Comment NGINXCertificateExpiry alert label matcher (#10692)
If a valid certificate is passed via `--default-ssl-certificate` it is probably desiderable that we check its expiration! Add a comment to explain that. Co-authored-by: Leonardo Taccari <leonardo@faire.ai>
This commit is contained in:
parent
cd59304e25
commit
7764e00ab4
1 changed files with 5 additions and 0 deletions
|
@ -730,6 +730,11 @@ controller:
|
|||
# annotations:
|
||||
# description: bad ingress config - nginx config test failed
|
||||
# summary: uninstall the latest ingress changes to allow config reloads to resume
|
||||
# # By default a fake self-signed certificate is generated as default and
|
||||
# # it is fine if it expires. If `--default-ssl-certificate` flag is used
|
||||
# # and a valid certificate passed please do not filter for `host` label!
|
||||
# # (i.e. delete `{host!="_"}` so also the default SSL certificate is
|
||||
# # checked for expiration)
|
||||
# - alert: NGINXCertificateExpiry
|
||||
# expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800
|
||||
# for: 1s
|
||||
|
|
Loading…
Reference in a new issue