queue to be emptied once a day

Unprioritized issues older than 7 days (268)

Resolution: Add a priority/ or triage/ label

Average age: 340.6d, Avg wait: 168.5d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6096 Sporadic failures at the order lever with CAA errors 7d 6d 7d
kind/bug
recv
6095 Rocky 9 cmctl check api inconsistent/fails 7d 6d 7d
recv
recv-q
6065 acme-http01-edit-in-place seems to be ignored 18d 4d 18d
kind/bug
author-last
recv
recv-q
6083 [release-1.12] Post-release actions checklist 11d 11d
6051 Detecting Gateway hostnames based on attached HTTPRoutes 2wk 19d 2wk
kind/feature
author-last
recv
recv-q
6021 Make it possible to specify logging options for the ACME solver 3wk 3wk
kind/feature
6010 Support the ACME Renewal Information (ARI) extension 3wk 3wk 3wk
kind/feature
collaborator-last
commented
send
6007 support HA acme service with freeipa
4wk 4wk 4wk
kind/feature
recv
6005 Venafi custom field ca-dn ignored 4wk 4wk 4wk
kind/bug
recv
6004 Support TLS-ALPN-01 challenges 4wk 4wk 4wk
kind/feature
recv
6016 add imagePullSecrets clauses to helm deployment, job templates 3wk 3wk 3wk
kind/feature
pr-unreviewed
recv
5998 Failed post-install: timed out waiting for the condition 4wk 4wk 4wk
kind/bug
recv
similar
5987 Orders sent by cert-manager using a cluster-issuer with an EAB are not RFC8555 compliant | Step-CA private ACME Server
14
 5wk 3wk 5wk
kind/bug
author-last
recv
5988 ACME automatic certificate renewal always fails with: Failed to create Order: 400 malformed: No Key ID in JWS header 5wk 4wk 5wk
kind/bug
recv
5974 Issue with version upgrade causing multiple containers in deployment
3
 5wk 4wk 5wk
kind/bug
recv
5978 Certain issuers with selector-based DNS-01 solver does not respect delegated domains 5wk 4wk 4wk
collaborator-last
commented
send
5959 `ImagePullBackoff` on `cm-acme-http-solver` pod, if using private registries
6wk 3wk 6wk
kind/bug
author-last
recv
recv-q
5973 Graduate AdditionalCertificateOutputFormats feature 5wk 5wk 5wk
kind/feature
recv
5957 Support Secure (non-legacy) OpenSSL v3 PKCS12 Algorithms
3
 6wk 1d 6wk
kind/feature
recv
5955 Flake: invalid digit '8' in octal literal (at <input>:1:19) 6wk 5wk 6wk
kind/bug
commented
contributor-last
5944 `go install` doesn't work for cmctl for currently supported versions due to the replace directive in the core cert-manager `go.mod`. It won't work for 1.12 because of go module proliferation.
6wk 6wk
5953 Unknown revision of `github.com/Venafi/vcert/v4`
3
 6wk 3wk 5wk
kind/bug
commented
member-last
pr-merged
send
5942 ClusterIssuer with auth kubernetes not working 6wk 6wk 6wk
kind/bug
recv
5941 How do I solve acme: authorization 403 error when setting up Ingress on Minikube 6wk 6wk 6wk
recv
5937 Harden containers with read-only root filesystems
7wk 7wk 7wk
kind/feature
recv
similar
5925 Use readOnlyRootFilesystem: true for all containers
2
 7wk 7wk 7wk
kind/feature
recv
similar
5917 Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated
7wk 7wk 7wk
kind/bug
assigned
assignee-updated
author-last
commented
recv
recv-q
similar
5921 cert-manager issue.. SSL is on and off 7wk 7wk 7wk
recv
similar
5904 Support Azure Private DNS Zones for DNS Challenge
4
 2mo 2mo 2mo
kind/feature
recv
5905 Preventing cert-manager from attempting DNS01 challenges using rewritten domains instead of ingress domains 1mo 1mo 1mo
recv
5902 Looking for documentation explaining how the connectino between istio-csr and cert-manager is secured 2mo 5wk 2mo
recv
5900 [FR] Allow the Chart to create extra manifest 2mo 2mo 2mo
kind/feature
recv
5898 Flaky test: make: pull-cert-manager-master-make-test: [make/test.mk:136: _bin/scratch/oldcrds.tar] Error 123 2mo 2mo
kind/bug
kind/flake
5893 Route53 challenge with IRSA service account: Unable to assume role: AccessDenied 2mo 2mo 2mo
kind/bug
recv
similar
5885 argocd + cert-manager + ingress_nginx + acme-http-solver cannot issue standalone certificate 2mo 2mo 2mo
recv
5884 Issue with Cloudflare dns-01 acme validation for Let's Encrypt in a multi-cluster environment 2mo 2mo 2mo
kind/bug
recv
5883 Will cert manager auto refresh Vault AppRole Auth token? 2mo 2mo 2mo
recv
5882 Duplicate events
2mo 5wk 5wk
kind/bug
assigned
assignee-updated
commented
contributor-last
recv-q
5881 Whats the impact of removing the auto mount of access token for cert manager service accounts. 2mo 5wk 2mo
recv
recv-q
5877 Adding Domains.Google.com as an option for DNS-01
4
 2mo 2mo 2mo
kind/feature
commented
recv
recv-q
5889 cainjector in a zombie state after attempting to shut down
2mo 6wk 6wk
kind/bug
commented
member-last
pr-unreviewed
send
5864 Certmgr allows creating certificates expiring after ca expiration.
2
 2mo 12d 2mo
kind/bug
recv
5862 http01.ingress.class doesn't work
4
 2mo 2wk 1mo
kind/bug
commented
recv-q
send
5855 DNS-01 : error : Found recursive CNAME record to 2mo 1mo 2mo
author-last
commented
recv
recv-q
5851 CA cert in Secret not updated when self-signed CA itself gets renewed.
10
 2mo 12d 2mo
kind/bug
commented
recv-q
send
5845 Error presenting challenge: Unable to check the TXT record: ### Unexpected HTTP status: 401 during certificate renewal 2mo 2mo 2mo
kind/bug
recv
recv-q
5826 ACMEDNS, cnameStrategy: Follow (follow CNAME records recursively), dns01-recursive-nameservers-only - NXDOMAIN 3mo 5d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
5821 Allow renewBefore to be a percentage 3mo 7d 3mo
kind/feature
author-last
recv
5818 Remove code-level dependency on Helm where possible 3mo 6d 6d
kind/feature
lifecycle/stale
commented
member-last
5817 Uninstalling the cert-manager Helm chart removes all my Issuers and Certificate/ CertificateRequest CRs 3mo 7d 3mo
lifecycle/stale
collaborator-last
commented
send
5806 CA Injector MinimumReplicasUnavailable 3mo 13d 3mo
kind/bug
lifecycle/stale
collaborator-last
commented
send
5792 Helm CVE-2023-25165 3mo 19d 3mo
lifecycle/stale
collaborator-last
recv
5785 Store OCSP response in kubernetes secret
2
 3mo 4d 3mo
kind/feature
lifecycle/stale
collaborator-last
commented
pr-reviewed-with-comment
send
5783 Add k8s.io/client-go/applyconfigurations style *ApplyConfigurations for the included CRDs
3mo 14d 3mo
kind/feature
author-last
commented
pr-unreviewed
recv
5782 Misleading error for Vault issuer 3mo 3wk 3wk
good first issue
kind/feature
area/vault
commented
member-last
send
5780 error instantiating route53 challenge solver: unable to assume role: AccessDenied 3mo 14d 3mo
lifecycle/stale
recv
similar
5779 cloudDNS 's hostedZoneName is not sufficient to replace the dns01-recursive-nameservers flag 3mo 3wk 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
5775 Atos IDnomic ACME Gateway 3mo 6d 3mo
kind/bug
lifecycle/stale
area/acme
collaborator-last
commented
recv
5774 Add descriptions for container image repos 3mo 3wk 3wk
good first issue
kind/documentation
commented
member-last
5867 Controller can't handle hitting request rate limits of zerossl ACME API
6
10
 2mo 11h 6wk
kind/bug
commented
pr-closed
pr-merged
recv-q
send
similar
5773 add support for encrypted Private keys in PKCS8 format 3mo 4wk 3mo
lifecycle/stale
collaborator-last
recv
5772 Develop new Helm chart for cert-manager CRD manifests 3mo 4wk 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
5767 force renew others when root cert renews 3mo 4wk 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
5756 Challenge is stuck at "Waiting for DNS-01 challenge propagation"
4mo 4wk 3mo
kind/bug
lifecycle/stale
collaborator-last
commented
recv
similar
5752 Waiting for HTTP-01 challenge propagation: wrong status code '404', expected '200'
2
 4mo 5d 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
similar
5751 Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together 4mo 3wk 4mo
kind/bug
lifecycle/stale
collaborator-last
recv
recv-q
5760 Feature/Bug: Filter Ingress Url by ACME Solvers 4mo 1d 4mo
kind/bug
kind/feature
lifecycle/rotten
collaborator-last
pr-unreviewed
recv
5750 Tag associated with Fix for pavlo-v-chernykh/keystore-go library version
4mo 5h 4mo
kind/feature
lifecycle/rotten
collaborator-last
commented
pr-merged
send
5708 Cert Manager working with only example.com not with svc.cluster.local 4mo 2wk 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
5697 Support PodSecurityAdmission
5
 4mo 2mo 4mo
kind/feature
author-last
recv
recv-q
5673 Error presenting challenge: init sdk: get token: extract secret: resource name may not be empty 5mo 17d 5mo
lifecycle/rotten
collaborator-last
recv
5665 Allow defining keystore password as litteral instead of SecretRef 5mo 2mo 5mo
kind/feature
author-last
recv
5664 Error: INSTALLATION FAILED: failed post-install: timed out waiting for the condition 5mo 13d 5mo
kind/bug
lifecycle/stale
collaborator-last
recv
recv-q
similar
5643 AdditionalOutputFormat is still in alpha
5mo 7d 2mo
kind/feature
commented
send
5716 Certificate renewal fails during DNS challenge with Route53 4mo 7d 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
similar
5626 Helm: Allow configuration of readiness, liveness and startup probes for all created Pods
5mo 3d 4wk
kind/feature
lifecycle/rotten
collaborator-last
commented
pr-closed
send
5588 --must-staple attribute for OCSP Stapling
6mo 3wk 6mo
good first issue
kind/feature
lifecycle/stale
collaborator-last
commented
send
5585 ClusterIssuer cannot read the ServiceAccount token secret 6mo 6wk 6mo
kind/bug
author-last
recv
similar
5566 upload Helm charts to OCI registry and sign them with cosign
7
 6mo 2mo 2mo
kind/feature
commented
member-last
send
5558 Will auto-renewal of the root certificate automatically renew the certificate issued by the root certificate? 6mo 12h 6mo
lifecycle/rotten
collaborator-last
recv
similar
5557 error instantiating route53 challenge solver: unable to assume role: AccessDenied:
6
 6mo 1mo 6mo
kind/bug
recv
recv-q
similar
5540 Changelog annotations to chart 7mo 5wk 7mo
kind/feature
author-last
recv
5538 Unable to set IPv6 podDNS config from values 7mo 5d 7mo
kind/bug
author-last
recv
5611 ACME HTTP challenge pods blocked by OpenShift 6mo 5wk 2mo
kind/bug
commented
contributor-last
recv
5515 stuck on propagation check failed DNS record not yet propagated
5
 7mo 2mo 7mo
kind/bug
recv
similar
5516 Forbidden: seccomp may not be set pod.metadata.annotations
3
13
 7mo 3wk 7mo
kind/bug
lifecycle/stale
recv
5486 Aggressive Retries from "error instantiating route53 challenge solver"
2
 7mo 3wk 7mo
kind/bug
recv
recv-q
similar
5433 Support certs that live for < 1h
3
 8mo 2mo 8mo
kind/feature
author-last
recv
similar
5514 Venafi Issuer Read `caBundle` from Configmap or Secret
4
 7mo 4wk 7mo
kind/feature
assigned
assignee-updated
recv
recv-q
similar
5298 Complete the Migration Away From Jetstack Names 10mo 6wk 6wk
kind/cleanup
commented
member-last
5430 Improving DNS-01 challenge performance
2
 8mo 2mo 8mo
kind/feature
pr-reviewed-with-comment
pr-unreviewed
recv
5230 Timeouts on Every Controller Reconcile Loop
11mo 9d 3mo
kind/bug
lifecycle/stale
collaborator-last
commented
pr-merged
5197 cert-manager-webhook to provide logs when handling a k8s api-server request
4
 11mo 6wk 6wk
good first issue
help wanted
kind/feature
assigned
assignee-updated
commented
contributor-last
pr-closed
pr-merged
send
5171 TPP Allowed Domains can cause valid certificate to error
1y 14d 1y
kind/bug
area/venafi
recv
5220 Investigate improving resource consumption and performance in clusters with large amount of resources
11
 11mo 2mo 7mo
kind/feature
commented
contributor-last
pr-merged
recv-q
5031 ValidateCAA test function is flaky 1y 3wk 3wk
kind/bug
lifecycle/stale
kind/flake
flake/test-logic
commented
member-last
send
5160 Support loading controller configuration from a versioned file
2
 1y 2mo 2mo
help wanted
kind/feature
assigned
assignee-updated
collaborator-last
commented
pr-new-commits
6071 [helm] Allow usage of initContainers for cert-manager
15d 15d 15d
kind/feature
recv
4931 Enable Testing on ARM64 1y 10d 1y
kind/feature
lifecycle/rotten
collaborator-last
commented
recv
recv-q
4899 Certificate.Spec.RenewEvery instead of RenewBefore 1y 1d 10mo
kind/feature
lifecycle/stale
collaborator-last
commented
4797 Automatically renew certificates if OCSP indicates that it was revoked
10
 1y 2mo 1y
kind/feature
area/acme
commented
recv
recv-q
similar
4786 Investigate whether it would be valuable to decrease the initial backoff period for certificate issuance retries
9
 1y 7wk 7wk
collaborator-last
commented
pr-unreviewed
4685 Unexpected EOF during watch stream event decoding: unexpected EOF
6
 1y 5mo 1y
lifecycle/frozen
kind/bug
recv
recv-q
4950 General flakiness of our end-to-end suite
3
 1y 10mo 10mo
lifecycle/frozen
kind/flake
commented
member-last
pr-closed
pr-merged
send
4561 Ability to specify secret ownerReference as part of the Certificate request
3
 2y 3wk 2y
kind/feature
lifecycle/rotten
collaborator-last
recv
4423 Cert renewal loop
2
 2y 7wk 2y
kind/bug
author-last
commented
recv
recv-q
4349 allowing greater configuration for the cloud provider tests
2y 1y 1y
lifecycle/frozen
kind/feature
collaborator-last
commented
send
4594 TLS handshake error: EOF
17
 2y 5wk 11mo
kind/bug
commented
recv-q
send
3958 Sane defaults for Certificate revision history limit
11
 2y 5d 6mo
kind/feature
commented
recv-q
send
3896 Cert Manager failing to renew certificate
17
 2y 2mo 2y
kind/bug
area/acme/dns01
commented
recv-q
send
similar
6074 Graduate SecretsFilteredCaching feature gate to beta 14d 14d
kind/feature
4956 cert-manager created multiple CertificateRequest objects with the same certificate-revision
2
2
3
 1y 4wk 1y
kind/bug
lifecycle/stale
commented
pr-closed
pr-merged
pr-unreviewed
recv
recv-q
2380 Helm chart version is not SemVer-compatible
5
 3y 2mo 2y
kind/bug
commented
recv
recv-q
1194 Confusing paragraph - cert-manager integration. 2mo 2mo 2mo
documentation
contributor-last
recv
1186 Document that/why we don't use Helm's CRD installation mechanism 3mo 3mo 3mo
good first issue
kind/documentation
recv
1168 Rendering issues for generated API docs
4mo 4mo 4mo
commented
member-last
pr-merged
1159 Why the sample issuer still uses kubebuilder version 2 ? 4mo 4mo 4mo
recv
1125 Describe cert-manager feature policy 5mo 4mo 5mo
contributor-last
recv
recv-q
1101 Feature request for updating documentation. 6mo 6mo 6mo
recv
1063 "Securing Ingresses with Venafi" tutorial contains link to missing manifest
9mo 9mo 9mo
author-last
pr-merged
recv
998 Documentation venafi configuration references venafi documentation page which returns 403 11mo 9mo 11mo
contributor-last
recv
993 Document which resources do/do not get garbage collected 11mo 11mo 11mo
good first issue
contributor-last
recv
981 The `kubectl operator install` instructions are broken (after upgrading kubectl operator v0.3.0 -> v0.4.0) 1y 1y 1y
commented
member-last
955 Document when the vault pki role required setting `require_cn=false`
1y 7mo
1062 Document process for offboarding maintainers 9mo 9mo 9mo
recv
similar
931 Improve upgrade instructions using helm
1y 1y 1y
recv
899 Upgrading from v1.7 to v1.8 check command should exclude null.
2
 1y 1y 1y
recv
recv-q
868 Document RBAC 1y 1y 1y
contributor-last
recv
similar
866 Securing NGINX-ingress 1y 1y 1y
recv
similar
851 create Cilium ingress tls example
3
 1y 11mo 1y
assigned
assignee-updated
recv
847 missing documentation/information olm based installation metric prometheus 1y 1y 1y
contributor-last
recv
844 Document feature gates 1y 1y
similar
841 remove dependency on golang from cmctl and kubectl-plugin installation documentation
1y 1y 1y
contributor-last
pr-merged
recv
recv-q
836 Syncing Secrets Across Namespaces
1y 1y 1y
recv
802 Spelling errors are unclear in pull request CI results and spell checker is unmaintained
1y 1y
kind/bug
contributor-last
pr-merged
776 Explain that you can pre-provision a Secret and Certificate.Spec.SecretName can refer to an existing Secret 1y 1y 1y
commented
member-last
send
758 API reference docs: enum values not documented with typedef 2y 2y 2y
recv
706 Default key usages 2y 2y 2y
recv
697 [IRSA] Needs `runAsUser: 1001` 2y 2y 2y
recv
693 Azure DNS pod identity incorrectly documents principal_id 2y 2y 2y
commented
member-last
send
672 List required Google CloudDNS permissions exhaustively 2y 2y 2y
recv
662 Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"
2y 2y 2y
recv
645 Investigate & add an FAQ/warning about images rolled back after GitOps upgrade 2y 1y 2y
recv
recv-q
642 Move/ link to Webhook debugging docs 2y 2y
604 Make it so that it is easier to find the doc for fixing webhook issues 2y 1y 2y
contributor-last
recv
583 cert-manager with ZeroSSL
44
 2y 10mo 10mo
commented
send
similar
1061 Document onboarding process for new maintainers 9mo 9mo 9mo
recv
similar
561 Certificate Resources 2y 2y 2y
recv
similar
554 HTTP Validation, privateKeySecretRef 2y 2y 2y
contributor-last
recv
549 Effort towards a more user-friendly website 2y 2y
543 Add getting started documentation for users who want to quickly use cert-manager to issue LetsEncrypt certificates
4
 2y 2y 2y
commented
member-last
send
542 Document the Istio VirtualService HTTP01 configuration options 2y 2y
532 Rework of the landing page (cert-manager.io)
3
 2y 2y 2y
help wanted
good first issue
commented
member-last
send
similar
486 OpenShift - broken link
2y 2y 2y
commented
member-last
send
469 DNS01: Delegated Domains for DNS01 example yaml solvers list items 2y 2y 2y
recv
466 installation/compatiblity 2y 2y 2y
recv
457 cainjector docs are missing the option to inject certs in apiservice resources
2y 2y 2y
recv
426 Create a sequence diagram that shows how a certificate gets issued with let's encrypt
2
 2y 2y 2y
commented
member-last
pr-merged
425 Document ocspServers 2y 2y 2y
kind/documentation
commented
member-last
422 Page last modified date incorrect 2y 2y 2y
kind/bug
collaborator-last
commented
send
386 Uninstalling on Kubernetes - How to delete all those user created resources?
2y 2y 2y
collaborator-last
commented
send
330 Case for CertificatePrivateKey (encoding, algorithm) is wrong (v1) 2y 2y 2y
collaborator-last
commented
send
326 Securing Ingresses with Venafi 2y 2y 2y
collaborator-last
commented
send
similar
295 Route53 2y 2y 2y
kind/documentation
commented
member-last
send
1054 Run spell checker in a pre-commit hook 9mo 9mo 9mo
good first issue
kind/cleanup
recv
975 Some pages do not make it clear what the user should read next 1y 1y
974 Investigate styled 404 page 1y 1y
944 Document how to install cert-manager in a different namespace
2
 1y 11mo 1y
good first issue
assigned
assignee-updated
contributor-last
recv
recv-q
568 Add a diagram for LetsEncrypt cert issuance flow to the docs
4
 2y 2y 2y
recv
79 Design for partial automation of release process 11mo 11mo 11mo
commented
member-last
send
50 Move cert-manager-release infrastructure to CNCF's GCP account
2y 1y 1y
commented
member-last
42 Publish latest release number as part of creating a final release
2y 2y 2y
commented
member-last
send
31 Move the manual steps of our release process to cmrel commands
2y 2y 2y
commented
member-last
pr-closed
19 Incorrect command line help: should include a --branch argument 2y 2y 2y
kind/cleanup
commented
contributor-last
27 Create cert-manager specific testing infrastructure
2y 2y 2y
assigned
assignee-updated
commented
member-last
pr-merged
send
208 Add ability to annotate certificate requests generateed by istio-csr 19d 19d 19d
recv
similar
161 updating ConfigMap data doesn't stop
11mo 11mo 11mo
collaborator-last
commented
send
155 Invalid certificate chain when using Vault with Intermediate CA 1y 9mo 1y
recv
153 It is possible to have several CAs within the same cluster.
2
 1y 1y 1y
contributor-last
recv
145 Not able to use Istio-CSR in istio(1.13.*)
1y 1y 1y
author-last
commented
pr-closed
recv
144 add a support kubernetes client QPS and Burst config 1y 1y 1y
recv
141 Istio-csr pods were hung unable to handle request causes entire cluster downtime for new pods/expired pods. 1y 9mo 1y
commented
recv
recv-q
138 istio-csr doesn't retry upon failed certificate requests
1y 6mo 1y
contributor-last
recv
137 Documentation on rotating the root certificate
1y 3mo 1y
recv
recv-q
136 Document available metrics 1y 1y 1y
recv
similar
133 latest supported cert-manager version with cert-manager-istio-csr? 1y 1y 1y
collaborator-last
commented
send
132 Allow override of istiod-tls certificate common name in helm chert (for non-standard istiod deployments) 1y 7wk 1y
recv
131 metrics to check certificate expiry for istio workloads ? 1y 1y 1y
collaborator-last
commented
send
130 Document best-practices for minimal vault role configuration for istio-csr 1y 1y 1y
recv
118 E2E tests running against the wrong k8s version 1y 1y
117 public ca.crt aka caBundle is not being updated/propagated until the cert-manager and istiod components are restarted 1y 1y 1y
recv
113 Integrating with istio helm chart installs
9
 2y 2mo 2y
recv
recv-q
108 [doc] confusion with `ca.pem` and Readiness probe failed on ingress and egress gateways 2y 2y 2y
author-last
commented
recv
recv-q
106 Helm chart is failing with "certificate.spec.revisionHistoryLimit" issue 2y 2y 2y
collaborator-last
commented
send
94 Can't get aws pca to work 2y 2y 2y
recv
87 Failing to integrate with GCP CAS
2y 2y 2y
collaborator-last
commented
send
84 csr readiness probe failed, istio ingress pod also failed
2
 2y 2y 2y
support
collaborator-last
commented
send
83 commonName required for AWS PCA 2y 2y 2y
commented
recv
recv-q
64 Is there way to hot restart envoy proxy using istio-csr? I'm trying to renew root certificate by changing the istio-ca secret manually. The workload does not pick the new root certificate unless I delete the workload pods 2y 2y 2y
commented
send
53 Generate workload certificates with DNS in the SAN 2y 2y 2y
commented
recv-q
send
197 add the compatibility matrix for Kubernetes versions to README 3mo 3mo 3mo
recv
176 certificateDuration is not used for the Istio CSR generated certificate requests 10mo 10mo 10mo
author-last
commented
recv
recv-q
similar
216 Simplify configuration by creating RBAC by default 2mo 2mo
207 Setting .Values.nameOverride makes the pod not have rights to update secret cert-manager-approver-policy-tls 2mo 2mo 2mo
author-last
recv
179 group 'cert-manager.io' does not work
5mo 2mo 5mo
recv
similar
169 Webhook Custom CA 5mo 5mo 5mo
recv
149 Regex to disallow wildcard certificates
3
 7mo 2mo 7mo
recv
recv-q
62 CertificateRequestPolicy based on which namespace the certificate request belongs to
6
 1y 2mo 2mo
commented
pr-closed
pr-merged
recv
61 Flakey Tests in pull-cert-manager-approver-policy-verify
1y 1y
kind/bug
pr-merged
203 Improve CRD fields for specifying key requirements
3mo 3mo
135 Automatic CA rotation support 13d 13d 13d
contributor-last
recv
133 BUG: unsuppotted `useDefaultCAs: false` 3wk 3wk 3wk
recv
131 Feature: per namespace trust bundle 3wk 3wk 3wk
recv
113 Branch from "old" trust-manager name to add deprecation warning.
3mo 3mo
112 Move away from buildx 3mo 3mo
100 Modifying Bundle target can result in CA certs not being available for a while
2
 4mo 4mo 4mo
recv
99 Allow removing Bundles whilst keeping the synced CA certs
4mo 4mo 4mo
recv
72 Add the configmap on all pod via mutatingWebhookConfiguration
6mo 4mo 4mo
enhancement
commented
member-last
send
63 nit: Rename "Bundle" to "ClusterBundle"
5
 7mo 4mo 4mo
commented
member-last
send
60 overriding trusted namespace
4
4
 7mo 6wk 4mo
commented
recv-q
send
59 Trust part 2 - How to use a bundle? 8mo 2mo 2mo
commented
member-last
send
58 Support injection pem into an existing configmap
8mo 8mo 8mo
recv
132 Unable to run Trust Manager without cert manager 3wk 15d 3wk
contributor-last
recv
recv-q
54 Allow auto-trust Bundles tracking a certain Issuer
2
 9mo 4mo 4mo
commented
member-last
send
23 Way to add labels/annotations to target
6
 1y 1y 1y
recv
11 Add support for image pullsecret and installing the CRD - helm chart
3
 1y 3mo 1y
recv
recv-q
4 Feature: By default, require only self-signed certificates in a bundle 2y 1y
enhancement
44 Specialise `Bundle` for X.509 Certificates 10mo 10mo
10 Feature: support secret target
14
 1y 1y 1y
commented
pr-reviewed-with-comment
recv
recv-q
similar
33 Support CRDs as target
3
 11mo 11mo 11mo
recv
similar
17 Support distribution of PKCS12/JKS truststores
12
 1y 8mo 1y
pr-merged
recv
recv-q
39 Don't sync targets to all namespaces by default
3
 10mo 10mo
140 Update images to not utilize k8s.gcr.io 7wk 6wk 7wk
recv
136 SubPath support is broken or missing 4mo 4mo 4mo
recv
130 JKS support
2
 5mo 3mo 5mo
recv
128 Support all subject attributes 5mo 5mo 5mo
pr-reviewed-with-comment
recv
125 Is it too late to align cert-manager annotations? 5mo 5mo 5mo
recv
119 Certificate is re-requested when container restarts 7mo 7mo 7mo
recv
similar
116 Does csi-driver support Wìndows nodes? 9mo 7mo 7mo
collaborator-last
commented
send
74 Investigate and change the default mounted host path for driver 2y 2y
45 Unable to mount and read only file error
4
 2y 4mo 9mo
commented
recv-q
send
33 New key being used with old certificate 2y 2y 2y
recv
29 Deleting a pod with a cert-manager-csi volume mounted results in the pod termination hanging. 2y 2y 2y
recv
26 Cannot `chmod` a read only filesystem
14
 2y 2y 2y
pr-closed
recv
recv-q
21 MountVolume.SetUp failed: cannot set blockOwnerDeletion: cannot find RESTMapping for APIVersion core/v1 Kind Pod 3y 3y 3y
recv
17 ability to specify pod IP in volume attributes
5
 3y 2y 2y
commented
recv
134 Volume empty
2
 5mo 7wk 5mo
recv
19 Add support for certificate expiry configuration
6
 7mo 13d 7mo
recv
similar
39 csi-driver-spiffe vs csi-driver
4
 13d 13d 13d
recv
38 Add Envoy Secret discovery service (SDS) support 2wk 2wk 2wk
recv
13 Can the plugin be configured to use a wildcard certificate?
9mo 6mo 9mo
recv
recv-q
12 Does this plugin support DNS validation? 9mo 9mo 9mo
recv
26 Missing CONTRIBUTING.md
1mo 1mo 1mo
recv
10 Support for the route subdomain enhancement
11mo 2mo 2mo
commented
contributor-last
pr-new-commits
recv-q
send
15 Feature: Support for ECC certs 7mo 7mo 7mo
recv
similar
14 Annotation generates CertificatesRequests repeatedly until blocked by letsencrypt 9mo 9mo 9mo
recv
similar
4 Feature: Allow specification of privateKey.rotationPolicy
1y 10mo 1y
recv
70 OLM deployment with ArgoCD is OutOfSync 11mo 9mo 10mo
commented
send
46 Cert-manager operator fails to issue certificates 2y 2y 2y
recv
similar
17 Operator prevents passing extraArgs helm value
7
 2y 5mo 2y
recv
recv-q
3 Restrict operator RBAC permissions 3y 3y 3y
recv
22 Customize the deployment of cert-manager installed via OLM
5
6
 2y 5mo 1y
author-last
commented
recv
recv-q
33 Create e2e test to validate CertificateRequest garbage collection 8mo 8mo 8mo
assigned
recv
47 Race condition: CertificateRequests may never be fulfilled if the issuer was overwhelmed 3mo 3mo 3mo
recv
8 Drivers can create CertificateRequests for pods that don't exist in very rare edge cases 2y 2y
contributor-last
40 Optional auto rotating/renewing certificates 7mo 7mo 7mo
recv
45 Exponential backoff handling does not apply to certificate renewal in pending phase 3mo 3mo 3mo
recv
4 Create Kubernetes Events logging significant operations and errors 2y 2y

Uncommented older than 7 days (155)

Resolution: Add a priority/ or triage/ label

Average age: 286.2d, Avg wait: 265.5d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5890 Investigate OpenFeature for Feature Gates 2mo 2mo 2mo
kind/feature
triage/needs-information
recv
3655 Specify Name Constraints in CA Certificate
16
 2y 3wk 2y
kind/feature
priority/backlog
recv
850 Document available cert-manager Prometheus metrics
1y 3mo 1y
documentation
good first issue
priority/important-longterm
recv
recv-q
similar
76 Upgrading from v0.10 to v0.11 - missing cainjector annotation 3y 2y 3y
priority/backlog
kind/documentation
contributor-last
recv
151 previously listed items omitted

Important soon, but no updates in 90 days (4)

Resolution: Downgrade to important-longterm

Average age: 696.2d, Avg wait: 0.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5074 Race condition between issuers, certificates, and secrets
1y 4mo 9mo
lifecycle/frozen
kind/bug
priority/important-soon
commented
member-last
pr-closed
send
1174 Document the docker images and how to find them
4mo 3mo 3mo
good first issue
priority/important-soon
kind/documentation
commented
member-last
send
174 Add documentation for CRD conversion webhook ca injection 3y 2y 2y
help wanted
priority/important-soon
kind/documentation
commented
member-last
send
195 Document keystores 3y 3mo 2y
priority/important-soon
kind/documentation
commented
contributor-last
send

Important longterm, but no updates in 180 days (2)

Resolution: Downgrade to backlog

Average age: 1218.5d, Avg wait: 0.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
2178 Handling 'unregistering' certificates from Venafi TPP
14
 3y 1y 3y
lifecycle/frozen
kind/feature
priority/important-longterm
area/venafi
commented
recv-q
223 Document wildcard certificate tutorial 3y 2y 3y
priority/important-longterm
kind/documentation
commented
contributor-last
send

Pull Requests: Review Ready (34)

Resolution: Review requests or mark them as do-not-merge/work-in-progress

Average age: 87.9d, Avg wait: 47.8d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6108 Use logging library with json support in cmctl (part 1) 4d 7h 7h
size/L
release-note-none
approved
kind/cleanup
dco-signoff: yes
commented
member-last
reviewed-with-comment
6119 Use logging library with json support in cmctl (part 2) 7h 7h 7h
size/L
release-note
approved
kind/cleanup
dco-signoff: yes
commented
member-last
unreviewed
6102 Move ctl utils to cmd/ctl 6d 9h
size/L
release-note-none
approved
kind/cleanup
dco-signoff: yes
area/testing
collaborator-last
unreviewed
6110 [helm] Add prometheus.servicemonitor.endpointAdditionalProperties 4d 4d 4d
size/XS
release-note
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
collaborator-last
recv
unreviewed
6087 fix: maxUnavailable pdb configuration cannot be used due to default set minAvailable
8d 5d 5d
release-note
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
author-last
commented
new-commits
recv
6056 Improve CertificateRequest's CSR validation code 19d 5d 19d
size/L
release-note
approved
kind/bug
kind/cleanup
dco-signoff: yes
area/testing
commented
member-last
similar
unreviewed
6103 Unify semver version generation 5d 5d
size/L
release-note-none
approved
kind/cleanup
dco-signoff: yes
collaborator-last
unreviewed
6003 move pkg/issuer/acme/http/solver to cmd/acmesolver/solver 4wk 6d
release-note-none
approved
size/S
kind/cleanup
area/acme
dco-signoff: yes
area/acme/http01
collaborator-last
unreviewed
6002 Move pkg/controller/cainjector to cmd/cainjector/controller 4wk 6d 6d
release-note-none
approved
size/S
kind/cleanup
dco-signoff: yes
commented
member-last
unreviewed
6086 go.mod remove replace github.com/jetstack/vcert/v4 10d 8d 8d
size/XS
release-note
dco-signoff: yes
area/testing
ok-to-test
needs-kind
author-last
commented
recv
unreviewed
6053 Make KeyUsage and BasicConstraints Critical extensions 19d 19d
release-note
approved
kind/bug
size/M
dco-signoff: yes
collaborator-last
unreviewed
5778 [helm] Add support for relabelings and metricRelabelings an serviceMonitor 3mo 14d 3mo
size/L
release-note
needs-ok-to-test
lifecycle/stale
dco-signoff: yes
area/deploy
needs-kind
collaborator-last
commented
recv
similar
unreviewed
5701 feat: added custom endpoint override flag for http solver 4mo 3wk 4mo
release-note
kind/feature
needs-ok-to-test
size/M
area/acme
lifecycle/rotten
dco-signoff: yes
area/acme/http01
collaborator-last
recv
recv-q
unreviewed
5447 Allow extra DNS-01 propagation time to be configured
8mo 3wk 8mo
release-note
size/S
area/acme
dco-signoff: yes
ok-to-test
area/acme/dns01
needs-kind
author-last
commented
recv
unreviewed
5686 Add missing healthz port to PSP in Helm Chart when hostNetwork is used 4mo 3wk 4mo
size/XS
release-note
needs-ok-to-test
lifecycle/rotten
dco-signoff: yes
area/deploy
needs-kind
collaborator-last
recv
unreviewed
6001 Improve verify-chart scripts & add helmchk 4wk 4wk 4wk
release-note-none
approved
kind/cleanup
size/M
dco-signoff: yes
commented
member-last
new-commits
similar
5876 helm: add support for TLS configuration and application protocol
2
 2mo 2mo 2mo
release-note
size/S
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
assigned
assignee-updated
commented
contributor-last
recv
unreviewed
5093 Add relabeling and metricRelabelings settings for ServiceMonitor. 1y 2mo 1y
release-note
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
assigned
recv
recv-q
similar
unreviewed
5324 Create 20220720-per-certificate-owner-ref.md
5
 10mo 2mo 2mo
size/L
release-note-none
approved
kind/design
dco-signoff: yes
commented
member-last
new-commits
similar
1235 Add deletion of validatingwebhookconfigurations to stuck uninstall 4d 1d 4d
size/XS
dco-signoff: yes
author-last
recv
recv-q
reviewed-with-comment
1234 Correct the cmctl release generation flow 5d 5d 5d
approved
dco-signoff: yes
size/S
recv
unreviewed
1198 Bump webpack from 5.70.0 to 5.76.1 2mo 4wk 2mo
dco-signoff: yes
size/M
dependencies
recv
unreviewed
1199 Webhook troubleshooting: advise people to set `timeoutSeconds` to 30 seconds 2mo 2mo
approved
dco-signoff: yes
size/M
unreviewed
1005 Route53 accessKeyIDSecretRef docs 11mo 11mo 11mo
size/XS
dco-signoff: yes
needs-ok-to-test
recv
unreviewed
206 Add namespace values in Helm template
3wk 6h 8d
dco-signoff: yes
approved
size/XS
commented
member-last
unreviewed
204 Add "inner workings" section to README.md 4wk 8d 8d
dco-signoff: yes
approved
size/XS
commented
member-last
unreviewed
202 Support adding pod annotations 2mo 2mo 2mo
dco-signoff: yes
size/XS
needs-ok-to-test
contributor-last
recv
similar
unreviewed
187 Add the ability to ignore cluster scoped resources. 5mo 8d 3mo
dco-signoff: yes
size/XS
ok-to-test
commented
contributor-last
recv
recv-q
reviewed-with-comment
98 Cert formats proposal 4mo 4mo
dco-signoff: yes
approved
size/L
contributor-last
unreviewed
116 feat: add support for additional pod annotations/labels 3mo 4wk 3mo
dco-signoff: yes
needs-ok-to-test
size/S
assigned
author-last
recv
similar
unreviewed
129 Add attribute support for certificate subject 5mo 3mo 4mo
dco-signoff: yes
size/L
ok-to-test
author-last
commented
recv
reviewed-with-comment
37 Helm chart improvements 3wk 6h 6h
dco-signoff: yes
approved
size/S
commented
member-last
similar
unreviewed
24 Document release process and update the versions of the GitHub Actions workflows 2mo 14d
dco-signoff: yes
size/M
approved
contributor-last
unreviewed
46 Add timeout to renewal issuance logic 3mo 2mo 3mo
dco-signoff: yes
size/M
needs-ok-to-test
contributor-last
recv
recv-q
unreviewed

Unkinded Issues (182)

Resolution: Add a kind/ or triage/support label

Average age: 424.7d, Avg wait: 218.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6111 ACME Route53 dns01 resolver doesn't find private hosted zones when `hostedZoneID` is omitted
4d 8h 4d
recv
5951 admission.certmanager.k8s.io/v1beta1: the server is currently unable to handle the request 6wk 6wk 6wk
triage/needs-information
commented
send
5799 kubectl apply error couldn't get resource list for external.metrics.k8s.io/v1beta1: Got empty response for: external.metrics.k8s.io/v1beta1 3mo 15d 3mo
lifecycle/stale
triage/not-reproducible
collaborator-last
commented
send
4918 Leader election timeout (?) causes exit
2
 1y 15d 3mo
lifecycle/stale
triage/needs-information
collaborator-last
commented
send
4824 Repo Migration Followup Task List
1y 12d 4mo
priority/backlog
lifecycle/stale
assigned
assignee-updated
collaborator-last
commented
pr-merged
3992 Add non-CRD yaml file
2
 2y 16d 2y
priority/important-soon
area/deploy
commented
recv
1132 New version of adcs-issuer
5mo 3mo 4mo
priority/backlog
commented
member-last
send
753 Route53 - AWS IAM Account Setup is confusing
2y 1y 1y
priority/backlog
commented
member-last
send
459 cert manager is no longer on the OpenShift operator list 2y 1y 2y
priority/awaiting-more-evidence
assigned
assignee-updated
commented
contributor-last
recv-q
send
401 Bring tutorials up to date 2y 3mo 3mo
priority/important-longterm
commented
member-last
send
354 DigitalOcean access-token should not be base64-encoded 2y 2y 2y