Skip to content

add MODE: apicert to check the expiration date #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Jul 28, 2023
Merged

add MODE: apicert to check the expiration date #35

merged 10 commits into from
Jul 28, 2023

Conversation

MoBlockbuster
Copy link
Contributor

@MoBlockbuster MoBlockbuster commented Jul 28, 2023
edited
Loading

The K8s API use also the internal PKI TLS certificate to provide HTTPs. We can check the TLS certificate on port 6443 to check the expiredate of the internal PKI TLS certificate. We can use params like -w 30 (days) and -c 15 (days) to sent warning and critical alarms. This would be a own MODE.

The API cert in K8s: /etc/kubernetes/pki/apiserver.crt

example:

if APIPORT is on 443 (you don't have to specify the port)
./check_kubernetes.sh -H https://192.168.100.10 -t $TOKENFILE -m apicert -w 30 -c 15

if APIPORT != 443 (you have to specify the port)
./check_kubernetes.sh -H https://192.168.100.10:6443 -t $TOKENFILE -m apicert -w 30 -c 15

@agapoff agapoff merged commit 71b074a into agapoff:master Jul 28, 2023
@agapoff
Copy link
Owner

agapoff commented Jul 28, 2023

Thank you! I'll add some improvements for the code to be more consistent with the rest of the script.

@MoBlockbuster
Copy link
Contributor Author

Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MoBlockbuster @agapoff