-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add telemetry and logging around expired certificates #9891
Comments
Hi @preetapan, Any tentative timeline when this feature will be rolled out? |
Hi @ashwinkupatkar , thank you for your interest in this issue! Hopefully we can get a metric into the next release. I've opened a PR for one possible option in #9924. Would this work for your use case? If not, could you share more about what you would like to see? Thank you! |
Hi @dnephin, Thanks for taking a look. Yes, this is one of the metric that is needed. Apart from this metric we also need metric for the consul server certificates and consul client certificate expiration data. |
Hello, @dnephin Just wanted to follow up on this feature. Any idea in which version this would be launched ? |
Hi @dnephin, any clue ... when this feature would be available ? thanks |
Hi @ashwinkupatkar , I learned there were a few more certs that should be tracked, and I haven't had a chance to finish adding the metrics. It won't be for 1.10, so at the earliest 1.11. |
Hi @dnephin, I see the change has been merged to master. So should I expect it in GA of 1.10.0 ? |
For anyone watching this issue, the following PRs add new metrics:
And #10770 adds logging when a cert is about to expire in the next 24h. I believe this covers all the cases, but if there is something missing please do comment here. |
@ashwinkupatkar sorry I did not respond to your question. These will all be released in Consul 1.11. |
Consul has knowledge about various cerificates ( the agent certificates for TLS communication across clients/servers, Connect CA certificates).
Currently, we don't emit warnings when certificates are about to expire. It's helpful for operators to know about this so that they can set up alerts within their monitoring systems. We could also emit warning logs with the name/type of certificate and how much time is left that trigger based on a window.
This issue captures both needs (logs and adding metrics to the v1/metrics end point with seconds remaining for expiration). Can be split into multiple issues as needed.
The text was updated successfully, but these errors were encountered: