Include user-defined default cert for traefik_tls_certs_not_after metric
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
This commit is contained in:
Romain
GitHub
parent
7202038649
commit
807feef176
2 changed files with 31 additions and 12 deletions
|
|
@ -278,7 +278,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
|
||||||
tlsManager.UpdateConfigs(ctx, conf.TLS.Stores, conf.TLS.Options, conf.TLS.Certificates)
|
tlsManager.UpdateConfigs(ctx, conf.TLS.Stores, conf.TLS.Options, conf.TLS.Certificates)
|
||||||
|
|
||||||
gauge := metricsRegistry.TLSCertsNotAfterTimestampGauge()
|
gauge := metricsRegistry.TLSCertsNotAfterTimestampGauge()
|
||||||
for _, certificate := range tlsManager.GetCertificates() {
|
for _, certificate := range tlsManager.GetServerCertificates() {
|
||||||
appendCertMetric(gauge, certificate)
|
appendCertMetric(gauge, certificate)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -223,14 +223,20 @@ func (m *Manager) Get(storeName, configName string) (*tls.Config, error) {
|
||||||
return tlsConfig, err
|
return tlsConfig, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetCertificates returns all stored certificates.
|
// GetServerCertificates returns all certificates from the default store,
|
||||||
func (m *Manager) GetCertificates() []*x509.Certificate {
|
// as well as the user-defined default certificate (if it exists).
|
||||||
|
func (m *Manager) GetServerCertificates() []*x509.Certificate {
|
||||||
var certificates []*x509.Certificate
|
var certificates []*x509.Certificate
|
||||||
|
|
||||||
|
// The default store is the only relevant, because it is the only one configurable.
|
||||||
|
defaultStore, ok := m.stores[DefaultTLSStoreName]
|
||||||
|
if !ok || defaultStore == nil {
|
||||||
|
return certificates
|
||||||
|
}
|
||||||
|
|
||||||
// We iterate over all the certificates.
|
// We iterate over all the certificates.
|
||||||
for _, store := range m.stores {
|
if defaultStore.DynamicCerts != nil && defaultStore.DynamicCerts.Get() != nil {
|
||||||
if store.DynamicCerts != nil && store.DynamicCerts.Get() != nil {
|
for _, cert := range defaultStore.DynamicCerts.Get().(map[string]*tls.Certificate) {
|
||||||
for _, cert := range store.DynamicCerts.Get().(map[string]*tls.Certificate) {
|
|
||||||
x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
|
x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
continue
|
continue
|
||||||
|
|
@ -239,6 +245,19 @@ func (m *Manager) GetCertificates() []*x509.Certificate {
|
||||||
certificates = append(certificates, x509Cert)
|
certificates = append(certificates, x509Cert)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if defaultStore.DefaultCertificate != nil {
|
||||||
|
x509Cert, err := x509.ParseCertificate(defaultStore.DefaultCertificate.Certificate[0])
|
||||||
|
if err != nil {
|
||||||
|
return certificates
|
||||||
|
}
|
||||||
|
|
||||||
|
// Excluding the generated Traefik default certificate.
|
||||||
|
if x509Cert.Subject.CommonName == generate.DefaultDomain {
|
||||||
|
return certificates
|
||||||
|
}
|
||||||
|
|
||||||
|
certificates = append(certificates, x509Cert)
|
||||||
}
|
}
|
||||||
|
|
||||||
return certificates
|
return certificates
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue