These are the themes that we plan to work on for cert-manager. If you wish to discuss these topics you can find us in #cert-manager on Kubernetes Slack, or at our community meetings.
The roadmap items are categorized in to themes based on the larger goals we want to achieve with cert-manager.
While this is a summary of the direction we want to go, we welcome all PRs, even if they don't fall under any of the roadmap items.
- Beyond Ingress: improve experience of cert-manager for applications beyond just
ingress certificates
- Service Mesh Integration: Enable service meshes to issue mTLS certificates with cert-manager, getting the integration with external issuers and the audit capabilities of cert-manager in their mesh
- Istio agent certificates issued via cert-manager
- CSI driver: seamlessly deliver unique certs + keys to workloads. Review the prototype that we have for this and do a proper release.
- Adoption of upstream APIs: continue to support latest APIs for k8s upstream
- k8s APIs: keep up to date with Kubernetes API changes and releases
- CSR API: support CSR API as a standard for certificate requests in kubernetes
- Policy: allowing granular control over certificate issuance
- Extensible primitives within cert-manager for defining policy for acceptable CertificateRequests
- Extensibility: widen the scope of integrations with cert-manager
- EST support: support a standard for ACME-like issuance within an enterprise
- External DNS plugin: enable ACME DNS01 requests to be completed using external-dns
- OpenShift Routes support: provide similar capabilities to Ingress for issuing certs
- Improve external issuer development experience: documentation and examples for people developing external issuers
- PKI lifecycle: enable best-practice PKI management with cert-manager
- Handle CA cert being renewed: deal with the cases where the CA cert is renewed and allow for all signed certs to be renewed
- Trust root distribution: handle distributing all trust roots within a cluster, allowing for certs to be verified within a cluster
- Improve developer and operator experience: better user experience
for installation, operation and use with applications
- Easier installation of cert-manager: improve the installation experience through docs and in other ways * Tooling to install and upgrade cert-manager (improved operators? CLI tool?) * Tooling to verify an installation is correct/secure
- Easier diagnosis of problems: improve the cert-manager output to make the status clearer, and provide tools to aid debugging
- Improve the new contributor experience