cert-manager + website + release Daily Triage

queue to be emptied once a day

Unprioritized issues older than 7 days (216)

Resolution: Add a priority/ or triage/ label

Average age: 230.2d, Avg wait: 94.3d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5603		https://charts.jetstack.io is not a valid chart repository			7d	7d	7d		kind/bug	recv
5601		Confusing error message when using external issuers			9d	9d			good first issue kind/bug	open-milestone
5596		Current PSP is not sufficient to work with CSI volume			9d	9d	9d		kind/bug	recv
5594		Graduate ExperimentalGatewayAPISupport feature to beta			10d	1d			kind/feature
5593		logs in JSON format			10d	10d	10d			recv
5590		Configure cluster resource namespace in ClusterIssuer spec Similar: #454: Cluster Resource Namespace (open)			13d	13d	13d			recv similar
5588		--must-staple attribute for OCSP Stapling			13d	11d	11d		good first issue kind/feature	commented member-last send
5586		"propagation check failed" for DNS-01 ACME challenge on internal EKS-cluster Similar: #5415: DNS record for xxx not yet propagated. can we use cloudflare for acme challenge and custom ns for propagation check? (open) Similar: #3238: Waiting for http-01 challenge propagation: failed to perform self check GET request (closed)			14d	7d	14d			author-last recv similar
5585		ClusterIssuer cannot read the ServiceAccount token secret Similar: #4144: Make it possible to use a projected service account token to the Vault Issuer instead of a service account Secret (open)			14d	14d	14d		kind/bug	recv similar
5581		Best way to migrate a Nginx ingress to cert-manager without downtime			16d	16d	16d			recv
5580		Mounting emptyDir to /tmp directory (webhook)			18d	18d	18d		kind/feature	author-last recv
5575		Can cert manager be used as a multi-cluster active-active certificate manager?			3wk	3wk	3wk			recv
5572		Add the possibility to use two cluster issuers in a single ingress			3wk	3wk	3wk		kind/feature	recv
5566		upload Helm charts to OCI registry and sign them with cosign		4	3wk	8d	8d		kind/feature	commented member-last send
5565		cert-manager aws route53 hosted zone automatically add records.			3wk	3wk	3wk			recv
5564		Update Gateway API to use beta instead of alpha resource versions. PR#5583: feature: update gateway api to v1beta1 changes-requested			3wk	15d	15d		good first issue kind/feature	commented member-last pr-changes-requested send
5558		Will auto-renewal of the root certificate automatically renew the certificate issued by the root certificate? Similar: #4797: Automatically renew certificates if OCSP indicates that it was revoked (open)			3wk	3wk	3wk			recv similar
5557		error instantiating route53 challenge solver: unable to assume role: AccessDenied: Similar: #5486: Aggressive Retries from "error instantiating route53 challenge solver" (open)			3wk	3wk	3wk		kind/bug	recv similar
5553		Cert manager is looking for wrong service name		2	4wk	4wk	4wk			recv
5549		unknown field "enabled" in io.k8s.api.core.v1.PodSecurityContext			4wk	2d	4wk			recv
5548		Pod is not running due to AppArmor not Enabled			4wk	3wk	4wk			recv
5545		openssl version used			4wk	4wk	4wk			recv
5543		Using Azure workload identity instead of AAD Pod Identities to configure the AzureDNS DNS01 challenge.			5wk	4wk	5wk		kind/feature	author-last recv recv-q
5541		Bump go version from 1.19.1 to 1.19.2 to mitigate go CVE			5wk	16d	5wk		kind/feature	recv recv-q
5540		Changelog annotations to chart			5wk	5wk	5wk		kind/feature	recv
5538		Unable to set IPv6 podDNS config from values			5wk	5wk	5wk		kind/bug	recv
5537		Left over artifacts from cert-manager Similar: #4473: Add signing for cert-manager artifacts (open)			5wk	5wk	5wk			author-last recv recv-q similar
5536		Challenge stack on self check when host is unavailable from cluster.			5wk	5wk	5wk		kind/bug	recv
5531		Question regarding Apigee Hybrid cert-manager webhook support with CSI driver			6wk	4wk	6wk			author-last recv
5527		Allow to add out-of-tree signers for cert-manager to approve.			6wk	6wk	6wk		kind/feature	recv
5526		Separate section for breaking changes in release notes			6wk	6wk	6wk		kind/bug	recv
5524		cert-manager v1.10.0 always tries to access clusterissuers at cluster scope			6wk	15d	6wk		kind/bug	recv recv-q
5521		Webhook Pod HealthCheck Port is missing in Webhook PSP			6wk	6wk	6wk		kind/bug	recv
5520		CrashLoopBackOff after restart of all deployments			6wk	5wk	6wk		kind/bug	contributor-last recv recv-q
5516		Forbidden: seccomp may not be set pod.metadata.annotations		8	6wk	5wk	6wk		kind/bug	author-last recv
5515		stuck on propagation check failed DNS record not yet propagated Similar: #5415: DNS record for xxx not yet propagated. can we use cloudflare for acme challenge and custom ns for propagation check? (open) Similar: #5193: Stuck on "propagation check failed" (open) Similar: #5042: propagation check failed: DNS record for xxx not yet propagated (closed)			6wk	6wk	6wk		kind/bug	recv similar
5514		Venafi Issuer Read `caBundle` from Configmap or Secret			6wk	5wk	6wk		kind/feature	contributor-last recv
5513		Deploy of cert-manager-webhook/cainjector:v1.9.1 got permission error			6wk	5wk	6wk		kind/bug	author-last recv recv-q
5512		GoogleCloud API call failed: googleapi: Error 403: Permission denied on resource project $PROJECT_ID			6wk	6wk	6wk		kind/bug	recv
5509		Label cert-manager managed objects with 'app.kubernetes.io/managed-by'			7wk	7wk	7wk		kind/feature	recv
5508		is it possible to create k8s tls secret when I store crt and key into vault?			7wk	7wk	7wk			author-last recv
5507		CA provider authentication of issuer via certificate			7wk	7wk	7wk		kind/feature	recv
5503		cert-manager sub-chart documentation			7wk	7wk	7wk			recv
5499		Failed to create CertificateRequest: admission webhook "webhook.cert-manager.io" denied the request Similar: #5179: e2e flake: Message: "admission webhook \"webhook.cert-manager.io\" denied the request: the server could not find the requested resource" (open)			7wk	7wk	7wk		kind/bug	commented member-last send similar
5494		Adding Custom extensions to certificates, the Subject Alternative Name (SAN) extension criticality ( OID = 2.5.29.17 )			1mo	1mo	1mo		kind/feature	recv
5488		Add support for creating pki secret engine in Vault			1mo	1mo	1mo		kind/feature	recv
5486		Aggressive Retries from "error instantiating route53 challenge solver" Similar: #5557: error instantiating route53 challenge solver: unable to assume role: AccessDenied: (open)			1mo	1mo	1mo		kind/bug	recv similar
5482		Implement support for hooks that get triggered after issuing or renewing certificates			1mo	1mo	1mo		kind/feature	recv
5481		Need metrics for DNS01 Challenges			1mo	6wk	1mo		kind/feature	recv
5480		Route53 solver's STS certificate chain is not being trusted by the cert-manager pod			2mo	2mo	2mo		kind/bug	recv
5479		Could not determine authoritative nameservers for \"_acme-challenge.XXX.com.			2mo	2mo	2mo			author-last recv recv-q
5472		Ability to check Venafi API parameter in log			2mo	2mo	2mo		kind/feature	recv
5470		Waiting on certificate issuance from order default/nginx-app-tls-z9xlj-2268860154: "pending" Issuing certificate as Secret does not exist			2mo	2mo	2mo			author-last recv recv-q
5467		External Key Generator			2mo	2mo	2mo		kind/feature	recv
5455		Support assuming role for route53 in AWS China (and other partitions)			2mo	2mo	2mo		kind/feature	recv
5454		make setup-integration-tests fail			2mo	2mo	2mo		kind/bug	recv
5449		Gateway API exist, still getting error "the Gateway API CRDs do not seem to be present"			2mo	2mo	2mo			recv
5448		how to disabled serverSideApply			2mo	6wk	2mo		help wanted	contributor-last recv
5439		setting certificate attributes in certificate resources Similar: #561: Certificate Resources (open)			2mo	2mo	2mo		kind/feature	collaborator-last commented send similar
5437		Issuer/ClusterIssuer support to specify vault token on local filesystem PR#5438: Add option tokenPath to Vault (cluster)issuer unreviewed			2mo	5wk	2mo			author-last pr-unreviewed recv recv-q
5435		Issuer/ClusterIssuer vault with mounted JWT token			2mo	2mo	2mo			recv
5434		v1.7.3 still having "expired challenges" issue			2mo	2mo	2mo		kind/bug	author-last recv
5433		Support certs that live for < 1h		3	2mo	2mo	2mo		kind/feature	recv
5432		Certificate renewed but not the linked secret Similar: #5086: Issuing certificate as Secret does not exist (closed)			2mo	2mo	2mo		kind/bug	recv similar
5431		After generating a new Let's Encrypt certificate, it still uses the default cluster certificate.			2mo	2mo	2mo			recv
5430		Improving DNS-01 challenge performance PR#5446: Allow concurrent same-FQDN DNS-01 challenges when using route53 commented PR#5447: Allow extra DNS-01 propagation time to be configured unreviewed			2mo	2mo	2mo		kind/feature	pr-reviewed-with-comment pr-unreviewed recv
5428		[Helm chart] Cert-manager's metrics can't be added to grafana data soource			2mo	2mo	2mo		kind/bug	recv
5423		Security compliance check for cert-manager as per CIS Benchmark			2mo	2mo	2mo		kind/bug	commented member-last send
5421		[Helm chart] Cert-manager's metrics are not collected by default			2mo	2mo	2mo		kind/bug	recv
5419		Config option to allow vault issuer to skip TLS verification when connecting to Vault			2mo	2wk	2mo		kind/feature	author-last commented pr-closed recv
5415		DNS record for xxx not yet propagated. can we use cloudflare for acme challenge and custom ns for propagation check? Similar: #5586: "propagation check failed" for DNS-01 ACME challenge on internal EKS-cluster (open) Similar: #5515: stuck on propagation check failed DNS record not yet propagated (open) Similar: #5042: propagation check failed: DNS record for xxx not yet propagated (closed)			3mo	2mo	3mo		kind/bug	recv similar
5412		Allow to configure Azure DNS solver managed identity using a secret for GitOps environment			3mo	2mo	2mo		kind/feature	commented member-last send
5406		url property in index.yaml at charts.jetstack.io not standard			3mo	6d	3mo		kind/bug lifecycle/stale	collaborator-last commented send
5396		Passing empty IP Address in the certificate spec, fails certificate creation			3mo	11d	3mo		kind/bug lifecycle/stale	collaborator-last recv
5394		Cert Manager showing "error"="Operation cannot be fulfilled on certificates.cert-manager.io"		2	3mo	13d	3mo		lifecycle/stale	collaborator-last recv
5392		cert-manager-webhook emit TLS handshake error from 10.240.1.63:53386: EOF			3mo	15d	3mo		lifecycle/stale	collaborator-last recv
5391		Regex validation on acme/solvers is too strict			3mo	15d	3mo		lifecycle/stale	collaborator-last recv
5388		InvalidChangeBatch: cannot be created because a non multivalue answer rrset exists with the same name and type			3mo	17d	3mo		kind/bug lifecycle/stale	collaborator-last recv
5359		Packaging cert-manager with Carvel		4	4mo	2mo	2mo		kind/feature	commented member-last send
5357		Support ECDSA keys for ACME accounts PR#5356: Allow ECDSA for ACME client keys unreviewed			4mo	4wk	4mo		kind/feature lifecycle/stale	author-last pr-unreviewed recv
5347		Got error:0A00010B:SSL routines::wrong version number			4mo	6d	4mo		kind/bug lifecycle/rotten	collaborator-last recv
5344		metrics for failed calls to cloudflare			4mo	8d	4mo		kind/feature lifecycle/rotten	collaborator-last recv
5326		Add ability to configure podTemplate securityContext fields in http solver			4mo	4wk	4mo		kind/feature	author-last recv
5316		Cert-manager shuts down without warning due to secret timeout			4mo	15d	4mo		kind/bug lifecycle/rotten	collaborator-last recv recv-q
5310		Install cert-manager: error bounded in resource existing			4mo	17d	4mo		lifecycle/rotten	collaborator-last recv
5298		Complete the Migration Away From Jetstack Names			4mo	3wk			kind/cleanup lifecycle/rotten	collaborator-last
5297		Failed to update endpoint cert-manager/cert-manager-webhook			4mo	16d	4mo		lifecycle/rotten	collaborator-last recv
5296		Make caching			4mo	3wk			kind/bug lifecycle/rotten	collaborator-last
5284		Challenge remain pending and does't rerun after I delegate dns zone			4mo	3wk	4mo		kind/bug lifecycle/rotten	collaborator-last recv
5283		DNS Challenges Not Added to Specified Ingress Despite Specifying in ACME ClusterIssuer Manifest			4mo	3wk	4mo		kind/bug lifecycle/rotten	collaborator-last recv
5279		cainjector is watching secrets in all the cluster even after setting --namespace flag			4mo	2mo	2mo		kind/bug	commented member-last send
5278		Add Support for Contour HttpProxy (proof of concept included)			4mo	3wk	4mo		kind/feature lifecycle/rotten	collaborator-last commented send
5274		Provide the ability to recover a Certificate request from an Error state		2	4mo	4wk	4mo		kind/feature lifecycle/rotten	collaborator-last recv
5268		error decoding private key			4mo	4wk	4mo		kind/bug lifecycle/rotten	collaborator-last recv
5267		cm-acme-http-solver triggers no.scale.down.node.pod.not.backed.by.controller due to lack of PodDisruptionBudget		6	5mo	1mo	5mo		kind/bug	contributor-last recv
5263		Test setup flake: go not found			5mo	4wk			lifecycle/rotten kind/flake flake/test-setup	collaborator-last
5262		Test setup flake: untaring go fails			5mo	4wk			lifecycle/rotten kind/flake flake/test-setup	collaborator-last
5254		AKS high severity : on disabling automounting API credentials for service account installation of cert manager timesout			5mo	10d	5mo		kind/bug lifecycle/rotten	collaborator-last recv
5246		Secrets are not updated when key stores added/removed PR#5597: Triggering re-issuance if keystore format change changes-requested			5mo	5d	5mo		kind/bug lifecycle/rotten	collaborator-last pr-changes-requested recv
5230		Timeouts on Every Controller Reconcile Loop			5mo	11d	11d		kind/bug	commented member-last pr-merged
5220		Investigate improving resource consumption and performance in clusters with large amount of resources		9	5mo	1d	7wk		kind/feature	commented recv-q
5215		Add relabeling in cert-manager serviceMonitor			5mo	2mo	5mo		kind/feature	author-last commented recv recv-q
5211		Question about tolerations			5mo	2mo	5mo			author-last recv
5198		Integration test flake: various timeouts			5mo	10d			lifecycle/stale kind/flake flake/test-logic
5197		cert-manager-webhook to provide logs when handling a k8s api-server request		2	5mo	4wk	5mo		good first issue help wanted kind/feature	assigned assignee-updated author-last commented recv
5193		Stuck on "propagation check failed" Similar: #5515: stuck on propagation check failed DNS record not yet propagated (open) Similar: #5042: propagation check failed: DNS record for xxx not yet propagated (closed)			5mo	8d	5mo		kind/bug lifecycle/stale area/acme	collaborator-last commented pr-merged recv similar
5182		e2e flake: etcd request slowness			5mo	4wk			lifecycle/rotten kind/flake flake/test-logic	collaborator-last
5180		e2e flake: webhook context deadline exceeded			5mo	4wk	5mo		lifecycle/rotten kind/flake flake/test-logic	collaborator-last commented
5179		e2e flake: Message: "admission webhook \"webhook.cert-manager.io\" denied the request: the server could not find the requested resource" Similar: #5499: Failed to create CertificateRequest: admission webhook "webhook.cert-manager.io" denied the request (open)			5mo	4wk	5mo		lifecycle/rotten kind/flake flake/test-logic	collaborator-last commented similar
5178		e2e flake: mv: cannot stat 'bin/downloaded/tools/crane': No such file or directory			5mo	4wk	4mo		lifecycle/rotten kind/flake flake/test-setup	collaborator-last commented send
5177		e2e flake: /bin/bash: bin/tools/ytt: Permission denied			5mo	4wk			lifecycle/rotten kind/flake flake/test-setup	collaborator-last
5171		TPP Allowed Domains can cause valid certificate to error			6mo	2mo	6mo		kind/bug area/venafi	contributor-last recv
5106		Makefile flake when checking shasums			6mo	4wk	4mo		kind/bug lifecycle/rotten kind/flake flake/test-setup	collaborator-last commented send
5069		Error presenting challenge: the server could not find the requested resource even though resource exists			7mo	10d	7mo		kind/bug lifecycle/stale	recv
5066		Threat model for cert-manager			7mo	16d	7mo		kind/feature	commented
5062		Cert-manager stops processing order request in "processing" status after several attempts			7mo	7d	8d		kind/bug area/acme	author-last commented recv
5041		Failed to obtain venafi certificate: vcert error: your data contains problems: request doesn't match certificate: unmatched key modulus			7mo	16d	7mo		kind/bug lifecycle/rotten	collaborator-last recv recv-q
5031		ValidateCAA test function is flaky			7mo	1mo	1mo		kind/bug kind/flake flake/test-logic	commented member-last send
5005		Investigate why Contour fails with "Gateway not found in cache" in some end-to-end Prow jobs			8mo	3wk	4mo		lifecycle/rotten kind/flake flake/test-logic	collaborator-last commented pr-closed send
5004		After installing cert-manager using kubectl, "cmctl check api" fails with "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": context deadline exceeded Similar: #5189: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": context deadline exceeded (open)		5	8mo	16d	4mo		lifecycle/stale	commented send similar
4979		Overhaul the DNS01 solver		5	8mo	2mo			kind/feature	pr-closed
4959		Support AWS Auth Method for Vault PR#5530: Added support for using env config for configuring Vault issuer. unreviewed			8mo	2mo	8mo		kind/feature	author-last pr-unreviewed recv
4956		cert-manager created multiple CertificateRequest objects with the same certificate-revision		2 2 3	8mo	1mo	8mo		kind/bug	commented pr-closed pr-merged recv recv-q
4950		General flakiness of our end-to-end suite		3	8mo	4mo	4mo		lifecycle/frozen kind/flake	commented member-last pr-closed pr-merged send
4947		Custom labels/annotations in ACME solver services created by Issuer/ClusterIssuer		7	8mo	2mo	8mo		kind/feature	author-last recv
4941		Failed to perform self check GET request Similar: #3238: Waiting for http-01 challenge propagation: failed to perform self check GET request (closed)		3	8mo	1d	8mo		kind/bug lifecycle/rotten	recv recv-q similar
4931		Enable Testing on ARM64			8mo	3wk	8mo		kind/feature	author-last commented recv recv-q
4899		Certificate.Spec.RenewEvery instead of RenewBefore			9mo	4wk	4mo		kind/feature	commented contributor-last
4892		Set up a permanent cert-manager installation to catch issues that only appear in long running deployments		2	9mo	4wk	5mo		kind/feature lifecycle/rotten	commented
4877		HTTP01 solver fails self-check/propagation check on 1.7.1 when used with client-certificate auth on nginx Ingress 1.1.1			9mo	3wk	9mo		kind/bug	author-last recv recv-q
4824		Repo Migration Followup Task List			10mo	6wk	6wk			assigned assignee-updated commented member-last pr-merged
4821		Allow `ingressClassName` to be set for HTTP01 solver ingresses. PR#5225: Add flag to allow switching ingressClassName specification unreviewed		3 97	10mo	2h	7mo		kind/feature area/ingress-shim	commented pr-unreviewed recv-q send
4797		Automatically renew certificates if OCSP indicates that it was revoked Similar: #5558: Will auto-renewal of the root certificate automatically renew the certificate issued by the root certificate? (open)		6	10mo	3wk	9mo		kind/feature area/acme	commented contributor-last recv similar
4747		Revoke Certificates Similar: #561: Certificate Resources (open)		5 12	10mo	10d	10mo		kind/feature lifecycle/stale	collaborator-last recv similar
4685		Unexpected EOF during watch stream event decoding: unexpected EOF		2	11mo	4wk	11mo		lifecycle/frozen kind/bug	recv recv-q
4654		Certificates issued by vault with isCa: true are missing CA:TRUE in certificate Similar: #4620: Vault Issuer does not retry signing CertificateRequests if the status is pending (open)		4 4	11mo	3wk	4mo		kind/bug lifecycle/rotten	collaborator-last commented pr-merged send similar
4594		TLS handshake error: EOF		8	1y	8d	5mo		kind/bug	commented recv-q send
4561		Ability to specify secret ownerReference as part of the Certificate request		3	1y	1mo	1y		kind/feature	recv
4490		Subject Ingress Annotations PR#4502: support subject and email annotations for ingress/gateway new-commits		4	1y	13d	1y		kind/feature	pr-new-commits recv
4423		Cert renewal loop		2	1y	7wk	1y		kind/bug	author-last commented recv recv-q
4349		allowing greater configuration for the cloud provider tests			1y	7mo	7mo		lifecycle/frozen kind/feature	collaborator-last commented send
4246		ACME DNS Challenge and Propagation Delay (NXDOMAIN)		8	1y	3wk	1y		kind/bug lifecycle/rotten	collaborator-last recv
4216		Error getting keypair for CA issuer: error parsing ecdsa private key: x509: failed to parse EC private key: asn1: structure error: length too large			1y	7wk	1y			recv
3958		Sane defaults for Certificate revision history limit		10	2y	3wk	3wk		kind/feature	commented recv-q send
3896		Cert Manager failing to renew certificate Similar: #5218: Install SSL certificate on CertManager container image (closed)		17	2y	16d	1y		kind/bug	commented recv-q send similar
3592		Ability to not create ca.crt		2	2y	4wk	2y			collaborator-last commented recv
3565		requestmanager_controller got stuck in a loop and stopped generating new certificates afterward		12	2y	2mo	1y		kind/bug	commented recv-q send
2380		Helm chart version is not SemVer-compatible		5	3y	17d	2y		kind/bug	author-last commented recv recv-q
1101		Feature request for updating documentation.			3wk	3wk	3wk			recv
1088		Clarify what namespace certificates are issued into when using annotations			7wk	7wk	7wk			recv
1082		Navigation menu hiding search results on mobile devices PR#1084: fix: navigation menu hiding search results unreviewed PR#1102: relativelyrehan: outside click for navigation menu unreviewed			2mo	3wk	2mo			pr-closed pr-unreviewed recv
1063		"Securing Ingresses with Venafi" tutorial contains link to missing manifest			3mo	3mo	3mo			author-last pr-merged recv
1062		Document process for offboarding maintainers Similar: #1061: Document onboarding process for new maintainers (open)			3mo	3mo	3mo			recv similar
1061		Document onboarding process for new maintainers Similar: #1062: Document process for offboarding maintainers (open)			3mo	3mo	3mo			recv similar
1054		Run spell checker in a pre-commit hook			3mo	3mo	3mo		good first issue kind/cleanup	recv
1006		Use descriptive text instead of alt for `feature icon`			5mo	5mo	5mo			recv
1001		Document a policy for required CI health before we can release			5mo	5mo	5mo			recv
998		Documentation venafi configuration references venafi documentation page which returns 403			5mo	3mo	5mo			contributor-last recv
993		Document which resources do/do not get garbage collected			5mo	5mo	5mo		good first issue	contributor-last recv
988		Document how feature gated fields can be added to API			6mo	6mo	6mo			recv
981		The `kubectl operator install` instructions are broken (after upgrading kubectl operator v0.3.0 -> v0.4.0)			6mo	6mo	6mo			commented member-last
975		Some pages do not make it clear what the user should read next			7mo	7mo
974		Investigate styled 404 page			7mo	7mo
955		Document when the vault pki role required setting `require_cn=false`			7mo	4wk
944		Document how to install cert-manager in a different namespace		2	7mo	5mo	7mo		good first issue	assigned assignee-updated contributor-last recv recv-q
936		Review public envvars for site			7mo	7mo	7mo			commented member-last
931		Improve upgrade instructions using helm			7mo	7mo	7mo			recv
923		GSoD2022: Improve the navigation and structure of the cert-manager website Similar: #921: GSoD2022: Improve the Navigation and Structure of the cert-manager Website by Mehak (open)			7mo	6mo	7mo			assigned contributor-last recv similar
922		GSoD2022: Dashamir Hoxha			7mo	7mo	7mo			assigned assignee-updated commented member-last send
921		GSoD2022: Improve the Navigation and Structure of the cert-manager Website by Mehak Similar: #923: GSoD2022: Improve the navigation and structure of the cert-manager website (open)			7mo	7mo	7mo			assigned assignee-updated commented member-last send similar
899		Upgrading from v1.7 to v1.8 check command should exclude null.		2	7mo	7mo	7mo			recv recv-q
868		Document RBAC Similar: #844: Document feature gates (open)			8mo	8mo	8mo			contributor-last recv similar
866		Securing NGINX-ingress Similar: #326: Securing Ingresses with Venafi (open)			8mo	8mo	8mo			recv similar
851		create Cilium ingress tls example		3	9mo	5mo	9mo			assigned assignee-updated recv
847		missing documentation/information olm based installation metric prometheus			9mo	9mo	9mo			contributor-last recv
844		Document feature gates Similar: #868: Document RBAC (open)			9mo	9mo				similar
841		remove dependency on golang from cmctl and kubectl-plugin installation documentation			10mo	10mo	10mo			contributor-last pr-merged recv recv-q
836		Syncing Secrets Across Namespaces			10mo	8mo	10mo			recv
802		Spelling errors are unclear in pull request CI results and spell checker is unmaintained			10mo	10mo			kind/bug	contributor-last pr-merged
776		Explain that you can pre-provision a Secret and Certificate.Spec.SecretName can refer to an existing Secret			11mo	11mo	11mo			commented member-last send
758		API reference docs: enum values not documented with typedef			1y	1y	1y			recv
746		Enable Dark mode in the docs website			1y	1y	1y			recv
706		Default key usages			1y	1y	1y			recv
697		[IRSA] Needs `runAsUser: 1001`			1y	1y	1y			recv
693		Azure DNS pod identity incorrectly documents principal_id			1y	1y	1y			commented member-last send
672		List required Google CloudDNS permissions exhaustively			1y	1y	1y			recv
662		Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"			1y	1y	1y			recv
645		Investigate & add an FAQ/warning about images rolled back after GitOps upgrade			1y	9mo	1y			recv recv-q
642		Move/ link to Webhook debugging docs Similar: #144: Improve webhook debugging info (open)			1y	1y				similar
604		Make it so that it is easier to find the doc for fixing webhook issues			1y	7mo	1y			contributor-last recv
583		cert-manager with ZeroSSL		44	2y	5mo	5mo			commented send
568		Add a diagram for LetsEncrypt cert issuance flow to the docs		4	2y	2y	2y			recv
561		Certificate Resources Similar: #5439: setting certificate attributes in certificate resources (open) Similar: #4747: Revoke Certificates (open)			2y	2y	2y			recv similar
554		HTTP Validation, privateKeySecretRef			2y	1y	2y			contributor-last recv
549		Effort towards a more user-friendly website			2y	2y
543		Add getting started documentation for users who want to quickly use cert-manager to issue LetsEncrypt certificates		4	2y	1y	1y			commented member-last send
542		Document the Istio VirtualService HTTP01 configuration options			2y	2y
532		Rework of the landing page (cert-manager.io)		3	2y	1y	1y		help wanted good first issue	commented member-last send
486		OpenShift - broken link			2y	1y	1y			commented member-last send
469		DNS01: Delegated Domains for DNS01 example yaml solvers list items			2y	2y	2y			recv
466		installation/compatiblity			2y	2y	2y			recv
457		cainjector docs are missing the option to inject certs in apiservice resources			2y	2y	2y			recv
454		Cluster Resource Namespace Similar: #5590: Configure cluster resource namespace in ClusterIssuer spec (open)			2y	2y	2y			recv similar
426		Create a sequence diagram that shows how a certificate gets issued with let's encrypt		2	2y	2y	2y			commented member-last pr-merged
425		Document ocspServers			2y	2y	2y		kind/documentation	commented member-last
422		Page last modified date incorrect			2y	2y	2y		kind/bug	collaborator-last commented send
386		Uninstalling on Kubernetes - How to delete all those user created resources?			2y	2y	2y			collaborator-last commented send
330		Case for CertificatePrivateKey (encoding, algorithm) is wrong (v1)			2y	2y	2y			collaborator-last commented send
326		Securing Ingresses with Venafi Similar: #866: Securing NGINX-ingress (open)			2y	2y	2y			collaborator-last commented send similar
295		Route53			2y	2y	2y		kind/documentation	commented member-last send
79		Design for partial automation of release process			5mo	5mo	5mo			commented member-last send
50		Move cert-manager-release infrastructure to CNCF's GCP account			1y	10mo	10mo			commented member-last
42		Publish latest release number as part of creating a final release			1y	1y	1y			commented member-last send
31		Move the manual steps of our release process to cmrel commands			2y	1y	1y			commented member-last pr-closed
27		Create cert-manager specific testing infrastructure			2y	1y	1y			assigned assignee-updated commented member-last pr-merged send
19		Incorrect command line help: should include a --branch argument			2y	2y	2y		kind/cleanup	commented contributor-last

Uncommented older than 7 days (143)

Resolution: Add a priority/ or triage/ label

Average age: 201.1d, Avg wait: 170.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
4722		High memory usage on cluster with many secrets		8	10mo	4wk	10mo		kind/bug priority/important-soon	contributor-last open-milestone recv
3898		Allow setting PodDisruptionBudget policies via helm chart PR#3931: Added PodDisruptionBudgets to helm chart approved		3	2y	2mo	2y		kind/feature priority/important-longterm area/deploy	author-last pr-approved pr-closed recv
3655		Specify Name Constraints in CA Certificate		6	2y	1mo	2y		kind/feature priority/backlog	recv
2941		Detect multiple certs pointed to the same secret		2	2y	4wk	2y		kind/feature priority/important-longterm lifecycle/rotten area/monitoring	collaborator-last recv
850		Document available cert-manager Prometheus metrics			9mo	7mo	9mo		documentation good first issue priority/important-longterm	contributor-last recv
770		Helm template fails with `--create-namespace`			1y	11mo	1y		triage/support	contributor-last recv recv-q
709		Update Securing NGINX-ingress tutorial for apiVersion networking.k8s.io/v1			1y	1y	1y		good first issue priority/important-soon	recv
551		Documentation on how to handle large-scale certificate management & best practices		2	2y	1y	2y		help wanted priority/important-longterm kind/documentation	contributor-last recv
480		Secret gets UID added to end of name			2y	2y	2y		triage/support	contributor-last recv recv-q
76		Upgrading from v0.10 to v0.11 - missing cainjector annotation			2y	2y	2y		priority/backlog kind/documentation	contributor-last recv
56		Route53: document use of "region" field			3y	2y	3y		documentation priority/important-longterm	contributor-last recv recv-q
132 previously listed items omitted

Important soon, but no updates in 90 days (11)

Resolution: Downgrade to important-longterm

Average age: 838.2d, Avg wait: 102.6d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5074		Race condition between issuers, certificates, and secrets PR#5303: Stop infinitely reissuing certs with shared Secret new-commits			7mo	3mo	3mo		lifecycle/frozen kind/bug priority/important-soon	commented member-last open-milestone pr-new-commits send
709		Update Securing NGINX-ingress tutorial for apiVersion networking.k8s.io/v1			1y	1y	1y		good first issue priority/important-soon	recv
320		Document how to install cert-manager using gitops and known issues with particular gitops implementations		3	2y	2y	2y		documentation priority/important-soon	commented contributor-last
262		[DOCS]: Add info on how to customize kind CertManager when using OperatorHub method on Openshift			2y	2y	2y		kind/feature priority/important-soon	author-last commented recv recv-q
229		Documenting resolution for DigitalOcean + HTTP01 "connection timed out" error			2y	2y			priority/important-soon kind/documentation	contributor-last
198		Document release process			2y	2y	2y		priority/important-soon kind/documentation	assigned commented member-last send
195		Document keystores			2y	2y	2y		priority/important-soon kind/documentation	commented member-last send
174		Add documentation for CRD conversion webhook ca injection			2y	2y	2y		help wanted priority/important-soon kind/documentation	commented member-last send
144		Improve webhook debugging info Similar: #642: Move/ link to Webhook debugging docs (open)			2y	2y	2y		priority/important-soon kind/documentation	commented member-last pr-merged send similar
90		Document Certificate Subject Changes			2y	2y	2y		help wanted good first issue priority/important-soon	collaborator-last commented
69		SelfSignedIssuer configuration - API reference docs			2y	2y	2y		help wanted good first issue priority/important-soon kind/documentation	commented member-last send

Important longterm, but no updates in 180 days (9)

Resolution: Downgrade to backlog

Average age: 829.8d, Avg wait: 209.8d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
2178		Handling 'unregistering' certificates from Venafi TPP		11	3y	10mo	2y		lifecycle/frozen kind/feature priority/important-longterm area/venafi	commented recv-q send
401		Bring tutorials up to date			2y	2y			priority/important-longterm
344		Add docs to explain webhooks			2y	2y			help wanted good first issue priority/important-longterm	contributor-last
223		Document wildcard certificate tutorial			2y	2y	2y		priority/important-longterm kind/documentation	commented contributor-last send
178		Order of versions of cert-manager in menu			2y	2y	2y		priority/important-longterm kind/documentation	commented contributor-last send
154		Documenting repo management process			2y	2y	2y		priority/important-longterm kind/documentation	commented contributor-last send
3 previously listed items omitted: #850 #551 #56

Pull Requests: Review Ready (23)

Resolution: Review requests or mark them as do-not-merge/work-in-progress

Average age: 147.7d, Avg wait: 57.8d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5502		The vault issuer can now be given a serviceAccountRef instead of relying on static service account tokens			7wk	20min	2d		release-note size/XL approved area/api kind/feature area/vault dco-signoff: yes area/testing area/deploy	collaborator-last commented unreviewed
5373		Allow config of http01 solver pod security context		2	3mo	1h	22h		size/L release-note area/api kind/feature area/acme dco-signoff: yes ok-to-test area/acme/http01 area/deploy	author-last commented open-milestone recv unreviewed
5614		[helm] expose enable-certificate-owner-ref and -dns01-recursive-nameservers as helm value			2h	2h	2h		release-note needs-ok-to-test size/M dco-signoff: yes area/deploy needs-kind	collaborator-last recv unreviewed
5613		Return error when Gateway has a cross-namespace secret ref Similar: #1123: Adds documentation for Gateway API cross-namespace secret refs (open)			1d	7h	21h		release-note kind/feature size/M dco-signoff: yes ok-to-test	assigned author-last commented recv similar unreviewed
5612		Allow make e2e-setup-certmanager to work on any cluster			1d	1d			release-note-none approved size/M dco-signoff: yes needs-kind	collaborator-last unreviewed
4330		Add client certificate auth method for Vault issuer			1y	3d	7mo		release-note size/XL area/api kind/feature area/acme area/vault dco-signoff: yes area/testing ok-to-test area/deploy	collaborator-last commented recv recv-q unreviewed
3931		Added PodDisruptionBudgets to helm chart		3 15	2y	4d	6wk		size/L release-note approved kind/feature dco-signoff: yes ok-to-test area/deploy	approved assigned assignee-updated commented recv recv-q
4835		Making sure per fixture only 1 setup is active at the same time			9mo	3wk	5mo		release-note-none kind/bug size/M lifecycle/rotten dco-signoff: yes area/testing	assigned assignee-updated collaborator-last commented reviewed-with-comment
4969		add acmeHttp01SolverImage Similar: #5554: helm: add option to override ACME HTTP-01 solver image (open)			8mo	5wk	8mo		size/XS release-note needs-ok-to-test dco-signoff: yes area/deploy needs-kind	assigned author-last commented recv recv-q similar unreviewed
5528		Allow servFail as a valid response.			6wk	6wk	6wk		size/XS release-note-none needs-ok-to-test area/acme dco-signoff: yes area/acme/dns01 needs-kind	collaborator-last recv unreviewed
5356		Allow ECDSA for ACME client keys			4mo	6wk	3mo		size/L release-note area/api kind/feature area/acme dco-signoff: yes area/testing ok-to-test area/deploy	author-last commented recv recv-q unreviewed
5324		Create 20220720-per-certificate-owner-ref.md Similar: #5158: Added certificate owner ref field (open)		4	4mo	1mo	2mo		size/L release-note-none approved kind/design dco-signoff: yes	collaborator-last commented new-commits similar
5447		Allow extra DNS-01 propagation time to be configured			2mo	1mo	2mo		release-note size/S area/acme dco-signoff: yes ok-to-test area/acme/dns01 needs-kind	author-last commented recv unreviewed
5093		Add relabeling and metricRelabelings settings for ServiceMonitor.			7mo	2mo	7mo		release-note size/S needs-ok-to-test dco-signoff: yes area/deploy needs-kind	recv recv-q unreviewed
1123		Adds documentation for Gateway API cross-namespace secret refs Similar: #5613: Return error when Gateway has a cross-namespace secret ref (open)			1d	7h	1d		dco-signoff: yes size/M needs-ok-to-test	assigned author-last recv similar unreviewed
1102		relativelyrehan: outside click for navigation menu			3wk	3wk	3wk		dco-signoff: no size/M needs-ok-to-test	recv unreviewed
1089		Update docs to remove subchart warning			6wk	6wk	6wk		dco-signoff: yes needs-ok-to-test size/S	recv unreviewed
1084		fix: navigation menu hiding search results			2mo	6wk	2mo		size/XS dco-signoff: yes needs-ok-to-test	assigned author-last recv unreviewed
1071		Improved the summary on the docs homepage		2	2mo	2mo	2mo		approved dco-signoff: yes size/S	commented contributor-last new-commits recv-q
1005		Route53 accessKeyIDSecretRef docs			5mo	5mo	5mo		size/XS dco-signoff: yes needs-ok-to-test	recv unreviewed
992		Initial feature gate documentation		2	6mo	5mo	6mo		approved dco-signoff: yes size/M	commented contributor-last recv recv-q reviewed-with-comment
930		update ibmcloud cis webhook link			7mo	6mo	7mo		size/XS dco-signoff: yes needs-ok-to-test	assigned assignee-updated author-last commented recv unreviewed
948		add note to ingress class definition			7mo	7mo	7mo		dco-signoff: no size/XS needs-ok-to-test	assigned author-last recv unreviewed

Unkinded Issues (108)

Resolution: Add a kind/ or triage/support label

Average age: 333.0d, Avg wait: 151.8d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5608		Unable to inject linkerd sidecar proxy to Cert-Manager pods			2d	1d	2d			author-last recv recv-q
4918		Leader election timeout (?) causes exit		2	9mo	4wk	7mo		priority/important-longterm	commented recv recv-q
3992		Add non-CRD yaml file		2	2y	4wk	1y		priority/important-soon area/deploy	author-last commented open-milestone recv
753		Route53 - AWS IAM Account Setup is confusing			1y	7mo	7mo		priority/backlog	commented member-last send
459		cert manager is no longer on the OpenShift operator list			2y	7mo	2y		priority/awaiting-more-evidence	assigned assignee-updated commented contributor-last recv-q send
354		DigitalOcean access-token should not be base64-encoded			2y	2y	2y		priority/awaiting-more-evidence	author-last commented recv
2		Set up periodic job to publish an experimental release build			2y	2y			priority/backlog	assigned contributor-last
101 previously listed items omitted

Unprioritized Recent Issues (220)

Resolution: Add a priority/ or triage/ label

Average age: 226.0d, Avg wait: 92.6d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5611		ACME HTTP challenge pods blocked by OpenShift			1d	1d	1d		kind/bug	author-last recv
5610		Fail with a clear error message if a Gateway TLS listener has a cross-namespace secret reference PR#5613: Return error when Gateway has a cross-namespace secret ref unreviewed			2d	1d	1d		good first issue kind/bug	assigned assignee-updated commented pr-unreviewed
5609		Support AutoDNS as a provider			2d	2d	2d		kind/feature	recv
217 previously listed items omitted

Uncommented Recent Issues (3)

Resolution: Add a comment

Average age: 2.0d, Avg wait: 1.4d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
3 previously listed items omitted: #5611 #5609 #5608

New, has multiple reactions, but not important-soon: No matching items

New, has multiple commenters, but not important-soon: No matching items

needs information, has update: No matching items

Unprioritized issues older than 7 days (216)

Resolution: Add a priority/ or triage/ label

Average age: 230.2d, Avg wait: 94.3d

Uncommented older than 7 days (143)

Resolution: Add a priority/ or triage/ label

Average age: 201.1d, Avg wait: 170.5d

Important soon, but no updates in 90 days (11)

Resolution: Downgrade to important-longterm

Average age: 838.2d, Avg wait: 102.6d

Important longterm, but no updates in 180 days (9)

Resolution: Downgrade to backlog

Average age: 829.8d, Avg wait: 209.8d

Pull Requests: Review Ready (23)

Resolution: Review requests or mark them as do-not-merge/work-in-progress

Average age: 147.7d, Avg wait: 57.8d

Unkinded Issues (108)

Resolution: Add a kind/ or triage/support label

Average age: 333.0d, Avg wait: 151.8d

Unprioritized Recent Issues (220)

Resolution: Add a priority/ or triage/ label

Average age: 226.0d, Avg wait: 92.6d

Uncommented Recent Issues (3)

Resolution: Add a comment

Average age: 2.0d, Avg wait: 1.4d

Recently updated issue has a question (1)

Resolution: Add an answer

Average age: 1050.2d, Avg wait: 0.0d