charm-kubernetes-service-checks

add monitoring to client certs expiration

Bug #2007786 reported by Linda Guo on 2023-02-19

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	charm-kubernetes-service-checks	New	Medium	Unassigned

Bug Description

Client cert /root/cdk/client.crt is not being monitored, when the client cert expires, it'd cause part of the APIs unavailable (for example, metric API)

# find /root/cdk -type f -name "*.crt" -print | egrep -v 'ca.crt$' | xargs -L 1 -t -i bash -c 'openssl x509 -noout -text -in {}|grep After'
bash -c openssl x509 -noout -text -in /root/cdk/client.crt|grep After
Not After : Feb 19 00:35:10 2023 GMT
bash -c openssl x509 -noout -text -in /root/cdk/server.crt|grep After
Not After : Aug 23 07:23:53 2023 GMT

$ kubectl logs metrics-server-v0.5.2-7f6f9dd87f-hzz6k -n kube-system -c metrics-server --tail 5
error: You must be logged in to the server (the server has asked for the client to provide credentials ( pods/log metrics-server-v0.5.2-7f6f9dd87f-hzz6k))

$kubectl top nodes
Error from server (ServiceUnavailable): the server is currently unable to handle the request (get nodes.metrics.k8s.io)

See original description

Tags:

Eric Chen (eric-chen) on 2023-02-20

Changed in charm-kubernetes-service-checks:
importance:	Undecided → High
tags:	added: bseng-919

Linda Guo (lihuiguo) on 2023-02-20

description:

updated

Eric Chen (eric-chen) on 2023-02-26

Changed in charm-kubernetes-service-checks:
importance:	High → Medium

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.