("/bar").Plugins(), + ns: "kube-system", + tlsca: "/e/ca.crt", + tlscert: "/e/client.crt", + tlskey: "/e/client.key", + tlsenable: true, + tlsverify: true, + }, + { + name: "with TLS flags and envvars set", + args: []string{"--tls-ca-cert", "/a/ca.crt", "--tls-cert=/a/client.crt", "--tls-key", "/a/client.key", "--tls-verify"}, + envars: map[string]string{"HELM_HOME": "/bar", "HELM_TLS_CA_CERT": "/e/ca.crt", "HELM_TLS_CERT": "/e/client.crt", "HELM_TLS_KEY": "/e/client.key", "HELM_TLS_VERIFY": "true", "HELM_TLS_ENABLE": "true"}, + home: "/bar", + plugins: helmpath.Home("/bar").Plugins(), + ns: "kube-system", + tlsca: "/a/ca.crt", + tlscert: "/a/client.crt", + tlskey: "/a/client.key", + tlsenable: true, + tlsverify: true, }, } @@ -115,7 +190,25 @@ func TestEnvSettings(t *testing.T) { if settings.KubeConfig != tt.kconfig { t.Errorf("expected kubeconfig %q, got %q", tt.kconfig, settings.KubeConfig) } + if settings.TLSCaCertFile != tt.tlsca { + t.Errorf("expected tls-ca-cert %q, got %q", tt.tlsca, settings.TLSCaCertFile) + } + if settings.TLSCertFile != tt.tlscert { + t.Errorf("expected tls-cert %q, got %q", tt.tlscert, settings.TLSCertFile) + } + if settings.TLSKeyFile != tt.tlskey { + t.Errorf("expected tls-key %q, got %q", tt.tlskey, settings.TLSKeyFile) + } + if settings.TLSEnable != tt.tlsenable { + t.Errorf("expected tls %t, got %t", tt.tlsenable, settings.TLSEnable) + } + if settings.TLSVerify != tt.tlsverify { + t.Errorf("expected tls-verify %t, got %t", tt.tlsverify, settings.TLSVerify) + } + for k := range tt.envars { + os.Unsetenv(k) + } cleanup() }) }