Clarify why this project exists

Signed-off-by: Jake Sanders <[email protected]>
cert-manager · May 30, 2022 · f2a5b9d · f2a5b9d
1 parent 5b0a087
commit f2a5b9d
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -44,3 +44,16 @@ Observe the `route.Spec.TLS` section of your route being populated automatically
 
 The route's TLS certificate will be rotated 2/3 of the way through the certificate's lifetime, or 
 `cert-manager.io/renew-before` time before it expires.
+
+# Why is This a Separate Project?
+
+We do not wish to support non Kubernetes (or kubernetes-sigs) APIs in cert-manager core. This adds
+a large maintenance burden, and it's hard for us to e2e test everyone's CRDs. However, OpenShift is
+widely used, so it makes sense to have some support for it in the cert-manager ecosystem.
+
+Ideally we would have contributed this controller to an existing project, e.g.
+https://github.com/redhat-cop/cert-utils-operator. Unfortunately, cert-manager is not really designed
+to be imported as a module. It has a large number of transitive dependencies that would add an unfair
+amount of maintenance to whichever project we submitted it to. In the future, we would like to split
+the cert-manager APIs and typed clients out of the main cert-manager repo, at which point it would be
+easier for other people to consume in their projects.