Skip to content

fix: helm test-connection supports all TLS modes#36

Merged
tgarciai merged 1 commit intomainfrom
fix/helm-test-tls
Mar 18, 2026
Merged

fix: helm test-connection supports all TLS modes#36
tgarciai merged 1 commit intomainfrom
fix/helm-test-tls

Conversation

@tgarciai
Copy link
Member

@tgarciai tgarciai commented Mar 18, 2026

Summary

The helm test pod was hardcoded to wget http:// — broke when tls.mode=server|mutual.

Now adapts per mode:

  • disabled: wget (busybox) — unchanged
  • server: curl --cacert with CA from TLS secret — verifies certificate chain
  • mutual: nc -z TCP check — same strategy as kubelet tcpSocket probes

Cluster evidence

$ helm test underpass-runtime -n underpass-runtime
TEST SUITE:     underpass-runtime-test-connection
Phase:          Succeeded

$ kubectl logs underpass-runtime-test-connection
{"status":"ok"}

Test plan

  • helm lint — clean
  • helm template renders correctly for disabled/server/mutual
  • helm test passed on live cluster with tls.mode=server

🤖 Generated with Claude Code

@tgarciai @claude
fix: helm test-connection supports TLS modes
7e31ccf 
- disabled: wget http:// (busybox, unchanged)
- server: curl --cacert with CA from TLS secret (curlimages/curl)
- mutual: nc -z TCP check (busybox, same as tcpSocket probe)

Tested on live cluster with tls.mode=server: Phase Succeeded.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 18, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

@tgarciai tgarciai merged commit db04ebb into main Mar 18, 2026
8 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tgarciai