baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Include user-defined default cert for traefik_tls_certs_not_after metric

Browse source 
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
This commit is contained in:
Romain 2023-02-23 16:14:06 +01:00 committed by GitHub
parent 7202038649
commit 807feef176
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 31 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
cmd/traefik/traefik.go
View file

@ -278,7 +278,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
tlsManager.UpdateConfigs(ctx, conf.TLS.Stores, conf.TLS.Options, conf.TLS.Certificates) tlsManager.UpdateConfigs(ctx, conf.TLS.Stores, conf.TLS.Options, conf.TLS.Certificates)
gauge := metricsRegistry.TLSCertsNotAfterTimestampGauge() gauge := metricsRegistry.TLSCertsNotAfterTimestampGauge()
for _, certificate := range tlsManager.GetCertificates() { for _, certificate := range tlsManager.GetServerCertificates() {
appendCertMetric(gauge, certificate) appendCertMetric(gauge, certificate)
} }
}) })

41
pkg/tls/tlsmanager.go
View file

@ -223,24 +223,43 @@ func (m *Manager) Get(storeName, configName string) (*tls.Config, error) {
return tlsConfig, err return tlsConfig, err
} }
// GetCertificates returns all stored certificates. // GetServerCertificates returns all certificates from the default store,
func (m *Manager) GetCertificates() []*x509.Certificate { // as well as the user-defined default certificate (if it exists).
func (m *Manager) GetServerCertificates() []*x509.Certificate {
var certificates []*x509.Certificate var certificates []*x509.Certificate
// We iterate over all the certificates. // The default store is the only relevant, because it is the only one configurable.
for _, store := range m.stores { defaultStore, ok := m.stores[DefaultTLSStoreName]
if store.DynamicCerts != nil && store.DynamicCerts.Get() != nil { if !ok || defaultStore == nil {
for _, cert := range store.DynamicCerts.Get().(map[string]*tls.Certificate) { return certificates
x509Cert, err := x509.ParseCertificate(cert.Certificate[0]) }
if err != nil {
continue
}
certificates = append(certificates, x509Cert) // We iterate over all the certificates.
if defaultStore.DynamicCerts != nil && defaultStore.DynamicCerts.Get() != nil {
for _, cert := range defaultStore.DynamicCerts.Get().(map[string]*tls.Certificate) {
x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
if err != nil {
continue
} }
certificates = append(certificates, x509Cert)
} }
} }
if defaultStore.DefaultCertificate != nil {
x509Cert, err := x509.ParseCertificate(defaultStore.DefaultCertificate.Certificate[0])
if err != nil {
return certificates
}
// Excluding the generated Traefik default certificate.
if x509Cert.Subject.CommonName == generate.DefaultDomain {
return certificates
}
certificates = append(certificates, x509Cert)
}
return certificates return certificates
} }