agapoff
commented
1 year ago Thank you! I'll add some improvements for the code to be more consistent with the rest of the script.
Closed MoBlockbuster closed 1 year ago
agapoff
commented
1 year ago Thank you! I'll add some improvements for the code to be more consistent with the rest of the script.
MoBlockbuster
commented
1 year ago Thank you.
The K8s API use also the internal PKI TLS certificate to provide HTTPs. We can check the TLS certificate on port 6443 to check the expiredate of the internal PKI TLS certificate. We can use params like -w 30 (days) and -c 15 (days) to sent warning and critical alarms. This would be a own MODE.
The API cert in K8s: /etc/kubernetes/pki/apiserver.crt
example:
if APIPORT is on 443 (you don't have to specify the port) ./check_kubernetes.sh -H https://192.168.100.10 -t $TOKENFILE -m apicert -w 30 -c 15
if APIPORT != 443 (you have to specify the port) ./check_kubernetes.sh -H https://192.168.100.10:6443 -t $TOKENFILE -m apicert -w 30 -c 15