Skip to content

dNationCloud/ssl-exporter

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

dNation SSL Exporter Helmchart

This repository contains a helmchart for ribbybibby/ssl_exporter.

Dependencies

Installation

Option 1: Install our Monitoring Stack

This chart is installed as a part of dNation Kubernetes Monitoring Stack. Our monitoring stack includes other monitoring tools such as Prometheus, Grafana, Loki and Thanos.

Oprion 2: Install alongside Prometheus

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
helm install kube-prometheus-stack  prometheus-community/kube-prometheus-stack
  • Deploy SSL exporter with service monitor enabled
# Add dNation helm repository
helm repo add dnationcloud https://dnationcloud.github.io/helm-hub/
helm repo update
helm install ssl-exporter dnationcloud/ssl-exporter --set serviceMonitor.enabled=true

Option 3: Standalone Installation

  • The chart can be installed as standalone by
# Add dNation helm repository
helm repo add dnationcloud https://dnationcloud.github.io/helm-hub/
helm repo update
helm install ssl-exporter dnationcloud/ssl-exporter

NOTE: Do not use --set serviceMonitor.enabled=true when installing without Prometheus. The service monitor requires Prometheus to be deployed.

Configuration

Values

  • Configure with values.yaml
serviceMonitor:
  enabled: true
  # Automatically label with "release: {{ .Release.Name }}"
  # This label is used in dnation k8s monitoring stack
  releaseLabel: true
  extraLabels: {}
  # Metrics scrape interval
  scrapeInterval: 15s
  # Metrics scrape timeout
  scrapeTimeout: 14s
  # External URLs to scrape
  externalTargets:
  - example.com:443
  # Kubeconfig files to scrape
  kubeconfigTargets:
  - /etc/kubernetes/admin.conf
  # Internal Kubernetes certificate (glob syntax suppoted)
  fileTargets:
  - "/etc/kubernetes/pki/**/*.crt"
  # Certificates within Kubernetes secrets in <namespace>/<secret> format (glob syntax suppoted)
  secretTargets:
  # All secrets across all namespaces
  - "*/*"

Usage

  • To see available metrics, port-forward to ssl-exporter service
kubectl port-forward svc/<ssl-exporter-service-name> 9219:9219
  • You can get the metrics with curl, e.g. the following will get all certificates from k8s secrets
curl "localhost:9219/probe?module=kubernetes&target=*/*"
  • For more information, see ssl-exporter README

  • Port-forward to your instance of Prometheus to browse the metrics

kubectl port-forward svc/<your-prometheus-service> 9090:9090
  • Get the metrics, e. g. the expiration date of kubeconfig certificate
ssl_kubeconfig_cert_not_after{job="ssl-kubernetes-kubeconfig"}
  • Relevant job labels are
{job="ssl-external-urls"}
{job="ssl-kubernetes-kubeconfig"}
{job="ssl-kubernetes-files"}
{job="ssl-kubernetes-secrets"}
  • For more information about metrics, see ssl-exporter README