From 7560bb467376e7d48f751a1e7713d22a2ca0b935 Mon Sep 17 00:00:00 2001
From: Joshua Hoblitt <josh@hoblitt.com>
Date: Wed, 24 Apr 2024 19:49:48 -0700
Subject: [PATCH] (fleet/cert-manager) add CertManagerCertificateReadyStatus
 alert

---
 .../cert-manager-conf/base/kustomization.yaml  |  1 +
 .../base/prometheusrule-cert-manager.yaml      | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 fleet/lib/cert-manager-conf/base/prometheusrule-cert-manager.yaml

diff --git a/fleet/lib/cert-manager-conf/base/kustomization.yaml b/fleet/lib/cert-manager-conf/base/kustomization.yaml
index 1d86207bd..40d5e24f5 100644
--- a/fleet/lib/cert-manager-conf/base/kustomization.yaml
+++ b/fleet/lib/cert-manager-conf/base/kustomization.yaml
@@ -3,3 +3,4 @@ resources:
   - clusterissuer-letsencrypt-staging.yaml
   - clusterissuer-letsencrypt.yaml
   - externalsecret-route53.yaml
+  - prometheusrule-cert-manager.yaml
diff --git a/fleet/lib/cert-manager-conf/base/prometheusrule-cert-manager.yaml b/fleet/lib/cert-manager-conf/base/prometheusrule-cert-manager.yaml
new file mode 100644
index 000000000..f28ef21c7
--- /dev/null
+++ b/fleet/lib/cert-manager-conf/base/prometheusrule-cert-manager.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  labels:
+    lsst.io/rule: "true"
+  name: cert-manager
+spec:
+  groups:
+    - name: cert-manager
+      rules:
+        - alert: CertManagerCertificateReadyStatus
+          annotations:
+            description: Certificate {{ $labels.namespace }}/{{ $labels.name }} is not ready.
+          expr: certmanager_certificate_ready_status{condition="False"} == 1
+          for: 10m
+          labels:
+            severity: critical