Revert "refactor: support custom gateway cert expiry days. (envoyprox…

…y#2047)" This reverts commit 6b2c0e6. Signed-off-by: Arko Dasgupta <arko@tetrate.io>
arkodg · Nov 10, 2023 · c6bdff3 · c6bdff3
1 parent c85f0e4
commit c6bdff3
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 12 deletions.
diff --git a/charts/gateway-helm/templates/certgen.yaml b/charts/gateway-helm/templates/certgen.yaml
@@ -31,8 +31,6 @@ spec:
               fieldPath: metadata.namespace
         - name: KUBERNETES_CLUSTER_DOMAIN
           value: {{ .Values.kubernetesClusterDomain }}
-        - name: ENVOY_GATEWAY_CERTIFICATE_EXPIRY_DAYS
-          value: "{{ .Values.deployment.envoyGateway.cert.expiryDays }}"
         image: {{ .Values.deployment.envoyGateway.image.repository }}:{{ .Values.deployment.envoyGateway.image.tag | default .Chart.AppVersion }}
         imagePullPolicy: {{ .Values.deployment.envoyGateway.imagePullPolicy }}
         name: envoy-gateway-certgen

diff --git a/charts/gateway-helm/values.tmpl.yaml b/charts/gateway-helm/values.tmpl.yaml
@@ -1,7 +1,5 @@
 deployment:
   envoyGateway:
-    cert:
-      expiryDays: 365
     image:
       repository: ${ImageRepository}
       tag: '${ImageTag}'

diff --git a/internal/crypto/certgen.go b/internal/crypto/certgen.go
@@ -28,6 +28,9 @@ const (
 	// DefaultEnvoyDNSPrefix defines the default Envoy DNS prefix.
 	DefaultEnvoyDNSPrefix = "*"
 
+	// DefaultCertificateLifetime holds the default certificate lifetime (in days).
+	DefaultCertificateLifetime = 365
+
 	// keySize sets the RSA key size to 2048 bits. This is minimum recommended size
 	// for RSA keys.
 	keySize = 2048
@@ -94,7 +97,7 @@ func GenerateCerts(cfg *config.Server) (*Certificates, error) {
 	switch certCfg.Provider.Type {
 	case ProviderTypeEnvoyGateway:
 		now := time.Now()
-		expiry := now.Add(24 * time.Duration(cfg.CertificateExpiryDays) * time.Hour)
+		expiry := now.Add(24 * time.Duration(DefaultCertificateLifetime) * time.Hour)
 		caCertPEM, caKeyPEM, err := newCA(DefaultEnvoyGatewayDNSPrefix, expiry)
 		if err != nil {
 			return nil, err

diff --git a/internal/envoygateway/config/config.go b/internal/envoygateway/config/config.go
@@ -23,8 +23,6 @@ const (
 	EnvoyGatewayServiceName = "envoy-gateway"
 	// EnvoyPrefix is the prefix applied to the Envoy ConfigMap, Service, Deployment, and ServiceAccount.
 	EnvoyPrefix = "envoy"
-	// DefaultCertificateExpiryDays holds the default certificate lifetime (in days).
-	DefaultCertificateExpiryDays = 365
 )
 
 // Server wraps the EnvoyGateway configuration and additional parameters
@@ -38,8 +36,6 @@ type Server struct {
 	DNSDomain string
 	// Logger is the logr implementation used by Envoy Gateway.
 	Logger logging.Logger
-	// CertificateExpiryDays holds the certificate lifetime (in days).
-	CertificateExpiryDays int
 }
 
 // New returns a Server with default parameters.
@@ -49,8 +45,7 @@ func New() (*Server, error) {
 		Namespace:    env.Lookup("ENVOY_GATEWAY_NAMESPACE", DefaultNamespace),
 		DNSDomain:    env.Lookup("KUBERNETES_CLUSTER_DOMAIN", DefaultDNSDomain),
 		// the default logger
-		Logger:                logging.DefaultLogger(v1alpha1.LogLevelInfo),
-		CertificateExpiryDays: env.Lookup("ENVOY_GATEWAY_CERTIFICATE_EXPIRY_DAYS", DefaultCertificateExpiryDays),
+		Logger: logging.DefaultLogger(v1alpha1.LogLevelInfo),
 	}, nil
 }
 

diff --git a/site/content/en/latest/install/api.md b/site/content/en/latest/install/api.md
@@ -32,7 +32,6 @@ The Helm chart for Envoy Gateway
 | config.envoyGateway.logging.level.default | string | `"info"` |  |
 | config.envoyGateway.provider.type | string | `"Kubernetes"` |  |
 | createNamespace | bool | `false` |  |
-| deployment.envoyGateway.cert.expiryDays | int | `365` |  |
 | deployment.envoyGateway.image.repository | string | `"${ImageRepository}"` |  |
 | deployment.envoyGateway.image.tag | string | `"${ImageTag}"` |  |
 | deployment.envoyGateway.imagePullPolicy | string | `"Always"` |  |