New to Searchlight? Please start here.
ca-cert checks the expiration timestamp of Kubernetes api server CA certificate. No longer you have to get a surprise that the CA certificate for your cluster has expired.
ca-cert check command has the following variables:
warning- Condition for warning, compare with tiem left before expiration. (Default: TTL < 360h)
critical- Condition for critical, compare with tiem left before expiration. (Default: TTL < 120h)
Execution of this command can result in following states:
At first, you need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube.
Now, install Searchlight operator in your cluster following the steps here.
To keep things isolated, this tutorial uses a separate namespace called
demo throughout this tutorial. Run the following command to prepare your cluster for this tutorial:
$ kubectl create namespace demo namespace "demo" created $ kubectl get namespaces NAME STATUS AGE default Active 6h kube-public Active 6h kube-system Active 6h demo Active 4m
In this tutorial, we are going to create an alert to check
$ cat ./docs/examples/cluster-alerts/ca-cert/demo-0.yaml apiVersion: monitoring.appscode.com/v1alpha1 kind: ClusterAlert metadata: name: ca-cert-demo-0 namespace: demo spec: check: ca-cert vars: warning: 240h critical: 72h checkInterval: 30s alertInterval: 2m notifierSecretName: notifier-config receivers: - notifier: Mailgun state: Critical to: ["email@example.com"]
$ kubectl apply -f ./docs/examples/cluster-alerts/ca-cert/demo-0.yaml clusteralert "ca-cert-demo-0" created $ kubectl describe clusteralert ca-cert-demo-0 -n demo Name: ca-cert-demo-0 Namespace: demo Labels: <none> Events: FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 9s 9s 1 Searchlight operator Normal SuccessfulSync Applied ClusterAlert: "ca-cert-demo-0"
ca-cert command has been synced to Icinga2. Please visit here to learn how to configure notifier secret. Now, open IcingaWeb2 in your browser. You should see a Icinga host
demo@cluster and Icinga service
To pause alert, edit ClusterAlert
ca-cert-demo-0 to set
spec.paused to be
$ kubectl edit clusteralert ca-cert-demo-0 -n demo
spec: pause: true
Searchlight operator will delete Icinga Services for this alert. To resume, edit and set
spec.paused to be
To cleanup the Kubernetes resources created by this tutorial, run:
$ kubectl delete ns demo
If you would like to uninstall Searchlight operator, please follow the steps here.