From abc8cfa9cac1a50e7605650771a39306df1411cc Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 5 Oct 2022 14:18:46 +0200 Subject: promethues/alerts: lower warning threshold for ssl cert expiry to 4 weeks --- .../server/defaults/main/rules_blackbox__probe.yml | 4 ++-- .../server/defaults/main/rules_ssl__probe.yml | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) (limited to 'roles/monitoring/prometheus') diff --git a/roles/monitoring/prometheus/server/defaults/main/rules_blackbox__probe.yml b/roles/monitoring/prometheus/server/defaults/main/rules_blackbox__probe.yml index a15f8b5a..2d9b0c57 100644 --- a/roles/monitoring/prometheus/server/defaults/main/rules_blackbox__probe.yml +++ b/roles/monitoring/prometheus/server/defaults/main/rules_blackbox__probe.yml @@ -21,13 +21,13 @@ prometheus_server_rules_blackbox__probe: description: "Blackbox probe took more than 1s to complete\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = {{ '{{' }} $labels {{ '}}' }}" - alert: BlackboxSslCertificateWillExpireSoon - expr: probe_ssl_earliest_cert_expiry - time() < 86400 * 30 + expr: probe_ssl_earliest_cert_expiry - time() < 86400 * 28 for: 0m labels: severity: warning annotations: summary: Blackbox SSL certificate will expire soon (instance {{ '{{' }} $labels.instance {{ '}}' }}) - description: "SSL certificate expires in less than 30 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = {{ '{{' }} $labels {{ '}}' }}" + description: "SSL certificate expires in less than 28 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = {{ '{{' }} $labels {{ '}}' }}" - alert: BlackboxSslCertificateWillExpireVerySoon expr: probe_ssl_earliest_cert_expiry - time() < 86400 * 7 diff --git a/roles/monitoring/prometheus/server/defaults/main/rules_ssl__probe.yml b/roles/monitoring/prometheus/server/defaults/main/rules_ssl__probe.yml index 8805de0a..34090446 100644 --- a/roles/monitoring/prometheus/server/defaults/main/rules_ssl__probe.yml +++ b/roles/monitoring/prometheus/server/defaults/main/rules_ssl__probe.yml @@ -11,13 +11,13 @@ prometheus_server_rules_ssl__probe: description: "Failed to fetch SSL certificate information {{ '{{' }} $labels.instance {{ '}}' }}\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = {{ '{{' }} $labels {{ '}}' }}" - alert: SslCertificateExpiresSoon - expr: ssl_cert_not_after - time() < 86400 * 30 + expr: ssl_cert_not_after - time() < 86400 * 28 for: 0m labels: severity: warning annotations: summary: SSL certificate expires soon (instance {{ '{{' }} $labels.instance {{ '}}' }}) - description: "The certificate {{ '{{' }} $labels.cn {{ '}}' }} is expiring in less than 30 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" + description: "The certificate {{ '{{' }} $labels.cn {{ '}}' }} is expiring in less than 28 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" - alert: SslCertificateExpiresVerySoon expr: ssl_cert_not_after - time() < 86400 * 7 @@ -29,13 +29,13 @@ prometheus_server_rules_ssl__probe: description: "The certificate {{ '{{' }} $labels.cn {{ '}}' }} is expiring in less than 7 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" - alert: SslCertificateChainExpiresSoon - expr: ssl_verified_cert_not_after - time() < 86400 * 30 + expr: ssl_verified_cert_not_after - time() < 86400 * 28 for: 0m labels: severity: warning annotations: summary: SSL chain certificate expires soon (instance {{ '{{' }} $labels.instance {{ '}}' }}) - description: "The chain certificate {{ '{{' }} $labels.cn {{ '}}' }} is expiring in less than 30 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" + description: "The chain certificate {{ '{{' }} $labels.cn {{ '}}' }} is expiring in less than 28 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" - alert: SslCertificateChainExpiresVerySoon expr: ssl_verified_cert_not_after - time() < 86400 * 7 @@ -65,13 +65,13 @@ prometheus_server_rules_ssl__probe: description: "OCSP reports SSL certificate {{ '{{' }} $labels.cn {{ '}}' }} as revoked\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = {{ '{{' }} $labels {{ '}}' }}" - alert: SslCertificateFileExpiresSoon - expr: ssl_file_cert_not_after - time() < 86400 * 30 + expr: ssl_file_cert_not_after - time() < 86400 * 28 for: 0m labels: severity: warning annotations: summary: SSL certificate expires soon (instance {{ '{{' }} $labels.instance {{ '}}' }}) - description: "The certificate in {{ '{{' }} $labels.file {{ '}}' }} is expiring in less than 30 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" + description: "The certificate in {{ '{{' }} $labels.file {{ '}}' }} is expiring in less than 28 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" - alert: SslCertificateFileExpiresVerySoon expr: ssl_file_cert_not_after - time() < 86400 * 7 @@ -83,13 +83,13 @@ prometheus_server_rules_ssl__probe: description: "The certificate in {{ '{{' }} $labels.file {{ '}}' }} is expiring in less than 7 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" - alert: SslCertificateKubernetesExpiresSoon - expr: ssl_kubernetes_cert_not_after - time() < 86400 * 30 + expr: ssl_kubernetes_cert_not_after - time() < 86400 * 28 for: 0m labels: severity: warning annotations: summary: SSL kubernetes certificate expires soon (instance {{ '{{' }} $labels.instance {{ '}}' }}) - description: "The certificate in kubernetes secret {{ '{{' }} $labels.namespace {{ '}}' }}/{{ '{{' }} $labels.secret {{ '}}' }} is expiring in less than 30 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" + description: "The certificate in kubernetes secret {{ '{{' }} $labels.namespace {{ '}}' }}/{{ '{{' }} $labels.secret {{ '}}' }} is expiring in less than 28 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" - alert: SslCertificateKubernetesExpiresVerySoon expr: ssl_kubernetes_cert_not_after - time() < 86400 * 7 @@ -101,13 +101,13 @@ prometheus_server_rules_ssl__probe: description: "The certificate in kubernetes secret {{ '{{' }} $labels.namespace {{ '}}' }}/{{ '{{' }} $labels.secret {{ '}}' }} is expiring in less than 7 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" - alert: SslCertificateKubeconfigExpiresSoon - expr: ssl_kubeconfig_cert_not_after - time() < 86400 * 30 + expr: ssl_kubeconfig_cert_not_after - time() < 86400 * 28 for: 0m labels: severity: warning annotations: summary: SSL kubeconfig certificate expires soon (instance {{ '{{' }} $labels.instance {{ '}}' }}) - description: "The certificate in kubeconfig {{ '{{' }} $labels.kubeconfig {{ '}}' }} is expiring in less than 30 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" + description: "The certificate in kubeconfig {{ '{{' }} $labels.kubeconfig {{ '}}' }} is expiring in less than 28 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" - alert: SslCertificateKubeconfigExpiresVerySoon expr: ssl_kubeconfig_cert_not_after - time() < 86400 * 7 -- cgit v1.2.3