Promhub Logo Prom hub

Kubernetes client certificate expires soon
critical

Description A client certificate used to authenticate to the apiserver is expiring in less than 24.0 hours.
Query 
>>>
	
				
					
				
			
				
					{job="apiserver"} > 0 and 
				
			
				
					
					
						histogram_quantile
					
				
			
				
					(0.01, sum by (job, le) (
				
			
				
					
					
						rate
					
				
			
				
					(
				
			
				
					
				
			
				
					{job="apiserver"}[5m]))) < 24*60*60
Query Explanation

The rule first ensures there is at least one client certificate (apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0). Then it computes the 1 %‑ile of the certificate‑expiration histogram (histogram_quantile(0.01, …)) and fires if that 1 %‑ile is under 24 hours (< 24*60*60). In short, the alert triggers when any client certificate used by the apiserver is expected to expire within the next day.

Get Alert
Download
Copy to Clipboard