diff --git a/README.md b/README.md index 77f49b03f..9d5d44c95 100644 --- a/README.md +++ b/README.md @@ -20,12 +20,9 @@ cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. -It can issue certificates from a variety of supported sources, including Let's Encrypt, HashiCorp Vault, and Venafi as well as private PKI, and it ensures certificates remain -valid and up to date, attempting to renew certificates at an appropriate time before expiry. +It supports issuing certificates from a variety of sources, including Let's Encrypt (ACME), HashiCorp Vault, and Venafi TPP / TLS Protect Cloud, as well as local in-cluster issuance. -It is loosely based upon the work of [kube-lego](https://github.com/jetstack/kube-lego) -and has borrowed some wisdom from other similar projects such as -[kube-cert-manager](https://github.com/PalmStoneGames/kube-cert-manager). +cert-manager also ensures certificates remain valid and up to date, attempting to renew certificates at an appropriate time before expiry to reduce the risk of outages and remove toil. ![cert-manager high level overview diagram](https://cert-manager.io/images/high-level-overview.svg) @@ -33,14 +30,14 @@ and has borrowed some wisdom from other similar projects such as Documentation for cert-manager can be found at [cert-manager.io](https://cert-manager.io/docs/). -Issues and PRs for documentation should be filed in the [website repo](https://github.com/cert-manager/website/). - For the common use-case of automatically issuing TLS certificates for Ingress resources, see the [cert-manager nginx-ingress quick start guide](https://cert-manager.io/docs/tutorials/acme/nginx-ingress/). +For a more comprensive guide to issuing your first certificate, see our [getting started guide](https://cert-manager.io/docs/getting-started/). + ### Installation -We document [installation](https://cert-manager.io/docs/installation/) on the website. +[Installation](https://cert-manager.io/docs/installation/) is documented on the website, with a variety of supported methods. ## Troubleshooting @@ -50,7 +47,7 @@ If you encounter any issues whilst using cert-manager, we have a number of ways - Our official [Kubernetes Slack channel](https://cert-manager.io/docs/contributing/#slack) - the quickest way to ask! - [Searching for an existing issue](https://github.com/cert-manager/cert-manager/issues). -If you believe you've found a bug, and cannot find an existing issue, feel free to [open a new issue](https://github.com/cert-manager/cert-manager/issues)! +If you believe you've found a bug and cannot find an existing issue, feel free to [open a new issue](https://github.com/cert-manager/cert-manager/issues)! Be sure to include as much information as you can about your environment. ## Community @@ -105,4 +102,10 @@ Follow the instructions in [SECURITY.md](./SECURITY.md) to make a report. [Every release](https://github.com/cert-manager/cert-manager/releases) on GitHub has a changelog, and we also publish release notes on [the website](https://cert-manager.io/docs/release-notes/). +## History + +cert-manager is loosely based upon the work of [kube-lego](https://github.com/jetstack/kube-lego) +and has borrowed some wisdom from other similar projects such as [kube-cert-manager](https://github.com/PalmStoneGames/kube-cert-manager). + + Logo design by [Zoe Paterson](https://zoepatersonmedia.com) diff --git a/ROADMAP.md b/ROADMAP.md index fab6e8962..04d7df478 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -4,7 +4,9 @@ Roadmap The roadmap items are categorised into themes based on the larger goals we want to achieve with cert-manager. -While this is a summary of the direction we want to go, we welcome all PRs, even if they don't fall under any of the roadmap items. +While this is a summary of the direction we want to go we welcome all PRs, even if they don't fall under any of the roadmap items +listed here. We unfortunately can't merge every change, and if you're looking to contribute a new feature you might want to +check the [contributing guide](https://cert-manager.io/docs/contributing/) on the cert-manager website. ### Integration with other projects in the cloud-native landscape @@ -12,9 +14,7 @@ While this is a summary of the direction we want to go, we welcome all PRs, even cert-manager should be able to deliver and manage X.509 certificates to popular projects in the cloud-native ecosystem. -- Service Mesh Integration: While we have -good Istio and Open Service Mesh integration, expand to other projects such as -Linkerd, cilium +- Service Mesh Integration: While we have good Istio and Open Service Mesh integration, expand to other projects such as Linkerd, cilium ### Adoption of upstream APIs @@ -22,7 +22,7 @@ Continue to support latest APIs for upstream K8s and related SIGs. - Kubernetes APIs: keep up to date with Kubernetes API changes and release cadence - CSR API: support the sig-auth CSR API for certificate requests in kubernetes -- Trust Anchor Sets +- [Trust Anchor Sets](https://github.com/kubernetes/enhancements/pull/3258) - Gateway API ### Extensibility @@ -37,18 +37,18 @@ Widen the scope of integrations with cert-manager. Enable best-practice PKI management with cert-manager. -- Handle CA cert being renewed: deal with the cases where the CA cert is renewed and allow for all signed certs to be renewed +- Handle CA certs being renewed: deal with the cases where the CA cert is renewed and allow for all signed certs to be renewed - Make cert-manager a viable way to create and manage private PKI deployments at scale -- Trust root distribution: handle distributing all trust roots within a cluster, allowing for certs to be verified within a cluster +- Trust root distribution: handle distributing all trust roots within a cluster, solving trust for private and public certificates -See also [cert-manager/trust](https://cert-manager.io/docs/projects/trust/) +See also [trust-manager](https://cert-manager.io/docs/projects/trust/) for more on trust distribution. ### End-user experience - Graduate alpha / beta features in good time: - SIG-Auth CSR API support - SIG-Network Gateway API support -- Easier diagnosis of problems: improve the cert-manager output to make the status clearer, and provide tools to aid debugging +- Easier diagnosis of problems: improve cert-manager output to make status clearer, and provide tools to aid debugging - Improve the new contributor experience ### Developer experience