From 2f2466869d36f7fcd5039e7a85825280c78a03cd Mon Sep 17 00:00:00 2001 From: Sergii Leshchenko Date: Fri, 26 Jul 2019 09:10:11 +0300 Subject: [PATCH] Adapt chectl to fixes for TLS for helm chart --- README.md | 7 ++++--- src/installers/helm.ts | 31 +++---------------------------- 2 files changed, 7 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index b9ba537f2..3de32e6e2 100644 --- a/README.md +++ b/README.md @@ -196,7 +196,10 @@ OPTIONS -p, --platform=platform [default: minikube] Type of Kubernetes platform. Valid values are "minikube", "minishift", "k8s", "openshift", "microk8s". - -s, --tls Enable TLS encryption and multi-user mode + -s, --tls Enable TLS encryption. Note that `che-tls` with TLS certificate must be + created in the configured namespace. + + --self-signed-cert Authorize usage of self signed certificates for encryption. -t, --templates=templates [default: templates] Path to the templates folder @@ -222,8 +225,6 @@ OPTIONS --plugin-registry-url=plugin-registry-url [default: https://che-plugin-registry.openshift.io/v3] The URL of the plugin registry. - - --self-signed-cert Authorize usage of self signed certificates for encryption ``` _See code: [src/commands/server/start.ts](https://github.com/che-incubator/chectl/blob/v0.0.2/src/commands/server/start.ts)_ diff --git a/src/installers/helm.ts b/src/installers/helm.ts index 45b26cb71..ae9db64cf 100644 --- a/src/installers/helm.ts +++ b/src/installers/helm.ts @@ -35,38 +35,13 @@ export class HelmHelper { }, task: async (ctx: any, task: any) => { const kh = new KubeHelper() - const exists = await kh.secretExist('che-tls') + const exists = await kh.secretExist('che-tls', `${flags.chenamespace}`) if (!exists) { - throw new Error('TLS option is enabled but che-tls secret does not exist in default namespace. Example on how to create the secret: kubectl create secret generic che-tls --from-literal=ACME_EMAIL=my@email-address.com') + throw new Error(`TLS option is enabled but che-tls secret does not exist in '${flags.chenamespace}' namespace. Example on how to create the secret: kubectl create secret generic che-tls --from-literal=ACME_EMAIL=my@email-address.com`) } - const tlsEmail = await kh.getSecret('che-tls') - if (tlsEmail === undefined) { - throw new Error('TLS option is enabled and che-tls secret is defined but there is no ACME_EMAIL field on this secret. Example on how to create the secret: kubectl create secret generic che-tls --from-literal=ACME_EMAIL=my@email-address.com') - } - ctx.tlsEmail = tlsEmail task.title = `${task.title}...che-tls secret found.` } }, - { - title: 'Check for cert-manager', - // Check only if TLS is enabled - enabled: () => { - return flags.tls - }, - task: async (_ctx: any, task: any) => { - const kh = new KubeHelper() - const exists = await kh.apiVersionExist('certmanager.k8s.io') - if (!exists) { - throw new Error(`TLS option is enabled but cert-manager API has not been found. Cert Manager is probably not installed. Example on how to install it: - $ kubectl create namespace cert-manager - $ kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true - $ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.8.1/cert-manager.yaml --validate=false - - Please install cert-manager.`) - } - task.title = `${task.title}...done` - } - }, { title: 'Create Tiller Role Binding', task: async (_ctx: any, task: any) => { @@ -202,7 +177,7 @@ error: E_COMMAND_FAILED`) } if (flags.tls) { - setOptions = `--set global.cheDomain=${flags.domain} --set global.tls.email='${ctx.tlsEmail}'` + setOptions = `--set global.cheDomain=${flags.domain}` tlsFlag = `-f ${destDir}values/tls.yaml` }