Skip to content

feat(chart): add certificate properties#1054

Merged
oliverbaehler merged 3 commits into
projectcapsule:mainfrom
oliverbaehler:feat/cert-duration
Jun 17, 2026
Merged

feat(chart): add certificate properties#1054
oliverbaehler merged 3 commits into
projectcapsule:mainfrom
oliverbaehler:feat/cert-duration

Conversation

@oliverbaehler

Copy link
Copy Markdown
Collaborator

No description provided.

Signed-off-by: Oliver Baehler <oliver@sudo-i.net>
Copilot AI review requested due to automatic review settings June 16, 2026 11:27

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends the Helm chart’s cert-manager configuration to expose additional certificate lifecycle properties (e.g., duration / renewBefore) for both the CA and serving certificates, and wires them through chart documentation and schema validation.

Changes:

  • Added certManager.ca and new duration / renewBefore values for certManager.certificate.
  • Updated certmanager.yaml template to render these new cert-manager Certificate.spec fields.
  • Updated values.schema.json and chart README.md to document and validate the new options.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.

File Description
charts/capsule-proxy/values.yaml Adds new cert-manager values for CA and serving certificate lifecycle configuration.
charts/capsule-proxy/values.schema.json Adds schema entries for the new cert-manager values.
charts/capsule-proxy/templates/certmanager.yaml Renders new CA/serving duration and renewBefore fields; adds CA field injection.
charts/capsule-proxy/README.md Documents the newly added chart values.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +40 to +43
{{- with .Values.certManager.ca.privateKey }}
privateKey:
algorithm: ECDSA
size: 256
{{- toYaml . | nindent 4 }}
{{- end }}
Comment on lines 336 to +340
certificate:
# -- Duration of validity for the CA certificate (e.g. 2160h for 90 days)
duration: ""
# -- Renew the CA certificate before its expiration time (e.g. 360h for 15 days)
renewBefore: ""
Comment on lines +90 to +93
"duration": {
"description": "Duration of validity for the CA certificate (e.g. 2160h for 90 days)",
"type": "string"
},
Comment on lines +116 to +119
"renewBefore": {
"description": "Renew the CA certificate before its expiration time (e.g. 360h for 15 days)",
"type": "string"
},
Comment on lines +213 to +217
| certManager.certificate.duration | string | `""` | Duration of validity for the CA certificate (e.g. 2160h for 90 days) |
| certManager.certificate.fields | object | `{"privateKey":{"rotationPolicy":"Always"}}` | Additional fields to include in certificate |
| certManager.certificate.includeInternalServiceNames | bool | `true` | Include internal service names in certificate (disable if you create a public cert) |
| certManager.certificate.ipAddresses | list | `[]` | Additional IP Addresses to include in certificate |
| certManager.certificate.renewBefore | string | `""` | Renew the CA certificate before its expiration time (e.g. 360h for 15 days) |
Signed-off-by: Oliver Baehler <oliver@sudo-i.net>

@Svarrogh1337 Svarrogh1337 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Signed-off-by: Oliver Baehler <oliver@sudo-i.net>
@oliverbaehler oliverbaehler merged commit 07dbd6e into projectcapsule:main Jun 17, 2026
12 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants