kong
kong copied to clipboard
Kong
feat(clustering) add cert exp date for clustering dp endpoint
Summary
Proposing to add a new field to /clustering/data-planes endpoint which is data plane certificate expiration date. I think it is important information to have in one place which would be convenient knowing that if you run a Hybrid setup and have a bunch of data planes and if you are in PKI mode you would like to know which data planes are online and when their certificate are going to expire or maybe have already expired.
Today we have only 2 options to keep track of that which is:
- Keeping track of certificate expiration dates in a separate system which is stored during certificate generation.
- Finding out that information from the control plane logs which would indicate that certificate has already expired and connection is broken.
Full changelog
- Added new field
cert_exp_date
Hi Arturas, I have just changed the base branch used here to master - as we are getting rid of next. Apologies for the disruption, and let me know if you need help with a potential rebase.
Hi Arturas, I have just changed the base branch used here to
master- as we are getting rid ofnext. Apologies for the disruption, and let me know if you need help with a potential rebase.
Hey GS! No, that is good, thank you for letting me know! ;)
@artomal any updates on this, should this be marked as ready for review?
Yes, sorry for a delay ;) thanks for pinging me!
👍 We can also to expose it in prometheus metrics but it's a different story. Maybe a warning message if you are starting Kong DP with an expired cert is also useful for debugging.
Is there a ticket to track making this a metric. It has been identified as a missing piece of critical observability as long as the cert renewal process is manual for customers.
@wyndigo we created a card to track adding this functionality into Prometheus internally. I removed the comment from @fffonion because it contained internal information.
