chore(addons): modity self-signed certificates valid

Author: jianxiaoguo

addons/airflow/2/chart/airflow/templates/web/tls-secrets.yaml

@@ -24,8 +24,8 @@ data:
 {{- end }}
 {{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
 {{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
-{{- $ca := genCA "airflow-ca" 365 }}
-{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
+{{- $ca := genCA "airflow-ca" 36500 }}
+{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:

addons/airflow/2/chart/airflow/values.yaml

@@ -1293,7 +1293,7 @@ ingress:
   ## NOTE: 'key' and 'certificate' are expected in PEM format
   ## NOTE: 'name' should line up with a 'secretName' set further up
   ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
-  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 36500 days
   ## It is also possible to create and manage the certificates outside of this helm chart
   ## Please see README.md for more information
   ## e.g:

addons/cloudbeaver/23/chart/cloudbeaver/templates/tls-secrets.yaml

@@ -21,8 +21,8 @@ data:
 {{- end }}
 {{- end }}
 {{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
-{{- $ca := genCA "node-ca" 365 }}
-{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
+{{- $ca := genCA "node-ca" 36500 }}
+{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:

addons/grafana/10/chart/grafana/templates/tls-secret.yaml

@@ -22,8 +22,8 @@ data:
 {{- end }}
 {{- end }}
 {{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
-{{- $ca := genCA "grafana-ca" 365 }}
-{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
+{{- $ca := genCA "grafana-ca" 36500 }}
+{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:

addons/kafka/3.6/chart/kafka/templates/tls-secret.yaml

@@ -23,8 +23,8 @@ SPDX-License-Identifier: APACHE-2.0
 {{- $altNames = append $altNames (printf "%s.%s" $replicaHost $releaseNamespace) }}
 {{- $altNames = append $altNames $replicaHost }}
 {{- end }}
-{{- $ca := genCA "kafka-ca" 365 }}
-{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
+{{- $ca := genCA "kafka-ca" 36500 }}
+{{- $cert := genSignedCert $fullname nil $altNames 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:

addons/minio/2023/chart/minio/templates/tls-secrets.yaml

@@ -21,8 +21,8 @@ data:
 {{- end }}
 {{- end }}
 {{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
-{{- $ca := genCA "minio-ca" 365 }}
-{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
+{{- $ca := genCA "minio-ca" 36500 }}
+{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -43,14 +43,14 @@ data:
 {{- end }}
 {{- end }}
 {{- if (include "minio.createTlsSecret" .) }}
-{{- $ca := genCA "minio-ca" 365 }}
+{{- $ca := genCA "minio-ca" 36500 }}
 {{- $releaseNamespace := .Release.Namespace }}
 {{- $clusterDomain := .Values.clusterDomain }}
 {{- $fullname := include "common.names.fullname" . }}
 {{- $serviceName := include "common.names.fullname" . }}
 {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }}
 {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }}
-{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
+{{- $crt := genSignedCert $fullname nil $altNames 36500 $ca }}
 ---
 apiVersion: v1
 kind: Secret

addons/minio/2023/chart/minio/values.yaml

@@ -698,7 +698,7 @@ ingress:
   ## name should line up with a secretName set further up
   ##
   ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
-  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 36500 days
   ## It is also possible to create and manage the certificates outside of this helm chart
   ## Please see README.md for more information
   ##
@@ -807,7 +807,7 @@ apiIngress:
   ## name should line up with a secretName set further up
   ##
   ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
-  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 36500 days
   ## It is also possible to create and manage the certificates outside of this helm chart
   ## Please see README.md for more information
   ##

addons/mongodb/7.0/chart/mongodb/templates/common-scripts-cm.yaml

@@ -93,7 +93,7 @@ data:
     #Create the client/server cert
     openssl req -new -key /certs/mongo.key -out /certs/mongo.csr -subj "/C=US/O=My Organisations/OU=IT/CN=$my_hostname" -config /certs/openssl.cnf
     #Signing the server cert with the CA cert and key
-    openssl x509 -req -in /certs/mongo.csr -CA /certs/mongodb-ca-cert -CAkey /certs/mongodb-ca-key -CAcreateserial -out /certs/mongo.crt -days 3650 -extensions v3_req -extfile /certs/openssl.cnf
+    openssl x509 -req -in /certs/mongo.csr -CA /certs/mongodb-ca-cert -CAkey /certs/mongodb-ca-key -CAcreateserial -out /certs/mongo.crt -days 36500 -extensions v3_req -extfile /certs/openssl.cnf
     rm /certs/mongo.csr
     #Concatenate to a pem file for use as the client PEM file which can be used for both member and client authentication.
     cat /certs/mongo.crt /certs/mongo.key > /certs/mongodb.pem

addons/mongodb/7.0/chart/mongodb/templates/secrets-ca.yaml

@@ -21,14 +21,14 @@ type: Opaque
 data:
   {{- if or .Values.tls.caCert .Values.tls.caKey (not .Values.tls.autoGenerated) }}
   {{- $ca := buildCustomCert (required "A valid .Values.tls.caCert is required!" .Values.tls.caCert) (required "A valid .Values.tls.caKey is required!" .Values.tls.caKey) }}
-  {{- $cert := genSignedCert $cn nil nil 3650 $ca }}
+  {{- $cert := genSignedCert $cn nil nil 36500 $ca }}
   {{- $pem := printf "%s%s" $cert.Cert $cert.Key }}
   mongodb-ca-cert: {{ b64enc $ca.Cert }}
   mongodb-ca-key: {{ b64enc $ca.Key }}
   client-pem: {{ b64enc $pem }}
   {{- else }}
-  {{- $ca:= genCA "myMongo-ca" 3650 }}
-  {{- $cert := genSignedCert $cn nil nil 3650 $ca }}
+  {{- $ca:= genCA "myMongo-ca" 36500 }}
+  {{- $cert := genSignedCert $cn nil nil 36500 $ca }}
   {{- $pem := printf "%s%s" $cert.Cert $cert.Key }}
   mongodb-ca-cert: {{ b64enc $ca.Cert }}
   mongodb-ca-key: {{ b64enc $ca.Key }}

addons/prometheus/2/chart/prometheus/templates/tls-secret.yaml

@@ -70,10 +70,10 @@ data:
 {{- if (or (and .Values.server.ingress.tls .Values.server.ingress.selfSigned)
        (and .Values.alertmanager.ingress.tls .Values.alertmanager.ingress.selfSigned)
        (and .Values.server.thanos.ingress.tls .Values.server.thanos.ingress.selfSigned)) }}
-{{- $ca := genCA "prometheus-ca" 365 }}
+{{- $ca := genCA "prometheus-ca" 36500 }}
 {{- if and .Values.server.ingress.tls .Values.server.ingress.selfSigned }}
 {{- $secretName := printf "%s-tls" .Values.server.ingress.hostname }}
-{{- $cert := genSignedCert .Values.server.ingress.hostname nil (list .Values.server.ingress.hostname) 365 $ca }}
+{{- $cert := genSignedCert .Values.server.ingress.hostname nil (list .Values.server.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -94,7 +94,7 @@ data:
 {{- end }}
 {{- if and .Values.alertmanager.ingress.tls .Values.alertmanager.ingress.selfSigned }}
 {{- $secretName := printf "%s-tls" .Values.alertmanager.ingress.hostname }}
-{{- $cert := genSignedCert .Values.alertmanager.ingress.hostname nil (list .Values.alertmanager.ingress.hostname) 365 $ca }}
+{{- $cert := genSignedCert .Values.alertmanager.ingress.hostname nil (list .Values.alertmanager.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -115,7 +115,7 @@ data:
 ---
 {{- if and .Values.server.thanos.ingress.tls .Values.server.thanos.ingress.selfSigned }}
 {{- $secretName := printf "%s-tls" .Values.server.thanos.ingress.hostname }}
-{{- $cert := genSignedCert .Values.server.thanos.ingress.hostname nil (list .Values.server.thanos.ingress.hostname) 365 $ca }}
+{{- $cert := genSignedCert .Values.server.thanos.ingress.hostname nil (list .Values.server.thanos.ingress.hostname) 36500 $ca }}
 apiVersion: v1
 kind: Secret
 metadata: