From 88f3b41e717082cf90aadcd8929d5fdede4a9574 Mon Sep 17 00:00:00 2001
From: Ryan Richard <richardry@vmware.com>
Date: Thu, 20 Aug 2020 17:13:02 -0400
Subject: [PATCH] deploy: add API cert config map values

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
---
 deploy/deployment.yaml | 4 ++++
 deploy/values.yaml     | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml
index a4d081ca..6d2d5d2f 100644
--- a/deploy/deployment.yaml
+++ b/deploy/deployment.yaml
@@ -29,6 +29,10 @@ data:
     webhook:
       url: (@= data.values.webhook_url @)
       caBundle: (@= data.values.webhook_ca_bundle @)
+    api:
+      servingCertificate:
+        durationSeconds: (@= str(data.values.api_serving_certificate_duration_seconds) @)
+        renewBeforeSeconds: (@= str(data.values.api_serving_certificate_renew_before_seconds) @)
 ---
 #@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "":
 apiVersion: v1
diff --git a/deploy/values.yaml b/deploy/values.yaml
index b8c71c54..cf91c93e 100644
--- a/deploy/values.yaml
+++ b/deploy/values.yaml
@@ -17,3 +17,9 @@ discovery_url: #! e.g., https://example.com
 
 #! e.g. the output of: kubectl create secret docker-registry x --docker-server=https://example.io --docker-username="USERNAME" --docker-password="PASSWORD" --dry-run=client -o json | jq -r '.data[".dockerconfigjson"]'
 image_pull_dockerconfigjson: #! e.g. {"auths":{"https://registry.example.com":{"username":"USERNAME","password":"PASSWORD","auth":"BASE64_ENCODED_USERNAME_COLON_PASSWORD"}}}
+
+#! Specify the duration and renewal interval for the API serving certificate.
+#! The defaults are set to expire the cert about every 30 days, and to rotate it
+#! about every 25 days.
+api_serving_certificate_duration_seconds: 2592000
+api_serving_certificate_renew_before_seconds: 2160000