New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
helm --tls option is not supported #577
Comments
Some Kubernetes forces --tls option.
|
@teruz ah thanks for the heads up! Lets try add that flag ASAP. BTW will you be able to upgrade tiller to 2.8.2? Have had issues with client + server differences in the past. (Can't wait for the CRD based helm 3! :) |
jenkins-x#577 more work is require to update the makefiles in cloud-environemnts to allow TLS
@jstrachan thank you for your quick response. I've looked your commit. |
@teruz yeah - I was hoping it was a super quick fix; but we're gonna have to tinker with our Makefile to allow a tls option to be passed in. At least the first commit can handle |
@teruz its a huge shame you can't just configure helm to always use TLS - via an env var or something |
@jstrachan yeah, I've also be looking for some workaround with env or config file.. but i cannot find it out. |
@teruz I spotted |
@jstrachan thank you for your suggestion. I've checked helm source and unfortunately I've found TILLER_TLS_ENABLE env var is defined but not used in helm source... defined but not used?: |
I've raised this to see if anyone in the helm community has any better ideas helm/helm#3841 |
@jstrachan thanks a lot. it seems some pull requests are raised and not merged on helm repo. |
jenkins-x#577 more work is require to update the makefiles in cloud-environemnts to allow TLS
This is still an issue. Running |
here is a workaround for now (just avoid tiller completely which is way more secure and avoids side-stepping k8s RBAC completely): https://jenkins-x.io/news/helm-without-tiller/ |
I'd actually say avoiding tiller completely is a much better solution than enabling TLS on it https://jenkins-x.io/news/helm-without-tiller/ - as tiller basically disables fine grained RBAC - anyone who can access the tiller endpoint has effectively cluster-admin |
Issues go stale after 90d of inactivity. |
Stale issues rot after 30d of inactivity. |
Rotten issues close after 30d of inactivity. |
@jenkins-x-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Hi, I've found that when jx install into existing Kubernetes cluster, though some Kubernetes implementation such as IBM Cloud Private forces helm install with --tls option, jx install cannot pass --tls option to helm install command.
I'd like to set --tls option with helm command, but there is no resort to tell jx command to set any helm options.
The text was updated successfully, but these errors were encountered: