Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix/missing ssl params #3152

Merged
merged 2 commits into from Nov 16, 2017

Conversation

@technosophos
Copy link
Member

commented Nov 16, 2017

Fix several issues with SSL, including:

  • Add parameters back to helm get *
  • Correctly process params for helm list
  • Fix security issue that allows self-signed certs to auth
  • Add documentation
@bacongobbler
Copy link
Member

left a comment

reviewed in a pairing session, LGTM

@bacongobbler
Copy link
Member

left a comment

docs need updating :)

helm docs are out of date. Please run "make docs"

@technosophos technosophos force-pushed the technosophos:fix/missing-ssl-params branch 2 times, most recently from c0a2d71 to 43977d9 Nov 16, 2017

@bacongobbler

This comment has been minimized.

Copy link
Member

commented Nov 16, 2017

mind rebasing your PR as well? looks like a merge commit strayed in here. Sorry!

technosophos added some commits Nov 15, 2017

fix(helm): add TLS params back
During a recent refactor, several TLS flags stopped being processed for
a few of the commands. This fixes those commands, and documents how to
set up TLS.
fix(tiller): add stricter certificate verification
The older version of Tiller allowed a weaker set of certificate checks
than we intended. This version requires a client certificate, and then
requires that that certificate be signed by a known CA. This works
around the situation where a user could provide a self-signed
certificate.

@technosophos technosophos force-pushed the technosophos:fix/missing-ssl-params branch from 43977d9 to 1096813 Nov 16, 2017

@technosophos

This comment has been minimized.

Copy link
Member Author

commented Nov 16, 2017

Ah! Yes, I rebased off the wrong commit. I think I fixed it.

@technosophos technosophos merged commit e8e6ac5 into helm:master Nov 16, 2017

2 checks passed

ci/circleci: build Your tests passed on CircleCI!
Details
cla/linuxfoundation technosophos authorized
Details

@technosophos technosophos deleted the technosophos:fix/missing-ssl-params branch Nov 16, 2017

bacongobbler added a commit that referenced this pull request Nov 16, 2017

Fix/missing ssl params (#3152)
* fix(helm): add TLS params back

During a recent refactor, several TLS flags stopped being processed for
a few of the commands. This fixes those commands, and documents how to
set up TLS.

* fix(tiller): add stricter certificate verification

The older version of Tiller allowed a weaker set of certificate checks
than we intended. This version requires a client certificate, and then
requires that that certificate be signed by a known CA. This works
around the situation where a user could provide a self-signed
certificate.

(cherry picked from commit e8e6ac5)

bacongobbler added a commit that referenced this pull request Nov 16, 2017

Fix/missing ssl params (#3152)
* fix(helm): add TLS params back

During a recent refactor, several TLS flags stopped being processed for
a few of the commands. This fixes those commands, and documents how to
set up TLS.

* fix(tiller): add stricter certificate verification

The older version of Tiller allowed a weaker set of certificate checks
than we intended. This version requires a client certificate, and then
requires that that certificate be signed by a known CA. This works
around the situation where a user could provide a self-signed
certificate.

(cherry picked from commit e8e6ac5)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.