From f352719f3d008efb75b0b7a54de3487c75adda10 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miguel=20=C3=81ngel=20Mart=C3=ADnez=20Trivi=C3=B1o?=
 <migmartri@gmail.com>
Date: Wed, 12 Sep 2018 10:42:47 -0700
Subject: [PATCH] Tiller TLS CA validation (#616)

* Tiller TLS CA validation

* Use require instead

* Remove params
---
 chart/kubeapps/Chart.yaml                         | 2 +-
 chart/kubeapps/templates/tiller-proxy-secret.yaml | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/chart/kubeapps/Chart.yaml b/chart/kubeapps/Chart.yaml
index f4d2afd1a94..debfe0fbea8 100644
--- a/chart/kubeapps/Chart.yaml
+++ b/chart/kubeapps/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: kubeapps
-version: 0.4.2
+version: 0.4.3
 appVersion: DEVEL
 description: Kubeapps is a dashboard for your Kubernetes cluster that makes it easy to deploy and manage applications in your cluster using Helm
 icon: https://raw.githubusercontent.com/kubeapps/kubeapps/master/docs/img/logo.png
diff --git a/chart/kubeapps/templates/tiller-proxy-secret.yaml b/chart/kubeapps/templates/tiller-proxy-secret.yaml
index f8d1c0e2949..aa0c5c234d3 100644
--- a/chart/kubeapps/templates/tiller-proxy-secret.yaml
+++ b/chart/kubeapps/templates/tiller-proxy-secret.yaml
@@ -1,4 +1,6 @@
+# The tls ca certificate is only required when tls.verify is set to true, we fail otherwise.
 {{-  if .Values.tillerProxy.tls -}}
+{{ required "A valid CA certificate \".Values.tillerProxy.tls.ca\" needs to be provided if tls-verify is set to true" (and .Values.tillerProxy.tls.verify .Values.tillerProxy.tls.ca) }} 
 apiVersion: v1
 kind: Secret
 metadata:
@@ -9,8 +11,10 @@ metadata:
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 data:
+{{- if .Values.tillerProxy.tls.ca }}
   ca.crt: |-
 {{ .Values.tillerProxy.tls.ca | b64enc | indent 4 }}
+{{- end }}
   tls.crt: |-
 {{ .Values.tillerProxy.tls.cert | b64enc | indent 4 }}
   tls.key: |-