English

Certificate Monitoring

Cluster Enhancer provides monitoring capabilities for certificates used in Kubernetes clusters. The monitoring scope includes:

Kubernetes component certificates, including control plane and kubelet server/client certificates (including kubeconfig client certificates)
Certificates of components running in the cluster, implemented by inspecting all Secrets with type kubernetes.io/tls
Server certificates actually used by kube-apiserver (including internal loopback certificates for self-access) by accessing the kubernetes Endpoints

Users can find and install Cluster Enhancer in the Administrator view by navigating to Marketplace > Cluster Plugins in the left navigation.

Certificate Status Monitoring

The expiration status of certificates can be viewed through the metric certificate_expires_status. The expiration time of certificates can be viewed through the metric certificate_expires_time.

The current certificate status and expiration time can be viewed in the Certificate Status sub-tab. To access this sub-tab, go to the Administrator view, navigate to Clusters > Clusters, select a specific cluster, then go to the Monitoring tab.

Built-in Alert Rules

Cluster Enhancer provides built-in alert rules cpaas-certificates-rule with the following alerts:

Kubernetes Certificate Alerts

Rule	Level
The expiration time of the kubernetes certificate is about to expire (less than 30 days) <= 30d and last 1 minutes	Medium
The expiration time of the kubernetes certificate is about to expire (less than 10 days) <= 10d and last 1 minutes	High
Kubernetes certificate has expired <= 0d and last 1 minutes	Critical

Platform Components Certificate Alerts

Rule	Level
The expiration time of the platform components certificate is about to expire (less than 30 days) <= 30d and last 1 minutes	Medium
The expiration time of the platform components certificate is about to expire (less than 10 days) <= 10d and last 1 minutes	High
Platform components certificate has expired <= 0d and last 1 minutes	Critical

View full docs as PDF

Certificate Monitoring

Cluster Enhancer provides monitoring capabilities for certificates used in Kubernetes clusters. The monitoring scope includes:

Kubernetes component certificates, including control plane and kubelet server/client certificates (including kubeconfig client certificates)
Certificates of components running in the cluster, implemented by inspecting all Secrets with type kubernetes.io/tls
Server certificates actually used by kube-apiserver (including internal loopback certificates for self-access) by accessing the kubernetes Endpoints

Users can find and install Cluster Enhancer in the Administrator view by navigating to Marketplace > Cluster Plugins in the left navigation.

Certificate Status Monitoring

The expiration status of certificates can be viewed through the metric certificate_expires_status. The expiration time of certificates can be viewed through the metric certificate_expires_time.

Built-in Alert Rules

Cluster Enhancer provides built-in alert rules cpaas-certificates-rule with the following alerts:

Kubernetes Certificate Alerts

Rule	Level
The expiration time of the kubernetes certificate is about to expire (less than 30 days) <= 30d and last 1 minutes	Medium
The expiration time of the kubernetes certificate is about to expire (less than 10 days) <= 10d and last 1 minutes	High
Kubernetes certificate has expired <= 0d and last 1 minutes	Critical

Platform Components Certificate Alerts

Rule	Level
The expiration time of the platform components certificate is about to expire (less than 30 days) <= 30d and last 1 minutes	Medium
The expiration time of the platform components certificate is about to expire (less than 10 days) <= 10d and last 1 minutes	High
Platform components certificate has expired <= 0d and last 1 minutes	Critical

ACP CLI (ac)

Node Management

Managed Clusters

Import Clusters

Public Cloud Cluster Initialization

Network Initialization

Storage Initialization

How to

How to

Backup Management

Recovery Management

Architecture

Concepts

Guides

How To

ALB

Trouble Shooting

Concepts

Guides

How To

Troubleshooting

Install

Concepts

Guides

How To

Disaster Recovery

Concepts

Guides

How To

Guides

How To

Compliance

HowTo

API Refiner

User

Guides

Group

Guides

Role

Guides

IDP

Guides

Troubleshooting

User Policy

Guides

Overview

Images

Guides

How To

Virtual Machine

Guides

How To

Troubleshooting

Network

Guides

How To

Storage

Guides

Backup and Recovery

Guides

Concepts

Namespaces

Creating Applications

Operation and Maintaining Applications

Application Rollout

KEDA(Kubernetes Event-driven Autoscaling)

How To

Workloads

Configurations

Application Observability

How To

How To

Install

How To

Overview

Install

Upgrade

Guides

How To

Concepts