From 33866789042bf78138a4287ba75ac72a1fac17d2 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sun, 27 Feb 2022 20:57:17 +0100
Subject: [PATCH] feat(monitoring): Enable host certificate monitoring

---
 infrastructure/monitoring/x509-exporter.yaml | 29 ++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/infrastructure/monitoring/x509-exporter.yaml b/infrastructure/monitoring/x509-exporter.yaml
index a13fdb842..997ae9816 100644
--- a/infrastructure/monitoring/x509-exporter.yaml
+++ b/infrastructure/monitoring/x509-exporter.yaml
@@ -23,3 +23,32 @@ spec:
         namespace: monitoring-system
       version: 1.20.0
   interval: 5m
+  values:
+    hostPathsExporter:
+      podAnnotations:
+        prometheus.io/port: "9793"
+        prometheus.io/scrape: "true"
+      daemonSets:
+        cp:
+          nodeSelector:
+            node-role.kubernetes.io/master: ""
+          tolerations:
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/master
+            operator: Exists
+          watchFiles:
+          - /var/lib/kubelet/pki/kubelet-client-current.pem
+          - /etc/kubernetes/pki/apiserver.crt
+          - /etc/kubernetes/pki/apiserver-etcd-client.crt
+          - /etc/kubernetes/pki/apiserver-kubelet-client.crt
+          - /etc/kubernetes/pki/ca.crt
+          - /etc/kubernetes/pki/front-proxy-ca.crt
+          - /etc/kubernetes/pki/front-proxy-client.crt
+          - /etc/kubernetes/pki/etcd/ca.crt
+          - /etc/kubernetes/pki/etcd/healthcheck-client.crt
+          - /etc/kubernetes/pki/etcd/peer.crt
+          - /etc/kubernetes/pki/etcd/server.crt
+          watchKubeconfFiles:
+          - /etc/kubernetes/admin.conf
+          - /etc/kubernetes/controller-manager.conf
+          - /etc/kubernetes/scheduler.conf
-- 
GitLab