prometheus rule
客户端访问 APIServer 证书快过期问题
KubeClientCertificateExpiration (1 active)
name: KubeClientCertificateExpiration
expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by(job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 604800
labels:
severity: warning
annotations:
description: A client certificate used to authenticate to the apiserver is expiring in less than 7.0 days.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeclientcertificateexpiration
summary: Client certificate is about to expire.
今天突然报警k8s 证书剩余时间少于7天 明明前几天刚更新了证书呢
使用kubeadm certs check-expiration 查看所有证书发现全部都有1年+时间
查看prometheus 结果很明显了 就是定位不出那个证书过期了