Skip to content

Add cert monitor manifest #1739

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

Add cert monitor manifest #1739

wants to merge 3 commits into from

Conversation

@rikatz
Copy link
Member

@rikatz rikatz commented Mar 1, 2021

Cert-monitor will read the metrics from cert-manager prometheus exporter, transform it into days and push to stackdriver.

TODO:

  • Turn the GCP Project ID configurable
  • Improve the Prometheus and GKE exporter security to drop privileges

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Mar 1, 2021
@k8s-ci-robot k8s-ci-robot requested review from ixdy and munnerz March 1, 2021 18:45
@k8s-ci-robot k8s-ci-robot added area/apps/cert-manager cert-manager, code in apps/cert-manager/ wg/k8s-infra size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Mar 1, 2021
ameukam
ameukam reviewed Mar 1, 2021
View reviewed changes
ameukam
ameukam reviewed Mar 1, 2021
View reviewed changes
@ameukam
Copy link
Member

ameukam commented Mar 1, 2021

/assign @spiffxp @thockin
/hold
If others people want to comment

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 1, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: rikatz
To complete the pull request process, please assign spiffxp after the PR has been reviewed.
You can assign the PR to them by writing /assign @spiffxp in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

thockin
thockin reviewed Mar 2, 2021
View reviewed changes
thockin
thockin reviewed Mar 2, 2021
View reviewed changes
cert-manager/cert-monitor.yaml
namespace: cert-manager
---
apiVersion: apps/v1
kind: Deployment
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would love some comments (yay YAML, you beat JSON at something) to explain what's going on. Or a README-ish file?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll make both :)

Put some comments on the YAML, at least about the prometheus and sdexporter configuration, and write on the README (I've already added a README on the another PR)

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Mar 9, 2021
@rikatz
Copy link
Member Author

rikatz commented Mar 9, 2021

@thockin added some limits, some comments, some security context :)

Tested in my cluster and worked fine, hopefully this is the first step to renew the certificates before anything blows.

Next step: I'll check a way to automate the dashboard and alerting (there's an issue assigned to me anyway) so we can somehow automate everything.

@spiffxp
Copy link
Contributor

spiffxp commented May 19, 2021

Checking in... do we still need this? I admit I have kinda lost track at where we are with using cert-manager vs. GKE managed certificates these days

@spiffxp spiffxp mentioned this pull request May 24, 2021
Open
8 tasks
@rikatz
Copy link
Member Author

rikatz commented May 26, 2021

/close

As we discussed, per migration to Google managed certificates this is not necessary anymore :)

@k8s-ci-robot
Copy link
Contributor

@rikatz: Closed this PR.

In response to this:

/close

As we discussed, per migration to Google managed certificates this is not necessary anymore :)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ameukam ameukam ameukam left review comments

@ixdy ixdy Awaiting requested review from ixdy

@munnerz munnerz Awaiting requested review from munnerz

+1 more reviewer

@thockin thockin thockin left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@spiffxp spiffxp

@thockin thockin

Labels

area/apps/cert-manager cert-manager, code in apps/cert-manager/ cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@rikatz @ameukam @k8s-ci-robot @spiffxp @thockin