queue to be emptied once a day

Unprioritized issues older than 7 days (216)

Resolution: Add a priority/ or triage/ label

Average age: 230.2d, Avg wait: 94.3d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5603 https://charts.jetstack.io is not a valid chart repository 7d 7d 7d
kind/bug
recv
5601 Confusing error message when using external issuers 9d 9d
good first issue
kind/bug
open-milestone
5596 Current PSP is not sufficient to work with CSI volume 9d 9d 9d
kind/bug
recv
5594 Graduate ExperimentalGatewayAPISupport feature to beta 10d 1d
kind/feature
5593 logs in JSON format 10d 10d 10d
recv
5590 Configure cluster resource namespace in ClusterIssuer spec 13d 13d 13d
recv
similar
5588 --must-staple attribute for OCSP Stapling
13d 11d 11d
good first issue
kind/feature
commented
member-last
send
5586 "propagation check failed" for DNS-01 ACME challenge on internal EKS-cluster 14d 7d 14d
author-last
recv
similar
5585 ClusterIssuer cannot read the ServiceAccount token secret 14d 14d 14d
kind/bug
recv
similar
5581 Best way to migrate a Nginx ingress to cert-manager without downtime 16d 16d 16d
recv
5580 Mounting emptyDir to /tmp directory (webhook) 18d 18d 18d
kind/feature
author-last
recv
5575 Can cert manager be used as a multi-cluster active-active certificate manager? 3wk 3wk 3wk
recv
5572 Add the possibility to use two cluster issuers in a single ingress 3wk 3wk 3wk
kind/feature
recv
5566 upload Helm charts to OCI registry and sign them with cosign
4
3wk 8d 8d
kind/feature
commented
member-last
send
5565 cert-manager aws route53 hosted zone automatically add records. 3wk 3wk 3wk
recv
5564 Update Gateway API to use beta instead of alpha resource versions. 3wk 15d 15d
good first issue
kind/feature
commented
member-last
pr-changes-requested
send
5558 Will auto-renewal of the root certificate automatically renew the certificate issued by the root certificate? 3wk 3wk 3wk
recv
similar
5557 error instantiating route53 challenge solver: unable to assume role: AccessDenied: 3wk 3wk 3wk
kind/bug
recv
similar
5553 Cert manager is looking for wrong service name
2
4wk 4wk 4wk
recv
5549 unknown field "enabled" in io.k8s.api.core.v1.PodSecurityContext
4wk 2d 4wk
recv
5548 Pod is not running due to AppArmor not Enabled 4wk 3wk 4wk
recv
5545 openssl version used 4wk 4wk 4wk
recv
5543 Using Azure workload identity instead of AAD Pod Identities to configure the AzureDNS DNS01 challenge. 5wk 4wk 5wk
kind/feature
author-last
recv
recv-q
5541 Bump go version from 1.19.1 to 1.19.2 to mitigate go CVE 5wk 16d 5wk
kind/feature
recv
recv-q
5540 Changelog annotations to chart 5wk 5wk 5wk
kind/feature
recv
5538 Unable to set IPv6 podDNS config from values 5wk 5wk 5wk
kind/bug
recv
5537 Left over artifacts from cert-manager 5wk 5wk 5wk
author-last
recv
recv-q
similar
5536 Challenge stack on self check when host is unavailable from cluster. 5wk 5wk 5wk
kind/bug
recv
5531 Question regarding Apigee Hybrid cert-manager webhook support with CSI driver 6wk 4wk 6wk
author-last
recv
5527 Allow to add out-of-tree signers for cert-manager to approve. 6wk 6wk 6wk
kind/feature
recv
5526 Separate section for breaking changes in release notes 6wk 6wk 6wk
kind/bug
recv
5524 cert-manager v1.10.0 always tries to access clusterissuers at cluster scope 6wk 15d 6wk
kind/bug
recv
recv-q
5521 Webhook Pod HealthCheck Port is missing in Webhook PSP 6wk 6wk 6wk
kind/bug
recv
5520 CrashLoopBackOff after restart of all deployments 6wk 5wk 6wk
kind/bug
contributor-last
recv
recv-q
5516 Forbidden: seccomp may not be set pod.metadata.annotations
8
6wk 5wk 6wk
kind/bug
author-last
recv
5515 stuck on propagation check failed DNS record not yet propagated 6wk 6wk 6wk
kind/bug
recv
similar
5514 Venafi Issuer Read `caBundle` from Configmap or Secret 6wk 5wk 6wk
kind/feature
contributor-last
recv
5513 Deploy of cert-manager-webhook/cainjector:v1.9.1 got permission error
6wk 5wk 6wk
kind/bug
author-last
recv
recv-q
5512 GoogleCloud API call failed: googleapi: Error 403: Permission denied on resource project $PROJECT_ID 6wk 6wk 6wk
kind/bug
recv
5509 Label cert-manager managed objects with 'app.kubernetes.io/managed-by' 7wk 7wk 7wk
kind/feature
recv
5508 is it possible to create k8s tls secret when I store crt and key into vault? 7wk 7wk 7wk
author-last
recv
5507 CA provider authentication of issuer via certificate 7wk 7wk 7wk
kind/feature
recv
5503 cert-manager sub-chart documentation
7wk 7wk 7wk
recv
5499 Failed to create CertificateRequest: admission webhook "webhook.cert-manager.io" denied the request 7wk 7wk 7wk
kind/bug
commented
member-last
send
similar
5494 Adding Custom extensions to certificates, the Subject Alternative Name (SAN) extension criticality ( OID = 2.5.29.17 ) 1mo 1mo 1mo
kind/feature
recv
5488 Add support for creating pki secret engine in Vault 1mo 1mo 1mo
kind/feature
recv
5486 Aggressive Retries from "error instantiating route53 challenge solver" 1mo 1mo 1mo
kind/bug
recv
similar
5482 Implement support for hooks that get triggered after issuing or renewing certificates 1mo 1mo 1mo
kind/feature
recv
5481 Need metrics for DNS01 Challenges 1mo 6wk 1mo
kind/feature
recv
5480 Route53 solver's STS certificate chain is not being trusted by the cert-manager pod 2mo 2mo 2mo
kind/bug
recv
5479 Could not determine authoritative nameservers for \"_acme-challenge.XXX.com. 2mo 2mo 2mo
author-last
recv
recv-q
5472 Ability to check Venafi API parameter in log
2mo 2mo 2mo
kind/feature
recv
5470 Waiting on certificate issuance from order default/nginx-app-tls-z9xlj-2268860154: "pending" Issuing certificate as Secret does not exist 2mo 2mo 2mo
author-last
recv
recv-q
5467 External Key Generator 2mo 2mo 2mo
kind/feature
recv
5455 Support assuming role for route53 in AWS China (and other partitions) 2mo 2mo 2mo
kind/feature
recv
5454 make setup-integration-tests fail
2mo 2mo 2mo
kind/bug
recv
5449 Gateway API exist, still getting error "the Gateway API CRDs do not seem to be present" 2mo 2mo 2mo
recv
5448 how to disabled serverSideApply
2mo 6wk 2mo
help wanted
contributor-last
recv
5439 setting certificate attributes in certificate resources 2mo 2mo 2mo
kind/feature
collaborator-last
commented
send
similar
5437 Issuer/ClusterIssuer support to specify vault token on local filesystem 2mo 5wk 2mo
author-last
pr-unreviewed
recv
recv-q
5435 Issuer/ClusterIssuer vault with mounted JWT token 2mo 2mo 2mo
recv
5434 v1.7.3 still having "expired challenges" issue 2mo 2mo 2mo
kind/bug
author-last
recv
5433 Support certs that live for < 1h
3
2mo 2mo 2mo
kind/feature
recv
5432 Certificate renewed but not the linked secret 2mo 2mo 2mo
kind/bug
recv
similar
5431 After generating a new Let's Encrypt certificate, it still uses the default cluster certificate. 2mo 2mo 2mo
recv
5430 Improving DNS-01 challenge performance 2mo 2mo 2mo
kind/feature
pr-reviewed-with-comment
pr-unreviewed
recv
5428 [Helm chart] Cert-manager's metrics can't be added to grafana data soource 2mo 2mo 2mo
kind/bug
recv
5423 Security compliance check for cert-manager as per CIS Benchmark 2mo 2mo 2mo
kind/bug
commented
member-last
send
5421 [Helm chart] Cert-manager's metrics are not collected by default 2mo 2mo 2mo
kind/bug
recv
5419 Config option to allow vault issuer to skip TLS verification when connecting to Vault
2mo 2wk 2mo
kind/feature
author-last
commented
pr-closed
recv
5415 DNS record for xxx not yet propagated. can we use cloudflare for acme challenge and custom ns for propagation check? 3mo 2mo 3mo
kind/bug
recv
similar
5412 Allow to configure Azure DNS solver managed identity using a secret for GitOps environment
3mo 2mo 2mo
kind/feature
commented
member-last
send
5406 url property in index.yaml at charts.jetstack.io not standard 3mo 6d 3mo
kind/bug
lifecycle/stale
collaborator-last
commented
send
5396 Passing empty IP Address in the certificate spec, fails certificate creation 3mo 11d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
5394 Cert Manager showing "error"="Operation cannot be fulfilled on certificates.cert-manager.io"
2
3mo 13d 3mo
lifecycle/stale
collaborator-last
recv
5392 cert-manager-webhook emit TLS handshake error from 10.240.1.63:53386: EOF 3mo 15d 3mo
lifecycle/stale
collaborator-last
recv
5391 Regex validation on acme/solvers is too strict
3mo 15d 3mo
lifecycle/stale
collaborator-last
recv
5388 InvalidChangeBatch: cannot be created because a non multivalue answer rrset exists with the same name and type
3mo 17d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
5359 Packaging cert-manager with Carvel
4
4mo 2mo 2mo
kind/feature
commented
member-last
send
5357 Support ECDSA keys for ACME accounts 4mo 4wk 4mo
kind/feature
lifecycle/stale
author-last
pr-unreviewed
recv
5347 Got error:0A00010B:SSL routines::wrong version number 4mo 6d 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
5344 metrics for failed calls to cloudflare 4mo 8d 4mo
kind/feature
lifecycle/rotten
collaborator-last
recv
5326 Add ability to configure podTemplate securityContext fields in http solver 4mo 4wk 4mo
kind/feature
author-last
recv
5316 Cert-manager shuts down without warning due to secret timeout 4mo 15d 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
recv-q
5310 Install cert-manager: error bounded in resource existing
4mo 17d 4mo
lifecycle/rotten
collaborator-last
recv
5298 Complete the Migration Away From Jetstack Names 4mo 3wk
kind/cleanup
lifecycle/rotten
collaborator-last
5297 Failed to update endpoint cert-manager/cert-manager-webhook 4mo 16d 4mo
lifecycle/rotten
collaborator-last
recv
5296 Make caching 4mo 3wk
kind/bug
lifecycle/rotten
collaborator-last
5284 Challenge remain pending and does't rerun after I delegate dns zone 4mo 3wk 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
5283 DNS Challenges Not Added to Specified Ingress Despite Specifying in ACME ClusterIssuer Manifest 4mo 3wk 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
5279 cainjector is watching secrets in all the cluster even after setting --namespace flag
4mo 2mo 2mo
kind/bug
commented
member-last
send
5278 Add Support for Contour HttpProxy (proof of concept included) 4mo 3wk 4mo
kind/feature
lifecycle/rotten
collaborator-last
commented
send
5274 Provide the ability to recover a Certificate request from an Error state
2
4mo 4wk 4mo
kind/feature
lifecycle/rotten
collaborator-last
recv
5268 error decoding private key 4mo 4wk 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
5267 cm-acme-http-solver triggers no.scale.down.node.pod.not.backed.by.controller due to lack of PodDisruptionBudget
6
5mo 1mo 5mo
kind/bug
contributor-last
recv
5263 Test setup flake: go not found 5mo 4wk
lifecycle/rotten
kind/flake
flake/test-setup
collaborator-last
5262 Test setup flake: untaring go fails 5mo 4wk
lifecycle/rotten
kind/flake
flake/test-setup
collaborator-last
5254 AKS high severity : on disabling automounting API credentials for service account installation of cert manager timesout
5mo 10d 5mo
kind/bug
lifecycle/rotten
collaborator-last
recv
5246 Secrets are not updated when key stores added/removed
5mo 5d 5mo
kind/bug
lifecycle/rotten
collaborator-last
pr-changes-requested
recv
5230 Timeouts on Every Controller Reconcile Loop
5mo 11d 11d
kind/bug
commented
member-last
pr-merged
5220 Investigate improving resource consumption and performance in clusters with large amount of resources
9
5mo 1d 7wk
kind/feature
commented
recv-q
5215 Add relabeling in cert-manager serviceMonitor 5mo 2mo 5mo
kind/feature
author-last
commented
recv
recv-q
5211 Question about tolerations 5mo 2mo 5mo
author-last
recv
5198 Integration test flake: various timeouts 5mo 10d
lifecycle/stale
kind/flake
flake/test-logic
5197 cert-manager-webhook to provide logs when handling a k8s api-server request
2
5mo 4wk 5mo
good first issue
help wanted
kind/feature
assigned
assignee-updated
author-last
commented
recv
5193 Stuck on "propagation check failed"
5mo 8d 5mo
kind/bug
lifecycle/stale
area/acme
collaborator-last
commented
pr-merged
recv
similar
5182 e2e flake: etcd request slowness 5mo 4wk
lifecycle/rotten
kind/flake
flake/test-logic
collaborator-last
5180 e2e flake: webhook context deadline exceeded 5mo 4wk 5mo
lifecycle/rotten
kind/flake
flake/test-logic
collaborator-last
commented
5179 e2e flake: Message: "admission webhook \"webhook.cert-manager.io\" denied the request: the server could not find the requested resource" 5mo 4wk 5mo
lifecycle/rotten
kind/flake
flake/test-logic
collaborator-last
commented
similar
5178 e2e flake: mv: cannot stat 'bin/downloaded/tools/crane': No such file or directory 5mo 4wk 4mo
lifecycle/rotten
kind/flake
flake/test-setup
collaborator-last
commented
send
5177 e2e flake: /bin/bash: bin/tools/ytt: Permission denied 5mo 4wk
lifecycle/rotten
kind/flake
flake/test-setup
collaborator-last
5171 TPP Allowed Domains can cause valid certificate to error 6mo 2mo 6mo
kind/bug
area/venafi
contributor-last
recv
5106 Makefile flake when checking shasums 6mo 4wk 4mo
kind/bug
lifecycle/rotten
kind/flake
flake/test-setup
collaborator-last
commented
send
5069 Error presenting challenge: the server could not find the requested resource even though resource exists 7mo 10d 7mo
kind/bug
lifecycle/stale
recv
5066 Threat model for cert-manager
7mo 16d 7mo
kind/feature
commented
5062 Cert-manager stops processing order request in "processing" status after several attempts 7mo 7d 8d
kind/bug
area/acme
author-last
commented
recv
5041 Failed to obtain venafi certificate: vcert error: your data contains problems: request doesn't match certificate: unmatched key modulus 7mo 16d 7mo
kind/bug
lifecycle/rotten
collaborator-last
recv
recv-q
5031 ValidateCAA test function is flaky 7mo 1mo 1mo
kind/bug
kind/flake
flake/test-logic
commented
member-last
send
5005 Investigate why Contour fails with "Gateway not found in cache" in some end-to-end Prow jobs
8mo 3wk 4mo
lifecycle/rotten
kind/flake
flake/test-logic
collaborator-last
commented
pr-closed
send
5004 After installing cert-manager using kubectl, "cmctl check api" fails with "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": context deadline exceeded
5
8mo 16d 4mo
lifecycle/stale
commented
send
similar
4979 Overhaul the DNS01 solver
5
8mo 2mo
kind/feature
pr-closed
4959 Support AWS Auth Method for Vault 8mo 2mo 8mo
kind/feature
author-last
pr-unreviewed
recv
4956 cert-manager created multiple CertificateRequest objects with the same certificate-revision
2
2
3
8mo 1mo 8mo
kind/bug
commented
pr-closed
pr-merged
recv
recv-q
4950 General flakiness of our end-to-end suite
3
8mo 4mo 4mo
lifecycle/frozen
kind/flake
commented
member-last
pr-closed
pr-merged
send
4947 Custom labels/annotations in ACME solver services created by Issuer/ClusterIssuer
7
8mo 2mo 8mo
kind/feature
author-last
recv
4941 Failed to perform self check GET request
3
8mo 1d 8mo
kind/bug
lifecycle/rotten
recv
recv-q
similar
4931 Enable Testing on ARM64 8mo 3wk 8mo
kind/feature
author-last
commented
recv
recv-q
4899 Certificate.Spec.RenewEvery instead of RenewBefore 9mo 4wk 4mo
kind/feature
commented
contributor-last
4892 Set up a permanent cert-manager installation to catch issues that only appear in long running deployments
2
9mo 4wk 5mo
kind/feature
lifecycle/rotten
commented
4877 HTTP01 solver fails self-check/propagation check on 1.7.1 when used with client-certificate auth on nginx Ingress 1.1.1
9mo 3wk 9mo
kind/bug
author-last
recv
recv-q
4824 Repo Migration Followup Task List
10mo 6wk 6wk
assigned
assignee-updated
commented
member-last
pr-merged
4821 Allow `ingressClassName` to be set for HTTP01 solver ingresses.
3
97
10mo 2h 7mo
kind/feature
area/ingress-shim
commented
pr-unreviewed
recv-q
send
4797 Automatically renew certificates if OCSP indicates that it was revoked
6
10mo 3wk 9mo
kind/feature
area/acme
commented
contributor-last
recv
similar
4747 Revoke Certificates
5
12
10mo 10d 10mo
kind/feature
lifecycle/stale
collaborator-last
recv
similar
4685 Unexpected EOF during watch stream event decoding: unexpected EOF
2
11mo 4wk 11mo
lifecycle/frozen
kind/bug
recv
recv-q
4654 Certificates issued by vault with isCa: true are missing CA:TRUE in certificate
4
4
11mo 3wk 4mo
kind/bug
lifecycle/rotten
collaborator-last
commented
pr-merged
send
similar
4594 TLS handshake error: EOF
8
1y 8d 5mo
kind/bug
commented
recv-q
send
4561 Ability to specify secret ownerReference as part of the Certificate request
3
1y 1mo 1y
kind/feature
recv
4490 Subject Ingress Annotations
4
1y 13d 1y
kind/feature
pr-new-commits
recv
4423 Cert renewal loop
2
1y 7wk 1y
kind/bug
author-last
commented
recv
recv-q
4349 allowing greater configuration for the cloud provider tests
1y 7mo 7mo
lifecycle/frozen
kind/feature
collaborator-last
commented
send
4246 ACME DNS Challenge and Propagation Delay (NXDOMAIN)
8
1y 3wk 1y
kind/bug
lifecycle/rotten
collaborator-last
recv
4216 Error getting keypair for CA issuer: error parsing ecdsa private key: x509: failed to parse EC private key: asn1: structure error: length too large 1y 7wk 1y
recv
3958 Sane defaults for Certificate revision history limit
10
2y 3wk 3wk
kind/feature
commented
recv-q
send
3896 Cert Manager failing to renew certificate
17
2y 16d 1y
kind/bug
commented
recv-q
send
similar
3592 Ability to not create ca.crt
2
2y 4wk 2y
collaborator-last
commented
recv
3565 requestmanager_controller got stuck in a loop and stopped generating new certificates afterward
12
2y 2mo 1y
kind/bug
commented
recv-q
send
2380 Helm chart version is not SemVer-compatible
5
3y 17d 2y
kind/bug
author-last
commented
recv
recv-q
1101 Feature request for updating documentation. 3wk 3wk 3wk
recv
1088 Clarify what namespace certificates are issued into when using annotations 7wk 7wk 7wk
recv
1082 Navigation menu hiding search results on mobile devices 2mo 3wk 2mo
pr-closed
pr-unreviewed
recv
1063 "Securing Ingresses with Venafi" tutorial contains link to missing manifest
3mo 3mo 3mo
author-last
pr-merged
recv
1062 Document process for offboarding maintainers 3mo 3mo 3mo
recv
similar
1061 Document onboarding process for new maintainers 3mo 3mo 3mo
recv
similar
1054 Run spell checker in a pre-commit hook 3mo 3mo 3mo
good first issue
kind/cleanup
recv
1006 Use descriptive text instead of alt for `feature icon` 5mo 5mo 5mo
recv
1001 Document a policy for required CI health before we can release 5mo 5mo 5mo
recv
998 Documentation venafi configuration references venafi documentation page which returns 403 5mo 3mo 5mo
contributor-last
recv
993 Document which resources do/do not get garbage collected 5mo 5mo 5mo
good first issue
contributor-last
recv
988 Document how feature gated fields can be added to API 6mo 6mo 6mo
recv
981 The `kubectl operator install` instructions are broken (after upgrading kubectl operator v0.3.0 -> v0.4.0) 6mo 6mo 6mo
commented
member-last
975 Some pages do not make it clear what the user should read next 7mo 7mo
974 Investigate styled 404 page 7mo 7mo
955 Document when the vault pki role required setting `require_cn=false`
7mo 4wk
944 Document how to install cert-manager in a different namespace
2
7mo 5mo 7mo
good first issue
assigned
assignee-updated
contributor-last
recv
recv-q
936 Review public envvars for site 7mo 7mo 7mo
commented
member-last
931 Improve upgrade instructions using helm
7mo 7mo 7mo
recv
923 GSoD2022: Improve the navigation and structure of the cert-manager website 7mo 6mo 7mo
assigned
contributor-last
recv
similar
922 GSoD2022: Dashamir Hoxha 7mo 7mo 7mo
assigned
assignee-updated
commented
member-last
send
921 GSoD2022: Improve the Navigation and Structure of the cert-manager Website by Mehak 7mo 7mo 7mo
assigned
assignee-updated
commented
member-last
send
similar
899 Upgrading from v1.7 to v1.8 check command should exclude null.
2
7mo 7mo 7mo
recv
recv-q
868 Document RBAC 8mo 8mo 8mo
contributor-last
recv
similar
866 Securing NGINX-ingress 8mo 8mo 8mo
recv
similar
851 create Cilium ingress tls example
3
9mo 5mo 9mo
assigned
assignee-updated
recv
847 missing documentation/information olm based installation metric prometheus 9mo 9mo 9mo
contributor-last
recv
844 Document feature gates 9mo 9mo
similar
841 remove dependency on golang from cmctl and kubectl-plugin installation documentation
10mo 10mo 10mo
contributor-last
pr-merged
recv
recv-q
836 Syncing Secrets Across Namespaces
10mo 8mo 10mo
recv
802 Spelling errors are unclear in pull request CI results and spell checker is unmaintained
10mo 10mo
kind/bug
contributor-last
pr-merged
776 Explain that you can pre-provision a Secret and Certificate.Spec.SecretName can refer to an existing Secret 11mo 11mo 11mo
commented
member-last
send
758 API reference docs: enum values not documented with typedef 1y 1y 1y
recv
746 Enable Dark mode in the docs website 1y 1y 1y
recv
706 Default key usages 1y 1y 1y
recv
697 [IRSA] Needs `runAsUser: 1001` 1y 1y 1y
recv
693 Azure DNS pod identity incorrectly documents principal_id 1y 1y 1y
commented
member-last
send
672 List required Google CloudDNS permissions exhaustively 1y 1y 1y
recv
662 Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"
1y 1y 1y
recv
645 Investigate & add an FAQ/warning about images rolled back after GitOps upgrade 1y 9mo 1y
recv
recv-q
642 Move/ link to Webhook debugging docs 1y 1y
similar
604 Make it so that it is easier to find the doc for fixing webhook issues 1y 7mo 1y
contributor-last
recv
583 cert-manager with ZeroSSL
44
2y 5mo 5mo
commented
send
568 Add a diagram for LetsEncrypt cert issuance flow to the docs
4
2y 2y 2y
recv
561 Certificate Resources 2y 2y 2y
recv
similar
554 HTTP Validation, privateKeySecretRef 2y 1y 2y
contributor-last
recv
549 Effort towards a more user-friendly website 2y 2y
543 Add getting started documentation for users who want to quickly use cert-manager to issue LetsEncrypt certificates
4
2y 1y 1y
commented
member-last
send
542 Document the Istio VirtualService HTTP01 configuration options 2y 2y
532 Rework of the landing page (cert-manager.io)
3
2y 1y 1y
help wanted
good first issue
commented
member-last
send
486 OpenShift - broken link
2y 1y 1y
commented
member-last
send
469 DNS01: Delegated Domains for DNS01 example yaml solvers list items 2y 2y 2y
recv
466 installation/compatiblity 2y 2y 2y
recv
457 cainjector docs are missing the option to inject certs in apiservice resources
2y 2y 2y
recv
454 Cluster Resource Namespace 2y 2y 2y
recv
similar
426 Create a sequence diagram that shows how a certificate gets issued with let's encrypt
2
2y 2y 2y
commented
member-last
pr-merged
425 Document ocspServers 2y 2y 2y
kind/documentation
commented
member-last
422 Page last modified date incorrect 2y 2y 2y
kind/bug
collaborator-last
commented
send
386 Uninstalling on Kubernetes - How to delete all those user created resources?
2y 2y 2y
collaborator-last
commented
send
330 Case for CertificatePrivateKey (encoding, algorithm) is wrong (v1) 2y 2y 2y
collaborator-last
commented
send
326 Securing Ingresses with Venafi 2y 2y 2y
collaborator-last
commented
send
similar
295 Route53 2y 2y 2y
kind/documentation
commented
member-last
send
79 Design for partial automation of release process 5mo 5mo 5mo
commented
member-last
send
50 Move cert-manager-release infrastructure to CNCF's GCP account
1y 10mo 10mo
commented
member-last
42 Publish latest release number as part of creating a final release
1y 1y 1y
commented
member-last
send
31 Move the manual steps of our release process to cmrel commands
2y 1y 1y
commented
member-last
pr-closed
27 Create cert-manager specific testing infrastructure
2y 1y 1y
assigned
assignee-updated
commented
member-last
pr-merged
send
19 Incorrect command line help: should include a --branch argument 2y 2y 2y
kind/cleanup
commented
contributor-last

Uncommented older than 7 days (143)

Resolution: Add a priority/ or triage/ label

Average age: 201.1d, Avg wait: 170.5d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
4722 High memory usage on cluster with many secrets
8
10mo 4wk 10mo
kind/bug
priority/important-soon
contributor-last
open-milestone
recv
3898 Allow setting PodDisruptionBudget policies via helm chart
3
2y 2mo 2y
kind/feature
priority/important-longterm
area/deploy
author-last
pr-approved
pr-closed
recv
3655 Specify Name Constraints in CA Certificate
6
2y 1mo 2y
kind/feature
priority/backlog
recv
2941 Detect multiple certs pointed to the same secret
2
2y 4wk 2y
kind/feature
priority/important-longterm
lifecycle/rotten
area/monitoring
collaborator-last
recv
850 Document available cert-manager Prometheus metrics 9mo 7mo 9mo
documentation
good first issue
priority/important-longterm
contributor-last
recv
770 Helm template fails with `--create-namespace` 1y 11mo 1y
triage/support
contributor-last
recv
recv-q
709 Update Securing NGINX-ingress tutorial for apiVersion networking.k8s.io/v1
1y 1y 1y
good first issue
priority/important-soon
recv
551 Documentation on how to handle large-scale certificate management & best practices
2
2y 1y 2y
help wanted
priority/important-longterm
kind/documentation
contributor-last
recv
480 Secret gets UID added to end of name 2y 2y 2y
triage/support
contributor-last
recv
recv-q
76 Upgrading from v0.10 to v0.11 - missing cainjector annotation 2y 2y 2y
priority/backlog
kind/documentation
contributor-last
recv
56 Route53: document use of "region" field 3y 2y 3y
documentation
priority/important-longterm
contributor-last
recv
recv-q
132 previously listed items omitted

Important soon, but no updates in 90 days (11)

Resolution: Downgrade to important-longterm

Average age: 838.2d, Avg wait: 102.6d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5074 Race condition between issuers, certificates, and secrets
7mo 3mo 3mo
lifecycle/frozen
kind/bug
priority/important-soon
commented
member-last
open-milestone
pr-new-commits
send
709 Update Securing NGINX-ingress tutorial for apiVersion networking.k8s.io/v1
1y 1y 1y
good first issue
priority/important-soon
recv
320 Document how to install cert-manager using gitops and known issues with particular gitops implementations
3
2y 2y 2y
documentation
priority/important-soon
commented
contributor-last
262 [DOCS]: Add info on how to customize kind CertManager when using OperatorHub method on Openshift
2y 2y 2y
kind/feature
priority/important-soon
author-last
commented
recv
recv-q
229 Documenting resolution for DigitalOcean + HTTP01 "connection timed out" error 2y 2y
priority/important-soon
kind/documentation
contributor-last
198 Document release process 2y 2y 2y
priority/important-soon
kind/documentation
assigned
commented
member-last
send
195 Document keystores 2y 2y 2y
priority/important-soon
kind/documentation
commented
member-last
send
174 Add documentation for CRD conversion webhook ca injection 2y 2y 2y
help wanted
priority/important-soon
kind/documentation
commented
member-last
send
144 Improve webhook debugging info
2y 2y 2y
priority/important-soon
kind/documentation
commented
member-last
pr-merged
send
similar
90 Document Certificate Subject Changes 2y 2y 2y
help wanted
good first issue
priority/important-soon
collaborator-last
commented
69 SelfSignedIssuer configuration - API reference docs 2y 2y 2y
help wanted
good first issue
priority/important-soon
kind/documentation
commented
member-last
send

Important longterm, but no updates in 180 days (9)

Resolution: Downgrade to backlog

Average age: 829.8d, Avg wait: 209.8d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
2178 Handling 'unregistering' certificates from Venafi TPP
11
3y 10mo 2y
lifecycle/frozen
kind/feature
priority/important-longterm
area/venafi
commented
recv-q
send
401 Bring tutorials up to date 2y 2y
priority/important-longterm
344 Add docs to explain webhooks 2y 2y
help wanted
good first issue
priority/important-longterm
contributor-last
223 Document wildcard certificate tutorial 2y 2y 2y
priority/important-longterm
kind/documentation
commented
contributor-last
send
178 Order of versions of cert-manager in menu 2y 2y 2y
priority/important-longterm
kind/documentation
commented
contributor-last
send
154 Documenting repo management process 2y 2y 2y
priority/important-longterm
kind/documentation
commented
contributor-last
send
3 previously listed items omitted: #850 #551 #56

Pull Requests: Review Ready (23)

Resolution: Review requests or mark them as do-not-merge/work-in-progress

Average age: 147.7d, Avg wait: 57.8d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5502 The vault issuer can now be given a serviceAccountRef instead of relying on static service account tokens 7wk 20min 2d
release-note
size/XL
approved
area/api
kind/feature
area/vault
dco-signoff: yes
area/testing
area/deploy
collaborator-last
commented
unreviewed
5373 Allow config of http01 solver pod security context
2
3mo 1h 22h
size/L
release-note
area/api
kind/feature
area/acme
dco-signoff: yes
ok-to-test
area/acme/http01
area/deploy
author-last
commented
open-milestone
recv
unreviewed
5614 [helm] expose enable-certificate-owner-ref and -dns01-recursive-nameservers as helm value 2h 2h 2h
release-note
needs-ok-to-test
size/M
dco-signoff: yes
area/deploy
needs-kind
collaborator-last
recv
unreviewed
5613 Return error when Gateway has a cross-namespace secret ref 1d 7h 21h
release-note
kind/feature
size/M
dco-signoff: yes
ok-to-test
assigned
author-last
commented
recv
similar
unreviewed
5612 Allow make e2e-setup-certmanager to work on any cluster 1d 1d
release-note-none
approved
size/M
dco-signoff: yes
needs-kind
collaborator-last
unreviewed
4330 Add client certificate auth method for Vault issuer 1y 3d 7mo
release-note
size/XL
area/api
kind/feature
area/acme
area/vault
dco-signoff: yes
area/testing
ok-to-test
area/deploy
collaborator-last
commented
recv
recv-q
unreviewed
3931 Added PodDisruptionBudgets to helm chart
3
15
2y 4d 6wk
size/L
release-note
approved
kind/feature
dco-signoff: yes
ok-to-test
area/deploy
approved
assigned
assignee-updated
commented
recv
recv-q
4835 Making sure per fixture only 1 setup is active at the same time 9mo 3wk 5mo
release-note-none
kind/bug
size/M
lifecycle/rotten
dco-signoff: yes
area/testing
assigned
assignee-updated
collaborator-last
commented
reviewed-with-comment
4969 add acmeHttp01SolverImage 8mo 5wk 8mo
size/XS
release-note
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
assigned
author-last
commented
recv
recv-q
similar
unreviewed
5528 Allow servFail as a valid response. 6wk 6wk 6wk
size/XS
release-note-none
needs-ok-to-test
area/acme
dco-signoff: yes
area/acme/dns01
needs-kind
collaborator-last
recv
unreviewed
5356 Allow ECDSA for ACME client keys 4mo 6wk 3mo
size/L
release-note
area/api
kind/feature
area/acme
dco-signoff: yes
area/testing
ok-to-test
area/deploy
author-last
commented
recv
recv-q
unreviewed
5324 Create 20220720-per-certificate-owner-ref.md
4
4mo 1mo 2mo
size/L
release-note-none
approved
kind/design
dco-signoff: yes
collaborator-last
commented
new-commits
similar
5447 Allow extra DNS-01 propagation time to be configured
2mo 1mo 2mo
release-note
size/S
area/acme
dco-signoff: yes
ok-to-test
area/acme/dns01
needs-kind
author-last
commented
recv
unreviewed
5093 Add relabeling and metricRelabelings settings for ServiceMonitor. 7mo 2mo 7mo
release-note
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
recv
recv-q
unreviewed
1123 Adds documentation for Gateway API cross-namespace secret refs 1d 7h 1d
dco-signoff: yes
size/M
needs-ok-to-test
assigned
author-last
recv
similar
unreviewed
1102 relativelyrehan: outside click for navigation menu 3wk 3wk 3wk
dco-signoff: no
size/M
needs-ok-to-test
recv
unreviewed
1089 Update docs to remove subchart warning 6wk 6wk 6wk
dco-signoff: yes
needs-ok-to-test
size/S
recv
unreviewed
1084 fix: navigation menu hiding search results 2mo 6wk 2mo
size/XS
dco-signoff: yes
needs-ok-to-test
assigned
author-last
recv
unreviewed
1071 Improved the summary on the docs homepage
2
2mo 2mo 2mo
approved
dco-signoff: yes
size/S
commented
contributor-last
new-commits
recv-q
1005 Route53 accessKeyIDSecretRef docs 5mo 5mo 5mo
size/XS
dco-signoff: yes
needs-ok-to-test
recv
unreviewed
992 Initial feature gate documentation
2
6mo 5mo 6mo
approved
dco-signoff: yes
size/M
commented
contributor-last
recv
recv-q
reviewed-with-comment
930 update ibmcloud cis webhook link 7mo 6mo 7mo
size/XS
dco-signoff: yes
needs-ok-to-test
assigned
assignee-updated
author-last
commented
recv
unreviewed
948 add note to ingress class definition 7mo 7mo 7mo
dco-signoff: no
size/XS
needs-ok-to-test
assigned
author-last
recv
unreviewed

Unkinded Issues (108)

Resolution: Add a kind/ or triage/support label

Average age: 333.0d, Avg wait: 151.8d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5608 Unable to inject linkerd sidecar proxy to Cert-Manager pods 2d 1d 2d
author-last
recv
recv-q
4918 Leader election timeout (?) causes exit
2
9mo 4wk 7mo
priority/important-longterm
commented
recv
recv-q
3992 Add non-CRD yaml file
2
2y 4wk 1y
priority/important-soon
area/deploy
author-last
commented
open-milestone
recv
753 Route53 - AWS IAM Account Setup is confusing
1y 7mo 7mo
priority/backlog
commented
member-last
send
459 cert manager is no longer on the OpenShift operator list 2y 7mo 2y
priority/awaiting-more-evidence
assigned
assignee-updated
commented
contributor-last
recv-q
send
354 DigitalOcean access-token should not be base64-encoded 2y 2y 2y
priority/awaiting-more-evidence
author-last
commented
recv
2 Set up periodic job to publish an experimental release build
2y 2y
priority/backlog
assigned
contributor-last
101 previously listed items omitted

Unprioritized Recent Issues (220)

Resolution: Add a priority/ or triage/ label

Average age: 226.0d, Avg wait: 92.6d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5611 ACME HTTP challenge pods blocked by OpenShift 1d 1d 1d
kind/bug
author-last
recv
5610 Fail with a clear error message if a Gateway TLS listener has a cross-namespace secret reference
2d 1d 1d
good first issue
kind/bug
assigned
assignee-updated
commented
pr-unreviewed
5609 Support AutoDNS as a provider 2d 2d 2d
kind/feature
recv
217 previously listed items omitted

Uncommented Recent Issues (3)

Resolution: Add a comment

Average age: 2.0d, Avg wait: 1.4d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
3 previously listed items omitted: #5611 #5609 #5608
New, has multiple reactions, but not important-soon: No matching items
New, has multiple commenters, but not important-soon: No matching items
needs information, has update: No matching items

Recently updated issue has a question (1)

Resolution: Add an answer

Average age: 1050.2d, Avg wait: 0.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
2525 Better support multi-namespace & single-namespace deployments
20
2y 3d 1y
kind/feature
priority/important-longterm
lifecycle/rotten
area/deploy
collaborator-last
commented
pr-closed
recv-q
send
Triage Party v1.3.0