feat(certmanager): register certificate expiry metrics#102
Draft
AntiD2ta wants to merge 1 commit intouse-go-certmanagerfrom
Draft
feat(certmanager): register certificate expiry metrics#102AntiD2ta wants to merge 1 commit intouse-go-certmanagerfrom
AntiD2ta wants to merge 1 commit intouse-go-certmanagerfrom
Conversation
Threads the metrics monitor and a stable certificate name into the
server and client certificate managers via go-certmanager's new
WithMonitor/WithName options. Both managers use name="dirk"; the
role label ("server" vs "client") distinguishes inbound gRPC from
outbound peer connections.
Adds a unit test guarding the wiring: exercising the sentinel
ErrNoNameWithMonitor path and the happy-path with a
prometheus-presenter monitor for both server and client managers.
Bumps go-certmanager to the PR #16 tip (adds metrics.Service
interface + Prometheus gauges).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adopts go-certmanager PR #16's new metrics API. Threads the existing Dirk monitor into both certificate manager constructors so
certmanager_certificate_not_{after,before}_secondsgauges are exposed undername="dirk"withrole="server"androle="client"labels.Dirk uses the same cert material for both its inbound (server) identity and peer-outbound (client) identity, so both managers use
name="dirk"; therolelabel is the only differentiator.Changes
main.go:startCertManagernow accepts ametrics.Serviceand callsWithMonitor(monitor)+WithName("dirk").startClientCertManagerlikewise.initMonitoringAndMetrics.go.mod: bumpgithub.com/attestantio/go-certmanagerto the PR Run rules checks in parallel. #16 tip.Tests
certmanager_test.go: four new unit tests exercising the wiring.TestStartCertManagerWiresMonitorWithName/TestStartClientCertManagerWiresMonitorWithName— happy path; if eitherWithMonitororWithNameis ever dropped, construction fails withErrNoNameWithMonitor.TestStartCertManagerMonitorWithoutNameRejected/TestStartClientCertManagerMonitorWithoutNameRejected— documents the contract Dirk relies on directly againststandardservercert.New/standardclientcert.New.Test plan
go test ./...green (510 tests)certmanager_certificate_{not_after,not_before}_seconds{name="dirk",role="server"}and{name="dirk",role="client"}series visible on each Dirk's/metricsendpoint; values match the served cert'snotAfter/notBefore.