Certificate Expiry Monitor

This utility exposes the expiry of TLS certificates as Prometheus metrics. To create the Docker image, simply execute the following command: docker build . -t muxinc/certificate-expiry-monitor:latest. To run the Docker image, use the executable located at /app with this command: → docker run muxinc/certificate-expiry-monitor:latest /app --help. Usage of ./certificate-expiry-monitor: -domains string: A comma-separated list of SNI domains to query. -frequency duration: The frequency at which the certificate expiry times are polled (default is 1m0s). -hostIP: If set to true, it will connect to the host that the pod is running on instead of connecting to the pod itself. -ignoredDomains string: A comma-separated list of domains to exclude from the discovered set.

This can be a regex if the string is enclosed in forward slashes, such as /.*\.domain\.com$/, which will exclude all subdomains of domain.com. -ingressNamespaces string: If provided, this is a comma-separated list of namespaces that will be searched for ingresses with domains to automatically query. -insecure: If set to true, the InsecureSkipVerify option will be applied to the TLS connection, allowing the remote certificate and hostname to be trusted without verification (default is true). -kubeconfig string: This specifies the path to the kubeconfig file.