Dashboard - Overview

AppViewX KUBE+ has a few in-built reports that are available under the dashboard. These reports can be used to categorize certificates based on specific parameters.

The reports can be used to enforce the DevOps/CloudOps team to follow standard PKI practices across your Kubernetes clusters.

On the Dashboard page,
  • you can manually refresh the each report by clicking the (Refresh) icon
  • Using the (Options) icon and select any of the following options:

    • Collapse/Expand - This option allows you to collapse or expand the report.

    • Minimize - This option allows you to minimize the report.
    • Download as PDF - This option allows you to download the report as .pdf to your system.

    • Export as Excel - This option allows you to export the report data as Excel to your system.

.

The reports displayed on the dashboard are:

KUBE Summary

The KUBE Summary dashboard provides insights around the usage and adoption of the KUBE+ product covering the below aspects.

  • Number of clusters onboarded in KUBE+

  • Vendor summary to distinct the Kubernetes vendors in your organization

  • Service Mesh summary for usage and adoption of mTLS certificates from KUBE+ across service mesh infrastructure.

  • Cluster Policy summary to view the adoption of varied Certificate Authorities across your clusters.

  • CA Account summary to view the adoption of Issuer CA mapped to specific cluster policies.

  • Certificate Enrollment summary to view number of certificate enrollments happened via KUBE+.

  • License summary to identify the adoption and usage of KUBE+ based on cluster or number of Kubernetes nodes.

Cluster Certificate Authority

The Cluster Certificate Authority dashboard provides insights around varied Certificate Authorities which are used for signing certificates which are deployed in Kubernetes clusters.

The report helps the Infosec team or the PKI administrator to understand the wide range of Certificate Authorities starting from Self Signed CA’s to Internal and External CA’s used by DevOps/CloudOps team for signing their workload certificates.

The reports can be further refined by filtering through the Certificate Authorities, allowing for more specific insights into the clusters, namespaces, and secrets that host certificates signed by a particular CA, facilitating targeted actions accordingly.

Clusters by Vendors

The Clusters by Vendors dashboard provides insights around classification of clusters and their certificates managed in KUBE+ if in case your Kubernetes environments are spread across multiple Cloud Service Providers or Hybrid Cloud infrastructures.

The report helps the Infosec team or the PKI administrator to understand the wide range of certificates provisioned at a specific vendor ecosystem. The reports can be further refined by filtering through the Kubernetes Vendor, allowing for insights into cluster name, namespace and secrets that host the certificates.

Certificates by Namespaces

The Certificates by Namespaces dashboard provides insights around classification of certificates managed in KUBE+ by their associated namespaces.

The report helps the Infosec team or the PKI administrator to understand which namespaces or projects (in the case of OpenShift environments) have larger requirements for certificates to be provisioned or managed and also it helps them to streamline the certificate issuance process.

The reports can be further refined by filtering through the secret and the endpoints where the certificates are hosted like ingress and pods with the metadata around the Kubernetes cluster and vendor where the namespaces are discovered.

Top 20 Clusters with most Certificates

The dashboard provides insights around top 20 clusters which have a maximum of certificates provisioned compared to the other clusters in your infrastructure.

The reports can be further refined by filtering through the Cluster, allowing for insights into cluster name, namespace and secrets that host the certificates.

Top Clusters with Expired Certificates

The dashboard provides insights around top clusters which have certificates in expired status.

The report helps the Infosec team or the PKI administrator to start acting upon defining policies to avoid expiry and outages in near future.

Namespaces with Expired Certificates

The dashboard provides insights around Kubernetes namespaces or OpenShift projects which have certificates in expired status.

The report helps the Infosec team or the PKI administrator to start acting upon defining policies to avoid expiry and outages in near future.

Certificate Expiry by Quarter

The dashboard provides insights around the timeline of certificate expiries across your clusters. The expiration of these certificates are shown by Quarters which helps the Infosec or PKI team to plan for renewals or decommissioning of the certificates. The reports can also be timelined by Year, Month and Days.

Mesh Certificate Authority

The dashboard provides insights around the CA’s configured for Service Mesh mTLS certificate signing.