JetStack Donates Certificate Manager Tool to CNCF
JetStack, a unit of Venafi, announced during the online KubeCon + CloudNativeCon North America 2020 conference that its cert-manager software has become a sandbox level project that will be advanced under the auspices of the Cloud Native Computing Foundation (CNCF).
Company CTO Matt Bates says JetStack decided to donate cert-manager to the CNCF to increase further integration between the tool for managing X.509 machine identities for Kubernetes with other security and IT management projects being advanced by the CNCF, including the Open Policy Agent (OPA) project or the service mesh interface (SMI) initiative.
The cert-manager project has achieved 1.0 level after several years of development led by JetStack, which is also looking forward to advancing the project in collaboration with additional contributors. The end goal is to make it easier for DevOps teams to manage certifications as code as part of a larger effort to shift more control over certificates to developers, Bates notes. The company also makes available an enterprise edition of cert-manager.
Rather than waiting for an IT operation teams to provide certificates, Bates says DevOps teams are using cert-manager to acquire certificates from a certificate authority themselves. Today it’s not uncommon for a certificate that encrypts data as it moves across an IT environment to expire because someone forgot to renew it. The cert-manager project enables developers to programmatically schedule the renewal of certificates, he says.
The speed at which certificates can be issued has become critical for DevOps teams as they accelerate the rate at which applications are being deployed. DevOps implementations and other high-velocity environments often require requested certificates to be available in seconds, which typically also requires integration with continuous integration/continuous delivery (CI/CD) platforms.
It’s also important to remember that web applications that don’t have certificates will be penalized in search rankings, because the underlying site is assumed to be insecure.
Certificate management may not always be the first thing that comes to mind when organizations are designing their DevOps workflows. However, as the number of microservices-based applications being deployed continues to expand, the number of necessary certificates continues to expand. Shifting responsibility for certificate management further left creates a significant opportunity to reduce unnecessary friction across DevOps workflows.
In the meantime, Bates says, JetStack will continue to work toward making it possible to unify certificate management across fleets of Kubernetes environments, including Red Hat OpenShift platform, which adds additional nuances on top of the core Kubernetes distribution.
Regardless of the approach to managing certificates, IT organizations would be well-advised to automate as much of the certificate management process as possible at a time when new applications are expected to drive a wider range of digital business transformation initiatives. If one of those applications suddenly is no longer available simply because a certificate wasn’t renewed, the impact to the business is going to be much greater than anyone in the business is likely to appreciate.