gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use .Values.global.certificates instead

Browse Source 
certificates ca
This commit is contained in:
Chris Lu
2025-11-27 14:03:30 -08:00
parent 0e385122b5
commit 75d593d7fa
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
k8s/charts/seaweedfs/templates/cert/ca-cert.yaml
View File

@@ -13,6 +13,12 @@ spec:
secretName: {{ template "seaweedfs.name" . }}-ca-cert
commonName: "{{ template "seaweedfs.name" . }}-root-ca"
isCA: true
{{- if .Values.certificates.ca.duration }}
duration: {{ .Values.certificates.ca.duration }}
{{- end }}
{{- if .Values.certificates.ca.renewBefore }}
renewBefore: {{ .Values.certificates.ca.renewBefore }}
{{- end }}
issuerRef:
name: {{ template "seaweedfs.name" . }}-issuer
kind: Issuer

3
k8s/charts/seaweedfs/values.yaml
View File

@@ -1268,6 +1268,9 @@ certificates:
keySize: 2048
duration: 2160h # 90d
renewBefore: 360h # 15d
ca:
duration: 87600h # 10 years
renewBefore: 720h # 30d
externalCertificates:
# This will avoid the need to use cert-manager and will rely on providing your own external certificates and CA
# you will need to store your provided certificates in the secret read by the different services: