Cert-Manager Now Part of The CNCF Sandbox Family as Jetstack Completes Donation

Nov. 23, 2020, 2:23 p.m.

TL;DR

Cloud native infrastructure builder Jetstack announces its successful donation of the cert-manager project to the Linux Foundation’s Cloud Native Computing Foundation as a “sandbox” project. The donation has been eagerly accepted, and cert-manager is expected to revolutionize the security offered to the Kubernetes community, specifically in the domain of certificate management.

The new cert-manager API makes it more mature and powerful

Key Facts

1
Jetstack’s cert-manager is a state-of-the-art Kubernetes certificate management controller. It is used to manage X.509 machine identities in OpenShift and Kubernetes.
2
Jetstack’s decision to donate cert-manager stems from their belief that technology like cert-manager can be better-utilized and more effective when managed and operated by a vendor-neutral party like the CNFC.
3
CNFC provides Kubernetes and open source support to a variety of organizations, non-profits, government agencies, and academic institutions worldwide. This makes the cert-manager donation especially useful in preserving the security of vast arrays of projects built by the community.
4
Cert-manager supports the entire certificate lifecycle and enables the signing of certificates by public and private signatories/authorities such as Let’s Encrypt.
5
Cert-manager has been built and grown by a dedicated team of Jetstack’s top engineers and over 260+ highly-experienced developers and engineers.

Details

Jetstack is mainly a Kubernetes professional services company founded in 2015 and recently acquired by Venafi, a security company specialized in different areas mainly machine identity. According to the Venafi:

The combination of speed and security creates an interesting dilemma. How do you build software quick enough to compete, without the risk of being exploited? This is the challenge that Jetstack and Venafi will solve.

Back to cert-manager, Jetstack recently announced the release of the v1 API for this tool, which made the technology more mature and powerful. This release allows developers to have greater visibility and control over their certificates.

Currently, the Venafi+Jetsack team has been working towards integrating Google's new Certificate Authority Service (CAS) with cert-manager. This will offer developers private CA keys as a service, using HSMs, which are validated at FIPS 140-2 Level 3.

It’s exciting to see cert-manager join the CNCF Sandbox. It’s been several years in the making to get to 1.0, and we’re hugely thankful to a community of over 250 contributors, and many end-users, to get it to where it is today. This is a foundational add-on to many Kubernetes and OpenShift clusters, and the project will benefit from being part of the CNCF and its ecosystem. We look forward to attracting a diverse contributor base and extending our partnership and cooperation with many other projects to further enhance the developer and operator experience.
Matthew Bates
Co-founder and CTO, Jetstack