gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

certificates ca

Browse Source
This commit is contained in:
Chris Lu
2025-11-27 14:17:37 -08:00
parent 3ae05b072a
commit f00cd38393
2 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
k8s/charts/seaweedfs/templates/cert/ca-cert.yaml
View File

@@ -13,11 +13,11 @@ spec:
secretName: {{ template "seaweedfs.name" . }}-ca-cert
commonName: "{{ template "seaweedfs.name" . }}-root-ca"
isCA: true
{{- if .Values.global.certificates.duration }}
duration: {{ .Values.global.certificates.duration }}
{{- if .Values.certificates.ca.duration }}
duration: {{ .Values.certificates.ca.duration }}
{{- end }}
{{- if .Values.global.certificates.renewBefore }}
renewBefore: {{ .Values.global.certificates.renewBefore }}
{{- if .Values.certificates.ca.renewBefore }}
renewBefore: {{ .Values.certificates.ca.renewBefore }}
{{- end }}
issuerRef:
name: {{ template "seaweedfs.name" . }}-issuer

3
k8s/charts/seaweedfs/values.yaml
View File

@@ -1268,6 +1268,9 @@ certificates:
keySize: 2048
duration: 2160h # 90d
renewBefore: 360h # 15d
ca:
duration: 87600h # 10 years
renewBefore: 720h # 30d
externalCertificates:
# This will avoid the need to use cert-manager and will rely on providing your own external certificates and CA
# you will need to store your provided certificates in the secret read by the different services: