Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Monitoring observability for "CertificateRequests" #42

Closed
jacksgt opened this issue Sep 28, 2023 · 2 comments
Closed

Monitoring observability for "CertificateRequests" #42

jacksgt opened this issue Sep 28, 2023 · 2 comments

Comments

@jacksgt
Copy link
Contributor

jacksgt commented Sep 28, 2023

Hello,

we completed the switch to openshift-routes in our production environment and are quite happy with it.

However, we noticed that openshift-routes creates CertificateRequests - unlike cert-manager's ingress-shim which creates Certificates.

This has the unfortunate side-effect that we have no observability on these resources, because cert-manager's metrics endpoint exposes only metrics about Certificates (but not CertificateRequests, Orders, Challenges etc.). In practice this means that when one of the certificate requests get stuck (for many reasons, e.g. wrong DNS setup, order invalid, ...), we might not notice for a long time. :-(

certmanager_certificate_expiration_timestamp_seconds
certmanager_certificate_ready_status
certmanager_certificate_renewal_timestamp_seconds
certmanager_clock_time_seconds
certmanager_clock_time_seconds_gauge
certmanager_controller_sync_call_count
certmanager_controller_sync_error_count
certmanager_http_acme_client_request_count
certmanager_http_acme_client_request_duration_seconds
certmanager_http_acme_client_request_duration_seconds_count
certmanager_http_acme_client_request_duration_seconds_sum

I see two possible ways to resolve this issue:

  • expose CertificateRequest metrics directly in cert-manager
    • this seems to me the cleanest solution and will benefit all users of cert-manager
  • add additional metrics to openshift-routes that indicate if it successfully got a new certificate for a route
    • openshift-routes already has a /metrics endpoint, but it currently exposes only low-level metrics about controller runtime etc.
    • this approach might mean some of the logic that is already part of cert-manager gets reimplemented

I'm happy to discuss other ideas as well.
@ctrought
Copy link
Contributor

Also wondering if switching to use Certificates instead of CertificateRequests is another feasible option. Maybe a bit more work but it would help with consistency as these differences come up.

@maelvls maelvls mentioned this issue Dec 15, 2023
Closed
@jacksgt
Copy link
Contributor Author

jacksgt commented Oct 4, 2024

I'm closing this issue since #101 has been merged and https://github.com/cert-manager/openshift-routes/releases/tag/v0.7.0 has been released.

@jacksgt jacksgt closed this as completed Oct 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jacksgt @ctrought