queue to be emptied once a day

Unprioritized issues older than 7 days (350)

Resolution: Add a priority/ or triage/ label

Average age: 433.0d, Avg wait: 212.3d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6903 Adding custom annotation to cm ingress resources
8d 8d 8d
kind/feature
recv
6907 clusterlint claims that webhook timeoutSeconds of 30 is too high
7d 5d 5d
author-last
commented
recv
6898 Venafi Certificate Valid Date 11d 11d 11d
kind/feature
recv
6890 Allow client-side rate-limiting to be disabled 14d 14d
kind/feature
6883 Akamai Edge DNS - Support for "Account Switch Key" in DNS01 Solver  19d 19d 19d
kind/feature
recv
6882 How About Graduating the Gateway API Support to GA?
2
2
3wk 8d 8d
kind/feature
commented
member-last
send
6880 configure cert-manager ClusterIssuer/Issuer in k8s cluster with CA certificate stored in Azure Key Vault 3wk 3wk 3wk
kind/feature
recv
6877 The order remains in the invalid state 3wk 3wk 3wk
kind/bug
author-last
recv
6876 Possibility to provide full chain with self-issuer CA 4wk 4wk 4wk
recv
6874 DNS-01: "propagation check failed" err="NS ns-0.awsdns-00.com.:53 returned REFUSED for _acme-challenge.stage-keycloak.xxxx.com." logger="cert-manager.challenges" resource_name="stage-keycloak.xxxx-1647614373" resource_namespace="keycloak" resource_kind="Challenge" resource_version="v1" dnsName="stage-keycloak.xxxx.xxxx.com" 4wk 4wk 4wk
kind/bug
recv
6867 Only a few cert-manager metrics are available 4wk 4wk 4wk
kind/bug
commented
member-last
send
similar
6862 cert-manager/certificates-issuing: re-queuing item due to optimistic locking on resource" 5wk 5wk 5wk
kind/bug
commented
member-last
send
6851 Unnecesary empty apiGroup on HelmChart
5wk 3wk 3wk
kind/feature
author-last
commented
recv
6884 Not able to generate .p12 certificates by cert-manager 18d 6h 18d
kind/bug
recv
recv-q
similar
6850 Allow secretless authentication in clusterissuer 5wk 5wk 5wk
kind/feature
recv
similar
6838 Add secretTemplate to Certificate resources created by ingress-shim
3
6wk 5wk 5wk
kind/feature
commented
member-last
pr-merged
send
6897 Not able to set the default ingressClassName when user creates issuer using class tag. 11d 1d 1d
kind/bug
author-last
commented
pr-closed
pr-unreviewed
recv
6837 Duplicate CertificateRequests for next revision require manual intervention
3
6wk 6wk 6wk
kind/bug
recv
6818 Multi-replica leader election tests 6wk 6wk 6wk
kind/feature
commented
member-last
send
6817 Add tests for our API defaults
6wk 6wk
kind/feature
pr-merged
6815 Certificate secrets are not recreated when critical fields change 7wk 7wk 7wk
kind/bug
recv
6848 Vault JWT Auth support undocumented? 6wk 6wk 6wk
kind/feature
recv
6799 ACME challenges stopped working after 1.13/1.14 update
2mo 6wk 7wk
author-last
commented
recv
6804 failed to change Route 53 record set: RequestError: send request failed. remote error: tls: handshake failure 7wk 7wk 7wk
kind/bug
recv
6794 CI may not be running make verify-crds 2mo 2mo
kind/bug
6786 How to install a FIPS compliant Linux Foundation cert-manager. Which versions are available ?
2mo 1mo 1mo
commented
recv-q
send
6787 Cert-manager with Cluster API to integrated trusted certificates 2mo 2mo 2mo
recv
6777 CertificateRequest ready status metric 2mo 2mo 2mo
kind/feature
recv
similar
6783 Add support for passwordless pkcs12 keystore
6
14
2mo 6h 2mo
kind/feature
pr-reviewed-with-comment
recv
6762 cert-manager http01 challenge doesnt work out of the box in k3s cluster with traefik. Pod is forever progressing. Error 503 when accessing http01 pod 2mo 4wk 2mo
kind/bug
recv
6758 Helm should fail if cert fails 2mo 2mo 2mo
commented
member-last
send
6753 reflector.go: nable to sync list result: internal error: cannot cast object DeletedFinalStateUnknown
4
2mo 2mo 2mo
kind/bug
author-last
recv
recv-q
6765 feature: Promote ExperimentalGatewayAPISupport feature to GA 2mo 2mo 2mo
kind/feature
recv
6805 Ingress routes for challenges created with pathType: ImplementationSpecific not working with Cilium 7wk 7wk 7wk
kind/bug
recv
6721 cmctl check api should fail unless the webhook is configured 2mo 2mo 2mo
kind/bug
commented
member-last
send
6756 When deleting a certificate resource, delete its certificate requests as well 2mo 2mo 2mo
kind/feature
recv
similar
6714 mismatched between certificate and secret can DOS Kubernetes 2mo 2mo 2mo
kind/bug
commented
member-last
send
6709 1.14 Release Review
3
2mo 2mo 2mo
commented
member-last
send
6707 Check multiple nameservers for self check validation if self check status not 200 2mo 2mo 2mo
kind/feature
recv
6691 Release name is not getting matched with label when using argocd to deploy the helm chart 2mo 2mo 2mo
kind/feature
recv
6673 Missing RBAC permissions for kubernetes serviceaccount against Vault issuer.
2mo 2mo 2mo
kind/bug
recv
6665 Can we add default values in API Reference for cert-manager objects? 2mo 2mo 2mo
recv
6664 Secret doesnt change when I change issuer 3mo 3mo 3mo
recv
6662 support overriding of ttl in cloudflare 3mo 14h 3mo
kind/feature
lifecycle/stale
recv
6653 configuration options for certificate chain 3mo 5d 3mo
kind/feature
lifecycle/stale
recv
similar
6652 Support for GCP Multi Cluster Gateway and HTTP01
3mo 6d 3mo
kind/feature
lifecycle/stale
recv
6651 ingressClassName incompatible with http01-ingress-class annotation 3mo 13d 3mo
kind/bug
recv
recv-q
similar
6649 Gateway API CRDs exist, yet getting "the Gateway API CRDs do not seem to be present, but ExperimentalGatewayAPISupport is set to true. Please install the gateway-api CRDs" error message.
6
3mo 7wk 3mo
kind/bug
recv
recv-q
6640 Intermittient DNS problem: networking error looking up CAA for xxx 3mo 9d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
6633 Error from server: request to convert CR from an invalid group/version: cert-manager.io/v1alpha2 3mo 11d 3mo
lifecycle/stale
collaborator-last
recv
6632 Vault Issuer: The CA full chain is not included into the ca.crt
3mo 2mo 3mo
kind/bug
commented
recv
recv-q
6625 Terraform helm provider Chart.yaml file missing 3mo 12d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
6624 cainjector not creating/updating Secrets after root CA rotation
5
3mo 14d 3mo
kind/bug
recv
6622 `make update-licenses` is non-deterministic. 3mo 15d
kind/bug
lifecycle/stale
collaborator-last
6616 Certificate Issue in Bare metal server - http01 3mo 16d 3mo
lifecycle/stale
collaborator-last
recv
6615 HTTP01 Config Map Challenge Flow
2
3mo 17d 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
6602 Cert manager not retrying after initial issuance is failed 3mo 19d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
6594 Waiting for DNS-01 challenge propagation: DNS record for 'hmccloud.com' not yet propagated.
3mo 2wk 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
similar
6820 Ongoing dependency evaluation
6wk 6wk 6wk
recv
6569 Add documentation for istio-csr and ingress with istio 4mo 2d 4mo
kind/feature
lifecycle/rotten
recv
similar
6564 Make Service Port and Webhook Service Port Configurable in Helm Chart 4mo 5d 4mo
kind/feature
lifecycle/rotten
recv
6554 Intermediate certificate is not updated in child certificates
3
4mo 5wk 4mo
kind/bug
author-last
recv
6553 Update Certificate API definition on key length 4mo 12d 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
6550 PCA Root PEM + Chain added to cert manager results in duplicate/repeated root CA in chain. 4mo 3d 4mo
lifecycle/rotten
recv
6541 keyUsage extension may be empty 4mo 1d 4mo
kind/bug
author-last
recv
6536 challenge stuck in pending state - certifcate never gets ready
4mo 3wk 4mo
kind/bug
lifecycle/stale
collaborator-last
recv
recv-q
6528 Unable to create certificates for domains mentioned in Selector DNS zones
4mo 7wk 4mo
kind/bug
recv
6527 Support for "UID" RDN in X509 Subject
4
4mo 3wk 4mo
kind/feature
recv
recv-q
6526 [question] about images in gcr.io/distroless 4mo 2wk 4mo
lifecycle/rotten
collaborator-last
recv
6524 Issuer for Gateway uses the hostname only rather than the httproutes 4mo 19d 4mo
kind/bug
lifecycle/rotten
recv
6523 Allow algorithm selection for keystore "passwords"
4mo 3wk
kind/feature
lifecycle/rotten
collaborator-last
pr-merged
6580 Warn users not to use insecure TSIG algorithms when using DNS UPDATE and ACME DNS01
3mo 3wk
lifecycle/stale
collaborator-last
pr-merged
6521 Add an `approveSignerNames` install option 4mo 3wk
kind/feature
lifecycle/rotten
collaborator-last
6520 Creating multiple Certificates with duplicate dnsNames (Issuing certificate as Secret does not exist) 4mo 3wk 4mo
kind/bug
lifecycle/rotten
recv
recv-q
6518 Can't verify image signature 4mo 3wk 4mo
kind/bug
lifecycle/rotten
collaborator-last
commented
send
6522 Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook code 503: 503 Service Unavailable 4mo 3wk 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
similar
6510 DNS-01 challenge propagation | NS ns-512.awsdns-00.net.:53 returned REFUSED for _acme-challenge ....
2
5mo 7h 5mo
kind/bug
lifecycle/stale
commented
recv
6505 Overly strict subject requirements 5mo 4wk 4wk
kind/bug
commented
member-last
6502 Can the duration of the server cert that is generated for the webhook be set?
5mo 11d 5mo
kind/feature
lifecycle/rotten
collaborator-last
recv
6489 Add support for custom-fields into the ingress annotations
2
5mo 5d 5mo
kind/feature
lifecycle/rotten
contributor-last
recv
recv-q
6511 Checklist for next backport release
5mo 3wk
kind/cleanup
lifecycle/rotten
collaborator-last
pr-closed
6472 Create TLSA records automatically
5
5mo 2mo 5mo
kind/feature
recv
6470 ingress-shim: allow to impersonate ingress-creator instead of using cert-manager serviceaccount 5mo 2mo 5mo
kind/feature
author-last
recv
6464 Requeing due to optimistic locking and slow retry
5
5mo 5wk 5mo
kind/bug
recv
recv-q
6457 Error from server (InternalError): Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": No agent available 5mo 11d 5mo
lifecycle/stale
collaborator-last
commented
send
similar
6422 Allow for Configuration of ValidatingWebhook in Helm 6mo 7d 6mo
kind/feature
lifecycle/rotten
recv
recv-q
similar
6473 Ingress labels copied to certificate, causing issues with applysets
2
5mo 2mo 5mo
kind/bug
author-last
pr-unreviewed
recv
6413 RFC2136 challenge update queries fail silently if target nameserver listens on UDP but forces re-querying over TCP
6mo 6wk 6wk
good first issue
kind/bug
assigned
assignee-updated
commented
member-last
send
6382 Conditional sub-expression always evaluates to _true_
6mo 15d 15d
commented
member-last
send
6378 Renewal fails during aws-privateca-issuer downtime, continues to fail after issuer returns to service
11
6mo 18d 6mo
kind/bug
lifecycle/stale
recv
6356 Graduate AdditionalCertificateOutputFormats feature gate
3
7mo 15d 15d
kind/feature
commented
member-last
send
6353 Docs: Wrong example Code for creating Issuers 7mo 3d 4mo
kind/bug
lifecycle/rotten
commented
send
6331 CSR not signed by referenced private key
3
7mo 1mo 1mo
commented
member-last
send
6312 Report issuer/clusterissuer status as a metric
7
7mo 2mo 7mo
kind/feature
author-last
recv
6418 `revisionHistoryLimit` default of `nil` should be changed to ...
5
6mo 11d 11d
kind/feature
commented
member-last
pr-closed
6269 Allow hardcoded JKS and PKCS#12 passwords
4
8mo 5h 7mo
good first issue
kind/feature
lifecycle/stale
commented
pr-reviewed-with-comment
recv-q
6246 Write documentation for the new DNS-over-HTTPS feature 8mo 10d 4mo
kind/documentation
lifecycle/rotten
collaborator-last
commented
send
6230 cert-manager DDoSes DNS-01 solver - infinite rate limiting
9mo 2mo 9mo
kind/bug
area/acme/dns01
recv
recv-q
6215 The default `Cluster Resource Namespace` is `kube-system`, not `cert-manager` 9mo 2mo 2mo
kind/bug
collaborator-last
commented
send
similar
6308 Route53 challenges not regulating failed requests with exponential backoffs
6
7mo 5d 7mo
recv
recv-q
6210 Flag to write/sync secrets to a namespace other than the namespace where the Certificate object is created
4
9mo 2mo 2mo
kind/feature
commented
member-last
send
6720 cmctl check api -v stopped logging continuous updates 2mo 2mo
kind/bug
6195 logLevel information in logs
9mo 2mo 2mo
kind/bug
commented
member-last
send
6212 Default duration field in cmctl check api
9mo 2mo 2mo
kind/feature
commented
member-last
pr-merged
send
6184 Conflicting ingressClassName http01 issuer spec and acme.cert-manager.io/http01-ingress-class annotation
6
10mo 5wk 10mo
kind/bug
recv
recv-q
similar
6179 CRDs shouldn't be templated in Helm...
4
21
10mo 6wk 4mo
commented
recv-q
send
6141 Consider exposing previous certificates/keys in the kubernetes secret so that workloads can implement a grace period when a certificate rotates
3
10mo 7d 10mo
kind/feature
lifecycle/stale
collaborator-last
commented
recv
recv-q
6138 allow unencrypted private keys for PKCS12 output
4
10mo 4wk 10mo
kind/feature
lifecycle/stale
collaborator-last
recv
6132 Checklist: CNCF Graduation
10mo 1d 1d
lifecycle/frozen
lifecycle/rotten
commented
member-last
pr-unreviewed
6117 Vault Issuer Read caBundle from ConfigMap
4
10mo 13d 3mo
area/api
kind/feature
area/vault
commented
contributor-last
recv
similar
6065 acme-http01-edit-in-place is ignored when edit ingress resource - has to be re-added
2
2
9
11mo 2mo 11mo
kind/bug
pr-unreviewed
recv
recv-q
6021 Make it possible to specify logging options for the ACME solver 11mo 2mo 2mo
kind/feature
commented
member-last
5959 `ImagePullBackoff` on `cm-acme-http-solver` pod, if using private registries
12
1y 6d 5mo
lifecycle/frozen
kind/bug
commented
send
5917 Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated
15
1y 6wk 1y
kind/bug
assigned
assignee-updated
commented
recv
recv-q
similar
5904 Support Azure Private DNS Zones for DNS Challenge
2
7
1y 15h 1y
kind/feature
lifecycle/rotten
recv
recv-q
6197 Securing Gateway resources with non HTTPS listeners generate BadConfig events
27
9mo 13d 9mo
kind/bug
pr-merged
recv
recv-q
5900 [FR] Allow the Chart to create extra manifest
7
1y 18d 4mo
kind/feature
commented
pr-changes-requested
send
5882 Duplicate events
1y 8d 3mo
kind/bug
lifecycle/stale
assigned
assignee-updated
collaborator-last
commented
5864 Certmgr allows creating certificates expiring after ca expiration.
4
1y 2mo 1y
kind/bug
author-last
recv
5851 CA cert in Secret not updated when self-signed CA itself gets renewed.
18
1y 6wk 8mo
kind/bug
commented
recv-q
send
5821 Allow renewBefore to be a percentage 1y 5d 1y
kind/feature
lifecycle/rotten
contributor-last
recv
recv-q
5785 Store OCSP response in kubernetes secret
5
1y 21h 5mo
kind/feature
commented
contributor-last
pr-closed
pr-unreviewed
send
5783 Add k8s.io/client-go/applyconfigurations style *ApplyConfigurations for the included CRDs
1y 2mo 1y
kind/feature
author-last
commented
pr-closed
recv
5772 Develop new Helm chart for cert-manager CRD manifests
1y 7wk 7wk
kind/feature
commented
member-last
send
5751 Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together
1y 19d 1y
kind/bug
recv
recv-q
5697 Support PodSecurityAdmission
6
1y 3wk 1y
kind/feature
recv
recv-q
5626 Helm: Allow configuration of readiness, liveness and startup probes for all created Pods
1y 7d 4mo
kind/feature
lifecycle/rotten
commented
pr-closed
send
5566 upload Helm charts to OCI registry and sign them with cosign
11
1y 2mo 2mo
kind/feature
commented
send
5557 error instantiating route53 challenge solver: unable to assume role: AccessDenied:
2
10
1y 4wk 1y
kind/bug
lifecycle/rotten
collaborator-last
recv
recv-q
similar
5540 Changelog annotations to chart 2y 2d 2y
kind/feature
author-last
recv
5538 Unable to set IPv6 podDNS config from values 2y 15d 2y
kind/bug
recv
recv-q
5867 Controller can't handle hitting request rate limits of zerossl ACME API
5
12
24
1y 5mo 5mo
lifecycle/frozen
kind/bug
commented
member-last
pr-closed
pr-merged
send
5514 Venafi Issuer Read `caBundle` from Configmap or Secret
4
10
2y 2mo 2mo
good first issue
kind/feature
assigned
assignee-updated
commented
member-last
pr-closed
pr-new-commits
similar
6150 (Cluster)Issuer with vault auth and serviceAccountRef is not accepted by cluster due to audience
3
13
10mo 2mo 7mo
commented
contributor-last
pr-unreviewed
recv
recv-q
5298 Complete the Migration Away From Jetstack Names 2y 13d 3mo
kind/cleanup
lifecycle/stale
collaborator-last
commented
5430 Improving DNS-01 challenge performance
4
2y 18d 2y
kind/feature
lifecycle/stale
collaborator-last
pr-closed
pr-unreviewed
recv
4797 Automatically renew certificates if OCSP indicates that it was revoked
17
2y 4wk 2y
kind/feature
area/acme
author-last
commented
recv
recv-q
4749 rfc2136 seems to not work with deep subdomains 2y 2mo 2y
kind/bug
area/acme/dns01
commented
recv
recv-q
4685 Unexpected EOF during watch stream event decoding: unexpected EOF -- possibly due to api server upgrades / restarts
10
2y 2mo 2mo
lifecycle/frozen
kind/bug
commented
member-last
send
4423 Cert renewal loop
4
2y 5wk 5wk
kind/bug
commented
member-last
send
4349 allowing greater configuration for the cloud provider tests
2y 2y 2y
lifecycle/frozen
kind/feature
collaborator-last
commented
send
4191 Setting default values for Pod's "resources"?
6
2y 3wk 3mo
lifecycle/stale
collaborator-last
commented
5486 Aggressive Retries from "error instantiating route53 challenge solver"
4
2y 2mo 2y
kind/bug
recv
recv-q
similar
4950 General flakiness of our end-to-end suite
3
2y 2y 2y
lifecycle/frozen
kind/flake
commented
member-last
pr-closed
pr-merged
send
6754 Schedule certificate renewal outside business hours 2mo 2mo 2mo
kind/feature
recv
6741 ACME account private key and URI are not updated if the path of the ACME server is changed
5
2mo 2mo 2mo
kind/bug
recv
3896 Cert Manager failing to renew certificate
18
3y 7wk 2y
kind/bug
area/acme/dns01
commented
recv-q
send
similar
6752 Support LocalSubjectAccessReview if namespace option is non-empty
2mo 2mo 2mo
kind/feature
pr-merged
recv
3958 Sane defaults for Certificate revision history limit
2
13
3y 2mo 2mo
kind/feature
commented
member-last
send
similar
1457 change the Venafi URL for cert-manager support 18d 4d 18d
author-last
recv
1355 Add CA cert to chain tls.crt 4mo 2mo 4mo
recv
1388 Create a section for sane `Certificate` defaults
3mo 3mo
similar
1261 Switch to Docusaurus? 9mo 9mo
1257 ErrRegisterACMEAccount 10mo 10mo 10mo
recv
1255 helm install cert-manager with errors 10mo 9mo 9mo
commented
member-last
send
1241 Remove Bitnami kubeprod as installation method 10mo 10mo 10mo
recv
1194 Confusing paragraph - cert-manager integration. 1y 9mo 9mo
documentation
commented
member-last
send
1186 Document that/why we don't use Helm's CRD installation mechanism 1y 9mo 9mo
good first issue
kind/documentation
assigned
assignee-updated
commented
member-last
send
1262 v1.9 to v1.10 upgrade instructions does not mention container name change
9mo 2mo 2mo
assigned
assignee-updated
commented
member-last
1168 Rendering issues for generated API docs
1y 1y 1y
commented
member-last
pr-merged
1101 Feature request for updating documentation. 1y 1y 1y
recv
similar
1063 "Securing Ingresses with Venafi" tutorial contains link to missing manifest
2y 2y 2y
author-last
pr-merged
recv
1062 Document process for offboarding maintainers 2y 2y 2y
recv
similar
1125 Describe cert-manager feature policy 1y 1y 1y
contributor-last
recv
recv-q
1061 Document onboarding process for new maintainers 2y 2y 2y
recv
similar
1054 Run spell checker in a pre-commit hook 2y 2y 2y
good first issue
kind/cleanup
recv
998 Documentation venafi configuration references venafi documentation page which returns 403 2y 2y 2y
contributor-last
recv
993 Document which resources do/do not get garbage collected 2y 2y 2y
good first issue
contributor-last
recv
955 Document when the vault pki role required setting `require_cn=false`
2y 1y
975 Some pages do not make it clear what the user should read next 2y 2y
899 Upgrading from v1.7 to v1.8 check command should exclude null.
2
2y 2y 2y
recv
recv-q
944 Document how to install cert-manager in a different namespace
3
2y 3mo 2y
good first issue
recv
recv-q
866 Securing NGINX-ingress 2y 2y 2y
recv
similar
851 create Cilium ingress tls example
3
2y 2y 2y
assigned
assignee-updated
recv
847 missing documentation/information olm based installation metric prometheus 2y 2y 2y
contributor-last
recv
868 Document RBAC 2y 2y 2y
contributor-last
recv
similar
844 Document feature gates 2y 2y
similar
836 Syncing Secrets Across Namespaces
2y 2y 2y
recv
841 remove dependency on golang from cmctl and kubectl-plugin installation documentation
2y 2y 2y
contributor-last
pr-merged
recv
recv-q
802 Spelling errors are unclear in pull request CI results and spell checker is unmaintained
2y 2y
kind/bug
contributor-last
pr-merged
776 Explain that you can pre-provision a Secret and Certificate.Spec.SecretName can refer to an existing Secret 2y 2y 2y
commented
member-last
send
706 Default key usages 2y 2y 2y
recv
1347 FAQ Entry for Passwords on JKS / PKCS#12 5mo 5mo
693 Azure DNS pod identity incorrectly documents principal_id 2y 5mo 2y
author-last
commented
recv
recv-q
672 List required Google CloudDNS permissions exhaustively 2y 2y 2y
recv
697 [IRSA] Needs `runAsUser: 1001` 2y 2y 2y
recv
645 Investigate & add an FAQ/warning about images rolled back after GitOps upgrade 2y 2y 2y
recv
recv-q
642 Move/ link to Webhook debugging docs 2y 2y
662 Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"
2y 2y 2y
recv
583 cert-manager with ZeroSSL
45
2y 2y 2y
commented
send
568 Add a diagram for LetsEncrypt cert issuance flow to the docs
4
2y 2y 2y
recv
561 Certificate Resources 2y 2y 2y
recv
similar
554 HTTP Validation, privateKeySecretRef 2y 2y 2y
contributor-last
recv
549 Effort towards a more user-friendly website 3y 3y
542 Document the Istio VirtualService HTTP01 configuration options 3y 3y
543 Add getting started documentation for users who want to quickly use cert-manager to issue LetsEncrypt certificates
4
3y 2y 2y
commented
member-last
send
486 OpenShift - broken link
3y 2y 2y
commented
member-last
send
532 Rework of the landing page (cert-manager.io)
3
3y 2y 2y
help wanted
good first issue
commented
member-last
send
1425 The `issuer.vault.spec.caBundleSecretRef` docs are missing 2mo 2mo
466 installation/compatiblity 3y 3y 3y
recv
386 Uninstalling on Kubernetes - How to delete all those user created resources?
3y 3y 3y
collaborator-last
commented
send
330 Case for CertificatePrivateKey (encoding, algorithm) is wrong (v1) 3y 3y 3y
collaborator-last
commented
send
326 Securing Ingresses with Venafi 3y 3y 3y
collaborator-last
commented
send
similar
295 Route53 3y 3y 3y
kind/documentation
commented
member-last
send
425 Document ocspServers 3y 3y 3y
kind/documentation
commented
member-last
457 cainjector docs are missing the option to inject certs in apiservice resources
3y 3y 3y
recv
604 Make it so that it is easier to find the doc for fixing webhook issues 2y 2y 2y
contributor-last
recv
758 API reference docs: enum values not documented with typedef 2y 2y 2y
recv
469 DNS01: Delegated Domains for DNS01 example yaml solvers list items 3y 3y 3y
recv
168 Cmctl isn't in the main repository anymore 3wk 3wk 3wk
commented
member-last
79 Design for partial automation of release process 2y 2y 2y
commented
member-last
send
42 Publish latest release number as part of creating a final release
2y 2y 2y
commented
member-last
send
19 Incorrect command line help: should include a --branch argument 3y 3y 3y
kind/cleanup
commented
contributor-last
31 Move the manual steps of our release process to cmrel commands
2y 2y 2y
commented
member-last
pr-closed
27 Create cert-manager specific testing infrastructure
3y 3wk 3wk
assigned
assignee-updated
commented
member-last
pr-merged
send
285 Image version is v0.0.0 6wk 5wk 5wk
author-last
commented
recv
287 Getting Readiness probe failed when using cert-manager-istio-csr 5wk 5wk 5wk
recv
similar
244 Populate Subject Fields in Certificate 3mo 2mo 3mo
contributor-last
recv
224 ClusterRole & ClusterRoleBindings for istio-csr 4mo 4mo 4mo
recv
223 False positive warnings from trivy and dependabot
6
4mo 5d
217 Restarting a namespace with 30+ deployments causes errors in istio-csr which tends to reolve after a while. 8mo 4mo 8mo
contributor-last
recv
213 charts.jetstack.io beding cluster presents a challenge and breaks deployment 10mo 10mo 10mo
recv
211 Add custom annotations to deployment
10mo 3mo 10mo
pr-unreviewed
recv
197 add the compatibility matrix for Kubernetes versions to README 1y 1y 1y
recv
similar
176 certificateDuration is not used for the Istio CSR generated certificate requests 2y 2y 2y
author-last
commented
recv
recv-q
similar
161 updating ConfigMap data doesn't stop
2y 2y 2y
collaborator-last
commented
send
155 Invalid certificate chain when using Vault with Intermediate CA 2y 4mo 2y
recv
recv-q
153 It is possible to have several CAs within the same cluster.
2
2y 9mo 9mo
commented
member-last
send
145 Not able to use Istio-CSR in istio(1.13.*)
2y 2y 2y
author-last
commented
pr-closed
recv
144 add a support kubernetes client QPS and Burst config 2y 2y 2y
recv
141 Istio-csr pods were hung unable to handle request causes entire cluster downtime for new pods/expired pods. 2y 2y 2y
commented
recv
recv-q
138 istio-csr doesn't retry upon failed certificate requests
2y 1y 2y
contributor-last
recv
137 Documentation on rotating the root certificate
2y 1y 2y
recv
recv-q
136 Document available metrics 2y 2y 2y
recv
similar
133 latest supported cert-manager version with cert-manager-istio-csr? 2y 2y 2y
collaborator-last
commented
send
132 Allow override of istiod-tls certificate common name in helm chert (for non-standard istiod deployments) 2y 1y 2y
recv
131 metrics to check certificate expiry for istio workloads ? 2y 2y 2y
collaborator-last
commented
send
130 Document best-practices for minimal vault role configuration for istio-csr 2y 3mo 2y
recv
recv-q
118 E2E tests running against the wrong k8s version 2y 2y
117 public ca.crt aka caBundle is not being updated/propagated until the cert-manager and istiod components are restarted 2y 2y 2y
recv
279 Istio sidecar can only request new cert using istio-token
3
1mo 6wk 1mo
recv
108 [doc] confusion with `ca.pem` and Readiness probe failed on ingress and egress gateways 2y 2y 2y
author-last
commented
recv
recv-q
106 Helm chart is failing with "certificate.spec.revisionHistoryLimit" issue 2y 2y 2y
collaborator-last
commented
send
similar
94 Can't get aws pca to work 2y 2y 2y
recv
113 Integrating with istio helm chart installs
13
2y 8mo 2y
recv
recv-q
84 csr readiness probe failed, istio ingress pod also failed
2
2y 13d 2y
support
commented
recv-q
send
similar
83 commonName required for AWS PCA 2y 2y 2y
commented
recv
recv-q
87 Failing to integrate with GCP CAS
2y 2y 2y
collaborator-last
commented
send
64 Is there way to hot restart envoy proxy using istio-csr? I'm trying to renew root certificate by changing the istio-ca secret manually. The workload does not pick the new root certificate unless I delete the workload pods 2y 2y 2y
commented
send
53 Generate workload certificates with DNS in the SAN 2y 2y 2y
commented
recv-q
send
283 Document / improve that sometimes the issuer needs to set `ca.crt`
7wk 7wk
419 BUG: issuerRef `group: "cert-manager.io"` does not match CertificateRequest with no group.
2
8d 7d 7d
commented
member-last
send
288 Feature: Take control of approval for the whole cluster
6mo 3mo 3mo
commented
member-last
394 Limit number of SANs by policy
7wk 6wk 7wk
contributor-last
recv
278 Add Helm option to create RBAC allowing approval for all issuers
6mo 6mo 6mo
kind/feature
good first issue
commented
member-last
send
271 Include binary artifacts your releases. 7mo 7mo 7mo
recv
169 Webhook Custom CA 1y 1y 1y
recv
61 Flakey Tests in pull-cert-manager-approver-policy-verify
2y 2y
kind/bug
pr-merged
216 Simplify configuration by creating RBAC by default
1y 1y
pr-merged
203 Improve CRD fields for specifying key requirements
2
1y 1y
207 Setting .Values.nameOverride makes the pod not have rights to update secret cert-manager-approver-policy-tls
1y 1y 1y
author-last
pr-merged
recv
335 Support RSA Keys 4wk 3wk 4wk
author-last
recv
recv-q
310 Provide deterministic bundle 7wk 7wk 7wk
commented
contributor-last
recv
recv-q
336 Helm chart support dual stack clusters 17d 6d 17d
pr-unreviewed
recv
similar
302 Add matchExpressions to Bundle's spec.target.namespaceSelector
2mo 2mo 2mo
contributor-last
recv
recv-q
301 Add support for kubectl installation 2mo 2mo 2mo
commented
contributor-last
open-milestone
recv
299 trust-manager deduplication doesnt work
2mo 1mo 2mo
assigned
assignee-updated
contributor-last
pr-merged
recv
recv-q
294 Init Container cert-manager-package-debian Helm Chart should allow resource requests and limits 2mo 2mo 2mo
author-last
recv
312 Chart is not allowing to pass Certificate Issuer name through value.yaml 7wk 7wk 7wk
recv
282 No flag to set structured logging format, e.g. JSON?
3
3mo 2mo 2mo
kind/feature
commented
contributor-last
send
281 Issue with CRDs when having trust-manager as chart dependency 3mo 3mo 3mo
recv
276 Improve filtered certs error reporting
4
3mo 3mo 3mo
contributor-last
recv
recv-q
245 Split Bundle controller into multiple controllers
4mo 4mo 4mo
contributor-last
recv
243 More flexible and better organized target specification in API
2
5mo 4mo 4mo
commented
recv
recv-q
305 Avoid multiple decode/encode of certificates
3
1mo 12d 1mo
assigned
assignee-updated
contributor-last
pr-merged
recv
recv-q
242 New version of Bundle API
2
2
5mo 3mo 3mo
commented
member-last
send
222 [Feature] - Ability to inject a CA cert into a cert-manager managed secret resource
6
5mo 5mo 5mo
commented
recv-q
send
205 Allow to select multiple "trust" namespaces
3
6mo 6mo 6mo
recv
196 Allow TLS to be configured on the admission webhook server 6mo 6mo 6mo
recv
183 Create trust bundle based on Debian bookworm
11
7mo 5mo 5mo
good first issue
assigned
assignee-updated
commented
member-last
175 support extra annotations on resoures in helm chart
2
7mo 7mo 7mo
recv
168 Install in openshift with existing cert-manager operator install 7mo 7mo 7mo
author-last
commented
recv
recv-q
similar
150 Is there a way to specify the domain
9mo 7mo 7mo
commented
member-last
send
144 Add CertificateRequest as a source
7
10mo 8mo 8mo
commented
contributor-last
pr-merged
recv
similar
142 expose bundles CRD as release artifact
4
10mo 10mo 10mo
recv
135 Automatic CA rotation support 11mo 11mo 11mo
contributor-last
recv
132 Unable to run Trust Manager without cert manager 11mo 11mo 11mo
contributor-last
pr-unreviewed
recv
recv-q
131 Feature: per namespace trust bundle
2
11mo 5mo 11mo
author-last
recv
recv-q
113 Branch from "old" trust-manager name to add deprecation warning.
1y 1y
112 Move away from buildx 1y 1y
99 Allow removing Bundles whilst keeping the synced CA certs
2
1y 1y 1y
pr-unreviewed
recv
72 Add the configmap on all pod via mutatingWebhookConfiguration
4
1y 7wk 1y
kind/feature
commented
send
similar
63 nit: Rename "Bundle" to "ClusterBundle"
12
2y 5mo 5mo
commented
member-last
open-milestone
send
60 overriding trusted namespace
4
6
2y 1y 1y
commented
recv-q
send
59 Trust part 2 - How to use a bundle?
4
2y 7wk 4mo
commented
recv-q
227 trust-manager and Kubernetes version compatibility
5mo 5mo 5mo
author-last
recv
recv-q
similar
58 Support injection pem into an existing configmap
4
2y 4mo 2y
help wanted
good first issue
assigned
assignee-updated
contributor-last
recv
44 Specialise `Bundle` for X.509 Certificates 2y 4mo 4mo
commented
member-last
39 Don't sync targets to all namespaces by default
7
2y 5mo 5mo
commented
contributor-last
open-milestone
send
33 Support CRDs as target
4
2y 2y 2y
recv
23 Way to add labels/annotations to target
12
2y 7mo 2y
help wanted
good first issue
recv
4 Feature: By default, require only self-signed certificates in a bundle 2y 5mo
kind/feature
help wanted
contributor-last
311 Wrong labels in topologySpreadConstraints example in the Helm chart values 7wk 7wk
297 Allow all resources to be namespaced 2mo 2mo 2mo
recv
328 Document a policy around immutable image tags
4wk 4wk
open-milestone
291 Evaluate trust namespace value as template 2mo 2mo 2mo
recv
54 Allow auto-trust Bundles tracking a certain Issuer
2
2y 7mo 1y
commented
contributor-last
recv-q
send
171 E2E Test Cleanup 3mo 3mo 3mo
good first issue
commented
member-last
134 Volume empty
4
1y 1y 1y
recv
130 JKS support
3
1y 4h 1y
recv
recv-q
similar
119 Certificate is re-requested when container restarts 2y 2y 2y
recv
similar
116 Does csi-driver support Wìndows nodes? 2y 2y 2y
collaborator-last
commented
send
45 Unable to mount and read only file error
4
2y 1y 2y
commented
recv-q
send
136 SubPath support is broken or missing 1y 1y 1y
recv
26 Cannot `chmod` a read only filesystem
14
3y 2y 3y
pr-closed
recv
recv-q
21 MountVolume.SetUp failed: cannot set blockOwnerDeletion: cannot find RESTMapping for APIVersion core/v1 Kind Pod 4y 4y 4y
recv
17 ability to specify pod IP in volume attributes
5
4y 3mo 3y
commented
recv
recv-q
128 Support all subject attributes
1y 1y 1y
pr-reviewed-with-comment
pr-unreviewed
recv
125 Is it too late to align cert-manager annotations? 1y 1y 1y
recv
similar
74 Investigate and change the default mounted host path for driver 2y 2y
33 New key being used with old certificate 3y 3y 3y
recv
29 Deleting a pod with a cert-manager-csi volume mounted results in the pod termination hanging. 3y 3y 3y
recv
42 Intermittent csi-driver-spiffe failure: Unable to mount cert 6mo 6mo 6mo
commented
member-last
send
39 csi-driver-spiffe vs csi-driver
4
11mo 7mo 7mo
commented
member-last
send
41 The default `csiDataDir` value might collide with csi-driver 10mo 10mo
38 Add Envoy Secret discovery service (SDS) support 11mo 11mo 11mo
recv
19 Add support for certificate expiry configuration
6
2y 11mo 2y
recv
similar
58 certificate cannot be renewed, error message: "key does not match certificate"
4
5wk 3wk 5wk
recv
recv-q
56 Support for destinationCaCertificate / Reencrypt Routes 6wk 6wk 6wk
recv
42 Monitoring observability for "CertificateRequests" 6mo 5mo 6mo
contributor-last
recv
similar
39 Support latest cert-manager operator for openshift 7mo 7mo 7mo
commented
member-last
send
similar
38 Route with cert-manager annotations is not created
7mo 4mo 4mo
commented
member-last
send
similar
46 Ability to configure CertificateRequest revision history limit
2
5mo 5mo 5mo
recv
similar
14 Annotation generates CertificatesRequests repeatedly until blocked by letsencrypt 2y 4mo 4mo
commented
member-last
send
similar
30 Installation is only possible in the default `cert-manager` NS
3
10mo 6mo 10mo
contributor-last
pr-closed
recv
recv-q
12 Does this plugin support DNS validation? 2y 2y 2y
recv
13 Can the plugin be configured to use a wildcard certificate?
2y 1y 2y
pr-unreviewed
recv
recv-q
49 What do you use Openshift-routes for? And why would you prefer Certificates to be created rather than CRs?
6
4mo 6wk 6wk
commented
member-last
pr-unreviewed
54 Same certificate in path based Routes
3mo 3mo 3mo
recv
26 Missing CONTRIBUTING.md
1y 1y 1y
recv
34 `openshift-routes` doesn't work as expected and isn't suitable for a production environment 9mo 7mo 9mo
author-last
recv
recv-q
70 OLM deployment with ArgoCD is OutOfSync 2y 2y 2y
commented
send
17 Operator prevents passing extraArgs helm value
7
3y 1y 3y
recv
recv-q
46 Cert-manager operator fails to issue certificates 2y 2y 2y
recv
similar
22 Customize the deployment of cert-manager installed via OLM
5
6
3y 1y 2y
author-last
commented
recv
recv-q
3 Restrict operator RBAC permissions 4y 4y 4y
recv
40 Optional auto rotating/renewing certificates 2y 3wk 2y
contributor-last
recv
recv-q
60 Support prometheus metrics
3mo 3mo 3mo
recv
8 Drivers can create CertificateRequests for pods that don't exist in very rare edge cases 2y 2y
contributor-last
33 Create e2e test to validate CertificateRequest garbage collection 2y 2y 2y
assigned
recv