[operator] support cutom autocert-certPeriod time by days (#1249)

* support cutom autocert certPeriod time by years

* revert

* polish

* update

* remove some example

---------

Co-authored-by: Jacob Aronoff <jaronoff97@users.noreply.github.com>
Co-authored-by: Tyler Helmuth <12352919+TylerHelmuth@users.noreply.github.com>

charts/opentelemetry-operator/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: opentelemetry-operator
-version: 0.64.1
+version: 0.64.2
 description: OpenTelemetry Operator Helm chart for Kubernetes
 type: application
 home: https://opentelemetry.io/

charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     cert-manager.io/inject-ca-from: default/example-opentelemetry-operator-serving-cert
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm
@@ -91,7 +91,7 @@ metadata:
   annotations:
     cert-manager.io/inject-ca-from: default/example-opentelemetry-operator-serving-cert
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm

charts/opentelemetry-operator/examples/default/rendered/certmanager.yaml

@@ -4,7 +4,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm
@@ -30,7 +30,7 @@ apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm

charts/opentelemetry-operator/examples/default/rendered/clusterrole.yaml

@@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm
@@ -223,7 +223,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm
@@ -242,7 +242,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm

charts/opentelemetry-operator/examples/default/rendered/clusterrolebinding.yaml

@@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm
@@ -26,7 +26,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm

charts/opentelemetry-operator/examples/default/rendered/deployment.yaml

@@ -4,7 +4,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm

charts/opentelemetry-operator/examples/default/rendered/role.yaml

@@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm

charts/opentelemetry-operator/examples/default/rendered/rolebinding.yaml

@@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm

charts/opentelemetry-operator/examples/default/rendered/service.yaml

@@ -4,7 +4,7 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm
@@ -32,7 +32,7 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm

charts/opentelemetry-operator/examples/default/rendered/serviceaccount.yaml

@@ -6,7 +6,7 @@ metadata:
   name: opentelemetry-operator
   namespace: default
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm

charts/opentelemetry-operator/examples/default/rendered/tests/test-certmanager-connection.yaml

@@ -6,7 +6,7 @@ metadata:
   name: "example-opentelemetry-operator-cert-manager"
   namespace: default
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm

charts/opentelemetry-operator/examples/default/rendered/tests/test-service-connection.yaml

@@ -6,7 +6,7 @@ metadata:
   name: "example-opentelemetry-operator-metrics"
   namespace: default
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm
@@ -44,7 +44,7 @@ metadata:
   name: "example-opentelemetry-operator-webhook"
   namespace: default
   labels:
-    helm.sh/chart: opentelemetry-operator-0.64.1
+    helm.sh/chart: opentelemetry-operator-0.64.2
     app.kubernetes.io/name: opentelemetry-operator
     app.kubernetes.io/version: "0.103.0"
     app.kubernetes.io/managed-by: Helm

charts/opentelemetry-operator/templates/_helpers.tpl

@@ -110,8 +110,9 @@ a cert is loaded from an existing secret or is provided via `.Values`
 {{- end }}
 {{- else }}
 {{- $altNames := list ( printf "%s-webhook.%s" (include "opentelemetry-operator.fullname" .) .Release.Namespace ) ( printf "%s-webhook.%s.svc" (include "opentelemetry-operator.fullname" .) .Release.Namespace ) -}}
-{{- $ca := genCA "opentelemetry-operator-operator-ca" 365 }}
-{{- $cert := genSignedCert (include "opentelemetry-operator.fullname" .) nil $altNames 365 $ca }}
+{{- $tmpperioddays := int .Values.admissionWebhooks.autoGenerateCert.certPeriodDays | default 365 }}
+{{- $ca := genCA "opentelemetry-operator-operator-ca" $tmpperioddays }}
+{{- $cert := genSignedCert (include "opentelemetry-operator.fullname" .) nil $altNames $tmpperioddays $ca }}
 {{- $certCrtEnc = b64enc $cert.Cert }}
 {{- $certKeyEnc = b64enc $cert.Key }}
 {{- $caCertEnc = b64enc $ca.Cert }}

charts/opentelemetry-operator/values.schema.json

@@ -1571,11 +1571,20 @@
                             "examples": [
                                 true
                             ]
+                        },
+                        "certPeriodDays": {
+                            "type": "integer",
+                            "default": 365,
+                            "title": "Cert period time in days.",
+                            "examples": [
+                                365
+                            ]
                         }
                     },
                     "examples": [{
                         "enabled": true,
-                        "recreate": true
+                        "recreate": true,
+                        "certPeriodDays": 365
                     }]
                 },
                 "certFile": {

charts/opentelemetry-operator/values.yaml

@@ -260,6 +260,8 @@ admissionWebhooks:
     enabled: true
     # If set to true, new webhook key/certificate is generated on helm upgrade.
     recreate: true
+    # Cert period time in days. The default is 365 days.
+    certPeriodDays: 365
 
   ## TLS Certificate Option 3: Use your own self-signed certificate.
   ## certManager and autoGenerateCert must be disabled and certFile, keyFile, and caFile must be set.