Reference: Kubernetes cluster details¶
The Kubernetes Clusters page lists all clusters connected to Venafi Control Plane. To refine the results, search for a cluster or use filters. Click a cluster to open a right-hand drawer with tabs for properties, installed issuers, and Venafi components.
Properties¶
The Properties tab shows general information, including cluster Name, Description, and Owning Team. Click View Certificates to view all installed certificates in the cluster.
Issuers¶
Issuers are Kubernetes resources that define how certificates are issued and renewed. The cert-manager Issuers tab lists cert-manager-related issuers in the Kubernetes cluster, including their namespace, status, type, and number of certificates issued.
Supported issuers
The cert-manager Issuers tab supports:
- ACME Issuer
- CA Issuer
- SelfSigned Issuer
- HashiCorp Vault Issuer
- Open-Source Issuer for CyberArk Certificate Manager
- Enterprise Issuer for CyberArk Certificate Manager
- Smallstep Issuer
- Google Certificate Authority Service Issuer
- AWS Private Certificate Authority Issuer
- Cloudflare Origin CA
- FreeIPA Issuer
- EJBCA Issuer
Status and Type¶
The Status and Type section provides key operational details with which you can assess issuer health and review full status data.
| Field | Description |
|---|---|
| Status | Indicates if the issuer can process certificate requests. Possible values are Healthy or Unhealthy. |
| Status Message | Provides details about the issuer status, including any errors. |
| Status Transition | Shows the last time the issuer status changed. |
| Issuer Type | Identifies the issuer type. |
| Full Status | Click View to see raw status details in YAML format, including conditions and diagnostics. |
Issuance Configuration¶
The Issuance Configuration section shows how the issuer processes certificate requests and integrates with your certificate lifecycle management platform.
Tip
The Platform, Zone, and Connection Resource fields appear only for Venafi issuers.
| Field | Description |
|---|---|
| Platform | The certificate lifecycle management platform used by the issuer, for example CyberArk Certificate Manager, SaaS. |
| Zone | The zone or policy for certificate issuance. Click the links before and after the backslash to view the application or issuing template. |
| Connection Resource | The resource name holding connection details for the issuer. |
| Issuer Scope | The issuer's scope: cluster-wide or restricted to a specific namespace. |
| Issuer Spec | Click View to see the raw issuer configuration in YAML format for advanced details and troubleshooting. |
Metadata¶
The Metadata section provides details to identify, search, and understand issuer usage and configuration in the cluster.
| Field | Description |
|---|---|
| Referenced Certificates | The number of certificates discovered on the cluster and added to the certificate inventory that reference this issuer. |
| Kubernetes Annotations | Annotations applied to the issuer resource or its namespace, such as creation date or associated application. Click View to copy these from a dialog. |
| Kubernetes Labels | Labels applied to the issuer resource, such as environment or team. Click View to copy these from a dialog. |
Components¶
The CyberArk Components tab shows the health, configuration, and version of Venafi components installed in the cluster. Click a component to view details. For components with multiple deployments, each deployment appears as a separate entry.
Supported components
The CyberArk Components tab supports:
- cert-manager
- cert-manager-approver-policy
- cert-manager-istio-csr
- firefly
- venafi-kubernetes-agent
- venafi-enhanced-issuer
| Field | Description |
|---|---|
| Status | Indicates the component's health as Healthy or Unhealthy. |
| Status Message | Shows the component's current condition, based on the message field in the Deployment object. |
| Replicas | Lists pod replica counts, including available, total, ready, updated, and unavailable replicas. |
| Status Transition | Indicates when the component's status last changed, based on the lastTransitionTime field in the Deployment object. |
| Full Status | Click View to access raw status details in YAML format, including conditions and diagnostics. |
| Namespace | Indicates the Kubernetes namespace where the component is deployed. |
| Image URL | Displays the full image reference used by the deployment, including registry, repository, and tag. |
| Version | Shows the component's current version. |
| YAML | Click View to access the deployment configuration in YAML format, including metadata and pod specifications. |