DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Comment NGINXCertificateExpiry alert label matcher (#10613)

Browse source 
If a valid certificate is passed via `--default-ssl-certificate` it is
probably desiderable that we check its expiration!

Add a comment to explain that.
This commit is contained in:
Leonardo Taccari 2023-11-05 12:23:43 +01:00 committed by GitHub
parent 30820a5acc
commit 870847ad4c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
charts/ingress-nginx/values.yaml
View file

@ -737,6 +737,11 @@ controller:
# annotations: # annotations:
# description: bad ingress config - nginx config test failed # description: bad ingress config - nginx config test failed
# summary: uninstall the latest ingress changes to allow config reloads to resume # summary: uninstall the latest ingress changes to allow config reloads to resume
# # By default a fake self-signed certificate is generated as default and
# # it is fine if it expires. If `--default-ssl-certificate` flag is used
# # and a valid certificate passed please do not filter for `host` label!
# # (i.e. delete `{host!="_"}` so also the default SSL certificate is
# # checked for expiration)
# - alert: NGINXCertificateExpiry # - alert: NGINXCertificateExpiry
# expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds{host!="_"}) by (host) - time()) < 604800 # expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds{host!="_"}) by (host) - time()) < 604800
# for: 1s # for: 1s