Helm: Helm init was unable to create tiller-secret in TLS mode

Created on 10 Jan 2018  ·  3Comments  ·  Source: helm/helm

Looks like it's not possible to install Tiller with TLS support when tiller-deploy k8s service has been not removed.
Tiller Pod stays in ContainerCreating because of missing ConfigMap tiller-secret:

pod "673b8322-f5fc-11e7-bbe3-02de5ee8814e" (UID: "673b8322-f5fc-11e7-bbe3-02de5ee8814e") with: secrets "tiller-secret" not found

How reproduce issue:

  1. Create test namespace
  2. Generate Tiller TLS certificates
  3. Install Tiller with TLS support
helm init \
  --tiller-tls \
  --tiller-tls-cert tiller-server.pem \
  --tiller-tls-key tiller-server-key.pem \
  --tiller-tls-verify \
  --tls-ca-cert ca.pem \
   --tiller-namespace test \
   --debug
  1. Remove Tiller deployment and Secrets
kubectl -n test delete secrets tiller-secrets
kubectl -n test delete deployment tiller-deploy
  1. Try installing Tiller again

Helm version: v2.7.2

IMO the problem is related with unsuccessful k8s Service update (because Service update is not allowed here) and k8s Secrets are not created because are after the Service manifests.

After I removed Service everything works fine.

questiosupport
Source
picture antoniaklja

Most helpful comment

Ran into this as well attempting to switch from a quick install of helm to enabling --tiller-tls, had to remove both the deployment and service..

v2.9.0

/remove-lifecycle rotten

picture bdowling on 12 May 2018
👍8

All 3 comments

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

fejta-bot picture fejta-bot on 10 Apr 2018

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
/remove-lifecycle stale

fejta-bot picture fejta-bot on 11 May 2018

Ran into this as well attempting to switch from a quick install of helm to enabling --tiller-tls, had to remove both the deployment and service..

v2.9.0

/remove-lifecycle rotten

bdowling picture bdowling on 12 May 2018
👍8
Was this page helpful?
0 / 5 - 0 ratings

Related issues

libesz picture libesz  ·  3Comments
burnettk picture burnettk  ·  3Comments
tjquinno picture tjquinno  ·  3Comments
PhilippeDupont picture PhilippeDupont  ·  3Comments
sgoings picture sgoings  ·  3Comments