megre(addons): megre upstream

EamonZhang · EamonZhang · commit ab9224de3743 · 2024-05-16T17:44:49.000+08:00
diff --git a/addons/airflow/2/chart/airflow/templates/web/tls-secrets.yaml b/addons/airflow/2/chart/airflow/templates/web/tls-secrets.yaml
@@ -24,8 +24,8 @@ data:
 {{- end }}
 {{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
 {{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
-{{- $ca := genCA "airflow-ca" 365 }}
-{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
+{{- $ca := genCA "airflow-ca" 36500 }}
+{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:
diff --git a/addons/airflow/2/chart/airflow/values.yaml b/addons/airflow/2/chart/airflow/values.yaml
@@ -1293,7 +1293,7 @@ ingress:
   ## NOTE: 'key' and 'certificate' are expected in PEM format
   ## NOTE: 'name' should line up with a 'secretName' set further up
   ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
-  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 36500 days
   ## It is also possible to create and manage the certificates outside of this helm chart
   ## Please see README.md for more information
   ## e.g:
diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/tls-secrets.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/tls-secrets.yaml
@@ -21,8 +21,8 @@ data:
 {{- end }}
 {{- end }}
 {{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
-{{- $ca := genCA "node-ca" 365 }}
-{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
+{{- $ca := genCA "node-ca" 36500 }}
+{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:
diff --git a/addons/grafana/10/chart/grafana/templates/tls-secret.yaml b/addons/grafana/10/chart/grafana/templates/tls-secret.yaml
@@ -22,8 +22,8 @@ data:
 {{- end }}
 {{- end }}
 {{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
-{{- $ca := genCA "grafana-ca" 365 }}
-{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
+{{- $ca := genCA "grafana-ca" 36500 }}
+{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:
diff --git a/addons/kafka/3.6/chart/kafka/templates/tls-secret.yaml b/addons/kafka/3.6/chart/kafka/templates/tls-secret.yaml
@@ -23,8 +23,8 @@ SPDX-License-Identifier: APACHE-2.0
 {{- $altNames = append $altNames (printf "%s.%s" $replicaHost $releaseNamespace) }}
 {{- $altNames = append $altNames $replicaHost }}
 {{- end }}
-{{- $ca := genCA "kafka-ca" 365 }}
-{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
+{{- $ca := genCA "kafka-ca" 36500 }}
+{{- $cert := genSignedCert $fullname nil $altNames 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:
diff --git a/addons/kafka/3.6/meta.yaml b/addons/kafka/3.6/meta.yaml
@@ -18,6 +18,15 @@ allow_parameters:
 - name: "extraEnvVars"
   required: false
   description: "extraEnvVars config for values.yaml"
+- name: "extraConfig"
+  required: false
+  description: "extraConfig config for values.yaml"
+- name: "controller.extraConfig"
+  required: false
+  description: "controller.extraConfig config for values.yaml"
+- name: "broker.extraConfig"
+  required: false
+  description: "broker.extraConfig config for values.yaml"
 - name: "listeners.client.protocol"
   required: false
   description: "listeners client protocol config for values.yaml"
diff --git a/addons/minio/2023/chart/minio/templates/tls-secrets.yaml b/addons/minio/2023/chart/minio/templates/tls-secrets.yaml
@@ -21,8 +21,8 @@ data:
 {{- end }}
 {{- end }}
 {{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
-{{- $ca := genCA "minio-ca" 365 }}
-{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
+{{- $ca := genCA "minio-ca" 36500 }}
+{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -43,14 +43,14 @@ data:
 {{- end }}
 {{- end }}
 {{- if (include "minio.createTlsSecret" .) }}
-{{- $ca := genCA "minio-ca" 365 }}
+{{- $ca := genCA "minio-ca" 36500 }}
 {{- $releaseNamespace := .Release.Namespace }}
 {{- $clusterDomain := .Values.clusterDomain }}
 {{- $fullname := include "common.names.fullname" . }}
 {{- $serviceName := include "common.names.fullname" . }}
 {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }}
 {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }}
-{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
+{{- $crt := genSignedCert $fullname nil $altNames 36500 $ca }}
 ---
 apiVersion: v1
 kind: Secret
diff --git a/addons/minio/2023/chart/minio/values.yaml b/addons/minio/2023/chart/minio/values.yaml
@@ -698,7 +698,7 @@ ingress:
   ## name should line up with a secretName set further up
   ##
   ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
-  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 36500 days
   ## It is also possible to create and manage the certificates outside of this helm chart
   ## Please see README.md for more information
   ##
@@ -807,7 +807,7 @@ apiIngress:
   ## name should line up with a secretName set further up
   ##
   ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
-  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 36500 days
   ## It is also possible to create and manage the certificates outside of this helm chart
   ## Please see README.md for more information
   ##
diff --git a/addons/minio/2023/meta.yaml b/addons/minio/2023/meta.yaml
@@ -21,6 +21,9 @@ allow_parameters:
 - name: "service.type"
   required: false
   description: "service type config for values.yaml"
+- name: "auth.rootPassword"
+  required: false
+  description: "auth rootPassword config for values.yaml"
 - name: "metrics.enabled"
   required: false
   description: "metrics enabled or not config for values.yaml"
diff --git a/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml b/addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml
@@ -93,7 +93,7 @@ data:
     #Create the client/server cert
     openssl req -new -key /certs/mongo.key -out /certs/mongo.csr -subj "/C=US/O=My Organisations/OU=IT/CN=$my_hostname" -config /certs/openssl.cnf
     #Signing the server cert with the CA cert and key
-    openssl x509 -req -in /certs/mongo.csr -CA /certs/mongodb-ca-cert -CAkey /certs/mongodb-ca-key -CAcreateserial -out /certs/mongo.crt -days 3650 -extensions v3_req -extfile /certs/openssl.cnf
+    openssl x509 -req -in /certs/mongo.csr -CA /certs/mongodb-ca-cert -CAkey /certs/mongodb-ca-key -CAcreateserial -out /certs/mongo.crt -days 36500 -extensions v3_req -extfile /certs/openssl.cnf
     rm /certs/mongo.csr
     #Concatenate to a pem file for use as the client PEM file which can be used for both member and client authentication.
     cat /certs/mongo.crt /certs/mongo.key > /certs/mongodb.pem
diff --git a/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml b/addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml
@@ -21,14 +21,14 @@ type: Opaque
 data:
   {{- if or .Values.tls.caCert .Values.tls.caKey (not .Values.tls.autoGenerated) }}
   {{- $ca := buildCustomCert (required "A valid .Values.tls.caCert is required!" .Values.tls.caCert) (required "A valid .Values.tls.caKey is required!" .Values.tls.caKey) }}
-  {{- $cert := genSignedCert $cn nil nil 3650 $ca }}
+  {{- $cert := genSignedCert $cn nil nil 36500 $ca }}
   {{- $pem := printf "%s%s" $cert.Cert $cert.Key }}
   mongodb-ca-cert: {{ b64enc $ca.Cert }}
   mongodb-ca-key: {{ b64enc $ca.Key }}
   client-pem: {{ b64enc $pem }}
   {{- else }}
-  {{- $ca:= genCA "myMongo-ca" 3650 }}
-  {{- $cert := genSignedCert $cn nil nil 3650 $ca }}
+  {{- $ca:= genCA "myMongo-ca" 36500 }}
+  {{- $cert := genSignedCert $cn nil nil 36500 $ca }}
   {{- $pem := printf "%s%s" $cert.Cert $cert.Key }}
   mongodb-ca-cert: {{ b64enc $ca.Cert }}
   mongodb-ca-key: {{ b64enc $ca.Key }}
diff --git a/addons/prometheus/2/chart/prometheus/templates/tls-secret.yaml b/addons/prometheus/2/chart/prometheus/templates/tls-secret.yaml
@@ -70,10 +70,10 @@ data:
 {{- if (or (and .Values.server.ingress.tls .Values.server.ingress.selfSigned)
        (and .Values.alertmanager.ingress.tls .Values.alertmanager.ingress.selfSigned)
        (and .Values.server.thanos.ingress.tls .Values.server.thanos.ingress.selfSigned)) }}
-{{- $ca := genCA "prometheus-ca" 365 }}
+{{- $ca := genCA "prometheus-ca" 36500 }}
 {{- if and .Values.server.ingress.tls .Values.server.ingress.selfSigned }}
 {{- $secretName := printf "%s-tls" .Values.server.ingress.hostname }}
-{{- $cert := genSignedCert .Values.server.ingress.hostname nil (list .Values.server.ingress.hostname) 365 $ca }}
+{{- $cert := genSignedCert .Values.server.ingress.hostname nil (list .Values.server.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -94,7 +94,7 @@ data:
 {{- end }}
 {{- if and .Values.alertmanager.ingress.tls .Values.alertmanager.ingress.selfSigned }}
 {{- $secretName := printf "%s-tls" .Values.alertmanager.ingress.hostname }}
-{{- $cert := genSignedCert .Values.alertmanager.ingress.hostname nil (list .Values.alertmanager.ingress.hostname) 365 $ca }}
+{{- $cert := genSignedCert .Values.alertmanager.ingress.hostname nil (list .Values.alertmanager.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -115,7 +115,7 @@ data:
 ---
 {{- if and .Values.server.thanos.ingress.tls .Values.server.thanos.ingress.selfSigned }}
 {{- $secretName := printf "%s-tls" .Values.server.thanos.ingress.hostname }}
-{{- $cert := genSignedCert .Values.server.thanos.ingress.hostname nil (list .Values.server.thanos.ingress.hostname) 365 $ca }}
+{{- $cert := genSignedCert .Values.server.thanos.ingress.hostname nil (list .Values.server.thanos.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:
diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml
@@ -426,7 +426,7 @@ alertmanager:
     ## NOTE: 'key' and 'certificate' are expected in PEM format
     ## NOTE: 'name' should line up with a 'secretName' set further up
     ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
-    ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+    ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 36500 days
     ## It is also possible to create and manage the certificates outside of this helm chart
     ## Please see README.md for more information
     ## e.g:
@@ -1238,7 +1238,7 @@ server:
       ## NOTE: 'key' and 'certificate' are expected in PEM format
       ## NOTE: 'name' should line up with a 'secretName' set further up
       ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
-      ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+      ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 36500 days
       ## It is also possible to create and manage the certificates outside of this helm chart
       ## Please see README.md for more information
       ## e.g:
@@ -1330,7 +1330,7 @@ server:
     ## NOTE: 'key' and 'certificate' are expected in PEM format
     ## NOTE: 'name' should line up with a 'secretName' set further up
     ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
-    ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+    ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 36500 days
     ## It is also possible to create and manage the certificates outside of this helm chart
     ## Please see README.md for more information
     ## e.g:
diff --git a/addons/rabbitmq/3.12/chart/rabbitmq/templates/tls-secrets.yaml b/addons/rabbitmq/3.12/chart/rabbitmq/templates/tls-secrets.yaml
@@ -21,8 +21,8 @@ data:
 {{- end }}
 {{- end }}
 {{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
-{{- $ca := genCA "rabbitmq-ca" 365 }}
-{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
+{{- $ca := genCA "rabbitmq-ca" 36500 }}
+{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -63,13 +63,13 @@ data:
   tls.crt: {{ required "A valid .Values.auth.tls.serverCertificate entry required!" .Values.auth.tls.serverCertificate| b64enc | quote }}
   tls.key: {{ required "A valid .Values.auth.tls.serverKey entry required!" .Values.auth.tls.serverKey | b64enc | quote }}
   {{- else }}
-  {{- $ca := genCA "rabbitmq-internal-ca" 365 }}
+  {{- $ca := genCA "rabbitmq-internal-ca" 36500 }}
   {{- $fullname := include "common.names.fullname" . }}
   {{- $releaseNamespace := .Release.Namespace }}
   {{- $clusterDomain := .Values.clusterDomain }}
   {{- $serviceName := include "common.names.fullname" . }}
   {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname }}
-  {{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
+  {{- $crt := genSignedCert $fullname nil $altNames 36500 $ca }}
   ca.crt: {{ $ca.Cert | b64enc | quote }}
   tls.crt: {{ $crt.Cert | b64enc | quote }}
   tls.key: {{ $crt.Key | b64enc | quote }}
diff --git a/addons/rabbitmq/3.12/chart/rabbitmq/values.yaml b/addons/rabbitmq/3.12/chart/rabbitmq/values.yaml
@@ -1052,7 +1052,7 @@ ingress:
   ## NOTE: 'key' and 'certificate' are expected in PEM format
   ## NOTE: 'name' should line up with a 'secretName' set further up
   ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
-  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 36500 days
   ## It is also possible to create and manage the certificates outside of this helm chart
   ## Please see README.md for more information
   ## e.g:
diff --git a/addons/rabbitmq/3.12/plans/standard-16c32g3w/meta.yaml b/addons/rabbitmq/3.12/plans/standard-16c32g3w/meta.yaml
@@ -1,6 +1,6 @@
-name: "standard-16c32g"
+name: "standard-16c32g3w"
 id: 2c036b60-e5d0-4a29-a868-3cd5f8626480
-description: "RabbitMQ standard-16c32g plan which limit resources 16 cores 32G memory and 3 workers."
-displayName: "standard-16c32g"
+description: "RabbitMQ standard-16c32g3w plan which limit resources 16 cores 32G memory and 3 workers."
+displayName: "standard-16c32g3w"
 bindable: true
 maximum_polling_duration: 1800
diff --git a/addons/rabbitmq/3.12/plans/standard-2c4g3w/meta.yaml b/addons/rabbitmq/3.12/plans/standard-2c4g3w/meta.yaml
@@ -1,6 +1,6 @@
-name: "standard-2c4g"
+name: "standard-2c4g3w"
 id: c45342f5-4c89-40b4-929c-dedf386ee604
-description: "RabbitMQ standard-2c4g plan which limit resources 2 cores 4G memory and 3 workers."
-displayName: "standard-2c4g"
+description: "RabbitMQ standard-2c4g3w plan which limit resources 2 cores 4G memory and 3 workers."
+displayName: "standard-2c4g3w"
 bindable: true
 maximum_polling_duration: 1800
diff --git a/addons/rabbitmq/3.12/plans/standard-4c8g3w/meta.yaml b/addons/rabbitmq/3.12/plans/standard-4c8g3w/meta.yaml
@@ -1,6 +1,6 @@
-name: "standard-4c8g"
+name: "standard-4c8g3w"
 id: cec940ac-46e2-4b11-b8aa-5d5855b5b8bf
-description: "RabbitMQ standard-4c8g plan which limit resources 4 cores 8G memory and 3 workers."
-displayName: "standard-4c8g"
+description: "RabbitMQ standard-4c8g3w plan which limit resources 4 cores 8G memory and 3 workers."
+displayName: "standard-4c8g3w"
 bindable: true
 maximum_polling_duration: 1800
diff --git a/addons/rabbitmq/3.12/plans/standard-8c16g3w/meta.yaml b/addons/rabbitmq/3.12/plans/standard-8c16g3w/meta.yaml
@@ -1,6 +1,6 @@
-name: "standard-8c16g"
+name: "standard-8c16g3w"
 id: fd7af0a9-1f41-4d4d-8d24-89fb9ebbe553
-description: "RabbitMQ standard-8c16g plan which limit resources 8 cores 16G memory and 3 workers."
-displayName: "standard-8c16g"
+description: "RabbitMQ standard-8c16g3w plan which limit resources 8 cores 16G memory and 3 workers."
+displayName: "standard-8c16g3w"
 bindable: true
 maximum_polling_duration: 1800
diff --git a/addons/redis-cluster/7.0/chart/redis-cluster/templates/tls-secret.yaml b/addons/redis-cluster/7.0/chart/redis-cluster/templates/tls-secret.yaml
@@ -1,12 +1,12 @@
 {{- if (include "redis-cluster.createTlsSecret" .) }}
-{{- $ca := genCA "redis-cluster-ca" 365 }}
+{{- $ca := genCA "redis-cluster-ca" 36500 }}
 {{- $releaseNamespace := .Release.Namespace }}
 {{- $clusterDomain := .Values.clusterDomain }}
 {{- $fullname := include "common.names.fullname" . }}
 {{- $serviceName := include "common.names.fullname" . }}
 {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }}
 {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }}
-{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
+{{- $crt := genSignedCert $fullname nil $altNames 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:
diff --git a/addons/redis/7.0/chart/redis/templates/tls-secret.yaml b/addons/redis/7.0/chart/redis/templates/tls-secret.yaml
@@ -1,12 +1,12 @@
 {{- if (include "redis.createTlsSecret" .) }}
-{{- $ca := genCA "redis-ca" 365 }}
+{{- $ca := genCA "redis-ca" 36500 }}
 {{- $releaseNamespace := .Release.Namespace }}
 {{- $clusterDomain := .Values.clusterDomain }}
 {{- $fullname := include "common.names.fullname" . }}
 {{- $serviceName := include "common.names.fullname" . }}
 {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }}
 {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }}
-{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
+{{- $crt := genSignedCert $fullname nil $altNames 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:
diff --git a/addons/spark/3.4/chart/spark/templates/tls-secrets.yaml b/addons/spark/3.4/chart/spark/templates/tls-secrets.yaml
@@ -24,8 +24,8 @@ data:
 {{- end }}
 {{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
 {{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
-{{- $ca := genCA "spark-ca" 365 }}
-{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
+{{- $ca := genCA "spark-ca" 36500 }}
+{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -44,14 +44,14 @@ data:
 {{- end }}
 {{- if (include "spark.createTlsSecret" . ) }}
 {{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }}
-{{- $ca := genCA "spark-internal-ca" 365 }}
+{{- $ca := genCA "spark-internal-ca" 36500 }}
 {{- $releaseNamespace := include "common.names.namespace" . }}
 {{- $clusterDomain := .Values.clusterDomain }}
 {{- $fullname := include "common.names.fullname" . }}
 {{- $headlessServiceName := printf "%s-headless" ( include "common.names.fullname" . ) }}
 {{- $masterServiceName := printf "%s-master-svc" (include "common.names.fullname" .) }}
 {{- $altNames := list (printf "*.%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) $fullname }}
-{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
+{{- $cert := genSignedCert $fullname nil $altNames 36500 $ca }}
 ---
 apiVersion: v1
 kind: Secret
diff --git a/addons/zookeeper/3.9/chart/zookeeper/templates/tls-secrets.yaml b/addons/zookeeper/3.9/chart/zookeeper/templates/tls-secrets.yaml
diff --git a/template/CHART_NAME/templates/tls-secret.yaml b/template/CHART_NAME/templates/tls-secret.yaml
diff --git a/template/CHART_NAME/values.yaml b/template/CHART_NAME/values.yaml
