Signed-off-by: irbekrm <irbekrm@gmail.com>

2022-07-13 19:47:07 +01:00

Roadmap

The roadmap items are categorised into themes based on the larger goals we want to achieve with cert-manager.

While this is a summary of the direction we want to go, we welcome all PRs, even if they don't fall under any of the roadmap items.

cert-manager should be able to deliver and manage X.509 certificates to popular projects in the cloud-native ecosystem.

Service Mesh Integration: While we have good Istio and Open Service Mesh integration, expand to other projects such as Linkerd, cilium

Continue to support latest APIs for upstream K8s and related SIGs.

Kubernetes APIs: keep up to date with Kubernetes API changes and release cadence
CSR API: support the sig-auth CSR API for certificate requests in kubernetes
Trust Anchor Sets
Gateway API

Widen the scope of integrations with cert-manager.

EST support: support a standard for ACME-like issuance within an enterprise
External DNS plugin: enable ACME DNS01 requests to be completed using external-dns
Improve external issuer development experience: documentation and examples for people developing external issuers

Enable best-practice PKI management with cert-manager.

Handle CA cert being renewed: deal with the cases where the CA cert is renewed and allow for all signed certs to be renewed
Make cert-manager a viable way to create and manage private PKI deployments at scale
Trust root distribution:handle distributing all trust roots within a cluster, allowing for certs to be verified within a cluster (See cert-manager/trust)

Graduate alpha / beta features in good time:
- SIG-Auth CSR API support
- SIG-Network Gateway API support
Easier diagnosis of problems: improve the cert-manager output to make the status clearer, and provide tools to aid debugging
Improve the new contributor experience