In December last year we were delighted to announce a major milestone for the cert-manager community with the CNCF accepting the project into the Sandbox. Hot on the heels of this achievement, we are today launching our new flagship product for cloud native machine identity management.
Introducing TLS Protect for Kubernetes
This new offering extends the core value of cert-manager and provides full visibility of machine identities across multiple clusters and clouds. Packaged with a web-based UI to provide a detailed view of the cloud native enterprise security posture, TLS Protect for Kubernetes proactively identifies operational issues based on cert-manager instance status and health, as well as insecure X.509 certificate configuration.
TLS Protect for Kubernetes deploys easily using Kubernetes resources, including an open-source agent, and it is backed by a reliable and scalable SaaS. The full interface can be set-up to run for free on a single cluster and customers can upgrade for advanced multi-cluster and alerting capabilities, as well as integrating enterprise CAs and service mesh. TLS Protect for Kubernetes is backed with enterprise-grade support direct from the team that originally created the cert-manager project.
Built for fast-paced, rapidly evolving Kubernetes and OpenShift environments
TLS Protect for Kubernetes provides both operations and security teams with a stand-out solution that best meets their respective needs for a high-level of platform automation, coupled with best-practice security. With cert-manager at its core, TLS Protect for Kubernetes delivers comprehensive protection of machine identities, including public trusted certificates for ingress TLS, as well as private certificates for internal workloads using mTLS, including service mesh. It gives platform leads the confidence to scale-up infrastructure, with full automation that adheres to enterprise security standards.
The vision for TLS Protect for Kubernetes comes from our first-hand experience supporting enterprise customers to solve the range of real-world security challenges when scaling with Kubernetes and OpenShift. Adopting cloud native technologies and modern microservice architecture very quickly leads to a significant growth of TLS certificates: ingress TLS, intra-service mTLS, Kubernetes webhooks and more. As clusters accumulate and teams adopt technologies such as service mesh, a high level of automation is needed to ensure certificates continue to interoperate securely, are managed consistently and kept up-to-date.
Multi-cluster visibility coupled with best practice security insight
TLS Protect for Kubernetes users can see a detailed view of each cluster with an instant visual status of all workload certificates, including their association with Kubernetes resources. Crucially, it will identify and help to mitigate issues that can cause operational or security risk. For example by providing data on manually issued certificates not managed by cert-manager which lack proper security configuration, or a certificate failing to renew due to a rate limit in a third-party CA system. Drawing on our unique insight and operational experience, TLS Protect for Kubernetes will help pinpoint the root cause and enable faster remediation.
As well as providing an interface for all machine identity configurations, planned new releases of TLS Protect for Kubernetes will build-in automation around policy and audit and will include wider use cases for certificates such as workload signing and attestation. Check out the TLS Protect for Kubernetes product web page to see the full set of features.
TLS Protect for Kubernetes is offered with access to our “resource library” of best practice security blueprints and deployment playbooks, meaning the platform team can apply specific cert-manager blueprints to architectural deployment patterns that often arise when scaling the infrastructure. The product was designed and built to meet the needs of high-growth enterprise cloud native environments where complex patterns can emerge from areas such as implementing zero-trust networking, by deploying service mesh with mTLS, or multi-cloud infrastructure operating many instances of cert-manager.
Get started for free today
The TLS Protect for Kubernetes offering is free for the first cluster then pay-as-you-use for additional clusters, and is accessed and installed immediately from the TLS Protect for Kubernetes product page. Get started using the link below to sign-up and deploy the open-source agent in your cluster.
For Google Cloud customers, TLS Protect for Kubernetes will very shortly be available in the Marketplace for automated install and updates.
Learn more about TLS Protect for Kubernetes
- Sign-up and install the TLS Protect for Kubernetes open source agent to get started with the free version now.
- Download the product data sheet to find out more about the full feature set and how it helps platform and operation teams.