Kubernetes TLS/SSL certificate expiration
.svg)
.svg)
Description
Check for expiring TLS certificates in Kubernetes by advancing the system clock forward one day, one week, and one month. Detect certificates that will expire before they cause outages.
What this Scenario does
This Scenario advances the system clock within your Kubernetes pods forward by one day, one week, and one month. This triggers certificate validation logic and reveals any TLS/SSL certificates that will expire within those time windows—including certificates managed by cert-manager, mounted as Kubernetes secrets, or used by ingress controllers.
Why run this Scenario?
- Proactively identify expiring certificates across your Kubernetes environment before they cause outages.
- Test cert-manager and other Kubernetes certificate automation workflows under time-based pressure.
- Verify that Kubernetes secrets containing TLS certificates are being rotated correctly.
- Validate that ingress controller certificates and service mesh mTLS certificates are covered by your renewal process.
-
Expected outcome
If a TLS certificate expires without renewal, the Kubernetes service fails gracefully and alerts trigger immediately.
