From 40e94cd6dc0876aea94785d64aab27a529df2465 Mon Sep 17 00:00:00 2001 From: rurod <48444553+rurod@users.noreply.github.com> Date: Mon, 14 Oct 2024 21:54:16 +0200 Subject: [PATCH] Adding keyttl and keycutofftime options to helm chart Signed-off-by: rurod <48444553+rurod@users.noreply.github.com> --- helm/sealed-secrets/README.md | 2 ++ helm/sealed-secrets/templates/deployment.yaml | 8 ++++++++ helm/sealed-secrets/values.yaml | 11 +++++++++++ 3 files changed, 21 insertions(+) diff --git a/helm/sealed-secrets/README.md b/helm/sealed-secrets/README.md index 66b73148d..86d13c066 100644 --- a/helm/sealed-secrets/README.md +++ b/helm/sealed-secrets/README.md @@ -95,6 +95,8 @@ The command removes all the Kubernetes components associated with the chart and | `updateStatus` | Specifies whether the Sealed Secrets controller should update the status subresource | `true` | | `skipRecreate` | Specifies whether the Sealed Secrets controller should skip recreating removed secrets | `false` | | `keyrenewperiod` | Specifies key renewal period. Default 30 days | `""` | +| `keyttl` | Specifies generated certificate validity duration. Default 10 years | `""` | +| `keycutofftime` | Specifies a date at which the controller must generate a new key. Useful in early renewal scenarios. | `""` | | `rateLimit` | Number of allowed sustained request per second for verify endpoint | `""` | | `rateLimitBurst` | Number of requests allowed to exceed the rate limit per second for verify endpoint | `""` | | `additionalNamespaces` | List of namespaces used to manage the Sealed Secrets | `[]` | diff --git a/helm/sealed-secrets/templates/deployment.yaml b/helm/sealed-secrets/templates/deployment.yaml index 06be185c4..c86e10ae5 100644 --- a/helm/sealed-secrets/templates/deployment.yaml +++ b/helm/sealed-secrets/templates/deployment.yaml @@ -82,6 +82,14 @@ spec: - --key-renew-period - {{ .Values.keyrenewperiod | quote }} {{- end }} + {{- if .Values.keyttl }} + - --key-ttl + - {{ .Values.keyttl | quote }} + {{- end }} + {{- if .Values.keycutofftime }} + - --key-cutoff-time + - {{ .Values.keycutofftime | quote }} + {{- end }} {{- if .Values.rateLimit }} - --rate-limit - {{ .Values.rateLimit | quote }} diff --git a/helm/sealed-secrets/values.yaml b/helm/sealed-secrets/values.yaml index 59855c6d1..98131820f 100644 --- a/helm/sealed-secrets/values.yaml +++ b/helm/sealed-secrets/values.yaml @@ -77,6 +77,17 @@ skipRecreate: false ## To disable use "0", with quotes! ## keyrenewperiod: "" +## @param keyttl Specifies the certificate validity duration. Default 10 years. +## e.g for one year +## keyttl: "8760h00m00s" +## +keyttl: "" +## @param keycutofftime Specifies a date at which the controller should generate a new certificate. Useful in early key renewal scenarios. +## Takes a date formated according to RFC1123. Can be obtained with the 'date -R' command on a unix system. +## e.g +## keycutofftime: "Mon, 14 Oct 2024 21:45:30 +0200" +## +keycutofftime: "" ## @param rateLimit Number of allowed sustained request per second for verify endpoint ## rateLimit: ""