The New Stack Podcast

How cert-manager Got to 500 Million Downloads a Month

Dec 19, 2024

Matt Barker, co-founder of Jetstack, and Ashley Davis, staff software engineer at Venify, dive into the fascinating journey of cert-manager, an open-source project that revolutionized Kubernetes certificate management. They recount how a job interview challenge sparked its creation, leading to over 500 million downloads monthly. The discussion highlights cert-manager's CNCF graduation, upcoming sub-projects like trust-manager, and the importance of managing machine identities in cloud-native environments, while also addressing the challenges of community engagement and scaling.

23:18

Creator website

Episode guests

Ashley Davis

Matt Barker

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Cert-manager evolved from an interview challenge into a vital open-source project for Kubernetes, achieving 500 million downloads monthly and CNCF graduation.

The project faces governance challenges due to diverse user opinions while planning future enhancements like post-quantum cryptography and improved enterprise integrations.

Deep dives

Overview of CertManager's Journey to Graduation

CertManager transitioned from a sandbox project to graduation status within the Cloud Native Computing Foundation (CNCF) in four years, showcasing its significance in cloud-native environments. Initially developed by Jetstack, CertManager was created to address common challenges in managing TLS certificates within Kubernetes ecosystems. Its wide adoption can be seen, as studies indicate that it is utilized in up to 90% of Kubernetes clusters. This project has grown into a cornerstone of open-source certificate management, reflecting the community's strong support and substantial contributions towards its development.

Intro

2min

Understanding Machine Identities in Cloud-Native Environments

2min

The Evolution of cert-manager in Kubernetes

7min

Navigating CertManager's Innovations

10min

Engaging with the cert-manager Project: Opportunities and Community Support

3min

Jetstack’s cert-manager, a leading open-source project in Kubernetes certificate management, began as a job interview challenge. Co-founder Matt Barker recalls asking a prospective engineer to automate Let’s Encrypt within Kubernetes. By Monday, the candidate had created kube-lego, which evolved into cert-manager, now downloaded over 500 million times monthly.

Cert-manager’s journey to CNCF graduation, achieved in September, began with its donation to the foundation four years ago. Relaunched as cert-manager, the project grew under engineer James Munnelly, becoming the de facto standard for certificate lifecycle management. The thriving community and ecosystem around cert-manager highlighted its suitability for CNCF stewardship. However, maintainers, including Ashley Davis, noted challenges in navigating differing opinions within its vast user base.

With graduation achieved, cert-manager’s roadmap includes sub-projects like trust-manager, addressing TLS trust bundle management and Istio integration. Barker aims to streamline enterprise-scale deployments and educate security teams on cert-manager’s impact. Cert-manager has become integral to cloud-native workflows, promising to simplify hybrid, multicloud, and edge deployments.

Learn more from The New Stack about cert-manager:

Jetstack’s cert-manager Joins the CNCF Sandbox of Cloud Native Technologies

Jetstack Secure Promises to Ease Kubernetes TLS Security

Join our community of newsletter subscribers to stay on top of the news and at the top of your game.