Using Kubernetes Certificate Metrics to Track Adoption

Learn how to access, interpret, and act on Kubernetes Certificate metrics in the Usage and Adoption Metrics Dashboard. Use these metrics to track platform adoption maturity, identify management gaps, and justify platform expansion initiatives.

Before working with Kubernetes Certificate metrics, ensure you have:

  • KUBE module enabled in your AppViewX deployment
  • At least one Kubernetes cluster registered and connected to AppViewX
  • One or more certificates discovered or managed in your Kubernetes environment
  • User role permissions that include dashboard and Kubernetes certificate visibility
  • Understanding of your organization's Kubernetes certificate lifecycle strategy
  1. Log into AppViewX with appropriate credentials.
  2. Navigate to the Usage and Adoption Metrics Dashboard.
    1. From the main navigation menu, select Reporting > Dashboards. .
    2. From the available dashboards list, locate and click Usage and Adoption Metrics.
    3. The dashboard loads with real-time data representing your current AppViewX environment metrics.
  3. Locate the Kubernetes Certificate Metrics widget.
    1. On the Usage and Adoption Metrics Dashboard, scroll down to find the Kubernetes Certificates - Environment Snapshot widget.
    2. If you do not see this widget, verify that:
      • KUBE module is enabled in your deployment
      • At least one Kubernetes cluster is registered
      • Your user role has permissions to view KUBE data
    3. The widget displays current metrics in card or grid format.
  4. Review the key Kubernetes certificate metrics.
    1. Identify the Total Kubernetes Certificates metric, which shows the complete inventory of all Kubernetes certificates across your environment.
    2. Note the Total Managed Kubernetes Certificates count, representing certificates under active AppViewX lifecycle management.
    3. Review the Total Monitored Kubernetes Certificates count, showing certificates discovered but not yet actively managed.
    4. Calculate the management coverage percentage: 
      Management Coverage % = (Total Managed ÷ Total Kubernetes Certificates) × 100
    5. Review supporting metrics including Total Clusters Managed, Total Namespaces, Kubernetes Certificates Enrolled, and Kubernetes Certificates Set to Auto Renew.
  5. Interpret the managed vs. monitored metric relationship.
    1. If management coverage is 80% or higher:
      • Strong platform adoption with effective lifecycle automation
      • Focus on converting remaining monitored-only certificates to management
      • This metric demonstrates high ROI and can support budget justifications
    2. If management coverage is 40-70%:
      • Moderate adoption with significant expansion opportunities
      • Develop new management policies for monitored-only certificate categories
      • Plan phased migration approach for remaining unmanaged certificates
    3. If management coverage is below 40%:
      • Early adoption stage with multiple management gaps
      • Create comprehensive management policies before scaling
      • Execute targeted discovery to identify all certificate types
  6. Identify management gaps by drilling down into monitored certificates.
    1. Click on the Total Monitored Kubernetes Certificates metric card to drill down.
    2. Review the detailed list of monitored-only certificates that are not yet under management.
    3. Filter by cluster or namespace to identify patterns in unmanaged certificates.
    4. Categorize certificates:
      • Group by certificate type (self-signed, CA-issued, internal, external)
      • Group by namespace or workload type
      • Identify certificate with similar rotation requirements
    5. Note priority groups for management policy development.
  7. Create management policies for unmanaged certificates.
    1. Based on your gap analysis, determine which certificate groups should be brought under management first.
    2. Navigate to Policy Engine > Policies to create new Kubernetes certificate management policies.
    3. Create policies for high-priority certificate groups:
      • High-traffic workload certificates (define first)
      • Critical application certificates
      • Cluster infrastructure certificates
      • Development/staging certificates (can have different renewal windows)
    4. Configure policy settings:
      • Auto-renewal trigger points (for example, 60, 45, or 30 days before expiration)
      • Automation workflows to deploy renewed certificates
      • Notification/alert requirements
      • Compliance and audit requirements
    5. Save policies and prepare for deployment.
  8. Apply management policies to discovered certificates.
    1. Return to the Kubernetes Certificate Metrics dashboard.
    2. Click on the Total Monitored Kubernetes Certificates metric to view the certificate list.
    3. Select the certificates that match your first management policy.
    4. Apply the policy using the bulk action menu.
    5. Verify that selected certificates transition from "monitored" to "managed" status.
    6. Refresh the dashboard to see updated metrics reflecting the newly managed certificates.
  9. Monitor auto-renewal configuration progress.
    1. Return to the Kubernetes Certificate Metrics dashboard.
    2. Review the Kubernetes Certificates Set to Auto Renew metric.
    3. Calculate auto-renewal coverage percentage: 
      Auto-Renewal Coverage % = (Auto-Renew Count ÷ Total Managed) × 100
    4. Target is typically 95%+ of managed certificates under auto-renewal for minimal operational overhead.
    5. For any managed certificates not yet under auto-renewal, configure auto-renewal policies.
  10. Establish periodic metric review and tracking process.
    1. Schedule weekly or monthly dashboard review sessions.
    2. Create a recurring calendar event for Kubernetes metric reviews with relevant stakeholders.
    3. Establish adoption targets:
      • Immediate (30 days): 50% management coverage minimum
      • Short-term (90 days): 75% management coverage target
      • Medium-term (6 months): 90%+ management coverage target
      • Long-term (1 year): 95%+ with 95%+ auto-renewal
    4. Export or screenshot metrics monthly to create adoption trend reports.
    5. Compare current metrics against historical data to assess adoption velocity.
  11. Use metrics for executive reporting and budget justification.
    1. Create monthly or quarterly adoption reports using Kubernetes metrics data.
    2. Include in reports:
      • Current management coverage percentage
      • Trend lines showing adoption progression
      • Auto-renewal coverage and risk reduction benefit
      • Remaining gaps and expansion opportunities
      • Projected timeline to reach target adoption levels
    3. Use adoption metrics to justify platform expansion requests and budget allocation.
    4. Share dashboards with security leadership, operations teams, and business stakeholders.
    5. Demonstrate ROI through reduced certificate expiration incidents and operational overhead.
  12. Plan continuous improvement based on metric trends.
    1. Review enrollment velocity metric to assess new certificate onboarding rate.
    2. Use cluster and namespace metrics to plan new infrastructure onboarding.
    3. Identify certificate categories showing slower adoption and develop targeted policies.
    4. Optimize policies for categories with successful high auto-renewal rates and apply to similar certificate types.
    5. Schedule quarterly reviews to assess policy effectiveness and adjust targets.