Adapt chectl to fixes for TLS for helm chart

che-incubator · Jul 26, 2019 · 2f24668 · 2f24668
1 parent 2942905
commit 2f24668
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 31 deletions.
diff --git a/README.md b/README.md
@@ -196,7 +196,10 @@ OPTIONS
   -p, --platform=platform                      [default: minikube] Type of Kubernetes platform. Valid values are
                                                "minikube", "minishift", "k8s", "openshift", "microk8s".
 
-  -s, --tls                                    Enable TLS encryption and multi-user mode
+  -s, --tls                                    Enable TLS encryption. Note that `che-tls` with TLS certificate must be 
+                                               created in the configured namespace.
+
+  --self-signed-cert                           Authorize usage of self signed certificates for encryption.
 
   -t, --templates=templates                    [default: templates] Path to the templates folder
 
@@ -222,8 +225,6 @@ OPTIONS
 
   --plugin-registry-url=plugin-registry-url    [default: https://che-plugin-registry.openshift.io/v3] The URL of the
                                                plugin registry.
-
-  --self-signed-cert                           Authorize usage of self signed certificates for encryption
 ```
 
 _See code: [src/commands/server/start.ts](https://github.com/che-incubator/chectl/blob/v0.0.2/src/commands/server/start.ts)_

diff --git a/src/installers/helm.ts b/src/installers/helm.ts
@@ -35,38 +35,13 @@ export class HelmHelper {
         },
         task: async (ctx: any, task: any) => {
           const kh = new KubeHelper()
-          const exists = await kh.secretExist('che-tls')
+          const exists = await kh.secretExist('che-tls', `${flags.chenamespace}`)
           if (!exists) {
-            throw new Error('TLS option is enabled but che-tls secret does not exist in default namespace. Example on how to create the secret: kubectl create secret generic che-tls [email protected]')
+            throw new Error(`TLS option is enabled but che-tls secret does not exist in '${flags.chenamespace}' namespace. Example on how to create the secret: kubectl create secret generic che-tls [email protected]`)
           }
-          const tlsEmail = await kh.getSecret('che-tls')
-          if (tlsEmail === undefined) {
-            throw new Error('TLS option is enabled and che-tls secret is defined but there is no ACME_EMAIL field on this secret. Example on how to create the secret: kubectl create secret generic che-tls [email protected]')
-          }
-          ctx.tlsEmail = tlsEmail
           task.title = `${task.title}...che-tls secret found.`
         }
       },
-      {
-        title: 'Check for cert-manager',
-        // Check only if TLS is enabled
-        enabled: () => {
-          return flags.tls
-        },
-        task: async (_ctx: any, task: any) => {
-          const kh = new KubeHelper()
-          const exists = await kh.apiVersionExist('certmanager.k8s.io')
-          if (!exists) {
-            throw new Error(`TLS option is enabled but cert-manager API has not been found. Cert Manager is probably not installed. Example on how to install it:
-            $ kubectl create namespace cert-manager
-            $ kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
-            $ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.8.1/cert-manager.yaml --validate=false
-
-            Please install cert-manager.`)
-          }
-          task.title = `${task.title}...done`
-        }
-      },
       {
         title: 'Create Tiller Role Binding',
         task: async (_ctx: any, task: any) => {
@@ -202,7 +177,7 @@ error: E_COMMAND_FAILED`)
     }
 
     if (flags.tls) {
-      setOptions = `--set global.cheDomain=${flags.domain} --set global.tls.email='${ctx.tlsEmail}'`
+      setOptions = `--set global.cheDomain=${flags.domain}`
       tlsFlag = `-f ${destDir}values/tls.yaml`
     }