certificates ca

2 files changed, 7 insertions, 4 deletions

diff --git a/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml b/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml
index 7c53be23e..b01a8dcc0 100644
--- a/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml
+++ b/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml
@@ -13,11 +13,11 @@ spec:
   secretName: {{ template "seaweedfs.name" . }}-ca-cert
   commonName: "{{ template "seaweedfs.name" . }}-root-ca"
   isCA: true
-  {{- if .Values.global.certificates.duration }}
-  duration: {{ .Values.global.certificates.duration }}
+  {{- if .Values.certificates.ca.duration }}
+  duration: {{ .Values.certificates.ca.duration }}
   {{- end }}
-  {{- if .Values.global.certificates.renewBefore }}
-  renewBefore: {{ .Values.global.certificates.renewBefore }}
+  {{- if .Values.certificates.ca.renewBefore }}
+  renewBefore: {{ .Values.certificates.ca.renewBefore }}
   {{- end }}
   issuerRef:
     name: {{ template "seaweedfs.name" . }}-issuer
diff --git a/k8s/charts/seaweedfs/values.yaml b/k8s/charts/seaweedfs/values.yaml
index 1bfe5c72c..74bbfeba1 100644
--- a/k8s/charts/seaweedfs/values.yaml
+++ b/k8s/charts/seaweedfs/values.yaml
@@ -1268,6 +1268,9 @@ certificates:
   keySize: 2048
   duration: 2160h  # 90d
   renewBefore: 360h  # 15d
+  ca:
+    duration: 87600h  # 10 years
+    renewBefore: 720h  # 30d
   externalCertificates:
     # This will avoid the need to use cert-manager and will rely on providing your own external certificates and CA
     # you will need to store your provided certificates in the secret read by the different services: