merge metrics for primary and secondary into signing ca metric

agent/consul/leader_connect.go

@@ -37,12 +37,7 @@ func (s *Server) startConnectLeader(ctx context.Context) error {
 	s.caManager.Start(ctx)
 	s.leaderRoutineManager.Start(ctx, caRootPruningRoutineName, s.runCARootPruning)
 	s.leaderRoutineManager.Start(ctx, caRootMetricRoutineName, rootCAExpiryMonitor(s).monitor)
-	isPrimary := s.config.Datacenter == s.config.PrimaryDatacenter
-	if isPrimary {
-		s.leaderRoutineManager.Start(ctx, caPrimaryMetricRoutineName, primaryCAExpiryMonitor(s).monitor)
-	} else {
-		s.leaderRoutineManager.Start(ctx, caSecondaryMetricRoutineName, secondaryCAExpiryMonitor(s).monitor)
-	}
+	s.leaderRoutineManager.Start(ctx, caSigningMetricRoutineName, signingCAExpiryMonitor(s).monitor)
 
 	return s.startIntentionConfigEntryMigration(ctx)
 }
@@ -53,12 +48,7 @@ func (s *Server) stopConnectLeader() {
 	s.leaderRoutineManager.Stop(intentionMigrationRoutineName)
 	s.leaderRoutineManager.Stop(caRootPruningRoutineName)
 	s.leaderRoutineManager.Stop(caRootMetricRoutineName)
-	isPrimary := s.config.Datacenter == s.config.PrimaryDatacenter
-	if isPrimary {
-		s.leaderRoutineManager.Stop(caPrimaryMetricRoutineName)
-	} else {
-		s.leaderRoutineManager.Stop(caSecondaryMetricRoutineName)
-	}
+	s.leaderRoutineManager.Stop(caSigningMetricRoutineName)
 
 	// If the provider implements NeedsStop, we call Stop to perform any shutdown actions.
 	provider, _ := s.caManager.getCAProvider()

agent/consul/leader_metrics.go

@@ -17,21 +17,16 @@ import (
 )
 
 var metricsKeyMeshRootCAExpiry = []string{"mesh", "active-root-ca", "expiry"}
-var metricsKeyMeshPrimaryCAExpiry = []string{"mesh", "active-primary-dc-ca", "expiry"}
-var metricsKeyMeshSecondaryCAExpiry = []string{"mesh", "active-secondary-dc-ca", "expiry"}
+var metricsKeyMeshActiveSigningCAExpiry = []string{"mesh", "active-signing-ca", "expiry"}
 
 var CertExpirationGauges = []prometheus.GaugeDefinition{
 	{
 		Name: metricsKeyMeshRootCAExpiry,
 		Help: "Seconds until the service mesh root certificate expires. Updated every hour",
 	},
 	{
-		Name: metricsKeyMeshPrimaryCAExpiry,
-		Help: "Seconds until the service mesh primary DC certificate expires. Updated every hour",
-	},
-	{
-		Name: metricsKeyMeshSecondaryCAExpiry,
-		Help: "Seconds until the service mesh secondary DC certificate expires. Updated every hour",
+		Name: metricsKeyMeshActiveSigningCAExpiry,
+		Help: "Seconds until the service mesh signing certificate expires. Updated every hour",
 	},
 }
 
@@ -61,36 +56,37 @@ func getRootCAExpiry(s *Server) (time.Duration, error) {
 	return time.Until(root.NotAfter), nil
 }
 
-func primaryCAExpiryMonitor(s *Server) certExpirationMonitor {
-	return certExpirationMonitor{
-		Key: metricsKeyMeshPrimaryCAExpiry,
-		Labels: []metrics.Label{
-			{Name: "datacenter", Value: s.config.Datacenter},
-		},
-		Logger: s.logger.Named(logging.Connect),
-		Query: func() (time.Duration, error) {
-			provider, _ := s.caManager.getCAProvider()
-
-			if _, ok := provider.(ca.PrimaryUsesIntermediate); !ok {
+func signingCAExpiryMonitor(s *Server) certExpirationMonitor {
+	isPrimary := s.config.Datacenter == s.config.PrimaryDatacenter
+	if isPrimary {
+		return certExpirationMonitor{
+			Key: metricsKeyMeshActiveSigningCAExpiry,
+			Labels: []metrics.Label{
+				{Name: "datacenter", Value: s.config.Datacenter},
+			},
+			Logger: s.logger.Named(logging.Connect),
+			Query: func() (time.Duration, error) {
+				provider, _ := s.caManager.getCAProvider()
+
+				if _, ok := provider.(ca.PrimaryUsesIntermediate); !ok {
+					return getActiveIntermediateExpiry(s)
+				}
+
+				return getRootCAExpiry(s)
+
+			},
+		}
+	} else {
+		return certExpirationMonitor{
+			Key: metricsKeyMeshActiveSigningCAExpiry,
+			Labels: []metrics.Label{
+				{Name: "datacenter", Value: s.config.Datacenter},
+			},
+			Logger: s.logger.Named(logging.Connect),
+			Query: func() (time.Duration, error) {
 				return getActiveIntermediateExpiry(s)
-			}
-
-			return getRootCAExpiry(s)
-
-		},
-	}
-}
-
-func secondaryCAExpiryMonitor(s *Server) certExpirationMonitor {
-	return certExpirationMonitor{
-		Key: metricsKeyMeshSecondaryCAExpiry,
-		Labels: []metrics.Label{
-			{Name: "datacenter", Value: s.config.Datacenter},
-		},
-		Logger: s.logger.Named(logging.Connect),
-		Query: func() (time.Duration, error) {
-			return getActiveIntermediateExpiry(s)
-		},
+			},
+		}
 	}
 }
 

agent/consul/server.go

@@ -103,8 +103,7 @@ const (
 	aclUpgradeRoutineName                 = "legacy ACL token upgrade"
 	caRootPruningRoutineName              = "CA root pruning"
 	caRootMetricRoutineName               = "CA root expiration metric"
-	caPrimaryMetricRoutineName            = "CA primary expiration metric"
-	caSecondaryMetricRoutineName          = "CA secondary expiration metric"
+	caSigningMetricRoutineName            = "CA signing expiration metric"
 	configReplicationRoutineName          = "config entry replication"
 	federationStateReplicationRoutineName = "federation state replication"
 	federationStateAntiEntropyRoutineName = "federation state anti-entropy"

website/content/docs/agent/telemetry.mdx

@@ -479,8 +479,7 @@ These metrics give insight into the health of the cluster as a whole.
 | `consul.catalog.connect.query-tags..` | Increments for each connect-based catalog query for the given service with the given tags.                                                                                                                                                                                                                                                                                                                                                | queries                                 | counter |
 | `consul.catalog.connect.not-found.`   | Increments for each connect-based catalog query where the given service could not be found.                                                                                                                                                                                                                                                                                                                                               | queries                                 | counter |
 | `consul.mesh.active-root-ca.expiry`    | The number of seconds until the root CA expires, updated every hour. | seconds | gauge |
-| `consul.mesh.active-primary-dc-ca.expiry`   | The number of seconds until the primary datacenter CA expires, updated every hour. Only available in the primary datacenter                                                                                                                                                                                                                                                                                                        | seconds                                 | gauge   |
-| `consul.mesh.active-secondary-dc-ca.expiry` | The number of seconds until the secondary datacenter CA expires, updated every hour. Only available in a secondary datacenter                                                                                                                                                                                                                                                                                                      | seconds                                 | gauge   |
+| `consul.mesh.active-signing-ca.expiry` | The number of seconds until the signing CA expires, updated every hour.                                                                                                                                                                                                                                                                                                                                                            | seconds                                 | gauge   |
 
 ## Connect Built-in Proxy Metrics