From f00cd383936b5f6bf621a91c2b9321b67a902714 Mon Sep 17 00:00:00 2001
From: Chris Lu <chris.lu@gmail.com>
Date: Thu, 27 Nov 2025 14:17:37 -0800
Subject: [PATCH] certificates ca

---
 k8s/charts/seaweedfs/templates/cert/ca-cert.yaml | 8 ++++----
 k8s/charts/seaweedfs/values.yaml                 | 3 +++
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml b/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml
index 7c53be23e..b01a8dcc0 100644
--- a/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml
+++ b/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml
@@ -13,11 +13,11 @@ spec:
   secretName: {{ template "seaweedfs.name" . }}-ca-cert
   commonName: "{{ template "seaweedfs.name" . }}-root-ca"
   isCA: true
-  {{- if .Values.global.certificates.duration }}
-  duration: {{ .Values.global.certificates.duration }}
+  {{- if .Values.certificates.ca.duration }}
+  duration: {{ .Values.certificates.ca.duration }}
   {{- end }}
-  {{- if .Values.global.certificates.renewBefore }}
-  renewBefore: {{ .Values.global.certificates.renewBefore }}
+  {{- if .Values.certificates.ca.renewBefore }}
+  renewBefore: {{ .Values.certificates.ca.renewBefore }}
   {{- end }}
   issuerRef:
     name: {{ template "seaweedfs.name" . }}-issuer
diff --git a/k8s/charts/seaweedfs/values.yaml b/k8s/charts/seaweedfs/values.yaml
index 1bfe5c72c..74bbfeba1 100644
--- a/k8s/charts/seaweedfs/values.yaml
+++ b/k8s/charts/seaweedfs/values.yaml
@@ -1268,6 +1268,9 @@ certificates:
   keySize: 2048
   duration: 2160h  # 90d
   renewBefore: 360h  # 15d
+  ca:
+    duration: 87600h  # 10 years
+    renewBefore: 720h  # 30d
   externalCertificates:
     # This will avoid the need to use cert-manager and will rely on providing your own external certificates and CA
     # you will need to store your provided certificates in the secret read by the different services: