github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 19:56:01 +00:00
Code Issues Projects Releases Wiki Activity

Fix kubelet client certificate gauge

Browse Source
This commit is contained in:
Jordan Liggitt 2020-05-15 10:01:43 -04:00
parent 0024c837ba
commit 2408d8101f
3 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/kubelet/app/BUILD
View File

@ -64,6 +64,7 @@ go_library(
"//pkg/kubelet/eviction/api:go_default_library", "//pkg/kubelet/eviction/api:go_default_library",
"//pkg/kubelet/kubeletconfig:go_default_library", "//pkg/kubelet/kubeletconfig:go_default_library",
"//pkg/kubelet/kubeletconfig/configfiles:go_default_library", "//pkg/kubelet/kubeletconfig/configfiles:go_default_library",
"//pkg/kubelet/metrics:go_default_library",
"//pkg/kubelet/server:go_default_library", "//pkg/kubelet/server:go_default_library",
"//pkg/kubelet/stats/pidlimit:go_default_library", "//pkg/kubelet/stats/pidlimit:go_default_library",
"//pkg/kubelet/types:go_default_library", "//pkg/kubelet/types:go_default_library",
@ -136,6 +137,7 @@ go_library(
"//staging/src/k8s.io/component-base/configz:go_default_library", "//staging/src/k8s.io/component-base/configz:go_default_library",
"//staging/src/k8s.io/component-base/featuregate:go_default_library", "//staging/src/k8s.io/component-base/featuregate:go_default_library",
"//staging/src/k8s.io/component-base/metrics:go_default_library", "//staging/src/k8s.io/component-base/metrics:go_default_library",
"//staging/src/k8s.io/component-base/metrics/legacyregistry:go_default_library",
"//staging/src/k8s.io/component-base/version:go_default_library", "//staging/src/k8s.io/component-base/version:go_default_library",
"//staging/src/k8s.io/component-base/version/verflag:go_default_library", "//staging/src/k8s.io/component-base/version/verflag:go_default_library",
"//staging/src/k8s.io/csi-translation-lib/plugins:go_default_library", "//staging/src/k8s.io/csi-translation-lib/plugins:go_default_library",

20
cmd/kubelet/app/server.go
View File

@ -22,6 +22,7 @@ import (
"crypto/tls" "crypto/tls"
"errors" "errors"
"fmt" "fmt"
"math"
"net" "net"
"net/http" "net/http"
"os" "os"
@ -63,6 +64,7 @@ import (
"k8s.io/component-base/configz" "k8s.io/component-base/configz"
"k8s.io/component-base/featuregate" "k8s.io/component-base/featuregate"
"k8s.io/component-base/metrics" "k8s.io/component-base/metrics"
"k8s.io/component-base/metrics/legacyregistry"
"k8s.io/component-base/version" "k8s.io/component-base/version"
"k8s.io/component-base/version/verflag" "k8s.io/component-base/version/verflag"
kubeletconfigv1beta1 "k8s.io/kubelet/config/v1beta1" kubeletconfigv1beta1 "k8s.io/kubelet/config/v1beta1"
@ -87,6 +89,7 @@ import (
evictionapi "k8s.io/kubernetes/pkg/kubelet/eviction/api" evictionapi "k8s.io/kubernetes/pkg/kubelet/eviction/api"
dynamickubeletconfig "k8s.io/kubernetes/pkg/kubelet/kubeletconfig" dynamickubeletconfig "k8s.io/kubernetes/pkg/kubelet/kubeletconfig"
"k8s.io/kubernetes/pkg/kubelet/kubeletconfig/configfiles" "k8s.io/kubernetes/pkg/kubelet/kubeletconfig/configfiles"
kubeletmetrics "k8s.io/kubernetes/pkg/kubelet/metrics"
"k8s.io/kubernetes/pkg/kubelet/server" "k8s.io/kubernetes/pkg/kubelet/server"
"k8s.io/kubernetes/pkg/kubelet/stats/pidlimit" "k8s.io/kubernetes/pkg/kubelet/stats/pidlimit"
kubetypes "k8s.io/kubernetes/pkg/kubelet/types" kubetypes "k8s.io/kubernetes/pkg/kubelet/types"
@ -838,6 +841,23 @@ func buildKubeletClientConfig(s *options.KubeletServer, nodeName types.NodeName)
return nil, nil, err return nil, nil, err
} }
legacyregistry.RawMustRegister(metrics.NewGaugeFunc(
metrics.GaugeOpts{
Subsystem: kubeletmetrics.KubeletSubsystem,
Name: "certificate_manager_client_ttl_seconds",
Help: "Gauge of the TTL (time-to-live) of the Kubelet's client certificate. " +
"The value is in seconds until certificate expiry (negative if already expired). " +
"If client certificate is invalid or unused, the value will be +INF.",
StabilityLevel: metrics.ALPHA,
},
func() float64 {
if c := clientCertificateManager.Current(); c != nil && c.Leaf != nil {
return math.Trunc(c.Leaf.NotAfter.Sub(time.Now()).Seconds())
}
return math.Inf(1)
},
))
// the rotating transport will use the cert from the cert manager instead of these files // the rotating transport will use the cert from the cert manager instead of these files
transportConfig := restclient.AnonymousClientConfig(clientConfig) transportConfig := restclient.AnonymousClientConfig(clientConfig)

13
pkg/kubelet/certificate/kubelet.go
View File

@ -142,7 +142,7 @@ func NewKubeletServerCertificateManager(kubeClient clientset.Interface, kubeCfg
}, },
func() float64 { func() float64 {
if c := m.Current(); c != nil && c.Leaf != nil { if c := m.Current(); c != nil && c.Leaf != nil {
return c.Leaf.NotAfter.Sub(time.Now()).Seconds() return math.Trunc(c.Leaf.NotAfter.Sub(time.Now()).Seconds())
} }
return math.Inf(1) return math.Inf(1)
}, },
@ -210,16 +210,6 @@ func NewKubeletClientCertificateManager(
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to initialize client certificate store: %v", err) return nil, fmt.Errorf("failed to initialize client certificate store: %v", err)
} }
var certificateExpiration = compbasemetrics.NewGauge(
&compbasemetrics.GaugeOpts{
Namespace: metrics.KubeletSubsystem,
Subsystem: "certificate_manager",
Name: "client_expiration_seconds",
Help: "Gauge of the lifetime of a certificate. The value is the date the certificate will expire in seconds since January 1, 1970 UTC.",
StabilityLevel: compbasemetrics.ALPHA,
},
)
legacyregistry.Register(certificateExpiration)
var certificateRenewFailure = compbasemetrics.NewCounter( var certificateRenewFailure = compbasemetrics.NewCounter(
&compbasemetrics.CounterOpts{ &compbasemetrics.CounterOpts{
Namespace: metrics.KubeletSubsystem, Namespace: metrics.KubeletSubsystem,
@ -269,5 +259,6 @@ func NewKubeletClientCertificateManager(
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to initialize client certificate manager: %v", err) return nil, fmt.Errorf("failed to initialize client certificate manager: %v", err)
} }
return m, nil return m, nil
} }