x509-exporter exclude-list from watch-folder

enix / helm-charts

A collection of Helm packages brought to you by Enix Monkeys :monkey_face:

https://charts.enix.io

Apache License 2.0

56 stars 19 forks source link

x509-exporter exclude-list from watch-folder #21

Closed rdegez closed 4 years ago

rdegez commented 4 years ago

On k8s cluster upgrade, when kubeadm rotate certificates, it keeps expired ones in /etc/kubernetes/pki/expired.

So the x509-exporter, having /etc/kubernetes/pki configured as watch-folder, will keep raising alarms on expired certificates in /etc/kubernetes/pki/expired.

Maybe we can add some way to exclude or ignore certains folders in the configured watchfolder.

npdgm commented 4 years ago

Thanks! This was fixed upstream in x509-exporter. Watching directories won't walk the tree anymore and scan files on the first level. We'll add more options to the chart when x509-exporter implements both behaviours.