6524 |
 |
Issuer for Gateway uses the hostname only rather than the httproutes
|
|
|
8d |
4d |
8d |
kind/bug
|
author-last recv
|
6518 |
 |
Can't verify image signature
|
|
|
12d |
11d |
11d |
kind/bug
|
member-last send
|
6523 |
 |
Allow algorithm selection for keystore "passwords"
|
|
|
9d |
9d |
|
kind/feature
|
|
6510 |
 |
DNS-01 challenge propagation | NS ns-512.awsdns-00.net.:53 returned REFUSED for _acme-challenge ....
|
|
|
16d |
11d |
16d |
kind/bug
|
author-last recv
|
6509 |
 |
reinstall failed after k8s upgrade
|
|
|
17d |
17d |
17d |
|
recv
|
6505 |
 |
Overly strict subject requirements
|
|
|
18d |
18d |
|
kind/bug
|
|
6504 |
 |
Webhook validation bugs for cert subjects
|
|
|
18d |
11d |
11d |
good first issue
kind/bug
|
member-last send
|
6502 |
 |
Can the duration of the server cert that is generated for the webhook be set?
|
|
|
2wk |
2wk |
2wk |
kind/feature
|
recv
|
6494 |
 |
Bug: Lower Memory Usage - Filtered Secrets Label Caused Unwarranted Renewal of Certificates
|
|
3
|
3wk |
3wk |
3wk |
kind/bug
|
member-last pr-closed send
|
6511 |
 |
Checklist for next backport release
|
|
|
16d |
11d |
|
kind/cleanup
|
contributor-last pr-closed
|
6489 |
 |
Add support for custom-fields into the ingress annotations
|
|
|
3wk |
3wk |
3wk |
kind/feature
|
recv
|
6474 |
 |
Incorrect error when validating Certificate PrivateKey
|
|
2
|
3wk |
3wk |
3wk |
good first issue
kind/bug
|
member-last similar
|
6473 |
 |
Ingress labels copied to certificate, causing issues with applysets
|
|
|
4wk |
4wk |
4wk |
kind/bug
|
author-last recv
|
6472 |
 |
Create TLSA records automatically
|
|
2
|
4wk |
2wk |
4wk |
kind/feature
|
recv
|
6522 |
 |
Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook code 503: 503 Service Unavailable
|
|
|
10d |
10d |
10d |
kind/bug
|
recv similar
|
6475 |
 |
preferredChain attribute on Clusterissuer doesn't pull ISRG X1 root certificate on lets-encrypt provider
|
|
|
3wk |
3wk |
3wk |
kind/bug
|
recv
|
6468 |
 |
Gateway API v1
|
|
5
|
5wk |
13d |
5wk |
kind/feature
|
recv-q
|
6464 |
 |
Requeing due to optimistic locking and slow retry
|
|
|
5wk |
19d |
5wk |
kind/bug
|
recv
|
6465 |
 |
Cannot supply trusted ca certificate bundle for the ACMEDNS solver
|
|
|
5wk |
5wk |
5wk |
kind/bug
|
author-last recv
|
6448 |
 |
Can I apply for certificates across projects in GCP?
|
|
|
6wk |
6wk |
6wk |
|
recv
|
6457 |
 |
Error from server (InternalError): Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": No agent available
|
|
|
5wk |
4wk |
4wk |
|
member-last send similar
|
6434 |
 |
Handle license generation for every platform
|
|
|
7wk |
7wk |
|
kind/feature
|
|
6422 |
 |
Allow for Configuration of ValidatingWebhook in Helm
|
|
|
7wk |
7wk |
7wk |
kind/feature
|
recv similar
|
6442 |
 |
Question: get accountid from Lets Encrypt cert
|
|
|
6wk |
6wk |
6wk |
|
recv
|
6413 |
 |
RFC2136 challenge update queries fail silently if target nameserver listens on UDP but forces re-querying over TCP
|
|
|
1mo |
5wk |
1mo |
good first issue
kind/bug
|
recv
|
6408 |
 |
Cert-manager updates the spec of the applied objects
|
|
|
2mo |
1mo |
1mo |
kind/bug
|
author-last recv
|
6407 |
 |
Allow for Configuration of TTL on Route53
|
|
|
2mo |
7wk |
2mo |
kind/feature
|
assigned assignee-updated pr-changes-requested recv similar
|
6405 |
 |
Retries not working as expected
|
|
|
2mo |
2mo |
2mo |
|
author-last recv recv-q
|
6393 |
 |
Support `otherName` SAN type
|
|
|
2mo |
2mo |
2mo |
kind/feature
|
pr-new-commits pr-unreviewed recv
|
6389 |
 |
Flakey test: [Conformance] Certificates with issuer type ACME: Error
|
|
|
2mo |
2mo |
|
kind/bug
|
|
6388 |
 |
Orders marked as "invalid" intermittently
|
|
|
2mo |
16d |
2mo |
|
recv
|
6386 |
 |
Add Prometheus Metric for Certificate Requests Count
|
|
2
|
2mo |
2mo |
2mo |
kind/feature
|
member-last pr-closed send similar
|
6418 |
 |
`revisionHistoryLimit` default of `nil` should be changed to ...
|
|
2
|
7wk |
4d |
4d |
kind/feature
|
member-last pr-closed
|
6385 |
 |
Improve error handling if ingress object is missing ownerref
|
|
|
2mo |
2mo |
|
kind/bug
|
|
6382 |
 |
Conditional sub-expression always evaluates to _true_
|
|
|
2mo |
2mo |
2mo |
|
author-last recv
|
6378 |
 |
Renewal fails during aws-privateca-issuer downtime, continues to fail after issuer returns to service
|
|
2
|
2mo |
4d |
2mo |
kind/bug
|
recv
|
6377 |
 |
Restrict access to a list of namespaces
|
|
|
2mo |
2mo |
2mo |
kind/feature
|
recv
|
6364 |
 |
Enabling ServerSideApply feature gate changes status conditions behavior
|
|
|
2mo |
2mo |
2mo |
kind/bug
|
contributor-last recv
|
6361 |
 |
Allow `cert-manager.io/allow-direct-injection` annotation on `Certificate` `Secret`s
|
|
|
2mo |
5wk |
7wk |
good first issue
|
assigned assignee-updated recv-q
|
6356 |
 |
Graduate AdditionalCertificateOutputFormats feature gate
|
|
3
|
2mo |
2mo |
2mo |
kind/feature
|
member-last send similar
|
6353 |
 |
Docs: Wrong example Code for creating Issuers
|
|
|
2mo |
2mo |
2mo |
kind/bug
|
author-last recv recv-q
|
6350 |
 |
Webhook inject-ca-from annotation causes downtime
|
|
4
|
2mo |
2mo |
2mo |
kind/bug
|
author-last recv
|
6343 |
 |
[Helm: possible improvement] Controller ConfigMap is created even if .Values.config is not set
|
|
|
2mo |
2mo |
2mo |
kind/cleanup
|
contributor-last pr-merged recv
|
6334 |
 |
Query recursive nameservers for DNS01 challenge in round robin fashion
|
|
|
2mo |
2mo |
2mo |
kind/feature
|
recv
|
6331 |
 |
CSR not signed by referenced private key
|
|
2
|
3mo |
2mo |
2mo |
|
author-last recv
|
6327 |
 |
wrong status code '404', expected '200' with one specific Ingress
|
|
|
3mo |
2d |
3mo |
kind/bug
lifecycle/stale
|
collaborator-last recv
|
6325 |
 |
The RSA-SHA signature algorithm is not correctly mapped to the certificate.
|
|
|
3mo |
2mo |
2mo |
|
assigned assignee-updated author-last recv
|
6323 |
 |
Even if CA is expired, cert-manager allows to issue client cert with expired CA
|
|
|
3mo |
6d |
3mo |
lifecycle/stale
|
collaborator-last recv
|
6312 |
 |
Report issuer/clusterissuer status as a metric
|
|
4
|
3mo |
6wk |
3mo |
kind/feature
|
recv
|
6309 |
 |
How to pass ServiceAccountName to the acme-http01-solver pod.
|
|
|
3mo |
6wk |
3mo |
|
author-last recv
|
6308 |
 |
Route53 challenges not regulating failed requests with exponential backoffs
|
|
4
|
3mo |
3wk |
3mo |
|
recv recv-q
|
6307 |
 |
Certificates only issued for ingress in default namespace
|
|
|
3mo |
14d |
3mo |
kind/bug
lifecycle/stale
|
collaborator-last recv
|
6363 |
 |
Unable to set revisionHistoryLimit on the deployments
|
|
|
2mo |
2mo |
2mo |
kind/bug
|
pr-closed recv
|
6305 |
 |
Error "Waiting for DNS-01 challenge propagation: dial udp: address udp/53': unknown port"
|
|
|
3mo |
1d |
3mo |
lifecycle/stale
|
recv
|
6288 |
 |
Generate cert-manager secret with certificate,key and password
|
|
|
3mo |
2wk |
3mo |
kind/feature
lifecycle/stale
|
collaborator-last recv
|
6284 |
 |
cert-manager PEM format certificate to support private key encryption
|
|
|
3mo |
3wk |
3mo |
kind/feature
lifecycle/stale
|
collaborator-last recv
|
6283 |
 |
JWK(S) support
|
|
3
|
3mo |
5wk |
3mo |
|
recv similar
|
6282 |
 |
The certificate request has failed... order is in "invalid" state
|
|
|
3mo |
3wk |
3mo |
lifecycle/stale
|
collaborator-last recv similar
|
6279 |
 |
ServiceTemplate for solver HTTP01
|
|
|
3mo |
3wk |
3mo |
lifecycle/stale
|
collaborator-last recv
|
6274 |
 |
Vault Issuer - Secretless Authentication with a Service Account doesn't work
|
|
|
3mo |
3wk |
3mo |
lifecycle/stale
|
collaborator-last recv
|
6273 |
 |
Solver RFC2136 without TSIG
|
|
|
3mo |
2mo |
3mo |
kind/feature
|
contributor-last recv
|
6270 |
 |
Feature Request/Idea - Cert-Manager saves TLS Secret to Azure KeyVault
|
|
|
3mo |
4d |
3mo |
kind/feature
lifecycle/stale
|
recv recv-q
|
6246 |
 |
Write documentation for the new DNS-over-HTTPS feature
|
|
|
4mo |
19d |
|
kind/documentation
lifecycle/stale
|
collaborator-last open-milestone
|
6238 |
 |
cattle-cluster-agent error: x509: certificate signed by unknown authority with Letsencrypt
|
|
|
4mo |
14d |
3mo |
lifecycle/stale
|
collaborator-last send
|
6269 |
 |
Allow hardcoded JKS and PKCS#12 passwords
|
|
2
|
3mo |
9d |
2mo |
good first issue
kind/feature
|
|
6230 |
 |
cert-manager DDoSes DNS-01 solver - infinite rate limiting
|
|
|
4mo |
2mo |
4mo |
kind/bug
area/acme/dns01
|
recv recv-q
|
6215 |
 |
The default `Cluster Resource Namespace` is `kube-system`, not `cert-manager`
|
|
|
4mo |
14d |
3mo |
kind/bug
lifecycle/stale
|
collaborator-last send
|
6213 |
 |
Unable to install cert-manager with argo-cd because helm chart is v1
|
|
|
4mo |
15d |
4mo |
kind/bug
lifecycle/rotten
|
collaborator-last send
|
6224 |
 |
Option to store certificate history in individual secrets
|
|
|
4mo |
3wk |
4mo |
kind/feature
lifecycle/rotten
|
collaborator-last recv recv-q
|
6210 |
 |
Flag to write/sync secrets to a namespace other than the namespace where the Certificate object is created
|
|
3
|
5mo |
9d |
4mo |
kind/feature
lifecycle/stale
|
collaborator-last recv recv-q
|
6205 |
 |
How to check the version/build info?
|
|
|
5mo |
2mo |
2mo |
kind/feature
|
collaborator-last send
|
6197 |
 |
Securing Gateway resources with non HTTPS listeners generate BadConfig events
|
|
13
|
5mo |
2mo |
5mo |
kind/bug
|
pr-merged recv
|
6195 |
 |
logLevel information in logs
|
|
|
5mo |
9d |
5mo |
kind/bug
|
recv recv-q
|
6185 |
 |
Ingress-gce:"Error syncing to GCP: error running load balancer syncing routine"
|
|
3
|
5mo |
6wk |
5mo |
kind/bug
|
recv recv-q
|
6184 |
 |
Conflicting ingressClassName http01 issuer spec and acme.cert-manager.io/http01-ingress-class annotation
|
|
4
|
5mo |
2mo |
5mo |
kind/bug
|
recv recv-q similar
|
6179 |
 |
CRDs shouldn't be templated in Helm...
|
|
|
5mo |
7h |
4mo |
|
recv-q send
|
6163 |
 |
is there a way to save dhparam with certificat
|
|
|
5mo |
8h |
5mo |
lifecycle/stale
|
collaborator-last recv
|
6160 |
 |
Helm Chart global repository
|
|
|
5mo |
6wk |
5mo |
|
recv
|
6212 |
 |
Default duration field in cmctl check api
|
|
|
5mo |
6d |
3mo |
kind/feature
lifecycle/stale
|
collaborator-last pr-merged recv
|
6141 |
 |
Consider exposing previous certificates/keys in the kubernetes secret so that workloads can implement a grace period when a certificate rotates
|
|
3
|
6mo |
4wk |
5mo |
kind/feature
|
recv recv-q
|
6138 |
 |
allow unencrypted private keys for PKCS12 output
|
|
3
|
6mo |
2mo |
6mo |
kind/feature
|
author-last recv
|
6132 |
 |
Checklist: CNCF Graduation
|
|
|
6mo |
17d |
3wk |
|
member-last pr-unreviewed send
|
6150 |
 |
(Cluster)Issuer with vault auth and serviceAccountRef is not accepted by cluster due to audience
|
|
3
8
|
5mo |
2wk |
2mo |
|
open-milestone pr-unreviewed recv recv-q
|
6112 |
 |
DigiCert error setting up issuer
|
|
|
6mo |
14d |
3mo |
kind/bug
lifecycle/stale
|
collaborator-last send
|
6106 |
 |
Controller can't handle hitting request rate limits when is registering the issuer
|
|
|
6mo |
2mo |
6mo |
kind/bug
|
contributor-last pr-closed recv recv-q similar
|
6074 |
 |
Graduate SecretsFilteredCaching feature gate to beta
|
|
2
|
6mo |
10d |
10d |
kind/feature
|
member-last send
|
6065 |
 |
acme-http01-edit-in-place is ignored when edit ingress resource - has to be re-added
|
|
2
2
8
|
7mo |
19d |
7mo |
kind/bug
|
recv recv-q
|
6117 |
 |
Vault Issuer Read caBundle from ConfigMap
|
|
3
|
6mo |
1mo |
2mo |
area/api
kind/feature
area/vault
|
contributor-last recv similar
|
6021 |
 |
Make it possible to specify logging options for the ACME solver
|
|
|
7mo |
2mo |
2mo |
kind/feature
|
collaborator-last
|
5998 |
 |
Failed post-install: timed out waiting for the condition
|
|
|
7mo |
17d |
7mo |
kind/bug
lifecycle/rotten
|
recv similar
|
5973 |
 |
Graduate AdditionalCertificateOutputFormats feature
|
|
|
7mo |
3wk |
7mo |
kind/feature
lifecycle/stale
|
collaborator-last recv similar
|
5959 |
 |
`ImagePullBackoff` on `cm-acme-http-solver` pod, if using private registries
|
|
8
|
7mo |
4wk |
4wk |
lifecycle/frozen
kind/bug
|
member-last send
|
5957 |
 |
Support Secure (non-legacy) OpenSSL v3 PKCS12 Algorithms
|
|
|
7mo |
3wk |
7mo |
kind/feature
|
recv recv-q
|
5925 |
 |
Use readOnlyRootFilesystem: true for all containers
|
|
9
|
8mo |
9d |
8mo |
good first issue
help wanted
kind/feature
|
recv recv-q similar
|
5917 |
 |
Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated
|
|
4
|
8mo |
6wk |
8mo |
kind/bug
|
assigned assignee-updated recv recv-q
|
6016 |
 |
add imagePullSecrets clauses to helm deployment, job templates
|
|
|
7mo |
11d |
7mo |
kind/feature
lifecycle/stale
|
collaborator-last pr-unreviewed recv
|
5900 |
 |
[FR] Allow the Chart to create extra manifest
|
|
5
|
8mo |
10d |
11d |
kind/feature
|
contributor-last send
|
5864 |
 |
Certmgr allows creating certificates expiring after ca expiration.
|
|
4
|
9mo |
4d |
9mo |
kind/bug
|
recv
|
5851 |
 |
CA cert in Secret not updated when self-signed CA itself gets renewed.
|
|
|
9mo |
3d |
3mo |
kind/bug
|
recv-q send
|
5821 |
 |
Allow renewBefore to be a percentage
|
|
|
9mo |
3wk |
9mo |
kind/feature
|
author-last recv
|
5785 |
 |
Store OCSP response in kubernetes secret
|
|
5
|
10mo |
5wk |
5wk |
kind/feature
|
contributor-last pr-closed pr-unreviewed send
|
5783 |
 |
Add k8s.io/client-go/applyconfigurations style *ApplyConfigurations for the included CRDs
|
|
|
10mo |
3wk |
9mo |
kind/feature
|
author-last pr-changes-requested recv
|
5772 |
 |
Develop new Helm chart for cert-manager CRD manifests
|
|
|
10mo |
4d |
4d |
kind/feature
|
member-last send
|
5751 |
 |
Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together
|
|
|
10mo |
11d |
10mo |
kind/bug
|
recv recv-q
|
5697 |
 |
Support PodSecurityAdmission
|
|
6
|
11mo |
2mo |
11mo |
kind/feature
|
author-last recv recv-q
|
5665 |
 |
Allow defining keystore password as litteral instead of SecretRef
|
|
|
11mo |
2mo |
11mo |
kind/feature
|
author-last recv recv-q
|
5626 |
 |
Helm: Allow configuration of readiness, liveness and startup probes for all created Pods
|
|
|
1y |
3wk |
3wk |
kind/feature
lifecycle/rotten
|
collaborator-last pr-closed send
|
5588 |
 |
--must-staple attribute for OCSP Stapling
|
|
3
|
1y |
5d |
1y |
good first issue
kind/feature
lifecycle/rotten
|
collaborator-last recv recv-q
|
5566 |
 |
upload Helm charts to OCI registry and sign them with cosign
|
|
|
1y |
7wk |
8mo |
kind/feature
|
send
|
5557 |
 |
error instantiating route53 challenge solver: unable to assume role: AccessDenied:
|
|
|
1y |
13d |
1y |
kind/bug
|
recv recv-q similar
|
5540 |
 |
Changelog annotations to chart
|
|
|
1y |
6wk |
1y |
kind/feature
|
author-last recv
|
5538 |
 |
Unable to set IPv6 podDNS config from values
|
|
|
1y |
19d |
1y |
kind/bug
|
author-last recv
|
5514 |
 |
Venafi Issuer Read `caBundle` from Configmap or Secret
|
|
4
9
|
1y |
6wk |
4mo |
good first issue
kind/feature
|
assigned assignee-updated pr-new-commits similar
|
5486 |
 |
Aggressive Retries from "error instantiating route53 challenge solver"
|
|
4
|
1y |
3wk |
1y |
kind/bug
|
recv recv-q similar
|
6417 |
 |
Temporary Certificate Annotation does not work on Ingress Resources
|
|
|
7wk |
7wk |
7wk |
kind/bug
|
recv
|
5867 |
 |
Controller can't handle hitting request rate limits of zerossl ACME API
|
| 3
11
20
|
8mo |
4wk |
4wk |
lifecycle/frozen
kind/bug
|
member-last pr-closed pr-merged send similar
|
5031 |
 |
ValidateCAA test function is flaky
|
|
|
2y |
6wk |
6wk |
kind/bug
kind/flake
flake/test-logic
|
member-last send
|
5298 |
 |
Complete the Migration Away From Jetstack Names
|
|
|
1y |
1mo |
1mo |
kind/cleanup
|
member-last
|
4884 |
 |
Add a similar secretTemplate to the secret that is created by ACME Issuer
|
|
|
2y |
5wk |
2y |
kind/feature
|
collaborator-last recv recv-q
|
4797 |
 |
Automatically renew certificates if OCSP indicates that it was revoked
|
|
13
|
2y |
2mo |
2y |
kind/feature
area/acme
|
author-last recv recv-q
|
4749 |
 |
rfc2136 seems to not work with deep subdomains
|
|
|
2y |
4wk |
2y |
kind/bug
area/acme/dns01
|
author-last recv recv-q
|
4685 |
 |
Unexpected EOF during watch stream event decoding: unexpected EOF
|
|
10
|
2y |
3wk |
2y |
lifecycle/frozen
kind/bug
|
recv recv-q
|
4423 |
 |
Cert renewal loop
|
|
2
|
2y |
2mo |
2y |
kind/bug
|
recv recv-q
|
4349 |
 |
allowing greater configuration for the cloud provider tests
|
|
|
2y |
2y |
2y |
lifecycle/frozen
kind/feature
|
collaborator-last send similar
|
4191 |
 |
Setting default values for Pod's "resources"?
|
|
4
|
2y |
10d |
5wk |
lifecycle/rotten
|
recv-q send
|
6520 |
 |
Creating multiple Certificates with duplicate dnsNames (Issuing certificate as Secret does not exist)
|
|
|
10d |
10d |
10d |
kind/bug
|
recv
|
3958 |
 |
Sane defaults for Certificate revision history limit
|
|
2
12
|
2y |
5wk |
5wk |
kind/feature
|
member-last send similar
|
3896 |
 |
Cert Manager failing to renew certificate
|
|
18
|
2y |
4d |
2y |
kind/bug
area/acme/dns01
|
recv-q send similar
|
6470 |
 |
ingress-shim: allow to impersonate ingress-creator instead of using cert-manager serviceaccount
|
|
|
5wk |
5wk |
5wk |
kind/feature
|
recv
|
4114 |
 |
Endless Sync Loop when installing Helm Chart via ArgoCD
|
|
11
29
|
2y |
15d |
16d |
kind/bug
lifecycle/rotten
|
assigned assignee-updated pr-closed recv-q send
|
5430 |
 |
Improving DNS-01 challenge performance
|
|
3
|
1y |
2mo |
1y |
kind/feature
|
pr-closed pr-unreviewed recv
|
6521 |
 |
Add an `approveSignerNames` install option
|
|
|
10d |
10d |
|
kind/feature
|
|
4950 |
 |
General flakiness of our end-to-end suite
|
|
3
|
2y |
1y |
1y |
lifecycle/frozen
kind/flake
|
member-last pr-closed pr-merged send
|
1347 |
 |
FAQ Entry for Passwords on JKS / PKCS#12
|
|
|
3wk |
3wk |
|
|
|
1261 |
 |
Switch to Docusaurus?
|
|
|
5mo |
5mo |
|
|
|
1257 |
 |
ErrRegisterACMEAccount
|
|
|
5mo |
5mo |
5mo |
|
recv
|
1255 |
 |
helm install cert-manager with errors
|
|
|
5mo |
4mo |
4mo |
|
member-last send similar
|
1241 |
 |
Remove Bitnami kubeprod as installation method
|
|
|
6mo |
6mo |
6mo |
|
recv
|
1194 |
 |
Confusing paragraph - cert-manager integration.
|
|
|
9mo |
4mo |
4mo |
documentation
|
member-last send
|
1186 |
 |
Document that/why we don't use Helm's CRD installation mechanism
|
|
|
9mo |
4mo |
4mo |
good first issue
kind/documentation
|
assigned assignee-updated member-last send
|
1168 |
 |
Rendering issues for generated API docs
|
|
|
10mo |
10mo |
10mo |
|
member-last pr-merged
|
1125 |
 |
Describe cert-manager feature policy
|
|
|
1y |
11mo |
1y |
|
contributor-last recv recv-q
|
1101 |
 |
Feature request for updating documentation.
|
|
|
1y |
1y |
1y |
|
recv
|
1063 |
 |
"Securing Ingresses with Venafi" tutorial contains link to missing manifest
|
|
|
1y |
1y |
1y |
|
author-last pr-merged recv
|
1062 |
 |
Document process for offboarding maintainers
|
|
|
1y |
1y |
1y |
|
recv similar
|
1061 |
 |
Document onboarding process for new maintainers
|
|
|
1y |
1y |
1y |
|
recv similar
|
1054 |
 |
Run spell checker in a pre-commit hook
|
|
|
1y |
1y |
1y |
good first issue
kind/cleanup
|
recv
|
998 |
 |
Documentation venafi configuration references venafi documentation page which returns 403
|
|
|
2y |
1y |
2y |
|
contributor-last recv
|
993 |
 |
Document which resources do/do not get garbage collected
|
|
|
2y |
2y |
2y |
good first issue
|
contributor-last recv
|
975 |
 |
Some pages do not make it clear what the user should read next
|
|
|
2y |
2y |
|
|
|
955 |
 |
Document when the vault pki role required setting `require_cn=false`
|
|
|
2y |
1y |
|
|
|
944 |
 |
Document how to install cert-manager in a different namespace
|
|
|
2y |
4mo |
2y |
good first issue
|
recv recv-q
|
899 |
 |
Upgrading from v1.7 to v1.8 check command should exclude null.
|
|
2
|
2y |
2y |
2y |
|
recv recv-q
|
868 |
 |
Document RBAC
|
|
|
2y |
2y |
2y |
|
contributor-last recv similar
|
866 |
 |
Securing NGINX-ingress
|
|
|
2y |
2y |
2y |
|
recv similar
|
851 |
 |
create Cilium ingress tls example
|
|
3
|
2y |
1y |
2y |
|
assigned assignee-updated recv
|
847 |
 |
missing documentation/information olm based installation metric prometheus
|
|
|
2y |
2y |
2y |
|
contributor-last recv
|
844 |
 |
Document feature gates
|
|
|
2y |
2y |
|
|
similar
|
841 |
 |
remove dependency on golang from cmctl and kubectl-plugin installation documentation
|
|
|
2y |
2y |
2y |
|
contributor-last pr-merged recv recv-q
|
836 |
 |
Syncing Secrets Across Namespaces
|
|
|
2y |
2y |
2y |
|
recv
|
802 |
 |
Spelling errors are unclear in pull request CI results and spell checker is unmaintained
|
|
|
2y |
2y |
|
kind/bug
|
contributor-last pr-merged
|
776 |
 |
Explain that you can pre-provision a Secret and Certificate.Spec.SecretName can refer to an existing Secret
|
|
|
2y |
2y |
2y |
|
member-last send
|
758 |
 |
API reference docs: enum values not documented with typedef
|
|
|
2y |
2y |
2y |
|
recv
|
706 |
 |
Default key usages
|
|
|
2y |
2y |
2y |
|
recv
|
697 |
 |
[IRSA] Needs `runAsUser: 1001`
|
|
|
2y |
2y |
2y |
|
recv
|
693 |
 |
Azure DNS pod identity incorrectly documents principal_id
|
|
|
2y |
3wk |
2y |
|
author-last recv recv-q
|
672 |
 |
List required Google CloudDNS permissions exhaustively
|
|
|
2y |
2y |
2y |
|
recv
|
662 |
 |
Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"
|
|
|
2y |
2y |
2y |
|
recv
|
645 |
 |
Investigate & add an FAQ/warning about images rolled back after GitOps upgrade
|
|
|
2y |
2y |
2y |
|
recv recv-q
|
642 |
 |
Move/ link to Webhook debugging docs
|
|
|
2y |
2y |
|
|
|
1262 |
 |
v1.9 to v1.10 upgrade instructions does not mention container name change
|
|
|
4mo |
4mo |
4mo |
|
assigned assignee-updated member-last
|
604 |
 |
Make it so that it is easier to find the doc for fixing webhook issues
|
|
|
2y |
2y |
2y |
|
contributor-last recv
|
583 |
 |
cert-manager with ZeroSSL
|
| |
2y |
1y |
1y |
|
send
|
554 |
 |
HTTP Validation, privateKeySecretRef
|
|
|
2y |
2y |
2y |
|
contributor-last recv
|
561 |
 |
Certificate Resources
|
|
|
2y |
2y |
2y |
|
recv similar
|
542 |
 |
Document the Istio VirtualService HTTP01 configuration options
|
|
|
2y |
2y |
|
|
|
486 |
 |
OpenShift - broken link
|
|
|
2y |
2y |
2y |
|
member-last send
|
469 |
 |
DNS01: Delegated Domains for DNS01 example yaml solvers list items
|
|
|
2y |
2y |
2y |
|
recv
|
466 |
 |
installation/compatiblity
|
|
|
2y |
2y |
2y |
|
recv
|
457 |
 |
cainjector docs are missing the option to inject certs in apiservice resources
|
|
|
2y |
2y |
2y |
|
recv
|
425 |
 |
Document ocspServers
|
|
|
2y |
2y |
2y |
kind/documentation
|
member-last
|
422 |
 |
Page last modified date incorrect
|
|
|
2y |
2y |
2y |
kind/bug
|
collaborator-last send
|
386 |
 |
Uninstalling on Kubernetes - How to delete all those user created resources?
|
|
|
3y |
3y |
3y |
|
collaborator-last send
|
330 |
 |
Case for CertificatePrivateKey (encoding, algorithm) is wrong (v1)
|
|
|
3y |
3y |
3y |
|
collaborator-last send similar
|
326 |
 |
Securing Ingresses with Venafi
|
|
|
3y |
3y |
3y |
|
collaborator-last send similar
|
295 |
 |
Route53
|
|
|
3y |
2y |
2y |
kind/documentation
|
member-last send
|
532 |
 |
Rework of the landing page (cert-manager.io)
|
|
3
|
2y |
2y |
2y |
help wanted
good first issue
|
member-last send similar
|
549 |
 |
Effort towards a more user-friendly website
|
|
|
2y |
2y |
|
|
|
1310 |
 |
cert-manager-istio-csr Pod's Health Endpoint failing
|
|
|
2mo |
2mo |
2mo |
|
recv
|
568 |
 |
Add a diagram for LetsEncrypt cert issuance flow to the docs
|
|
4
|
2y |
2y |
2y |
|
recv
|
543 |
 |
Add getting started documentation for users who want to quickly use cert-manager to issue LetsEncrypt certificates
|
|
4
|
2y |
2y |
2y |
|
member-last send
|
79 |
 |
Design for partial automation of release process
|
|
|
2y |
2y |
2y |
|
member-last send
|
42 |
 |
Publish latest release number as part of creating a final release
|
|
|
2y |
2y |
2y |
|
member-last send
|
27 |
 |
Create cert-manager specific testing infrastructure
|
|
|
2y |
2y |
2y |
|
assigned assignee-updated member-last pr-merged send
|
19 |
 |
Incorrect command line help: should include a --branch argument
|
|
|
3y |
2y |
2y |
kind/cleanup
|
contributor-last
|
31 |
 |
Move the manual steps of our release process to cmrel commands
|
|
|
2y |
2y |
2y |
|
member-last pr-closed
|
50 |
 |
Move cert-manager-release infrastructure to CNCF's GCP account
|
|
|
2y |
2y |
2y |
|
member-last
|
217 |
 |
Restarting a namespace with 30+ deployments causes errors in istio-csr which tends to reolve after a while.
|
|
|
3mo |
11d |
3mo |
|
contributor-last recv
|
211 |
 |
Add custom annotations to deployment
|
|
|
6mo |
2mo |
6mo |
|
author-last recv
|
197 |
 |
add the compatibility matrix for Kubernetes versions to README
|
|
|
9mo |
9mo |
9mo |
|
recv similar
|
176 |
 |
certificateDuration is not used for the Istio CSR generated certificate requests
|
|
|
1y |
1y |
1y |
|
author-last recv recv-q similar
|
161 |
 |
updating ConfigMap data doesn't stop
|
|
|
2y |
2y |
2y |
|
collaborator-last send
|
155 |
 |
Invalid certificate chain when using Vault with Intermediate CA
|
|
|
2y |
4mo |
2y |
|
recv
|
153 |
 |
It is possible to have several CAs within the same cluster.
|
|
2
|
2y |
4mo |
4mo |
|
member-last send
|
145 |
 |
Not able to use Istio-CSR in istio(1.13.*)
|
|
|
2y |
2y |
2y |
|
author-last pr-closed recv
|
144 |
 |
add a support kubernetes client QPS and Burst config
|
|
|
2y |
2y |
2y |
|
recv
|
141 |
 |
Istio-csr pods were hung unable to handle request causes entire cluster downtime for new pods/expired pods.
|
|
|
2y |
1y |
2y |
|
recv recv-q
|
138 |
 |
istio-csr doesn't retry upon failed certificate requests
|
|
|
2y |
1y |
2y |
|
contributor-last recv
|
137 |
 |
Documentation on rotating the root certificate
|
|
|
2y |
9mo |
2y |
|
recv recv-q
|
136 |
 |
Document available metrics
|
|
|
2y |
2y |
2y |
|
recv similar
|
133 |
 |
latest supported cert-manager version with cert-manager-istio-csr?
|
|
|
2y |
2y |
2y |
|
collaborator-last send
|
132 |
 |
Allow override of istiod-tls certificate common name in helm chert (for non-standard istiod deployments)
|
|
|
2y |
8mo |
2y |
|
recv
|
131 |
 |
metrics to check certificate expiry for istio workloads ?
|
|
|
2y |
2y |
2y |
|
collaborator-last send
|
130 |
 |
Document best-practices for minimal vault role configuration for istio-csr
|
|
|
2y |
2y |
2y |
|
recv
|
118 |
 |
E2E tests running against the wrong k8s version
|
|
|
2y |
2y |
|
|
|
117 |
 |
public ca.crt aka caBundle is not being updated/propagated until the cert-manager and istiod components are restarted
|
|
|
2y |
2y |
2y |
|
recv
|
113 |
 |
Integrating with istio helm chart installs
|
|
11
|
2y |
4mo |
2y |
|
recv recv-q
|
108 |
 |
[doc] confusion with `ca.pem` and Readiness probe failed on ingress and egress gateways
|
|
|
2y |
2y |
2y |
|
author-last recv recv-q
|
106 |
 |
Helm chart is failing with "certificate.spec.revisionHistoryLimit" issue
|
|
|
2y |
2y |
2y |
|
collaborator-last send similar
|
94 |
 |
Can't get aws pca to work
|
|
|
2y |
2y |
2y |
|
recv
|
87 |
 |
Failing to integrate with GCP CAS
|
|
|
2y |
2y |
2y |
|
collaborator-last send
|
84 |
 |
csr readiness probe failed, istio ingress pod also failed
|
|
2
|
2y |
2y |
2y |
support
|
collaborator-last send
|
83 |
 |
commonName required for AWS PCA
|
|
|
2y |
2y |
2y |
|
recv recv-q
|
64 |
 |
Is there way to hot restart envoy proxy using istio-csr? I'm trying to renew root certificate by changing the istio-ca secret manually. The workload does not pick the new root certificate unless I delete the workload pods
|
|
|
2y |
2y |
2y |
|
send
|
53 |
 |
Generate workload certificates with DNS in the SAN
|
|
|
2y |
2y |
2y |
|
recv-q send
|
213 |
 |
charts.jetstack.io beding cluster presents a challenge and breaks deployment
|
|
|
5mo |
5mo |
5mo |
|
recv
|
278 |
 |
Add Helm option to create RBAC allowing approval for all issuers
|
|
|
2mo |
7wk |
7wk |
kind/feature
good first issue
|
member-last send
|
207 |
 |
Setting .Values.nameOverride makes the pod not have rights to update secret cert-manager-approver-policy-tls
|
|
|
9mo |
9mo |
9mo |
|
author-last recv
|
288 |
 |
Feature: Take control of approval for the whole cluster
|
|
|
7wk |
7wk |
|
|
|
271 |
 |
Include binary artifacts your releases.
|
|
|
2mo |
2mo |
2mo |
|
recv
|
216 |
 |
Simplify configuration by creating RBAC by default
|
|
|
8mo |
8mo |
|
|
pr-merged
|
203 |
 |
Improve CRD fields for specifying key requirements
|
|
|
9mo |
9mo |
|
|
|
169 |
 |
Webhook Custom CA
|
|
|
1y |
1y |
1y |
|
recv
|
61 |
 |
Flakey Tests in pull-cert-manager-approver-policy-verify
|
|
|
2y |
2y |
|
kind/bug
|
pr-merged
|
245 |
 |
Split Bundle controller into multiple controllers
|
|
|
14d |
14d |
14d |
|
recv
|
243 |
 |
More flexible and better organized target specification in API
|
|
|
17d |
13d |
13d |
|
contributor-last recv recv-q
|
242 |
 |
New version of Bundle API
|
|
2
|
17d |
4d |
4d |
|
send
|
227 |
 |
trust-manager and Kubernetes version compatibility
|
|
|
4wk |
4wk |
4wk |
|
author-last recv recv-q similar
|
222 |
 |
[Feature] - Ability to inject a CA cert into a cert-manager managed secret resource
|
|
5
|
5wk |
3wk |
5wk |
|
recv-q send
|
205 |
 |
Allow to select multiple "trust" namespaces
|
|
|
6wk |
6wk |
6wk |
|
recv
|
199 |
 |
Support of setting arbitrary password for PKCS12 truststore
|
|
2
4
|
7wk |
15d |
7wk |
help wanted
good first issue
|
assigned assignee-updated contributor-last pr-closed recv recv-q
|
196 |
 |
Allow TLS to be configured on the admission webhook server
|
|
|
2mo |
2mo |
2mo |
|
recv
|
183 |
 |
Create trust bundle based on Debian bookworm
|
|
11
|
2mo |
4wk |
4wk |
good first issue
|
assigned assignee-updated member-last
|
175 |
 |
support extra annotations on resoures in helm chart
|
|
|
3mo |
3mo |
3mo |
|
recv
|
168 |
 |
Install in openshift with existing cert-manager operator install
|
|
|
3mo |
3mo |
3mo |
|
author-last recv recv-q similar
|
150 |
 |
Is there a way to specify the domain
|
|
|
4mo |
3mo |
3mo |
|
member-last send
|
144 |
 |
Add CertificateRequest as a source
|
|
7
|
5mo |
4mo |
4mo |
|
contributor-last pr-merged recv similar
|
142 |
 |
expose bundles CRD as release artifact
|
|
3
|
6mo |
6mo |
6mo |
|
recv
|
135 |
 |
Automatic CA rotation support
|
|
|
6mo |
6mo |
6mo |
|
contributor-last recv
|
132 |
 |
Unable to run Trust Manager without cert manager
|
|
|
7mo |
6mo |
7mo |
|
contributor-last pr-unreviewed recv recv-q
|
131 |
 |
Feature: per namespace trust bundle
|
|
2
|
7mo |
3wk |
7mo |
|
author-last recv recv-q
|
113 |
 |
Branch from "old" trust-manager name to add deprecation warning.
|
|
|
10mo |
10mo |
|
|
|
112 |
 |
Move away from buildx
|
|
|
10mo |
10mo |
|
|
|
99 |
 |
Allow removing Bundles whilst keeping the synced CA certs
|
|
2
|
10mo |
10mo |
10mo |
|
pr-unreviewed recv
|
72 |
 |
Add the configmap on all pod via mutatingWebhookConfiguration
|
|
3
|
1y |
11mo |
11mo |
kind/feature
|
member-last send similar
|
59 |
 |
Trust part 2 - How to use a bundle?
|
|
3
|
1y |
9d |
9d |
|
member-last
|
63 |
 |
nit: Rename "Bundle" to "ClusterBundle"
|
|
12
|
1y |
3wk |
3wk |
|
member-last open-milestone send
|
58 |
 |
Support injection pem into an existing configmap
|
|
3
|
1y |
10d |
1y |
help wanted
good first issue
|
assigned assignee-updated contributor-last recv
|
33 |
 |
Support CRDs as target
|
|
4
|
2y |
2y |
2y |
|
recv
|
23 |
 |
Way to add labels/annotations to target
|
|
10
|
2y |
3mo |
2y |
help wanted
good first issue
|
recv
|
44 |
 |
Specialise `Bundle` for X.509 Certificates
|
|
|
1y |
13d |
13d |
|
member-last
|
54 |
 |
Allow auto-trust Bundles tracking a certain Issuer
|
|
2
|
1y |
3mo |
11mo |
|
contributor-last recv-q send
|
4 |
 |
Feature: By default, require only self-signed certificates in a bundle
|
|
|
2y |
17d |
|
kind/feature
help wanted
|
contributor-last
|
39 |
 |
Don't sync targets to all namespaces by default
|
|
6
|
1y |
16d |
16d |
|
contributor-last open-milestone send
|
60 |
 |
overriding trusted namespace
|
|
4
5
|
1y |
7mo |
11mo |
|
recv-q send
|
145 |
 |
Release Helm Chart v0.5.1 / v0.6.0
|
|
4
|
6mo |
2mo |
6mo |
|
recv recv-q
|
144 |
 |
Push new tag for chart fixes
|
|
|
6mo |
6mo |
6mo |
|
recv
|
136 |
 |
SubPath support is broken or missing
|
|
|
11mo |
11mo |
11mo |
|
recv
|
134 |
 |
Volume empty
|
|
3
|
11mo |
8mo |
11mo |
|
recv
|
130 |
 |
JKS support
|
|
3
|
11mo |
9mo |
11mo |
|
recv similar
|
140 |
 |
Update images to not utilize k8s.gcr.io
|
|
|
8mo |
7mo |
8mo |
|
recv
|
125 |
 |
Is it too late to align cert-manager annotations?
|
|
|
1y |
11mo |
1y |
|
recv similar
|
119 |
 |
Certificate is re-requested when container restarts
|
|
|
1y |
1y |
1y |
|
recv similar
|
116 |
 |
Does csi-driver support Wìndows nodes?
|
|
|
1y |
1y |
1y |
|
collaborator-last send
|
74 |
 |
Investigate and change the default mounted host path for driver
|
|
|
2y |
2y |
|
|
|
45 |
 |
Unable to mount and read only file error
|
|
4
|
2y |
11mo |
1y |
|
recv-q send
|
128 |
 |
Support all subject attributes
|
|
|
11mo |
11mo |
11mo |
|
recv
|
33 |
 |
New key being used with old certificate
|
|
|
2y |
2y |
2y |
|
recv
|
21 |
 |
MountVolume.SetUp failed: cannot set blockOwnerDeletion: cannot find RESTMapping for APIVersion core/v1 Kind Pod
|
|
|
3y |
3y |
3y |
|
recv
|
26 |
 |
Cannot `chmod` a read only filesystem
|
|
14
|
3y |
2y |
3y |
|
pr-closed recv recv-q
|
17 |
 |
ability to specify pod IP in volume attributes
|
|
5
|
3y |
3y |
3y |
|
recv
|
29 |
 |
Deleting a pod with a cert-manager-csi volume mounted results in the pod termination hanging.
|
|
|
3y |
3y |
3y |
|
recv
|
42 |
 |
Intermittent csi-driver-spiffe failure: Unable to mount cert
|
|
|
2mo |
2mo |
2mo |
|
member-last send
|
41 |
 |
The default `csiDataDir` value might collide with csi-driver
|
|
|
6mo |
6mo |
|
|
|
38 |
 |
Add Envoy Secret discovery service (SDS) support
|
|
|
7mo |
7mo |
7mo |
|
recv
|
19 |
 |
Add support for certificate expiry configuration
|
|
6
|
1y |
6mo |
1y |
|
recv similar
|
39 |
 |
csi-driver-spiffe vs csi-driver
|
|
4
|
6mo |
3mo |
3mo |
|
member-last send
|
42 |
 |
Monitoring observability for "CertificateRequests"
|
|
|
2mo |
6wk |
2mo |
|
recv similar
|
39 |
 |
Support latest cert-manager operator for openshift
|
|
|
3mo |
2mo |
2mo |
|
member-last send similar
|
38 |
 |
Route with cert-manager annotations is not created
|
|
|
3mo |
2mo |
3mo |
|
author-last recv recv-q similar
|
35 |
 |
How to populate certificate metadata i.e. subject details e.g. OU, Organization etc
|
|
|
4mo |
2mo |
4mo |
|
recv
|
46 |
 |
Ability to configure CertificateRequest revision history limit
|
|
|
3wk |
3wk |
3wk |
|
recv similar
|
13 |
 |
Can the plugin be configured to use a wildcard certificate?
|
|
|
1y |
1y |
1y |
|
recv recv-q
|
12 |
 |
Does this plugin support DNS validation?
|
|
|
1y |
1y |
1y |
|
recv
|
4 |
 |
Feature: Allow specification of privateKey.rotationPolicy
|
|
2
|
2y |
6mo |
|
|
|
34 |
 |
`openshift-routes` doesn't work as expected and isn't suitable for a production environment
|
|
|
4mo |
2mo |
4mo |
|
author-last recv recv-q
|
30 |
 |
Installation is only possible in the default `cert-manager` NS
|
|
2
|
5mo |
7wk |
5mo |
|
contributor-last pr-closed recv recv-q
|
26 |
 |
Missing CONTRIBUTING.md
|
|
|
8mo |
8mo |
8mo |
|
recv
|
15 |
 |
Feature: Support for ECC certs
|
|
|
1y |
1y |
1y |
|
recv
|
14 |
 |
Annotation generates CertificatesRequests repeatedly until blocked by letsencrypt
|
|
|
1y |
1y |
1y |
|
recv similar
|
70 |
 |
OLM deployment with ArgoCD is OutOfSync
|
|
|
2y |
1y |
1y |
|
send
|
17 |
 |
Operator prevents passing extraArgs helm value
|
|
7
|
3y |
11mo |
3y |
|
recv recv-q
|
22 |
 |
Customize the deployment of cert-manager installed via OLM
|
|
5
6
|
2y |
11mo |
2y |
|
author-last recv recv-q
|
3 |
 |
Restrict operator RBAC permissions
|
|
|
3y |
3y |
3y |
|
recv
|
46 |
 |
Cert-manager operator fails to issue certificates
|
|
|
2y |
2y |
2y |
|
recv similar
|
8 |
 |
Drivers can create CertificateRequests for pods that don't exist in very rare edge cases
|
|
|
2y |
2y |
|
|
contributor-last
|
40 |
 |
Optional auto rotating/renewing certificates
|
|
|
1y |
1y |
1y |
|
recv similar
|
33 |
 |
Create e2e test to validate CertificateRequest garbage collection
|
|
|
1y |
1y |
1y |
|
assigned recv
|