From 3ae05b072a1bc606e31e88e0411c1a5a40116d98 Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Thu, 27 Nov 2025 14:03:30 -0800 Subject: [PATCH 1/3] use .Values.global.certificates instead --- k8s/charts/seaweedfs/templates/cert/ca-cert.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml b/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml index 0fd6615e1..7c53be23e 100644 --- a/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml +++ b/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml @@ -13,6 +13,12 @@ spec: secretName: {{ template "seaweedfs.name" . }}-ca-cert commonName: "{{ template "seaweedfs.name" . }}-root-ca" isCA: true + {{- if .Values.global.certificates.duration }} + duration: {{ .Values.global.certificates.duration }} + {{- end }} + {{- if .Values.global.certificates.renewBefore }} + renewBefore: {{ .Values.global.certificates.renewBefore }} + {{- end }} issuerRef: name: {{ template "seaweedfs.name" . }}-issuer kind: Issuer From f00cd383936b5f6bf621a91c2b9321b67a902714 Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Thu, 27 Nov 2025 14:17:37 -0800 Subject: [PATCH 2/3] certificates ca --- k8s/charts/seaweedfs/templates/cert/ca-cert.yaml | 8 ++++---- k8s/charts/seaweedfs/values.yaml | 3 +++ 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml b/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml index 7c53be23e..b01a8dcc0 100644 --- a/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml +++ b/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml @@ -13,11 +13,11 @@ spec: secretName: {{ template "seaweedfs.name" . }}-ca-cert commonName: "{{ template "seaweedfs.name" . }}-root-ca" isCA: true - {{- if .Values.global.certificates.duration }} - duration: {{ .Values.global.certificates.duration }} + {{- if .Values.certificates.ca.duration }} + duration: {{ .Values.certificates.ca.duration }} {{- end }} - {{- if .Values.global.certificates.renewBefore }} - renewBefore: {{ .Values.global.certificates.renewBefore }} + {{- if .Values.certificates.ca.renewBefore }} + renewBefore: {{ .Values.certificates.ca.renewBefore }} {{- end }} issuerRef: name: {{ template "seaweedfs.name" . }}-issuer diff --git a/k8s/charts/seaweedfs/values.yaml b/k8s/charts/seaweedfs/values.yaml index 1bfe5c72c..74bbfeba1 100644 --- a/k8s/charts/seaweedfs/values.yaml +++ b/k8s/charts/seaweedfs/values.yaml @@ -1268,6 +1268,9 @@ certificates: keySize: 2048 duration: 2160h # 90d renewBefore: 360h # 15d + ca: + duration: 87600h # 10 years + renewBefore: 720h # 30d externalCertificates: # This will avoid the need to use cert-manager and will rely on providing your own external certificates and CA # you will need to store your provided certificates in the secret read by the different services: From e5521673ebf0f47043601eb219078232fc1d5c30 Mon Sep 17 00:00:00 2001 From: IvanHunters <49371933+IvanHunters@users.noreply.github.com> Date: Fri, 28 Nov 2025 01:22:20 +0300 Subject: [PATCH 3/3] Helm Charts: add certificate duration and renewBefore options (#7563) * Helm Charts: add certificate duration and renewBefore options Signed-off-by: ohotnikov.ivan * use .Values.global.certificates instead certificates ca --------- Signed-off-by: ohotnikov.ivan Co-authored-by: ohotnikov.ivan Co-authored-by: Chris Lu --- k8s/charts/seaweedfs/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/charts/seaweedfs/values.yaml b/k8s/charts/seaweedfs/values.yaml index 74bbfeba1..547b05479 100644 --- a/k8s/charts/seaweedfs/values.yaml +++ b/k8s/charts/seaweedfs/values.yaml @@ -22,6 +22,8 @@ global: serviceAccountName: "seaweedfs" automountServiceAccountToken: true certificates: + duration: 87600h + renewBefore: 720h alphacrds: false monitoring: enabled: false