mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-17 15:50:10 +00:00
src/k8s.io/apiserver: Increase cert expiration histogram resolution
The `certificate_expiration_seconds` histogram measures the remaining time of client certificates used to authenticate to the API server. It records the lifetime of received client request certificates in buckets of 6h, 12h, ..., 1y. In environments with automated certificate rotation it is not uncommen to have issued certificates expire in less than the above mentioned minimum bucket of 6h. In such environments the above histogram is useless given that every request will be recorded in the first bucket. This patch increases the histogram resolution by adding a 30m, 1h and 2h bucket. Prometheus histogram buckets are cummulative, e.g. the 12h bucket is counting _all_ records with an expiration date lower or equal to 12h including _all_ requests of the 6h bucket. Thereby this patch does not break existing monitoring setups. This histogram is exposed once per API server, thereby the 3 additional time series do not cause a cardinality issue.
This commit is contained in:
Max Leonard Inden
parent
e9b285afbb
commit
f90bbc3d6b
@ -39,6 +39,9 @@ var clientCertificateExpirationHistogram = prometheus.NewHistogram(
|
|||||||
Help: "Distribution of the remaining lifetime on the certificate used to authenticate a request.",
|
Help: "Distribution of the remaining lifetime on the certificate used to authenticate a request.",
|
||||||
Buckets: []float64{
|
Buckets: []float64{
|
||||||
0,
|
0,
|
||||||
|
(30 * time.Minute).Seconds(),
|
||||||
|
(1 * time.Hour).Seconds(),
|
||||||
|
(2 * time.Hour).Seconds(),
|
||||||
(6 * time.Hour).Seconds(),
|
(6 * time.Hour).Seconds(),
|
||||||
(12 * time.Hour).Seconds(),
|
(12 * time.Hour).Seconds(),
|
||||||
(24 * time.Hour).Seconds(),
|
(24 * time.Hour).Seconds(),
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user