Cert Manager Absent

CertManagerAbsent #

Meaning #

This alert fires when there is no cert-manager endpoint discovered by Prometheus. Causes could be a few things.

Impact #

Without cert-manager provisioning and renewing of certificates will not take place, as long as other alerts, such as certificate expiry alerts will not be available.

Diagnosis #

Check Pods in the cert-manager namespace.

kubectl get pods -n cert-manager

Check the logs of the individual pods:

kubectl logs -n cert-manager deployments/cert-manager
kubectl logs -n cert-manager deployments/cert-manager-cainjector
kubectl logs -n cert-manager deployments/cert-manager-webhook

Also check for events that involve cert-manager objects for errors:

kubectl get events --all-namespaces --field-selector involvedObject.apiVersion=cert-manager.io/v1

Mitigation #

  • Ensure cert-manager is up and running.
  • Ensure service discovery is configured correctly for cert-manager.

Source: https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/eae22f642aaa5d422e4766f6811df2158fc05539/RUNBOOK.md