Helmfile: TLS support?

Created on 19 Apr 2018  路  9Comments  路  Source: roboll/helmfile

I've got tiller configured to require a client cert on incoming connections, either provided via the --tls-ca-cert, --tls-cert, and --tls-key options to helm or by placing the relevant certs in $HELM_HOME and just providing --tls to helm.

Is there a way to enable TLS transport for the helm commands that helmfile execs?

design finalized feature request workaround exists
Source
picture reidab

Most helpful comment

So this is possible today by using --args. To make it even more declarative, I'm going to add the following config syntax:

helmDefaults:
  tls:
    # when enabled, helmfile adds `--tls` flags to helm commands that supports tls(upgrade, test, diff)
    enabled: true
    # options
    key: path/to/key
    cert: path/to/cert
    ca: path/to/ca/cert

Any comments? Thanks!

picture mumoshu on 5 Sep 2018
👍10 🎉5

All 9 comments

It looks like this is possible by passing --args --tls to helmfile sync, but it still might make sense to be globally configurable.

reidab picture reidab on 19 Apr 2018
👍2

Looking a bit more at this, --args only works for the commands that support it, so things like helmfile diff still don't work with a TLS-enabled tiller.

reidab picture reidab on 19 Apr 2018

Theres an issue currently opened at helm diff repo regarding this issue for the diff plugin.
https://github.com/databus23/helm-diff/issues/35

rmartinez3 picture rmartinez3 on 20 Apr 2018

@mumoshu
There is also work to be done in helmfile.
delete command doesn't support args (so I can't pass --tls)

maver1ck picture maver1ck on 30 Jul 2018

@mumoshu added PR for delete. WDYT ?

maver1ck picture maver1ck on 31 Jul 2018
👍1

So this is possible today by using --args. To make it even more declarative, I'm going to add the following config syntax:

helmDefaults:
  tls:
    # when enabled, helmfile adds `--tls` flags to helm commands that supports tls(upgrade, test, diff)
    enabled: true
    # options
    key: path/to/key
    cert: path/to/cert
    ca: path/to/ca/cert

Any comments? Thanks!

mumoshu picture mumoshu on 5 Sep 2018
👍10 🎉5

Any updates on this @mumoshu?

servo1x picture servo1x on 28 Nov 2018

Ahh I was wondering why I kept getting:
Error: unknown flag: --tls
when trying to run helmfile repos command

Any updates on this @mumoshu?

georgejdli picture georgejdli on 21 Feb 2019
👍3

We should have already been migrated to Helm 3 so I hope this isn't an issue today. Closing as resolved, but feel free to contribute anything that helps this if you're still on Helm 2!

mumoshu picture mumoshu on 26 Apr 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

RafalMaleska picture RafalMaleska  路  3Comments
willejs picture willejs  路  4Comments
mumoshu picture mumoshu  路  4Comments
ivandardi picture ivandardi  路  3Comments
marianogg9 picture marianogg9  路  3Comments