One of the easiest things you can do to secure pretty much anything is to make it easier to use TLS (Transport Layer Security) for network connections. For Kubernetes, that means using cert-manager. Now, that project’s parent companies, Jetstack, a Kubernetes product and services provider, in partnership with Venafi, have launched Jetstack Secure, a fully automated machine identity management for Kubernetes and Red Hat OpenShift based on cert-manager.
Cert-manager is an open source native TLS x.509 machine identity/certificate-management program. It, and Jetstack Secure, support Automatic Certificate Management Environment (ACME) compatible certificate authorities (CAs) such as Let’s Encrypt, HashiCorp Vault, Venafi, and self-signed private internal certificates using mTLS across a service mesh. It also supports Google Certificate Authority Service (CAS). The program does this by using Kubernetes’ built-in custom resource definitions to extend the Kubernetes API.
While cert-manager is still a Cloud Native Computing Foundation (CNCF) sandbox program, with three years of history behind it, it’s very usable.
Jetstack Secure comes ready to run with a web-based management interface and enterprise-grade support direct from the team behind the project. Besides providing server instances with TLS security, it builds a detailed view of containers and servers across multiple clusters and clouds.
Blink twice and things change in a Kubernetes cluster, but its makers assure users that Jetstack Secure is built to operate in fast-paced, rapidly evolving Kubernetes and OpenShift environments, It deploys easily using Kubernetes resources, including an open source agent, which is backed by a reliable and scalable SaaS managed by Jetstack. You can set its interface to run for free on a single cluster and customers can upgrade for advanced multicluster and alerting capabilities.
There’s a real need for this program. As Matt Bates, Jetstack chief technology officer and co-founder, said in a statement, “We’ve seen first-hand from our work with customers that adopting cloud native technologies and modern microservice architecture very quickly leads to a significant growth of TLS certificates — from ingress TLS, to intra-service mTLS, Kubernetes webhooks and more.” Therefore, “As infrastructure scales and clusters accumulate, a very high level of automation is needed to ensure certificates are consistent and kept up-to-date.”
“With Jetstack Secure,” Bates concluded, “our customers can see a detailed view of each cluster and an instant visual status of all workload certificates, including their association with Kubernetes resources. Crucially, it will identify and help to mitigate issues that can cause operational or security risk.”
CNCF, HashiCorp and Openshift are sponsors of The New Stack.