metrics to check certificate expiry for istio workloads ?
anannaya opened this issue · comments
Anand Nayak commented
s there any metrics get cert exipry for istio workloads ? I can only get the istiod and rootCA/intermedia CA from the certmanager_certificate_expiration_timestamp_seconds metric.
Josh van Leeuwen commented
Hi @anannaya, AKAIK istio only exposes the following Prometheus metric, which is not very useful for certificates that are signed with a TTL =< 24h.
# TYPE envoy_server_days_until_first_cert_expiring gauge
envoy_server_days_until_first_cert_expiring{} 0
What is the objective of getting this metric? Perhaps there may be other metrics which indicate the same behaviour, such as cert_manager_istio_csr_tls_provider_certificate_requests
on istio-csr.