Convert citadel cert expiry timestamp metrics to citadel cert expiry time left #51037
Assignees
Labels
Comments
|
This feels reasonable to me; wdyt @jaellio @whitneygriffith? |
I can pick it up |
|
We already have one in agent so we should make sure we have a consistent name/semantics there |
That is, the citadel cert time left should be consistent with the Name: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
(This is used to request new product features, please visit https://github.com/istio/istio/discussions for questions on using Istio)
Describe the feature request
Currently istio metrics
citadel_server_cert_chain_expiry_timestampreportsThe unix timestamp, in seconds, when Citadel cert chain will expire. A negative time indicates the cert is expired..It is not possible in datadog to create alert for cert expiration is due in x days, as to get time left we need to subtract current time from metrics value. ( not supported functionality in datadog)
https://istio.io/latest/docs/reference/commands/pilot-discovery/#metrics
same case is for
citadel_server_root_cert_expiry_timestampmetricsDescribe alternatives you've considered
we can add additional metrics
citadel_server_cert_chain_expiry_time_leftthat report time in seconds left for expiration of certificate along with current metrics .istio/security/pkg/server/ca/server.go
Line 166 in 3727b57
same case is for
citadel_server_root_cert_expiry_time_leftmetrics.Affected product area (please put an X in all that apply)
[ ] Ambient
[ ] Docs
[ ] Dual Stack
[ ] Installation
[ ] Networking
[ ] Performance and Scalability
[*] Extensions and Telemetry
[ ] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure
Affected features (please put an X in all that apply)
[ ] Multi Cluster
[ ] Virtual Machine
[ ] Multi Control Plane
Additional context
The text was updated successfully, but these errors were encountered: