Comment NGINXCertificateExpiry alert label matcher (#10613)

If a valid certificate is passed via `--default-ssl-certificate` it is probably desiderable that we check its expiration! Add a comment to explain that.
2023-11-05 12:23:43 +01:00 · 2023-11-05 12:23:43 +01:00 · 870847ad4c
commit 870847ad4c
parent 30820a5acc
1 changed files with 5 additions and 0 deletions
--- a/charts/ingress-nginx/values.yaml
+++ b/charts/ingress-nginx/values.yaml
@ -737,6 +737,11 @@ controller:
      #   annotations:
      #     description: bad ingress config - nginx config test failed
      #     summary: uninstall the latest ingress changes to allow config reloads to resume
+      # # By default a fake self-signed certificate is generated as default and
+      # # it is fine if it expires. If `--default-ssl-certificate` flag is used
+      # # and a valid certificate passed please do not filter for `host` label!
+      # # (i.e. delete `{host!="_"}` so also the default SSL certificate is
+      # # checked for expiration)
      # - alert: NGINXCertificateExpiry
      #   expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds{host!="_"}) by (host) - time()) < 604800
      #   for: 1s