Jay Park
Reputation: 11
Auto certificate expiration date check in .jks in Kubernetes secret
I have certificates stored in .jks file. The jks keystore is in the Kubernetes secret. Is there any way to check the expiration date in Kubernetes itself?
For TLS certificates, we use X.509 exporter to Prometheus but I cannot find the way for the .jks file.
Upvotes: 1
Views: 71
Answers (1)
Rico
Reputation: 61699
There is no built in functionality in Kubernetes to do this.
But there are multiple ways you could implement this. For example, you can create a microservice that shells out and calls keytool with the different options to check certificate expiry.
Then based on the output you can export a prom metric, possibly a counter metric -> 1 for expired and 0 for non expired.
Upvotes: 0
Related Questions
- Kubernetes: modify a secret using kubectl?
- How to determine SSL cert expiration date from a PEM encoded certificate?
- Decoding Kubernetes secret
- Need help converting P12 certificate into JKS
- Is there a way to share secrets across namespaces in Kubernetes?
- Difference between .keystore file and .jks file
- How to import a .cer certificate into a java keystore?
- Convert .cer certificate to .jks
- SSL.keystore.location can't find JKS file in my Kubernetes secrets mount