search

joe-elliott / cert-exporter

A Prometheus exporter that publishes cert expirations on disk and in Kubernetes secrets
Apache License 2.0
316 stars 87 forks source link

Helm issues in kubeadm #81

Closed jarvis120 closed 3 years ago

jarvis120 commented 3 years ago

Hi, Hope you are doing well.

I am testing in a kubeadm k8s cluster with version 1.17.9. I have deployed the helm chart (https://github.com/joe-elliott/cert-exporter/tree/master/helm/cert-exporter) by editing the args for the container in the values.yaml as 

- --include-cert-glob=/var/lib/k8s/kubernetes/pki/*.cert
        - --include-kubeconfig-glob=/var/lib/k8s/kubernetes/*.conf
        - --secrets-annotation-selector=cert-manager.io/certificate-name
        - --secrets-include-glob=*.crt
        - --logtostderr

I have prometheus operator up and running, so enabled the servicemonitor as well. Once its deployed in the prometheus I can only see the metrics of cert_exporter_error_total nothing else.

when I hit the endpoint with /metrics I am getting like this only

HELP cert_exporter_error_total Cert Exporter Errors
 TYPE cert_exporter_error_total counter
cert_exporter_error_total 0
 HELP go_gc_duration_seconds A summary of the pause duration of garbage collection cycles.
 TYPE go_gc_duration_seconds summary
go_gc_duration_seconds{quantile="0"} 1.1325e-05

I am also not able to see any metrics even though in the deployment pod logs I can see the app is reviewing every secret I have in different namespaces.

So the pods logs are like

I0405 07:44:39.716109       1 main.go:69] Starting cert-exporter (version unknown; commit unknown; date unknown)
I0405 07:44:39.716197       1 periodicCertChecker.go:38] Begin periodic check
W0405 07:44:39.716212       1 client_config.go:551] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
I0405 07:44:39.716251       1 periodicCertChecker.go:38] Begin periodic check
I0405 07:44:39.718227       1 periodicSecretChecker.go:61] Begin periodic check
I0405 07:44:40.963007       1 periodicSecretChecker.go:109] Reviewing secret

Can you please assist me if something is wrong here, or did I missed any step, because I not able find rest of the 4 exported metrics as mentioned in the doc.

joe-elliott commented 3 years ago

Are those logs complete? If so it's hitting this line:

https://github.com/joe-elliott/cert-exporter/blob/master/src/checkers/periodicSecretChecker.go#L111

but not this one:

https://github.com/joe-elliott/cert-exporter/blob/master/src/checkers/periodicSecretChecker.go#L128

which suggests that the secret is being dropped due to annotation filters.

jarvis120 commented 3 years ago

Hey Thanks man, I was missing the annotation actually. Although I felt the basic doc need to get updated like how it works and what are the things the app is expecting like this annotation or labels Nice work man 👍