Skip to main content
Custom Resources extend Kubernetes with new resource types defined by Custom Resource Definitions (CRDs). They enable you to work with operator-managed resources like Certificates, Issuers, and other custom workloads through a unified interface.

Key Concepts

CRD

Custom Resource Definition - A schema that defines a new resource type in Kubernetes.

Custom Resource

An instance of a CRD, similar to how a Pod is an instance of the Pod resource type.

API Group

The API group that the CRD belongs to (e.g., cert-manager.io, networking.istio.io).

Scope

Whether resources are Namespaced (exist within a namespace) or Cluster-scoped (cluster-wide).
CRDs are cluster-scoped resources that define new types. Custom Resources (instances) can be either namespaced or cluster-scoped depending on the CRD definition.

Required Permissions

ActionPermission
View CRDs and Custom Resourcesiam:project:infrastructure:kubernetes:read
Create Custom Resourcesiam:project:infrastructure:kubernetes:write
Edit Custom Resourcesiam:project:infrastructure:kubernetes:write
Delete Custom Resourcesiam:project:infrastructure:kubernetes:delete

CRD Properties

PropertyDescription
NameFull CRD name (e.g., certificates.cert-manager.io)
GroupAPI group (e.g., cert-manager.io)
VersionAPI version (e.g., v1, v1beta1)
KindResource type name (e.g., Certificate)
PluralPlural form used in API paths (e.g., certificates)
ScopeNamespaced or Cluster
EstablishedWhether the CRD is ready for use
Short NamesAbbreviations for kubectl (e.g., cert for Certificate)
CategoriesGroups the resource belongs to (e.g., all)

How to Browse CRDs

1

Select Cluster

Choose a cluster from the cluster dropdown.
2

Browse CRD Tree

The left panel shows all CRDs grouped by API group. Expand groups to see individual CRDs.
3

Select a CRD

Click on a CRD to view its custom resources in the right panel.
4

Select Namespace (if applicable)

For namespaced CRDs, select a namespace to filter resources.

How to View Custom Resources

1

Select a CRD

Click on a CRD in the tree panel to load its resources.
2

View Resource List

The right panel displays all instances of the selected CRD type.
3

Click Resource Name

Click on a resource name to open the detail drawer with full spec and status.
4

Review Details

View resource information including:
  • Spec: The desired state configuration
  • Status: The current state reported by the controller
  • Labels & Annotations: Metadata
  • Owner References: Parent resources
  • Finalizers: Cleanup hooks

How to Create a Custom Resource

1

Select a CRD

Choose the CRD type you want to create an instance of.
2

Click Create Button

Click the Create [Kind] button in the header.
3

Write YAML

Enter the resource manifest. The YAML editor provides the correct apiVersion and kind.
4

Create

Click Create to apply the manifest.

How to Edit a Custom Resource

1

Find the Resource

Locate the resource in the list.
2

Open Actions Menu

Click the actions menu (three dots) on the resource row.
3

Click Edit YAML

Select Edit YAML to open the YAML editor.
4

Modify and Save

Edit the resource spec and click Update to apply changes.

How to Delete a Custom Resource

1

Open Actions Menu

Click the actions menu on the resource row.
2

Click Delete

Select Delete from the menu.
3

Confirm

Confirm the deletion. The controller managing this resource may perform cleanup operations.
Deleting a custom resource may trigger cascading deletions if the resource owns other resources. Controllers may also perform cleanup operations defined by finalizers.

Common CRD Examples

cert-manager

CRDKindDescription
certificates.cert-manager.ioCertificateTLS certificates
issuers.cert-manager.ioIssuerNamespace-scoped certificate issuers
clusterissuers.cert-manager.ioClusterIssuerCluster-wide certificate issuers

Istio

CRDKindDescription
virtualservices.networking.istio.ioVirtualServiceTraffic routing rules
destinationrules.networking.istio.ioDestinationRuleTraffic policies
gateways.networking.istio.ioGatewayIngress/egress gateways

ArgoCD

CRDKindDescription
applications.argoproj.ioApplicationGitOps application definitions
applicationsets.argoproj.ioApplicationSetApplication generators
appprojects.argoproj.ioAppProjectApplication grouping

Prometheus Operator

CRDKindDescription
servicemonitors.monitoring.coreos.comServiceMonitorService scraping rules
prometheusrules.monitoring.coreos.comPrometheusRuleAlerting rules
alertmanagerconfigs.monitoring.coreos.comAlertmanagerConfigAlertmanager configuration

Example Custom Resource

Certificate (cert-manager)

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: example-tls
  namespace: default
spec:
  secretName: example-tls-secret
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  dnsNames:
    - example.com
    - www.example.com

VirtualService (Istio)

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: my-service-route
  namespace: default
spec:
  hosts:
    - my-service
  http:
    - route:
        - destination:
            host: my-service
            port:
              number: 80

Scope Types

ScopeDescriptionNamespace Required
NamespacedResources exist within a namespaceYes
ClusterResources are cluster-wideNo
For namespaced CRDs, select a namespace to view resources in that namespace. Cluster-scoped CRDs show all resources regardless of namespace selection.

Troubleshooting

  • Verify the CRD is installed in the cluster
  • Check if you have read permission for the CRD
  • Ensure the cluster connection is working
  • Try refreshing the page
  • Verify the YAML syntax is correct
  • Check that required fields are present
  • Ensure the namespace exists (for namespaced resources)
  • Check controller logs for validation errors
  • Verify the CRD is established
  • Check for finalizers on the resource
  • Verify the controller managing the resource is running
  • Check controller logs for cleanup errors
  • Finalizers may need manual removal in some cases
  • Verify the controller (operator) is running
  • Check controller logs for errors
  • Ensure the controller has permissions to update status
  • Some resources may take time to reconcile
  • The CRD may have validation errors
  • Check CRD conditions for error messages
  • Verify CRD YAML is syntactically correct
  • Controller may need to be restarted
  • Verify you’ve selected the correct namespace
  • Check if resources exist using kubectl
  • Some CRDs may require specific permissions
  • Ensure the API version matches the installed CRD version

FAQ

A CRD extends the Kubernetes API by defining a new resource type. Once a CRD is installed, you can create, read, update, and delete instances of that resource type just like built-in resources (Pods, Services, etc.).
CRDs are typically installed by:
  • Operators: Software like cert-manager, Istio, ArgoCD
  • Helm charts: As part of application deployment
  • Administrators: For custom application needs
You generally don’t create CRDs manually - you install operators that bring their own CRDs.
Namespaced CRDs create resources that exist within a namespace, similar to Pods or Deployments. Different namespaces can have resources with the same name.Cluster-scoped CRDs create resources that are cluster-wide, similar to Nodes or ClusterRoles. Names must be unique across the entire cluster.
An established CRD is one that has been successfully validated and is ready for use. If a CRD is not established, there may be validation errors in its definition that prevent it from being used.
Look at the API group in the CRD name:
  • cert-manager.io → cert-manager
  • networking.istio.io → Istio
  • argoproj.io → ArgoCD
  • monitoring.coreos.com → Prometheus Operator
The group typically indicates the project or organization that created the CRD.
This interface allows you to manage custom resources (instances), not the CRD definitions themselves. CRD modifications should be done through the operator’s upgrade process or directly with kubectl.
Custom resources are processed by controllers (operators). If your resource isn’t being processed:
  • Verify the operator is installed and running
  • Check operator logs for errors
  • Ensure the resource spec is valid
  • Check if there are dependency issues (e.g., missing referenced resources)
Finalizers are hooks that ensure cleanup operations complete before a resource is deleted. If a resource has finalizers, deletion is blocked until the controller removes them after completing cleanup. Stuck resources often have finalizers that couldn’t be processed.