Looks like it's not possible to install Tiller with TLS support when tiller-deploy
k8s service has been not removed.
Tiller Pod stays in ContainerCreating
because of missing ConfigMap tiller-secret
:
pod "673b8322-f5fc-11e7-bbe3-02de5ee8814e" (UID: "673b8322-f5fc-11e7-bbe3-02de5ee8814e") with: secrets "tiller-secret" not found
How reproduce issue:
helm init \
--tiller-tls \
--tiller-tls-cert tiller-server.pem \
--tiller-tls-key tiller-server-key.pem \
--tiller-tls-verify \
--tls-ca-cert ca.pem \
--tiller-namespace test \
--debug
kubectl -n test delete secrets tiller-secrets
kubectl -n test delete deployment tiller-deploy
Helm version: v2.7.2
IMO the problem is related with unsuccessful k8s Service update (because Service update is not allowed here) and k8s Secrets are not created because are after the Service manifests.
After I removed Service everything works fine.
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
/remove-lifecycle stale
Ran into this as well attempting to switch from a quick install of helm to enabling --tiller-tls, had to remove both the deployment and service..
v2.9.0
/remove-lifecycle rotten
Most helpful comment
Ran into this as well attempting to switch from a quick install of helm to enabling --tiller-tls, had to remove both the deployment and service..
v2.9.0
/remove-lifecycle rotten