Add overrides for client cert

Add overrides to client cert renew and duration. We default to the same values of 1440h and 740h as we do for the ca and the server. TEST PLAN: PASS: verify duration of client cert PASS: verify renew of client cert PASS: confirm no alarm is set Story: 2011493 Task: 52474 Change-Id: I518d644b7a497a23388b2d83911f2742d39aa9c7 Signed-off-by: Aronsky, Gleb <Gleb.Aronsky@windriver.com>
2025-07-07 14:34:09 -07:00
parent 2053c27dcf
commit 415cca889e
5 changed files with 13 additions and 3 deletions
--- a/python3-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/common/constants.py
+++ b/python3-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/common/constants.py
@@ -37,6 +37,8 @@ CDI_CERTIFICATE_ROTATE_CA_DURATION = '1440h'
 CDI_CERTIFICATE_ROTATE_CA_RENEW_BEFORE = '720h'
 CDI_CERTIFICATE_ROTATE_SERVER_DURATION = '1440h'
 CDI_CERTIFICATE_ROTATE_SERVER_RENEW_BEFORE = '720h'
+CDI_CERTIFICATE_ROTATE_CLIENT_DURATION = '1440h'
+CDI_CERTIFICATE_ROTATE_CLIENT_RENEW_BEFORE = '720h'
 KUBEVIRT_CERTIFICATE_ROTATE_CA_DURATION = '1440h'
 KUBEVIRT_CERTIFICATE_ROTATE_CA_RENEW_BEFORE = '720h'
 KUBEVIRT_CERTIFICATE_ROTATE_SERVER_DURATION = '1440h'
--- a/python3-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/helm/kubevirt.py
+++ b/python3-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/helm/kubevirt.py
@@ -76,6 +76,10 @@ class KubeVirtHelm(base.FluxCDBaseHelm):
                    'server': {
                        'duration': app_constants.CDI_CERTIFICATE_ROTATE_SERVER_DURATION,
                        'renewBefore': app_constants.CDI_CERTIFICATE_ROTATE_SERVER_RENEW_BEFORE,
+                    },
+                    'client': {
+                        'duration': app_constants.CDI_CERTIFICATE_ROTATE_CLIENT_DURATION,
+                        'renewBefore': app_constants.CDI_CERTIFICATE_ROTATE_CLIENT_RENEW_BEFORE,
                    }
                }
            }
--- a/python3-k8sapp-kubevirt/k8sapp_kubevirt/tox.ini
+++ b/python3-k8sapp-kubevirt/k8sapp_kubevirt/tox.ini
@@ -36,7 +36,7 @@ setenv = VIRTUAL_ENV={envdir}

 deps = -r{toxinidir}/requirements.txt
       -r{toxinidir}/test-requirements.txt
-       -e{[tox]stxdir}/config/sysinv/sysinv/sysinv
+       {[tox]stxdir}/config/sysinv/sysinv/sysinv
       -e{[tox]stxdir}/config/tsconfig/tsconfig
       -e{[tox]stxdir}/fault/fm-api/source
       -e{[tox]stxdir}/fault/python-fmclient/fmclient
--- a/stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi.yaml
+++ b/stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi.yaml
@@ -28,6 +28,9 @@ spec:
    ca:
      duration: {{ .Values.cdi.certificateRotate.ca.duration }}
      renewBefore: {{ .Values.cdi.certificateRotate.ca.renewBefore }}
+    client:
+      duration: {{ .Values.cdi.certificateRotate.client.duration }}
+      renewBefore: {{ .Values.cdi.certificateRotate.client.renewBefore }}
    server:
      duration: {{ .Values.cdi.certificateRotate.server.duration }}
      renewBefore: {{ .Values.cdi.certificateRotate.server.renewBefore }}
--- a/stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/values.yaml
+++ b/stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/values.yaml
@@ -15,8 +15,6 @@
 # SPDX-License-Identifier: Apache-2.0
 #
 #
-#  [This file was auto-generated]
-#
 #

 # Helm Values file for KubeVirt v1.5.0 and CDI v1.62.0
@@ -29,6 +27,9 @@ cdi:
    server:
      duration: 1440h
      renewBefore: 720h
+    client:
+      duration: 1440h
+      renewBefore: 720h
  componentType: platform
  containerPorts:
    metricsPort: 8080