deploy: add API cert config map values

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-20 17:13:02 -04:00 · 2020-08-20 17:13:02 -04:00 · 88f3b41e71
commit 88f3b41e71
parent 89b6b9ee44
2 changed files with 10 additions and 0 deletions
--- a/deploy/deployment.yaml
+++ b/deploy/deployment.yaml
@ -29,6 +29,10 @@ data:
    webhook:
      url: (@= data.values.webhook_url @)
      caBundle: (@= data.values.webhook_ca_bundle @)
+    api:
+      servingCertificate:
+        durationSeconds: (@= str(data.values.api_serving_certificate_duration_seconds) @)
+        renewBeforeSeconds: (@= str(data.values.api_serving_certificate_renew_before_seconds) @)
 ---
 #@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "":
 apiVersion: v1
--- a/deploy/values.yaml
+++ b/deploy/values.yaml
@ -17,3 +17,9 @@ discovery_url: #! e.g., https://example.com

 #! e.g. the output of: kubectl create secret docker-registry x --docker-server=https://example.io --docker-username="USERNAME" --docker-password="PASSWORD" --dry-run=client -o json | jq -r '.data[".dockerconfigjson"]'
 image_pull_dockerconfigjson: #! e.g. {"auths":{"https://registry.example.com":{"username":"USERNAME","password":"PASSWORD","auth":"BASE64_ENCODED_USERNAME_COLON_PASSWORD"}}}
+
+#! Specify the duration and renewal interval for the API serving certificate.
+#! The defaults are set to expire the cert about every 30 days, and to rotate it
+#! about every 25 days.
+api_serving_certificate_duration_seconds: 2592000
+api_serving_certificate_renew_before_seconds: 2160000