cert-check-controller

command module

v0.2.0 Latest Latest Go to latest Published: May 31, 2021 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/MasayaAoyama/cert-check-controller

Links

Open Source Insights

README ¶

Cert Check Controller

Cert Check Controller check secret(type: TLS)'s cert expiration. ref: https://speakerdeck.com/masayaaoyama/srett1-k8s-amsy810

Creating following resources, cert check controller can treat TLS certs expiration and make more user friendly.

sample CertCheck resource

apiVersion: sre.amsy810.dev/v1beta1
kind: CertCheck
metadata:
  name: certcheck-sample
spec:
  threshold: 7
  selector:
    matchLabels:
      certcheck-group: sample

sample TLS Secret

apiVersion: v1
kind: Secret
metadata:
  name: tls-sample
  labels:
    certcheck-group: sample
type: kubernetes.io/tls
data:
  tls.crt: ...
  tls.key: ...

Getting started

use kustomization.

git clone https://github.com/MasayaAoyama/cert-check-controller.git
cd cert-check-controller
kustomize build . | kubectl apply -f -

Features

annotate and label secret for cert info

Record cert infomation for only tls type secret.

$ kubectl get secret tls-sample -oyaml | k neat
apiVersion: v1
data:
  tls.crt: ...
  tls.key: ...
kind: Secret
metadata:
  annotations:
    certcheck.amsy.dev/notAfter: 2030-03-30 04:42:09 +0000 UTC
    certcheck.amsy.dev/notBefore: 2020-04-01 04:42:09 +0000 UTC
  labels:
    certcheck-group: sample
    certcheck.amsy.dev/active: "true"
  name: tls-sample
  namespace: default
type: kubernetes.io/tls

record all checked cert info filtered by label selector

apiVersion: sre.amsy810.dev/v1beta1
kind: CertCheck
metadata: {...}
spec: {...}
status:
  certificates:
  - active: true
    notAfter: "2030-03-30T04:42:09Z"
    notBefore: "2020-04-01T04:42:09Z"
    targetCertsCount: tls-sample
  targetCertsCount: 1

generate event for alerting

Event (WillBeExpired / Expired) will be generated by controller. You can also integrate event-recorder(https://github.com/opsgenie/kubernetes-event-exporter).

$ kubectl get event
LAST SEEN   TYPE      REASON          OBJECT              MESSAGE
27m         Warning   WillBeExpired   secret/tls-sample   TLS Secret default/tls-sample will be expired at 2030-03-30 04:42:09 +0000 UTC
2m32s       Warning   WillBeExpired   secret/tls-sample   TLS Secret default/tls-sample will be expired at 2030-03-30 04:42:09 +0000 UTC

custom metrics

certcheck controller expose custom metrics for prometheus.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
api
v1beta1 Package v1beta1 contains API Schema definitions for the sre v1beta1 API group +kubebuilder:object:generate=true +groupName=sre.amsy810.dev	Package v1beta1 contains API Schema definitions for the sre v1beta1 API group +kubebuilder:object:generate=true +groupName=sre.amsy810.dev
controllers
utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL