Skip to main content
banner image
venafi logo

CNCF and Open-Source Machine Identities

CNCF and Open-Source Machine Identities

March 18, 2021 | Richard Collins, Jetstack

Enterprise-wide machine identity management is vital for organizations of any size to guarantee the confidentiality and integrity of communication between machines. Malicious attackers can easily take advantage of compromised machine identities to steal sensitive data or masquerade as a legitimate machine that your network will inadvertently trust.

Jetstack previously donated the cert-manager project to the Cloud Native Computing Foundation® (CNCF®), allowing developers to quickly and securely manage all machine identities and secure applications.  Jetstack is now proudly expanding cloud agnostic certificate management solutions to enterprises big and small.

Last week's quarterly CNCF End User Technology Radar offered a new insight into how enterprise end users are adopting security tools related to certificate management. The report especially highlighted the rise of cert-manager - a CNCF Sandbox project - as one of the most highly adopted. This pointed to interesting behaviors in the way enterprises no longer solely rely on Cloud Service Providers to automatically manage certain cloud security elements. Among the findings of this report, certificate management was called out as being particularly relevant. Certificate management in general is “top of mind” for many enterprises, hence the importance of cert-manager as a proven and well-established solution to easily automate TLS certificates was a strong highlight.

cert-manager is a highly popular open source project, first created by Jetstack and now part of the CNCF Sandbox, which has grown to become the de facto solution for managing X.509 certificates in Kubernetes. Secrets management is of course inherently needed for storing public and private keys for TLS certificates. cert-manager uses the native Kubernetes secrets resource and is more generally used for automating machine identity management for workloads. 

The survey showed that certificate management is increasingly important for Kubernetes end users and there is great interest in cloud agnostic solutions. This finding in particular signals a shift in how enterprises choose to consume cloud security services. It is also interesting to note the rise in multi-cloud patterns and solutions being adopted by enterprises which can explain why cloud-agnostic tools like cert-manager are becoming popular. This adoption is driven by increased usage of Kubernetes in enterprises with large estates of legacy applications and a need to support hybrid and multi-cloud infrastructure. Given this interest in multi-cloud, it is inevitable that usage of service meshes will also increase and cert-manager, with its support for Istio and Open Service Mesh, with more to come, is perfectly placed to provide a cloud agnostic, cross-cluster certificate management solution.

cert-manager adoption is centered on X.509 certificates being used to automate machine identity management for Kubernetes workloads. It builds in native support for certificates and certificate authorities, integrating with a range of popular public and private providers. Platform and operations teams can rely on cert-manager to automatically issue and renew certificates. This capability is primarily used to secure ingress resources, with public CAs such as Let’s Encrypt, but there is now increasing interest to use cert-manager to secure workload identities with mesh and mesh-like systems. All this delivers a level of certainty and security for development and platform teams. cert-manager’s growth is down to its demonstrable appeal as a consistent, reliable and agnostic solution for machine identity automation.

Enterprises are increasingly comfortable with solutions which can be properly evaluated and are backed up with a strong community of contributors and users from across the ecosystem. The cert-manager community has grown to over 275 contributors since its first commit back in 2017, including a team at Jetstack who support the development full-time, together with individual maintainers and CNCF end users. 

Ingress protection is of course vital, but in parallel enterprises see cert-manager as a compelling choice to easily automate certificate management to secure intra-pod traffic and control workload security and access for internal traffic; easily integrating enterprise CAs to issue private certificates; control workloads to operate across different cloud providers; operating Istio service mesh so that control plane communication across the mesh is automated using mTLS.

Enterprises that are committing more resources to scale their Kubernetes infrastructure across multiple cloud providers evidently are not looking solely to the Cloud Service Providers to support their need for certificate management. The survey suggests cert-manager is firmly established as the solution of choice to meet many large enterprises’ need for Kubernetes certificate management - this is great to see for a CNCF sponsored project. The general factor which explains the increased adoption of cert-manager is it aligns with enterprises' plans for expanding infrastructure. cert-manager has shown it is a great fit for the many use cases in which automated certificates are needed. As enterprises transform their infrastructure with Kubernetes and build out a multi-cloud strategy, we’re delighted that a cloud native, CNCF-backed project, is meeting their needs.

Jetstack announces enterprise grade machine identity management with Jetstack Secure.

Related Posts

Like this blog? We think you will love this.
Featured Blog

Using mTLS in Kubernetes: Top Reasons

TLS everywhere is a good practice

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Richard Collins, Jetstack
Richard Collins, Jetstack
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more