Skip to content

Certificates Monitoring #2921

Open
Open
@thomasdanan

Description

Component:

'certificates', 'salt', 'deployment', 'grafana'

Why this is needed:

During installation, we are deploying several certificates that are used to secure communication between Kubernetes services. Those certificates have a defined validity period of 1 or 10 years and thanks to #2914 they should be automatically rotated once they are near the expiration date. However, this mechanism may fail for whatever reason and doesn't apply to all certificates. As such, it is important to have some monitoring/alerting to notify the administrator when some certificates need rotation.

What should be done:

We could integrate existing cert exporter and associated Grafana dashboard: https://github.com/joe-elliott/cert-exporter.
When a certificate expiration date is close (30 or 90 days depending on the certificate), an alert should be fired.

Implementation proposal (strongly recommended):

Test plan:

Metadata

Assignees

No one assigned

    Labels

    severity:mediumMedium impact (usability) on live deploymentstopic:monitoringEverything related to monitoring of services in a running clustertopic:securitySecurity-related issues

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions