Minor fixes in certificates to make them ArgoCD friendly (chaos-mesh#…

…4482) * Minor fixes in certificates to make them ArgoCD friendly * chore: update changelog Signed-off-by: Yue Yang <[email protected]> --------- Signed-off-by: Yue Yang <[email protected]> Co-authored-by: Mark Kharitonov <[email protected]> Co-authored-by: Yue Yang <[email protected]>
yeya24 · Sep 2, 2024 · 7e11f64 · 7e11f64
1 parent da69c6d
commit 7e11f64
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -68,6 +68,7 @@ For more information and how-to, see [RFC: Keep A Changelog](https://github.com/
 - Fix dashboard panic while replacing query namespace with targetNamespace in namespace scoped mode [#4409](https://github.com/chaos-mesh/chaos-mesh/issues/4409)
 - Fix incorrect mmap args for IOChaos [#3680](https://github.com/chaos-mesh/chaos-mesh/issues/3680)
 - Fix chaos controller can't find daemonIP over 1000 nodes using endpoints [#4421](https://github.com/chaos-mesh/chaos-mesh/pull/4421)
+- Minor fixes in certificates to make them ArgoCD friendly [#4482](https://github.com/chaos-mesh/chaos-mesh/pull/4482)
 
 ### Security
 

diff --git a/helm/chaos-mesh/templates/_certs.tpl b/helm/chaos-mesh/templates/_certs.tpl
@@ -55,7 +55,7 @@ When using this template, it requires the top-level scope
     {{- /* webhookName would be the FQDN of in-cluster service chaos-mesh.*/ -}}
     {{- $webhookName := printf "%s.%s.svc" (include "chaos-mesh.svc" .) .Release.Namespace }}
     {{- $webhookCA := required "self-signed CA keypair is requried" .selfSignedCAKeypair -}}
-    {{- /* Generate cert keypair for webhook with 5 year validity duration. */ -}}
+    {{- /* Generate cert keypair for webhook with 5 years validity duration. */ -}}
     {{- $webhookServerTLSKeypair := .webhookTLSKeypair | default (genSignedCert $webhookName nil (list $webhookName) 1825 $webhookCA) }}
     {{- $_ := set . "webhookTLSKeypair" $webhookServerTLSKeypair -}}
     {{- $webhookServerTLSKeypair.Cert -}}
@@ -76,7 +76,7 @@ When using this template, it requires the top-level scope
     {{- /* webhookName would be the FQDN of in-cluster service chaos-mesh.*/ -}}
     {{- $webhookName := printf "%s.%s.svc" (include "chaos-mesh.svc" .) .Release.Namespace -}}
     {{- $webhookCA := required "self-signed CA keypair is requried" .selfSignedCAKeypair -}}
-    {{- /* Generate cert key pair for webhook with 5 year validity duration. */ -}}
+    {{- /* Generate cert key pair for webhook with 5 years validity duration. */ -}}
     {{- $webhookServerTLSKeypair := .webhookTLSKeypair | default (genSignedCert $webhookName nil (list $webhookName) 1825 $webhookCA) -}}
     {{- $_ := set . "webhookTLSKeypair" $webhookServerTLSKeypair -}}
     {{- $webhookServerTLSKeypair.Key -}}

diff --git a/helm/chaos-mesh/templates/cert-manager-certs.yaml b/helm/chaos-mesh/templates/cert-manager-certs.yaml
@@ -52,7 +52,7 @@ metadata:
     {{- include "chaos-mesh.labels" . | nindent 4 }}
     app.kubernetes.io/component: chaos-mesh-ca
 spec:
-  duration: 43800h0m0s #5year
+  duration: 43800h0m0s # 5 years
   secretName: chaos-mesh-ca
   commonName: "chaos-mesh-ca"
   isCA: true
@@ -98,12 +98,11 @@ metadata:
     {{- include "chaos-mesh.labels" . | nindent 4 }}
     app.kubernetes.io/component: chaos-mesh-cert
 spec:
-  duration: 43800h #5year
+  duration: 43800h0m0s # 5 years
   dnsNames:
     - {{ template "chaos-mesh.svc" . }}
     - {{ template "chaos-mesh.svc" . }}.{{ .Release.Namespace }}
     - {{ template "chaos-mesh.svc" . }}.{{ .Release.Namespace }}.svc
-  isCA: false
   secretName: {{ template "chaos-mesh.webhook.certs" . }}
   issuerRef:
     name: chaos-mesh-ca
@@ -127,10 +126,9 @@ metadata:
     {{- include "chaos-mesh.labels" . | nindent 4 }}
     app.kubernetes.io/component: chaos-daemon-client-cert
 spec:
-  duration: 43800h0m0s #5year
+  duration: 43800h0m0s # 5 years
   dnsNames:
     - controller-manager.chaos-mesh.org
-  isCA: false
   secretName: {{ template "chaos-mesh.daemon-client.certs" . }}
   issuerRef:
     name: chaos-mesh-ca
@@ -154,10 +152,9 @@ metadata:
     {{- include "chaos-mesh.labels" . | nindent 4 }}
     app.kubernetes.io/component: chaos-daemontcert
 spec:
-  duration: 43800h0m0s #5year
+  duration: 43800h0m0s # 5 years
   dnsNames:
     - chaos-daemon.chaos-mesh.org
-  isCA: false
   secretName: {{ template "chaos-mesh.daemon.certs" . }}
   issuerRef:
     name: chaos-mesh-ca