SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

cert-manager graduates from CNCF incubation program

Today

The Cloud Native Computing Foundation has announced that cert-manager has graduated from its incubation program.

cert-manager is widely regarded as an essential tool for issuing and renewing TLS and mTLS certificates in cloud native environments. This open source security project streamlines secure communication by automating the issuance, renewal, and lifecycle management of X.509 certificates within Kubernetes platforms. The project currently sees over 500 million downloads each month, with 86 per cent of new production clusters adopting the tool.

Chris Aniszczyk, CTO of CNCF, commented, "By making it easier for developers to obtain, manage, and automate security certificates, cert-manager helps ensure applications remain secure throughout their lifecycles, making the ecosystem more secure as a whole. We're thrilled to see the project reach this milestone and look forward to it continuing to improve the cloud native security space."

cert-manager was brought into existence in 2017 by Jetstack, which is now part of Venafi, under the CyberArk umbrella. It entered the CNCF Sandbox in November 2020 before becoming an incubating project in 2022. Over the years, cert-manager built a community of over 450 contributors and issued more than 200 releases. It has been pivotal in integrating with Kubernetes, SPIFFE, Istio, Prometheus, and Envoy, all critical cloud native infrastructure security components.

Spyros Synodinos from Giantswarm noted, "cert-manager is an essential component in our Cluster API-based Kubernetes platform. It has streamlined our SSL/TLS certificate management, enhancing security while reducing operational overhead. As long-time users, we're thrilled to see cert-manager graduate, confirming its critical role in the modern cloud native environment."

The project supports tasks like secretless issuance, trust store management, and certificate policy enforcement. Its versatility is further extended with support for external issuers such as AWS Private CA, Google CAS, and HashiCorp Vault, enhancing security within service meshes. Trilok Geer from Red Hat remarked, "The graduation of cert-manager marks a significant leap toward becoming the de facto project for certificate management. It reflects the dedication of its contributors and the trust placed in it by organizations to automate certificate processes, securing their cloud native solutions."

cert-manager's future roadmap includes support for ACME Renewal Information (ARI) to simplify the renewal process using the ACME protocol. Plans are also underway to reduce the binary size, container size, and complexity of cert-manager by shrinking its core components, a move aimed at reducing the attack surface and enhancing PKI management practices.

Ashley Davis, cert-manager maintainer and Staff Software Engineer at Venafi, noted, "cert-manager's graduation is the cherry on top of a fantastic year. I'm so proud that in August, we onboarded our first full maintainer, who came entirely from the community we've built. I'm excited for the future of TLS in a world where quantum computers threaten the cryptography underpinning most security on the modern web. cert-manager has an important role to play in helping to solve quantum-resistant TLS in Kubernetes, and we relish the challenge."

Matt Barker, VP & Global Head of Workload Identity Architecture at Venafi, shared, "I never would have thought that a project which started as an interview exercise would achieve graduated status in CNCF and be held alongside projects like Kubernetes, Istio, and etcd. This milestone reflects the dedication of our community and the trust that users and contributors have placed in the project. I'm incredibly proud of everyone involved."

James Munnelly, cert-manager project maintainer, expressed, "It's incredible to see the cert-manager community grow to where it is today, and its broad adoption across the cloud native ecosystem. The cert-manager project is rooted in the community with one common goal, making TLS certificate management in Kubernetes seamless. Its graduation is a very proud moment for myself and the many others who have been integral to the project's success. A huge thank you to all that have been involved!"

Tim Ramlot, cert-manager maintainer and Senior Software Engineer at Venafi, said, "CNCF empowers cert-manager by providing a solid framework for governance, legal support, and infrastructure sponsorship. CNCF's commitment to supplier neutrality greatly strengthens the dependability of cert-manager."

The project's graduation followed a CNCF-sponsored security audit and updates to governance documentation, creating a path for contributors to become full maintainers, alongside collaborations with TAG Security and TAG Contributor Strategy.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X