Updated usage of certificate.Manager to use new rotation metric

2025-07-23 19:56:01 +00:00 · 2019-10-29 12:02:59 -07:00 · 2019-10-29 12:02:59 -07:00 · 3e817d17a5
commit 3e817d17a5
parent 7adb181200
1 changed files with 27 additions and 5 deletions
--- a/pkg/kubelet/certificate/kubelet.go
+++ b/pkg/kubelet/certificate/kubelet.go
@ -25,7 +25,7 @@ import (
 	"sort"

 	certificates "k8s.io/api/certificates/v1beta1"
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
 	clientset "k8s.io/client-go/kubernetes"
 	certificatesclient "k8s.io/client-go/kubernetes/typed/certificates/v1beta1"
@ -52,17 +52,38 @@ func NewKubeletServerCertificateManager(kubeClient clientset.Interface, kubeCfg
 	if err != nil {
 		return nil, fmt.Errorf("failed to initialize server certificate store: %v", err)
 	}
-	var certificateExpiration = compbasemetrics.NewGauge(
+	certificateExpiration := compbasemetrics.NewGauge(
 		&compbasemetrics.GaugeOpts{
-			Namespace:      metrics.KubeletSubsystem,
-			Subsystem:      "certificate_manager",
-			Name:           "server_expiration_seconds",
+			Subsystem:      metrics.KubeletSubsystem,
+			Name:           "certificate_manager_server_expiration_seconds",
 			Help:           "Gauge of the lifetime of a certificate. The value is the date the certificate will expire in seconds since January 1, 1970 UTC.",
 			StabilityLevel: compbasemetrics.ALPHA,
 		},
 	)
 	legacyregistry.MustRegister(certificateExpiration)

+	certificateRotationAge := compbasemetrics.NewHistogram(
+		&compbasemetrics.HistogramOpts{
+			Subsystem: metrics.KubeletSubsystem,
+			Name:      "certificate_manager_server_rotation_seconds",
+			Help:      "Histogram of the number of seconds the previous certificate lived before being rotated.",
+			Buckets: []float64{
+				60,        // 1  minute
+				3600,      // 1  hour
+				14400,     // 4  hours
+				86400,     // 1  day
+				604800,    // 1  week
+				2592000,   // 1  month
+				7776000,   // 3  months
+				15552000,  // 6  months
+				31104000,  // 1  year
+				124416000, // 4  years
+			},
+			StabilityLevel: compbasemetrics.ALPHA,
+		},
+	)
+	legacyregistry.MustRegister(certificateRotationAge)
+
 	getTemplate := func() *x509.CertificateRequest {
 		hostnames, ips := addressesToHostnamesAndIPs(getAddresses())
 		// don't return a template if we have no addresses to request for
@ -100,6 +121,7 @@ func NewKubeletServerCertificateManager(kubeClient clientset.Interface, kubeCfg
 		},
 		CertificateStore:      certificateStore,
 		CertificateExpiration: certificateExpiration,
+		CertificateRotation:   certificateRotationAge,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("failed to initialize server certificate manager: %v", err)