Open PRs (76)

Resolution:

Average age: 148.2d, Avg wait: 30.1d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5384 WIP: intentionally break a test 1d 1d 1d
size/XS
do-not-merge/release-note-label-needed
approved
do-not-merge/work-in-progress
dco-signoff: yes
area/testing
needs-kind
collaborator-last
recv
unreviewed
5383 Generate applyconfigurations and Apply functions 2d 1d 1d
release-note
approved
area/api
size/XXL
dco-signoff: yes
needs-kind
collaborator-last
commented
send
similar
unreviewed
5346 Upgrade deps 16d 1d 1d
release-note-none
approved
area/api
size/XXL
area/acme
dco-signoff: yes
area/testing
area/acme/dns01
area/acme/http01
area/deploy
needs-kind
assigned
assignee-updated
commented
member-last
unreviewed
5083 WIP: Generate applyconfigurations and Apply functions 3mo 2d 3mo
release-note-none
needs-rebase
approved
do-not-merge/work-in-progress
size/XXL
dco-signoff: yes
area/testing
needs-kind
assigned
assignee-updated
collaborator-last
commented
send
similar
unreviewed
5373 Allow config of http01 solver pod security context
2
6d 4d 4d
size/L
release-note
area/api
kind/feature
area/acme
dco-signoff: yes
ok-to-test
area/acme/http01
area/deploy
author-last
commented
open-milestone
recv
unreviewed
5370 Use CUE to generate values.yaml and values.schema.json
9d 4d 8d
release-note
needs-rebase
approved
kind/feature
size/XXL
dco-signoff: yes
area/deploy
collaborator-last
commented
new-commits
send
similar
5336 CertificateRequest: re-sync SelfSigned CertificateRequest when target Secret is informed. 19d 4d 17d
release-note
size/XL
approved
kind/feature
dco-signoff: yes
area/testing
collaborator-last
commented
open-milestone
similar
unreviewed
5379 CertificateSigningRequest: re-sync SelfSigned CertificateSigningRequest when target Secret is informed 4d 4d
release-note
size/XL
approved
kind/feature
dco-signoff: yes
area/testing
collaborator-last
open-milestone
similar
unreviewed
5378 Unify semver version generation 5d 4d
size/L
release-note-none
approved
kind/cleanup
dco-signoff: yes
changes-requested
collaborator-last
5015 Update the make target "e2e-setup-traefik" so that it can work for the version v1alpha2 of the Gateway API 4mo 5d
size/L
release-note-none
needs-rebase
approved
do-not-merge/work-in-progress
kind/cleanup
lifecycle/stale
dco-signoff: yes
area/testing
contributor-last
draft
recv-q
unreviewed
5376 Upgrade gateway api to v0.5.0 5d 5d
release-note
approved
area/api
kind/feature
size/XXL
area/acme
dco-signoff: yes
area/testing
area/acme/http01
area/deploy
collaborator-last
unreviewed
5372 [release-1.8] Ensures CertificateRequests marked as 'InvalidRequest' are properly handled as failures & retried 6d 6d
size/L
release-note
dco-signoff: yes
area/testing
do-not-merge/cherry-pick-not-approved
needs-kind
assigned
collaborator-last
unreviewed
5371 [release-1.9] Ensures CertificateRequests marked as 'InvalidRequest' are properly handled as failures & retried 7d 7d
size/L
release-note
dco-signoff: yes
area/testing
do-not-merge/cherry-pick-not-approved
needs-kind
assigned
collaborator-last
unreviewed
5337 WIP: Controller configuration file 19d 8d 19d
release-note-none
area/api
do-not-merge/work-in-progress
needs-ok-to-test
size/XXL
dco-signoff: no
needs-kind
collaborator-last
recv
unreviewed
5356 Allow ECDSA for ACME client keys 11d 8d 8d
size/L
release-note
kind/feature
area/acme
dco-signoff: yes
ok-to-test
commented
member-last
send
unreviewed
4330 Add client certificate auth method for Vault issuer 1y 9d 4mo
release-note
size/XL
area/api
kind/feature
area/acme
area/vault
dco-signoff: yes
area/testing
ok-to-test
area/deploy
author-last
commented
recv
unreviewed
4570 `RevisionHistoryLimit` has a default value of 25
9mo 9d 19d
release-note
area/api
size/M
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
assigned
commented
member-last
new-commits
send
4796 (wip) support a explicit zone for rfc2136 provider
6mo 9d 4mo
release-note
size/S
area/api
do-not-merge/work-in-progress
area/acme
lifecycle/rotten
dco-signoff: no
ok-to-test
area/acme/dns01
needs-kind
collaborator-last
commented
send
unreviewed
4209 Auto generate README.md, Chart.yaml, values.schema.json and values.yaml using tem & helm-jsonschema-gen
3
1y 9d 5wk
release-note
needs-rebase
approved
kind/feature
size/XXL
dco-signoff: yes
ok-to-test
area/deploy
collaborator-last
commented
new-commits
similar
4502 support subject and email annotations for ingress/gateway
5
10mo 9d 3mo
size/L
release-note-none
needs-rebase
area/api
kind/feature
area/acme
dco-signoff: yes
area/testing
ok-to-test
area/acme/dns01
area/deploy
collaborator-last
commented
new-commits
open-milestone
recv
5324 Create 20220720-per-certificate-owner-ref.md
3wk 9d 18d
size/L
release-note-none
approved
kind/design
dco-signoff: yes
collaborator-last
commented
new-commits
similar
5003 Implement the DNS-over-HTTPS check 4mo 9d 15d
size/L
release-note-none
needs-rebase
do-not-merge/work-in-progress
area/acme
dco-signoff: yes
area/testing
ok-to-test
area/acme/dns01
needs-kind
collaborator-last
commented
draft
recv
unreviewed
4744 Trigger controller: test the trigger cases 7mo 9d 4mo
size/XL
release-note-none
needs-rebase
approved
kind/cleanup
lifecycle/stale
dco-signoff: yes
area/testing
collaborator-last
commented
new-commits
4810 Server Side Apply: Adds support for CA Injector controller to use SSA with Feature Gate
4
6mo 9d 3mo
size/L
release-note
needs-rebase
approved
kind/feature
priority/important-soon
lifecycle/stale
dco-signoff: yes
area/deploy
collaborator-last
commented
open-milestone
reviewed-with-comment
send
5305 :bug: fix #5304 / upgrade dependencies 4wk 9d 4wk
size/XS
release-note
area/api
dco-signoff: yes
ok-to-test
needs-kind
collaborator-last
commented
recv
unreviewed
5038 Added issuer_name, issuer_kind and issuer_group to prom metrics
4mo 9d 4mo
size/L
release-note
needs-rebase
kind/feature
dco-signoff: yes
area/testing
ok-to-test
area/monitoring
collaborator-last
commented
new-commits
recv
recv-q
5126 WIP: Only remove the cleanup finalizer if the cleanup succeeds 3mo 9d 3mo
size/L
release-note-none
needs-rebase
approved
do-not-merge/work-in-progress
kind/cleanup
area/acme
dco-signoff: yes
area/testing
collaborator-last
commented
unreviewed
5094 WIP server-side apply in tests v2 3mo 9d
size/L
release-note-none
needs-rebase
approved
do-not-merge/work-in-progress
kind/cleanup
dco-signoff: yes
area/testing
collaborator-last
unreviewed
5353 Update year to 2022 12d 12d 12d
size/XS
release-note-none
needs-ok-to-test
dco-signoff: yes
needs-kind
collaborator-last
recv
unreviewed
5311 added healthcheck to containers port spec 3wk 15d 3wk
size/XS
release-note-none
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
assigned
author-last
recv
unreviewed
5158 Added certificate owner ref field 2mo 16d 3wk
size/L
release-note
area/api
needs-ok-to-test
dco-signoff: yes
area/testing
area/deploy
needs-kind
commented
member-last
send
similar
unreviewed
5225 Add flag to allow switching ingressClassName specification 7wk 16d 7wk
release-note
needs-ok-to-test
size/M
area/acme
dco-signoff: yes
area/acme/http01
needs-kind
commented
recv-q
send
unreviewed
5093 Add relabeling and metricRelabelings settings for ServiceMonitor. 3mo 18d 3mo
release-note
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
author-last
recv
recv-q
unreviewed
5303 Stop infinitely reissuing certs with shared Secret
3
4wk 19d 3wk
release-note
size/S
do-not-merge/work-in-progress
needs-ok-to-test
dco-signoff: yes
needs-kind
assigned
assignee-updated
collaborator-last
commented
draft
new-commits
recv
5308 Add the Workload Identities for azureDns 4wk 19d 4wk
size/L
release-note
needs-rebase
area/api
needs-ok-to-test
area/acme
dco-signoff: yes
area/acme/dns01
needs-kind
author-last
recv
unreviewed
5174 Add support for restricting the secrets watch list in cainjector
5
2mo 3wk 2mo
release-note
needs-ok-to-test
size/M
dco-signoff: yes
needs-kind
commented
recv
recv-q
unreviewed
4734 Add possibility to use ambient credentials for login to vault 7mo 4wk 4mo
release-note-none
area/api
needs-ok-to-test
size/M
area/vault
lifecycle/rotten
dco-signoff: yes
area/deploy
needs-kind
assigned
assignee-updated
collaborator-last
commented
send
unreviewed
5208 Add: Kubernetes recommanded labels 2mo 4wk 7wk
size/XS
release-note
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
commented
recv
recv-q
unreviewed
5277 Add ability to set common set of labels across all resources 5wk 5wk 5wk
size/XS
release-note
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
collaborator-last
recv
unreviewed
3931 Added PodDisruptionBudgets to helm chart
12
1y 5wk 3mo
size/L
release-note
approved
do-not-merge/hold
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
assigned
assignee-updated
commented
new-commits
recv-q
send
4969 add acmeHttp01SolverImage 4mo 5wk 4mo
size/XS
release-note
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
commented
recv
recv-q
unreviewed
5105 Replace update with patch operation 3mo 7wk 3mo
release-note-none
needs-rebase
size/S
needs-ok-to-test
dco-signoff: yes
area/testing
needs-kind
collaborator-last
recv
unreviewed
5127 Add EncodeUsagesInRequestAnnotationKey for certificate
3mo 7wk 2mo
release-note
needs-rebase
size/S
area/api
needs-ok-to-test
dco-signoff: yes
needs-kind
collaborator-last
commented
send
unreviewed
4835 Making sure per fixture only 1 setup is active at the same time 6mo 1mo 1mo
release-note-none
kind/bug
size/M
dco-signoff: yes
area/testing
assigned
assignee-updated
commented
member-last
reviewed-with-comment
5054 fix webhook can not run with args of kubeconfig
3mo 2mo 3mo
size/XS
release-note-none
kind/bug
needs-ok-to-test
area/acme
dco-signoff: yes
collaborator-last
recv
unreviewed
5139 Added feature-gates arguments to webhook pod 2mo 2mo 2mo
size/XS
release-note
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
changes-requested
commented
member-last
send
1057 Improve the table-of-contents 13h 13h
approved
dco-signoff: yes
size/M
unreviewed
1048 [WIP] Document structure updates 15d 1d 1d
dco-signoff: yes
size/XXL
do-not-merge/work-in-progress
ok-to-test
commented
contributor-last
send
unreviewed
1055 Update pomerium tutorial 2d 2d 2d
dco-signoff: yes
size/L
needs-ok-to-test
recv
unreviewed
1036 Adds documentation on PKCS12 support for csi-driver 3wk 9d
approved
dco-signoff: yes
size/M
unreviewed
1034 Add link to ACME DNS01 webhook for PowerDNS 4wk 10d 4wk
size/XS
dco-signoff: yes
needs-rebase
needs-ok-to-test
contributor-last
recv
unreviewed
1002 Validation webhook troubleshooting: add a step by step guide 2mo 18d 18d
approved
dco-signoff: yes
size/XXL
needs-rebase
commented
contributor-last
reviewed-with-comment
1032 projects/approver-policy: selector.namespace 4wk 4wk
approved
dco-signoff: yes
do-not-merge/hold
size/M
unreviewed
984 Fix zerossl tutorial path 2mo 7wk 2mo
dco-signoff: yes
size/L
ok-to-test
assigned
contributor-last
recv
recv-q
unreviewed
1005 Route53 accessKeyIDSecretRef docs 2mo 2mo 2mo
size/XS
dco-signoff: yes
needs-ok-to-test
recv
unreviewed
992 Initial feature gate documentation
2
2mo 2mo 2mo
approved
dco-signoff: yes
size/M
commented
contributor-last
recv
recv-q
reviewed-with-comment
930 update ibmcloud cis webhook link 3mo 2mo 3mo
size/XS
dco-signoff: yes
needs-ok-to-test
assigned
assignee-updated
author-last
commented
recv
unreviewed
982 WIP: [GSOD] Define our audiences 2mo 2mo
approved
dco-signoff: yes
do-not-merge/work-in-progress
size/M
unreviewed
859 Move the meetings and slack information to a separate page
5mo 3mo 3mo
approved
dco-signoff: yes
needs-rebase
size/M
changes-requested
commented
member-last
send
948 add note to ingress class definition 3mo 3mo 3mo
dco-signoff: no
size/XS
needs-ok-to-test
assigned
author-last
recv
unreviewed
701 Issuer with IRSA needs ambient credentials flag
11mo 4mo 6mo
dco-signoff: no
size/S
ok-to-test
commented
contributor-last
new-commits
send
446 Add multiple ingresses usage section 2y 4mo 11mo
size/XS
dco-signoff: yes
needs-rebase
needs-ok-to-test
changes-requested
commented
contributor-last
send
589 cloud DNS: include missing project ID
1y 4mo 1y
size/XS
dco-signoff: yes
needs-rebase
ok-to-test
changes-requested
commented
contributor-last
send
689 Retro 1.5 follow-up: PR to website on every feature PR
11mo 4mo 11mo
approved
size/XS
dco-signoff: yes
needs-rebase
changes-requested
commented
contributor-last
send
751 Added kubectl config for recursive nameservers 9mo 4mo 8mo
dco-signoff: no
size/XS
needs-rebase
ok-to-test
approved
commented
contributor-last
send
765 Document that DNS-01 ClusterIssuer use kube-system secret 8mo 4mo 8mo
size/XS
dco-signoff: yes
needs-rebase
needs-ok-to-test
assigned
changes-requested
commented
contributor-last
send
790 Update route53.md 7mo 4mo 6mo
dco-signoff: no
size/XS
needs-rebase
needs-ok-to-test
changes-requested
commented
contributor-last
send
884 remove duplicate code 4mo 4mo 4mo
dco-signoff: no
size/XS
needs-rebase
needs-ok-to-test
changes-requested
contributor-last
recv
528 Update "Setting Nameservers for DNS01 Self Check" example 1y 5mo 1y
size/XS
dco-signoff: yes
needs-rebase
needs-ok-to-test
contributor-last
recv
unreviewed
451 update to ingress. 1y 7mo 1y
dco-signoff: no
size/XS
needs-rebase
needs-ok-to-test
contributor-last
recv
unreviewed
548 More doc around the approval API in the /concepts/certificaterequest page
1y 1y 1y
approved
dco-signoff: yes
kind/cleanup
size/XL
needs-rebase
assigned
assignee-updated
changes-requested
commented
contributor-last
send
90 Adds Image to prow context, pass context to job generators. 1d 1d 1d
dco-signoff: yes
approved
size/M
contributor-last
recv
unreviewed
89 Option to write generated prow config, and automatically create pull request against jetstack/testing 2d 1d 1d
dco-signoff: yes
approved
size/L
commented
contributor-last
recv
recv-q
unreviewed
17 Add image validation for Docker architecture 2y 10mo 1y
dco-signoff: yes
lgtm
size/L
needs-rebase
assigned
assignee-updated
commented
contributor-last
new-commits
send
43 No more requirement "be in the release folder" to run cmrel, remove the flag --cloudbuild 11mo 11mo
dco-signoff: yes
approved
size/M
needs-rebase
contributor-last
unreviewed
36 Add the "cmrel update-release-branch" command 1y 11mo 1y
dco-signoff: yes
approved
size/M
needs-rebase
do-not-merge/work-in-progress
commented
contributor-last
draft
unreviewed

Open Issues (291)

Resolution:

Average age: 320.3d, Avg wait: 72.4d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5386 Add subsection for microk8s clusters in ACME/HTTP01 article 12h 12h 12h
kind/feature
recv
5375 Use the official Vault Helm chart to deploy Vault for e2e tests 5d 5d
kind/cleanup
priority/important-longterm
5374 Use Bitnami Helm chart to install Contour for e2e tests instead of committing raw yaml to this repo 5d 5d
good first issue
kind/cleanup
priority/important-longterm
area/testing
5359 Packaging cert-manager with Carvel 10d 9d 10d
kind/feature
recv
5357 Support ECDSA keys for ACME accounts 11d 11d 11d
kind/feature
pr-unreviewed
recv
5355 Make the Helm chart container names unique to help troubleshoot 11d 11d 11d
kind/feature
recv
5349 Cannot install cert-manager with helm - Download failed - problem with Jetstack website 13d 11d 13d
kind/bug
recv
recv-q
5348 Question: usage of an own acmedns api without /update endpoint 14d 14d 14d
recv
5347 Got error:0A00010B:SSL routines::wrong version number 16d 16d 16d
kind/bug
author-last
recv
5344 metrics for failed calls to cloudflare 18d 18d 18d
kind/feature
recv
5326 Add ability to configure podTemplate securityContext fields in http solver 3wk 9d 3wk
kind/feature
recv
5316 Cert-manager shuts down without warning due to secret timeout 3wk 3wk 3wk
kind/bug
author-last
recv
recv-q
5310 Install cert-manager: error bounded in resource existing 3wk 3wk 3wk
recv
5304 `ParentRef` doesn't exists on newer versions of `gatewayAPI` 4wk 4wk 4wk
kind/bug
assigned
assignee-updated
author-last
pr-unreviewed
recv
5301 Error from server: request to convert CR from an invalid group/version: acme.cert-manager.io/v1alpha2 4wk 4wk 4wk
author-last
recv
5298 Complete the Migration Away From Jetstack Names 4wk 4wk
kind/cleanup
5297 Failed to update endpoint cert-manager/cert-manager-webhook 4wk 3wk 4wk
recv
5296 Make caching 4wk 4wk
kind/bug
5295 Allow changing acmesolver pod SecurityContext 4wk 4wk
good first issue
kind/feature
priority/important-longterm
pr-unreviewed
5294 Helm install: no matches for kind "ClusterIssuer" in version "cert-manager.io/v1alpha2" 4wk 4wk 4wk
triage/support
author-last
commented
recv
similar
5293 helm inflator kustomize not same result as helm install 4wk 4wk 4wk
kind/bug
author-last
recv
recv-q
5292 Unable to delete/upgrade cert-manager 4wk 4wk 4wk
triage/support
author-last
commented
recv
5284 Challenge remain pending and does't rerun after I delegate dns zone 5wk 5wk 5wk
kind/bug
recv
5283 DNS Challenges Not Added to Specified Ingress Despite Specifying in ACME ClusterIssuer Manifest 5wk 5wk 5wk
kind/bug
recv
5280 Update the Helm `kubeVersion` field to `1.20.0-0`, the minimum supported version since cert-manager 1.9 5wk 5wk
kind/cleanup
5279 cainjector is watching secrets in all the cluster even after setting --namespace flag
5wk 5wk 5wk
kind/bug
collaborator-last
commented
send
5278 Add Support for Contour HttpProxy (proof of concept included) 5wk 5wk 5wk
kind/feature
collaborator-last
commented
send
5274 Provide the ability to recover a Certificate request from an Error state
2
5wk 5wk 5wk
kind/feature
recv
5268 error decoding private key 5wk 5wk 5wk
kind/bug
recv
5267 cm-acme-http-solver triggers no.scale.down.node.pod.not.backed.by.controller due to lack of PodDisruptionBudget
5wk 5wk 5wk
kind/bug
recv
5265 Failed to determine a valid solver configuration for the set of domains on the Order 5wk 5wk 5wk
recv
5263 Test setup flake: go not found 5wk 5wk
kind/flake
flake/test-setup
5262 Test setup flake: untaring go fails 5wk 5wk
kind/flake
flake/test-setup
5260 In Gateway API mode, with 5+ challenge-solvers in one certificate, provisioning fails 5wk 5wk 5wk
kind/bug
recv
5255 Error installing on ipv6 cluster 6wk 6wk 6wk
kind/bug
recv
5254 AKS high severity : on disabling automounting API credentials for service account installation of cert manager timesout
6wk 19d 6wk
kind/bug
author-last
recv
5253 Webhook FailedDiscoveryCheck failing or missing response from https://<ip>:10251/apis/webhook.cert-manager.io/v1alpha1: bad status 6wk 6wk 6wk
kind/bug
recv
5246 Secrets are not updated when key stores added/removed 6wk 6wk 6wk
kind/bug
recv
5238 no wait time between challenge requeues 7wk 7wk 7wk
kind/bug
recv
5236 Cert Manager appending random string/numbers on the end of secret name
2
7wk 7wk 7wk
triage/support
collaborator-last
commented
send
5230 Timeouts on Every Controller Reconcile Loop
7wk 7wk
kind/bug
pr-merged
5229 Add option to select CADN from yaml file for Venafi TPP requests 7wk 7wk 7wk
kind/feature
recv
5223 cert-manager reporting and alerting 1mo 1mo 1mo
kind/feature
recv
5220 Investigate improving resource consumption and performance in clusters with large amount of resources
4
1mo 1mo 1mo
kind/feature
assigned
assignee-updated
collaborator-last
commented
5218 Install SSL certificate on CertManager container image 1mo 1mo 1mo
recv
similar
5215 Add relabeling in cert-manager serviceMonitor 1mo 1mo 1mo
kind/feature
author-last
commented
recv
recv-q
5211 Question about tolerations 2mo 2mo 2mo
recv
5210 Use instrumentedclient when performing credential verifications for Venafi client
2mo 2mo 2mo
kind/bug
pr-closed
recv
5201 Periodically perform readiness checks for issuers
2mo 7wk 7wk
kind/bug
collaborator-last
commented
pr-closed
pr-merged
send
5198 Integration test flake: various timeouts 2mo 5wk
kind/flake
flake/test-logic
5197 cert-manager-webhook to provide logs when handling a k8s api-server request
2
2mo 2mo 2mo
good first issue
help wanted
kind/feature
assigned
assignee-updated
collaborator-last
commented
send
5193 Stuck on "propagation check failed"
2mo 2mo 2mo
kind/bug
area/acme
collaborator-last
commented
pr-merged
send
similar
5189 Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": context deadline exceeded
3
2mo 15d 5wk
triage/support
area/webhook
commented
send
similar
5182 e2e flake: etcd request slowness 2mo 5wk
kind/flake
flake/test-logic
5180 e2e flake: webhook context deadline exceeded 2mo 5wk 2mo
kind/flake
flake/test-logic
collaborator-last
commented
5179 e2e flake: Message: "admission webhook \"webhook.cert-manager.io\" denied the request: the server could not find the requested resource" 2mo 5wk 2mo
kind/flake
flake/test-logic
collaborator-last
commented
5178 e2e flake: mv: cannot stat 'bin/downloaded/tools/crane': No such file or directory 2mo 5wk 5wk
kind/flake
flake/test-setup
commented
member-last
send
5177 e2e flake: /bin/bash: bin/tools/ytt: Permission denied 2mo 5wk
kind/flake
flake/test-setup
5173 Unable to create certificate with cert-manager v1.7.1 using Traefik 2.6.3 2mo 2mo 2mo
kind/bug
triage/needs-information
area/acme/http01
collaborator-last
commented
send
5171 TPP Allowed Domains can cause valid certificate to error 2mo 2mo 2mo
kind/bug
area/venafi
recv
5164 Webhook --dynamic-serving-dns-names doesn't set SANs 2mo 2mo 2mo
triage/support
collaborator-last
commented
send
5160 Support loading controller configuration from a versioned file
2mo 2mo 2mo
help wanted
kind/feature
assigned
assignee-updated
collaborator-last
commented
5159 ACME account private key rotation support 2mo 2mo 2mo
triage/needs-information
collaborator-last
commented
send
5156 Issued certificate having more validity period than root certificates. 2mo 2mo 2mo
recv
5151 Set Logging Verbosity Dynamically Before Running Tests
2
2mo 2mo 2mo
kind/feature
priority/important-longterm
area/testing
collaborator-last
commented
send
5150 cert-manager-cainjector not work 2mo 2mo 2mo
kind/bug
collaborator-last
commented
send
5149 topologySpreadConstraints support in helm chart
2
2mo 2mo 2mo
kind/feature
recv
5146 New certificate is not issued when duration is changed for existing secret 2mo 6wk 6wk
triage/support
collaborator-last
commented
send
similar
5137 Slow healthz and livez endpoints cause liveness and readiness probe failures 2mo 2mo 2mo
kind/bug
priority/important-soon
collaborator-last
commented
open-milestone
send
5134 Letsencrypt acme cert challenges no longer working on AKS (nginx-ingress + cert-manager + clusterissuer + letsencrypt)
2
2mo 2mo 2mo
kind/bug
recv
5132 HTTP01 - Did not get expected response when querying endpoint, expected X, but got X 2mo 2mo 2mo
kind/bug
recv
5131 ingressShim doesn't supply x.509 subject fields required by our providers (TPP) policies 3mo 2d 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
5128 helm chart: add annotations and labels globally 3mo 2d 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
5120 Too many pending authorizations - On Certificate Orders 3mo 2mo 3mo
kind/bug
author-last
commented
recv
5114 Intermediate certificate is not updated in child certificate 3mo 5d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
5106 Makefile flake when checking shasums 3mo 5wk 5wk
kind/bug
kind/flake
flake/test-setup
commented
member-last
send
5101 No backoff/delay when failing to create challenge solver pods 3mo 1mo 1mo
kind/bug
priority/important-longterm
triage/needs-information
collaborator-last
commented
send
5098 Requested Certificates stuck in Pending 3mo 9d 3mo
kind/bug
lifecycle/stale
contributor-last
recv
recv-q
5088 ACME Issuer should support option to write intermediate and root CAs to Ingress TLS secret 3mo 13d 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
5086 Issuing certificate as Secret does not exist 3mo 12d 3mo
lifecycle/stale
collaborator-last
recv
similar
5085 Support Azure Workload Identities
11
3mo 5wk 7wk
kind/feature
priority/important-longterm
commented
pr-unreviewed
send
5078 Venafi unit-test are flakey when run via make 3mo 17d
lifecycle/stale
collaborator-last
5075 Create generic middleware/wrapper for instrumenting calls to external services
3mo 17d
lifecycle/stale
collaborator-last
pr-merged
5074 Race condition between issuers, certificates, and secrets
3mo 17d 3mo
kind/bug
priority/important-soon
lifecycle/stale
collaborator-last
commented
open-milestone
pr-new-commits
send
5073 Allow injecting CABundle to arbitrary Custom Resources 3mo 2mo 2mo
kind/feature
author-last
commented
recv
5072 Cert-Manager auto rollout in gcloudAnthos 3mo 17d 3mo
lifecycle/stale
collaborator-last
commented
send
5069 Error presenting challenge: the server could not find the requested resource even though resource exists 3mo 19d 3mo
kind/bug
recv
5068 cert-manager v1.9 tracking issue 3mo 18d
lifecycle/stale
collaborator-last
5066 Threat model for cert-manager
3mo 16d 3mo
kind/feature
lifecycle/stale
collaborator-last
commented
5064 Unable to find LetsEncrypt AccountID in Cert-manager logs. 3mo 19d 3mo
triage/support
lifecycle/stale
area/acme
collaborator-last
commented
send
5062 Cert-manager stops processing order request in "processing" status after several attempts 3mo 17d 3mo
kind/bug
lifecycle/stale
area/acme
collaborator-last
commented
recv
recv-q
5056 Cleanup after removing support for Kubernetes 1.18
3mo 3wk 3mo
kind/cleanup
priority/important-soon
lifecycle/stale
collaborator-last
commented
open-milestone
pr-merged
5048 certificate not renewed for ingress with multiple hosts and http01-edit-in-place
2
4mo 16d 3mo
kind/bug
priority/backlog
author-last
commented
recv
5042 propagation check failed: DNS record for xxx not yet propagated
2
4mo 2mo 4mo
kind/bug
recv
recv-q
similar
5041 Failed to obtain venafi certificate: vcert error: your data contains problems: request doesn't match certificate: unmatched key modulus 4mo 3wk 4mo
kind/bug
contributor-last
recv
recv-q
5031 ValidateCAA test function is flaky 4mo 5wk 5wk
kind/bug
kind/flake
flake/test-logic
commented
member-last
send
5028 Wrong nameserver for vault clusterissuer 4mo 16d 3mo
lifecycle/stale
collaborator-last
commented
recv
recv-q
5005 Investigate why Contour fails with "Gateway not found in cache" in some end-to-end Prow jobs
4mo 5wk 5wk
kind/flake
flake/test-logic
commented
member-last
pr-closed
send
5004 After installing cert-manager using kubectl, "cmctl check api" fails with "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": context deadline exceeded
5
4mo 2wk 2wk
commented
member-last
send
similar
5000 externalName: <service-name><namespace>.svc.cluster.local 4mo 16d 4mo
kind/feature
lifecycle/rotten
collaborator-last
recv
4999 Verification on 1.7.2 fails (Kubectl apply) 4mo 2d 4mo
kind/bug
lifecycle/rotten
recv
4982 Cert manager issues - pod is in constant restart
4mo 3wk 4mo
lifecycle/rotten
collaborator-last
commented
send
4980 Waiting for DNS-01 challenge propagation: dial tcp 173.245.59.41:53: connect: connection refused 4mo 2mo 4mo
kind/bug
commented
recv-q
send
similar
4979 Overhaul the DNS01 solver
5
4mo 7wk
kind/feature
pr-closed
4963 How do i get the root cert expiry metrics if manual issuer? 4mo 17d 3mo
priority/awaiting-more-evidence
priority/backlog
lifecycle/stale
collaborator-last
commented
send
4959 Support AWS Auth Method for Vault 4mo 2mo 4mo
kind/feature
recv
4956 cert-manager created multiple CertificateRequest objects with the same certificate-revision
2
3
4mo 12d 4mo
kind/bug
commented
pr-merged
recv
recv-q
4950 General flakiness of our end-to-end suite
3
5mo 5wk 5wk
lifecycle/frozen
kind/flake
commented
member-last
pr-closed
pr-merged
send
4948 Apply changes to test objects by patching instead of updating
5mo 17d
priority/important-soon
lifecycle/stale
area/testing
collaborator-last
open-milestone
pr-merged
pr-unreviewed
4947 Custom labels/annotations in ACME solver services created by Issuer/ClusterIssuer
7
5mo 12d 5mo
kind/feature
lifecycle/stale
collaborator-last
recv
4941 Failed to perform self check GET request 5mo 3wk 5mo
kind/bug
recv
recv-q
similar
4940 Migrate to Ginkgo 2 to get JUnit XML reports on Prow timeouts
5mo 16d 3mo
kind/cleanup
lifecycle/stale
collaborator-last
commented
open-milestone
pr-merged
send
4931 Enable Testing on ARM64 5mo 9d 5mo
kind/feature
author-last
commented
recv
recv-q
4928 Ensure that cmctl install/uninstall sequence works
2
5mo 17d 5mo
kind/bug
priority/important-longterm
lifecycle/stale
collaborator-last
commented
pr-merged
send
4918 Leader election timeout (?) causes exit
5mo 2mo 3mo
priority/important-longterm
commented
recv
recv-q
4910 CNCF incubation tracking issue 5mo 1mo 5mo
priority/important-soon
assigned
assignee-updated
commented
contributor-last
recv
4899 Certificate.Spec.RenewEvery instead of RenewBefore 5mo 11d 11d
kind/feature
collaborator-last
commented
4896 Unable to generate self-signed pkcs12 Certificate
3
5mo 2d 5mo
lifecycle/rotten
collaborator-last
recv
4893 Venafi ClusterIssuer fails to become Ready when authorize is slow
3
5mo 13d 3mo
kind/bug
lifecycle/stale
area/venafi
collaborator-last
commented
send
4892 Set up a permanent cert-manager installation to catch issues that only appear in long running deployments
5mo 7wk 7wk
kind/feature
collaborator-last
commented
4884 Add a similar secretTemplate to the secret that is created by ACME Issuer
5mo 2mo 5mo
kind/feature
author-last
commented
recv
4877 HTTP01 solver fails self-check/propagation check on 1.7.1 when used with client-certificate auth on nginx Ingress 1.1.1
5mo 5wk 5mo
kind/bug
recv
recv-q
4868 Service account error if create != true
5mo 17d 3mo
kind/bug
priority/awaiting-more-evidence
lifecycle/stale
collaborator-last
commented
pr-closed
send
4855 Tooling to set up cert-manager with external dependencies
5
6mo 12d 3mo
kind/feature
priority/important-soon
lifecycle/stale
collaborator-last
commented
send
4846 More than one Certificate nominating same Secret induces runaway creation of many CertificateRequests and Orders
2
6mo 1mo 6mo
kind/bug
priority/important-soon
contributor-last
pr-new-commits
recv
recv-q
4824 Repo Migration Followup Task List
6mo 4wk 5wk
assigned
assignee-updated
commented
member-last
pr-merged
4821 Allow `ingressClassName` to be set for HTTP01 solver ingresses.
61
6mo 4d 3mo
kind/feature
lifecycle/stale
area/ingress-shim
collaborator-last
commented
pr-unreviewed
send
4797 Automatically renew certificates if OCSP indicates that it was revoked
6
6mo 5d 6mo
kind/feature
area/acme
author-last
commented
recv
4786 Investigate whether it would be valuable to decrease the initial backoff period for certificate issuance retries
7
6mo 2mo 2mo
collaborator-last
commented
pr-merged
send
4778 Add cmctl upgrade migrate-api-version --dry-run
4
6mo 17d 4mo
good first issue
help wanted
kind/feature
priority/important-longterm
area/ctl
assigned
assignee-updated
commented
contributor-last
recv
4771 Internal error for webhook server certificate has expired or is not yet valid
6mo 3wk 6mo
lifecycle/rotten
collaborator-last
commented
recv
recv-q
4747 Revoke Certificates
2
5
6mo 6wk 6mo
kind/feature
recv
similar
4722 High memory usage on cluster with many secrets
8
7mo 17d 7mo
kind/bug
priority/important-soon
contributor-last
open-milestone
recv
4685 Unexpected EOF during watch stream event decoding: unexpected EOF
7mo 3mo 7mo
lifecycle/frozen
kind/bug
contributor-last
recv
recv-q
4654 Certificates issued by vault with isCa: true are missing CA:TRUE in certificate
2
3
4
8mo 4wk 4wk
kind/bug
commented
member-last
send
4653 Venafi TPP Support for Oauth
3
8mo 4wk 8mo
kind/feature
priority/backlog
recv
recv-q
4648 Kubernetes 1.22 Challenge stuck at pending : Waiting for HTTP-01 challenge propagation: wrong status code '404', expected '200'
2
14
8mo 17d 8mo
kind/bug
priority/backlog
lifecycle/stale
collaborator-last
recv
recv-q
similar
4621 Allow Certificate secretTemplate to specify the cert-manager.io/allow-direct-injection annotation
8mo 17d 3mo
kind/feature
lifecycle/stale
collaborator-last
commented
open-milestone
pr-closed
send
4594 TLS handshake error: EOF
4
9mo 11d 2mo
kind/bug
commented
recv-q
send
4562 GET requests for `/.well-known/acme-challenge/...` are sent to the wrong pod on cluster using K3s and Traefik
8
2
5
9mo 15d 9mo
kind/documentation
triage/support
lifecycle/rotten
assigned
assignee-updated
collaborator-last
commented
recv-q
send
4561 Ability to specify secret ownerReference as part of the Certificate request
3
9mo 2mo 9mo
kind/feature
recv
4538 Enable new Auth methods for Vault
3
9mo 17d 3mo
priority/important-longterm
lifecycle/stale
collaborator-last
commented
send
4535 Kubernetes: x509 certificate signed by unknown authority, possibly because of ECDSA verification failure
9mo 2mo 9mo
commented
recv-q
send
4490 Subject Ingress Annotations
3
10mo 3d 10mo
kind/feature
pr-new-commits
recv
4489 Externalize controller argument config
10mo 2mo 2mo
kind/feature
priority/important-longterm
assigned
commented
send
4473 Add signing for cert-manager artifacts 10mo 17d 3mo
kind/feature
priority/important-longterm
lifecycle/stale
collaborator-last
commented
4454 Add certificate issuer / issuer type in prometheus metrics
8
11mo 2d 4mo
good first issue
help wanted
kind/feature
lifecycle/rotten
collaborator-last
commented
open-milestone
pr-new-commits
recv-q
send
4423 Cert renewal loop
2
11mo 4wk 10mo
kind/bug
author-last
commented
recv
recv-q
4410 Support configuration via operator subscription
4
11mo 2mo 2mo
kind/feature
commented
member-last
send
4349 allowing greater configuration for the cloud provider tests
1y 3mo 3mo
lifecycle/frozen
kind/feature
collaborator-last
commented
send
4331 Add Uninstall & Upgrade commands to `kubectl cert-manager`
1y 7d
kind/feature
lifecycle/rotten
collaborator-last
pr-closed
4250 Support parallel DNS validation for same host
5
1y 7d 8mo
priority/important-soon
lifecycle/stale
area/acme/dns01
collaborator-last
commented
open-milestone
recv
recv-q
4246 ACME DNS Challenge and Propagation Delay (NXDOMAIN)
7
1y 4wk 1y
kind/bug
recv
4216 Error getting keypair for CA issuer: error parsing ecdsa private key: x509: failed to parse EC private key: asn1: structure error: length too large 1y 1y 1y
recv
4153 Support DoT (DNS over TLS) for Recursive Nameservers
1y 4wk 3mo
kind/feature
priority/backlog
area/acme/dns01
author-last
commented
recv
4144 Make it possible to use a projected service account token to the Vault Issuer instead of a service account Secret
19
1y 15d 15d
kind/feature
priority/backlog
area/vault
commented
member-last
pr-closed
send
4033 Automated updates of base images
1y 17d 3mo
kind/feature
priority/important-soon
lifecycle/stale
collaborator-last
commented
open-milestone
pr-merged
3992 Add non-CRD yaml file
2
1y 14d 1y
priority/important-soon
area/deploy
commented
open-milestone
recv
3958 Sane defaults for Certificate revision history limit
9
1y 2mo 1y
kind/feature
recv
recv-q
similar
3898 Allow setting PodDisruptionBudget policies via helm chart
3
1y 2mo 1y
kind/feature
priority/important-longterm
area/deploy
author-last
pr-closed
pr-new-commits
recv
3896 Cert Manager failing to renew certificate
17
1y 2mo 10mo
kind/bug
commented
recv-q
send
similar
3820 Controller fails to process new certs when there are a large number of pending ones
3
1y 17d 6mo
kind/bug
priority/important-soon
lifecycle/stale
area/acme
assigned
assignee-updated
collaborator-last
commented
send
3761 Document a security issue reporting, response, and distribution process
2
5
1y 11d 3mo
kind/documentation
kind/feature
priority/backlog
lifecycle/stale
assigned
assignee-updated
collaborator-last
commented
pr-merged
send
3748 Cert-manager causes API server panic on clusters with more than 20000 secrets.
11
1y 3wk 6mo
kind/bug
triage/needs-information
commented
contributor-last
pr-merged
send
3747 Certificate issuerRef should be optional
1y 3wk 1y
kind/feature
lifecycle/rotten
collaborator-last
recv
3719 DNS-01 broken scenario (GCP Cloud DNS) 1y 2mo 1y
kind/bug
author-last
recv
3711 Export issued cert into AWS ACM
19
1y 22h 1y
kind/feature
priority/backlog
lifecycle/rotten
collaborator-last
recv
3706 renewal-hooks
3
12
1y 2mo 7mo
kind/feature
priority/important-longterm
commented
send
3655 Specify Name Constraints in CA Certificate
4
2y 5wk 2y
kind/feature
priority/backlog
author-last
recv
3640 Challenge Records Not Always Cleaned Up 2y 1d 1d
kind/bug
area/acme
triage/needs-information
collaborator-last
commented
pr-merged
pr-unreviewed
3592 Ability to not create ca.crt
2
2y 2mo 2y
author-last
commented
recv
3565 requestmanager_controller got stuck in a loop and stopped generating new certificates afterward
12
2y 12d 10mo
kind/bug
commented
recv-q
send
3521 Integration with ExternalDNS
15
2y 4wk 3mo
help wanted
lifecycle/frozen
kind/feature
priority/important-longterm
commented
recv-q
send
3453 Wrong SOA record while updating delegated _acme-challenge zone.
4
2y 1mo 1mo
help wanted
kind/bug
priority/backlog
area/acme/dns01
commented
pr-unreviewed
send
3383 Certificate API doc omits "3072" as valid RSA key size 2y 1d 2y
kind/bug
priority/important-longterm
author-last
commented
recv
3381 Setup separate package for cert-manager API
3
2y 17d 17d
kind/feature
priority/important-soon
assigned
assignee-updated
commented
member-last
open-milestone
send
3298 Let's encrypt certificate caching to mitigate rate limits problems
3
11
2y 10d 6mo
help wanted
kind/feature
priority/backlog
commented
recv-q
send
3283 Passing apiVersion as apiGroup should give a validation error
2
15
2y 4wk 2y
area/api
kind/bug
priority/important-longterm
commented
recv
recv-q
3103 Adding probes to the cert-manager pods
5
2y 6wk 6wk
kind/feature
priority/important-longterm
area/deploy
collaborator-last
commented
send
similar
2882 Reuse / recovery of ExternalAccountBinding based account
3
6
30
2y 2mo 2y
kind/bug
priority/important-soon
area/acme
triage/needs-information
commented
pr-closed
recv-q
send
2779 Support AWS Session Tokens
2
2y 17d 3mo
good first issue
help wanted
kind/feature
priority/important-longterm
lifecycle/stale
area/acme/dns01
collaborator-last
commented
send
2722 Inject CA certificate into Secrets with cainjector
13
2y 6wk 7mo
kind/feature
priority/awaiting-more-evidence
commented
send
2605 No flag to set structured logging output, e.g. JSON?
31
2y 2mo 2y
help wanted
kind/feature
priority/backlog
author-last
commented
recv
recv-q
2538 cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer
56
2y 6d 11mo
area/api
kind/feature
priority/backlog
author-last
commented
recv
2525 Better support multi-namespace & single-namespace deployments
18
2y 12d 1y
kind/feature
priority/important-longterm
area/deploy
commented
pr-closed
recv-q
send
2478 Allow CA issuer secret rotation
25
2y 4d 2y
kind/feature
priority/important-longterm
area/ca
commented
open-milestone
recv-q
send
2380 Helm chart version is not SemVer-compatible
4
2y 16d 1y
kind/bug
commented
recv
recv-q
2334 Add network policy allowance into documentation
16
2y 4wk 11mo
good first issue
help wanted
kind/documentation
priority/backlog
area/deploy
commented
recv
recv-q
2332 Private ACME authority aka custom root certificate for ACME
17
2y 4wk 2y
good first issue
help wanted
kind/feature
priority/backlog
area/acme
commented
recv
recv-q
2239 Create a CertificatePreset resource type to allow configurable defaulting
58
2y 17d 3mo
area/api
kind/feature
priority/backlog
priority/important-soon
lifecycle/stale
collaborator-last
commented
open-milestone
pr-closed
pr-merged
send
2178 Handling 'unregistering' certificates from Venafi TPP
11
2y 7mo 2y
lifecycle/frozen
kind/feature
priority/important-longterm
area/venafi
commented
recv-q
send
1888 Certificate not matching private key when creating multiple ingress resources
15
3y 11d 11d
good first issue
help wanted
kind/bug
priority/important-soon
area/acme
commented
open-milestone
send
1292 Allowing skipping HTTP01 and DNS01 self-check on a per-solver basis
3
112
3y 8d 7mo
area/api
help wanted
kind/feature
priority/important-longterm
area/acme
assigned
assignee-updated
commented
open-milestone
pr-closed
pr-merged
send
1282 Option to specify x509 extensions on certificates
12
3y 3wk 2y
area/api
help wanted
kind/feature
priority/backlog
lifecycle/stale