Cert-manager Graduates to CNCF Incubating Project

Matt Barker, President of Cloud Native Services for Venafi

cert-manager, the defacto standard for TLS machine identity management in cloud native service mesh and multi-cloud, multi-cluster environments, achieves key maturity milestone

Venafi®, the inventor and leader of machine identity management today announced that the open source cert-manager project has graduated to the Cloud Native Computing Foundation® (CNCF) incubation program. The incubation program will help cert-manager widen its community of contributors, expand to new use cases, improve extensibility and advance developer and user experience.

cert-manager was originally created by Jetstack, a Venafi company, and has become the industry standard for TLS machine identity management in Kubernetes and OpenShift environments. Machine identity management is the foundation of security in cloud-native environments.

With over 1.5 million downloads per day and 9.4K stars on Git Hub, cert-manager protects cloud-native workloads with TLS encryption and provides critical security for clusters.

“cert-manager’s influence on the developer community is clear,” said Chris Aniszcyzk, CTO at CNCF. “Joining the incubator validates its strategic value, which will help to drive cert-manager’s growth. Through the project, we’ll be looking to offer solutions to complex cloud-native security problems that don’t stall innovation. We’re excited to see how developers use cert-manager as it evolves.”

cert-manager automates the issuance and renewal of X.509 certificates to authenticate and secure Kubernetes workload communications. communications. This includes securing public-facing workloads with ingress, as well as between microservices, that can span clusters and cloud environments. It was donated by Jetstack to the CNCF Sandbox in November 2020. Since then, the project has benefitted from CNCF’s rigorous maturity program. During the last two years, cert-manager has proven its value and strategic importance to the cloud-native landscape through extensive community and end-user engagement. Venafi is a leading contributor to the project and works closely alongside a diverse array of contributors from across the ecosystem.

Key stats on the project include:

  • Widespread adoption, with 1.5 million downloads per day across industries including financial services, technology, retail, healthcare and manufacturing
  • Default installation on 86% of new production clusters
  • A 99% approval rating from users across infrastructure of all kinds
  • Integration with multiple certificate authorities (CAs), and alignment with multiple open-source projects, including Cilium, Knative, SPIRE, Istio and Linkerd
  • Contributions from commercial PKI solutions, such as AWS (PCA) and Google (CAS)

“cert-manager was developed by a small team of passionate engineers, so we’re really proud it’s had such an impact,” says Matt Barker, President of Cloud Native Services for Venafi. “For us, the chance to work alongside projects that we love and respect – such as Kubernetes and Istio – means the incubator feels like the perfect home. CNCF will be vital to cloud-native business strategy moving forward, and we’re honoured to have a hand in this change.”

As a CNCF-hosted project, cert-manager is part of a neutral foundation aligned with its technical interests, as well as the larger Linux Foundation, which provides governance, marketing support, and community outreach. For more information on maturity requirements for each level, please visit the CNCF Graduation Criteria.