Skip to content

add MODE: apicert to check the expiration date #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Jul 28, 2023
Merged

add MODE: apicert to check the expiration date #35

Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
e5fbbbf
add MODE: apicert to check the expiration date
Jul 28, 2023
fb6461f
add MODE: apicert to check the expiration date
Jul 28, 2023
346eb9b
fix tab
MoBlockbuster Jul 28, 2023
5321758
add double quotes in apicert conditions
Jul 28, 2023
4069b6c
support for indiviudal ports
Jul 28, 2023
c56d51a
support for indiviudal ports
Jul 28, 2023
a8a4018
update usage
Jul 28, 2023
e259753
add the UNKNOWN state for apicert
Jul 28, 2023
1859794
check the APIPORT before sslcert check
Jul 28, 2023
3fa0837
fix tab
MoBlockbuster Jul 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions check_kubernetes.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,16 +28,19 @@ usage() {
- Pod restart count in pods mode; default is 30
- Job failed count in jobs mode; default is 1
- Pvc storage utilization; default is 80%
- APICERT expiration days for apicert mode; default is 30
-c CRIT Critical threshold for
- Pod restart count (in pods mode); default is 150
- Unbound Persistent Volumes in unboundpvs mode; default is 5
- Job failed count in jobs mode; default is 2
- Pvc storage utilization; default is 90%
- APICERT expiration days for apicert mode; default is 15
-M EXIT_CODE Exit code when resource is missing; default is 2 (CRITICAL)
-h Show this help and exit

Modes are:
apiserver Not for kubectl, should be used for each apiserver independently
apicert Check the apicert expiration date
nodes Check for active nodes
daemonsets Check for daemonsets readiness
deployments Check for deployments availability
Expand Down Expand Up @@ -150,6 +153,37 @@ mode_apiserver() {
fi
}

mode_apicert() {
if [ -z "$APISERVER" ]; then
die "Apiserver URL should be defined in this mode"
fi
WARN=${WARN:-30}
CRIT=${CRIT:-15}
APICERT=$(echo "$APISERVER" | awk -F "//" '{ print $2 }' | awk -F ":" '{ print $1 }')
APIPORT=$(echo "$APISERVER" | awk -F "//" '{ print $2 }' | awk -F ":" '{ print $2 }')
APIPORT=${APIPORT:=443}
timeout "$TIMEOUT" bash -c "</dev/tcp/$APICERT/$APIPORT" &>/dev/null
if [ $? -ne 0 ]; then
echo "APICERT is in UNKNOWN"
exit 3
fi
APICERTDATE=$(echo | openssl s_client -connect "$APICERT":"$APIPORT" 2>/dev/null | openssl x509 -noout -dates | grep notAfter | sed -e 's#notAfter=##')
a=$(date -d "$APICERTDATE" +%s)
b=$(date +%s)
c=$((a-b))
d=$((c/3600/24))
echo "APICERT expires in $d days"
if [ "$d" -gt "$WARN" ] && [ "$d" -gt "$CRIT" ]; then
echo "APICERT is OK"
elif [ "$d" -le "$WARN" ] && [ $d -gt "$CRIT" ]; then
echo "APICERT is in WARN"
EXITCODE=1
elif [ "$d" -le "$CRIT" ]; then
echo "APICERT is in CRIT"
EXITCODE=2
fi
}

mode_nodes() {
data="$(getJSON "api/v1/nodes")"
[ $? -gt 0 ] && die "$data"
Expand Down Expand Up @@ -723,6 +757,7 @@ mode_jobs() {

case "$MODE" in
(apiserver) mode_apiserver ;;
(apicert) mode_apicert ;;
(daemonsets) mode_daemonsets ;;
(deployments) mode_deployments ;;
(nodes) mode_nodes ;;
Expand Down