[jnardiello]

You are entirely correct, we started this project as an internal tool to be used in any environment where no integration with IAM/OIDC/LDAP/AD/etc.. was available (we handle LOTS of clusters and many of them are in this situation).

So, this is mostly recommended (as you said) for smaller projects/teams/orgs but we figured out this would still be useful to many so we just open sourced it.

It's also entirely true that you can use it in any cluster, as Kubernetes under the hood does NOT have any concept of "user" it's just a bunch of certificates with some roles attached, so you can actually deploy it anywhere and you can use to release certs on the fly for your users.

As for gitops, that's a great questions we got asked a few times today. It's just no there right now, this is a nice web ui wrapping RBAC primitives. We'll surely be working on it soon.

Hopefully, this was clear. Let me know if you have more questions.