platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity
Files
3ee4369cc1810a6c860075637172d303974268b1
manifests/charts/sys/templates/alerts/x509-certificates.yaml
T

49 lines
2.6 KiB
YAML
Raw Blame History

{{- if .Values.x509_exporter.alerts }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
labels:
# Some labels for various prometheus matching
k8s-app: x509-exporter
prometheus: k8s
role: alert-rules
name: x509-exporter-x509-certificate-exporter
namespace: x509-exporter
spec:
groups:
- name: x509-certificate-exporter.rules
rules:
- alert: X509ExporterReadErrors
annotations:
description: Over the last 15 minutes, this x509-certificate-exporter instance has experienced errors reading certificate files or querying the Kubernetes API. This could be caused by a misconfiguration if triggered when the exporter starts.
summary: Increasing read errors for x509-certificate-exporter
expr: delta(x509_read_errors[15m]) > 0
for: 5m
labels:
severity: warning
- alert: CertificateError
annotations:
description: Certificate could not be decoded {{`{{`}}if $labels.secret_name {{`}}`}} in Kubernetes secret "{{`{{`}} $labels.secret_namespace {{`}}`}}/{{`{{`}} $labels.secret_name {{`}}`}}"{{`{{`}}else{{`}}`}}at location "{{`{{`}} $labels.filepath {{`}}`}}"{{`{{`}}end{{`}}`}}
summary: Certificate cannot be decoded
expr: x509_cert_error > 0
for: 15m
labels:
severity: warning
- alert: CertificateRenewal
annotations:
description: Certificate for "{{`{{`}} $labels.subject_CN {{`}}`}}" should be renewed {{`{{`}}if $labels.secret_name {{`}}`}}in Kubernetes secret "{{`{{`}} $labels.secret_namespace {{`}}`}}/{{`{{`}} $labels.secret_name {{`}}`}}"{{`{{`}}else{{`}}`}}at location "{{`{{`}} $labels.filepath {{`}}`}}"{{`{{`}}end{{`}}`}}
summary: Certificate should be renewed
expr: ((x509_cert_not_after{secret_name!="linkerd-identity-issuer", issuer_O="", issuer_CN!="webhook.linkerd.cluster.local"} - time()) / 86400) < 28
for: 15m
labels:
severity: warning
- alert: CertificateExpiration
annotations:
description: Certificate for "{{`{{`}} $labels.subject_CN {{`}}`}}" is about to expire {{`{{`}}if $labels.secret_name {{`}}`}}in Kubernetes secret "{{`{{`}} $labels.secret_namespace {{`}}`}}/{{`{{`}} $labels.secret_name {{`}}`}}"{{`{{`}}else{{`}}`}}at location "{{`{{`}} $labels.filepath {{`}}`}}"{{`{{`}}end{{`}}`}}
summary: Certificate is about to expire
expr: ((x509_cert_not_after{secret_name!="linkerd-identity-issuer", issuer_O="", issuer_CN!="webhook.linkerd.cluster.local"} - time()) / 86400) < 14
for: 15m
labels:
severity: critical
{{- end }}
Reference in New Issue View Git Blame Copy Permalink