Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add kubelet_certificate_manager_client_ttl_seconds gauge #91148

Merged
merged 1 commit into from May 17, 2020
Merged

Add kubelet_certificate_manager_client_ttl_seconds gauge #91148

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 2 additions & 0 deletions cmd/kubelet/app/BUILD
View file
Open in desktop
Expand Up @@ -64,6 +64,7 @@ go_library(
"//pkg/kubelet/eviction/api:go_default_library",
"//pkg/kubelet/kubeletconfig:go_default_library",
"//pkg/kubelet/kubeletconfig/configfiles:go_default_library",
"//pkg/kubelet/metrics:go_default_library",
"//pkg/kubelet/server:go_default_library",
"//pkg/kubelet/stats/pidlimit:go_default_library",
"//pkg/kubelet/types:go_default_library",
Expand Down Expand Up @@ -136,6 +137,7 @@ go_library(
"//staging/src/k8s.io/component-base/configz:go_default_library",
"//staging/src/k8s.io/component-base/featuregate:go_default_library",
"//staging/src/k8s.io/component-base/metrics:go_default_library",
"//staging/src/k8s.io/component-base/metrics/legacyregistry:go_default_library",
"//staging/src/k8s.io/component-base/version:go_default_library",
"//staging/src/k8s.io/component-base/version/verflag:go_default_library",
"//staging/src/k8s.io/csi-translation-lib/plugins:go_default_library",
Expand Down
20 changes: 20 additions & 0 deletions cmd/kubelet/app/server.go
View file
Open in desktop
Expand Up @@ -22,6 +22,7 @@ import (
"crypto/tls"
"errors"
"fmt"
"math"
"net"
"net/http"
"os"
Expand Down Expand Up @@ -63,6 +64,7 @@ import (
"k8s.io/component-base/configz"
"k8s.io/component-base/featuregate"
"k8s.io/component-base/metrics"
"k8s.io/component-base/metrics/legacyregistry"
"k8s.io/component-base/version"
"k8s.io/component-base/version/verflag"
kubeletconfigv1beta1 "k8s.io/kubelet/config/v1beta1"
Expand All @@ -87,6 +89,7 @@ import (
evictionapi "k8s.io/kubernetes/pkg/kubelet/eviction/api"
dynamickubeletconfig "k8s.io/kubernetes/pkg/kubelet/kubeletconfig"
"k8s.io/kubernetes/pkg/kubelet/kubeletconfig/configfiles"
kubeletmetrics "k8s.io/kubernetes/pkg/kubelet/metrics"
"k8s.io/kubernetes/pkg/kubelet/server"
"k8s.io/kubernetes/pkg/kubelet/stats/pidlimit"
kubetypes "k8s.io/kubernetes/pkg/kubelet/types"
Expand Down Expand Up @@ -838,6 +841,23 @@ func buildKubeletClientConfig(s *options.KubeletServer, nodeName types.NodeName)
return nil, nil, err
}

legacyregistry.RawMustRegister(metrics.NewGaugeFunc(
metrics.GaugeOpts{
Subsystem: kubeletmetrics.KubeletSubsystem,
Name: "certificate_manager_client_ttl_seconds",
Help: "Gauge of the TTL (time-to-live) of the Kubelet's client certificate. " +
"The value is in seconds until certificate expiry (negative if already expired). " +
"If client certificate is invalid or unused, the value will be +INF.",
StabilityLevel: metrics.ALPHA,
},
func() float64 {
if c := clientCertificateManager.Current(); c != nil && c.Leaf != nil {
return math.Trunc(c.Leaf.NotAfter.Sub(time.Now()).Seconds())
}
return math.Inf(1)
},
))

// the rotating transport will use the cert from the cert manager instead of these files
transportConfig := restclient.AnonymousClientConfig(clientConfig)

Expand Down
13 changes: 2 additions & 11 deletions pkg/kubelet/certificate/kubelet.go
View file
Open in desktop
Expand Up @@ -142,7 +142,7 @@ func NewKubeletServerCertificateManager(kubeClient clientset.Interface, kubeCfg
},
func() float64 {
if c := m.Current(); c != nil && c.Leaf != nil {
return c.Leaf.NotAfter.Sub(time.Now()).Seconds()
return math.Trunc(c.Leaf.NotAfter.Sub(time.Now()).Seconds())
}
return math.Inf(1)
},
Expand Down Expand Up @@ -210,16 +210,6 @@ func NewKubeletClientCertificateManager(
if err != nil {
return nil, fmt.Errorf("failed to initialize client certificate store: %v", err)
}
var certificateExpiration = compbasemetrics.NewGauge(
&compbasemetrics.GaugeOpts{
Namespace: metrics.KubeletSubsystem,
Subsystem: "certificate_manager",
Name: "client_expiration_seconds",
Help: "Gauge of the lifetime of a certificate. The value is the date the certificate will expire in seconds since January 1, 1970 UTC.",
StabilityLevel: compbasemetrics.ALPHA,
},
)
legacyregistry.Register(certificateExpiration)
var certificateRenewFailure = compbasemetrics.NewCounter(
&compbasemetrics.CounterOpts{
Namespace: metrics.KubeletSubsystem,
Expand Down Expand Up @@ -269,5 +259,6 @@ func NewKubeletClientCertificateManager(
if err != nil {
return nil, fmt.Errorf("failed to initialize client certificate manager: %v", err)
}

return m, nil
}