>
    Strata Copilot
    Kubernetes Cluster Details
    Focus
    Focus
    1. Home
    2. Next‑Gen Trust Security
    3. Next-Gen Trust Security
    4. Next-Gen Trust Security Overview
    5. Discovery Overview
    6. Discover Certificates in Kubernetes Clusters
    7. Kubernetes Cluster Details
    Next‑Gen Trust Security

    Kubernetes Cluster Details

    Table of Contents

    Kubernetes Cluster Details

    Select a cluster on the Kubernetes Clusters page to view its properties, installed issuers, and components in a right-hand details drawer.

    Properties Tab

    The Properties tab shows the cluster Name, Description, and Owning Team. Select View Certificates to see all certificates in the cluster.

    Issuers Tab

    The cert-manager Issuers tab lists cert-manager-related issuers in the cluster, including their namespace, status, type, and number of certificates issued. It supports the following issuers:
    • ACME Issuer
    • CA Issuer
    • SelfSigned Issuer
    • HashiCorp Vault Issuer
    • Open-Source Issuer for Next-Gen Trust Security
    • Enterprise Issuer for Next-Gen Trust Security
    • Smallstep Issuer
    • Google Certificate Authority Service Issuer
    • AWS Private Certificate Authority Issuer
    • Cloudflare Origin CA
    • FreeIPA Issuer
    • EJBCA Issuer

    Status and Type

    Under Status and Type, view key operational details to help assess issuer health and status.
    FieldDescription
    StatusIndicates if the issuer can process certificate requests. Possible values are Healthy or Unhealthy.
    Status MessageProvides details about the issuer status, including any errors.
    Status TransitionShows the last time the issuer status changed.
    Issuer TypeIdentifies the issuer type.
    Full StatusClick View to see raw status details in YAML format, including conditions and diagnostics.

    Issuance Configuration

    Under Issuance Configuration review how the issuer processes certificate requests and integrates with your certificate lifecycle management platform.
    Note: The Platform, Zone, and Connection Resource fields appear only for Palo Alto Networks issuers.
    FieldDescription
    PlatformThe certificate lifecycle management platform used by the issuer.
    ZoneThe zone or policy for certificate issuance. Click the links before and after the backslash to view the application or issuing template.
    Connection ResourceThe resource name holding connection details for the issuer.
    Issuer ScopeThe issuer's scope: cluster-wide or restricted to a specific namespace.
    Issuer SpecClick View to see the raw issuer configuration in YAML format for advanced details and troubleshooting.

    Metadata

    Under Metadata, review details to identify, search, and understand issuer usage and configuration in the cluster.
    FieldDescription
    Referenced CertificatesThe number of certificates discovered on the cluster and added to the certificate inventory that reference this issuer.
    Kubernetes AnnotationsAnnotations applied to the issuer resource or its namespace, such as creation date or associated application. Click View to copy these from a dialog.
    Kubernetes LabelsLabels applied to the issuer resource, such as environment or team. Click View to copy these from a dialog.

    Components Tab

    The Next-Gen Trust Security Components tab indicates component health, configuration, and version. It supports these components:
    • cert-manager
    • Approver Policy
    • Istio CSR
    • Distributed Issuer
    • Discovery Agent
    • Enterprise Issuer
    • CSI Driver
    • CSI Driver for SPIFFE
    Note: For details about all supported components, see Kubernetes Components in Next-Gen Trust Security.
    The Components tab also indicates distribution type, specifying whether a component has long-term support (LTS), is backed by an SLA, complies with Federal Information Processing Standards (FIPS), or is open source and community-supported.
    Components with multiple deployments in the cluster appear as separate entries. Click a component to view the following details.
    FieldDescription
    StatusIndicates the component's health as Healthy or Unhealthy.
    Status MessageShows the component's current condition, based on the message field in the Deployment object.
    ReplicasLists pod replica counts, including available, total, ready, updated, and unavailable replicas.
    Status TransitionIndicates when the component's status last changed, based on the lastTransitionTime field in the Deployment object. Does not appear for CSI Driver or CSI Driver for SPIFFE.
    Full StatusClick View to access raw status details in YAML format, including conditions and diagnostics.
    NamespaceIndicates the Kubernetes namespace where the component is deployed.
    Image URLDisplays the full image reference used by the deployment, including registry, repository, and tag.
    VersionClick the component version to view any available upgrade paths, get an upgrade recommendation, and view links to the release notes.
    YAMLClick View to access the deployment configuration in YAML format, including metadata and pod specifications.

    © 2026 Palo Alto Networks, Inc. All rights reserved.