jetstack-bot
GitHub
commit
f109f34aee
94
ROADMAP.md
94
ROADMAP.md
@ -1,49 +1,57 @@
|
||||
Roadmap
|
||||
=======
|
||||
|
||||
These are the themes that we plan to work on for cert-manager. If you wish
|
||||
to discuss these topics you can find us in #cert-manager on Kubernetes Slack, or
|
||||
at our [community meetings](https://cert-manager.io/docs/contributing/#meetings).
|
||||
The roadmap items are categorised into themes based on the larger goals we want to achieve with cert-manager.
|
||||
|
||||
The roadmap items are categorized in to themes based on the larger goals we
|
||||
want to achieve with cert-manager.
|
||||
|
||||
While this is a summary of the direction we want to go, we welcome all PRs,
|
||||
even if they don't fall under any of the roadmap items.
|
||||
While this is a summary of the direction we want to go, we welcome all PRs, even if they don't fall under any of the roadmap items.
|
||||
|
||||
* Beyond Ingress: improve experience of cert-manager for applications beyond just
|
||||
ingress certificates
|
||||
* Service Mesh Integration: Enable service meshes to issue mTLS certificates
|
||||
with cert-manager, getting the integration with external issuers and the
|
||||
audit capabilities of cert-manager in their mesh
|
||||
* Istio agent certificates issued via cert-manager
|
||||
* CSI driver: seamlessly deliver unique certs + keys to workloads. Review the
|
||||
prototype that we have for this and do a proper release.
|
||||
* Adoption of upstream APIs: continue to support latest APIs for k8s upstream
|
||||
* k8s APIs: keep up to date with Kubernetes API changes and releases
|
||||
* CSR API: support CSR API as a standard for certificate requests in kubernetes
|
||||
* Policy: allowing granular control over certificate issuance
|
||||
* Extensible primitives within cert-manager for defining policy for
|
||||
acceptable CertificateRequests
|
||||
* Extensibility: widen the scope of integrations with cert-manager
|
||||
* [EST support](https://tools.ietf.org/html/rfc7030): support a standard for
|
||||
ACME-like issuance within an enterprise
|
||||
* External DNS plugin: enable ACME DNS01 requests to be completed using external-dns
|
||||
* OpenShift Routes support: provide similar capabilities to Ingress for
|
||||
issuing certs
|
||||
* Improve external issuer development experience: documentation and examples
|
||||
for people developing external issuers
|
||||
* PKI lifecycle: enable best-practice PKI management with cert-manager
|
||||
* Handle CA cert being renewed: deal with the cases where the CA cert is
|
||||
renewed and allow for all signed certs to be renewed
|
||||
* Trust root distribution: handle distributing all trust roots within a
|
||||
cluster, allowing for certs to be verified within a cluster
|
||||
* Improve developer and operator experience: better user experience
|
||||
for installation, operation and use with applications
|
||||
* Easier installation of cert-manager: improve the installation experience
|
||||
through docs and in other ways
|
||||
* Tooling to install and upgrade cert-manager (improved operators? CLI tool?)
|
||||
* Tooling to verify an installation is correct/secure
|
||||
* Easier diagnosis of problems: improve the cert-manager output to make the
|
||||
status clearer, and provide tools to aid debugging
|
||||
* Improve the new contributor experience
|
||||
|
||||
### Integration with other projects in the cloud-native landscape
|
||||
|
||||
cert-manager should be able to deliver and manage X.509 certificates to popular
|
||||
projects in the cloud-native ecosystem.
|
||||
|
||||
- Service Mesh Integration: While we have
|
||||
good Istio and Open Service Mesh integration, expand to other projects such as
|
||||
Linkerd, cilium
|
||||
|
||||
### Adoption of upstream APIs
|
||||
|
||||
Continue to support latest APIs for upstream K8s and related SIGs.
|
||||
|
||||
- Kubernetes APIs: keep up to date with Kubernetes API changes and release cadence
|
||||
- CSR API: support the sig-auth CSR API for certificate requests in kubernetes
|
||||
- Trust Anchor Sets
|
||||
- Gateway API
|
||||
|
||||
### Extensibility
|
||||
|
||||
Widen the scope of integrations with cert-manager.
|
||||
|
||||
- EST support: support a standard for ACME-like issuance within an enterprise
|
||||
- External DNS plugin: enable ACME DNS01 requests to be completed using external-dns
|
||||
- Improve external issuer development experience: documentation and examples for people developing external issuers
|
||||
|
||||
### PKI lifecycle
|
||||
|
||||
Enable best-practice PKI management with cert-manager.
|
||||
|
||||
- Handle CA cert being renewed: deal with the cases where the CA cert is renewed and allow for all signed certs to be renewed
|
||||
- Make cert-manager a viable way to create and manage private PKI deployments at scale
|
||||
- Trust root distribution:handle distributing all trust roots within a cluster, allowing for certs to be verified within a cluster
|
||||
(See [cert-manager/trust](https://cert-manager.io/docs/projects/trust/))
|
||||
|
||||
### End-user experience
|
||||
|
||||
- Graduate alpha / beta features in good time:
|
||||
- SIG-Auth CSR API support
|
||||
- SIG-Network Gateway API support
|
||||
- Easier diagnosis of problems: improve the cert-manager output to make the status clearer, and provide tools to aid debugging
|
||||
- Improve the new contributor experience
|
||||
|
||||
### Developer experience
|
||||
|
||||
- Better user experience for installation, operation and use with applications
|
||||
- Zero test flakiness and increased testing confidence
|
||||
- Improve release process by adding more automation
|
||||
|
||||
Loading…
Reference in New Issue
Block a user