From aa3609046bc6e3d77209bbe74e8b6132abc4df22 Mon Sep 17 00:00:00 2001
From: k8s-infra-cherrypick-robot
 <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com>
Date: Wed, 29 Nov 2023 09:03:10 -0800
Subject: [PATCH] Ignore fake certificate for NGINXCertificateExpiry (#10694)

The fake certificate is only a fallback and it is okay-ish if it
expires.

Do not alert for its expiration.

Co-authored-by: Leonardo Taccari <leonardo@faire.ai>
---
 charts/ingress-nginx/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml
index 06f0f77e9..a10004661 100644
--- a/charts/ingress-nginx/values.yaml
+++ b/charts/ingress-nginx/values.yaml
@@ -736,7 +736,7 @@ controller:
       # # (i.e. delete `{host!="_"}` so also the default SSL certificate is
       # # checked for expiration)
       # - alert: NGINXCertificateExpiry
-      #   expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800
+      #   expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds{host!="_"}) by (host) - time()) < 604800
       #   for: 1s
       #   labels:
       #     severity: critical