diff --git a/assets/prometheus/rules/kubernetes.rules.yaml b/assets/prometheus/rules/kubernetes.rules.yaml
index 537079a456fb65f505ab9783db6e51384ede946a..f961ce6be5668fc9469f9e01efd826fe840306f8 100644
--- a/assets/prometheus/rules/kubernetes.rules.yaml
+++ b/assets/prometheus/rules/kubernetes.rules.yaml
@@ -84,3 +84,17 @@ groups:
annotations:
description: No API servers are reachable or all have disappeared from service
discovery
+
+ - alert: K8sCertificateExpirationNotice
+ labels:
+ severity: warning
+ annotations:
+ description: Kubernetes API Certificate is expiring soon (less than 7 days)
+ expr: sum(apiserver_client_certificate_expiration_seconds_bucket{le="604800"}) > 0
+
+ - alert: K8sCertificateExpirationNotice
+ labels:
+ severity: critical
+ annotations:
+ description: Kubernetes API Certificate is expiring in less than 1 day
+ expr: sum(apiserver_client_certificate_expiration_seconds_bucket{le="86400"}) > 0
diff --git a/manifests/prometheus/prometheus-k8s-rules.yaml b/manifests/prometheus/prometheus-k8s-rules.yaml
index b844d16097371c44a845fabe5ef63ec17b504e37..d563a57172a41aa2d5b623f3faf787ef0660752d 100644
--- a/manifests/prometheus/prometheus-k8s-rules.yaml
+++ b/manifests/prometheus/prometheus-k8s-rules.yaml
@@ -469,6 +469,20 @@ data:
annotations:
description: No API servers are reachable or all have disappeared from service
discovery
+
+ - alert: K8sCertificateExpirationNotice
+ labels:
+ severity: warning
+ annotations:
+ description: Kubernetes API Certificate is expiring soon (less than 7 days)
+ expr: sum(apiserver_client_certificate_expiration_seconds_bucket{le="604800"}) > 0
+
+ - alert: K8sCertificateExpirationNotice
+ labels:
+ severity: critical
+ annotations:
+ description: Kubernetes API Certificate is expiring in less than 1 day
+ expr: sum(apiserver_client_certificate_expiration_seconds_bucket{le="86400"}) > 0
node.rules.yaml: |+
groups:
- name: node.rules