The `certificate_expiration_seconds` histogram measures the remaining
time of client certificates used to authenticate to the API server. It
records the lifetime of received client request certificates in buckets
of 6h, 12h, ..., 1y.
In environments with automated certificate rotation it is not uncommen
to have issued certificates expire in less than the above mentioned
minimum bucket of 6h. In such environments the above histogram is
useless given that every request will be recorded in the first bucket.
This patch increases the histogram resolution by adding a 30m, 1h and 2h
bucket. Prometheus histogram buckets are cummulative, e.g. the 12h
bucket is counting _all_ records with an expiration date lower or equal
to 12h including _all_ requests of the 6h bucket. Thereby this patch
does not break existing monitoring setups. This histogram is exposed
once per API server, thereby the 3 additional time series do not cause a
cardinality issue.
Kubernetes-commit: f90bbc3d6bfba992831eb216161990eae1098ae5
Suppress common name verify warning log and roll up into returned error
remove glog test dependency
Kubernetes-commit: bb3124c48a4d276ed280175e5825ea9db022d699
When incoming requests to the API server are authenticated by a
certificate, the expiration of the certificate can affect the validity
of the authentication. With auto rotation of certificates, which is
starting with kubelet certificates, the goal is to use shorter lifetimes
and let the kubelet renew the certificate as desired. Monitoring
certificates which are approaching expiration and not renewing would be
an early warning sign that nodes are about to stop participating in the
cluster.
Kubernetes-commit: 49a19c6011e05363a8baf8e99c917d11a9496568
This flag is documented as being case-insensitive, but the code was
doing a case-sensitive map lookup.
Kubernetes-commit: 0acdc0cdb369372e06c202aea162bce04410f643
David Eads
Han Kang
Max Leonard Inden
Xiang Dai
Roy Lenferink
Jordan Liggitt
Mike Danese
David McCormick
Jake Sanders
Jordan Liggitt
Kubernetes Publisher
Jeff Grafton
Jacob Simpson
John Millikin
Haoran Wang
Dr. Stefan Schimanski