In December last year we were delighted to announce a major milestone for the cert-manager community with the CNCF accepting the project into the Sandbox. Hot on the heels of this achievement, we are today launching a public Beta of Jetstack Secure, our new flagship product for Cloud Native machine identity management.
Introducing Jetstack Secure
This new offering extends the core value of cert-manager and provides full visibility of machine identities across multiple clusters and clouds. Packaged with a web-based UI to provide a detailed view of the cloud native enterprise security posture, Jetstack Secure proactively identifies operational issues based on cert-manager instance status and health, as well as insecure X.509 certificate configuration.
Jetstack Secure deploys easily using Kubernetes resources, including an open-source agent, and it is backed by a reliable and scalable SaaS managed by Jetstack. The full interface can be set-up to run for free on a single cluster and customers can upgrade for advanced multi-cluster and alerting capabilities, as well as integrating enterprise CAs and service mesh. Jetstack Secure is backed with enterprise-grade support direct from the team that originally created the cert-manager project.
Built for fast-paced, rapidly evolving Kubernetes and OpenShift environments
Jetstack Secure provides both operations and security teams with a stand-out solution that best meets their respective needs for a high-level of platform automation, coupled with best-practice security. With cert-manager at its core, Jetstack Secure delivers comprehensive protection of machine identities, including public trusted certificates for ingress TLS, as well as private certificates for internal workloads using mTLS, including service mesh. It gives platform leads the confidence to scale-up infrastructure, with full automation that adheres to enterprise security standards.
The vision for Jetstack Secure comes from our first-hand experience supporting enterprise customers to solve the range of real-world security challenges when scaling with Kubernetes and OpenShift. Adopting cloud native technologies and modern microservice architecture very quickly leads to a significant growth of TLS certificates: ingress TLS, intra-service mTLS, Kubernetes webhooks and more. As clusters accumulate and teams adopt technologies such as service mesh, a high level of automation is needed to ensure certificates continue to interoperate securely, are managed consistently and kept up-to-date.
Multi-cluster visibility coupled with best practice security insight
Jetstack Secure users can see a detailed view of each cluster with an instant visual status of all workload certificates, including their association with Kubernetes resources. Crucially, it will identify and help to mitigate issues that can cause operational or security risk. For example by providing data on manually issued certificates not managed by cert-manager which lack proper security configuration, or a certificate failing to renew due to a rate limit in a third-party CA system. Drawing on our unique insight and operational experience, Jetstack Secure will help pinpoint the root cause and enable faster remediation.
As well as providing an interface for all machine identity configurations, planned new releases of Jetstack Secure will build-in automation around policy and audit and will include wider use cases for certificates such as workload signing and attestation. Check out the Jetstack Secure product web page to see the full set of features planned for release in 2021.
Jetstack Secure is offered with access to Jetstack’s “resource library” of best practice security blueprints and deployment playbooks, meaning the platform team can apply specific cert-manager blueprints to architectural deployment patterns that often arise when scaling the infrastructure. The product was designed and built to meet the needs of high-growth enterprise cloud native environments where complex patterns can emerge from areas such as implementing zero-trust networking, by deploying service mesh with mTLS, or multi-cloud infrastructure operating many instances of cert-manager.
Get started for free today
The Jetstack Secure offering is free for the first cluster then pay-as-you-use for additional clusters, and is accessed and installed immediately from the Jetstack Secure product page. Get started using the link below to sign-up and deploy the open-source agent in your cluster.
For Google Cloud customers, Jetstack Secure will very shortly be available in the Marketplace for automated install and updates.
Learn more about Jetstack Secure
Download the product data sheet to find out more about the full feature set and how it helps platform and operation teams.
Check out a short video demo of the Jetstack Secure interface and some of its features for cert-manager health and certificate status.