fix(helm): server:start with TLS options

Signed-off-by: Sergii Leshchenko <[email protected]>
che-incubator · Jul 29, 2019 · 966498d · 966498d
1 parent a74ad81
commit 966498d
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 34 deletions.
diff --git a/README.md b/README.md
@@ -196,7 +196,10 @@ OPTIONS
   -p, --platform=platform                      [default: minikube] Type of Kubernetes platform. Valid values are
                                                "minikube", "minishift", "k8s", "openshift", "microk8s".
 
-  -s, --tls                                    Enable TLS encryption and multi-user mode
+  -s, --tls                                    Enable TLS encryption. Note that `che-tls` with TLS certificate must be
+                                               created in the configured namespace.
+
+  --self-signed-cert                           Authorize usage of self signed certificates for encryption.
 
   -t, --templates=templates                    [default: templates] Path to the templates folder
 
@@ -219,8 +222,6 @@ OPTIONS
   --os-oauth                                   Enable use of OpenShift credentials to log into Che
 
   --plugin-registry-url=plugin-registry-url    The URL of the external plugin registry.
-
-  --self-signed-cert                           Authorize usage of self signed certificates for encryption
 ```
 
 _See code: [src/commands/server/start.ts](https://github.com/che-incubator/chectl/blob/v0.0.2/src/commands/server/start.ts)_

diff --git a/src/commands/server/start.ts b/src/commands/server/start.ts
@@ -86,7 +86,7 @@ export default class Start extends Command {
     }),
     tls: flags.boolean({
       char: 's',
-      description: 'Enable TLS encryption and multi-user mode',
+      description: 'Enable TLS encryption. Note that `che-tls` with TLS certificate must be created in the configured namespace.',
       default: false
     }),
     'self-signed-cert': flags.boolean({

diff --git a/src/installers/helm.ts b/src/installers/helm.ts
@@ -33,38 +33,13 @@ export class HelmHelper {
         enabled: () => {
           return flags.tls
         },
-        task: async (ctx: any, task: any) => {
-          const kh = new KubeHelper()
-          const exists = await kh.secretExist('che-tls')
-          if (!exists) {
-            throw new Error('TLS option is enabled but che-tls secret does not exist in default namespace. Example on how to create the secret: kubectl create secret generic che-tls [email protected]')
-          }
-          const tlsEmail = await kh.getSecret('che-tls')
-          if (tlsEmail === undefined) {
-            throw new Error('TLS option is enabled and che-tls secret is defined but there is no ACME_EMAIL field on this secret. Example on how to create the secret: kubectl create secret generic che-tls [email protected]')
-          }
-          ctx.tlsEmail = tlsEmail
-          task.title = `${task.title}...che-tls secret found.`
-        }
-      },
-      {
-        title: 'Check for cert-manager',
-        // Check only if TLS is enabled
-        enabled: () => {
-          return flags.tls
-        },
         task: async (_ctx: any, task: any) => {
           const kh = new KubeHelper()
-          const exists = await kh.apiVersionExist('certmanager.k8s.io')
+          const exists = await kh.secretExist('che-tls', `${flags.chenamespace}`)
           if (!exists) {
-            throw new Error(`TLS option is enabled but cert-manager API has not been found. Cert Manager is probably not installed. Example on how to install it:
-            $ kubectl create namespace cert-manager
-            $ kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
-            $ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.8.1/cert-manager.yaml --validate=false
-
-            Please install cert-manager.`)
+            throw new Error(`TLS option is enabled but che-tls secret does not exist in '${flags.chenamespace}' namespace. Example on how to create the secret with TLS: kubectl create secret tls che-tls --namespace=che --key=privkey.pem --cert=fullchain.pem`)
           }
-          task.title = `${task.title}...done`
+          task.title = `${task.title}...che-tls secret found.`
         }
       },
       {
@@ -190,7 +165,7 @@ error: E_COMMAND_FAILED`)
     await execa.shell(`helm dependencies update --skip-refresh ${destDir}`, { timeout: execTimeout })
   }
 
-  async upgradeCheHelmChart(ctx: any, flags: any, cacheDir: string, execTimeout= 120000) {
+  async upgradeCheHelmChart(_ctx: any, flags: any, cacheDir: string, execTimeout= 120000) {
     const destDir = path.join(cacheDir, '/templates/kubernetes/helm/che/')
 
     let multiUserFlag = ''
@@ -202,7 +177,7 @@ error: E_COMMAND_FAILED`)
     }
 
     if (flags.tls) {
-      setOptions.push(`--set global.cheDomain=${flags.domain} --set global.tls.email='${ctx.tlsEmail}'`)
+      setOptions.push(`--set global.cheDomain=${flags.domain}`)
       tlsFlag = `-f ${destDir}values/tls.yaml`
     }