queue to be emptied once a day

Unprioritized issues older than 7 days (308)

Resolution: Add a priority/ or triage/ label

Average age: 400.0d, Avg wait: 199.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6524 Issuer for Gateway uses the hostname only rather than the httproutes 8d 4d 8d
kind/bug
author-last
recv
6518 Can't verify image signature 12d 11d 11d
kind/bug
commented
member-last
send
6523 Allow algorithm selection for keystore "passwords" 9d 9d
kind/feature
6510 DNS-01 challenge propagation | NS ns-512.awsdns-00.net.:53 returned REFUSED for _acme-challenge .... 16d 11d 16d
kind/bug
author-last
commented
recv
6509 reinstall failed after k8s upgrade
17d 17d 17d
recv
6505 Overly strict subject requirements 18d 18d
kind/bug
6504 Webhook validation bugs for cert subjects
18d 11d 11d
good first issue
kind/bug
commented
member-last
send
6502 Can the duration of the server cert that is generated for the webhook be set? 2wk 2wk 2wk
kind/feature
recv
6494 Bug: Lower Memory Usage - Filtered Secrets Label Caused Unwarranted Renewal of Certificates
3
3wk 3wk 3wk
kind/bug
commented
member-last
pr-closed
send
6511 Checklist for next backport release
16d 11d
kind/cleanup
contributor-last
pr-closed
6489 Add support for custom-fields into the ingress annotations 3wk 3wk 3wk
kind/feature
recv
6474 Incorrect error when validating Certificate PrivateKey
2
3wk 3wk 3wk
good first issue
kind/bug
commented
member-last
similar
6473 Ingress labels copied to certificate, causing issues with applysets
4wk 4wk 4wk
kind/bug
author-last
recv
6472 Create TLSA records automatically
2
4wk 2wk 4wk
kind/feature
recv
6522 Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook code 503: 503 Service Unavailable 10d 10d 10d
kind/bug
recv
similar
6475 preferredChain attribute on Clusterissuer doesn't pull ISRG X1 root certificate on lets-encrypt provider 3wk 3wk 3wk
kind/bug
recv
6468 Gateway API v1
5
5wk 13d 5wk
kind/feature
commented
recv-q
6464 Requeing due to optimistic locking and slow retry
5wk 19d 5wk
kind/bug
recv
6465 Cannot supply trusted ca certificate bundle for the ACMEDNS solver 5wk 5wk 5wk
kind/bug
author-last
commented
recv
6448 Can I apply for certificates across projects in GCP? 6wk 6wk 6wk
recv
6457 Error from server (InternalError): Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": No agent available 5wk 4wk 4wk
commented
member-last
send
similar
6434 Handle license generation for every platform 7wk 7wk
kind/feature
6422 Allow for Configuration of ValidatingWebhook in Helm 7wk 7wk 7wk
kind/feature
recv
similar
6442 Question: get accountid from Lets Encrypt cert 6wk 6wk 6wk
recv
6413 RFC2136 challenge update queries fail silently if target nameserver listens on UDP but forces re-querying over TCP 1mo 5wk 1mo
good first issue
kind/bug
recv
6408 Cert-manager updates the spec of the applied objects 2mo 1mo 1mo
kind/bug
author-last
commented
recv
6407 Allow for Configuration of TTL on Route53 2mo 7wk 2mo
kind/feature
assigned
assignee-updated
pr-changes-requested
recv
similar
6405 Retries not working as expected 2mo 2mo 2mo
author-last
commented
recv
recv-q
6393 Support `otherName` SAN type 2mo 2mo 2mo
kind/feature
pr-new-commits
pr-reviewed-with-comment
pr-unreviewed
recv
6389 Flakey test: [Conformance] Certificates with issuer type ACME: Error 2mo 2mo
kind/bug
6388 Orders marked as "invalid" intermittently
2mo 16d 2mo
recv
6386 Add Prometheus Metric for Certificate Requests Count
2
2mo 2mo 2mo
kind/feature
commented
member-last
pr-closed
send
similar
6418 `revisionHistoryLimit` default of `nil` should be changed to ...
2
7wk 4d 4d
kind/feature
commented
member-last
pr-closed
6385 Improve error handling if ingress object is missing ownerref 2mo 2mo
kind/bug
6382 Conditional sub-expression always evaluates to _true_
2mo 2mo 2mo
author-last
commented
recv
6378 Renewal fails during aws-privateca-issuer downtime, continues to fail after issuer returns to service
2
2mo 4d 2mo
kind/bug
recv
6377 Restrict access to a list of namespaces 2mo 2mo 2mo
kind/feature
recv
6364 Enabling ServerSideApply feature gate changes status conditions behavior
2mo 2mo 2mo
kind/bug
commented
contributor-last
recv
6361 Allow `cert-manager.io/allow-direct-injection` annotation on `Certificate` `Secret`s
2mo 5wk 7wk
good first issue
assigned
assignee-updated
commented
recv-q
6356 Graduate AdditionalCertificateOutputFormats feature gate
3
2mo 2mo 2mo
kind/feature
commented
member-last
send
similar
6353 Docs: Wrong example Code for creating Issuers 2mo 2mo 2mo
kind/bug
author-last
commented
recv
recv-q
6350 Webhook inject-ca-from annotation causes downtime
4
2mo 2mo 2mo
kind/bug
author-last
commented
recv
6343 [Helm: possible improvement] Controller ConfigMap is created even if .Values.config is not set
2mo 2mo 2mo
kind/cleanup
commented
contributor-last
pr-merged
recv
6334 Query recursive nameservers for DNS01 challenge in round robin fashion 2mo 2mo 2mo
kind/feature
recv
6331 CSR not signed by referenced private key
2
3mo 2mo 2mo
author-last
commented
recv
6327 wrong status code '404', expected '200' with one specific Ingress 3mo 2d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
6325 The RSA-SHA signature algorithm is not correctly mapped to the certificate. 3mo 2mo 2mo
assigned
assignee-updated
author-last
commented
recv
6323 Even if CA is expired, cert-manager allows to issue client cert with expired CA 3mo 6d 3mo
lifecycle/stale
collaborator-last
recv
6312 Report issuer/clusterissuer status as a metric
4
3mo 6wk 3mo
kind/feature
recv
6309 How to pass ServiceAccountName to the acme-http01-solver pod. 3mo 6wk 3mo
author-last
recv
6308 Route53 challenges not regulating failed requests with exponential backoffs
4
3mo 3wk 3mo
recv
recv-q
6307 Certificates only issued for ingress in default namespace 3mo 14d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
6363 Unable to set revisionHistoryLimit on the deployments
2mo 2mo 2mo
kind/bug
pr-closed
recv
6305 Error "Waiting for DNS-01 challenge propagation: dial udp: address udp/53': unknown port" 3mo 1d 3mo
lifecycle/stale
recv
6288 Generate cert-manager secret with certificate,key and password 3mo 2wk 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
6284 cert-manager PEM format certificate to support private key encryption 3mo 3wk 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
6283 JWK(S) support
3
3mo 5wk 3mo
recv
similar
6282 The certificate request has failed... order is in "invalid" state 3mo 3wk 3mo
lifecycle/stale
collaborator-last
recv
similar
6279 ServiceTemplate for solver HTTP01 3mo 3wk 3mo
lifecycle/stale
collaborator-last
recv
6274 Vault Issuer - Secretless Authentication with a Service Account doesn't work
3mo 3wk 3mo
lifecycle/stale
collaborator-last
recv
6273 Solver RFC2136 without TSIG 3mo 2mo 3mo
kind/feature
commented
contributor-last
recv
6270 Feature Request/Idea - Cert-Manager saves TLS Secret to Azure KeyVault 3mo 4d 3mo
kind/feature
lifecycle/stale
recv
recv-q
6246 Write documentation for the new DNS-over-HTTPS feature 4mo 19d
kind/documentation
lifecycle/stale
collaborator-last
open-milestone
6238 cattle-cluster-agent error: x509: certificate signed by unknown authority with Letsencrypt
4mo 14d 3mo
lifecycle/stale
collaborator-last
commented
send
6269 Allow hardcoded JKS and PKCS#12 passwords
2
3mo 9d 2mo
good first issue
kind/feature
commented
6230 cert-manager DDoSes DNS-01 solver - infinite rate limiting 4mo 2mo 4mo
kind/bug
area/acme/dns01
recv
recv-q
6215 The default `Cluster Resource Namespace` is `kube-system`, not `cert-manager` 4mo 14d 3mo
kind/bug
lifecycle/stale
collaborator-last
commented
send
6213 Unable to install cert-manager with argo-cd because helm chart is v1 4mo 15d 4mo
kind/bug
lifecycle/rotten
collaborator-last
commented
send
6224 Option to store certificate history in individual secrets
4mo 3wk 4mo
kind/feature
lifecycle/rotten
collaborator-last
commented
recv
recv-q
6210 Flag to write/sync secrets to a namespace other than the namespace where the Certificate object is created
3
5mo 9d 4mo
kind/feature
lifecycle/stale
collaborator-last
commented
recv
recv-q
6205 How to check the version/build info? 5mo 2mo 2mo
kind/feature
collaborator-last
commented
send
6197 Securing Gateway resources with non HTTPS listeners generate BadConfig events
13
5mo 2mo 5mo
kind/bug
pr-merged
recv
6195 logLevel information in logs
5mo 9d 5mo
kind/bug
recv
recv-q
6185 Ingress-gce:"Error syncing to GCP: error running load balancer syncing routine"
3
5mo 6wk 5mo
kind/bug
recv
recv-q
6184 Conflicting ingressClassName http01 issuer spec and acme.cert-manager.io/http01-ingress-class annotation
4
5mo 2mo 5mo
kind/bug
recv
recv-q
similar
6179 CRDs shouldn't be templated in Helm...
16
5mo 7h 4mo
commented
recv-q
send
6163 is there a way to save dhparam with certificat
5mo 8h 5mo
lifecycle/stale
collaborator-last
recv
6160 Helm Chart global repository
5mo 6wk 5mo
recv
6212 Default duration field in cmctl check api
5mo 6d 3mo
kind/feature
lifecycle/stale
collaborator-last
commented
pr-merged
recv
6141 Consider exposing previous certificates/keys in the kubernetes secret so that workloads can implement a grace period when a certificate rotates
3
6mo 4wk 5mo
kind/feature
commented
recv
recv-q
6138 allow unencrypted private keys for PKCS12 output
3
6mo 2mo 6mo
kind/feature
author-last
recv
6132 Checklist: CNCF Graduation
6mo 17d 3wk
commented
member-last
pr-unreviewed
send
6150 (Cluster)Issuer with vault auth and serviceAccountRef is not accepted by cluster due to audience
3
8
5mo 2wk 2mo
commented
open-milestone
pr-unreviewed
recv
recv-q
6112 DigiCert error setting up issuer 6mo 14d 3mo
kind/bug
lifecycle/stale
collaborator-last
commented
send
6106 Controller can't handle hitting request rate limits when is registering the issuer
6mo 2mo 6mo
kind/bug
commented
contributor-last
pr-closed
recv
recv-q
similar
6074 Graduate SecretsFilteredCaching feature gate to beta
2
6mo 10d 10d
kind/feature
commented
member-last
send
6065 acme-http01-edit-in-place is ignored when edit ingress resource - has to be re-added
2
2
8
7mo 19d 7mo
kind/bug
recv
recv-q
6117 Vault Issuer Read caBundle from ConfigMap
3
6mo 1mo 2mo
area/api
kind/feature
area/vault
commented
contributor-last
recv
similar
6021 Make it possible to specify logging options for the ACME solver 7mo 2mo 2mo
kind/feature
collaborator-last
commented
5998 Failed post-install: timed out waiting for the condition 7mo 17d 7mo
kind/bug
lifecycle/rotten
recv
similar
5973 Graduate AdditionalCertificateOutputFormats feature 7mo 3wk 7mo
kind/feature
lifecycle/stale
collaborator-last
recv
similar
5959 `ImagePullBackoff` on `cm-acme-http-solver` pod, if using private registries
8
7mo 4wk 4wk
lifecycle/frozen
kind/bug
commented
member-last
send
5957 Support Secure (non-legacy) OpenSSL v3 PKCS12 Algorithms
21
7mo 3wk 7mo
kind/feature
recv
recv-q
5925 Use readOnlyRootFilesystem: true for all containers
9
8mo 9d 8mo
good first issue
help wanted
kind/feature
recv
recv-q
similar
5917 Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated
4
8mo 6wk 8mo
kind/bug
assigned
assignee-updated
commented
recv
recv-q
6016 add imagePullSecrets clauses to helm deployment, job templates 7mo 11d 7mo
kind/feature
lifecycle/stale
collaborator-last
pr-unreviewed
recv
5900 [FR] Allow the Chart to create extra manifest
5
8mo 10d 11d
kind/feature
commented
contributor-last
pr-reviewed-with-comment
send
5864 Certmgr allows creating certificates expiring after ca expiration.
4
9mo 4d 9mo
kind/bug
recv
5851 CA cert in Secret not updated when self-signed CA itself gets renewed.
16
9mo 3d 3mo
kind/bug
commented
recv-q
send
5821 Allow renewBefore to be a percentage 9mo 3wk 9mo
kind/feature
author-last
recv
5785 Store OCSP response in kubernetes secret
5
10mo 5wk 5wk
kind/feature
commented
contributor-last
pr-closed
pr-unreviewed
send
5783 Add k8s.io/client-go/applyconfigurations style *ApplyConfigurations for the included CRDs
10mo 3wk 9mo
kind/feature
author-last
commented
pr-changes-requested
recv
5772 Develop new Helm chart for cert-manager CRD manifests
10mo 4d 4d
kind/feature
commented
member-last
send
5751 Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together
10mo 11d 10mo
kind/bug
recv
recv-q
5697 Support PodSecurityAdmission
6
11mo 2mo 11mo
kind/feature
author-last
recv
recv-q
5665 Allow defining keystore password as litteral instead of SecretRef 11mo 2mo 11mo
kind/feature
author-last
recv
recv-q
5626 Helm: Allow configuration of readiness, liveness and startup probes for all created Pods
1y 3wk 3wk
kind/feature
lifecycle/rotten
collaborator-last
commented
pr-closed
send
5588 --must-staple attribute for OCSP Stapling
3
1y 5d 1y
good first issue
kind/feature
lifecycle/rotten
collaborator-last
commented
recv
recv-q
5566 upload Helm charts to OCI registry and sign them with cosign
8
1y 7wk 8mo
kind/feature
commented
send
5557 error instantiating route53 challenge solver: unable to assume role: AccessDenied:
9
1y 13d 1y
kind/bug
recv
recv-q
similar
5540 Changelog annotations to chart 1y 6wk 1y
kind/feature
author-last
recv
5538 Unable to set IPv6 podDNS config from values 1y 19d 1y
kind/bug
author-last
recv
5514 Venafi Issuer Read `caBundle` from Configmap or Secret
4
9
1y 6wk 4mo
good first issue
kind/feature
assigned
assignee-updated
commented
pr-new-commits
similar
5486 Aggressive Retries from "error instantiating route53 challenge solver"
4
1y 3wk 1y
kind/bug
recv
recv-q
similar
6417 Temporary Certificate Annotation does not work on Ingress Resources 7wk 7wk 7wk
kind/bug
recv
5867 Controller can't handle hitting request rate limits of zerossl ACME API
3
11
20
8mo 4wk 4wk
lifecycle/frozen
kind/bug
commented
member-last
pr-closed
pr-merged
send
similar
5031 ValidateCAA test function is flaky
2y 6wk 6wk
kind/bug
kind/flake
flake/test-logic
commented
member-last
send
5298 Complete the Migration Away From Jetstack Names 1y 1mo 1mo
kind/cleanup
commented
member-last
4884 Add a similar secretTemplate to the secret that is created by ACME Issuer
8
2y 5wk 2y
kind/feature
collaborator-last
commented
recv
recv-q
4797 Automatically renew certificates if OCSP indicates that it was revoked
13
2y 2mo 2y
kind/feature
area/acme
author-last
commented
recv
recv-q
4749 rfc2136 seems to not work with deep subdomains 2y 4wk 2y
kind/bug
area/acme/dns01
author-last
commented
recv
recv-q
4685 Unexpected EOF during watch stream event decoding: unexpected EOF
10
2y 3wk 2y
lifecycle/frozen
kind/bug
recv
recv-q
4423 Cert renewal loop
2
2y 2mo 2y
kind/bug
commented
recv
recv-q
4349 allowing greater configuration for the cloud provider tests
2y 2y 2y
lifecycle/frozen
kind/feature
collaborator-last
commented
send
similar
4191 Setting default values for Pod's "resources"?
4
2y 10d 5wk
lifecycle/rotten
commented
recv-q
send
6520 Creating multiple Certificates with duplicate dnsNames (Issuing certificate as Secret does not exist) 10d 10d 10d
kind/bug
recv
3958 Sane defaults for Certificate revision history limit
2
12
2y 5wk 5wk
kind/feature
commented
member-last
send
similar
3896 Cert Manager failing to renew certificate
18
2y 4d 2y
kind/bug
area/acme/dns01
commented
recv-q
send
similar
6470 ingress-shim: allow to impersonate ingress-creator instead of using cert-manager serviceaccount 5wk 5wk 5wk
kind/feature
recv
4114 Endless Sync Loop when installing Helm Chart via ArgoCD
11
29
2y 15d 16d
kind/bug
lifecycle/rotten
assigned
assignee-updated
commented
pr-closed
recv-q
send
5430 Improving DNS-01 challenge performance
3
1y 2mo 1y
kind/feature
pr-closed
pr-unreviewed
recv
6521 Add an `approveSignerNames` install option 10d 10d
kind/feature
4950 General flakiness of our end-to-end suite
3
2y 1y 1y
lifecycle/frozen
kind/flake
commented
member-last
pr-closed
pr-merged
send
1347 FAQ Entry for Passwords on JKS / PKCS#12 3wk 3wk
1261 Switch to Docusaurus? 5mo 5mo
1257 ErrRegisterACMEAccount 5mo 5mo 5mo
recv
1255 helm install cert-manager with errors 5mo 4mo 4mo
commented
member-last
send
similar
1241 Remove Bitnami kubeprod as installation method 6mo 6mo 6mo
recv
1194 Confusing paragraph - cert-manager integration. 9mo 4mo 4mo
documentation
commented
member-last
send
1186 Document that/why we don't use Helm's CRD installation mechanism 9mo 4mo 4mo
good first issue
kind/documentation
assigned
assignee-updated
commented
member-last
send
1168 Rendering issues for generated API docs
10mo 10mo 10mo
commented
member-last
pr-merged
1125 Describe cert-manager feature policy 1y 11mo 1y
contributor-last
recv
recv-q
1101 Feature request for updating documentation. 1y 1y 1y
recv
1063 "Securing Ingresses with Venafi" tutorial contains link to missing manifest
1y 1y 1y
author-last
pr-merged
recv
1062 Document process for offboarding maintainers 1y 1y 1y
recv
similar
1061 Document onboarding process for new maintainers 1y 1y 1y
recv
similar
1054 Run spell checker in a pre-commit hook 1y 1y 1y
good first issue
kind/cleanup
recv
998 Documentation venafi configuration references venafi documentation page which returns 403 2y 1y 2y
contributor-last
recv
993 Document which resources do/do not get garbage collected 2y 2y 2y
good first issue
contributor-last
recv
975 Some pages do not make it clear what the user should read next 2y 2y
955 Document when the vault pki role required setting `require_cn=false`
2y 1y
944 Document how to install cert-manager in a different namespace
3
2y 4mo 2y
good first issue
recv
recv-q
899 Upgrading from v1.7 to v1.8 check command should exclude null.
2
2y 2y 2y
recv
recv-q
868 Document RBAC 2y 2y 2y
contributor-last
recv
similar
866 Securing NGINX-ingress 2y 2y 2y
recv
similar
851 create Cilium ingress tls example
3
2y 1y 2y
assigned
assignee-updated
recv
847 missing documentation/information olm based installation metric prometheus 2y 2y 2y
contributor-last
recv
844 Document feature gates 2y 2y
similar
841 remove dependency on golang from cmctl and kubectl-plugin installation documentation
2y 2y 2y
contributor-last
pr-merged
recv
recv-q
836 Syncing Secrets Across Namespaces
2y 2y 2y
recv
802 Spelling errors are unclear in pull request CI results and spell checker is unmaintained
2y 2y
kind/bug
contributor-last
pr-merged
776 Explain that you can pre-provision a Secret and Certificate.Spec.SecretName can refer to an existing Secret 2y 2y 2y
commented
member-last
send
758 API reference docs: enum values not documented with typedef 2y 2y 2y
recv
706 Default key usages 2y 2y 2y
recv
697 [IRSA] Needs `runAsUser: 1001` 2y 2y 2y
recv
693 Azure DNS pod identity incorrectly documents principal_id 2y 3wk 2y
author-last
commented
recv
recv-q
672 List required Google CloudDNS permissions exhaustively 2y 2y 2y
recv
662 Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"
2y 2y 2y
recv
645 Investigate & add an FAQ/warning about images rolled back after GitOps upgrade 2y 2y 2y
recv
recv-q
642 Move/ link to Webhook debugging docs 2y 2y
1262 v1.9 to v1.10 upgrade instructions does not mention container name change 4mo 4mo 4mo
assigned
assignee-updated
commented
member-last
604 Make it so that it is easier to find the doc for fixing webhook issues 2y 2y 2y
contributor-last
recv
583 cert-manager with ZeroSSL
44
2y 1y 1y
commented
send
554 HTTP Validation, privateKeySecretRef 2y 2y 2y
contributor-last
recv
561 Certificate Resources 2y 2y 2y
recv
similar
542 Document the Istio VirtualService HTTP01 configuration options 2y 2y
486 OpenShift - broken link
2y 2y 2y
commented
member-last
send
469 DNS01: Delegated Domains for DNS01 example yaml solvers list items 2y 2y 2y
recv
466 installation/compatiblity 2y 2y 2y
recv
457 cainjector docs are missing the option to inject certs in apiservice resources
2y 2y 2y
recv
425 Document ocspServers 2y 2y 2y
kind/documentation
commented
member-last
422 Page last modified date incorrect 2y 2y 2y
kind/bug
collaborator-last
commented
send
386 Uninstalling on Kubernetes - How to delete all those user created resources?
3y 3y 3y
collaborator-last
commented
send
330 Case for CertificatePrivateKey (encoding, algorithm) is wrong (v1) 3y 3y 3y
collaborator-last
commented
send
similar
326 Securing Ingresses with Venafi 3y 3y 3y
collaborator-last
commented
send
similar
295 Route53 3y 2y 2y
kind/documentation
commented
member-last
send
532 Rework of the landing page (cert-manager.io)
3
2y 2y 2y
help wanted
good first issue
commented
member-last
send
similar
549 Effort towards a more user-friendly website 2y 2y
1310 cert-manager-istio-csr Pod's Health Endpoint failing 2mo 2mo 2mo
recv
568 Add a diagram for LetsEncrypt cert issuance flow to the docs
4
2y 2y 2y
recv
543 Add getting started documentation for users who want to quickly use cert-manager to issue LetsEncrypt certificates
4
2y 2y 2y
commented
member-last
send
79 Design for partial automation of release process 2y 2y 2y
commented
member-last
send
42 Publish latest release number as part of creating a final release
2y 2y 2y
commented
member-last
send
27 Create cert-manager specific testing infrastructure
2y 2y 2y
assigned
assignee-updated
commented
member-last
pr-merged
send
19 Incorrect command line help: should include a --branch argument 3y 2y 2y
kind/cleanup
commented
contributor-last
31 Move the manual steps of our release process to cmrel commands
2y 2y 2y
commented
member-last
pr-closed
50 Move cert-manager-release infrastructure to CNCF's GCP account
2y 2y 2y
commented
member-last
217 Restarting a namespace with 30+ deployments causes errors in istio-csr which tends to reolve after a while. 3mo 11d 3mo
contributor-last
recv
211 Add custom annotations to deployment 6mo 2mo 6mo
author-last
recv
197 add the compatibility matrix for Kubernetes versions to README 9mo 9mo 9mo
recv
similar
176 certificateDuration is not used for the Istio CSR generated certificate requests 1y 1y 1y
author-last
commented
recv
recv-q
similar
161 updating ConfigMap data doesn't stop
2y 2y 2y
collaborator-last
commented
send
155 Invalid certificate chain when using Vault with Intermediate CA 2y 4mo 2y
recv
153 It is possible to have several CAs within the same cluster.
2
2y 4mo 4mo
commented
member-last
send
145 Not able to use Istio-CSR in istio(1.13.*)
2y 2y 2y
author-last
commented
pr-closed
recv
144 add a support kubernetes client QPS and Burst config 2y 2y 2y
recv
141 Istio-csr pods were hung unable to handle request causes entire cluster downtime for new pods/expired pods. 2y 1y 2y
commented
recv
recv-q
138 istio-csr doesn't retry upon failed certificate requests
2y 1y 2y
contributor-last
recv
137 Documentation on rotating the root certificate
2y 9mo 2y
recv
recv-q
136 Document available metrics 2y 2y 2y
recv
similar
133 latest supported cert-manager version with cert-manager-istio-csr? 2y 2y 2y
collaborator-last
commented
send
132 Allow override of istiod-tls certificate common name in helm chert (for non-standard istiod deployments) 2y 8mo 2y
recv
131 metrics to check certificate expiry for istio workloads ? 2y 2y 2y
collaborator-last
commented
send
130 Document best-practices for minimal vault role configuration for istio-csr 2y 2y 2y
recv
118 E2E tests running against the wrong k8s version 2y 2y
117 public ca.crt aka caBundle is not being updated/propagated until the cert-manager and istiod components are restarted 2y 2y 2y
recv
113 Integrating with istio helm chart installs
11
2y 4mo 2y
recv
recv-q
108 [doc] confusion with `ca.pem` and Readiness probe failed on ingress and egress gateways 2y 2y 2y
author-last
commented
recv
recv-q
106 Helm chart is failing with "certificate.spec.revisionHistoryLimit" issue 2y 2y 2y
collaborator-last
commented
send
similar
94 Can't get aws pca to work 2y 2y 2y
recv
87 Failing to integrate with GCP CAS
2y 2y 2y
collaborator-last
commented
send
84 csr readiness probe failed, istio ingress pod also failed
2
2y 2y 2y
support
collaborator-last
commented
send
83 commonName required for AWS PCA 2y 2y 2y
commented
recv
recv-q
64 Is there way to hot restart envoy proxy using istio-csr? I'm trying to renew root certificate by changing the istio-ca secret manually. The workload does not pick the new root certificate unless I delete the workload pods 2y 2y 2y
commented
send
53 Generate workload certificates with DNS in the SAN 2y 2y 2y
commented
recv-q
send
213 charts.jetstack.io beding cluster presents a challenge and breaks deployment 5mo 5mo 5mo
recv
278 Add Helm option to create RBAC allowing approval for all issuers 2mo 7wk 7wk
kind/feature
good first issue
commented
member-last
send
207 Setting .Values.nameOverride makes the pod not have rights to update secret cert-manager-approver-policy-tls 9mo 9mo 9mo
author-last
recv
288 Feature: Take control of approval for the whole cluster
7wk 7wk
271 Include binary artifacts your releases. 2mo 2mo 2mo
recv
216 Simplify configuration by creating RBAC by default
8mo 8mo
pr-merged
203 Improve CRD fields for specifying key requirements
9mo 9mo
169 Webhook Custom CA 1y 1y 1y
recv
61 Flakey Tests in pull-cert-manager-approver-policy-verify
2y 2y
kind/bug
pr-merged
245 Split Bundle controller into multiple controllers 14d 14d 14d
recv
243 More flexible and better organized target specification in API
17d 13d 13d
commented
contributor-last
recv
recv-q
242 New version of Bundle API
2
17d 4d 4d
commented
send
227 trust-manager and Kubernetes version compatibility
4wk 4wk 4wk
author-last
recv
recv-q
similar
222 [Feature] - Ability to inject a CA cert into a cert-manager managed secret resource
5
5wk 3wk 5wk
commented
recv-q
send
205 Allow to select multiple "trust" namespaces 6wk 6wk 6wk
recv
199 Support of setting arbitrary password for PKCS12 truststore
2
4
7wk 15d 7wk
help wanted
good first issue
assigned
assignee-updated
contributor-last
pr-closed
pr-reviewed-with-comment
recv
recv-q
196 Allow TLS to be configured on the admission webhook server 2mo 2mo 2mo
recv
183 Create trust bundle based on Debian bookworm
11
2mo 4wk 4wk
good first issue
assigned
assignee-updated
commented
member-last
175 support extra annotations on resoures in helm chart
3mo 3mo 3mo
recv
168 Install in openshift with existing cert-manager operator install 3mo 3mo 3mo
author-last
commented
recv
recv-q
similar
150 Is there a way to specify the domain
4mo 3mo 3mo
commented
member-last
send
144 Add CertificateRequest as a source
7
5mo 4mo 4mo
commented
contributor-last
pr-merged
recv
similar
142 expose bundles CRD as release artifact
3
6mo 6mo 6mo
recv
135 Automatic CA rotation support 6mo 6mo 6mo
contributor-last
recv
132 Unable to run Trust Manager without cert manager 7mo 6mo 7mo
contributor-last
pr-unreviewed
recv
recv-q
131 Feature: per namespace trust bundle
2
7mo 3wk 7mo
author-last
recv
recv-q
113 Branch from "old" trust-manager name to add deprecation warning.
10mo 10mo
112 Move away from buildx 10mo 10mo
99 Allow removing Bundles whilst keeping the synced CA certs
2
10mo 10mo 10mo
pr-unreviewed
recv
72 Add the configmap on all pod via mutatingWebhookConfiguration
3
1y 11mo 11mo
kind/feature
commented
member-last
send
similar
59 Trust part 2 - How to use a bundle?
3
1y 9d 9d
commented
member-last
63 nit: Rename "Bundle" to "ClusterBundle"
12
1y 3wk 3wk
commented
member-last
open-milestone
send
58 Support injection pem into an existing configmap
3
1y 10d 1y
help wanted
good first issue
assigned
assignee-updated
contributor-last
recv
33 Support CRDs as target
4
2y 2y 2y
recv
23 Way to add labels/annotations to target
10
2y 3mo 2y
help wanted
good first issue
recv
44 Specialise `Bundle` for X.509 Certificates 1y 13d 13d
commented
member-last
54 Allow auto-trust Bundles tracking a certain Issuer
2
1y 3mo 11mo
commented
contributor-last
recv-q
send
4 Feature: By default, require only self-signed certificates in a bundle 2y 17d
kind/feature
help wanted
contributor-last
39 Don't sync targets to all namespaces by default
6
1y 16d 16d
commented
contributor-last
open-milestone
send
60 overriding trusted namespace
4
5
1y 7mo 11mo
commented
recv-q
send
145 Release Helm Chart v0.5.1 / v0.6.0
4
6mo 2mo 6mo
recv
recv-q
144 Push new tag for chart fixes
6mo 6mo 6mo
recv
136 SubPath support is broken or missing 11mo 11mo 11mo
recv
134 Volume empty
3
11mo 8mo 11mo
recv
130 JKS support
3
11mo 9mo 11mo
recv
similar
140 Update images to not utilize k8s.gcr.io 8mo 7mo 8mo
recv
125 Is it too late to align cert-manager annotations? 1y 11mo 1y
recv
similar
119 Certificate is re-requested when container restarts 1y 1y 1y
recv
similar
116 Does csi-driver support Wìndows nodes? 1y 1y 1y
collaborator-last
commented
send
74 Investigate and change the default mounted host path for driver 2y 2y
45 Unable to mount and read only file error
4
2y 11mo 1y
commented
recv-q
send
128 Support all subject attributes
11mo 11mo 11mo
pr-reviewed-with-comment
recv
33 New key being used with old certificate 2y 2y 2y
recv
21 MountVolume.SetUp failed: cannot set blockOwnerDeletion: cannot find RESTMapping for APIVersion core/v1 Kind Pod 3y 3y 3y
recv
26 Cannot `chmod` a read only filesystem
14
3y 2y 3y
pr-closed
recv
recv-q
17 ability to specify pod IP in volume attributes
5
3y 3y 3y
commented
recv
29 Deleting a pod with a cert-manager-csi volume mounted results in the pod termination hanging. 3y 3y 3y
recv
42 Intermittent csi-driver-spiffe failure: Unable to mount cert 2mo 2mo 2mo
commented
member-last
send
41 The default `csiDataDir` value might collide with csi-driver 6mo 6mo
38 Add Envoy Secret discovery service (SDS) support 7mo 7mo 7mo
recv
19 Add support for certificate expiry configuration
6
1y 6mo 1y
recv
similar
39 csi-driver-spiffe vs csi-driver
4
6mo 3mo 3mo
commented
member-last
send
42 Monitoring observability for "CertificateRequests" 2mo 6wk 2mo
recv
similar
39 Support latest cert-manager operator for openshift 3mo 2mo 2mo
commented
member-last
send
similar
38 Route with cert-manager annotations is not created 3mo 2mo 3mo
author-last
recv
recv-q
similar
35 How to populate certificate metadata i.e. subject details e.g. OU, Organization etc 4mo 2mo 4mo
recv
46 Ability to configure CertificateRequest revision history limit 3wk 3wk 3wk
recv
similar
13 Can the plugin be configured to use a wildcard certificate?
1y 1y 1y
recv
recv-q
12 Does this plugin support DNS validation? 1y 1y 1y
recv
4 Feature: Allow specification of privateKey.rotationPolicy
2
2y 6mo
34 `openshift-routes` doesn't work as expected and isn't suitable for a production environment 4mo 2mo 4mo
author-last
recv
recv-q
30 Installation is only possible in the default `cert-manager` NS
2
5mo 7wk 5mo
contributor-last
pr-closed
recv
recv-q
26 Missing CONTRIBUTING.md
8mo 8mo 8mo
recv
15 Feature: Support for ECC certs 1y 1y 1y
recv
14 Annotation generates CertificatesRequests repeatedly until blocked by letsencrypt 1y 1y 1y
recv
similar
70 OLM deployment with ArgoCD is OutOfSync 2y 1y 1y
commented
send
17 Operator prevents passing extraArgs helm value
7
3y 11mo 3y
recv
recv-q
22 Customize the deployment of cert-manager installed via OLM
5
6
2y 11mo 2y
author-last
commented
recv
recv-q
3 Restrict operator RBAC permissions 3y 3y 3y
recv
46 Cert-manager operator fails to issue certificates 2y 2y 2y
recv
similar
8 Drivers can create CertificateRequests for pods that don't exist in very rare edge cases 2y 2y
contributor-last
40 Optional auto rotating/renewing certificates 1y 1y 1y
recv
similar
33 Create e2e test to validate CertificateRequest garbage collection 1y 1y 1y
assigned
recv

Uncommented older than 7 days (159)

Resolution: Add a priority/ or triage/ label

Average age: 375.2d, Avg wait: 349.8d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5590 Configure cluster resource namespace in ClusterIssuer spec
2
1y 3wk 1y
triage/support
lifecycle/rotten
collaborator-last
recv
recv-q
850 Document available cert-manager Prometheus metrics
2y 9mo 2y
documentation
good first issue
priority/important-longterm
recv
recv-q
similar
76 Upgrading from v0.10 to v0.11 - missing cainjector annotation 3y 3y 3y
priority/backlog
kind/documentation
contributor-last
recv
156 previously listed items omitted

Important soon, but no updates in 90 days (4)

Resolution: Downgrade to important-longterm

Average age: 890.2d, Avg wait: 0.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5074 Race condition between issuers, certificates, and secrets
2y 11mo 1y
lifecycle/frozen
kind/bug
priority/important-soon
commented
member-last
pr-closed
send
195 Document keystores 3y 9mo 3y
priority/important-soon
kind/documentation
commented
contributor-last
send
174 Add documentation for CRD conversion webhook ca injection 3y 3y 3y
help wanted
priority/important-soon
kind/documentation
commented
member-last
send
1174 Document the docker images and how to find them
10mo 9mo 9mo
good first issue
priority/important-soon
kind/documentation
commented
member-last
send

Important longterm, but no updates in 180 days (6)

Resolution: Downgrade to backlog

Average age: 1089.2d, Avg wait: 49.8d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
3521 Integration with ExternalDNS
4
32
3y 10mo 2y
help wanted
lifecycle/frozen
kind/feature
priority/important-longterm
commented
recv-q
send
850 Document available cert-manager Prometheus metrics
2y 9mo 2y
documentation
good first issue
priority/important-longterm
recv
recv-q
similar
401 Bring tutorials up to date 2y 9mo 9mo
priority/important-longterm
commented
member-last
send
223 Document wildcard certificate tutorial 3y 3y 3y
priority/important-longterm
kind/documentation
commented
contributor-last
send
56 Route53: document use of "region" field 4y 9mo 9mo
documentation
priority/important-longterm
commented
contributor-last
send
551 Documentation on how to handle large-scale certificate management & best practices
2
2y 9mo 9mo
help wanted
priority/important-longterm
kind/documentation
commented
member-last
send

Pull Requests: Review Ready (31)

Resolution: Review requests or mark them as do-not-merge/work-in-progress

Average age: 124.7d, Avg wait: 56.3d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6455 Simplify webhook and switch Webhook to controller-runtime. 6wk 9h 5wk
release-note-none
kind/cleanup
size/XXL
dco-signoff: yes
area/testing
collaborator-last
commented
unreviewed
5420 Add SkipTLSVerify option to Vault issuer
2
1y 2d 4mo
release-note
size/S
area/api
needs-ok-to-test
lifecycle/stale
dco-signoff: no
needs-kind
collaborator-last
commented
new-commits
recv
recv-q
6424 Helm chart: Allow the creation of extra manifests via values 7wk 3d 7wk
release-note-none
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
author-last
commented
recv
reviewed-with-comment
6456 Add optional hostAliases to cert-manager pod
2
5wk 4d 5wk
release-note
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
recv
recv-q
unreviewed
6228 Issue 5514 read cabundle from kube objects - design doc
3
4mo 6d 2mo
size/L
release-note-none
kind/design
needs-ok-to-test
dco-signoff: no
collaborator-last
commented
new-commits
open-milestone
recv
recv-q
6103 Unify semver version logic 6mo 13d
size/L
release-note-none
approved
kind/cleanup
lifecycle/stale
dco-signoff: yes
collaborator-last
open-milestone
unreviewed
6248 feat: allow changing the default Deployment revisionHistoryLimit 4mo 16d 4mo
release-note
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
recv
unreviewed
5373 Allow config of http01 solver pod security context
3
3
1y 17d 8mo
release-note
area/api
kind/feature
size/XXL
area/acme
lifecycle/rotten
dco-signoff: yes
ok-to-test
area/acme/http01
area/deploy
author-last
closed
commented
recv
recv-q
6120 add comments explaining the Sync function & small test bugfix 6mo 3wk 4mo
release-note-none
approved
lgtm
size/S
kind/cleanup
lifecycle/stale
dco-signoff: yes
assigned
assignee-updated
collaborator-last
commented
open-milestone
reviewed-with-comment
6277 ControllerConfiguration fuzzer, only set the value in case the random value is empty 3mo 3wk 3wk
size/L
release-note-none
approved
area/api
kind/cleanup
dco-signoff: yes
area/testing
commented
member-last
unreviewed
6124 Add design/20230601.gateway-route-hostnames. 6mo 3wk 6mo
size/L
release-note-none
kind/design
needs-ok-to-test
lifecycle/stale
dco-signoff: yes
collaborator-last
new-commits
recv
recv-q
6351 Handle multiple concurrent Azure DNS01 challenges for the same FQDN 2mo 3wk 2mo
size/L
release-note
area/acme
dco-signoff: yes
ok-to-test
area/acme/dns01
author-last
commented
recv
unreviewed
6192 Remove conflicting labels from CRDs 5mo 2mo 5mo
release-note-none
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
author-last
recv
unreviewed
6193 [feat] when helm set `installCRDs: true`. crds.yaml file must be pre-install and pre-upgrade 5mo 1mo 2mo
release-note
size/S
kind/feature
needs-ok-to-test
dco-signoff: yes
area/deploy
author-last
commented
recv
recv-q
unreviewed
1360 Verify Mastodon social media link 2d 2d 2d
size/XS
dco-signoff: yes
recv
unreviewed
1259