Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix/missing ssl params #3152

Merged
merged 2 commits into from Nov 16, 2017
Merged
Changes from all commits
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.

Always

Just for now

@@ -64,17 +64,17 @@ func newGetCmd(client helm.Interface, out io.Writer) *cobra.Command {
}
get.release = args[0]
if get.client == nil {
get.client = helm.NewClient(helm.Host(settings.TillerHost))
get.client = newClient()
}
return get.run()
},
}

cmd.Flags().Int32Var(&get.version, "revision", 0, "get the named release with revision")

cmd.AddCommand(newGetValuesCmd(nil, out))
cmd.AddCommand(newGetManifestCmd(nil, out))
cmd.AddCommand(newGetHooksCmd(nil, out))
cmd.AddCommand(addFlagsTLS(newGetValuesCmd(nil, out)))
cmd.AddCommand(addFlagsTLS(newGetManifestCmd(nil, out)))
cmd.AddCommand(addFlagsTLS(newGetHooksCmd(nil, out)))

return cmd
}
@@ -45,6 +45,10 @@ var (
tlsVerify bool // enable TLS and verify remote certificates
tlsEnable bool // enable TLS

tlsCaCertDefault = "$HELM_HOME/ca.pem"
tlsCertDefault = "$HELM_HOME/cert.pem"
tlsKeyDefault = "$HELM_HOME/key.pem"

tillerTunnel *kube.Tunnel
settings helm_env.EnvSettings
)
@@ -263,6 +267,16 @@ func newClient() helm.Interface {
options := []helm.Option{helm.Host(settings.TillerHost)}

if tlsVerify || tlsEnable {
if tlsCaCertFile == "" {
tlsCaCertFile = os.ExpandEnv(tlsCaCertDefault)
}
if tlsCertFile == "" {
tlsCertFile = os.ExpandEnv(tlsCertDefault)
}
if tlsKeyFile == "" {
tlsKeyFile = os.ExpandEnv(tlsKeyDefault)
}
debug("Key=%q, Cert=%q, CA=%q\n", tlsKeyFile, tlsCertFile, tlsCaCertFile)
tlsopts := tlsutil.Options{KeyFile: tlsKeyFile, CertFile: tlsCertFile, InsecureSkipVerify: true}
if tlsVerify {
tlsopts.CaCertFile = tlsCaCertFile
@@ -281,12 +295,6 @@ func newClient() helm.Interface {
// addFlagsTLS adds the flags for supporting client side TLS to the
// helm command (only those that invoke communicate to Tiller.)
func addFlagsTLS(cmd *cobra.Command) *cobra.Command {
// defaults
var (
tlsCaCertDefault = "$HELM_HOME/ca.pem"
tlsCertDefault = "$HELM_HOME/cert.pem"
tlsKeyDefault = "$HELM_HOME/key.pem"
)

// add flags
cmd.Flags().StringVar(&tlsCaCertFile, "tls-ca-cert", tlsCaCertDefault, "path to TLS CA certificate file")
@@ -66,7 +66,7 @@ func newHistoryCmd(c helm.Interface, w io.Writer) *cobra.Command {
case len(args) == 0:
return errReleaseRequired
case his.helmc == nil:
his.helmc = helm.NewClient(helm.Host(settings.TillerHost))
his.helmc = newClient()
}
his.rls = args[0]
return his.run()
@@ -93,7 +93,7 @@ func newListCmd(client helm.Interface, out io.Writer) *cobra.Command {
list.filter = strings.Join(args, " ")
}
if list.client == nil {
list.client = helm.NewClient(helm.Host(settings.TillerHost))
list.client = newClient()
}
return list.run()
},
@@ -67,7 +67,7 @@ func newStatusCmd(client helm.Interface, out io.Writer) *cobra.Command {
}
status.release = args[0]
if status.client == nil {
status.client = helm.NewClient(helm.Host(settings.TillerHost))
status.client = newClient()
}
return status.run()
},
@@ -232,7 +232,11 @@ func tlsOptions() tlsutil.Options {
opts := tlsutil.Options{CertFile: *certFile, KeyFile: *keyFile}
if *tlsVerify {
opts.CaCertFile = *caCertFile
opts.ClientAuth = tls.VerifyClientCertIfGiven

// We want to force the client to not only provide a cert, but to
// provide a cert that we can validate.
// http://www.bite-code.com/2015/06/25/tls-mutual-auth-in-golang/
opts.ClientAuth = tls.RequireAndVerifyClientCert
}
return opts
}
@@ -18,7 +18,12 @@ helm get hooks [flags] RELEASE_NAME
### Options

```
--revision int32 get the named release with revision
--revision int32 get the named release with revision
--tls enable TLS for request
--tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
--tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem")
--tls-key string path to TLS key file (default "$HELM_HOME/key.pem")
--tls-verify enable TLS for request and verify remote
```

### Options inherited from parent commands
@@ -35,4 +40,4 @@ helm get hooks [flags] RELEASE_NAME
### SEE ALSO
* [helm get](helm_get.md) - download a named release

###### Auto generated by spf13/cobra on 7-Nov-2017
###### Auto generated by spf13/cobra on 15-Nov-2017
@@ -20,7 +20,12 @@ helm get manifest [flags] RELEASE_NAME
### Options

```
--revision int32 get the named release with revision
--revision int32 get the named release with revision
--tls enable TLS for request
--tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
--tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem")
--tls-key string path to TLS key file (default "$HELM_HOME/key.pem")
--tls-verify enable TLS for request and verify remote
```

### Options inherited from parent commands
@@ -37,4 +42,4 @@ helm get manifest [flags] RELEASE_NAME
### SEE ALSO
* [helm get](helm_get.md) - download a named release

###### Auto generated by spf13/cobra on 7-Nov-2017
###### Auto generated by spf13/cobra on 15-Nov-2017
@@ -16,8 +16,13 @@ helm get values [flags] RELEASE_NAME
### Options

```
-a, --all dump all (computed) values
--revision int32 get the named release with revision
-a, --all dump all (computed) values
--revision int32 get the named release with revision
--tls enable TLS for request
--tls-ca-cert string path to TLS CA certificate file (default "$HELM_HOME/ca.pem")
--tls-cert string path to TLS certificate file (default "$HELM_HOME/cert.pem")
--tls-key string path to TLS key file (default "$HELM_HOME/key.pem")
--tls-verify enable TLS for request and verify remote
```

### Options inherited from parent commands
@@ -34,4 +39,4 @@ helm get values [flags] RELEASE_NAME
### SEE ALSO
* [helm get](helm_get.md) - download a named release

###### Auto generated by spf13/cobra on 7-Nov-2017
###### Auto generated by spf13/cobra on 15-Nov-2017
@@ -6,6 +6,8 @@
- [Frequently Asked Questions](install_faq.md)
- [Using Helm](using_helm.md) - Learn the Helm tools
- [Plugins](plugins.md)
- [Service Accounts for Tiller](service_accounts.md) - Apply RBACs to Tiller
- [TLS/SSL for Helm and Tiller](tiller_ssl.md) - Use Helm-to-Tiller encryption
- [Developing Charts](charts.md) - An introduction to chart development
- [Chart Lifecycle Hooks](charts_hooks.md)
- [Chart Tips and Tricks](charts_tips_and_tricks.md)
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.