certificates ca

1 day ago · f00cd38393
2 changed files with 7 additions and 4 deletions
--- a/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml
+++ b/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml
@ -13,11 +13,11 @@ spec:
  secretName: {{ template "seaweedfs.name" . }}-ca-cert
  commonName: "{{ template "seaweedfs.name" . }}-root-ca"
  isCA: true
-  {{- if .Values.global.certificates.duration }}
-  duration: {{ .Values.global.certificates.duration }}
+  {{- if .Values.certificates.ca.duration }}
+  duration: {{ .Values.certificates.ca.duration }}
  {{- end }}
-  {{- if .Values.global.certificates.renewBefore }}
-  renewBefore: {{ .Values.global.certificates.renewBefore }}
+  {{- if .Values.certificates.ca.renewBefore }}
+  renewBefore: {{ .Values.certificates.ca.renewBefore }}
  {{- end }}
  issuerRef:
    name: {{ template "seaweedfs.name" . }}-issuer
--- a/k8s/charts/seaweedfs/values.yaml
+++ b/k8s/charts/seaweedfs/values.yaml
@ -1268,6 +1268,9 @@ certificates:
  keySize: 2048
  duration: 2160h  # 90d
  renewBefore: 360h  # 15d
+  ca:
+    duration: 87600h  # 10 years
+    renewBefore: 720h  # 30d
  externalCertificates:
    # This will avoid the need to use cert-manager and will rely on providing your own external certificates and CA
    # you will need to store your provided certificates in the secret read by the different services: