Add values for server TTL configurables

Signed-off-by: Marco Franssen <[email protected]>

charts/spire/charts/spire-server/README.md

@@ -23,6 +23,7 @@ A Helm chart to install the SPIRE server.
 | autoscaling.minReplicas | int | `1` |  |
 | autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
 | bundleConfigMap | string | `"spire-server"` |  |
+| caTTL | string | `"24h"` |  |
 | ca_subject.common_name | string | `"example.org"` |  |
 | ca_subject.country | string | `"NL"` |  |
 | ca_subject.organization | string | `"Example"` |  |
@@ -49,6 +50,8 @@ A Helm chart to install the SPIRE server.
 | dataStorage.enabled | bool | `true` |  |
 | dataStorage.size | string | `"1Gi"` |  |
 | dataStorage.storageClass | string | `nil` |  |
+| defaultJwtSvidTTL | string | `"1h"` |  |
+| defaultX509SvidTTL | string | `"4h"` |  |
 | extraContainers | list | `[]` |  |
 | extraVolumeMounts | list | `[]` |  |
 | extraVolumes | list | `[]` |  |

charts/spire/charts/spire-server/templates/configmap.yaml

@@ -12,13 +12,16 @@ data:
       trust_domain = {{ .Values.trustDomain | quote }}
       data_dir = "/run/spire/data"
       log_level = {{ .Values.logLevel | quote }}
+
+      jwt_issuer = {{ .Values.jwtIssuer | quote }}
+
       # AWS requires the use of RSA.  EC cryptography is not supported
       ca_key_type = "rsa-2048"
+      ca_ttl = {{ .Values.caTTL | quote }}
 
-      jwt_issuer = {{ .Values.jwtIssuer | quote  }}
+      default_x509_svid_ttl = {{ .Values.defaultX509SvidTTL | quote }}
+      default_jwt_svid_ttl = {{ .Values.defaultJwtSvidTTL | quote }}
 
-      default_x509_svid_ttl = "1h"
-      default_jwt_svid_ttl = "1h"
       ca_subject = {
         {{- with .Values.ca_subject }}
         country = [{{ .country | quote }}],

charts/spire/charts/spire-server/values.yaml

@@ -178,6 +178,10 @@ extraContainers: []
 
 initContainers: []
 
+caTTL: 24h
+defaultX509SvidTTL: 4h
+defaultJwtSvidTTL: 1h
+
 nodeAttestor:
   k8sPsat:
     enabled: true