On behalf of the cert-manager team, it is with great pleasure to announce the v1 release of the cert-manager project! A project started by Jetstack three years ago, cert-manager automates the management of x509 machine identities within Kubernetes and OpenShift. It has grown to become a leading community project in the cloud native ecosystem, with many tens of thousands of end-users. The project has now reached a level of maturity and we are excited to reach this momentous milestone with the help and support of the entire community.
We’ve come a long way
Initially started to expand on the success of its predecessor, kube-lego, the project is now used by companies all across the world and in all sorts of industries, including government departments, large financial institutions, car manufacturers, and retail stores.
A seal of trust
With cert-manager v1.0, we’re putting a seal of trust on three years of development on the cert-manager project. Over this time, cert-manager has gained functionality and stability, and best of all we’ve seen a community grow around the project. Today we see many people using cert-manager to secure their Kubernetes clusters, as well as cert-manager being integrated into many other parts in the ecosystem. In the past 16 releases many bugs got fixed, and things that needed to be broken were broken! Several iterations of the API improved the user experience and we collectively solved 1500 GitHub issues with even more PRs, with the help of 253 contributors.
With releasing v1.0, we’re officially making a statement that cert-manager is a mature project ready to be used by anybody. We’re backing this up by also announcing commercial support for the project so enterprises that rely on the software have direct access to Jetstack for support and engineering assistance.
Many thank yous
We wish to extend our thanks to each and everyone that has helped to build cert-manager over the past three years. A special thanks to James Munnelly, who had the foresight to build and architect the project and grow the community to where it is today, including a team of Jetstack engineers and 250+ contributors!
Let v1.0 be the first of many big achievements together - onwards!
What is cert-manager and how is it used?
cert-manager automates the management of x509 machine identities within Kubernetes and OpenShift. It makes certificate authorities and certificates first-class resource types in the Kubernetes API, enabling developers to easily request machine identities for applications, whilst platform and security teams can maintain control and visibility.
The most common use case for cert-manager is requesting TLS signed certificates to secure Ingress resources. It can also be used programatically by Kubernetes-native applications, as well as via the CSI driver to provide certificates on disk for the likes of intra-pod mTLS and more legacy applictions. Read more about how to get started and usage at the cert-manager documentation.
What’s new in 1.0?
1.0 is a symbolic release — it may not bring many new features, but it now declares that we believe it is ready for production use by everyone, and that we are making a commitment to support and backwards compatibility.
The new cert-manager v1 Kubernetes API version is guaranteed by the project to be backwards-compatible with future releases. At some point in the future we may move to a backwards-incompatible v2 API as we look at new features for more use cases. We currently have no immediate plans to introduce a v2 API, and there would be a smooth migration path available for users of the v1 API.
The upshot of this is that you can now use cert-manager 1.0 and the v1 API version and be reassured that you can stay up-to-date with cert-manager releases, bug fixes, and new features without worrying about compatibility with your existing deployments.
The release does also contain a few improvements:
- Improvements to the new
kubectl cert-manager statuscommand that makes debugging certificate problems much easier. We’ll soon be following up with a blog post that talks more about this feature and how to use it.
- Improved logging, with reduced noise and better control over log levels.
You can read the full release notes in the documentation.
Announcing cert-manager Enterprise
Along with the release of cert-manager 1.0, Jetstack is announcing cert-manager Enterprise (now Jetstack Secure) to solidify Jetstack’s commitment and support to the project.
cert-manager Enterprise (now Jetstack Secure) isn’t a new version of the code, it is a package of enterprise-grade support and add-ons from Jetstack to complement the open source project. Specifically, cert-manager Enterprise offers:
- 24x7 support from the creators and maintainers of the project: professional 24x7 support from cert-manager experts available to deal with issues that are affecting your business-critical systems, as well as direct access to the engineering team.
- Signed builds for security and trust: eliminate software supply chain issues by getting signed builds directly from the authors of the project.
- Visibility of configuration issues with Preflight: cert-manager configuration checked by our automated scanning tool Preflight. It provides warnings about critical problems and suggestions for configuration improvements, with detailed remediation information.
- Access to best practice blueprints and playbooks: our team of cloud native engineers maintain detailed blueprints and playbooks, covering recommended architectural patterns and operational practices for more complex deployments, such as multi-cluster/cloud/mesh.
If you want to get involved in the project, we have various meetings and communication channels and always welcome new participants, in whatever capacity.
First, sign up for the mailing list which we use to send out calendar invites. Once you have joined, you’ll receive invites to our bi-weekly development meeting (held every other Wednesday at 5pm London time).
The #cert-manager and #cert-manager-dev channels on the Kubernetes Slack are also a great place to start and get chatting about ideas or questions you have. Please drop by and say hello!
We also host daily stand ups at 10:30am UK time where we discuss what’s being worked on for the day and go over any recent/new issues. You’ll receive invites to this after joining the above Google group too.
Join our first Community Day
Join us virtually on September 9th for our first ever cert-manager Community Day. Learn more about the project and where it’s going, hear from end users about use cases with talks and demos, ask the maintainers anything and meet others interested in managing machine identities with Kubernetes and cloud native tooling.
We’re excited to be joined by a number of end-users and partners in the community, including Josh Aas, Executive Director at Let’s Encrypt, Anurag Goel, CEO at Render, as well as the original founder of the project, James Munnelly. Keep an eye on the agenda at the event page for more details.
Once again, a huge thank you to all that have been involved in getting cert-manager to where it is today! We’re really looking forward to continuing the collaboration in the community, improving the developer experience, and the operation of machine identity automation with cloud native systems.