platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 5 Actions Packages Projects Releases Wiki Activity
Files
db44f5fa237712e706ae4a0f60bfa9da1462246a
manifests/values/x509-exporter/manifests/x509-certificates.yaml
T
mrtz 1bb720840d feat: Migrate sys applications to helmfile 
Move most of helmfiles into temp to test only velero.

File structure:

```bash
/
├── helmfile.d/                                                 # Helmfiles, *.yaml.gotmpl
├── charts/                                                     # Our own charts, e.g `Atlantis`
├── values                                                      # Values for helmfiles
│   ├── <chart>
│   │   ├── values.yaml.gotmpl                                  # Values to be templated in `values/`
│   │   ├── kustomize                                           # Kustomizations per environment
│   │   ├── manifests                                           # Raw manifests
│   │   │   ├── <chart>.yaml                                    # Argo App for bootstrap
│   │   │   ├── dashboards                                      # Grafana dashboards
│   │   │   │   └── <chart>-metrics.yaml
│   │   │   └── policies                                        # Cilium and Kyverno policies
│   │   │       ├── CiliumNetworkPolicy-allow-api-server.yaml
│   │   │       └── KyvernoPolicy-regred-secret.yaml
│   │   └── values                                              # Values for each environment
│   │       ├── <chart>-staging.yaml.gotmpl                     # Values for staging environment
│   │       ├── <chart>-prod.yaml.gotmpl                        # Values for prod environment
│   │       └── <chart>.yaml.gotmpl                             # Standard values for all environments
│   │
│   ├── values.yaml                                             # Standard values for all cluster
│   ├── values-oceanbox.yaml                                    # Values overrides for oceanbox
│   ├── values-ekman.yaml                                       # Values overrides for ekman
```
2025-06-05 13:49:00 +02:00

49 lines
2.6 KiB
YAML
Raw Blame History

{{- if .Values.x509_exporter.alerts }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
labels:
# Some labels for various prometheus matching
k8s-app: x509-exporter
prometheus: k8s
role: alert-rules
name: x509-exporter-x509-certificate-exporter
namespace: x509-exporter
spec:
groups:
- name: x509-certificate-exporter.rules
rules:
- alert: X509ExporterReadErrors
annotations:
description: Over the last 15 minutes, this x509-certificate-exporter instance has experienced errors reading certificate files or querying the Kubernetes API. This could be caused by a misconfiguration if triggered when the exporter starts.
summary: Increasing read errors for x509-certificate-exporter
expr: delta(x509_read_errors[15m]) > 0
for: 5m
labels:
severity: warning
- alert: CertificateError
annotations:
description: Certificate could not be decoded {{`{{`}}if $labels.secret_name {{`}}`}} in Kubernetes secret "{{`{{`}} $labels.secret_namespace {{`}}`}}/{{`{{`}} $labels.secret_name {{`}}`}}"{{`{{`}}else{{`}}`}}at location "{{`{{`}} $labels.filepath {{`}}`}}"{{`{{`}}end{{`}}`}}
summary: Certificate cannot be decoded
expr: x509_cert_error > 0
for: 15m
labels:
severity: warning
- alert: CertificateRenewal
annotations:
description: Certificate for "{{`{{`}} $labels.subject_CN {{`}}`}}" should be renewed {{`{{`}}if $labels.secret_name {{`}}`}}in Kubernetes secret "{{`{{`}} $labels.secret_namespace {{`}}`}}/{{`{{`}} $labels.secret_name {{`}}`}}"{{`{{`}}else{{`}}`}}at location "{{`{{`}} $labels.filepath {{`}}`}}"{{`{{`}}end{{`}}`}}
summary: Certificate should be renewed
expr: ((x509_cert_not_after{secret_name!="linkerd-identity-issuer", issuer_O="", issuer_CN!="webhook.linkerd.cluster.local"} - time()) / 86400) < 28
for: 15m
labels:
severity: warning
- alert: CertificateExpiration
annotations:
description: Certificate for "{{`{{`}} $labels.subject_CN {{`}}`}}" is about to expire {{`{{`}}if $labels.secret_name {{`}}`}}in Kubernetes secret "{{`{{`}} $labels.secret_namespace {{`}}`}}/{{`{{`}} $labels.secret_name {{`}}`}}"{{`{{`}}else{{`}}`}}at location "{{`{{`}} $labels.filepath {{`}}`}}"{{`{{`}}end{{`}}`}}
summary: Certificate is about to expire
expr: ((x509_cert_not_after{secret_name!="linkerd-identity-issuer", issuer_O="", issuer_CN!="webhook.linkerd.cluster.local"} - time()) / 86400) < 14
for: 15m
labels:
severity: critical
{{- end }}
Reference in New Issue View Git Blame Copy Permalink