[feature request]Handel duplicate cert

[muzammilrehman]

With version 3.x.x, the server doesn't crash when Kubernetes secret has a duplicate certificate but it does not expose other certs' metrics. It would be good to either directly ignore the duplicate certs or give the option to the user via a flag to ignore these.

~ # curl http://172.20.72.13:9793/metrics
An error has occurred while serving metrics:

collected metric "x509_cert_error" { label:{name:"secret_key"  value:"pubkey"}  label:{name:"secret_name"  value:"certs-server"}  label:{name:"secret_namespace"  value:"xxx"}  xxx:{value:1}} was collected before with the same name and label values

[AnuragEkkati]

@muzammilrehman this should be bug if it is 100% reproducible

[carinadigital]

I've encountered the same problem. I would suggest that if a duplicate cert is found then it's simply ignored and an error printed to the logs.

[eric-engberg]

I'm getting this same error on 3.18.1. I don't see a duplicate cert in the cluster? Clearly I'm misunderstanding something. What exactly is causing this? how is it possible to have a duplicate?

Edit: Oh i see. It's because there are 2 certs within tls.crt. Any plans to implement this feature request? For now I have to set it to ignore the kyverno namespace so that it won't blow up.