linkerd2 icon indicating copy to clipboard operation
linkerd2 copied to clipboard

Published 20 hours ago verified publisher icon linkerd

proxy: expose `clock_time_seconds` metric

Open rkrishn7 opened this issue 10 months ago • 2 comments

What problem are you trying to solve?

Proxies currently report a identity_cert_expiration_timestamp_seconds that indicates when a proxy’s current mTLS identity certificate will expire (in seconds since the UNIX epoch).

However, for monitoring when a certificate will expire relative to the proxy's current notion of time, it is not all that useful.

How should the problem be solved?

If the proxy emitted it's system time as a gauge metric, it would be trivial to track expiration of certificates. cert-manager does this well.

Any alternatives you've considered?

It's possible to track the system time elsewhere (e.g. by host), however I think the proxy should expose this to give a useful view of certificate expiration.

How would users interact with this feature?

No response

Would you like to work on this feature?

yes

rkrishn7 avatar Apr 09 '24 18:04 rkrishn7

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jul 10 '24 05:07 stale[bot]

Gonna reopen this one since I think it staled out without an evaluation.

wmorgan avatar Jul 31 '24 18:07 wmorgan