generic Daily Triage :: Triage Party

queue to be emptied once a day

Unprioritized issues older than 7 days (253)

Resolution: Add a priority/ or triage/ label

Average age: 320.5d, Avg wait: 156.6d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5862		http01.ingress.class doesn't work			8d	5d	8d		kind/bug	recv
5855		DNS-01 : error : Found recursive CNAME record to			13d	9d	11d			commented member-last send
5851		CA cert in Secret not updated when self-signed CA itself gets renewed.		6	16d	9d	9d		kind/bug	collaborator-last commented send
5864		Certmgr allows creating certificates expiring after ca expiration.			8d	8d	8d		kind/bug	recv
5817		Uninstalling the cert-manager Helm chart removes all my Issuers and Certificate/ CertificateRequest CRs			4wk	4wk	4wk			collaborator-last commented send
5806		CA Injector MinimumReplicasUnavailable			5wk	4wk	4wk		kind/bug	collaborator-last commented send
5800		Found no Zones for domain _acme-challenge.mydomain.com			5wk	5wk	5wk			recv
5792		Helm CVE-2023-25165			5wk	5wk	5wk			recv
5785		Store OCSP response in kubernetes secret PR#5830: WIP: ocsp stapling for certificates commented			6wk	3wk	4wk		kind/feature	commented pr-reviewed-with-comment send
5784		After migration from 1.6.1 to 1.8.2 cainjector remains in crashloopbackoff - OOMKill			6wk	5wk	5wk		kind/bug	collaborator-last commented send
5783		*Add k8s.io/client-go/applyconfigurations style ApplyConfigurations for the included CRDs** PR#5383: Generate applyconfigurations and Apply functions unreviewed			6wk	5wk	5wk		kind/feature	collaborator-last commented pr-unreviewed send
5782		Misleading error for Vault issuer			6wk	6wk	6wk			commented member-last send
5780		error instantiating route53 challenge solver: unable to assume role: AccessDenied Similar: #5486: Aggressive Retries from "error instantiating route53 challenge solver" (open)			6wk	6wk	6wk			author-last recv similar
5779		cloudDNS 's hostedZoneName is not sufficient to replace the dns01-recursive-nameservers flag			6wk	6wk	6wk		kind/bug	recv
5775		Atos IDnomic ACME Gateway			6wk	3wk	5wk		kind/bug area/acme	author-last commented recv
5774		Add descriptions for container image repos			6wk	6wk			good first issue kind/documentation
5773		add support for encrypted Private keys in PKCS8 format			7wk	7wk	7wk			recv
5772		Develop new Helm chart for cert-manager CRD manifests			7wk	7wk	7wk		kind/feature	recv
5767		force renew others when root cert renews			7wk	7wk	7wk		kind/feature	recv
5760		Feature/Bug: Filter Ingress Url by ACME Solvers PR#5761: feat: Add option to allow filtering DNS Names by ACME Challenge solvers unreviewed			7wk	7wk	7wk		kind/bug kind/feature	pr-unreviewed recv
5756		Challenge is stuck at "Waiting for DNS-01 challenge propagation" Similar: #5752: Waiting for HTTP-01 challenge propagation: wrong status code '404', expected '200' (open) Similar: #4246: ACME DNS Challenge and Propagation Delay (NXDOMAIN) (closed)			7wk	7wk	7wk		kind/bug	author-last commented recv similar
5755		JKS truststore.jks not found in resulting secret in v1.11.0		3	7wk	4wk	7wk		kind/bug	pr-unreviewed recv
5752		Waiting for HTTP-01 challenge propagation: wrong status code '404', expected '200' Similar: #5756: Challenge is stuck at "Waiting for DNS-01 challenge propagation" (open) Similar: #2517: http-01 challenge propagation: wrong status code '404', expected '200' (closed)			1mo	1mo	1mo		kind/bug	recv similar
5751		Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together			1mo	6wk	1mo		kind/bug	recv recv-q
5750		Tag associated with Fix for pavlo-v-chernykh/keystore-go library version			1mo	7wk	7wk		kind/feature	commented member-last pr-merged send
5717		clarification on semantic versioning			2mo	2mo	2mo			commented member-last send
5716		Certificate renewal fails during DNS challenge with Route53 Similar: #3896: Cert Manager failing to renew certificate (open)			2mo	1mo	2mo		kind/bug	recv similar
5708		Cert Manager working with only example.com not with svc.cluster.local			2mo	2mo	2mo		kind/bug	collaborator-last recv
5700		Support for issuing public certs using AWS ACM and DNS verification			2mo	2mo	2mo		kind/feature	author-last recv
5699		Customize Cloudflare base url			2mo	2mo	2mo		kind/feature	contributor-last recv
5697		Support PodSecurityAdmission		4	2mo	7d	2mo		kind/feature	author-last recv recv-q
5673		Error presenting challenge: init sdk: get token: extract secret: resource name may not be empty			2mo	2mo	2mo			author-last recv
5847		Issuance flow is not consistent in non-success cases (i.e denied CRs)			19d	15h			kind/bug
5664		Error: INSTALLATION FAILED: failed post-install: timed out waiting for the condition			3mo	4wk	3mo		kind/bug	recv recv-q
5650		provider rfc2136 send updates to top level zone Similar: #5630: provider rfc2136: updates are sent to wrong dns zone (open)			3mo	5d	3mo		kind/bug lifecycle/stale	collaborator-last recv similar
5643		AdditionalOutputFormat is still in alpha			3mo	1d	1d		kind/feature	commented open-milestone send
5630		provider rfc2136: updates are sent to wrong dns zone Similar: #5650: provider rfc2136 send updates to top level zone (open)			3mo	12d	3mo		lifecycle/stale	collaborator-last recv similar
5665		Allow defining keystore password as litteral instead of SecretRef			2mo	2mo	2mo		kind/feature	recv
5626		Helm: Allow configuration of readiness, liveness and startup probes for all created Pods PR#5670: feat(chart): support probes for cert-manager and cainjector changes-requested			3mo	2mo	2mo		kind/feature	author-last commented pr-changes-requested recv
5615		Integrate cert-manager with DigitalOcean LBs			3mo	17d	3mo		kind/feature lifecycle/stale	collaborator-last recv
5611		ACME HTTP challenge pods blocked by OpenShift			3mo	12d	3mo		kind/bug	author-last recv
5608		Unable to inject linkerd sidecar proxy to Cert-Manager pods			3mo	3wk	3mo		lifecycle/stale	collaborator-last recv recv-q
5596		Current PSP is not sufficient to work with CSI volume			3mo	4wk	3mo		kind/bug lifecycle/stale	collaborator-last recv
5594		Graduate ExperimentalGatewayAPISupport feature to beta			4mo	17d			kind/feature lifecycle/stale	collaborator-last
5590		Configure cluster resource namespace in ClusterIssuer spec		2	4mo	4d	4mo		lifecycle/rotten	collaborator-last recv
5588		--must-staple attribute for OCSP Stapling			4mo	6wk	4mo		good first issue kind/feature	commented member-last send
5585		ClusterIssuer cannot read the ServiceAccount token secret			4mo	5d	4mo		kind/bug lifecycle/rotten	collaborator-last recv
5581		Best way to migrate a Nginx ingress to cert-manager without downtime			4mo	17d	3mo		lifecycle/stale	collaborator-last commented send
5580		Mounting emptyDir to /tmp directory (webhook)			4mo	5wk	4mo		kind/feature	author-last recv
5572		Add the possibility to use two cluster issuers in a single ingress			4mo	12d	4mo		kind/feature lifecycle/rotten	collaborator-last recv
5616		Allow Gateway API feature to be enabled in clusters that don't have GWAPI CRDs installed			3mo	7d	3mo		kind/feature lifecycle/stale	collaborator-last commented pr-closed
5565		cert-manager aws route53 hosted zone automatically add records.			4mo	14d	4mo		lifecycle/rotten	collaborator-last recv
5558		Will auto-renewal of the root certificate automatically renew the certificate issued by the root certificate? Similar: #4797: Automatically renew certificates if OCSP indicates that it was revoked (open)			4mo	7wk	4mo			recv similar
5557		error instantiating route53 challenge solver: unable to assume role: AccessDenied: Similar: #5486: Aggressive Retries from "error instantiating route53 challenge solver" (open)		4	4mo	4wk	4mo		kind/bug	recv recv-q similar
5553		Cert manager is looking for wrong service name		2	4mo	19d	4mo		lifecycle/rotten	collaborator-last recv
5549		unknown field "enabled" in io.k8s.api.core.v1.PodSecurityContext		2	4mo	12h	4mo		lifecycle/stale	collaborator-last recv recv-q
5548		Pod is not running due to AppArmor not Enabled			4mo	3d	4mo		lifecycle/rotten	collaborator-last recv recv-q
5545		openssl version used			4mo	3wk	4mo		lifecycle/rotten	collaborator-last recv
5543		Using Azure workload identity instead of AAD Pod Identities to configure the AzureDNS DNS01 challenge.			4mo	16d	4mo		kind/feature lifecycle/stale	collaborator-last recv recv-q
5540		Changelog annotations to chart			4mo	1mo	4mo		kind/feature	author-last recv
5538		Unable to set IPv6 podDNS config from values			4mo	1mo	4mo		kind/bug	author-last recv
5537		Left over artifacts from cert-manager			4mo	3wk	4mo		lifecycle/rotten	contributor-last recv recv-q
5536		Challenge stack on self check when host is unavailable from cluster.			4mo	3wk	4mo		kind/bug lifecycle/rotten	collaborator-last recv
5531		Question regarding Apigee Hybrid cert-manager webhook support with CSI driver			5mo	3wk	5mo		lifecycle/rotten	collaborator-last recv
5524		cert-manager v1.10.0 always tries to access clusterissuers at cluster scope			5mo	5d	5mo		kind/bug lifecycle/rotten	collaborator-last recv recv-q
5520		CrashLoopBackOff after restart of all deployments			5mo	3wk	5mo		kind/bug lifecycle/rotten	collaborator-last recv recv-q
5516		Forbidden: seccomp may not be set pod.metadata.annotations		2 10	5mo	2mo	5mo		kind/bug	author-last recv
5515		stuck on propagation check failed DNS record not yet propagated			5mo	20h	5mo		kind/bug	recv
5514		Venafi Issuer Read `caBundle` from Configmap or Secret			5mo	1mo	5mo		kind/feature	contributor-last recv
5566		upload Helm charts to OCI registry and sign them with cosign		4	4mo	4wk	3mo		kind/feature lifecycle/stale	collaborator-last commented send
5486		Aggressive Retries from "error instantiating route53 challenge solver" Similar: #5780: error instantiating route53 challenge solver: unable to assume role: AccessDenied (open) Similar: #5557: error instantiating route53 challenge solver: unable to assume role: AccessDenied: (open)		2	5mo	6wk	5mo		kind/bug	recv recv-q similar
5437		Issuer/ClusterIssuer support to specify vault token on local filesystem			6mo	3wk	6mo		lifecycle/rotten	collaborator-last pr-closed recv recv-q
5433		Support certs that live for < 1h Similar: #15: Feature: Support for ECC certs (open)		3	6mo	9d	6mo		kind/feature	author-last recv similar
5513		Deploy of cert-manager-webhook/cainjector:v1.9.1 got permission error			5mo	4wk	5mo		kind/bug lifecycle/rotten	collaborator-last recv recv-q
5298		Complete the Migration Away From Jetstack Names			8mo	7d	3mo		kind/cleanup lifecycle/stale	collaborator-last commented
5430		Improving DNS-01 challenge performance PR#5446: Allow concurrent same-FQDN DNS-01 challenges when using route53 commented PR#5447: Allow extra DNS-01 propagation time to be configured unreviewed			6mo	11d	6mo		kind/feature	pr-reviewed-with-comment pr-unreviewed recv
5230		Timeouts on Every Controller Reconcile Loop			9mo	4wk	4wk		kind/bug	commented member-last pr-merged
5197		cert-manager-webhook to provide logs when handling a k8s api-server request		3	9mo	5wk	5wk		good first issue help wanted kind/feature	assigned assignee-updated commented send
5171		TPP Allowed Domains can cause valid certificate to error			9mo	4wk	9mo		kind/bug area/venafi	recv
5220		Investigate improving resource consumption and performance in clusters with large amount of resources		10	9mo	3wk	5mo		kind/feature lifecycle/stale	collaborator-last commented pr-merged recv-q
5160		Support loading controller configuration from a versioned file PR#5337: WIP: Support loading controller configuration from a versioned file new-commits		2	9mo	13d	13d		help wanted kind/feature	assigned assignee-updated collaborator-last commented pr-new-commits
5069		Error presenting challenge: the server could not find the requested resource even though resource exists			10mo	2mo	10mo		kind/bug	recv
5031		ValidateCAA test function is flaky			11mo	6wk	6wk		kind/bug kind/flake flake/test-logic	commented member-last send
5062		Cert-manager stops processing order request in "processing" status after several attempts			11mo	3wk	3mo		kind/bug lifecycle/stale area/acme	collaborator-last commented recv
4979		Overhaul the DNS01 solver		5	1y	3h			kind/feature lifecycle/stale	collaborator-last pr-closed
4956		cert-manager created multiple CertificateRequest objects with the same certificate-revision		2 2 3	1y	2mo	1y		kind/bug	commented pr-closed pr-merged pr-unreviewed recv recv-q
4931		Enable Testing on ARM64			1y	1d	1y		kind/feature lifecycle/stale	collaborator-last commented recv recv-q
4950		General flakiness of our end-to-end suite		3	1y	8mo	8mo		lifecycle/frozen kind/flake	commented member-last pr-closed pr-merged send
4877		HTTP01 solver fails self-check/propagation check on 1.7.1 when used with client-certificate auth on nginx Ingress 1.1.1			1y	11d	1y		kind/bug lifecycle/rotten	collaborator-last recv recv-q
4797		Automatically renew certificates if OCSP indicates that it was revoked Similar: #5558: Will auto-renewal of the root certificate automatically renew the certificate issued by the root certificate? (open)		6	1y	3wk	1y		kind/feature area/acme	commented recv similar
4685		Unexpected EOF during watch stream event decoding: unexpected EOF		5	1y	3mo	1y		lifecycle/frozen kind/bug	recv recv-q
4594		TLS handshake error: EOF		15	1y	10d	9mo		kind/bug	commented recv-q send
4561		Ability to specify secret ownerReference as part of the Certificate request		3	1y	2mo	1y		kind/feature	recv
4423		Cert renewal loop		2	2y	2mo	1y		kind/bug	author-last commented recv recv-q
4349		allowing greater configuration for the cloud provider tests			2y	11mo	11mo		lifecycle/frozen kind/feature	collaborator-last commented send
3958		Sane defaults for Certificate revision history limit		11	2y	6wk	4mo		kind/feature	commented recv-q send
3896		Cert Manager failing to renew certificate Similar: #5716: Certificate renewal fails during DNS challenge with Route53 (open) Similar: #5873: cert-manager failing to generate certificate in kubernetes, how to fix that? (open) Similar: #46: Cert-manager operator fails to issue certificates (open) Similar: #5868: Cert-manger unable to renew the certificate (closed)		17	2y	11d	2y		kind/bug area/acme/dns01	commented recv-q send similar
3592		Ability to not create ca.crt		2	2y	18d	2y		lifecycle/rotten	collaborator-last commented recv
2380		Helm chart version is not SemVer-compatible		5	3y	19d	2y		kind/bug	commented recv recv-q
5826		ACMEDNS, cnameStrategy: Follow (follow CNAME records recursively), dns01-recursive-nameservers-only - NXDOMAIN			3wk	3wk	3wk		kind/bug	recv
5821		Allow renewBefore to be a percentage			4wk	4wk	4wk		kind/feature	recv
5818		Remove code-level dependency on Helm where possible			4wk	3wk			kind/feature
5845		Error presenting challenge: Unable to check the TXT record: ### Unexpected HTTP status: 401 during certificate renewal			2wk	2wk	2wk		kind/bug	recv
4899		Certificate.Spec.RenewEvery instead of RenewBefore			1y	3wk	7mo		kind/feature	commented contributor-last
1194		Confusing paragraph - cert-manager integration. Similar: #5827: Cert-manager fails to integration with Istio (closed)			2wk	12h	2wk		documentation	contributor-last recv similar
1063		"Securing Ingresses with Venafi" tutorial contains link to missing manifest			6mo	6mo	6mo			author-last pr-merged recv
1062		Document process for offboarding maintainers Similar: #1061: Document onboarding process for new maintainers (open)			6mo	6mo	6mo			recv similar
1061		Document onboarding process for new maintainers Similar: #1062: Document process for offboarding maintainers (open)			6mo	6mo	6mo			recv similar
1054		Run spell checker in a pre-commit hook			7mo	7mo	7mo		good first issue kind/cleanup	recv
1006		Use descriptive text instead of alt for `feature icon`			9mo	9mo	9mo			recv
998		Documentation venafi configuration references venafi documentation page which returns 403			9mo	6mo	9mo			contributor-last recv
993		Document which resources do/do not get garbage collected			9mo	9mo	9mo		good first issue	contributor-last recv
981		The `kubectl operator install` instructions are broken (after upgrading kubectl operator v0.3.0 -> v0.4.0)			10mo	10mo	10mo			commented member-last
1186		Document that/why we don't use Helm's CRD installation mechanism			4wk	4wk	4wk		good first issue kind/documentation	recv
1168		Rendering issues for generated API docs			2mo	1mo	1mo			commented member-last pr-merged
955		Document when the vault pki role required setting `require_cn=false`			10mo	4mo
1159		Why the sample issuer still uses kubebuilder version 2 ?			2mo	2mo	2mo			recv
944		Document how to install cert-manager in a different namespace		2	11mo	9mo	11mo		good first issue	assigned assignee-updated contributor-last recv recv-q
899		Upgrading from v1.7 to v1.8 check command should exclude null.		2	11mo	10mo	11mo			recv recv-q
868		Document RBAC Similar: #844: Document feature gates (open)			1y	1y	1y			contributor-last recv similar
1101		Feature request for updating documentation.			4mo	4mo	4mo			recv
1125		Describe cert-manager feature policy			3mo	2mo	3mo			contributor-last recv recv-q
847		missing documentation/information olm based installation metric prometheus			1y	1y	1y			contributor-last recv
974		Investigate styled 404 page			10mo	10mo
851		create Cilium ingress tls example		3	1y	9mo	1y			assigned assignee-updated recv
836		Syncing Secrets Across Namespaces			1y	1y	1y			recv
802		Spelling errors are unclear in pull request CI results and spell checker is unmaintained			1y	1y			kind/bug	contributor-last pr-merged
841		remove dependency on golang from cmctl and kubectl-plugin installation documentation			1y	1y	1y			contributor-last pr-merged recv recv-q
776		Explain that you can pre-provision a Secret and Certificate.Spec.SecretName can refer to an existing Secret			1y	1y	1y			commented member-last send
844		Document feature gates Similar: #868: Document RBAC (open)			1y	1y				similar
975		Some pages do not make it clear what the user should read next			10mo	10mo
693		Azure DNS pod identity incorrectly documents principal_id			2y	2y	2y			commented member-last send
931		Improve upgrade instructions using helm			11mo	11mo	11mo			recv
662		Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"			2y	2y	2y			recv
645		Investigate & add an FAQ/warning about images rolled back after GitOps upgrade			2y	1y	2y			recv recv-q
758		API reference docs: enum values not documented with typedef			1y	1y	1y			recv
706		Default key usages			2y	2y	2y			recv
583		cert-manager with ZeroSSL		44	2y	8mo	8mo			commented send
568		Add a diagram for LetsEncrypt cert issuance flow to the docs		4	2y	2y	2y			recv
561		Certificate Resources Similar: #5875: Different Certificate resources referring same secret (closed) Similar: #5439: setting certificate attributes in certificate resources (closed)			2y	2y	2y			recv similar
554		HTTP Validation, privateKeySecretRef			2y	2y	2y			contributor-last recv
604		Make it so that it is easier to find the doc for fixing webhook issues			2y	11mo	2y			contributor-last recv
866		Securing NGINX-ingress Similar: #326: Securing Ingresses with Venafi (open)			1y	1y	1y			recv similar
542		Document the Istio VirtualService HTTP01 configuration options			2y	2y
532		Rework of the landing page (cert-manager.io) Similar: #179: group 'cert-manager.io' does not work (open)		3	2y	1y	2y		help wanted good first issue	commented member-last send similar
549		Effort towards a more user-friendly website			2y	2y
642		Move/ link to Webhook debugging docs			2y	2y
466		installation/compatiblity			2y	2y	2y			recv
457		cainjector docs are missing the option to inject certs in apiservice resources			2y	2y	2y			recv
426		Create a sequence diagram that shows how a certificate gets issued with let's encrypt		2	2y	2y	2y			commented member-last pr-merged
425		Document ocspServers			2y	2y	2y		kind/documentation	commented member-last
422		Page last modified date incorrect			2y	2y	2y		kind/bug	collaborator-last commented send
386		Uninstalling on Kubernetes - How to delete all those user created resources?			2y	2y	2y			collaborator-last commented send
330		Case for CertificatePrivateKey (encoding, algorithm) is wrong (v1)			2y	2y	2y			collaborator-last commented send
326		Securing Ingresses with Venafi Similar: #866: Securing NGINX-ingress (open)			2y	2y	2y			collaborator-last commented send similar
295		Route53			2y	2y	2y		kind/documentation	commented member-last send
469		DNS01: Delegated Domains for DNS01 example yaml solvers list items			2y	2y	2y			recv
543		Add getting started documentation for users who want to quickly use cert-manager to issue LetsEncrypt certificates		4	2y	2y	2y			commented member-last send
672		List required Google CloudDNS permissions exhaustively			2y	2y	2y			recv
697		[IRSA] Needs `runAsUser: 1001`			2y	2y	2y			recv
486		OpenShift - broken link			2y	2y	2y			commented member-last send
79		Design for partial automation of release process			9mo	9mo	9mo			commented member-last send
42		Publish latest release number as part of creating a final release			2y	2y	2y			commented member-last send
19		Incorrect command line help: should include a --branch argument			2y	2y	2y		kind/cleanup	commented contributor-last
50		Move cert-manager-release infrastructure to CNCF's GCP account			2y	1y	1y			commented member-last
31		Move the manual steps of our release process to cmrel commands			2y	2y	2y			commented member-last pr-closed
27		Create cert-manager specific testing infrastructure			2y	2y	2y			assigned assignee-updated commented member-last pr-merged send
176		certificateDuration is not used for the Istio CSR generated certificate requests Similar: #119: Certificate is re-requested when container restarts (open) Similar: #14: Annotation generates CertificatesRequests repeatedly until blocked by letsencrypt (open)			7mo	7mo	7mo			author-last commented recv recv-q similar
197		add the compatibility matrix for Kubernetes versions to README			3wk	3wk	3wk			recv
161		updating ConfigMap data doesn't stop			9mo	9mo	9mo			collaborator-last commented send
155		Invalid certificate chain when using Vault with Intermediate CA			10mo	7mo	10mo			recv
153		It is possible to have several CAs within the same cluster.			10mo	9mo	10mo			contributor-last recv
144		add a support kubernetes client QPS and Burst config			11mo	11mo	11mo			recv
141		Istio-csr pods were hung unable to handle request causes entire cluster downtime for new pods/expired pods.			1y	7mo	1y			commented recv recv-q
145		*Not able to use Istio-CSR in istio(1.13.)**			11mo	11mo	11mo			author-last commented pr-closed recv
138		istio-csr doesn't retry upon failed certificate requests			1y	4mo	1y			contributor-last recv
137		Documentation on rotating the root certificate			1y	4wk	1y			recv recv-q
133		latest supported cert-manager version with cert-manager-istio-csr?			1y	1y	1y			collaborator-last commented send
136		Document available metrics Similar: #850: Document available cert-manager Prometheus metrics (open)			1y	1y	1y			recv similar
131		metrics to check certificate expiry for istio workloads ?			1y	1y	1y			collaborator-last commented send
132		Allow override of istiod-tls certificate common name in helm chert (for non-standard istiod deployments)			1y	1y	1y			recv
130		Document best-practices for minimal vault role configuration for istio-csr			1y	1y	1y			recv
118		E2E tests running against the wrong k8s version			1y	1y
117		public ca.crt aka caBundle is not being updated/propagated until the cert-manager and istiod components are restarted			1y	1y	1y			recv
108		[doc] confusion with `ca.pem` and Readiness probe failed on ingress and egress gateways			1y	1y	1y			author-last commented recv recv-q
106		Helm chart is failing with "certificate.spec.revisionHistoryLimit" issue			1y	1y	1y			collaborator-last commented send
94		Can't get aws pca to work			2y	2y	2y			recv
87		Failing to integrate with GCP CAS			2y	2y	2y			collaborator-last commented send
84		csr readiness probe failed, istio ingress pod also failed		2	2y	2y	2y		support	collaborator-last commented send
83		commonName required for AWS PCA			2y	2y	2y			commented recv recv-q
64		Is there way to hot restart envoy proxy using istio-csr? I'm trying to renew root certificate by changing the istio-ca secret manually. The workload does not pick the new root certificate unless I delete the workload pods			2y	2y	2y			commented send
53		Generate workload certificates with DNS in the SAN			2y	2y	2y			commented recv-q send
113		Integrating with istio helm chart installs		9	1y	8mo	1y			recv recv-q
207		Setting .Values.nameOverride makes the pod not have rights to update secret cert-manager-approver-policy-tls			19d	19d	19d			author-last recv
203		Improve CRD fields for specifying key requirements			4wk	4wk
149		Regex to disallow wildcard certificates		2	4mo	4mo	4mo			recv
62		CertificateRequestPolicy based on which namespace the certificate request belongs to PR#208: Templating in policy unreviewed		4	10mo	9d	19d			author-last commented pr-merged pr-unreviewed recv recv-q
61		Flakey Tests in pull-cert-manager-approver-policy-verify			10mo	10mo			kind/bug	pr-merged
179		group 'cert-manager.io' does not work Similar: #532: Rework of the landing page (cert-manager.io) (open)			3mo	3mo	3mo			recv similar
169		Webhook Custom CA			3mo	3mo	3mo			recv
72		Add the configmap on all pod via mutatingWebhookConfiguration			3mo	2mo	2mo		enhancement	commented member-last send
63		nit: Rename "Bundle" to "ClusterBundle"		5	4mo	2mo	2mo			commented member-last send
62		Webhook error when creating a bundle		2	5mo	5d	2mo			commented recv-q send
59		Trust part 2 - How to use a bundle?			5mo	16d	16d			commented member-last send
100		Modifying Bundle target can result in CA certs not being available for a while			2mo	2mo	2mo			recv
54		Allow auto-trust Bundles tracking a certain Issuer		2	7mo	2mo	2mo			commented member-last send
44		Specialise `Bundle` for X.509 Certificates			7mo	7mo
39		Don't sync targets to all namespaces by default		2	8mo	8mo
33		Support CRDs as target Similar: #10: Feature: support secret target (open)		3	9mo	9mo	9mo			recv similar
23		Way to add labels/annotations to target		6	10mo	10mo	10mo			recv
17		Support distribution of PKCS12/JKS truststores		9	11mo	5mo	11mo			recv recv-q
13		Allow node selection based on nodeSelector, tolerations, affinities and topologySpreadConstraints PR#117: fixes #13 - Allow node selection based on nodeSelector, tolerations, affinities and topologySpreadConstraints unreviewed		4	1y	1d	1y			pr-unreviewed recv
11		Add support for image pullsecret and installing the CRD - helm chart		3	1y	3wk	1y			recv recv-q
60		overriding trusted namespace		2 3	5mo	2mo	2mo			commented member-last send
4		Feature: By default, require only self-signed certificates in a bundle			2y	10mo			enhancement
58		Support injection pem into an existing configmap			5mo	5mo	5mo			recv
112		Move away from buildx			6wk	6wk
113		Branch from "old" trust-manager name to add deprecation warning.			6wk	6wk
10		Feature: support secret target PR#108: Supporting a secret target commented Similar: #33: Support CRDs as target (open)		12	1y	10mo	1y			commented pr-reviewed-with-comment recv recv-q similar
99		Allow removing Bundles whilst keeping the synced CA certs			2mo	2mo	2mo			recv
134		Volume empty			2mo	7wk	2mo			recv
136		SubPath support is broken or missing			2mo	2mo	2mo			recv
116		Does csi-driver support Wìndows nodes?			6mo	5mo	5mo			collaborator-last commented send
74		Investigate and change the default mounted host path for driver			1y	1y
45		Unable to mount and read only file error		4	2y	2mo	7mo			commented recv-q send
33		New key being used with old certificate			2y	2y	2y			recv
29		Deleting a pod with a cert-manager-csi volume mounted results in the pod termination hanging.			2y	2y	2y			recv
26		Cannot `chmod` a read only filesystem		14	2y	2y	2y			pr-closed recv recv-q
21		MountVolume.SetUp failed: cannot set blockOwnerDeletion: cannot find RESTMapping for APIVersion core/v1 Kind Pod			2y	2y	2y			recv
17		ability to specify pod IP in volume attributes		5	3y	2y	2y			commented recv
130		JKS support		2	2mo	3wk	2mo			recv
128		Support all subject attributes PR#129: Add attribute support for certificate subject commented			3mo	3mo	3mo			pr-reviewed-with-comment recv
125		Is it too late to align cert-manager annotations?			3mo	3mo	3mo			recv
119		Certificate is re-requested when container restarts Similar: #176: certificateDuration is not used for the Istio CSR generated certificate requests (open)			5mo	5mo	5mo			recv similar
19		Add support for certificate expiry configuration		3	5mo	5mo	5mo			recv
13		Can the plugin be configured to use a wildcard certificate?			7mo	3mo	7mo			recv recv-q
12		Does this plugin support DNS validation?			7mo	7mo	7mo			recv
10		Support for the route subdomain enhancement			8mo	7d	11d			commented contributor-last recv-q send
15		Feature: Support for ECC certs Similar: #5433: Support certs that live for < 1h (open)			4mo	4mo	4mo			recv similar
4		Feature: Allow specification of privateKey.rotationPolicy			9mo	8mo	9mo			recv
14		Annotation generates CertificatesRequests repeatedly until blocked by letsencrypt Similar: #176: certificateDuration is not used for the Istio CSR generated certificate requests (open)			7mo	7mo	7mo			recv similar
70		OLM deployment with ArgoCD is OutOfSync			9mo	7mo	7mo			commented send
46		Cert-manager operator fails to issue certificates Similar: #5873: cert-manager failing to generate certificate in kubernetes, how to fix that? (open) Similar: #3896: Cert Manager failing to renew certificate (open) Similar: #5827: Cert-manager fails to integration with Istio (closed)			1y	1y	1y			recv similar
17		Operator prevents passing extraArgs helm value		7	2y	3mo	2y			recv recv-q
3		Restrict operator RBAC permissions			2y	2y	2y			recv
22		Customize the deployment of cert-manager installed via OLM		5 6	2y	3mo	10mo			author-last commented recv recv-q
8		Drivers can create CertificateRequests for pods that don't exist in very rare edge cases			2y	2y				contributor-last
45		Exponential backoff handling does not apply to certificate renewal in pending phase			3wk	3wk	3wk			recv
40		Optional auto rotating/renewing certificates			5mo	5mo	5mo			recv
33		Create e2e test to validate CertificateRequest garbage collection			6mo	6mo	6mo			assigned recv
47		Race condition: CertificateRequests may never be fulfilled if the issuer was overwhelmed			3wk	3wk	3wk			recv
22		Question: figuring this out as I go, could use a little guidence on this step: add 'kubebuilder CRD Markers'			1y	1y	1y			commented send
4		Create Kubernetes Events logging significant operations and errors			2y	2y

Uncommented older than 7 days (148)

Resolution: Add a priority/ or triage/ label

Average age: 274.7d, Avg wait: 246.7d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
4722		High memory usage on cluster with many secrets		10	1y	4wk	1y		kind/bug priority/important-soon	assigned assignee-updated recv recv-q
3898		Allow setting PodDisruptionBudget policies via helm chart PR#3931: Added PodDisruptionBudgets to helm chart approved		4	2y	11d	2y		kind/feature priority/important-longterm area/deploy	author-last pr-approved pr-closed recv
3655		Specify Name Constraints in CA Certificate		10	2y	2mo	2y		kind/feature priority/backlog	contributor-last recv
850		Document available cert-manager Prometheus metrics Similar: #136: Document available metrics (open)			1y	5wk	1y		documentation good first issue priority/important-longterm	recv recv-q similar
76		Upgrading from v0.10 to v0.11 - missing cainjector annotation			3y	2y	3y		priority/backlog kind/documentation	contributor-last recv
143 previously listed items omitted

Important soon, but no updates in 90 days (1)

Resolution: Downgrade to important-longterm

Average age: 1073.8d, Avg wait: 0.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
174		Add documentation for CRD conversion webhook ca injection			2y	2y	2y		help wanted priority/important-soon kind/documentation	commented member-last send

Important longterm, but no updates in 180 days (2)

Resolution: Downgrade to backlog

Average age: 1149.8d, Avg wait: 0.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
2178		Handling 'unregistering' certificates from Venafi TPP		11	3y	1y	2y		lifecycle/frozen kind/feature priority/important-longterm area/venafi	commented recv-q send
223		Document wildcard certificate tutorial			2y	2y	2y		priority/important-longterm kind/documentation	commented contributor-last send

Pull Requests: Review Ready (45)

Resolution: Review requests or mark them as do-not-merge/work-in-progress

Average age: 90.8d, Avg wait: 35.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5880		Separate binaries/tests into separate modules with minimal dependencies			15h	10h			release-note approved kind/feature size/XXL area/acme dco-signoff: yes area/testing	collaborator-last unreviewed
5876		helm: add support for TLS configuration and application protocol			2d	12h	19h		release-note size/S dco-signoff: yes ok-to-test area/deploy needs-kind	assigned assignee-updated author-last commented recv unreviewed
4330		Add client certificate auth method for Vault issuer Similar: #1202: Add section about client cert authentication for vault (open)		4	2y	14h	20h		release-note size/XL approved area/api kind/feature area/acme area/vault dco-signoff: yes area/testing ok-to-test area/deploy	author-last commented recv recv-q reviewed-with-comment similar
5824		Controller partial metadata			3wk	17h	18h		release-note approved area/api kind/cleanup size/XXL area/acme area/ca area/vault dco-signoff: yes area/testing area/acme/dns01 area/acme/http01	collaborator-last commented open-milestone unreviewed
5158		Added certificate owner ref field Similar: #5324: Create 20220720-per-certificate-owner-ref.md (open)		5	10mo	17h	1d		release-note size/XL approved area/api kind/feature dco-signoff: yes area/testing ok-to-test area/deploy	assigned assignee-updated commented contributor-last recv reviewed-with-comment similar
5879		Deprecate klog flags and add a deprecation message			1d	1d			release-note approved kind/cleanup size/M dco-signoff: yes area/testing	collaborator-last unreviewed
5324		Create 20220720-per-certificate-owner-ref.md Similar: #5158: Added certificate owner ref field (open)		5	8mo	1d	1d		size/L release-note-none approved kind/design dco-signoff: yes	commented member-last new-commits similar
5874		Cleanup certificate request approval webhook			2d	2d	2d		size/L release-note-none approved kind/cleanup dco-signoff: yes	commented member-last unreviewed
5447		Allow extra DNS-01 propagation time to be configured			6mo	3d	6mo		release-note size/S lifecycle/stale area/acme dco-signoff: yes ok-to-test area/acme/dns01 needs-kind	collaborator-last commented recv unreviewed
5093		Add relabeling and metricRelabelings settings for ServiceMonitor. Similar: #5778: [helm] Add support for relabelings and metricRelabelings an serviceMonitor (open)			10mo	2wk	10mo		release-note size/S needs-ok-to-test dco-signoff: yes area/deploy needs-kind	assigned recv recv-q similar unreviewed
5777		helm: Add option to keep CRDs when helm chart is uninstalled		3	6wk	3wk	4wk		release-note needs-ok-to-test size/M dco-signoff: yes area/deploy needs-kind	author-last commented recv recv-q unreviewed
5446		Allow concurrent same-FQDN DNS-01 challenges when using route53			6mo	4wk	5mo		release-note needs-ok-to-test size/M area/acme dco-signoff: yes area/testing needs-kind	author-last commented recv reviewed-with-comment
5778		[helm] Add support for relabelings and metricRelabelings an serviceMonitor Similar: #5093: Add relabeling and metricRelabelings settings for ServiceMonitor. (open)			6wk	5wk	5wk		size/L release-note needs-ok-to-test dco-signoff: yes area/deploy needs-kind	commented contributor-last recv similar unreviewed
5747		BUGFIX: if a LiteralSubject is set, the RequestMatchesSpec function does skip too many checks			1mo	7wk			release-note-none approved kind/bug kind/cleanup kind/design kind/documentation kind/feature size/M dco-signoff: yes	collaborator-last unreviewed
5701		feat: added custom endpoint override flag for http solver			2mo	2mo	2mo		release-note kind/feature needs-ok-to-test size/M area/acme dco-signoff: yes area/acme/http01	recv recv-q unreviewed
5686		Add missing healthz port to PSP in Helm Chart when hostNetwork is used			2mo	2mo	2mo		size/XS release-note needs-ok-to-test dco-signoff: yes area/deploy needs-kind	collaborator-last recv unreviewed
1203		Clarify ingress-shim annotations			9h	9h	9h		approved dco-signoff: yes size/S	recv unreviewed
1197		doc about new option default-cleanup-policy			10d	17h	17h		approved dco-signoff: yes size/M	author-last commented new-commits recv
1199		Webhook troubleshooting: advise people to set `timeoutSeconds` to 30 seconds			18h	17h			approved dco-signoff: yes size/M	unreviewed
1201		Faster ./scripts/gendocs/generate script			17h	17h			approved dco-signoff: yes size/L	unreviewed
1198		Bump webpack from 5.70.0 to 5.76.1			8d	8d	8d		dco-signoff: yes size/M dependencies	recv unreviewed
1192		release-process: explain how and when to merge master into release-next			3wk	12d	12d		approved dco-signoff: yes size/S	commented member-last new-commits
1195		Fix description of what happens to denied CertificateRequest			19d	19d	19d		approved dco-signoff: yes size/S	recv unreviewed
1183		Docs: Clarify zeroSSL setup instructions			5wk	5wk	5wk		size/XS dco-signoff: yes	assigned author-last recv recv-q unreviewed
1071		Improved the summary on the docs homepage		2	6mo	6mo	6mo		approved dco-signoff: yes size/S	commented contributor-last new-commits recv-q
1005		Route53 accessKeyIDSecretRef docs			9mo	9mo	9mo		size/XS dco-signoff: yes needs-ok-to-test	recv unreviewed
948		add note to ingress class definition			10mo	10mo	10mo		dco-signoff: no size/XS needs-ok-to-test	assigned author-last recv unreviewed
121		Bump golang.org/x/net from 0.0.0-20220225172249-27dd8689420f to 0.7.0 Similar: #120: Bump golang.org/x/text from 0.3.7 to 0.3.8 (open) Similar: #139: Bump golang.org/x/text from 0.3.7 to 0.3.8 in /hack/tools (open) Similar: #138: Bump golang.org/x/net from 0.2.0 to 0.7.0 (open)			16d	16d	16d		dco-signoff: yes needs-ok-to-test size/S dependencies	contributor-last recv similar unreviewed
120		Bump golang.org/x/text from 0.3.7 to 0.3.8 Similar: #121: Bump golang.org/x/net from 0.0.0-20220225172249-27dd8689420f to 0.7.0 (open) Similar: #139: Bump golang.org/x/text from 0.3.7 to 0.3.8 in /hack/tools (open) Similar: #138: Bump golang.org/x/net from 0.2.0 to 0.7.0 (open)			3wk	3wk	3wk		dco-signoff: yes needs-ok-to-test size/S dependencies	contributor-last recv similar unreviewed
118		Bump helm.sh/helm/v3 from 3.9.4 to 3.11.1			6wk	6wk	6wk		dco-signoff: yes needs-ok-to-test size/L dependencies	contributor-last recv unreviewed
202		Support adding pod annotations Similar: #116: feat: add support for additional pod annotations/labels (open)			8d	8d	8d		dco-signoff: yes size/XS needs-ok-to-test	contributor-last recv similar unreviewed
187		Add the ability to ignore cluster scoped resources.			3mo	3wk	4wk		dco-signoff: yes size/XS ok-to-test	commented contributor-last recv recv-q reviewed-with-comment
194		Add IstioOperator CR for v1.17.0			4wk	4wk			dco-signoff: yes size/M	contributor-last recv-q unreviewed
208		Templating in policy			18d	2d	2d		dco-signoff: yes size/L ok-to-test	author-last commented recv unreviewed
117		fixes #13 - Allow node selection based on nodeSelector, tolerations, affinities and topologySpreadConstraints			1d	1d	1d		dco-signoff: yes size/M needs-ok-to-test	contributor-last recv unreviewed
116		feat: add support for additional pod annotations/labels Similar: #202: Support adding pod annotations (open)			4wk	4wk	4wk		dco-signoff: yes needs-ok-to-test size/S	contributor-last recv similar unreviewed
43		Add a design for public trust bundles		4	7mo	6wk	2mo		dco-signoff: yes approved size/L	commented contributor-last new-commits
98		Cert formats proposal			2mo	2mo			dco-signoff: yes approved size/L	contributor-last unreviewed
129		Add attribute support for certificate subject			3mo	3wk	2mo		dco-signoff: yes size/L ok-to-test	author-last commented recv reviewed-with-comment
139		Bump golang.org/x/text from 0.3.7 to 0.3.8 in /hack/tools Similar: #120: Bump golang.org/x/text from 0.3.7 to 0.3.8 (open) Similar: #121: Bump golang.org/x/net from 0.0.0-20220225172249-27dd8689420f to 0.7.0 (open) Similar: #138: Bump golang.org/x/net from 0.2.0 to 0.7.0 (open)			3wk	3wk	3wk		dco-signoff: yes size/S needs-ok-to-test dependencies	contributor-last recv similar unreviewed
138		Bump golang.org/x/net from 0.2.0 to 0.7.0 Similar: #139: Bump golang.org/x/text from 0.3.7 to 0.3.8 in /hack/tools (open) Similar: #121: Bump golang.org/x/net from 0.0.0-20220225172249-27dd8689420f to 0.7.0 (open) Similar: #120: Bump golang.org/x/text from 0.3.7 to 0.3.8 (open)			4wk	4wk	4wk		dco-signoff: yes size/S needs-ok-to-test dependencies	contributor-last recv similar unreviewed
24		Document release process and update the versions of the GitHub Actions workflows			1d	1d			dco-signoff: yes size/M approved	contributor-last unreviewed
48		Retry pending request when issue is called			3wk	9d	3wk		dco-signoff: yes size/L needs-ok-to-test	assigned assignee-updated contributor-last new-commits recv recv-q
46		Add timeout to renewal issuance logic			3wk	9d	3wk		dco-signoff: yes size/M needs-ok-to-test	contributor-last recv recv-q unreviewed
28		Cleanup make files			7mo	7mo			dco-signoff: yes size/XL	contributor-last unreviewed

Unkinded Issues (178)

Resolution: Add a kind/ or triage/support label

Average age: 388.1d, Avg wait: 196.2d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5881		Whats the impact of removing the auto mount of access token for cert manager service accounts.			3h	3h	3h			recv
5799		kubectl apply error couldn't get resource list for external.metrics.k8s.io/v1beta1: Got empty response for: external.metrics.k8s.io/v1beta1			5wk	5wk	5wk		triage/not-reproducible	collaborator-last commented send
4918		Leader election timeout (?) causes exit		2	1y	5wk	5wk		triage/needs-information	commented member-last send
4824		Repo Migration Followup Task List			1y	4wk	2mo		priority/backlog	assigned assignee-updated commented member-last pr-merged
3992		Add non-CRD yaml file		2	2y	2mo	2y		priority/important-soon area/deploy	author-last commented recv
1132		New version of adcs-issuer			3mo	5wk	2mo