helm
Support TLS-enabled Tiller
I have installed tiller in my namespace test1 with a service account named tiller. I have also followed the helm quickstart guide for securing the communication between helm and tiller with tls here (https://docs.helm.sh/using_helm/#using-ssl-between-helm-and-tiller). When i try to deploy from Monocular into my k8s-cluster i get
{
"code": 500,
"message": "failed to connect to Tiller, are you sure it is installed?"
}
on the monocular-api at the endpoint /v1/releases
in the monocular-api-log i get the following:
[monocular-monocular-api-744c57976-7bvcc] [negroni] 2018-04-18T13:54:01Z | 500 | 9.298694ms | <monocular-api-url> | GET /v1/releases
[monocular-monocular-api-744c57976-7bvcc] 2018/04/18 13:54:01 grpc: addrConn.resetTransport failed to create client transport: connection error: desc = "transport: dial tcp: operation was canceled"; Reconnecting to {tiller-deploy.test1:44134 <nil>}
[monocular-monocular-api-744c57976-7bvcc] 2018/04/18 13:54:01 grpc: addrConn.transportMonitor exits due to: grpc: the connection is closing
Am I right to assume that since my helm/tiller installation is using tls-certificates these also have to be deployed with the api somehow?
Going to keep this open to keep track of the issue, if that's okay @skogie
Hi there. Does anyone know a workaround for this or any plan on handling this issue ? As a workaround : could something like a sidecar proxy handling Tls <-> http do the job ?
Sidecar proxy might work but you'd also probably need a network policy plugin that could enforce rules between any non-monocular connections.
I'd def like to see support for TLS since we can't really leave any open tillers.
