Open PRs (92)

Resolution:

Average age: 287.3d, Avg wait: 44.4d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6849 πŸ› Remove extra space/line from cert-manager release manifest 6wk 4h 4h
size/XS
do-not-merge/release-note-label-needed
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
commented
member-last
send
unreviewed
6775 Switch back to ldap's ParseDN and add support for literal OID subject attribute type 2mo 4h 4h
size/XL
release-note-none
kind/feature
dco-signoff: yes
area/testing
commented
member-last
new-commits
6908 Added class in ingressClassName as default if not specified 7d 4h 4h
size/XS
release-note-none
area/acme
dco-signoff: yes
ok-to-test
area/acme/http01
needs-kind
assigned
assignee-updated
commented
member-last
send
unreviewed
6516 First draft of e2e test to try to reproduce same domain multiple orders race condition 5mo 4h 4h
release-note-none
size/M
dco-signoff: yes
area/testing
ok-to-test
needs-kind
commented
member-last
send
unreviewed
6927 Graduate 'DisallowInsecureCSRUsageDefinition' to GA 1d 4h 4h
release-note
size/S
dco-signoff: yes
ok-to-test
needs-kind
commented
member-last
new-commits
send
4570 `RevisionHistoryLimit` has a default value of 25
2y 4h 10h
release-note
needs-rebase
area/api
size/M
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
assigned
commented
contributor-last
new-commits
recv-q
send
4330 Add client certificate auth method for Vault issuer
4
2y 4h 1y
release-note
needs-rebase
approved
area/api
kind/feature
size/XXL
lifecycle/stale
area/acme
area/vault
dco-signoff: yes
area/testing
ok-to-test
area/deploy
commented
contributor-last
open-milestone
recv
recv-q
reviewed-with-comment
similar
5126 WIP: Only remove the cleanup finalizer if the cleanup succeeds 2y 4h 7wk
size/L
release-note-none
do-not-merge/work-in-progress
kind/cleanup
area/acme
dco-signoff: yes
area/testing
commented
contributor-last
recv-q
send
unreviewed
4835 Making sure per fixture only 1 setup is active at the same time 2y 4h 2mo
release-note-none
needs-rebase
kind/bug
size/M
dco-signoff: yes
area/testing
assigned
assignee-updated
commented
contributor-last
recv-q
reviewed-with-comment
5373 Allow config of http01 solver pod security context
3
3
2y 4h 2mo
release-note
approved
area/api
do-not-merge/hold
kind/feature
size/XXL
area/acme
lifecycle/rotten
dco-signoff: yes
ok-to-test
area/acme/http01
area/deploy
closed
commented
contributor-last
recv
recv-q
5158 Added certificate owner ref field
6
2y 4h 16d
release-note
needs-rebase
approved
area/api
kind/feature
size/XXL
dco-signoff: yes
area/testing
ok-to-test
area/deploy
assigned
assignee-updated
commented
contributor-last
recv-q
reviewed-with-comment
send
5447 Allow extra DNS-01 propagation time to be configured
2y 4h 2mo
release-note
needs-rebase
size/S
area/acme
dco-signoff: yes
ok-to-test
area/acme/dns01
needs-kind
commented
contributor-last
open-milestone
recv-q
send
unreviewed
5848 WIP: Design: core-issuers 1y 4h 5mo
release-note-none
approved
lgtm
do-not-merge/work-in-progress
do-not-merge/hold
kind/design
size/M
lifecycle/rotten
dco-signoff: yes
commented
contributor-last
recv-q
reviewed-with-comment
send
5743 Add MaxPathLen and add EncodeBasicConstraintsInRequest option to Certificate and CertificateRequest resources 1y 4h 4mo
size/L
release-note
needs-rebase
area/api
kind/cleanup
lifecycle/stale
dco-signoff: yes
area/testing
ok-to-test
area/deploy
commented
contributor-last
open-milestone
recv-q
reviewed-with-comment
send
5823 Make it possible to split a cert-manager installation over multiple Helm releases. 1y 4h 5mo
do-not-merge/release-note-label-needed
needs-rebase
size/S
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
assigned
assignee-updated
commented
contributor-last
open-milestone
recv
recv-q
reviewed-with-comment
6155 Add Certificate Hash 10mo 4h 9d
release-note-none
area/api
do-not-merge/work-in-progress
kind/feature
size/XXL
area/acme
dco-signoff: yes
area/testing
ok-to-test
commented
contributor-last
draft
recv-q
unreviewed
6145 Improve Trigger, Readiness and PostIssuance Policy chains 10mo 4h 19d
size/L
release-note-none
do-not-merge/work-in-progress
kind/cleanup
dco-signoff: yes
area/testing
ok-to-test
commented
contributor-last
draft
recv-q
unreviewed
6567 Update Certificates with Ingress annotations 4mo 4h 2mo
release-note
kind/bug
size/M
dco-signoff: yes
ok-to-test
commented
contributor-last
recv
recv-q
unreviewed
6424 Helm chart: Allow the creation of extra manifests via values
4
6mo 4h 3wk
release-note
size/S
kind/feature
dco-signoff: yes
ok-to-test
area/deploy
changes-requested
commented
contributor-last
recv-q
send
6351 Handle multiple concurrent Azure DNS01 challenges for the same FQDN 7mo 4h 7mo
size/L
release-note
needs-rebase
area/acme
dco-signoff: yes
ok-to-test
area/acme/dns01
commented
contributor-last
recv
recv-q
unreviewed
5876 helm: add support for TLS configuration and application protocol
2
1y 4h 2mo
release-note
needs-rebase
size/S
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
assigned
assignee-updated
commented
contributor-last
recv-q
reviewed-with-comment
send
6821 Bump all dependencies 6wk 4h
release-note-none
needs-rebase
kind/cleanup
size/XXL
area/acme
dco-signoff: yes
area/testing
contributor-last
recv-q
unreviewed
6657 Allow to set keystore password in Certificate
4
3mo 4h 2mo
size/L
release-note
needs-rebase
area/api
dco-signoff: yes
area/testing
ok-to-test
area/deploy
needs-kind
commented
contributor-last
recv-q
reviewed-with-comment
send
6731 Move the cainjector controller to its own directory 2mo 4h
release-note-none
needs-rebase
kind/cleanup
size/M
dco-signoff: yes
area/testing
contributor-last
recv-q
unreviewed
6924 chore: use errors.New to replace fmt.Errorf with no parameters will much better 2d 2d 2d
do-not-merge/release-note-label-needed
needs-ok-to-test
size/M
area/acme
dco-signoff: yes
needs-kind
contributor-last
recv
recv-q
unreviewed
6782 Limit the memory allocation when parsing ber encoded components in the LiteralSubject field 2mo 8d 8d
release-note
needs-rebase
size/S
kind/bug
dco-signoff: yes
commented
member-last
new-commits
send
6902 Specify resources for acme pods per issuer 11d 11d 11d
release-note
size/XL
area/api
needs-ok-to-test
area/acme
dco-signoff: yes
area/acme/http01
area/deploy
needs-kind
collaborator-last
recv
unreviewed
6900 feat: Host Network - Enable support in Deployment via values 11d 11d 11d
release-note
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
collaborator-last
recv
unreviewed
6576 Allow customizing labels copied from ingresses to certificates 3mo 18d 3mo
release-note
area/api
needs-ok-to-test
size/M
lifecycle/stale
dco-signoff: yes
needs-kind
collaborator-last
recv
unreviewed
6228 Issue 5514 read cabundle from kube objects - design doc
3
9mo 3wk 7mo
size/L
release-note-none
kind/design
needs-ok-to-test
lifecycle/stale
dco-signoff: no
collaborator-last
commented
new-commits
open-milestone
recv
recv-q
6878 support assumeRoleWithWebIdentity for Route53 issuer 3wk 3wk 3wk
size/L
release-note
area/api
kind/feature
needs-ok-to-test
area/acme
dco-signoff: yes
area/acme/dns01
area/deploy
collaborator-last
recv
unreviewed
6376 WIP: Add OCSP stapling functionality 6mo 3wk 6mo
size/XL
release-note-none
needs-rebase
area/api
do-not-merge/work-in-progress
kind/feature
needs-ok-to-test
lifecycle/rotten
dco-signoff: no
collaborator-last
commented
send
unreviewed
6146 Add Venafi custom field support to cert-shim 10mo 5wk 6wk
release-note-none
needs-rebase
size/S
do-not-merge/hold
needs-ok-to-test
dco-signoff: yes
needs-kind
changes-requested
collaborator-last
commented
send
6192 Remove conflicting labels from CRDs 9mo 2mo 9mo
release-note-none
needs-rebase
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
collaborator-last
recv
unreviewed
6766 use release namespace for leader election 2mo 2mo 2mo
release-note
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
collaborator-last
recv
unreviewed
6456 Add optional hostAliases to cert-manager pod
3
5mo 2mo 5mo
release-note
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
recv
recv-q
unreviewed
6190 Adds ingress annotation support for alt-names 10mo 2mo 5mo
release-note
size/S
needs-ok-to-test
triage/needs-information
dco-signoff: yes
area/testing
needs-kind
commented
send
similar
unreviewed
6722 feat: add annotations on RBACs 2mo 2mo 2mo
size/L
release-note
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
collaborator-last
recv
unreviewed
1458 Explain how to optimise cert-manager for scale
14d 10h 10h
approved
dco-signoff: yes
size/L
approved
commented
contributor-last
recv-q
send
1462 Bump the all group with 2 updates 6h 6h 6h
size/XS
dco-signoff: yes
dependencies
github_actions
recv
recv-q
similar
unreviewed
1450 Docker testing and validation 5wk 5wk 5wk
dco-signoff: yes
size/M
contributor-last
new-commits
recv
1449 Update install instructions, making them consistent for all sub-projects 5wk 5wk 5wk
dco-signoff: yes
size/M
changes-requested
commented
member-last
1447 Explain how to install cert-manager using ArgoCD
5wk 5wk 5wk
dco-signoff: yes
size/L
commented
member-last
reviewed-with-comment
send
1448 Remove approver-policy versions from install instructions 5wk 5wk
size/XS
dco-signoff: yes
unreviewed
1197 doc about new option default-cleanup-policy
1y 6wk 1y
approved
dco-signoff: yes
needs-rebase
size/M
commented
contributor-last
new-commits
send
1202 Add section about client cert authentication for vault 1y 6wk 1y
dco-signoff: yes
do-not-merge/work-in-progress
size/M
commented
contributor-last
draft
new-commits
send
similar
1419 fix: TLSConfig secretName description 2mo 2mo 2mo
dco-signoff: yes
size/S
changes-requested
commented
member-last
send
1213 Draft of tutorial for Google's Public CA 1y 2mo 11mo
dco-signoff: yes
size/L
needs-rebase
ok-to-test
commented
contributor-last
reviewed-with-comment
send
1397 Document External Vault secretless auth options 3mo 3mo 3mo
dco-signoff: yes
size/L
recv
unreviewed
1364 WIP: Patch release checklist 4mo 4mo
dco-signoff: yes
do-not-merge/work-in-progress
size/M
unreviewed
1075 Move Issuer / ClusterIssuer and Certificate resource content to a sub-folder of configuration/ 2y 5mo 5mo
approved
dco-signoff: yes
size/L
needs-rebase
changes-requested
commented
member-last
send
790 Update route53.md 2y 7mo 7mo
dco-signoff: no
size/XS
needs-rebase
needs-ok-to-test
changes-requested
commented
member-last
send
1259 Fixed Azure Workload identity doc 9mo 9mo 9mo
dco-signoff: yes
size/S
recv
unreviewed
948 add note to ingress class definition 2y 11mo 11mo
dco-signoff: no
size/XS
needs-rebase
needs-ok-to-test
assigned
commented
contributor-last
send
unreviewed
701 Issuer with IRSA needs ambient credentials flag
2y 2y 2y
dco-signoff: no
size/S
ok-to-test
commented
contributor-last
new-commits
send
859 Move the meetings and slack information to a separate page
2y 2y 2y
approved
dco-signoff: yes
needs-rebase
size/M
changes-requested
commented
member-last
send
528 Update "Setting Nameservers for DNS01 Self Check" example 3y 2y 3y
size/XS
dco-signoff: yes
needs-rebase
needs-ok-to-test
contributor-last
recv
unreviewed
173 Bump golang.org/x/net from 0.21.0 to 0.23.0 in the go_modules group 4d 4d 4d
dco-signoff: yes
needs-ok-to-test
size/S
dependencies
go
recv
recv-q
unreviewed
17 Add image validation for Docker architecture 3y 2y 2y
dco-signoff: yes
lgtm
size/L
needs-rebase
assigned
assignee-updated
commented
contributor-last
new-commits
send
43 No more requirement "be in the release folder" to run cmrel, remove the flag --cloudbuild 2y 2y
dco-signoff: yes
approved
size/M
needs-rebase
contributor-last
unreviewed
36 Add the "cmrel update-release-branch" command 2y 2y 2y
dco-signoff: yes
approved
size/M
needs-rebase
do-not-merge/work-in-progress
commented
contributor-last
draft
unreviewed
174 Bump the all group with 7 updates 1d 1d 1d
dco-signoff: yes
needs-ok-to-test
size/L
dependencies
go
recv
recv-q
similar
unreviewed
301 Bump the all group across 1 directory with 7 updates 20h 20h 20h
dco-signoff: yes
size/M
needs-ok-to-test
dependencies
go
contributor-last
recv
recv-q
similar
unreviewed
187 Add the ability to ignore cluster scoped resources.
1y 7wk 3mo
dco-signoff: yes
size/XS
ok-to-test
needs-rebase
commented
contributor-last
reviewed-with-comment
send
251 feat: add the ability to specify certificate usages 3mo 2mo 3mo
dco-signoff: yes
size/M
needs-ok-to-test
needs-rebase
contributor-last
recv
unreviewed
297 Update to istio 1.21.0 4d 4d 4d
dco-signoff: no
size/M
needs-ok-to-test
contributor-last
recv
recv-q
unreviewed
270 Add ability to pass in extra pod labels/annotations
2mo 7wk 2mo
dco-signoff: yes
size/S
ok-to-test
needs-rebase
commented
contributor-last
recv
recv-q
unreviewed
202 Support adding pod annotations 1y 1mo 1y
dco-signoff: yes
size/XS
needs-ok-to-test
needs-rebase
contributor-last
recv
similar
unreviewed
231 add capability to set annotations on pod and deployment 3mo 1mo 3mo
dco-signoff: yes
size/S
needs-ok-to-test
needs-rebase
contributor-last
recv
unreviewed
229 feat: fix app label of metrics svc for ServiceMonitor discovery
2
1y 1mo 11mo
dco-signoff: yes
size/XS
needs-rebase
ok-to-test
commented
contributor-last
reviewed-with-comment
send
337 feat: add support for dual stack clusters 17d 17d 17d
dco-signoff: yes
needs-ok-to-test
size/S
contributor-last
recv
unreviewed
339 Bump the all group with 6 updates 1d 1d 1d
dco-signoff: yes
size/M
needs-ok-to-test
dependencies
go
contributor-last
recv
recv-q
similar
unreviewed
195 Make `Makefile`s reusable and automate release process 6mo 3wk
dco-signoff: yes
size/XXL
contributor-last
unreviewed
304 Add support for PodMonitor 1mo 5wk 1mo
dco-signoff: yes
size/L
needs-ok-to-test
contributor-last
recv
recv-q
unreviewed
319 refactor: simplify managed fields upgrade 6wk 6wk 6wk
dco-signoff: yes
size/L
do-not-merge/hold
do-not-merge/work-in-progress
contributor-last
draft
recv
unreviewed
214 Add helm values for annotations 5mo 5mo 5mo
dco-signoff: yes
ok-to-test
size/S
needs-rebase
changes-requested
commented
contributor-last
send
157 Add support for generating certificates with helm 8mo 6mo 8mo
dco-signoff: yes
approved
size/M
needs-rebase
commented
contributor-last
unreviewed
237 Bump the all group with 7 updates 1d 7h 1d
dco-signoff: yes
size/M
needs-ok-to-test
dependencies
go
contributor-last
recv
recv-q
similar
unreviewed
234 Bump github.com/sigstore/cosign/v2 from 2.2.3 to 2.2.4 in /make/_shared/oci-build/image_tool in the go_modules group across 1 directory 8d 3d 8d
dco-signoff: yes
size/M
needs-rebase
needs-ok-to-test
dependencies
go
contributor-last
recv
recv-q
unreviewed
228 Add attribute support for certificate subject 3wk 3wk 3wk
dco-signoff: yes
size/L
needs-ok-to-test
contributor-last
recv
unreviewed
129 Add attribute support for certificate subject
1y 3wk 7mo
dco-signoff: yes
size/L
needs-rebase
ok-to-test
commented
contributor-last
reviewed-with-comment
send
135 Added options to all containers 1y 3mo 1y
dco-signoff: yes
size/L
needs-rebase
ok-to-test
commented
contributor-last
send
unreviewed
107 Remove csi-driver-spiffe approver 4wk 3wk
size/XXL
dco-signoff: no
do-not-merge/work-in-progress
needs-rebase
contributor-last
draft
unreviewed
117 Bump the all group with 6 updates 1d 22h 1d
dco-signoff: yes
size/M
needs-ok-to-test
dependencies
go
contributor-last
recv
recv-q
similar
unreviewed
50 Added tolerations,nodeSelector,affinity,topologySpreadConstraints 5mo 5wk 5wk
size/M
dco-signoff: no
needs-rebase
ok-to-test
commented
member-last
send
unreviewed
55 Draft: Use Certificates instead of CertificateRequests
2mo 6wk 6wk
dco-signoff: yes
size/L
commented
contributor-last
recv
unreviewed
52 Bump golang.org/x/crypto from 0.14.0 to 0.17.0 4mo 2mo 2mo
dco-signoff: yes
dependencies
size/S
commented
contributor-last
send
unreviewed
40 Make it possible to install openshift-routes in a different namespace than "cert-manager" 7mo 6mo
dco-signoff: no
do-not-merge/work-in-progress
size/L
needs-rebase
contributor-last
draft
unreviewed
57 Bump google.golang.org/protobuf from 1.30.0 to 1.33.0 5wk 5wk 5wk
dco-signoff: yes
size/XS
dependencies
contributor-last
recv
unreviewed
28 Include Pod UID on CertificateRequest resources
2y 4wk 2mo
good first issue
help wanted
dco-signoff: yes
do-not-merge/hold
approved
size/XS
ok-to-test
assigned
author-last
commented
recv
unreviewed
34 WIP: E2E testing boilerplate
2y 1y 2y
size/XXL
dco-signoff: yes
do-not-merge/hold
approved
do-not-merge/work-in-progress
needs-rebase
commented
contributor-last
new-commits
recv
recv-q
42 Switch sample-external-issuer to issuer-lib 8mo 6mo
do-not-merge/work-in-progress
dco-signoff: yes
size/XXL
needs-rebase
contributor-last
draft
unreviewed

Open Issues (405)

Resolution:

Average age: 535.4d, Avg wait: 194.5d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6948 Securing Gateway in GKE is failing 2h 2h 2h
recv
6884 Not able to generate .p12 certificates by cert-manager 18d 5h 18d
kind/bug
recv
recv-q
similar
6883 Akamai Edge DNS - Support for "Account Switch Key" in DNS01 SolverΒ  19d 19d 19d
kind/feature
recv
6882 How About Graduating the Gateway API Support to GA?
2
2
3wk 8d 8d
kind/feature
commented
member-last
send
6880 configure cert-manager ClusterIssuer/Issuer in k8s cluster with CA certificate stored in Azure Key Vault 3wk 3wk 3wk
kind/feature
recv
6877 The order remains in the invalid state 3wk 3wk 3wk
kind/bug
author-last
recv
6890 Allow client-side rate-limiting to be disabled 14d 14d
kind/feature
6903 Adding custom annotation to cm ingress resources
8d 8d 8d
kind/feature
recv
6874 DNS-01: "propagation check failed" err="NS ns-0.awsdns-00.com.:53 returned REFUSED for _acme-challenge.stage-keycloak.xxxx.com." logger="cert-manager.challenges" resource_name="stage-keycloak.xxxx-1647614373" resource_namespace="keycloak" resource_kind="Challenge" resource_version="v1" dnsName="stage-keycloak.xxxx.xxxx.com" 4wk 4wk 4wk
kind/bug
recv
6867 Only a few cert-manager metrics are available 4wk 4wk 4wk
kind/bug
commented
member-last
send
similar
6862 cert-manager/certificates-issuing: re-queuing item due to optimistic locking on resource" 5wk 5wk 5wk
kind/bug
commented
member-last
send
6851 Unnecesary empty apiGroup on HelmChart
5wk 3wk 3wk
kind/feature
author-last
commented
recv
6850 Allow secretless authentication in clusterissuer 5wk 5wk 5wk
kind/feature
recv
similar
6838 Add secretTemplate to Certificate resources created by ingress-shim
3
6wk 5wk 5wk
kind/feature
commented
member-last
pr-merged
send
6907 clusterlint claims that webhook timeoutSeconds of 30 is too high
7d 5d 5d
author-last
commented
recv
6837 Duplicate CertificateRequests for next revision require manual intervention
3
6wk 6wk 6wk
kind/bug
recv
6818 Multi-replica leader election tests 6wk 6wk 6wk
kind/feature
commented
member-last
send
6817 Add tests for our API defaults
6wk 6wk
kind/feature
pr-merged
6815 Certificate secrets are not recreated when critical fields change 7wk 7wk 7wk
kind/bug
recv
6805 Ingress routes for challenges created with pathType: ImplementationSpecific not working with Cilium 7wk 7wk 7wk
kind/bug
recv
6804 failed to change Route 53 record set: RequestError: send request failed. remote error: tls: handshake failure 7wk 7wk 7wk
kind/bug
recv
6799 ACME challenges stopped working after 1.13/1.14 update
2mo 6wk 7wk
author-last
commented
recv
6794 CI may not be running make verify-crds 2mo 2mo
kind/bug
6787 Cert-manager with Cluster API to integrated trusted certificates 2mo 2mo 2mo
recv
6786 How to install a FIPS compliant Linux Foundation cert-manager. Which versions are available ?
2mo 1mo 1mo
commented
recv-q
send
6898 Venafi Certificate Valid Date 11d 11d 11d
kind/feature
recv
6777 CertificateRequest ready status metric 2mo 2mo 2mo
kind/feature
recv
similar
6783 Add support for passwordless pkcs12 keystore
6
14
2mo 5h 2mo
kind/feature
pr-reviewed-with-comment
recv
6762 cert-manager http01 challenge doesnt work out of the box in k3s cluster with traefik. Pod is forever progressing. Error 503 when accessing http01 pod 2mo 4wk 2mo
kind/bug
recv
6758 Helm should fail if cert fails 2mo 2mo 2mo
commented
member-last
send
6765 feature: Promote ExperimentalGatewayAPISupport feature to GA 2mo 2mo 2mo
kind/feature
recv
6754 Schedule certificate renewal outside business hours 2mo 2mo 2mo
kind/feature
recv
6753 reflector.go: nable to sync list result: internal error: cannot cast object DeletedFinalStateUnknown
4
2mo 2mo 2mo
kind/bug
author-last
recv
recv-q
6752 Support LocalSubjectAccessReview if namespace option is non-empty
2mo 2mo 2mo
kind/feature
pr-merged
recv
6741 ACME account private key and URI are not updated if the path of the ACME server is changed
5
2mo 2mo 2mo
kind/bug
recv
6721 cmctl check api should fail unless the webhook is configured 2mo 2mo 2mo
kind/bug
commented
member-last
send
6720 cmctl check api -v stopped logging continuous updates 2mo 2mo
kind/bug
6716 leader election namespace should default to `.Release.Namespace`, not `kube-system`
8
2mo 11d 2mo
kind/bug
triage/not-reproducible
commented
pr-unreviewed
send
similar
6714 mismatched between certificate and secret can DOS Kubernetes 2mo 2mo 2mo
kind/bug
commented
member-last
send
6709 1.14 Release Review
3
2mo 2mo 2mo
commented
member-last
send
6707 Check multiple nameservers for self check validation if self check status not 200 2mo 2mo 2mo
kind/feature
recv
6691 Release name is not getting matched with label when using argocd to deploy the helm chart 2mo 2mo 2mo
kind/feature
recv
6673 Missing RBAC permissions for kubernetes serviceaccount against Vault issuer.
2mo 2mo 2mo
kind/bug
recv
6665 Can we add default values in API Reference for cert-manager objects? 2mo 2mo 2mo
recv
6664 Secret doesnt change when I change issuer 2mo 2mo 2mo
recv
6662 support overriding of ttl in cloudflare 3mo 13h 3mo
kind/feature
lifecycle/stale
recv
6653 configuration options for certificate chain 3mo 5d 3mo
kind/feature
lifecycle/stale
recv
similar
6652 Support for GCP Multi Cluster Gateway and HTTP01
3mo 6d 3mo
kind/feature
lifecycle/stale
recv
6651 ingressClassName incompatible with http01-ingress-class annotation 3mo 13d 3mo
kind/bug
recv
recv-q
similar
6649 Gateway API CRDs exist, yet getting "the Gateway API CRDs do not seem to be present, but ExperimentalGatewayAPISupport is set to true. Please install the gateway-api CRDs" error message.
6
3mo 7wk 3mo
kind/bug
recv
recv-q
6640 Intermittient DNS problem: networking error looking up CAA for xxx 3mo 9d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
6633 Error from server: request to convert CR from an invalid group/version: cert-manager.io/v1alpha2 3mo 11d 3mo
lifecycle/stale
collaborator-last
recv
6632 Vault Issuer: The CA full chain is not included into the ca.crt
3mo 2mo 3mo
kind/bug
commented
recv
recv-q
6625 Terraform helm provider Chart.yaml file missing 3mo 12d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
6624 cainjector not creating/updating Secrets after root CA rotation
5
3mo 13d 3mo
kind/bug
recv
6622 `make update-licenses` is non-deterministic. 3mo 15d
kind/bug
lifecycle/stale
collaborator-last
6616 Certificate Issue in Bare metal server - http01 3mo 16d 3mo
lifecycle/stale
collaborator-last
recv
6615 HTTP01 Config Map Challenge Flow
2
3mo 17d 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
6602 Cert manager not retrying after initial issuance is failed 3mo 19d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
6594 Waiting for DNS-01 challenge propagation: DNS record for 'hmccloud.com' not yet propagated.
3mo 2wk 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
similar
6580 Warn users not to use insecure TSIG algorithms when using DNS UPDATE and ACME DNS01
3mo 3wk
lifecycle/stale
collaborator-last
pr-merged
6569 Add documentation for istio-csr and ingress with istio 4mo 2d 4mo
kind/feature
lifecycle/rotten
recv
similar
6564 Make Service Port and Webhook Service Port Configurable in Helm Chart 4mo 5d 4mo
kind/feature
lifecycle/rotten
recv
6554 Intermediate certificate is not updated in child certificates
3
4mo 5wk 4mo
kind/bug
author-last
recv
6553 Update Certificate API definition on key length 4mo 12d 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
6550 PCA Root PEM + Chain added to cert manager results in duplicate/repeated root CA in chain. 4mo 3d 4mo
lifecycle/rotten
recv
6541 keyUsage extension may be empty 4mo 1d 4mo
kind/bug
author-last
recv
6536 challenge stuck in pending state - certifcate never gets ready
4mo 3wk 4mo
kind/bug
lifecycle/stale
collaborator-last
recv
recv-q
6528 Unable to create certificates for domains mentioned in Selector DNS zones
4mo 7wk 4mo
kind/bug
recv
6527 Support for "UID" RDN in X509 Subject
4
4mo 3wk 4mo
kind/feature
recv
recv-q
6526 [question] about images in gcr.io/distroless 4mo 2wk 4mo
lifecycle/rotten
collaborator-last
recv
6524 Issuer for Gateway uses the hostname only rather than the httproutes 4mo 19d 4mo
kind/bug
lifecycle/rotten
recv
6523 Allow algorithm selection for keystore "passwords"
4mo 3wk
kind/feature
lifecycle/rotten
collaborator-last
pr-merged
6522 Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook code 503: 503 Service Unavailable 4mo 3wk 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
similar
6521 Add an `approveSignerNames` install option 4mo 3wk
kind/feature
lifecycle/rotten
collaborator-last
6520 Creating multiple Certificates with duplicate dnsNames (Issuing certificate as Secret does not exist) 4mo 3wk 4mo
kind/bug
lifecycle/rotten
recv
recv-q
6518 Can't verify image signature 4mo 3wk 4mo
kind/bug
lifecycle/rotten
collaborator-last
commented
send
6511 Checklist for next backport release
5mo 3wk
kind/cleanup
lifecycle/rotten
collaborator-last
pr-closed
6510 DNS-01 challenge propagation | NS ns-512.awsdns-00.net.:53 returned REFUSED for _acme-challenge ....
2
5mo 6h 5mo
kind/bug
lifecycle/stale
commented
recv
6505 Overly strict subject requirements 5mo 4wk 4wk
kind/bug
commented
member-last
6502 Can the duration of the server cert that is generated for the webhook be set?
5mo 11d 5mo
kind/feature
lifecycle/rotten
collaborator-last
recv
6489 Add support for custom-fields into the ingress annotations
2
5mo 5d 5mo
kind/feature
lifecycle/rotten
contributor-last
recv
recv-q
6473 Ingress labels copied to certificate, causing issues with applysets
2
5mo 2mo 5mo
kind/bug
author-last
pr-unreviewed
recv
6472 Create TLSA records automatically
5
5mo 2mo 5mo
kind/feature
recv
6470 ingress-shim: allow to impersonate ingress-creator instead of using cert-manager serviceaccount 5mo 2mo 5mo
kind/feature
author-last
recv
6464 Requeing due to optimistic locking and slow retry
5
5mo 5wk 5mo
kind/bug
recv
recv-q
6457 Error from server (InternalError): Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": No agent available 5mo 11d 5mo
lifecycle/stale
collaborator-last
commented
send
similar
6422 Allow for Configuration of ValidatingWebhook in Helm 6mo 7d 6mo
kind/feature
lifecycle/rotten
recv
recv-q
similar
6820 Ongoing dependency evaluation
6wk 6wk 6wk
recv
6413 RFC2136 challenge update queries fail silently if target nameserver listens on UDP but forces re-querying over TCP
6mo 6wk 6wk
good first issue
kind/bug
assigned
assignee-updated
commented
member-last
send
6382 Conditional sub-expression always evaluates to _true_
6mo 15d 15d
commented
member-last
send
6378 Renewal fails during aws-privateca-issuer downtime, continues to fail after issuer returns to service
11
6mo 18d 6mo
kind/bug
lifecycle/stale
recv
6356 Graduate AdditionalCertificateOutputFormats feature gate
3
7mo 15d 15d
kind/feature
commented
member-last
send
6353 Docs: Wrong example Code for creating Issuers 7mo 3d 4mo
kind/bug
lifecycle/rotten
commented
send
6331 CSR not signed by referenced private key
3
7mo 1mo 1mo
commented
member-last
send
6312 Report issuer/clusterissuer status as a metric
7
7mo 2mo 7mo
kind/feature
author-last
recv
6897 Not able to set the default ingressClassName when user creates issuer using class tag. 11d 1d 1d
kind/bug
author-last
commented
pr-closed
pr-unreviewed
recv
6308 Route53 challenges not regulating failed requests with exponential backoffs
6
7mo 5d 7mo
recv
recv-q
6246 Write documentation for the new DNS-over-HTTPS feature 8mo 10d 4mo
kind/documentation
lifecycle/rotten
collaborator-last
commented
send
6230 cert-manager DDoSes DNS-01 solver - infinite rate limiting
9mo 2mo 9mo
kind/bug
area/acme/dns01
recv
recv-q
6229 Race condition when two identical certificate requests are made from different clusters
6
9mo 16d 9mo
help wanted
kind/bug
priority/important-longterm
area/acme/dns01
commented
pr-unreviewed
recv-q
send
6215 The default `Cluster Resource Namespace` is `kube-system`, not `cert-manager` 9mo 2mo 2mo
kind/bug
collaborator-last
commented
send
similar
6212 Default duration field in cmctl check api
9mo 2mo 2mo
kind/feature
commented
member-last
pr-merged
send
6210 Flag to write/sync secrets to a namespace other than the namespace where the Certificate object is created
4
9mo 2mo 2mo
kind/feature
commented
member-last
send
6197 Securing Gateway resources with non HTTPS listeners generate BadConfig events
27
9mo 13d 9mo
kind/bug
pr-merged
recv
recv-q
6195 logLevel information in logs
9mo 2mo 2mo
kind/bug
commented
member-last
send
6184 Conflicting ingressClassName http01 issuer spec and acme.cert-manager.io/http01-ingress-class annotation
6
10mo 5wk 10mo
kind/bug
recv
recv-q
similar
6269 Allow hardcoded JKS and PKCS#12 passwords
4
8mo 4h 7mo
good first issue
kind/feature
lifecycle/stale
commented
pr-reviewed-with-comment
recv-q
6418 `revisionHistoryLimit` default of `nil` should be changed to ...
5
6mo 11d 11d
kind/feature
commented
member-last
pr-closed
6141 Consider exposing previous certificates/keys in the kubernetes secret so that workloads can implement a grace period when a certificate rotates
3
10mo 7d 10mo
kind/feature
lifecycle/stale
collaborator-last
commented
recv
recv-q
6138 allow unencrypted private keys for PKCS12 output
4
10mo 4wk 10mo
kind/feature
lifecycle/stale
collaborator-last
recv
6179 CRDs shouldn't be templated in Helm...
4
21
10mo 6wk 4mo
commented
recv-q
send
6117 Vault Issuer Read caBundle from ConfigMap
4
10mo 13d 3mo
area/api
kind/feature
area/vault
commented
contributor-last
recv
similar
6065 acme-http01-edit-in-place is ignored when edit ingress resource - has to be re-added
2
2
9
11mo 2mo 11mo
kind/bug
pr-unreviewed
recv
recv-q
6021 Make it possible to specify logging options for the ACME solver 11mo 2mo 2mo
kind/feature
commented
member-last
5959 `ImagePullBackoff` on `cm-acme-http-solver` pod, if using private registries
12
1y 6d 5mo
lifecycle/frozen
kind/bug
commented
send
5917 Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated
15
1y 6wk 1y
kind/bug
assigned
assignee-updated
commented
recv
recv-q
similar
5904 Support Azure Private DNS Zones for DNS Challenge
2
7
1y 14h 1y
kind/feature
lifecycle/rotten
recv
recv-q
5900 [FR] Allow the Chart to create extra manifest
7
1y 18d 4mo
kind/feature
commented
pr-changes-requested
send
5882 Duplicate events
1y 8d 3mo
kind/bug
lifecycle/stale
assigned
assignee-updated
collaborator-last
commented
6132 Checklist: CNCF Graduation
10mo 1d 1d
lifecycle/frozen
lifecycle/rotten
commented
member-last
pr-unreviewed
5864 Certmgr allows creating certificates expiring after ca expiration.
4
1y 2mo 1y
kind/bug
author-last
recv
6756 When deleting a certificate resource, delete its certificate requests as well 2mo 2mo 2mo
kind/feature
recv
similar
5821 Allow renewBefore to be a percentage 1y 5d 1y
kind/feature
lifecycle/rotten
contributor-last
recv
recv-q
5851 CA cert in Secret not updated when self-signed CA itself gets renewed.
18
1y 6wk 8mo
kind/bug
commented
recv-q
send
5783 Add k8s.io/client-go/applyconfigurations style *ApplyConfigurations for the included CRDs
1y 2mo 1y
kind/feature
author-last
commented
pr-closed
recv
5772 Develop new Helm chart for cert-manager CRD manifests
1y 7wk 7wk
kind/feature
commented
member-last
send
5751 Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together
1y 19d 1y
kind/bug
recv
recv-q
5697 Support PodSecurityAdmission
6
1y 3wk 1y
kind/feature
recv
recv-q
6150 (Cluster)Issuer with vault auth and serviceAccountRef is not accepted by cluster due to audience
3
13
10mo 2mo 7mo
commented
contributor-last
pr-unreviewed
recv
recv-q
5626 Helm: Allow configuration of readiness, liveness and startup probes for all created Pods
1y 7d 4mo
kind/feature
lifecycle/rotten
commented
pr-closed
send
5557 error instantiating route53 challenge solver: unable to assume role: AccessDenied:
2
10
1y 4wk 1y
kind/bug
lifecycle/rotten
collaborator-last
recv
recv-q
similar
5540 Changelog annotations to chart 2y 2d 2y
kind/feature
author-last
recv
5538 Unable to set IPv6 podDNS config from values 2y 14d 2y
kind/bug
recv
recv-q
5566 upload Helm charts to OCI registry and sign them with cosign
11
1y 2mo 2mo
kind/feature
commented
send
5514 Venafi Issuer Read `caBundle` from Configmap or Secret
4
10
2y 2mo 2mo
good first issue
kind/feature
assigned
assignee-updated
commented
member-last
pr-closed
pr-new-commits
similar
5785 Store OCSP response in kubernetes secret
5
1y 20h 5mo
kind/feature
commented
contributor-last
pr-closed
pr-unreviewed
send
5430 Improving DNS-01 challenge performance
4
2y 18d 2y
kind/feature
lifecycle/stale
collaborator-last
pr-closed
pr-unreviewed
recv
5298 Complete the Migration Away From Jetstack Names 2y 13d 3mo
kind/cleanup
lifecycle/stale
collaborator-last
commented
5048 certificate not renewed for ingress with multiple hosts and http01-edit-in-place
4
2y 4wk 2y
kind/bug
priority/backlog
author-last
commented
recv
recv-q
5066 Threat model for cert-manager
2
2y 1mo 1y
kind/feature
priority/backlog
commented
4797 Automatically renew certificates if OCSP indicates that it was revoked
17
2y 4wk 2y
kind/feature
area/acme
author-last
commented
recv
recv-q
4749 rfc2136 seems to not work with deep subdomains 2y 2mo 2y
kind/bug
area/acme/dns01
commented
recv
recv-q
4685 Unexpected EOF during watch stream event decoding: unexpected EOF -- possibly due to api server upgrades / restarts
10
2y 2mo 2mo
lifecycle/frozen
kind/bug
commented
member-last
send
5486 Aggressive Retries from "error instantiating route53 challenge solver"
4
2y 2mo 2y
kind/bug
recv
recv-q
similar
4620 Vault Issuer does not retry signing CertificateRequests if the status is pending
12
2y 2mo 2mo
kind/bug
priority/important-longterm
area/vault
commented
member-last
send
4349 allowing greater configuration for the cloud provider tests
2y 2y 2y
lifecycle/frozen
kind/feature
collaborator-last
commented
send
4191 Setting default values for Pod's "resources"?
6
2y 3wk 3mo
lifecycle/stale
collaborator-last
commented
4423 Cert renewal loop
4
2y 5wk 5wk
kind/bug
commented
member-last
send
4061 Permission denied errors on AWS cause R53 DDoS
2
2y 2mo 2mo
kind/bug
priority/important-soon
area/acme/dns01
commented
member-last
send
3992 Add non-CRD yaml file
4
2y 2mo 5mo
priority/important-soon
area/deploy
author-last
commented
recv
3958 Sane defaults for Certificate revision history limit
2
13
3y 2mo 2mo
kind/feature
commented
member-last
send
similar
3896 Cert Manager failing to renew certificate
18
3y 7wk 2y
kind/bug
area/acme/dns01
commented
recv-q
send
similar
5867 Controller can't handle hitting request rate limits of zerossl ACME API
5
12
23
1y 5mo 5mo
lifecycle/frozen
kind/bug
commented
member-last
pr-closed
pr-merged
send
3655 Specify Name Constraints in CA Certificate
52
3y 6wk 5mo
kind/feature
priority/backlog
commented
pr-unreviewed
send
3640 Challenge Records Not Always Cleaned Up
3y 2mo 6mo
kind/bug
priority/important-longterm
area/acme
commented
open-milestone
pr-merged
pr-unreviewed
recv-q
6876 Possibility to provide full chain with self-issuer CA 4wk 4wk 4wk
recv
3521 Integration with ExternalDNS
4
36
3y 1y 2y
help wanted
lifecycle/frozen
kind/feature
priority/important-longterm
commented
recv-q
send
3298 Let's encrypt certificate caching to mitigate rate limits problems
2
3
15
3y 4d 1mo
help wanted
kind/feature
priority/backlog
commented
send
3103 Adding probes to the cert-manager pods
9
3y 4wk 7mo
good first issue
help wanted
kind/feature
priority/important-longterm
area/deploy
commented
send
2930 Mirror to gcr.io or dockerhub
27
3y 4wk 4mo
kind/feature
priority/important-soon
area/deploy
assigned
assignee-updated
commented
send
2722 Inject CA certificate into Secrets with cainjector
23
4y 7wk 2y
kind/feature
priority/awaiting-more-evidence
commented
recv-q
send
3381 Setup separate package for cert-manager API
5
3y 5wk 8mo
kind/feature
priority/important-soon
assigned
assignee-updated
commented
contributor-last
send
2538 cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer
72
4y 12d 5mo
area/api
help wanted
lifecycle/frozen
kind/feature
priority/backlog
commented
send
similar
6848 Vault JWT Auth support undocumented? 6wk 6wk 6wk
kind/feature
recv
2478 Allow CA issuer secret rotation
62
4y 7wk 4y
kind/feature
priority/important-longterm
area/ca
commented
recv-q
send
similar
2525 Better support multi-namespace & single-namespace deployments
25
4y 5wk 2mo
kind/feature
priority/important-longterm
area/deploy
commented
open-milestone
pr-closed
send
2178 Handling 'unregistering' certificates from Venafi TPP
21
4y 4wk 4wk
lifecycle/frozen
kind/feature
priority/important-longterm
area/venafi
assigned
assignee-updated
commented
member-last
send
4950 General flakiness of our end-to-end suite
3
2y 2y 2y
lifecycle/frozen
kind/flake
commented
member-last
pr-closed
pr-merged
send
1888 Certificate not matching private key when creating multiple ingress resources
15
4y 14d 4mo
good first issue
help wanted
kind/bug
priority/important-soon
area/acme
lifecycle/rotten
collaborator-last
commented
pr-unreviewed
recv-q
send
3748 Cert-manager causes API server panic on clusters with more than 20000 secrets.
14
3y 2mo 5mo
kind/bug
triage/needs-information
commented
contributor-last
open-milestone
pr-merged
send
1571 Add ca.crt to TLS secret generated by ACME issuers
2
16
75
5y 18d 5mo
help wanted
kind/feature
priority/backlog
area/acme
commented
pr-merged
send
4033 Automated updates of base images
2y 2mo 2mo
kind/feature
priority/important-soon
collaborator-last
commented
pr-merged
1292 Allowing skipping HTTP01 and DNS01 self-check on a per-solver basis
15
194
5y 2mo 2y
area/api
help wanted
kind/feature
priority/important-longterm
area/acme
commented
pr-closed
recv-q
send
1168 docs: Add info about client side certificate rotation best practices.
23
5y 4y 4y
help wanted
lifecycle/frozen
kind/documentation
priority/backlog
collaborator-last
commented
pr-closed
send
2334 Add network policy allowance into documentation
22
4y 2mo 5mo
good first issue
help wanted
kind/documentation
priority/backlog
area/deploy
commented
pr-merged
send
2239 Create a CertificatePreset resource type to allow configurable defaulting
2
91
4y 6wk 2mo
area/api
kind/feature
priority/backlog
priority/important-soon
commented
contributor-last
pr-closed
pr-reviewed-with-comment
pr-unreviewed
send
1457 change the Venafi URL for cert-manager support 18d 4d 18d
author-last
recv
1262 v1.9 to v1.10 upgrade instructions does not mention container name change
9mo 2mo 2mo
assigned
assignee-updated
commented
member-last
1388 Create a section for sane `Certificate` defaults
3mo 3mo
similar
1261 Switch to Docusaurus? 9mo 9mo
1241 Remove Bitnami kubeprod as installation method 10mo 10mo 10mo
recv
1194 Confusing paragraph - cert-manager integration. 1y 9mo 9mo
documentation
commented
member-last
send
1186 Document that/why we don't use Helm's CRD installation mechanism 1y 9mo 9mo
good first issue
kind/documentation
assigned
assignee-updated
commented
member-last
send
1255 helm install cert-manager with errors 10mo 9mo 9mo
commented
member-last
send
1174 Document the docker images and how to find them
1y 1y 1y
good first issue
priority/important-soon
kind/documentation
commented
member-last
send
1168 Rendering issues for generated API docs
1y 1y 1y
commented
member-last
pr-merged
1257 ErrRegisterACMEAccount 10mo 10mo 10mo
recv
1101 Feature request for updating documentation. 1y 1y 1y
recv
similar
1125 Describe cert-manager feature policy 1y 1y 1y
contributor-last
recv
recv-q
1061 Document onboarding process for new maintainers 2y 2y 2y
recv
similar
1054 Run spell checker in a pre-commit hook 2y 2y 2y
good first issue
kind/cleanup
recv
998