[Feature request] Automatically reload certificates when expired #472
Comments
timstoop
changed the title
|
Just noticed #414! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
(I mistakenly wrote this feature request in the Helm repo first, hence the structured layout.)
Is your feature request related to a problem ?
When running the elasticsearch-exporter against an ES cluster setup by the elastic operator, it uses CA certificates with a validity of (by default) a year. If the cert expires, it automatically gets replaced by the elastic-operator. However, the exporter keeps using the old certificate, even when it is expired. Restarting the Pod solves the issue.
Describe the solution you'd like.
Simplest would be if the elasticsearch-exporter would fail its health check if it detects it's using a certificate that is expired.
Better would be to check if the mounted certificate has been changed and use that from that point onwards, as it no longer requires a restart.
Additional context.
Although we get warnings regarding scrape failures, this issue still means we lost some metrics. It's not super crucial, of course, but it would be nice to have it fixed.
The text was updated successfully, but these errors were encountered: