Fix kubelet client certificate gauge

This commit is contained in:
Jordan Liggitt 2020-05-15 10:01:43 -04:00
parent 0024c837ba
commit 2408d8101f
3 changed files with 24 additions and 11 deletions

View File

@ -64,6 +64,7 @@ go_library(
"//pkg/kubelet/eviction/api:go_default_library",
"//pkg/kubelet/kubeletconfig:go_default_library",
"//pkg/kubelet/kubeletconfig/configfiles:go_default_library",
"//pkg/kubelet/metrics:go_default_library",
"//pkg/kubelet/server:go_default_library",
"//pkg/kubelet/stats/pidlimit:go_default_library",
"//pkg/kubelet/types:go_default_library",
@ -136,6 +137,7 @@ go_library(
"//staging/src/k8s.io/component-base/configz:go_default_library",
"//staging/src/k8s.io/component-base/featuregate:go_default_library",
"//staging/src/k8s.io/component-base/metrics:go_default_library",
"//staging/src/k8s.io/component-base/metrics/legacyregistry:go_default_library",
"//staging/src/k8s.io/component-base/version:go_default_library",
"//staging/src/k8s.io/component-base/version/verflag:go_default_library",
"//staging/src/k8s.io/csi-translation-lib/plugins:go_default_library",

View File

@ -22,6 +22,7 @@ import (
"crypto/tls"
"errors"
"fmt"
"math"
"net"
"net/http"
"os"
@ -63,6 +64,7 @@ import (
"k8s.io/component-base/configz"
"k8s.io/component-base/featuregate"
"k8s.io/component-base/metrics"
"k8s.io/component-base/metrics/legacyregistry"
"k8s.io/component-base/version"
"k8s.io/component-base/version/verflag"
kubeletconfigv1beta1 "k8s.io/kubelet/config/v1beta1"
@ -87,6 +89,7 @@ import (
evictionapi "k8s.io/kubernetes/pkg/kubelet/eviction/api"
dynamickubeletconfig "k8s.io/kubernetes/pkg/kubelet/kubeletconfig"
"k8s.io/kubernetes/pkg/kubelet/kubeletconfig/configfiles"
kubeletmetrics "k8s.io/kubernetes/pkg/kubelet/metrics"
"k8s.io/kubernetes/pkg/kubelet/server"
"k8s.io/kubernetes/pkg/kubelet/stats/pidlimit"
kubetypes "k8s.io/kubernetes/pkg/kubelet/types"
@ -838,6 +841,23 @@ func buildKubeletClientConfig(s *options.KubeletServer, nodeName types.NodeName)
return nil, nil, err
}
legacyregistry.RawMustRegister(metrics.NewGaugeFunc(
metrics.GaugeOpts{
Subsystem: kubeletmetrics.KubeletSubsystem,
Name: "certificate_manager_client_ttl_seconds",
Help: "Gauge of the TTL (time-to-live) of the Kubelet's client certificate. " +
"The value is in seconds until certificate expiry (negative if already expired). " +
"If client certificate is invalid or unused, the value will be +INF.",
StabilityLevel: metrics.ALPHA,
},
func() float64 {
if c := clientCertificateManager.Current(); c != nil && c.Leaf != nil {
return math.Trunc(c.Leaf.NotAfter.Sub(time.Now()).Seconds())
}
return math.Inf(1)
},
))
// the rotating transport will use the cert from the cert manager instead of these files
transportConfig := restclient.AnonymousClientConfig(clientConfig)

View File

@ -142,7 +142,7 @@ func NewKubeletServerCertificateManager(kubeClient clientset.Interface, kubeCfg
},
func() float64 {
if c := m.Current(); c != nil && c.Leaf != nil {
return c.Leaf.NotAfter.Sub(time.Now()).Seconds()
return math.Trunc(c.Leaf.NotAfter.Sub(time.Now()).Seconds())
}
return math.Inf(1)
},
@ -210,16 +210,6 @@ func NewKubeletClientCertificateManager(
if err != nil {
return nil, fmt.Errorf("failed to initialize client certificate store: %v", err)
}
var certificateExpiration = compbasemetrics.NewGauge(
&compbasemetrics.GaugeOpts{
Namespace: metrics.KubeletSubsystem,
Subsystem: "certificate_manager",
Name: "client_expiration_seconds",
Help: "Gauge of the lifetime of a certificate. The value is the date the certificate will expire in seconds since January 1, 1970 UTC.",
StabilityLevel: compbasemetrics.ALPHA,
},
)
legacyregistry.Register(certificateExpiration)
var certificateRenewFailure = compbasemetrics.NewCounter(
&compbasemetrics.CounterOpts{
Namespace: metrics.KubeletSubsystem,
@ -269,5 +259,6 @@ func NewKubeletClientCertificateManager(
if err != nil {
return nil, fmt.Errorf("failed to initialize client certificate manager: %v", err)
}
return m, nil
}