x509-certificate-exporter is a Prometheus exporter for certificates focusing on expiration monitoring, written in Go with cloud deployments in mind.
This article is about how to use Pulumi, kubernetes (K8S) provider, Helm Chart and TypeScript SDK to deploy x509-certificate-exporter within Kubernetes (K8S).
Get notified before certificates expire:
TLS Secrets from a Kubernetes cluster
PEM encoded files, by path or scanning directories
Kubeconfigs with embedded certificates or file references
The following metrics are available:
Best when used with the Grafana DashboardCertificates Expiration (X509 Certificate Exporter) dashboard for Grafana | Grafana Labs - https://grafana.com/grafana/dashboards/13922 ID
Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications.
See Getting started | Kubernetes - https://kubernetes.io/docs/setup/ to leanr more.
Pulumi is a modern infrastructure-as-code platform that allows you to use common programming languages, tools, and frameworks, to provision, update, and manage cloud infrastructure resources.
Install the Pulumi - https://www.pulumi.com/ CLI.
Mac OS X
brew install pulumi
See Download and Install | Pulumi - https://www.pulumi.com/docs/get-started/install/ to learn more about others OS.
Install Node.js - https://nodejs.org/en/ CLI.
Mac OS X
brew install node
See Node.js - https://nodejs.org/en/ to learn more about others OS.
Prometheus is an open-source systems monitoring and alerting toolkit originally built at SoundCloud. Since its inception in 2012, many companies and organizations have adopted Prometheus, and the project has a very active developer and user community.
There are two choices to install Prometheus on Kubernetes (K8S)
Install Loki-Stack by Helm:
Create the workspace directory.
mkdir -p col-example-pulumi-typescript-x509-certificate-exporter
Pulumi login into local file system.
pulumi login file://.
Pulumi new a project with kubernetes-typescript SDK.
pulumi new kubernetes-typescript
The above command will create some files within the current directory.
tree . -L 1
js-yaml package to load and parse yaml file.
npm i js-yaml
By default, Pulumi will look for a kubeconfig file in the following locations, just like kubectl:
The environment variable:
Or in current user’s default kubeconfig directory:
If the kubeconfig file is not in either of these locations, Pulumi will not find it, and it will fail to authenticate against the cluster. Set one of these locations to a valid kubeconfig file, if you have not done so already.
Edit values.yaml and replace content within
Run pulumi up to create the namespace and pods.
See pods about x509-certificate-exporter.
kubectl get pods -n x509-certificate-exporter
Import X509 Certificate Exporter Grafana Dashboard
Destroy all resources created by Pulumi.
Panel plugin not found: grafana-piechart-panel
First, enter into the
exec kubectl exec -i -t <grafana> -c grafana -- sh -c "clear; (bash || ash || sh)"
Use the new grafana-cli tool to install grafana-piechart-panel from the Pod commandline:
grafana-cli plugins install grafana-piechart-panel
Remember to restart