Certificate Monitoring
Cluster Enhancer provides monitoring capabilities for certificates used in Kubernetes clusters. The monitoring scope includes:
- Kubernetes component certificates, including control plane and kubelet server/client certificates (including kubeconfig client certificates)
- Certificates of components running in the cluster, implemented by inspecting all Secrets with type
kubernetes.io/tls - Server certificates actually used by kube-apiserver (including internal loopback certificates for self-access) by accessing the
kubernetesEndpoints
Users can find and install Cluster Enhancer in the Administrator view by navigating to Marketplace > Cluster Plugins in the left navigation.
TOC
Certificate Status Monitoring
The expiration status of certificates can be viewed through the metric certificate_expires_status. The expiration time of certificates can be viewed through the metric certificate_expires_time.
The current certificate status and expiration time can be viewed in the Certificate Status sub-tab. To access this sub-tab, go to the Administrator view, navigate to Clusters > Clusters, select a specific cluster, then go to the Monitoring tab.
Built-in Alert Rules
Cluster Enhancer provides built-in alert rules cpaas-certificates-rule with the following alerts: