Closed dan-vaughan closed 3 years ago
Definitely not opposed to this. Thank you for contributing it.
And if not, would you object to me adding a GitHub action to release the chart?
Not at all. Honestly I'll probably wait till we do this then pull the chart and deploy it to a local cluster to test.
If you approve adding a Helm chart in principle, I may add some more commits once I've tested this more thoroughly.
After you're confident it's in a good spot, let's get the github action in and then I'll merge and do some local testing against the built chart.
I've fixed up the Helm chart, and I've been testing it.
I'm now getting a "Error exporting secret Failed to parse as a pem" for all of the secrets I have that are generated by cert-manager. They're all formatted in base64, and I've confirmed that they're valid. Is it possible that the exporter is failing to decode them from base64?
I'm using the recommended flags for cert-manager exporting:
- --secrets-annotation-selector=cert-manager.io/certificate-name
- --secrets-include-glob=*.crt
- --logtostderr
cert-exporter does attempt to parse the bytes directly as a pem file.
https://github.com/joe-elliott/cert-exporter/blob/master/src/checkers/periodicSecretChecker.go#L139
However, all k8s secrets are base64 encoded. I would presume that the "bytes" here have already been decoded. Were you ever able to parse your cert-manager secrets? If this changed recently did you make any changes to cert-manager such as upgrade its version?
I just parsed them just now, after decoding from base64. From my reading of the code it appears that bytes
may or may not be decoded from Base64 depending on which function is assigned to p.exporter.ExportMetrics
.
Right, I mean, have you ever run cert-exporter successfully against cert-manager generated secrets?
Other things that would be useful:
kubectl describe secret <secret-that-wont-parse>
I can confirm that this was an issue with our version of cert-manager: I've tested it on a much newer version we're about to upgrade to, and it works fine. I should have this MR complete shortly.
I'll add the GitHub action to release the chart tomorrow.
This is done from my end. Please let me know if there are any tweaks that need to be made to the Helm or release action. You'll need to create a gh-pages
branch to allow for the hosting of the Helm artifacts.
Hi,
My company uses Helm to manage our installed applications, and I noticed a Helm chart was missing for this project. I've created a fairly basic one that assumes Prometheus-Operator is already installed. It also only creates a Deployment for monitoring cert-manager right now, but I may add Daemonsets in future.
Would you rather that this be its own project? And if not, would you object to me adding a GitHub action to release the chart?
If you approve adding a Helm chart in principle, I may add some more commits once I've tested this more thoroughly.
Thanks!
Changelog: