check_rancher2

Version 1.13.0 adds a new check type api-token. This check is used to monitor the expiry of the used API token (used by check_rancher2).

Background In newer Rancher2 versions, API tokens must be created with an expiry. The tokens are no longer valid without expiration date (such as in Rancher 2.5). When the API token expired, the monitoring checks with check_rancher2 run into an authentication error. With the new api-token check type, the plugin will alert in advance, prior to the expiry of the token, when used in combination with --expiry-warn.

Furthermore the --cert-warn parameter, used for the local-certs certificate check, is now DEPRECATED. Please use --expiry-warn for this check as well.

The local-certs check type received a bug fix in the output.

Launching the plugin with --help no longer shows unrecognized option '--help' at the top.

Use 'command -v' instead of 'which' for required command check. Makes the plugin more distribution independent, as which is not always installed by default - depending on the Linux distribution.

This release adds a new check type to the plugin.

The "local-certs" check type allows to check for valid certificates deployed by Rancher in the "local" cluster, under the "System" project. These certificates are deployed as Kubernetes secrets in the "cattle-system" namespace.

These certificates are by default created with a one year validity (Rancher, whyyyy?!). When these local certificates expire, this can create some issues in the background of Rancher, e.g. when RBAC actions are used. It's therefore important to verify these certificates have not expired.