queue to be emptied once a day

Unprioritized issues older than 7 days (293)

Resolution: Add a priority/ or triage/ label

Average age: 379.5d, Avg wait: 186.3d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6350 Webhook inject-ca-from annotation causes downtime
4
12d 2d 7d
kind/bug
author-last
commented
recv
6353 Docs: Wrong example Code for creating Issuers 7d 5d 5d
kind/bug
author-last
commented
recv
recv-q
6334 Query recursive nameservers for DNS01 challenge in round robin fashion 16d 13d 16d
kind/feature
recv
6331 CSR not signed by referenced private key
2
16d 15d 15d
author-last
commented
recv
6327 wrong status code '404', expected '200' with one specific Ingress 18d 18d 18d
kind/bug
recv
6325 The RSA-SHA signature algorithm is not correctly mapped to the certificate. 2wk 13d 15d
assigned
assignee-updated
author-last
commented
recv
6323 Even if CA is expired, cert-manager allows to issue client cert with expired CA 3wk 3wk 3wk
recv
6312 Report issuer/clusterissuer status as a metric 4wk 4wk 4wk
kind/feature
recv
6309 How to pass ServiceAccountName to the acme-http01-solver pod. 4wk 19d 4wk
author-last
recv
6308 Route53 challenges not regulating failed requests with exponential backoffs
4wk 15h 4wk
recv
recv-q
6307 Certificates only issued for ingress in default namespace 4wk 4wk 4wk
kind/bug
recv
6305 Error "Waiting for DNS-01 challenge propagation: dial udp: address udp/53': unknown port" 4wk 4wk 4wk
recv
6288 Generate cert-manager secret with certificate,key and password 5wk 5wk 5wk
kind/feature
recv
6284 cert-manager PEM format certificate to support private key encryption 5wk 5wk 5wk
kind/feature
recv
6283 JWK(S) support
2
5wk 4wk 5wk
recv
similar
6282 The certificate request has failed... order is in "invalid" state 5wk 5wk 5wk
recv
similar
6281 secretName uniqueness not validated 5wk 4wk 4wk
kind/bug
commented
member-last
send
6279 ServiceTemplate for solver HTTP01 6wk 6wk 6wk
recv
6274 Vault Issuer - Secretless Authentication with a Service Account doesn't work
6wk 6wk 6wk
recv
6273 Solver RFC2136 without TSIG 6wk 4wk 4wk
kind/feature
author-last
commented
recv
6270 Feature Request/Idea - Cert-Manager saves TLS Secret to Azure KeyVault 6wk 6wk 6wk
kind/feature
recv
6269 Allow hardcoded JKS passwords
6wk 2d 2d
kind/feature
commented
6254 Logging-format json sometimes drops plaintext messages 7wk 7wk 7wk
kind/bug
recv
6246 Write documentation for the new DNS-over-HTTPS feature
1mo 5wk
kind/documentation
open-milestone
6245 Missing docs for #5337 1mo 5wk
open-milestone
6240 API docs state an out-of-date minimum time before renewal 2mo 4wk 4wk
commented
member-last
send
6238 cattle-cluster-agent error: x509: certificate signed by unknown authority with Letsencrypt 2mo 4wk 4wk
commented
member-last
send
6230 cert-manager DDoSes DNS-01 solver - infinite rate limiting 2mo 11d 2mo
kind/bug
area/acme/dns01
recv
recv-q
6224 Option to store certificate history in individual secrets
2mo 2mo 2mo
kind/feature
author-last
commented
recv
recv-q
6215 The default `Cluster Resource Namespace` is `kube-system`, not `cert-manager` 2mo 4wk 4wk
kind/bug
commented
member-last
send
6213 Unable to install cert-manager with argo-cd because helm chart is v1 2mo 2mo 2mo
kind/bug
commented
member-last
send
6210 Flag to write/sync secrets to a namespace other than the namespace where the Certificate object is created
3
2mo 3wk 2mo
kind/feature
commented
recv
recv-q
6211 cert-manager conformance tests
2mo 2mo
kind/feature
6201 Configure retry strategy 2mo 2mo 2mo
recv
6205 How to check the version/build info? 2mo 3d 3d
kind/feature
collaborator-last
commented
send
6195 logLevel information in logs
2mo 2mo 2mo
kind/bug
recv
6194 Certificates stayed in False not change its state 3mo 3h 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
6185 Ingress-gce:"Error syncing to GCP: error running load balancer syncing routine"
3mo 10d 3mo
kind/bug
recv
recv-q
6184 Conflicting ingressClassName http01 issuer spec and acme.cert-manager.io/http01-ingress-class annotation
4
3mo 2d 3mo
kind/bug
recv
recv-q
similar
6181 helm repo add jetstack https://charts.jetstack.io with errors, certificate has expired or is not yet valid 3mo 1mo 3mo
kind/bug
recv
6179 CRDs shouldn't be templated in Helm...
12
3mo 3wk 7wk
commented
send
6175 `region` should be optional in a Route53 dns solver 3mo 6d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
6174 Certificates Ready : False 3mo 2mo 3mo
kind/bug
recv
recv-q
similar
6163 is there a way to save dhparam with certificat
3mo 16d 3mo
recv
6161 certificate lost Subject Key Identifier 3mo 11d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
6160 Helm Chart global repository 3mo 3d 3mo
contributor-last
recv
6158 Had to apply static installation file twice 3mo 14d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
6141 Consider exposing previous certificates/keys in the kubernetes secret so that workloads can implement a grace period when a certificate rotates
2
3mo 14d 3mo
kind/feature
lifecycle/stale
collaborator-last
commented
recv
6139 Include 3rd party CA's in generated certificate 3mo 2wk 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
6138 allow unencrypted private keys for PKCS12 output
3
3mo 3d 3mo
kind/feature
author-last
recv
6134 cert-manager-cainjector process is stopped by leader election lost, but not start again 3mo 3wk 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
6133 The `spec.duration` in `Certificate` resource seems to be ignored and default to 31 days 3mo 15d 3mo
kind/bug
lifecycle/stale
collaborator-last
commented
send
6117 Vault Issuer Read caBundle from ConfigMap
3
4mo 14d 14d
area/api
kind/feature
lifecycle/stale
area/vault
commented
member-last
send
similar
6113 Integrate with Istio multi-cluster certificate management 4mo 1d 4mo
kind/feature
lifecycle/rotten
collaborator-last
recv
6112 DigiCert error setting up issuer 4mo 4wk 4wk
kind/bug
commented
member-last
send
6111 ACME Route53 dns01 resolver doesn't find private hosted zones when `hostedZoneID` is omitted
4mo 15h 4mo
lifecycle/rotten
collaborator-last
recv
6343 [Helm: possible improvement] Controller ConfigMap is created even if .Values.config is not set
14d 5d 5d
kind/cleanup
commented
contributor-last
pr-merged
recv
6096 Sporadic failures at the order lever with CAA errors 4mo 6d 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
6074 Graduate SecretsFilteredCaching feature gate to beta 4mo 14d 14d
kind/feature
collaborator-last
commented
6071 [helm] Allow usage of initContainers for cert-manager
4mo 14d 3mo
kind/feature
lifecycle/stale
collaborator-last
commented
send
similar
6065 acme-http01-edit-in-place is ignored when edit ingress resource - has to be re-added
5
4mo 11d 4mo
kind/bug
recv
recv-q
6106 Controller can't handle hitting request rate limits when is registering the issuer
4mo 3d 4mo
kind/bug
commented
contributor-last
pr-closed
recv
recv-q
similar
6021 Make it possible to specify logging options for the ACME solver 4mo 3wk
kind/feature
lifecycle/rotten
collaborator-last
6132 Checklist: CNCF Graduation
3mo 14d 14d
commented
member-last
pr-unreviewed
6010 Support the ACME Renewal Information (ARI) extension 4mo 3wk 4mo
kind/feature
lifecycle/rotten
collaborator-last
commented
recv
6007 support HA acme service with freeipa
4mo 4wk 4mo
kind/feature
lifecycle/rotten
collaborator-last
recv
6005 Venafi custom field ca-dn ignored 4mo 4wk 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
6004 Support TLS-ALPN-01 challenges
2
4mo 4wk 4mo
kind/feature
lifecycle/rotten
collaborator-last
recv
5998 Failed post-install: timed out waiting for the condition 5mo 6d 5mo
kind/bug
lifecycle/stale
collaborator-last
recv
similar
5987 Orders sent by cert-manager using a cluster-issuer with an EAB are not RFC8555 compliant | Step-CA private ACME Server
14
5mo 3wk 5mo
kind/bug
lifecycle/rotten
collaborator-last
recv
5974 Issue with version upgrade causing multiple containers in deployment
6
5mo 2wk 5mo
kind/bug
lifecycle/rotten
collaborator-last
recv
5973 Graduate AdditionalCertificateOutputFormats feature 5mo 5wk 5mo
kind/feature
contributor-last
recv
similar
5959 `ImagePullBackoff` on `cm-acme-http-solver` pod, if using private registries
6
5mo 7wk 5mo
kind/bug
contributor-last
recv
recv-q
5957 Support Secure (non-legacy) OpenSSL v3 PKCS12 Algorithms
10
5mo 15d 5mo
kind/feature
recv
6150 (Cluster)Issuer with vault auth and serviceAccountRef is not accepted by cluster due to audience
2
7
3mo 1d 2d
author-last
commented
open-milestone
pr-unreviewed
recv
recv-q
similar
5925 Use readOnlyRootFilesystem: true for all containers
6
5mo 3d 5mo
good first issue
help wanted
kind/feature
collaborator-last
recv
6212 Default duration field in cmctl check api
2mo 3wk 4wk
kind/feature
author-last
commented
pr-merged
recv
5900 [FR] Allow the Chart to create extra manifest 6mo 1d 6mo
kind/feature
author-last
recv
5942 ClusterIssuer with auth kubernetes not working
5mo 15d 3mo
kind/bug
lifecycle/stale
collaborator-last
commented
pr-unreviewed
send
5864 Certmgr allows creating certificates expiring after ca expiration.
4
6mo 3wk 6mo
kind/bug
recv
5862 http01.ingress.class doesn't work
4
6mo 2wk 5mo
kind/bug
lifecycle/rotten
collaborator-last
commented
recv-q
send
5851 CA cert in Secret not updated when self-signed CA itself gets renewed.
14
6mo 2wk 5wk
kind/bug
commented
recv-q
send
5821 Allow renewBefore to be a percentage 7mo 5wk 7mo
kind/feature
author-last
recv
6197 Securing Gateway resources with non HTTPS listeners generate BadConfig events
6
2mo 2mo 2mo
kind/bug
pr-unreviewed
recv
5917 Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated
3
5mo 7min 5mo
kind/bug
lifecycle/stale
assigned
assignee-updated
collaborator-last
commented
recv
recv-q
similar
5782 Misleading error for Vault issuer 7mo 2mo 4mo
good first issue
kind/feature
area/vault
commented
send
5774 Add descriptions for container image repos 7mo 3wk 4mo
good first issue
kind/documentation
lifecycle/rotten
collaborator-last
commented
5772 Develop new Helm chart for cert-manager CRD manifests
7mo 7wk 7wk
kind/feature
commented
member-last
send
5751 Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together 8mo 3wk 8mo
kind/bug
recv
recv-q
5697 Support PodSecurityAdmission
6
8mo 2mo 8mo
kind/feature
recv
recv-q
5665 Allow defining keystore password as litteral instead of SecretRef 9mo 8d 9mo
kind/feature
author-last
recv
recv-q
5643 AdditionalOutputFormat is still in alpha
9mo 7d 6mo
kind/feature
lifecycle/rotten
collaborator-last
commented
send
5566 upload Helm charts to OCI registry and sign them with cosign
7
10mo 7d 6mo
kind/feature
lifecycle/stale
collaborator-last
commented
send
5557 error instantiating route53 challenge solver: unable to assume role: AccessDenied:
8
10mo 6wk 10mo
kind/bug
recv
recv-q
similar
5540 Changelog annotations to chart 11mo 2mo 11mo
kind/feature
author-last
recv
5538 Unable to set IPv6 podDNS config from values 11mo 5wk 11mo
kind/bug
author-last
recv
5516 Forbidden: seccomp may not be set pod.metadata.annotations
3
13
11mo 12h 11mo
kind/bug
lifecycle/stale
collaborator-last
recv
5515 stuck on propagation check failed DNS record not yet propagated
12
11mo 3wk 11mo
kind/bug
lifecycle/rotten
recv
similar
5867 Controller can't handle hitting request rate limits of zerossl ACME API
2
10
19
6mo 2mo 5mo
kind/bug
commented
pr-closed
pr-merged
recv-q
send
similar
5486 Aggressive Retries from "error instantiating route53 challenge solver"
4
11mo 15h 11mo
kind/bug
recv
recv-q
similar
6016 add imagePullSecrets clauses to helm deployment, job templates 4mo 3wk 4mo
kind/feature
author-last
pr-unreviewed
recv
5298 Complete the Migration Away From Jetstack Names 1y 2mo 2mo
kind/cleanup
commented
member-last
6051 Detecting Gateway hostnames based on attached HTTPRoutes 4mo 4wk 4mo
kind/feature
lifecycle/stale
author-last
pr-new-commits
recv
recv-q
5171 TPP Allowed Domains can cause valid certificate to error
1y 14d 8mo
kind/bug
lifecycle/rotten
area/venafi
collaborator-last
commented
5031 ValidateCAA test function is flaky
1y 6d 4mo
kind/bug
lifecycle/stale
kind/flake
flake/test-logic
collaborator-last
commented
send
5220 Investigate improving resource consumption and performance in clusters with large amount of resources
11
1y 22h 11mo
kind/feature
lifecycle/stale
collaborator-last
commented
pr-merged
recv-q
4797 Automatically renew certificates if OCSP indicates that it was revoked
11
2y 5d 2y
kind/feature
area/acme
author-last
commented
recv
recv-q
4749 rfc2136 seems to not work with deep subdomains 2y 6wk 2y
kind/bug
area/acme/dns01
collaborator-last
commented
recv
recv-q
4685 Unexpected EOF during watch stream event decoding: unexpected EOF
8
2y 9mo 2y
lifecycle/frozen
kind/bug
recv
recv-q
4594 TLS handshake error: EOF
20
2y 4wk 1y
kind/bug
lifecycle/stale
collaborator-last
commented
recv-q
send
4423 Cert renewal loop
2
2y 2mo 2y
kind/bug
author-last
commented
recv
recv-q
4349 allowing greater configuration for the cloud provider tests
2y 1y 1y
lifecycle/frozen
kind/feature
collaborator-last
commented
send
3958 Sane defaults for Certificate revision history limit
12
2y 9d 10mo
kind/feature
lifecycle/stale
collaborator-last
commented
recv-q
send
3896 Cert Manager failing to renew certificate
18
2y 2wk 2y
kind/bug
area/acme/dns01
commented
recv-q
send
similar
2380 Helm chart version is not SemVer-compatible
7
3y 1d 1d
kind/bug
lifecycle/rotten
commented
contributor-last
send
5785 Store OCSP response in kubernetes secret
3
7mo 1d 4wk
kind/feature
commented
contributor-last
pr-closed
pr-unreviewed
recv-q
send
5783 Add k8s.io/client-go/applyconfigurations style *ApplyConfigurations for the included CRDs
7mo 6wk 7mo
kind/feature
author-last
commented
pr-changes-requested
recv
5514 Venafi Issuer Read `caBundle` from Configmap or Secret
4
8
11mo 3wk 2mo
good first issue
kind/feature
assigned
assignee-updated
commented
pr-new-commits
similar
5430 Improving DNS-01 challenge performance
3
1y 2mo 1y
kind/feature
pr-reviewed-with-comment
pr-unreviewed
recv
4950 General flakiness of our end-to-end suite
3
2y 1y 1y
lifecycle/frozen
kind/flake
commented
member-last
pr-closed
pr-merged
send
1255 helm install cert-manager with errors 3mo 2mo 2mo
commented
member-last
send
similar
1194 Confusing paragraph - cert-manager integration. 6mo 2mo 2mo
documentation
commented
member-last
send
1186 Document that/why we don't use Helm's CRD installation mechanism 7mo 2mo 2mo
good first issue
kind/documentation
assigned
assignee-updated
commented
member-last
send
1294 Replace and update Jetstack image and copy on cert-manager support page 15d 15d 15d
recv
1159 Why the sample issuer still uses kubebuilder version 2 ? 8mo 8mo 8mo
recv
1168 Rendering issues for generated API docs
8mo 8mo 8mo
commented
member-last
pr-merged
1101 Feature request for updating documentation. 10mo 10mo 10mo
recv
1063 "Securing Ingresses with Venafi" tutorial contains link to missing manifest
1y 1y 1y
author-last
pr-merged
recv
1062 Document process for offboarding maintainers 1y 1y 1y
recv
similar
1061 Document onboarding process for new maintainers 1y 1y 1y
recv
similar
1054 Run spell checker in a pre-commit hook 1y 1y 1y
good first issue
kind/cleanup
recv
998 Documentation venafi configuration references venafi documentation page which returns 403 1y 1y 1y
contributor-last
recv
993 Document which resources do/do not get garbage collected 1y 1y 1y
good first issue
contributor-last
recv
981 The `kubectl operator install` instructions are broken (after upgrading kubectl operator v0.3.0 -> v0.4.0)
2
1y 1y 1y
commented
member-last
pr-changes-requested
975 Some pages do not make it clear what the user should read next 1y 1y
974 Investigate styled 404 page 1y 1y
955 Document when the vault pki role required setting `require_cn=false`
1y 11mo
944 Document how to install cert-manager in a different namespace
3
1y 1mo 1y
good first issue
recv
recv-q
931 Improve upgrade instructions using helm
1y 1y 1y
recv
899 Upgrading from v1.7 to v1.8 check command should exclude null.
2
1y 1y 1y
recv
recv-q
868 Document RBAC 2y 2y 2y
contributor-last
recv
similar
866 Securing NGINX-ingress 2y 2y 2y
recv
similar
851 create Cilium ingress tls example
3
2y 1y 2y
assigned
assignee-updated
recv
847 missing documentation/information olm based installation metric prometheus 2y 2y 2y
contributor-last
recv
844 Document feature gates 2y 2y
similar
841 remove dependency on golang from cmctl and kubectl-plugin installation documentation
2y 2y 2y
contributor-last
pr-merged
recv
recv-q
836 Syncing Secrets Across Namespaces
2y 2y 2y
recv
802 Spelling errors are unclear in pull request CI results and spell checker is unmaintained
2y 2y
kind/bug
contributor-last
pr-merged
776 Explain that you can pre-provision a Secret and Certificate.Spec.SecretName can refer to an existing Secret 2y 2y 2y
commented
member-last
send
758 API reference docs: enum values not documented with typedef 2y 2y 2y
recv
706 Default key usages 2y 2y 2y
recv
697 [IRSA] Needs `runAsUser: 1001` 2y 2y 2y
recv
693 Azure DNS pod identity incorrectly documents principal_id 2y 2y 2y
commented
member-last
send
672 List required Google CloudDNS permissions exhaustively 2y 2y 2y
recv
662 Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"
2y 2y 2y
recv
645 Investigate & add an FAQ/warning about images rolled back after GitOps upgrade 2y 2y 2y
recv
recv-q
642 Move/ link to Webhook debugging docs 2y 2y
1261 Switch to Docusaurus? 2mo 2mo
604 Make it so that it is easier to find the doc for fixing webhook issues 2y 1y 2y
contributor-last
recv
568 Add a diagram for LetsEncrypt cert issuance flow to the docs
4
2y 2y 2y
recv
561 Certificate Resources 2y 2y 2y
recv
similar
554 HTTP Validation, privateKeySecretRef 2y 2y 2y
contributor-last
recv
549 Effort towards a more user-friendly website 2y 2y
583 cert-manager with ZeroSSL
44
2y 1y 1y
commented
send
similar
542 Document the Istio VirtualService HTTP01 configuration options 2y 2y
543 Add getting started documentation for users who want to quickly use cert-manager to issue LetsEncrypt certificates
4
2y 2y 2y
commented
member-last
send
486 OpenShift - broken link
2y 2y 2y
commented
member-last
send
469 DNS01: Delegated Domains for DNS01 example yaml solvers list items 2y 2y 2y
recv
466 installation/compatiblity 2y 2y 2y
recv
457 cainjector docs are missing the option to inject certs in apiservice resources
2y 2y 2y
recv
425 Document ocspServers 2y 2y 2y
kind/documentation
commented
member-last
422 Page last modified date incorrect 2y 2y 2y
kind/bug
collaborator-last
commented
send
386 Uninstalling on Kubernetes - How to delete all those user created resources?
2y 2y 2y
collaborator-last
commented
send
330 Case for CertificatePrivateKey (encoding, algorithm) is wrong (v1) 3y 3y 3y
collaborator-last
commented
send
326 Securing Ingresses with Venafi 3y 3y 3y
collaborator-last
commented
send
similar
295 Route53 3y 2y 2y
kind/documentation
commented
member-last
send
1257 ErrRegisterACMEAccount 3mo 3mo 3mo
recv
1241 Remove Bitnami kubeprod as installation method 3mo 3mo 3mo
recv
1125 Describe cert-manager feature policy 9mo 8mo 9mo
contributor-last
recv
recv-q
1262 v1.9 to v1.10 upgrade instructions does not mention container name change 2mo 2mo 2mo
assigned
assignee-updated
commented
member-last
532 Rework of the landing page (cert-manager.io)
3
2y 2y 2y
help wanted
good first issue
commented
member-last
send
79 Design for partial automation of release process 1y 1y 1y
commented
member-last
send
42 Publish latest release number as part of creating a final release
2y 2y 2y
commented
member-last
send
50 Move cert-manager-release infrastructure to CNCF's GCP account
2y 2y 2y
commented
member-last
31 Move the manual steps of our release process to cmrel commands
2y 2y 2y
commented
member-last
pr-closed
19 Incorrect command line help: should include a --branch argument 3y 2y 2y
kind/cleanup
commented
contributor-last
27 Create cert-manager specific testing infrastructure
2y 2y 2y
assigned
assignee-updated
commented
member-last
pr-merged
send
211 Add custom annotations to deployment 3mo 6d 3mo
author-last
recv
217 Restarting a namespace with 30+ deployments causes errors in istio-csr which tends to reolve after a while. 5wk 5wk 5wk
recv
176 certificateDuration is not used for the Istio CSR generated certificate requests 1y 1y 1y
author-last
commented
recv
recv-q
similar
197 add the compatibility matrix for Kubernetes versions to README 7mo 7mo 7mo
recv
161 updating ConfigMap data doesn't stop
1y 1y 1y
collaborator-last
commented
send
155 Invalid certificate chain when using Vault with Intermediate CA 1y 6wk 1y
recv
153 It is possible to have several CAs within the same cluster.
2
1y 2mo 2mo
commented
member-last
send
144 add a support kubernetes client QPS and Burst config 2y 2y 2y
recv
141 Istio-csr pods were hung unable to handle request causes entire cluster downtime for new pods/expired pods. 2y 1y 2y
commented
recv
recv-q
145 Not able to use Istio-CSR in istio(1.13.*)
1y 1y 1y
author-last
commented
pr-closed
recv
138 istio-csr doesn't retry upon failed certificate requests
2y 10mo 2y
contributor-last
recv
137 Documentation on rotating the root certificate
2y 7mo 2y
recv
recv-q
133 latest supported cert-manager version with cert-manager-istio-csr? 2y 2y 2y
collaborator-last
commented
send
136 Document available metrics 2y 2y 2y
recv
similar
132 Allow override of istiod-tls certificate common name in helm chert (for non-standard istiod deployments) 2y 5mo 2y
recv
131 metrics to check certificate expiry for istio workloads ? 2y 2y 2y
collaborator-last
commented
send
130 Document best-practices for minimal vault role configuration for istio-csr 2y 2y 2y
recv
118 E2E tests running against the wrong k8s version 2y 2y
117 public ca.crt aka caBundle is not being updated/propagated until the cert-manager and istiod components are restarted 2y 2y 2y
recv
108 [doc] confusion with `ca.pem` and Readiness probe failed on ingress and egress gateways 2y 2y 2y
author-last
commented
recv
recv-q
106 Helm chart is failing with "certificate.spec.revisionHistoryLimit" issue 2y 2y 2y
collaborator-last
commented
send
94 Can't get aws pca to work 2y 2y 2y
recv
87 Failing to integrate with GCP CAS
2y 2y 2y
collaborator-last
commented
send
84 csr readiness probe failed, istio ingress pod also failed
2
2y 2y 2y
support
collaborator-last
commented
send
83 commonName required for AWS PCA 2y 2y 2y
commented
recv
recv-q
64 Is there way to hot restart envoy proxy using istio-csr? I'm trying to renew root certificate by changing the istio-ca secret manually. The workload does not pick the new root certificate unless I delete the workload pods 2y 2y 2y
commented
send
53 Generate workload certificates with DNS in the SAN 2y 2y 2y
commented
recv-q
send
213 charts.jetstack.io beding cluster presents a challenge and breaks deployment 3mo 3mo 3mo
recv
113 Integrating with istio helm chart installs
11
2y 6wk 2y
recv
recv-q
216 Simplify configuration by creating RBAC by default 6mo 6mo
207 Setting .Values.nameOverride makes the pod not have rights to update secret cert-manager-approver-policy-tls 6mo 6mo 6mo
author-last
recv
149 Regex to disallow wildcard certificates
3
11mo 3d 11mo
contributor-last
recv
recv-q
203 Improve CRD fields for specifying key requirements
7mo 7mo
169 Webhook Custom CA 9mo 9mo 9mo
recv
62 CertificateRequestPolicy based on which namespace the certificate request belongs to
7
1y 3mo 6mo
author-last
commented
pr-closed
pr-merged
pr-new-commits
recv
61 Flakey Tests in pull-cert-manager-approver-policy-verify
1y 1y
kind/bug
pr-merged
168 Install in openshift with existing cert-manager operator install 4wk 3wk 3wk
author-last
commented
recv
recv-q
similar
175 support extra annotations on resoures in helm chart 2wk 2wk 2wk
recv
155 de-duplicate CA from the trust bundle
1mo 2d 2d
kind/feature
good first issue
assigned
assignee-updated
commented
member-last
pr-reviewed-with-comment
send
150 Is there a way to specify the domain
2mo 3wk 3wk
commented
member-last
send
145 Override namespace installation
3mo 3wk 3wk
help wanted
good first issue
commented
contributor-last
send
similar
135 Automatic CA rotation support 4mo 4mo 4mo
contributor-last
recv
159 No support for EKS in helm
5wk 5wk 5wk
author-last
pr-approved
recv
similar
113 Branch from "old" trust-manager name to add deprecation warning.
7mo 7mo
112 Move away from buildx 7mo 7mo
99 Allow removing Bundles whilst keeping the synced CA certs
2
8mo 8mo 8mo
pr-unreviewed
recv
72 Add the configmap on all pod via mutatingWebhookConfiguration
2
10mo 8mo 8mo
kind/feature
commented
member-last
send
63 nit: Rename "Bundle" to "ClusterBundle"
9
11mo 7wk 8mo
commented
send
60 overriding trusted namespace
4
5
11mo 5mo 8mo
commented
recv-q
send
similar
59 Trust part 2 - How to use a bundle?
1y 3wk 3wk
commented
contributor-last
58 Support injection pem into an existing configmap
3
1y 2mo 1y
contributor-last
recv
54 Allow auto-trust Bundles tracking a certain Issuer
2
1y 3wk 8mo
commented
contributor-last
recv-q
send
44 Specialise `Bundle` for X.509 Certificates 1y 1y
39 Don't sync targets to all namespaces by default
3
1y 1y
33 Support CRDs as target
3
1y 1y 1y
recv
similar
23 Way to add labels/annotations to target
8
1y 3wk 1y
help wanted
good first issue
recv
10 Feature: support secret target
25
2y 4wk 2y
commented
contributor-last
pr-reviewed-with-comment
recv
recv-q
similar
4 Feature: By default, require only self-signed certificates in a bundle 2y 3d
kind/feature
help wanted
good first issue
contributor-last
142 expose bundles CRD as release artifact
3
3mo 3mo 3mo
recv
132 Unable to run Trust Manager without cert manager 4mo 4mo 4mo
contributor-last
pr-unreviewed
recv
recv-q
131 Feature: per namespace trust bundle
4mo 7wk 4mo
recv
recv-q
183 Create trust bundle based on Debian bookworm 7d 7d
good first issue
144 Add CertificateRequest as a source
7
3mo 1mo 1mo
commented
contributor-last
pr-merged
recv
similar
144 Push new tag for chart fixes
3mo 3mo 3mo
recv
140 Update images to not utilize k8s.gcr.io 5mo 5mo 5mo
recv
136 SubPath support is broken or missing 8mo 8mo 8mo
recv
134 Volume empty
3
9mo 5mo 9mo
recv
130 JKS support
3
9mo 7mo 9mo
recv
similar
128 Support all subject attributes 9mo 9mo 9mo
pr-reviewed-with-comment
recv
125 Is it too late to align cert-manager annotations? 9mo 9mo 9mo
recv
similar
119 Certificate is re-requested when container restarts 11mo 11mo 11mo
recv
similar
116 Does csi-driver support Wìndows nodes? 1y 11mo 11mo
collaborator-last
commented
send
74 Investigate and change the default mounted host path for driver 2y 2y
45 Unable to mount and read only file error
4
2y 8mo 1y
commented
recv-q
send
33 New key being used with old certificate 2y 2y 2y
recv
29 Deleting a pod with a cert-manager-csi volume mounted results in the pod termination hanging. 3y 3y 3y
recv
26 Cannot `chmod` a read only filesystem
14
3y 2y 3y
pr-closed
recv
recv-q
21 MountVolume.SetUp failed: cannot set blockOwnerDeletion: cannot find RESTMapping for APIVersion core/v1 Kind Pod 3y 3y 3y
recv
17 ability to specify pod IP in volume attributes
5
3y 3y 3y
commented
recv
145 Release Helm Chart v0.5.1 / v0.6.0
4
3mo 5d 3mo
recv
recv-q
39 csi-driver-spiffe vs csi-driver
4
4mo 16d 16d
commented
member-last
send
19 Add support for certificate expiry configuration
6
11mo 4mo 11mo
recv
38 Add Envoy Secret discovery service (SDS) support 4mo 4mo 4mo
recv
41 The default `csiDataDir` value might collide with csi-driver 4mo 4mo
39 Support latest cert-manager operator for openshift 3wk 12d 12d
commented
member-last
send
similar
38 Route with cert-manager annotations is not created 3wk 16h 3wk
author-last
recv
recv-q
similar
35 How to populate certificate metadata i.e. subject details e.g. OU, Organization etc 7wk 14d 7wk
recv
26 Missing CONTRIBUTING.md
5mo 5mo 5mo
recv
15 Feature: Support for ECC certs 11mo 11mo 11mo
recv
similar
30 Installation is only possible in the default `cert-manager` NS
3mo 2mo 3mo
author-last
pr-closed
pr-unreviewed
recv
recv-q
13 Can the plugin be configured to use a wildcard certificate?
1y 10mo 1y
recv
recv-q
14 Annotation generates CertificatesRequests repeatedly until blocked by letsencrypt 1y 1y 1y
recv
similar
12 Does this plugin support DNS validation? 1y 1y 1y
recv
34 `openshift-routes` doesn't work as expected and isn't suitable for a production environment 2mo 13d 2mo
author-last
recv
recv-q
4 Feature: Allow specification of privateKey.rotationPolicy
2
1y 3mo
70 OLM deployment with ArgoCD is OutOfSync 1y 1y 1y
commented
send
46 Cert-manager operator fails to issue certificates 2y 2y 2y
recv
similar
17 Operator prevents passing extraArgs helm value
7
3y 9mo 3y
recv
recv-q
3 Restrict operator RBAC permissions 3y 3y 3y
recv
22 Customize the deployment of cert-manager installed via OLM
5
6
2y 9mo 1y
author-last
commented
recv
recv-q
8 Drivers can create CertificateRequests for pods that don't exist in very rare edge cases 2y 2y
contributor-last
45 Exponential backoff handling does not apply to certificate renewal in pending phase 7mo 7mo 7mo
recv
47 Race condition: CertificateRequests may never be fulfilled if the issuer was overwhelmed 7mo 7mo 7mo
recv
40 Optional auto rotating/renewing certificates 11mo 11mo 11mo
recv
33 Create e2e test to validate CertificateRequest garbage collection 1y 1y 1y
assigned
recv
similar
41 Question: enable Server-Side Apply (SSA) 2mo 2mo 2mo
recv

Uncommented older than 7 days (159)

Resolution: Add a priority/ or triage/ label

Average age: 338.2d, Avg wait: 315.8d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5590 Configure cluster resource namespace in ClusterIssuer spec
2
10mo 3d 10mo
triage/support
lifecycle/stale
collaborator-last
recv
850 Document available cert-manager Prometheus metrics
2y 7mo 2y
documentation
good first issue
priority/important-longterm
recv
recv-q
similar
76 Upgrading from v0.10 to v0.11 - missing cainjector annotation 3y 3y 3y
priority/backlog
kind/documentation
contributor-last
recv
156 previously listed items omitted

Important soon, but no updates in 90 days (4)

Resolution: Downgrade to important-longterm

Average age: 816.5d, Avg wait: 0.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5074 Race condition between issuers, certificates, and secrets
1y 8mo 1y
lifecycle/frozen
kind/bug
priority/important-soon
commented
member-last
pr-closed
send
1174 Document the docker images and how to find them
8mo 7mo 7mo
good first issue
priority/important-soon
kind/documentation
commented
member-last
send
195 Document keystores 3y 7mo 3y
priority/important-soon
kind/documentation
commented
contributor-last
send
174 Add documentation for CRD conversion webhook ca injection 3y 3y 3y
help wanted
priority/important-soon
kind/documentation
commented
member-last
send

Important longterm, but no updates in 180 days (6)

Resolution: Downgrade to backlog

Average age: 1015.5d, Avg wait: 37.5d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
3521 Integration with ExternalDNS
4
31
2y 7mo 1y
help wanted
lifecycle/frozen
kind/feature
priority/important-longterm
commented
recv-q
send
551 Documentation on how to handle large-scale certificate management & best practices
2
2y 7mo 7mo
help wanted
priority/important-longterm
kind/documentation
commented
member-last
send
401 Bring tutorials up to date 2y 7mo 7mo
priority/important-longterm
commented
member-last
send
223 Document wildcard certificate tutorial 3y 3y 3y
priority/important-longterm
kind/documentation
commented
contributor-last
send
56 Route53: document use of "region" field 3y 7mo 7mo
documentation
priority/important-longterm
commented
contributor-last
send
850 Document available cert-manager Prometheus metrics
2y 7mo 2y
documentation
good first issue
priority/important-longterm
recv
recv-q
similar

Pull Requests: Review Ready (37)

Resolution: Review requests or mark them as do-not-merge/work-in-progress

Average age: 126.0d, Avg wait: 28.6d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6192 Remove conflicting labels from CRDs 3mo 22h 3mo
release-note-none
size/S
needs-ok-to-test
lifecycle/stale
dco-signoff: yes
area/deploy
needs-kind
collaborator-last
recv
unreviewed
5158 Added certificate owner ref field
6
1y 22h 3mo
release-note
approved
area/api
kind/feature
size/XXL
dco-signoff: yes
area/testing
ok-to-test
area/deploy
assigned
assignee-updated
collaborator-last
commented
recv
reviewed-with-comment
similar
6351 Handle multiple concurrent Azure DNS01 challenges for the same FQDN 9d 1d 2d
size/L
release-note
ok-to-test
author-last
commented
recv
similar
unreviewed
6345 Introduce config file for cainjector options 14d 2d
release-note
area/api
kind/feature
size/XXL
dco-signoff: yes
area/deploy
collaborator-last
unreviewed
6228 Issue 5514 read cabundle from kube objects - design doc
3
2mo 2d 7d
size/L
release-note-none
kind/design
needs-ok-to-test
dco-signoff: no
assigned
assignee-updated
author-last
commented
new-commits
open-milestone
recv
recv-q
6248 feat: allow changing the default Deployment revisionHistoryLimit 1mo 5d 1mo
release-note
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
collaborator-last
recv
similar
unreviewed
6003 move pkg/issuer/acme/http/solver to cmd/acmesolver/solver 5mo 6d
release-note-none
approved
size/S
kind/cleanup
area/acme
lifecycle/rotten
dco-signoff: yes
area/acme/http01
collaborator-last
unreviewed
6028 Fix runtime.Scheme errors in tests 4mo 6d
size/L
release-note-none
kind/cleanup
lifecycle/stale
area/acme
dco-signoff: yes
area/testing
collaborator-last
open-milestone
unreviewed
6347 Do not process non-HTTPS listeners on Gateways 13d 13d 13d
size/XS
release-note
needs-ok-to-test
dco-signoff: yes
needs-kind
collaborator-last
recv
unreviewed
5420 Add SkipTLSVerify option to Vault issuer
2
1y 18d 2mo
release-note
size/S
area/api
needs-ok-to-test
dco-signoff: no
needs-kind
author-last
commented
new-commits
recv
recv-q
6103 Unify semver version logic 4mo 4wk
size/L
release-note-none
approved
kind/cleanup
dco-signoff: yes
collaborator-last
open-milestone
unreviewed
5324 Create 20220720-per-certificate-owner-ref.md
6
1y 3wk 3wk
size/L
release-note-none
approved
kind/design
lifecycle/rotten
dco-signoff: yes
commented
member-last
reviewed-with-comment
similar
6120 add comments explaining the Sync function & small test bugfix 3mo 5wk 2mo
release-note-none
approved
lgtm
size/S
kind/cleanup
dco-signoff: yes
assigned
assignee-updated
commented
member-last
open-milestone
reviewed-with-comment
6277 ControllerConfiguration fuzzer, only set the value in case the random value is empty 6wk 5wk
size/L
release-note-none
approved
area/api
kind/cleanup
dco-signoff: yes
area/testing
collaborator-last
unreviewed
6124 Add design/20230601.gateway-route-hostnames. 3mo 6wk 3mo
size/L
release-note-none
kind/design
needs-ok-to-test
dco-signoff: yes
collaborator-last
new-commits
recv
recv-q
6053 Make KeyUsage and BasicConstraints Critical extensions 4mo 6wk
release-note
approved
kind/bug
size/M
dco-signoff: yes
collaborator-last
open-milestone
unreviewed
1303 Add command-issuer to external issuers list 6d 6d 6d
size/XS
dco-signoff: yes
recv
unreviewed
1289 Add diagrams to explain all the "requesting certificates"/ "obtaining certificates" flows 2wk 6d
dco-signoff: yes
size/XL
unreviewed
1291 Reorganise the usage section & move missing topics to this section 2wk 6d
dco-signoff: yes
size/L
unreviewed
1259 Fixed Azure Workload identity doc 2mo 2mo 2mo
dco-signoff: yes
size/S
recv
unreviewed
1199 Webhook troubleshooting: advise people to set `timeoutSeconds` to 30 seconds 6mo 6mo
approved
dco-signoff: yes
size/M
unreviewed
204 Add "inner workings" section to README.md 4mo 4mo 4mo
dco-signoff: yes
approved
size/XS
commented
member-last
unreviewed
216 feat: add the ability to specify certificate usages 2mo 6d 2mo
dco-signoff: yes
size/M
needs-ok-to-test
contributor-last
recv
unreviewed
187