* Support TLS renegotiation
* Bump version
* Revert version bump
* Extend TLSConfig with renegotiation support
* Update config/config.go - comment formatting
Co-authored-by: Rob Best <robertbest89@gmail.com>
* add dedicated renegotiation example
* Create local NewTLSConfig in order to incorporate local extentions
* go mod tidy
* Move TLS renegotiation parsing into UnmarshalYAML
Co-authored-by: Rob Best <robertbest89@gmail.com>
* Support getting certificate information from a kubeconfig file
* Support relative paths for cluster CA and user certificate in kubeconfig
* Determine relative using filepath.IsAbs
* Make relative path logic actually work, add test. Move all kubeconfig parsing into parsing specific function
The existing implementation consists of a collector that exports
information from a tls.ConnectionState returned by the prober function.
This won't necessarily integrate well with additional probers that
retrieve certs from sources other than a tls handshake (from file, for
instance).
I've made the probing more generically expandable by removing the
collector and instead registering and collecting metrics inside the
prober. This makes it possible to collect the same metrics in a
different way, or collect different metrics depending on the prober.
There are a number of reasons for this change:
- Modules allow a single instance of the exporter to be configured with numerous
different tls configs. Previously you had to run a different exporter for each
combination.
- Adding new and more complicated options to the exporter should be easier with
modules than if I was to go down the route of accepting configuration directly through url params
- I prefer defining a specific prober (https,tcp) over using the URL to guess
what the user wants
- Don't use promu and upstream Prometheus Makefiles. I don't have a clear
process for keeping them in sync with the upstream and I don't think they add
much value.
- Use the same ldflags in goreleaser and the Makefile
- Run goreleaser from the Makefile so custom env vars can be injected
- Update to go 1.14
Connections were being left around after requests and in some cases this could
result in file descriptor errors when open files built up.
Closing the http response body and the tcp connection, as well as disabling http
keep alives seems to resolve this.
