K8s SSL Certificate Test
In Kubernetes (K8s), SSL certificates are used primarily for securing communication between the components of the cluster (e.g., between the API server, Kubelet, kubectl, etc.) and ensuring encrypted, authenticated communication. The K8s SSL Certificate test monitors the validity period for SSL certificates of Kubernetes.
Target of the test : Azure Kubernetes Service Cluster
Agent deploying the test : A remote agent
Outputs of the test : One set of results for the Azure Kubernetes Service Cluster being monitored.
| Parameter | Description |
|---|---|
|
Test Period |
How often should the test be executed. |
|
Host |
The IP address of the host for which this test is to be configured. |
|
Port |
Specify the port at which the specified Host listens. By default, this is 6443. |
|
Timeout |
Specify the duration (in seconds) beyond which the test will timeout in the Timeout text box. The default value is 10 seconds. |
|
Load Balancer / Master Node IP |
To run this test and report metrics, the eG agent needs to connect to the Azure Kubernetes Service cluster and run API commands. To enable this connection, configure the eG agent with the IP address/host name of Kubernetes API of the Azure Kubernetes Service cluster. By default, this parameter will display the Load Balancer / Master Node IP that you configured when manually adding the Azure Kubernetes Service cluster for monitoring, using the Kubernetes Cluster Preferences page in the eG admin interface. The steps for managing the cluster using the eG admin interface are discussed elaborately in How to Monitor the Azure Kubernetes Service Cluster Using eG Enterprise? Whenever the eG agent runs this test, it uses the IP address that is displayed (by default) against this parameter to connect to the Kubernetes API. If there is any change in this IP address at a later point in time, then make sure that you update this parameter with it, by overriding its default setting. |
|
K8s Cluster API Prefix |
By default, this parameter is set to none. Do not disturb this setting if you are monitoring Azure Kubernetes Service Cluster. To run this test and report metrics for Rancher clusters, the eG agent needs to connect to the Kubernetes API on the master node of the Rancher cluster and run API commands. The Kubernetes API of Rancher clusters is of the default format: http(s)://{IP Address of kubernetes}/{api endpoints}. The Server section of the kubeconfig.yaml file downloaded from the Rancher console helps in identifying the Kubernetes API of the cluster. For e.g., https://{IP address of Kubernetes}/k8s/clusters/c-m-bznxvg4w/ is usually the URL of the Kubernetes API of a Rancher cluster. For the eG agent to connect to the master node of a Rancher cluster and pull out metrics, the eG agent should be made aware of the API endpoints in the Kubernetes API of the Rancher cluster. To aid this, you can specify the API endpoints available in the Kubernetes API of the Rancher cluster against this parameter. In our example, this parameter can be specified as: /k8s/clusters/c-m-bznxvg4w/. |
| Measurement | Description | Measurement Unit | Interpretation |
|---|---|---|---|
|
K8s SSL certificate validity |
Represents the validity of the SSL certificate of Kubernetes in days. |
Days |
As this value approaches close to 0, an alert is generated to proactively inform the administrator that the SSL certificate is nearing expiry. A value of 0 indicates that the SSL certificate has expired. |
