The Cloud Native Computing Foundation has recently announced that cert-manager has successfully graduated from its incubation program, marking a significant milestone for the open source security project. cert-manager is a vital tool for managing TLS and mTLS certificates in cloud native environments, automating the issuance, renewal, and lifecycle management of X.509 certificates within Kubernetes platforms. With over 500 million monthly downloads and 86 percent adoption rate among new production clusters, cert-manager has proven to be a crucial component in enhancing security within the cloud native ecosystem.
Chris Aniszczyk, the CTO of CNCF, praised cert-manager for its role in simplifying the process of obtaining, managing, and automating security certificates, ultimately ensuring the security of applications throughout their lifecycles. He expressed excitement about the project’s future contributions to the cloud native security space. cert-manager, which was initiated by Jetstack in 2017 and later became part of Venafi under the CyberArk umbrella, has built a community of over 450 contributors and issued more than 200 releases over the years.
Spyros Synodinos from Giantswarm highlighted the importance of cert-manager in their Cluster API-based Kubernetes platform, emphasizing how it has streamlined SSL/TLS certificate management and improved security while reducing operational overhead. The project’s support for tasks like secretless issuance, trust store management, and certificate policy enforcement has made it a versatile and essential tool for organizations looking to enhance security within service meshes.
Looking ahead, cert-manager’s future roadmap includes plans to support ACME Renewal Information (ARI) to simplify the renewal process using the ACME protocol. Additionally, efforts are underway to reduce the binary size, container size, and complexity of cert-manager to enhance PKI management practices and reduce the attack surface. Ashley Davis, a cert-manager maintainer, expressed pride in the project’s graduation and highlighted its important role in addressing quantum-resistant TLS in Kubernetes.
Matt Barker, VP & Global Head of Workload Identity Architecture at Venafi, shared his pride in cert-manager’s journey from a small interview exercise to a CNCF-recognized project, underscoring the dedication of the community and the trust placed in the project by users and contributors. James Munnelly, another cert-manager project maintainer, echoed this sentiment, emphasizing the community’s common goal of making TLS certificate management in Kubernetes seamless.
Tim Ramlot, a cert-manager maintainer and Senior Software Engineer at Venafi, recognized CNCF’s role in empowering cert-manager through governance, legal support, and infrastructure sponsorship, ultimately strengthening the project’s dependability. The project’s graduation was preceded by a CNCF-sponsored security audit and updates to governance documentation, paving the way for contributors to become full maintainers and fostering collaborations with TAG Security and TAG Contributor Strategy.
In conclusion, cert-manager’s graduation from CNCF’s incubation program to an officially recognized project signifies a major achievement for the project and its community. With a strong focus on enhancing security and simplifying certificate management in cloud native environments, cert-manager is poised to continue making valuable contributions to the cloud native ecosystem in the future.
