queue to be emptied once a day

Unprioritized issues older than 7 days (333)

Resolution: Add a priority/ or triage/ label

Average age: 421.8d, Avg wait: 205.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6794 CI may not be running make verify-crds 7d 7d
kind/bug
6787 Cert-manager with Cluster API to integrated trusted certificates 7d 7d 7d
recv
similar
6786 How to install a FIPS compliant Linux Foundation cert-manager. Which versions are available ?
7d 3d 3d
commented
recv-q
send
6783 Add support for passwordless pkcs12 keystore
5
13
8d 8d 8d
kind/feature
recv
6777 CertificateRequest ready status metric 9d 9d 9d
kind/feature
recv
similar
6765 feature: Promote ExperimentalGatewayAPISupport feature to GA 12d 12d 12d
kind/feature
recv
6762 cert-manager http01 challenge doesnt work out of the box in k3s cluster with traefik. Pod is forever progressing. Error 503 when accessing http01 pod 13d 13d 13d
kind/bug
recv
6758 Helm should fail if cert fails 15d 14d 14d
commented
member-last
send
6756 When deleting a certificate resource, delete its certificate requests as well 16d 16d 16d
kind/feature
recv
similar
6754 Schedule certificate renewal outside business hours 16d 16d 16d
kind/feature
recv
6753 reflector.go: nable to sync list result: internal error: cannot cast object DeletedFinalStateUnknown
17d 14d 17d
kind/bug
author-last
recv
recv-q
6752 Support LocalSubjectAccessReview if namespace option is non-empty
18d 18d 18d
kind/feature
pr-merged
recv
6741 ACME account private key and URI are not updated if the path of the ACME server is changed
5
3wk 3wk 3wk
kind/bug
recv
6721 cmctl check api should fail unless the webhook is configured 3wk 17d 17d
kind/bug
commented
member-last
send
6720 cmctl check api -v stopped logging continuous updates 3wk 3wk
kind/bug
6714 mismatched between certificate and secret can DOS Kubernetes 3wk 3wk 3wk
kind/bug
commented
member-last
send
6709 1.14 Release Review
3
3wk 3wk 3wk
commented
member-last
open-milestone
send
6707 Check multiple nameservers for self check validation if self check status not 200 4wk 4wk 4wk
kind/feature
recv
6691 Release name is not getting matched with label when using argocd to deploy the helm chart 4wk 4wk 4wk
kind/feature
recv
6673 Missing RBAC permissions for kubernetes serviceaccount against Vault issuer.
4wk 2wk 4wk
kind/bug
recv
6665 Can we add default values in API Reference for cert-manager objects? 5wk 5wk 5wk
recv
6664 Secret doesnt change when I change issuer 5wk 5wk 5wk
recv
6662 support overriding of ttl in cloudflare 5wk 5wk 5wk
kind/feature
recv
6653 configuration options for certificate chain 5wk 5wk 5wk
kind/feature
recv
similar
6652 Support for GCP Multi Cluster Gateway and HTTP01
6wk 6wk 6wk
kind/feature
recv
6651 ingressClassName incompatible with http01-ingress-class annotation 6wk 6wk 6wk
kind/bug
recv
similar
6649 Gateway API CRDs exist, yet getting "the Gateway API CRDs do not seem to be present, but ExperimentalGatewayAPISupport is set to true. Please install the gateway-api CRDs" error message.
6wk 4h 6wk
kind/bug
recv
recv-q
similar
6640 Intermittient DNS problem: networking error looking up CAA for xxx 6wk 6wk 6wk
kind/bug
recv
6636 Certificates disappear from AKS cluster
6wk 6wk 6wk
kind/bug
recv
6633 Error from server: request to convert CR from an invalid group/version: cert-manager.io/v1alpha2 6wk 6wk 6wk
recv
6632 Vault Issuer: The CA full chain is not included into the ca.crt
7wk 3wk 6wk
kind/bug
commented
recv
recv-q
6625 Terraform helm provider Chart.yaml file missing 7wk 7wk 7wk
kind/bug
author-last
recv
6624 cainjector not creating/updating Secrets after root CA rotation
3
7wk 7wk 7wk
kind/bug
recv
6622 `make update-licenses` is non-deterministic. 7wk 7wk
kind/bug
6616 Certificate Issue in Bare metal server - http01 7wk 7wk 7wk
recv
6615 HTTP01 Config Map Challenge Flow
2
7wk 7wk 7wk
kind/feature
recv
6602 Cert manager not retrying after initial issuance is failed 1mo 1mo 1mo
kind/bug
recv
6594 Waiting for DNS-01 challenge propagation: DNS record for 'hmccloud.com' not yet propagated.
1mo 1mo 1mo
kind/bug
recv
similar
6580 Warn users not to use insecure TSIG algorithms when using DNS UPDATE and ACME DNS01
1mo 1mo
pr-merged
6569 Add documentation for istio-csr and ingress with istio 2mo 2mo 2mo
kind/feature
recv
similar
6564 Make Service Port and Webhook Service Port Configurable in Helm Chart 2mo 2mo 2mo
kind/feature
recv
6554 Intermediate certificate is not updated in child certificates
3
2mo 2mo 2mo
kind/bug
recv
6553 Update Certificate API definition on key length 2mo 2mo 2mo
kind/bug
recv
6550 PCA Root PEM + Chain added to cert manager results in duplicate/repeated root CA in chain. 2mo 2mo 2mo
recv
6541 keyUsage extension may be empty 2mo 2mo 2mo
kind/bug
recv
6536 challenge stuck in pending state - certifcate never gets ready
2mo 2mo 2mo
kind/bug
recv
recv-q
6528 Unable to create certificates for domains mentioned in Selector DNS zones
2mo 4h 2mo
kind/bug
recv
6527 Support for "UID" RDN in X509 Subject
3
2mo 16d 2mo
kind/feature
recv
recv-q
6526 [question] about images in gcr.io/distroless 2mo 2mo 2mo
recv
6524 Issuer for Gateway uses the hostname only rather than the httproutes 2mo 2mo 2mo
kind/bug
author-last
recv
6523 Allow algorithm selection for keystore "passwords"
3mo 10h
kind/feature
lifecycle/stale
collaborator-last
pr-merged
6522 Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook code 503: 503 Service Unavailable 3mo 1d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
similar
6521 Add an `approveSignerNames` install option 3mo 1d
kind/feature
lifecycle/stale
collaborator-last
6520 Creating multiple Certificates with duplicate dnsNames (Issuing certificate as Secret does not exist) 3mo 11h 3mo
kind/bug
lifecycle/stale
author-last
recv
6518 Can't verify image signature 3mo 2d 3mo
kind/bug
lifecycle/stale
collaborator-last
commented
send
6511 Checklist for next backport release
3mo 1d
kind/cleanup
lifecycle/stale
collaborator-last
pr-closed
6510 DNS-01 challenge propagation | NS ns-512.awsdns-00.net.:53 returned REFUSED for _acme-challenge ....
2
3mo 5wk 3mo
kind/bug
commented
recv
6509 reinstall failed after k8s upgrade
3mo 8d 3mo
lifecycle/stale
collaborator-last
recv
6505 Overly strict subject requirements 3mo 9d
kind/bug
lifecycle/stale
collaborator-last
6502 Can the duration of the server cert that is generated for the webhook be set?
3mo 2mo 3mo
kind/feature
author-last
recv
6489 Add support for custom-fields into the ingress annotations 3mo 16d 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
6473 Ingress labels copied to certificate, causing issues with applysets
3mo 18d 3mo
kind/bug
author-last
pr-unreviewed
recv
6472 Create TLSA records automatically
4
3mo 11d 3mo
kind/feature
recv
6470 ingress-shim: allow to impersonate ingress-creator instead of using cert-manager serviceaccount 3mo 3wk 3mo
kind/feature
author-last
recv
6465 Cannot supply trusted ca certificate bundle for the ACMEDNS solver 4mo 4wk 3mo
kind/bug
lifecycle/stale
collaborator-last
commented
recv
6464 Requeing due to optimistic locking and slow retry
2
4mo 10d 4mo
kind/bug
recv
6457 Error from server (InternalError): Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": No agent available 4mo 6wk 3mo
commented
send
similar
6448 Can I apply for certificates across projects in GCP? 4mo 5d 4mo
lifecycle/rotten
collaborator-last
recv
6442 Question: get accountid from Lets Encrypt cert 4mo 7d 4mo
lifecycle/rotten
collaborator-last
recv
6434 Handle license generation for every platform 4mo 13d
kind/feature
lifecycle/rotten
collaborator-last
6422 Allow for Configuration of ValidatingWebhook in Helm 4mo 2mo 4mo
kind/feature
recv
recv-q
similar
6418 `revisionHistoryLimit` default of `nil` should be changed to ...
5
4mo 7wk 2mo
kind/feature
commented
pr-closed
6417 Temporary Certificate Annotation does not work on Ingress Resources 4mo 15d 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
6413 RFC2136 challenge update queries fail silently if target nameserver listens on UDP but forces re-querying over TCP
4mo 3wk 3wk
good first issue
kind/bug
lifecycle/stale
assigned
assignee-updated
commented
member-last
send
6408 Cert-manager updates the spec of the applied objects 4mo 19d 4mo
kind/bug
lifecycle/rotten
collaborator-last
commented
recv
6407 Allow for Configuration of TTL on Route53 4mo 15d 4mo
kind/feature
lifecycle/rotten
assigned
assignee-updated
collaborator-last
pr-changes-requested
recv
similar
6405 Retries not working as expected 4mo 3wk 4mo
lifecycle/rotten
collaborator-last
commented
recv
recv-q
6389 Flakey test: [Conformance] Certificates with issuer type ACME: Error 4mo 4wk
kind/bug
lifecycle/rotten
collaborator-last
6385 Improve error handling if ingress object is missing ownerref 4mo 4wk
kind/bug
lifecycle/rotten
collaborator-last
6382 Conditional sub-expression always evaluates to _true_
5mo 7wk 7wk
commented
member-last
send
6378 Renewal fails during aws-privateca-issuer downtime, continues to fail after issuer returns to service
11
5mo 1mo 5mo
kind/bug
recv
6361 Allow `cert-manager.io/allow-direct-injection` annotation on `Certificate` `Secret`s
5mo 2d 4mo
good first issue
lifecycle/stale
assigned
assignee-updated
commented
contributor-last
pr-unreviewed
recv-q
6356 Graduate AdditionalCertificateOutputFormats feature gate
3
5mo 7wk 4mo
kind/feature
commented
contributor-last
recv
6353 Docs: Wrong example Code for creating Issuers 5mo 2mo 2mo
kind/bug
commented
member-last
send
6331 CSR not signed by referenced private key
3
5mo 5d 5d
commented
member-last
send
6312 Report issuer/clusterissuer status as a metric
6
6mo 4wk 6mo
kind/feature
author-last
recv
6309 How to pass ServiceAccountName to the acme-http01-solver pod. 6mo 6d 6mo
lifecycle/rotten
collaborator-last
recv
6308 Route53 challenges not regulating failed requests with exponential backoffs
5
6mo 2mo 6mo
recv
recv-q
6305 Error "Waiting for DNS-01 challenge propagation: dial udp: address udp/53': unknown port" 6mo 3wk 6mo
lifecycle/rotten
collaborator-last
recv
6283 JWK(S) support
3
6mo 2d 6mo
lifecycle/rotten
collaborator-last
recv
similar
6273 Solver RFC2136 without TSIG 6mo 3wk 6mo
kind/feature
lifecycle/rotten
collaborator-last
commented
recv
6388 Orders marked as "invalid" intermittently
4mo 7d 4mo
lifecycle/stale
collaborator-last
recv
6246 Write documentation for the new DNS-over-HTTPS feature 7mo 2mo 2mo
kind/documentation
commented
member-last
send
6230 cert-manager DDoSes DNS-01 solver - infinite rate limiting
7mo 14d 7mo
kind/bug
area/acme/dns01
recv
recv-q
6215 The default `Cluster Resource Namespace` is `kube-system`, not `cert-manager` 7mo 4wk 4wk
kind/bug
collaborator-last
commented
send
similar
6210 Flag to write/sync secrets to a namespace other than the namespace where the Certificate object is created
4
7mo 4wk 4wk
kind/feature
commented
member-last
send
6197 Securing Gateway resources with non HTTPS listeners generate BadConfig events
25
8mo 4wk 8mo
kind/bug
pr-merged
recv
recv-q
6195 logLevel information in logs
8mo 17d 17d
kind/bug
commented
member-last
send
6185 Ingress-gce:"Error syncing to GCP: error running load balancer syncing routine"
3
8mo 7d 8mo
kind/bug
lifecycle/rotten
collaborator-last
recv
recv-q
6184 Conflicting ingressClassName http01 issuer spec and acme.cert-manager.io/http01-ingress-class annotation
6
8mo 2mo 8mo
kind/bug
recv
recv-q
similar
6179 CRDs shouldn't be templated in Helm...
4
20
8mo 7wk 2mo
commented
recv-q
send
6160 Helm Chart global repository
2
8mo 5d 8mo
lifecycle/rotten
collaborator-last
recv
6150 (Cluster)Issuer with vault auth and serviceAccountRef is not accepted by cluster due to audience
3
12
8mo 3wk 5mo
commented
contributor-last
pr-unreviewed
recv
recv-q
6141 Consider exposing previous certificates/keys in the kubernetes secret so that workloads can implement a grace period when a certificate rotates
3
8mo 6wk 8mo
kind/feature
author-last
commented
recv
recv-q
6138 allow unencrypted private keys for PKCS12 output
4
8mo 2mo 8mo
kind/feature
author-last
recv
6132 Checklist: CNCF Graduation
8mo 8d 3mo
lifecycle/stale
collaborator-last
commented
pr-unreviewed
send
6065 acme-http01-edit-in-place is ignored when edit ingress resource - has to be re-added
2
2
8
9mo 15d 9mo
kind/bug
pr-unreviewed
recv
recv-q
6021 Make it possible to specify logging options for the ACME solver 10mo 4wk 4wk
kind/feature
commented
member-last
6117 Vault Issuer Read caBundle from ConfigMap
3
9mo 7wk 7wk
area/api
kind/feature
area/vault
commented
member-last
send
similar
5959 `ImagePullBackoff` on `cm-acme-http-solver` pod, if using private registries
9
10mo 3mo 3mo
lifecycle/frozen
kind/bug
commented
member-last
send
5917 Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated
12
11mo 1d 10mo
kind/bug
assigned
assignee-updated
commented
recv
recv-q
similar
5882 Duplicate events
11mo 6wk 6wk
kind/bug
assigned
assignee-updated
collaborator-last
commented
5900 [FR] Allow the Chart to create extra manifest
7
11mo 7wk 3mo
kind/feature
commented
contributor-last
pr-reviewed-with-comment
send
5864 Certmgr allows creating certificates expiring after ca expiration.
4
11mo 4wk 11mo
kind/bug
author-last
recv
5851 CA cert in Secret not updated when self-signed CA itself gets renewed.
17
1y 2mo 6mo
kind/bug
commented
recv-q
send
5821 Allow renewBefore to be a percentage 1y 12d 1y
kind/feature
lifecycle/stale
collaborator-last
recv
5785 Store OCSP response in kubernetes secret
5
1y 7d 4mo
kind/feature
commented
pr-closed
pr-unreviewed
send
5783 Add k8s.io/client-go/applyconfigurations style *ApplyConfigurations for the included CRDs
1y 13d 1y
kind/feature
author-last
commented
pr-changes-requested
recv
5772 Develop new Helm chart for cert-manager CRD manifests
1y 2mo 2mo
kind/feature
commented
member-last
send
5751 Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together
1y 1d 1y
kind/bug
recv
recv-q
5697 Support PodSecurityAdmission
6
1y 2mo 1y
kind/feature
recv
recv-q
5626 Helm: Allow configuration of readiness, liveness and startup probes for all created Pods
1y 2mo 2mo
kind/feature
collaborator-last
commented
pr-closed
send
5566 upload Helm charts to OCI registry and sign them with cosign
10
1y 8d 13d
kind/feature
commented
send
5557 error instantiating route53 challenge solver: unable to assume role: AccessDenied:
9
1y 4d 1y
kind/bug
lifecycle/stale
collaborator-last
recv
recv-q
similar
5540 Changelog annotations to chart 1y 5wk 1y
kind/feature
author-last
recv
5538 Unable to set IPv6 podDNS config from values 1y 10d 1y
kind/bug
author-last
recv
5514 Venafi Issuer Read `caBundle` from Configmap or Secret
4
10
1y 4wk 4wk
good first issue
kind/feature
assigned
assignee-updated
commented
member-last
pr-new-commits
similar
5486 Aggressive Retries from "error instantiating route53 challenge solver"
4
1y 16d 1y
kind/bug
recv
recv-q
similar
5430 Improving DNS-01 challenge performance
3
1y 7wk 1y
kind/feature
pr-closed
pr-unreviewed
recv
5298 Complete the Migration Away From Jetstack Names 2y 7wk 7wk
kind/cleanup
commented
member-last
5260 In Gateway API mode, with 5+ challenge-solvers in one certificate, provisioning fails 2y 6d 2y
kind/bug
lifecycle/rotten
recv
recv-q
5031 ValidateCAA test function is flaky
2y 9d 4mo
kind/bug
lifecycle/rotten
kind/flake
flake/test-logic
collaborator-last
commented
send
4950 General flakiness of our end-to-end suite
3
2y 2y 2y
lifecycle/frozen
kind/flake
commented
member-last
pr-closed
pr-merged
send
4884 Add a similar secretTemplate to the secret that is created by ACME Issuer
8
2y 4wk 2y
kind/feature
lifecycle/stale
collaborator-last
commented
recv
recv-q
4797 Automatically renew certificates if OCSP indicates that it was revoked
14
2y 2mo 2y
kind/feature
area/acme
author-last
commented
recv
recv-q
4749 rfc2136 seems to not work with deep subdomains 2y 3wk 2y
kind/bug
area/acme/dns01
commented
recv
recv-q
4685 Unexpected EOF during watch stream event decoding: unexpected EOF -- possibly due to api server upgrades / restarts
10
2y 17d 17d
lifecycle/frozen
kind/bug
commented
member-last
send
4423 Cert renewal loop
4
2y 2mo 2mo
kind/bug
commented
member-last
send
4349 allowing greater configuration for the cloud provider tests
2y 2y 2y
lifecycle/frozen
kind/feature
collaborator-last
commented
send
similar
4191 Setting default values for Pod's "resources"?
6
2y 1mo 1mo
commented
member-last
3958 Sane defaults for Certificate revision history limit
2
13
2y 4wk 4wk
kind/feature
commented
member-last
send
similar
3896 Cert Manager failing to renew certificate
18
2y 2mo 2y
kind/bug
area/acme/dns01
commented
recv-q
send
similar
3681 When using a keystore.jks in secret, how can I specify a name for the alias
7
3y 2d 2y
kind/feature
lifecycle/rotten
collaborator-last
commented
pr-unreviewed
recv
recv-q
6212 Default duration field in cmctl check api
7mo 3wk 3wk
kind/feature
commented
member-last
pr-merged
send
6269 Allow hardcoded JKS and PKCS#12 passwords
4
6mo 5wk 5mo
good first issue
kind/feature
commented
contributor-last
pr-reviewed-with-comment
recv-q
5867 Controller can't handle hitting request rate limits of zerossl ACME API
5
12
22
11mo 3mo 3mo
lifecycle/frozen
kind/bug
commented
member-last
pr-closed
pr-merged
send
similar
1347 FAQ Entry for Passwords on JKS / PKCS#12 3mo 3mo
1388 Create a section for sane `Certificate` defaults
6wk 6wk
similar
1257 ErrRegisterACMEAccount 8mo 8mo 8mo
recv
1255 helm install cert-manager with errors 8mo 7mo 7mo
commented
member-last
send
1261 Switch to Docusaurus? 7mo 7mo
1194 Confusing paragraph - cert-manager integration. 1y 7mo 7mo
documentation
commented
member-last
send
1186 Document that/why we don't use Helm's CRD installation mechanism 1y 7mo 7mo
good first issue
kind/documentation
assigned
assignee-updated
commented
member-last
send
1241 Remove Bitnami kubeprod as installation method 9mo 9mo 9mo
recv
1168 Rendering issues for generated API docs
1y 1y 1y
commented
member-last
pr-merged
1101 Feature request for updating documentation. 1y 1y 1y
recv
similar
1125 Describe cert-manager feature policy 1y 1y 1y
contributor-last
recv
recv-q
1063 "Securing Ingresses with Venafi" tutorial contains link to missing manifest
2y 2y 2y
author-last
pr-merged
recv
1062 Document process for offboarding maintainers 2y 2y 2y
recv
similar
1054 Run spell checker in a pre-commit hook 2y 2y 2y
good first issue
kind/cleanup
recv
998 Documentation venafi configuration references venafi documentation page which returns 403 2y 2y 2y
contributor-last
recv
993 Document which resources do/do not get garbage collected 2y 2y 2y
good first issue
contributor-last
recv
1061 Document onboarding process for new maintainers 2y 2y 2y
recv
similar
955 Document when the vault pki role required setting `require_cn=false`
2y 1y
944 Document how to install cert-manager in a different namespace
3
2y 5wk 2y
good first issue
recv
recv-q
975 Some pages do not make it clear what the user should read next 2y 2y
899 Upgrading from v1.7 to v1.8 check command should exclude null.
2
2y 2y 2y
recv
recv-q
866 Securing NGINX-ingress 2y 2y 2y
recv
similar
851 create Cilium ingress tls example
3
2y 2y 2y
assigned
assignee-updated
recv
847 missing documentation/information olm based installation metric prometheus 2y 2y 2y
contributor-last
recv
844 Document feature gates 2y 2y
similar
841 remove dependency on golang from cmctl and kubectl-plugin installation documentation
2y 2y 2y
contributor-last
pr-merged
recv
recv-q
836 Syncing Secrets Across Namespaces
2y 2y 2y
recv
802 Spelling errors are unclear in pull request CI results and spell checker is unmaintained
2y 2y
kind/bug
contributor-last
pr-merged
776 Explain that you can pre-provision a Secret and Certificate.Spec.SecretName can refer to an existing Secret 2y 2y 2y
commented
member-last
send
758 API reference docs: enum values not documented with typedef 2y 2y 2y
recv
706 Default key usages 2y 2y 2y
recv
697 [IRSA] Needs `runAsUser: 1001` 2y 2y 2y
recv
693 Azure DNS pod identity incorrectly documents principal_id 2y 3mo 2y
author-last
commented
recv
recv-q
672 List required Google CloudDNS permissions exhaustively 2y 2y 2y
recv
662 Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"
2y 2y 2y
recv
645 Investigate & add an FAQ/warning about images rolled back after GitOps upgrade 2y 2y 2y
recv
recv-q
642 Move/ link to Webhook debugging docs 2y 2y
868 Document RBAC 2y 2y 2y
contributor-last
recv
similar
604 Make it so that it is easier to find the doc for fixing webhook issues 2y 2y 2y
contributor-last
recv
583 cert-manager with ZeroSSL
45
2y 2y 2y
commented
send
568 Add a diagram for LetsEncrypt cert issuance flow to the docs
4
2y 2y 2y
recv
554 HTTP Validation, privateKeySecretRef 2y 2y 2y
contributor-last
recv
561 Certificate Resources 2y 2y 2y
recv
similar
543 Add getting started documentation for users who want to quickly use cert-manager to issue LetsEncrypt certificates
4
2y 2y 2y
commented
member-last
send
542 Document the Istio VirtualService HTTP01 configuration options 2y 2y
532 Rework of the landing page (cert-manager.io)
3
2y 2y 2y
help wanted
good first issue
commented
member-last
send
486 OpenShift - broken link
2y 2y 2y
commented
member-last
send
469 DNS01: Delegated Domains for DNS01 example yaml solvers list items 3y 3y 3y
recv
466 installation/compatiblity 3y 3y 3y
recv
457 cainjector docs are missing the option to inject certs in apiservice resources
3y 3y 3y
recv
425 Document ocspServers 3y 3y 3y
kind/documentation
commented
member-last
386 Uninstalling on Kubernetes - How to delete all those user created resources?
3y 3y 3y
collaborator-last
commented
send
330 Case for CertificatePrivateKey (encoding, algorithm) is wrong (v1) 3y 3y 3y
collaborator-last
commented
send
326 Securing Ingresses with Venafi 3y 3y 3y
collaborator-last
commented
send
similar
295 Route53 3y 3y 3y
kind/documentation
commented
member-last
send
549 Effort towards a more user-friendly website 2y 2y
1262 v1.9 to v1.10 upgrade instructions does not mention container name change
7mo 16d 16d
assigned
assignee-updated
commented
member-last
1425 The `issuer.vault.spec.caBundleSecretRef` docs are missing 16d 16d
1355 Add CA cert to chain tls.crt 2mo 3wk 2mo
recv
1310 cert-manager-istio-csr Pod's Health Endpoint failing 5mo 5mo 5mo
recv
79 Design for partial automation of release process 2y 2y 2y
commented
member-last
send
42 Publish latest release number as part of creating a final release
2y 2y 2y
commented
member-last
send
50 Move cert-manager-release infrastructure to CNCF's GCP account
2y 2y 2y
commented
member-last
31 Move the manual steps of our release process to cmrel commands
2y 2y 2y
commented
member-last
pr-closed
19 Incorrect command line help: should include a --branch argument 3y 3y 3y
kind/cleanup
commented
contributor-last
27 Create cert-manager specific testing infrastructure
2y 2y 2y
assigned
assignee-updated
commented
member-last
pr-merged
send
244 Populate Subject Fields in Certificate 6wk 5wk 6wk
contributor-last
recv
224 ClusterRole & ClusterRoleBindings for istio-csr 2mo 2mo 2mo
recv
213 charts.jetstack.io beding cluster presents a challenge and breaks deployment 8mo 8mo 8mo
recv
211 Add custom annotations to deployment
9mo 6wk 9mo
pr-unreviewed
recv
197 add the compatibility matrix for Kubernetes versions to README 1y 1y 1y
recv
similar
176 certificateDuration is not used for the Istio CSR generated certificate requests 2y 2y 2y
author-last
commented
recv
recv-q
similar
161 updating ConfigMap data doesn't stop
2y 2y 2y
collaborator-last
commented
send
155 Invalid certificate chain when using Vault with Intermediate CA 2y 2mo 2y
recv
recv-q
153 It is possible to have several CAs within the same cluster.
2
2y 7mo 7mo
commented
member-last
send
145 Not able to use Istio-CSR in istio(1.13.*)
2y 2y 2y
author-last
commented
pr-closed
recv
144 add a support kubernetes client QPS and Burst config 2y 2y 2y
recv
141 Istio-csr pods were hung unable to handle request causes entire cluster downtime for new pods/expired pods. 2y 2y 2y
commented
recv
recv-q
138 istio-csr doesn't retry upon failed certificate requests
2y 1y 2y
contributor-last
recv
137 Documentation on rotating the root certificate
2y 1y 2y
recv
recv-q
136 Document available metrics 2y 2y 2y
recv
similar
133 latest supported cert-manager version with cert-manager-istio-csr? 2y 2y 2y
collaborator-last
commented
send
132 Allow override of istiod-tls certificate common name in helm chert (for non-standard istiod deployments) 2y 10mo 2y
recv
131 metrics to check certificate expiry for istio workloads ? 2y 2y 2y
collaborator-last
commented
send
130 Document best-practices for minimal vault role configuration for istio-csr 2y 6wk 2y
recv
recv-q
118 E2E tests running against the wrong k8s version 2y 2y
117 public ca.crt aka caBundle is not being updated/propagated until the cert-manager and istiod components are restarted 2y 2y 2y
recv
223 False positive warnings from trivy and dependabot 2mo 2mo
108 [doc] confusion with `ca.pem` and Readiness probe failed on ingress and egress gateways 2y 2y 2y
author-last
commented
recv
recv-q
106 Helm chart is failing with "certificate.spec.revisionHistoryLimit" issue 2y 2y 2y
collaborator-last
commented
send
similar
94 Can't get aws pca to work 2y 2y 2y
recv
87 Failing to integrate with GCP CAS
2y 2y 2y
collaborator-last
commented
send
84 csr readiness probe failed, istio ingress pod also failed
2
2y 2y 2y
support
collaborator-last
commented
send
83 commonName required for AWS PCA 2y 2y 2y
commented
recv
recv-q
64 Is there way to hot restart envoy proxy using istio-csr? I'm trying to renew root certificate by changing the istio-ca secret manually. The workload does not pick the new root certificate unless I delete the workload pods 2y 2y 2y
commented
send
53 Generate workload certificates with DNS in the SAN 2y 2y 2y
commented
recv-q
send
217 Restarting a namespace with 30+ deployments causes errors in istio-csr which tends to reolve after a while. 6mo 3mo 6mo
contributor-last
recv
113 Integrating with istio helm chart installs
13
2y 6mo 2y
recv
recv-q
288 Feature: Take control of approval for the whole cluster
4mo 5wk 5wk
commented
member-last
278 Add Helm option to create RBAC allowing approval for all issuers
4mo 4mo 4mo
kind/feature
good first issue
commented
member-last
send
207 Setting .Values.nameOverride makes the pod not have rights to update secret cert-manager-approver-policy-tls 1y 1y 1y
author-last
recv
203 Improve CRD fields for specifying key requirements
2
1y 1y
169 Webhook Custom CA 1y 1y 1y
recv
61 Flakey Tests in pull-cert-manager-approver-policy-verify
2y 2y
kind/bug
pr-merged
216 Simplify configuration by creating RBAC by default
11mo 11mo
pr-merged
271 Include binary artifacts your releases. 5mo 5mo 5mo
recv
301 Add support for kubectl installation 8d 7d 8d
commented
contributor-last
open-milestone
recv
302 Add matchExpressions to Bundle's spec.target.namespaceSelector
7d 7d 7d
contributor-last
recv
recv-q
300 Add support to s390x arch
8d 8d 8d
recv
similar
294 Init Container cert-manager-package-debian Helm Chart should allow resource requests and limits 13d 13d 13d
author-last
recv
291 Evaluate trust namespace value as template 14d 14d 14d
recv
282 No flag to set structured logging format, e.g. JSON?
3
5wk 4wk 5wk
kind/feature
commented
contributor-last
send
281 Issue with CRDs when having trust-manager as chart dependency 5wk 5wk 5wk
recv
276 Improve filtered certs error reporting
4
6wk 5wk 6wk
contributor-last
recv
recv-q
245 Split Bundle controller into multiple controllers
3mo 2mo 3mo
contributor-last
recv
243 More flexible and better organized target specification in API
2
3mo 2mo 3mo
commented
recv
recv-q
297 Allow all resources to be namespaced 13d 13d 13d
recv
242 New version of Bundle API
2
2
3mo 6wk 6wk
commented
member-last
send
222 [Feature] - Ability to inject a CA cert into a cert-manager managed secret resource
5
3mo 3mo 3mo
commented
recv-q
send
227 trust-manager and Kubernetes version compatibility
3mo 3mo 3mo
author-last
recv
recv-q
similar
205 Allow to select multiple "trust" namespaces
4mo 4mo 4mo
recv
175 support extra annotations on resoures in helm chart
5mo 5mo 5mo
recv
168 Install in openshift with existing cert-manager operator install 6mo 6mo 6mo
author-last
commented
recv
recv-q
similar
150 Is there a way to specify the domain
7mo 6mo 6mo
commented
member-last
send
144 Add CertificateRequest as a source
7
8mo 7mo 7mo
commented
contributor-last
pr-merged
recv
similar
142 expose bundles CRD as release artifact
4
8mo 8mo 8mo
recv
135 Automatic CA rotation support 9mo 9mo 9mo
contributor-last
recv
132 Unable to run Trust Manager without cert manager 9mo 9mo 9mo
contributor-last
pr-unreviewed
recv
recv-q
131 Feature: per namespace trust bundle
2
9mo 3mo 9mo
author-last
recv
recv-q
113 Branch from "old" trust-manager name to add deprecation warning.
1y 1y
112 Move away from buildx 1y 1y
183 Create trust bundle based on Debian bookworm
11
5mo 3mo 3mo
good first issue
assigned
assignee-updated
commented
member-last
99 Allow removing Bundles whilst keeping the synced CA certs
2
1y 1y 1y
pr-unreviewed
recv
63 nit: Rename "Bundle" to "ClusterBundle"
12
1y 3mo 3mo
commented
member-last
open-milestone
send
59 Trust part 2 - How to use a bundle?
4
1y 3mo 3mo
commented
member-last
60 overriding trusted namespace
4
5
1y 10mo 1y
commented
recv-q
send
54 Allow auto-trust Bundles tracking a certain Issuer
2
2y 5mo 1y
commented
contributor-last
recv-q
send
299 trust-manager deduplication doesnt work
9d 4d 9d
assigned
assignee-updated
contributor-last
pr-merged
recv
recv-q
39 Don't sync targets to all namespaces by default
7
2y 3mo 3mo
commented
contributor-last
open-milestone
send
33 Support CRDs as target
4
2y 2y 2y
recv
23 Way to add labels/annotations to target
11
2y 6mo 2y
help wanted
good first issue
recv
4 Feature: By default, require only self-signed certificates in a bundle 2y 3mo
kind/feature
help wanted
contributor-last
196 Allow TLS to be configured on the admission webhook server 4mo 4mo 4mo
recv
44 Specialise `Bundle` for X.509 Certificates 2y 3mo 3mo
commented
member-last
72 Add the configmap on all pod via mutatingWebhookConfiguration
3
1y 1y 1y
kind/feature
commented
member-last
send
similar
58 Support injection pem into an existing configmap
3
1y 3mo 1y
help wanted
good first issue
assigned
assignee-updated
contributor-last
recv
171 E2E Test Cleanup 7wk 7wk 7wk
good first issue
commented
member-last
134 Volume empty
4
1y 10mo 1y
recv
136 SubPath support is broken or missing 1y 1y 1y
recv
119 Certificate is re-requested when container restarts 1y 1y 1y
recv
similar
116 Does csi-driver support Wìndows nodes? 2y 1y 1y
collaborator-last
commented
send
74 Investigate and change the default mounted host path for driver 2y 2y
45 Unable to mount and read only file error
4
2y 1y 2y
commented
recv-q
send
33 New key being used with old certificate 3y 3y 3y
recv
29 Deleting a pod with a cert-manager-csi volume mounted results in the pod termination hanging. 3y 3y 3y
recv
26 Cannot `chmod` a read only filesystem
14
3y 2y 3y
pr-closed
recv
recv-q
21 MountVolume.SetUp failed: cannot set blockOwnerDeletion: cannot find RESTMapping for APIVersion core/v1 Kind Pod 3y 3y 3y
recv
17 ability to specify pod IP in volume attributes
5
4y 7wk 3y
commented
recv
recv-q
130 JKS support
3
1y 1y 1y
recv
similar
128 Support all subject attributes
1y 1y 1y
pr-reviewed-with-comment
recv
125 Is it too late to align cert-manager annotations? 1y 1y 1y
recv
similar
42 Intermittent csi-driver-spiffe failure: Unable to mount cert 4mo 4mo 4mo
commented
member-last
send
39 csi-driver-spiffe vs csi-driver
4
9mo 5mo 5mo
commented
member-last
send
41 The default `csiDataDir` value might collide with csi-driver 9mo 9mo
19 Add support for certificate expiry configuration
6
1y 9mo 1y
recv
similar
38 Add Envoy Secret discovery service (SDS) support 9mo 9mo 9mo
recv
39 Support latest cert-manager operator for openshift 5mo 5mo 5mo
commented
member-last
send
similar
38 Route with cert-manager annotations is not created
5mo 2mo 2mo
commented
member-last
send
similar
54 Same certificate in path based Routes
7wk 7wk 7wk
recv
26 Missing CONTRIBUTING.md
11mo 11mo 11mo
recv
14 Annotation generates CertificatesRequests repeatedly until blocked by letsencrypt 2y 2mo 2mo
commented
member-last
send
similar
13 Can the plugin be configured to use a wildcard certificate?
2y 1y 2y
pr-unreviewed
recv
recv-q
12 Does this plugin support DNS validation? 2y 2y 2y
recv
49 What do you use Openshift-routes for?
2mo 3wk
contributor-last
pr-unreviewed
46 Ability to configure CertificateRequest revision history limit
2
3mo 3mo 3mo
recv
similar
42 Monitoring observability for "CertificateRequests" 5mo 4mo 5mo
contributor-last
recv
similar
34 `openshift-routes` doesn't work as expected and isn't suitable for a production environment 7mo 5mo 7mo
author-last
recv
recv-q
30 Installation is only possible in the default `cert-manager` NS
2
8mo 4mo 8mo
contributor-last
pr-closed
recv
recv-q
70 OLM deployment with ArgoCD is OutOfSync 2y 2y 2y
commented
send
46 Cert-manager operator fails to issue certificates 2y 2y 2y
recv
similar
22 Customize the deployment of cert-manager installed via OLM
5
6
2y 1y 2y
author-last
commented
recv
recv-q
3 Restrict operator RBAC permissions 3y 3y 3y
recv
17 Operator prevents passing extraArgs helm value
7
3y 1y 3y
recv
recv-q
60 Support prometheus metrics 6wk 6wk 6wk
recv
8 Drivers can create CertificateRequests for pods that don't exist in very rare edge cases 2y 2y
contributor-last
40 Optional auto rotating/renewing certificates 1y 1y 1y
recv
33 Create e2e test to validate CertificateRequest garbage collection 2y 2y 2y
assigned
recv

Uncommented older than 7 days (179)

Resolution: Add a priority/ or triage/ label

Average age: 372.0d, Avg wait: 344.2d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
850 Document available cert-manager Prometheus metrics
2y 1y 2y
documentation
good first issue
priority/important-longterm
recv
recv-q
similar
76 Upgrading from v0.10 to v0.11 - missing cainjector annotation 4y 3y 4y
priority/backlog
kind/documentation
contributor-last
recv
177 previously listed items omitted