profile
viewpoint

Ask questionsFeature request: detailed error when certificates have expired

<!-- If you need help or think you have found a bug, please help us with your issue by entering the following information (otherwise you can delete this text): -->

Output of helm version: Client: &version.Version{SemVer:"v2.14.1", GitCommit:"5270352a09c7e8b6e8c9593002a73535276507c0", GitTreeState:"clean"} Server: &version.Version{SemVer:"v2.14.1", GitCommit:"5270352a09c7e8b6e8c9593002a73535276507c0", GitTreeState:"clean"}

Output of kubectl version: Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.7", GitCommit:"4683545293d792934a7a7e12f2cc47d20b2dd01b", GitTreeState:"clean", BuildDate:"2019-06-06T01:46:52Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"darwin/amd64"} Server Version: version.Info{Major:"1", Minor:"13+", GitVersion:"v1.13.6-gke.13", GitCommit:"fcbc1d20b6bca1936c0317743055ac75aef608ce", GitTreeState:"clean", BuildDate:"2019-06-19T20:50:07Z", GoVersion:"go1.11.5b4", Compiler:"gc", Platform:"linux/amd64"}

Cloud Provider/Platform (AKS, GKE, Minikube etc.): GKE

Bug:

Our helm/tiller is set up with tls verification. We found that all of a sudden, with no change to kubectl or helm versions, all our helm upgrades were hanging until they timed out with "context deadline exceeded". This also affected helm ls, helm version, etc.

It took us a lot of digging around without much help to realize that the certificates might have just expired. After that we did a helm init --upgrade ... with the new certs and it worked.

Some detailed error outputs would have saved many hours of grief.

helm/helm

Answer questions technosophos

Turns out that this is all hidden deep inside of Kubernetes' client-go package. I can't find anywhere were we could hook in and detect this condition. I think that later versions of client-go might have fixed the hanging behavior. But a change to SSL certificate handling needs to be made in client-go, not Helm.

So I am marking this as closed/won't fix.

useful!

Related questions

Error: open .helm\repository\cache\local-index.yaml hot 2
Helm upgrade fails the release after adding a new resource hot 2
Error: validation: chart.metadata is required when using --repo - helm hot 2
Error: could not find a ready tiller pod hot 2
Upgrading releases with immutable resources (e.g. persitentVolume) hot 2
"Error: Transport is closing" message when attempting to install hot 1
helm 3: Not able to push chart to docker hub hot 1
Helm3: No 'init', doesn't use existing ~/.helm hot 1
No kind Job is registered for version batch/v1 hot 1
error calling eq: invalid type for comparison hot 1
upgrade apiVersion in k8s from 1.14 to 1.16 FAILED hot 1
Helm v 2.9.1 Error: Can&#39;t get a valid version for repositories even when the chart is available - helm hot 1
Upgrades fails with: grpc: received message larger than max hot 1
Helm init fails on Kubernetes 1.16.0 hot 1
Helm error with forwarding ports hot 1
Github User Rank List