• Check command ca_cert checks the expiration timestamp of Kubernetes api server CA certificate. No longer you have to get a surprise that the CA certificate for your cluster has expired.
• Spec - ca_cert check command has the following variables:
-> warning - Condition for warning, compare with tiem left before expiration. (Default: TTL < 360h)
-> critical - Condition for critical, compare with tiem left before expiration. (Default: TTL < 120h)
• Execution of this command can result in following states:
-> OK
-> WARNING
-> CRITICAL
-> UNKNOWN

# Tutorial
• you need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster.

kubectl create namespace demo

kubectl get namespaces
NAME          STATUS    AGE
default       Active    6h
kube-public   Active    6h
kube-system   Active    6h
demo          Active    4m

# Create Alert
• we are going to create an alert to check ca_cert.

cat ./docs/examples/cluster-alerts/ca_cert/demo-0.yaml

apiVersion: monitoring.appscode.com/v1alpha1
kind: ClusterAlert
metadata:
  name: ca-cert-demo-0
  namespace: demo
spec:
  check: ca_cert
  vars:
    warning: 240h
    critical: 72h
  checkInterval: 30s
  alertInterval: 2m
  notifierSecretName: notifier-config
  receivers:
  - notifier: Mailgun
    state: CRITICAL
    to: ["ops@example.com"]
    
kubectl apply -f ./docs/examples/cluster-alerts/ca_cert/demo-0.yaml 

kubectl describe clusteralert ca-cert-demo-0 -n demo

# Cleaning up
• To cleanup the Kubernetes resources

kubectl delete ns demo

# Link:- https://appscode.com/products/searchlight/5.1.1/guides/cluster-alerts/ca_cert/ 