Comments (5)
If this enhancement is acceptable, I can pick it up and contribute for same.
from x509-certificate-exporter.
Hi @porwalameet
Sorry we didn't get back to you sooner. There have been other requests for this enhancement already, but your issue certainly revived the discussion on how we could implement that. Work is in progress.
Actually there was a good reason why this directory watch option never had recursion. It comes to the fact there is no identification of certificate files based on filenames, such as extensions: .crt
, .pem
, ... Crawling a large filesystem would instantiate the PEM parser for every single file, consuming memory and cpu resources, and probably taking too much time to answer scrape queries before the cache gets fed. And since we do not maintain the parser code which is from Golang, that's also an open door for regressions in performance or behaviour, should we rely too much on it for scanning content in tens of thousands of files likely found in a /var/lib/kubelet/pods/
.
So it was a safeguard against configurations that would make the exporter behave poorly and likely far bellow user expectations.
Ultimately we'll need an optional configuration file to add many options to each file or directory path.
In the meantime this can be implemented in a limited form with CLI arguments. Such as giving a list of file extensions, or whole path globbing.
Let me sync up with my colleague who has been looking at that feature already, and I'll tell you what to expect.
from x509-certificate-exporter.
Thanks @npdgm. I do agree there will lot of files and parsing might take lot of memory based on pods running on a node. We can filter volumes directory specifically - like /var/lib/kubelet/pods/*/volumes, since such secrets/certificates will be volume mounted, so the scanning target is limited now, we can have such optimizations to narrow it down further. Just a thought.
from x509-certificate-exporter.
Hi @npdgm , just checking did you hear back anything on this feature/Enhancement.
from x509-certificate-exporter.
Hello, I am almost done implementing this into the exporter. Then we'll need to update the helm chart to be compatible with the changes, and then we'll release this feature. You can expect to see it released within 1-2 weeks.
from x509-certificate-exporter.
Related Issues (20)
- Queston: Do include/exclude parameters accept wildcard notation?
- Feature request: Enhance shutdown function to accept context for improved control
- Is it possible to use this exporter to monitor PEM files within each pod? HOT 2
- `grafana-piechart-panel` grafana plugin is deprecated
- fingerprint / serial_number as metric-label
- 如何修改 labels 中的 instance,我想去掉端口号
- Add possibility to scan ConfigMaps in addition to Secrets HOT 1
- Cannot deploy Helm charts as Chart.yaml versions are "0.0.0"
- Bump versions to eliminate CVEs: golang.org/x/net golang.org/x/net HOT 4
- metrics endpoint always shows DOWN
- CI doesn't push the `latest` tag anymore HOT 2
- Move out from internal packages to allow import
- Exporter use a lot of memory when scraping secrets from k8s, which leads to OOM sometimes. HOT 1
- Logging messages format non uniform HOT 1
- can be deleted.
- Feature: Regex support in --secret-type flag HOT 1
- [feature request]Handel duplicate cert HOT 1
- Ability to override prometheus rule expressions
- Helm chart does not support tlsConfig for serviceMonitor/podMonitor
- Concurrent collector runs lead to an OOM kill HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from x509-certificate-exporter.