diff --git a/installer/pkg/common/constants.go b/installer/pkg/common/constants.go index 7f25a65db74abf..d2e1bf725db91b 100644 --- a/installer/pkg/common/constants.go +++ b/installer/pkg/common/constants.go @@ -4,6 +4,11 @@ package common +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "time" +) + // This file exists to break cyclic-dependency errors const ( @@ -35,3 +40,7 @@ const ( AnnotationConfigChecksum = "gitpod.io/checksum_config" ) + +var ( + InternalCertDuration = &metav1.Duration{Duration: time.Hour * 24 * 90} +) diff --git a/installer/pkg/components/cluster/certmanager.go b/installer/pkg/components/cluster/certmanager.go index 7aa39f36585233..a6063bdc716969 100644 --- a/installer/pkg/components/cluster/certmanager.go +++ b/installer/pkg/components/cluster/certmanager.go @@ -39,6 +39,7 @@ func certmanager(ctx *common.RenderContext) ([]runtime.Object, error) { }, Spec: v1.CertificateSpec{ IsCA: true, + Duration: common.InternalCertDuration, CommonName: caName, SecretName: caName, PrivateKey: &v1.CertificatePrivateKey{ diff --git a/installer/pkg/components/docker-registry/certificate.go b/installer/pkg/components/docker-registry/certificate.go index d0a39d89d08c5b..38dd70565f1ac8 100644 --- a/installer/pkg/components/docker-registry/certificate.go +++ b/installer/pkg/components/docker-registry/certificate.go @@ -6,11 +6,9 @@ package dockerregistry import ( "fmt" + "github.com/gitpod-io/gitpod/installer/pkg/common" certmanagerv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1" - "time" - - "github.com/gitpod-io/gitpod/installer/pkg/common" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/utils/pointer" @@ -21,8 +19,6 @@ func certificate(ctx *common.RenderContext) ([]runtime.Object, error) { return nil, nil } - oneYear := &metav1.Duration{Duration: time.Hour * 24 * 365} - return []runtime.Object{&certmanagerv1.Certificate{ TypeMeta: common.TypeMetaCertificate, ObjectMeta: metav1.ObjectMeta{ @@ -31,7 +27,7 @@ func certificate(ctx *common.RenderContext) ([]runtime.Object, error) { Labels: common.DefaultLabels(Component), }, Spec: certmanagerv1.CertificateSpec{ - Duration: oneYear, + Duration: common.InternalCertDuration, SecretName: BuiltInRegistryCerts, IssuerRef: cmmeta.ObjectReference{ Name: common.CertManagerCAIssuer, diff --git a/installer/pkg/components/registry-facade/certificate.go b/installer/pkg/components/registry-facade/certificate.go index 23b2952219e477..18332b52fdc63f 100644 --- a/installer/pkg/components/registry-facade/certificate.go +++ b/installer/pkg/components/registry-facade/certificate.go @@ -6,8 +6,6 @@ package registryfacade import ( "fmt" - "time" - certmanagerv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1" @@ -17,8 +15,6 @@ import ( ) func certificate(ctx *common.RenderContext) ([]runtime.Object, error) { - oneYear := &metav1.Duration{Duration: time.Hour * 24 * 365} - return []runtime.Object{&certmanagerv1.Certificate{ TypeMeta: common.TypeMetaCertificate, ObjectMeta: metav1.ObjectMeta{ @@ -27,7 +23,7 @@ func certificate(ctx *common.RenderContext) ([]runtime.Object, error) { Labels: common.DefaultLabels(Component), }, Spec: certmanagerv1.CertificateSpec{ - Duration: oneYear, + Duration: common.InternalCertDuration, SecretName: common.RegistryFacadeTLSCertSecret, IssuerRef: cmmeta.ObjectReference{ Name: common.CertManagerCAIssuer, diff --git a/installer/pkg/components/ws-daemon/tlssecret.go b/installer/pkg/components/ws-daemon/tlssecret.go index d544a6b7d9cf83..60b7d90daf70a2 100644 --- a/installer/pkg/components/ws-daemon/tlssecret.go +++ b/installer/pkg/components/ws-daemon/tlssecret.go @@ -10,14 +10,10 @@ import ( certmanagerv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "time" - "k8s.io/apimachinery/pkg/runtime" ) func tlssecret(ctx *common.RenderContext) ([]runtime.Object, error) { - oneYear := &metav1.Duration{Duration: time.Hour * 24 * 365} - return []runtime.Object{ &certmanagerv1.Certificate{ TypeMeta: common.TypeMetaCertificate, @@ -27,7 +23,7 @@ func tlssecret(ctx *common.RenderContext) ([]runtime.Object, error) { Labels: common.DefaultLabels(Component), }, Spec: certmanagerv1.CertificateSpec{ - Duration: oneYear, + Duration: common.InternalCertDuration, SecretName: TLSSecretName, DNSNames: []string{ fmt.Sprintf("gitpod.%s", ctx.Namespace), diff --git a/installer/pkg/components/ws-manager/tlssecret.go b/installer/pkg/components/ws-manager/tlssecret.go index 753406d4ff0b1a..59c0ebaebf23e7 100644 --- a/installer/pkg/components/ws-manager/tlssecret.go +++ b/installer/pkg/components/ws-manager/tlssecret.go @@ -6,8 +6,6 @@ package wsmanager import ( "fmt" - "time" - "github.com/gitpod-io/gitpod/installer/pkg/common" certmanagerv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" @@ -32,7 +30,6 @@ func tlssecret(ctx *common.RenderContext) ([]runtime.Object, error) { Component, } - sixMonths := &metav1.Duration{Duration: time.Hour * 4380} issuer := common.CertManagerCAIssuer return []runtime.Object{ @@ -44,7 +41,7 @@ func tlssecret(ctx *common.RenderContext) ([]runtime.Object, error) { Labels: common.DefaultLabels(Component), }, Spec: certmanagerv1.CertificateSpec{ - Duration: sixMonths, + Duration: common.InternalCertDuration, SecretName: TLSSecretNameSecret, DNSNames: serverAltNames, IssuerRef: cmmeta.ObjectReference{ @@ -62,7 +59,7 @@ func tlssecret(ctx *common.RenderContext) ([]runtime.Object, error) { Labels: common.DefaultLabels(Component), }, Spec: certmanagerv1.CertificateSpec{ - Duration: sixMonths, + Duration: common.InternalCertDuration, SecretName: TLSSecretNameClient, DNSNames: clientAltNames, IssuerRef: cmmeta.ObjectReference{