DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Instrument nginx to expose metric "ssl certficate expiration time "

Browse source 
Add a console warning message 10 days before the certificate expire
This commit is contained in:
Giancarlo Rubio 2017-06-12 14:45:08 +02:00
parent e258ee19d1
commit d9cf043552
5 changed files with 41 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
core/pkg/ingress/controller/controller.go
View file

@ -380,6 +380,7 @@ func (ic *GenericController) syncIngress(key interface{}) error {
upstreams, servers := ic.getBackendServers()
var passUpstreams []*ingress.SSLPassthroughBackend
for _, server := range servers {
if !server.SSLPassthrough {
continue
@ -416,6 +417,7 @@ func (ic *GenericController) syncIngress(key interface{}) error {
glog.Infof("ingress backend successfully reloaded...")
incReloadCount()
setSSLExpireTime(servers)
return nil
}
@ -1008,6 +1010,12 @@ func (ic *GenericController) createServers(data []interface{},
if isHostValid(host, cert) {
servers[host].SSLCertificate = cert.PemFileName
servers[host].SSLPemChecksum = cert.PemSHA
servers[host].SSLExpireTime = cert.ExpireTime
if cert.ExpireTime.Before(time.Now().Add(240 * time.Hour)) {
glog.Warningf("ssl certificate for host %v is about to expire in 10 days", host)
}
} else {
glog.Warningf("ssl certificate %v does not contain a common name for host %v", key, host)
}