cert-manager automates the management of X.509 machine identities within Kubernetes and OpenShift and has become one of the leading community projects in the cloud-native ecosystem. The project is now used by companies all across the world and in all sorts of industries, including government departments, large financial institutions, car manufacturers, and retail stores.
It’s exciting to see cert-manager join the CNCF Sandbox. It’s been several years in the making to get to 1.0 and it’s been a pleasure to have supported the team behind it, working closely with over 260 contributors and many end-users to get it to where it is today. It’s a foundational add-on to many Kubernetes and OpenShift clusters and the project will benefit being part of the CNCF and its ecosystem that is enabling modern and open cloud native systems for users across the globe.
Why we are donating cert-manager to the CNCF
cert-manager is widely used; it has a large user base and following, and projects across the ecosystem integrate with it. Venafi believes such a foundational component belongs in the CNCF, with its vendor-neutrality, alongside many of the projects that rely on it and would benefit from a close collaboration. Being part of the CNCF will enable the project to attract a diverse contributor base and help to promote partnership and cooperation with many ecosystem projects, including those in the CNCF.
What is cert-manager and how is it used?
cert-manager enables developers to easily request machine identities to secure applications. Certificates can be signed by public and private certificate authorities such as Let’s Encrypt and Venafi, and cert-manager handles the automation of the certificate lifecycle. This means developers can move fast and stay secure, while platform and security teams have control and visibility. The popularity of cert manager within the Kubernetes community and its utility in a wide range of projects makes cert-manager an ideal project for the CNCF.
The most common use case for cert-manager is requesting TLS signed certificates to secure Ingress resources. It can also be used programmatically by Kubernetes-native applications, as well as via the CSI driver to provide certificates on disk for the likes of intra-pod mTLS and more legacy applictions. Read more about how to get started and usage at the cert-manager documentation.
Thank you to the community
A huge thank you to all that have been involved in getting cert-manager to where it is today! A special thanks to James Munnelly, who had the foresight to build and architect the project and grow the community to where it is today, including a team of Venafi experts from Jetstack and 260+ contributors!
What’s coming in the future
As part of the CNCF, we’re really looking forward to working with projects in the ecosystem including continued collaboration with the Kubernetes project (e.g. Kubernetes CSR API), other projects such as OpenServiceMesh, as well as new and additional efforts where we can be complementary (e.g. SPIFFE/Spire).
The project roadmap describes the major themes for the future, including supporting a broader set of use cases (including service mesh), support of upstream APIs, policy, extensibility through external issuers, PKI lifecycle management and more. If any features pique your interest, let us know what you think and feel free to join us and get involved!
How to get involved
If you would like to be involved in the development of the project within the CNCF then sign up for the mailing list which we use to send out calendar invites. Once you have joined, you’ll receive invites to our bi-weekly development meeting (held every other Wednesday at 5pm UK time).
The #cert-manager channel on the Kubernetes Slack is also a great place to start and get chatting about ideas or questions you have. Please drop by and say hello!
Enterprise-grade features and support
Jetstack Consult provide enhanced support, including access to the engineering team behind the project, and additional features to enhance operational experience. Find out more about our consulting, training and proactive support services for Kubernetes and cloud-native.