From c6bdff31d2432d2c039f66909acddbd754f376f5 Mon Sep 17 00:00:00 2001
From: Arko Dasgupta <arko@tetrate.io>
Date: Fri, 10 Nov 2023 14:37:52 -0800
Subject: [PATCH] Revert "refactor: support custom gateway cert expiry days.
 (#2047)"

This reverts commit 6b2c0e68918fa6d291241fa98738028bf80a8e89.

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
---
 charts/gateway-helm/templates/certgen.yaml | 2 --
 charts/gateway-helm/values.tmpl.yaml       | 2 --
 internal/crypto/certgen.go                 | 5 ++++-
 internal/envoygateway/config/config.go     | 7 +------
 site/content/en/latest/install/api.md      | 1 -
 5 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/charts/gateway-helm/templates/certgen.yaml b/charts/gateway-helm/templates/certgen.yaml
index e59981bc0f6..4d49597fec0 100644
--- a/charts/gateway-helm/templates/certgen.yaml
+++ b/charts/gateway-helm/templates/certgen.yaml
@@ -31,8 +31,6 @@ spec:
               fieldPath: metadata.namespace
         - name: KUBERNETES_CLUSTER_DOMAIN
           value: {{ .Values.kubernetesClusterDomain }}
-        - name: ENVOY_GATEWAY_CERTIFICATE_EXPIRY_DAYS
-          value: "{{ .Values.deployment.envoyGateway.cert.expiryDays }}"
         image: {{ .Values.deployment.envoyGateway.image.repository }}:{{ .Values.deployment.envoyGateway.image.tag | default .Chart.AppVersion }}
         imagePullPolicy: {{ .Values.deployment.envoyGateway.imagePullPolicy }}
         name: envoy-gateway-certgen
diff --git a/charts/gateway-helm/values.tmpl.yaml b/charts/gateway-helm/values.tmpl.yaml
index b4236aa37c8..a65b0233bc4 100644
--- a/charts/gateway-helm/values.tmpl.yaml
+++ b/charts/gateway-helm/values.tmpl.yaml
@@ -1,7 +1,5 @@
 deployment:
   envoyGateway:
-    cert:
-      expiryDays: 365
     image:
       repository: ${ImageRepository}
       tag: '${ImageTag}'
diff --git a/internal/crypto/certgen.go b/internal/crypto/certgen.go
index e347639ff13..08ce6d63ec5 100644
--- a/internal/crypto/certgen.go
+++ b/internal/crypto/certgen.go
@@ -28,6 +28,9 @@ const (
 	// DefaultEnvoyDNSPrefix defines the default Envoy DNS prefix.
 	DefaultEnvoyDNSPrefix = "*"
 
+	// DefaultCertificateLifetime holds the default certificate lifetime (in days).
+	DefaultCertificateLifetime = 365
+
 	// keySize sets the RSA key size to 2048 bits. This is minimum recommended size
 	// for RSA keys.
 	keySize = 2048
@@ -94,7 +97,7 @@ func GenerateCerts(cfg *config.Server) (*Certificates, error) {
 	switch certCfg.Provider.Type {
 	case ProviderTypeEnvoyGateway:
 		now := time.Now()
-		expiry := now.Add(24 * time.Duration(cfg.CertificateExpiryDays) * time.Hour)
+		expiry := now.Add(24 * time.Duration(DefaultCertificateLifetime) * time.Hour)
 		caCertPEM, caKeyPEM, err := newCA(DefaultEnvoyGatewayDNSPrefix, expiry)
 		if err != nil {
 			return nil, err
diff --git a/internal/envoygateway/config/config.go b/internal/envoygateway/config/config.go
index 259f0d56368..4c9674a88b4 100644
--- a/internal/envoygateway/config/config.go
+++ b/internal/envoygateway/config/config.go
@@ -23,8 +23,6 @@ const (
 	EnvoyGatewayServiceName = "envoy-gateway"
 	// EnvoyPrefix is the prefix applied to the Envoy ConfigMap, Service, Deployment, and ServiceAccount.
 	EnvoyPrefix = "envoy"
-	// DefaultCertificateExpiryDays holds the default certificate lifetime (in days).
-	DefaultCertificateExpiryDays = 365
 )
 
 // Server wraps the EnvoyGateway configuration and additional parameters
@@ -38,8 +36,6 @@ type Server struct {
 	DNSDomain string
 	// Logger is the logr implementation used by Envoy Gateway.
 	Logger logging.Logger
-	// CertificateExpiryDays holds the certificate lifetime (in days).
-	CertificateExpiryDays int
 }
 
 // New returns a Server with default parameters.
@@ -49,8 +45,7 @@ func New() (*Server, error) {
 		Namespace:    env.Lookup("ENVOY_GATEWAY_NAMESPACE", DefaultNamespace),
 		DNSDomain:    env.Lookup("KUBERNETES_CLUSTER_DOMAIN", DefaultDNSDomain),
 		// the default logger
-		Logger:                logging.DefaultLogger(v1alpha1.LogLevelInfo),
-		CertificateExpiryDays: env.Lookup("ENVOY_GATEWAY_CERTIFICATE_EXPIRY_DAYS", DefaultCertificateExpiryDays),
+		Logger: logging.DefaultLogger(v1alpha1.LogLevelInfo),
 	}, nil
 }
 
diff --git a/site/content/en/latest/install/api.md b/site/content/en/latest/install/api.md
index 253d528bdfb..9e2d9e91dcc 100644
--- a/site/content/en/latest/install/api.md
+++ b/site/content/en/latest/install/api.md
@@ -32,7 +32,6 @@ The Helm chart for Envoy Gateway
 | config.envoyGateway.logging.level.default | string | `"info"` |  |
 | config.envoyGateway.provider.type | string | `"Kubernetes"` |  |
 | createNamespace | bool | `false` |  |
-| deployment.envoyGateway.cert.expiryDays | int | `365` |  |
 | deployment.envoyGateway.image.repository | string | `"${ImageRepository}"` |  |
 | deployment.envoyGateway.image.tag | string | `"${ImageTag}"` |  |
 | deployment.envoyGateway.imagePullPolicy | string | `"Always"` |  |