Setting up SSL between Helm and Tiller










0















I am following these instructions to setup SSL between helm and tiller
When I helm-init like this, I get an error



helm init --tiller-tls --tiller-tls-cert ./tiller.cert.pem --tiller-tls-key ./tiller.key.pem --tiller-tls-verify --tls-ca-cert ca.cert.pem
$HELM_HOME has been configured at /Users/Koustubh/.helm.
Warning: Tiller is already installed in the cluster.
(Use --client-only to suppress this message, or --upgrade to upgrade Tiller to the current version.)
Happy Helming!


When I check my pods, I get 



tiller-deploy-6444c7d5bb-chfxw 0/1 ContainerCreating 0 2h


and after describing the pod, I get



Warning FailedMount 7m (x73 over 2h) kubelet, gke-myservice-default-pool-0198f291-nrl2 Unable to mount volumes for pod "tiller-deploy-6444c7d5bb-chfxw_kube-system(3ebae1df-e790-11e8-98ae-42010a9800f9)": timeout expired waiting for volumes to attach or mount for pod "kube-system"/"tiller-deploy-6444c7d5bb-chfxw". list of unmounted volumes=[tiller-certs]. list of unattached volumes=[tiller-certs default-token-9x886]
 Warning FailedMount 1m (x92 over 2h) kubelet, gke-myservice-default-pool-0198f291-nrl2 MountVolume.SetUp failed for volume "tiller-certs" : secrets "tiller-secret" not found


If I try to delete the running tiller pod like this, it just gets stuck

helm reset --debug --force



How can I solve this issue? --upgrade flag with helm init, but that doesn't work either.






ssl kubernetes-helm







share|improve this question




























    0















    I am following these instructions to setup SSL between helm and tiller
    When I helm-init like this, I get an error



    helm init --tiller-tls --tiller-tls-cert ./tiller.cert.pem --tiller-tls-key ./tiller.key.pem --tiller-tls-verify --tls-ca-cert ca.cert.pem
    $HELM_HOME has been configured at /Users/Koustubh/.helm.
    Warning: Tiller is already installed in the cluster.
    (Use --client-only to suppress this message, or --upgrade to upgrade Tiller to the current version.)
    Happy Helming!


    When I check my pods, I get 



    tiller-deploy-6444c7d5bb-chfxw 0/1 ContainerCreating 0 2h


    and after describing the pod, I get



    Warning FailedMount 7m (x73 over 2h) kubelet, gke-myservice-default-pool-0198f291-nrl2 Unable to mount volumes for pod "tiller-deploy-6444c7d5bb-chfxw_kube-system(3ebae1df-e790-11e8-98ae-42010a9800f9)": timeout expired waiting for volumes to attach or mount for pod "kube-system"/"tiller-deploy-6444c7d5bb-chfxw". list of unmounted volumes=[tiller-certs]. list of unattached volumes=[tiller-certs default-token-9x886]
     Warning FailedMount 1m (x92 over 2h) kubelet, gke-myservice-default-pool-0198f291-nrl2 MountVolume.SetUp failed for volume "tiller-certs" : secrets "tiller-secret" not found


    If I try to delete the running tiller pod like this, it just gets stuck

    helm reset --debug --force



    How can I solve this issue? --upgrade flag with helm init, but that doesn't work either.






    ssl kubernetes-helm







    share|improve this question


























      0












      0








      0








      I am following these instructions to setup SSL between helm and tiller
      When I helm-init like this, I get an error



      helm init --tiller-tls --tiller-tls-cert ./tiller.cert.pem --tiller-tls-key ./tiller.key.pem --tiller-tls-verify --tls-ca-cert ca.cert.pem
      $HELM_HOME has been configured at /Users/Koustubh/.helm.
      Warning: Tiller is already installed in the cluster.
      (Use --client-only to suppress this message, or --upgrade to upgrade Tiller to the current version.)
      Happy Helming!


      When I check my pods, I get 



      tiller-deploy-6444c7d5bb-chfxw 0/1 ContainerCreating 0 2h


      and after describing the pod, I get



      Warning FailedMount 7m (x73 over 2h) kubelet, gke-myservice-default-pool-0198f291-nrl2 Unable to mount volumes for pod "tiller-deploy-6444c7d5bb-chfxw_kube-system(3ebae1df-e790-11e8-98ae-42010a9800f9)": timeout expired waiting for volumes to attach or mount for pod "kube-system"/"tiller-deploy-6444c7d5bb-chfxw". list of unmounted volumes=[tiller-certs]. list of unattached volumes=[tiller-certs default-token-9x886]
       Warning FailedMount 1m (x92 over 2h) kubelet, gke-myservice-default-pool-0198f291-nrl2 MountVolume.SetUp failed for volume "tiller-certs" : secrets "tiller-secret" not found


      If I try to delete the running tiller pod like this, it just gets stuck

      helm reset --debug --force



      How can I solve this issue? --upgrade flag with helm init, but that doesn't work either.






      ssl kubernetes-helm







      share|improve this question
















      I am following these instructions to setup SSL between helm and tiller
      When I helm-init like this, I get an error



      helm init --tiller-tls --tiller-tls-cert ./tiller.cert.pem --tiller-tls-key ./tiller.key.pem --tiller-tls-verify --tls-ca-cert ca.cert.pem
      $HELM_HOME has been configured at /Users/Koustubh/.helm.
      Warning: Tiller is already installed in the cluster.
      (Use --client-only to suppress this message, or --upgrade to upgrade Tiller to the current version.)
      Happy Helming!


      When I check my pods, I get 



      tiller-deploy-6444c7d5bb-chfxw 0/1 ContainerCreating 0 2h


      and after describing the pod, I get



      Warning FailedMount 7m (x73 over 2h) kubelet, gke-myservice-default-pool-0198f291-nrl2 Unable to mount volumes for pod "tiller-deploy-6444c7d5bb-chfxw_kube-system(3ebae1df-e790-11e8-98ae-42010a9800f9)": timeout expired waiting for volumes to attach or mount for pod "kube-system"/"tiller-deploy-6444c7d5bb-chfxw". list of unmounted volumes=[tiller-certs]. list of unattached volumes=[tiller-certs default-token-9x886]
       Warning FailedMount 1m (x92 over 2h) kubelet, gke-myservice-default-pool-0198f291-nrl2 MountVolume.SetUp failed for volume "tiller-certs" : secrets "tiller-secret" not found


      If I try to delete the running tiller pod like this, it just gets stuck

      helm reset --debug --force



      How can I solve this issue? --upgrade flag with helm init, but that doesn't work either.






      ssl kubernetes-helm




      ssl kubernetes-helm






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 16 '18 at 19:14









      Jason

      4359




      4359










      asked Nov 14 '18 at 1:14









      user3288346user3288346

      1,13262746




      1,13262746






















          1 Answer
          1






          active

          oldest

          votes


















          1














          I had this issue but resolved it by deleting both the tiller deployment and the service and re-initalising.



          I'm also using RBAC so have added those commands too:



          # Remove existing tiller:
          kubectl delete deployment tiller-deploy -n kube-system
          kubectl delete service tiller-deploy -n kube-system

          # Re-init with your certs 
          helm init --tiller-tls --tiller-tls-cert ./tiller.cert.pem --tiller-tls-key ./tiller.key.pem --tiller-tls-verify --tls-ca-cert ca.cert.pem
          # Add RBAC service account and role
          kubectl create serviceaccount --namespace kube-system tiller
          kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
          kubectl patch deploy --namespace kube-system tiller-deploy -p '"spec":"template":"spec":"serviceAccount":"tiller"'
          # Re-initialize
          helm init --service-account tiller --upgrade
          # Test the pod is up
          kubectl get pods -n kube-system

          NAME READY STATUS RESTARTS AGE
          tiller-deploy-69775bbbc7-c42wp 1/1 Running 0 5m

          # Copy the certs to `~/.helm`
          cp tiller.cert.pem ~/.helm/cert.pem
          cp tiller.key.pem ~/.helm/key.pem


          Validate that helm is only responding via tls



          $ helm version
          Client: &version.VersionSemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"
          Error: cannot connect to Tiller
          $ helm version --tls
          Client: &version.VersionSemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"
          Server: &version.VersionSemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"


          Thanks to
          https://github.com/helm/helm/issues/4691#issuecomment-430617255
          https://medium.com/@pczarkowski/easily-install-uninstall-helm-on-rbac-kubernetes-8c3c0e22d0d7






          share|improve this answer






















            Your Answer






            StackExchange.ifUsing("editor", function ()
            StackExchange.using("externalEditor", function ()
            StackExchange.using("snippets", function ()
            StackExchange.snippets.init();
            );
            );
            , "code-snippets");

            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "1"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53291789%2fsetting-up-ssl-between-helm-and-tiller%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1














            I had this issue but resolved it by deleting both the tiller deployment and the service and re-initalising.



            I'm also using RBAC so have added those commands too:



            # Remove existing tiller:
            kubectl delete deployment tiller-deploy -n kube-system
            kubectl delete service tiller-deploy -n kube-system

            # Re-init with your certs 
            helm init --tiller-tls --tiller-tls-cert ./tiller.cert.pem --tiller-tls-key ./tiller.key.pem --tiller-tls-verify --tls-ca-cert ca.cert.pem
            # Add RBAC service account and role
            kubectl create serviceaccount --namespace kube-system tiller
            kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
            kubectl patch deploy --namespace kube-system tiller-deploy -p '"spec":"template":"spec":"serviceAccount":"tiller"'
            # Re-initialize
            helm init --service-account tiller --upgrade
            # Test the pod is up
            kubectl get pods -n kube-system

            NAME READY STATUS RESTARTS AGE
            tiller-deploy-69775bbbc7-c42wp 1/1 Running 0 5m

            # Copy the certs to `~/.helm`
            cp tiller.cert.pem ~/.helm/cert.pem
            cp tiller.key.pem ~/.helm/key.pem


            Validate that helm is only responding via tls



            $ helm version
            Client: &version.VersionSemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"
            Error: cannot connect to Tiller
            $ helm version --tls
            Client: &version.VersionSemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"
            Server: &version.VersionSemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"


            Thanks to
            https://github.com/helm/helm/issues/4691#issuecomment-430617255
            https://medium.com/@pczarkowski/easily-install-uninstall-helm-on-rbac-kubernetes-8c3c0e22d0d7






            share|improve this answer



























              1














              I had this issue but resolved it by deleting both the tiller deployment and the service and re-initalising.



              I'm also using RBAC so have added those commands too:



              # Remove existing tiller:
              kubectl delete deployment tiller-deploy -n kube-system
              kubectl delete service tiller-deploy -n kube-system

              # Re-init with your certs 
              helm init --tiller-tls --tiller-tls-cert ./tiller.cert.pem --tiller-tls-key ./tiller.key.pem --tiller-tls-verify --tls-ca-cert ca.cert.pem
              # Add RBAC service account and role
              kubectl create serviceaccount --namespace kube-system tiller
              kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
              kubectl patch deploy --namespace kube-system tiller-deploy -p '"spec":"template":"spec":"serviceAccount":"tiller"'
              # Re-initialize
              helm init --service-account tiller --upgrade
              # Test the pod is up
              kubectl get pods -n kube-system

              NAME READY STATUS RESTARTS AGE
              tiller-deploy-69775bbbc7-c42wp 1/1 Running 0 5m

              # Copy the certs to `~/.helm`
              cp tiller.cert.pem ~/.helm/cert.pem
              cp tiller.key.pem ~/.helm/key.pem


              Validate that helm is only responding via tls



              $ helm version
              Client: &version.VersionSemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"
              Error: cannot connect to Tiller
              $ helm version --tls
              Client: &version.VersionSemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"
              Server: &version.VersionSemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"


              Thanks to
              https://github.com/helm/helm/issues/4691#issuecomment-430617255
              https://medium.com/@pczarkowski/easily-install-uninstall-helm-on-rbac-kubernetes-8c3c0e22d0d7






              share|improve this answer

























                1












                1








                1







                I had this issue but resolved it by deleting both the tiller deployment and the service and re-initalising.



                I'm also using RBAC so have added those commands too:



                # Remove existing tiller:
                kubectl delete deployment tiller-deploy -n kube-system
                kubectl delete service tiller-deploy -n kube-system

                # Re-init with your certs 
                helm init --tiller-tls --tiller-tls-cert ./tiller.cert.pem --tiller-tls-key ./tiller.key.pem --tiller-tls-verify --tls-ca-cert ca.cert.pem
                # Add RBAC service account and role
                kubectl create serviceaccount --namespace kube-system tiller
                kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
                kubectl patch deploy --namespace kube-system tiller-deploy -p '"spec":"template":"spec":"serviceAccount":"tiller"'
                # Re-initialize
                helm init --service-account tiller --upgrade
                # Test the pod is up
                kubectl get pods -n kube-system

                NAME READY STATUS RESTARTS AGE
                tiller-deploy-69775bbbc7-c42wp 1/1 Running 0 5m

                # Copy the certs to `~/.helm`
                cp tiller.cert.pem ~/.helm/cert.pem
                cp tiller.key.pem ~/.helm/key.pem


                Validate that helm is only responding via tls



                $ helm version
                Client: &version.VersionSemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"
                Error: cannot connect to Tiller
                $ helm version --tls
                Client: &version.VersionSemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"
                Server: &version.VersionSemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"


                Thanks to
                https://github.com/helm/helm/issues/4691#issuecomment-430617255
                https://medium.com/@pczarkowski/easily-install-uninstall-helm-on-rbac-kubernetes-8c3c0e22d0d7






                share|improve this answer













                I had this issue but resolved it by deleting both the tiller deployment and the service and re-initalising.



                I'm also using RBAC so have added those commands too:



                # Remove existing tiller:
                kubectl delete deployment tiller-deploy -n kube-system
                kubectl delete service tiller-deploy -n kube-system

                # Re-init with your certs 
                helm init --tiller-tls --tiller-tls-cert ./tiller.cert.pem --tiller-tls-key ./tiller.key.pem --tiller-tls-verify --tls-ca-cert ca.cert.pem
                # Add RBAC service account and role
                kubectl create serviceaccount --namespace kube-system tiller
                kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
                kubectl patch deploy --namespace kube-system tiller-deploy -p '"spec":"template":"spec":"serviceAccount":"tiller"'
                # Re-initialize
                helm init --service-account tiller --upgrade
                # Test the pod is up
                kubectl get pods -n kube-system

                NAME READY STATUS RESTARTS AGE
                tiller-deploy-69775bbbc7-c42wp 1/1 Running 0 5m

                # Copy the certs to `~/.helm`
                cp tiller.cert.pem ~/.helm/cert.pem
                cp tiller.key.pem ~/.helm/key.pem


                Validate that helm is only responding via tls



                $ helm version
                Client: &version.VersionSemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"
                Error: cannot connect to Tiller
                $ helm version --tls
                Client: &version.VersionSemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"
                Server: &version.VersionSemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"


                Thanks to
                https://github.com/helm/helm/issues/4691#issuecomment-430617255
                https://medium.com/@pczarkowski/easily-install-uninstall-helm-on-rbac-kubernetes-8c3c0e22d0d7







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Dec 20 '18 at 17:16









                SpangenSpangen

                1,91031824




                1,91031824





























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53291789%2fsetting-up-ssl-between-helm-and-tiller%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    27

                    Image
                    www.msyz777.com_www.msyz888.com_www.msyz999.com window._bd_share_config="common":"bdSnsKey":,"bdText":"","bdMini":"2","bdMiniList":false,"bdPic":"","bdStyle":"1","bdSize":"16","share":,"image":"viewList":["qzone","tsina","tqq","renren","t163"],"viewText":"��������","viewSize":"16","selectShare":"bdContainerClass":null,"bdSelectMiniList":["qzone","tsina","tqq","renren","t163"];with(document)0[(getElementsByTagName('head')[0]||body).appendChild(createElement('script')).src='http://bdimg.share.baidu.com/static/...
                    Read more

                    Top Tejano songwriter Luis Silva dead of heart attack at 64

                    Image
                    Ramiro Burr's New Blog - to go back: www.ramiroburr.com From Latin rock to reggaeton, boleros to blues,Tex-Mex to Tejano, conjunto to corridos and beyond, Ramiro Burr has it covered. If you have a new CD release, a trivia question or are looking for tour info, post a message here or e-mail Ramiro directly at: musicreporter@gmail.com Top Tejano songwriter Luis Silva dead of heart attack at 64 By Ramiro Burr on October 23, 2008 8:40 AM | Permalink | Comments (12) | TrackBacks (0) UPDATE: Luis Silva Funeral Service details released Visitation 4-9 p.m. Saturday, Rosary service 6 p.m. Saturday at Porter Loring, 1101 McCullough Ave Funeral Service 10:30 a.m. Monday St. Anthony De Padua Catholic Church, Burial Service at Chapel Hills, 7735 Gibbs Sprawl Road. Porter Loring (210) 227-8221 Related New Flash: Irma Laura Lopez: long time record promoter killed in accident NewsFlash: 9:02 a.m. (New comments below) Luis Silva , one of the most well-known ...
                    Read more

                    Category:Rhetoric

                    Image
                    Help Category:Rhetoric From Wikipedia, the free encyclopedia Jump to navigation Jump to search Library cataloging and classification main topic rhetoric Library of Congress P301 Universal Decimal 808 Wikimedia Commons has media related to Rhetoric . The main article for this category is Rhetoric . Rhetorical terms, i.e. terms used to describe or analyze rhetorical arguments, including those in persuasive speeches and opinion editorials. Contents Top 0–9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Subcategories This category has the following 17 subcategories, out of 17 total. A ► Analogy‎ (2 C, 23 P) ► Apologetics‎ (5 C, 12 P) D ► Dialectic‎ (2 C, 21 P) ► Dialogues‎ (2 C, 38 P) F ► Fiction-writing mode‎ (4 C, 11 P) H ► Homiletics‎ (21 P) ► Hypocrisy‎ (11 P) P ► Populism‎ (13 C, 49 P) R ► Rhetoric theorists‎ (3 C,...
                    Read more