generic Weekly Triage :: Triage Party

queue to be emptied once a week in a team triage meeting

Important soon, but no updates in 60 days (4)

Resolution: Downgrade to important-longterm

Average age: 816.5d, Avg wait: 0.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5074		Race condition between issuers, certificates, and secrets			1y	8mo	1y		lifecycle/frozen kind/bug priority/important-soon	commented member-last pr-closed send
1174		Document the docker images and how to find them			8mo	7mo	7mo		good first issue priority/important-soon kind/documentation	commented member-last send
195		Document keystores			3y	7mo	3y		priority/important-soon kind/documentation	commented contributor-last send
174		Add documentation for CRD conversion webhook ca injection			3y	3y	3y		help wanted priority/important-soon kind/documentation	commented member-last send

Important longterm, but no updates in 120 days (6)

Resolution: Downgrade to backlog

Average age: 1015.5d, Avg wait: 37.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
3521		Integration with ExternalDNS		4 31	2y	7mo	1y		help wanted lifecycle/frozen kind/feature priority/important-longterm	commented recv-q send
850		Document available cert-manager Prometheus metrics Similar: #136: Document available metrics (open)			2y	7mo	2y		documentation good first issue priority/important-longterm	recv recv-q similar
551		Documentation on how to handle large-scale certificate management & best practices		2	2y	7mo	7mo		help wanted priority/important-longterm kind/documentation	commented member-last send
401		Bring tutorials up to date			2y	7mo	7mo		priority/important-longterm	commented member-last send
223		Document wildcard certificate tutorial			3y	3y	3y		priority/important-longterm kind/documentation	commented contributor-last send
56		Route53: document use of "region" field			3y	7mo	7mo		documentation priority/important-longterm	commented contributor-last send

many reactions, low priority (16)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 259.5d, Avg wait: 72.7d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6179		CRDs shouldn't be templated in Helm...		12	3mo	3wk	7wk			commented send
6150		(Cluster)Issuer with vault auth and serviceAccountRef is not accepted by cluster due to audience Similar: #5585: ClusterIssuer cannot read the ServiceAccount token secret (closed)		2 7	3mo	1d	2d			author-last commented open-milestone pr-unreviewed recv recv-q similar
6065		acme-http01-edit-in-place is ignored when edit ingress resource - has to be re-added		5	4mo	11d	4mo		kind/bug	recv recv-q
5516		Forbidden: seccomp may not be set pod.metadata.annotations		3 13	11mo	12h	11mo		kind/bug lifecycle/stale	collaborator-last recv
5515		stuck on propagation check failed DNS record not yet propagated Similar: #5917: Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated (open) Similar: #5042: propagation check failed: DNS record for xxx not yet propagated (closed)		12	11mo	3wk	11mo		kind/bug lifecycle/rotten	recv similar
5514		Venafi Issuer Read `caBundle` from Configmap or Secret PR#6228: Issue 5514 read cabundle from kube objects - design doc new-commits Similar: #6117: Vault Issuer Read caBundle from ConfigMap (open)		4 8	11mo	3wk	2mo		good first issue kind/feature	assigned assignee-updated commented pr-new-commits similar
2538		cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer Similar: #6184: Conflicting ingressClassName http01 issuer spec and acme.cert-manager.io/http01-ingress-class annotation (open)		61	3y	2mo	2y		area/api kind/feature priority/backlog	commented recv recv-q similar
5867		Controller can't handle hitting request rate limits of zerossl ACME API Similar: #6106: Controller can't handle hitting request rate limits when is registering the issuer (open)		2 10 19	6mo	2mo	5mo		kind/bug	commented pr-closed pr-merged recv-q send similar
583		cert-manager with ZeroSSL Similar: #5921: cert-manager issue.. SSL is on and off (closed)		44	2y	1y	1y			commented send similar
1279		docs: Certificate Defaults Tutorial		7	3wk	1d	1d		dco-signoff: yes size/XL needs-rebase	commented member-last reviewed-with-comment
256		CEL expressions approver design		6	2mo	4d	5d		dco-signoff: yes approved needs-ok-to-test size/XL do-not-merge/hold	commented contributor-last new-commits recv
144		Add CertificateRequest as a source Similar: #561: Certificate Resources (open) Similar: #119: Certificate is re-requested when container restarts (open) Similar: #6342: CertificateRequest name collisions in v1.13.0 (closed)		7	3mo	1mo	1mo			commented contributor-last pr-merged recv similar
155		de-duplicate CA from the trust bundle PR#184: Add certificates deduplication feature commented			1mo	2d	2d		kind/feature good first issue	assigned assignee-updated commented member-last pr-reviewed-with-comment send
184		Add certificates deduplication feature		5	4d	1d	2d		dco-signoff: yes size/L ok-to-test	author-last commented recv recv-q reviewed-with-comment
28		add support for ecdsa keys		4	3mo	9d	12d		dco-signoff: yes size/XXL	commented contributor-last new-commits recv
51		add pending request cache to allow for resuming in-flight requests that take longer than a single issuance cycle		6	3wk	14d	3wk		dco-signoff: yes size/L	changes-requested commented contributor-last recv-q

many commenters, low priority (7)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 79.8d, Avg wait: 2.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6269		Allow hardcoded JKS passwords			6wk	2d	2d		kind/feature	commented
6150		(Cluster)Issuer with vault auth and serviceAccountRef is not accepted by cluster due to audience Similar: #5585: ClusterIssuer cannot read the ServiceAccount token secret (closed)		2 7	3mo	1d	2d			author-last commented open-milestone pr-unreviewed recv recv-q similar
6286		Remove dependencies on hashicorp libraries after the recent license change		3	5wk	4wk	4wk		triage/support	commented member-last send
5867		Controller can't handle hitting request rate limits of zerossl ACME API Similar: #6106: Controller can't handle hitting request rate limits when is registering the issuer (open)		2 10 19	6mo	2mo	5mo		kind/bug	commented pr-closed pr-merged recv-q send similar
6228		Issue 5514 read cabundle from kube objects - design doc		3	2mo	2d	7d		size/L release-note-none kind/design needs-ok-to-test dco-signoff: no	assigned assignee-updated author-last commented new-commits open-milestone recv recv-q
157		Add support for generating certificates with helm			7wk	3d	6wk		dco-signoff: yes approved size/M	commented contributor-last unreviewed
156		Allow enabling hostNetwork mode in Helm chart			7wk	5d	7wk		dco-signoff: yes size/XS lgtm ok-to-test	approved recv recv-q

Screaming into the void (1)

Resolution: Reopen, or ask folks to open a new issue

Average age: 549.5d, Avg wait: 538.2d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
4991		Successful challenge request, but no certificate		5	2y	16h	2y		kind/bug	closed commented recv recv-q

Needs information for over 2 weeks (3)

Resolution: Close or remove triage/needs-information label

Average age: 596.1d, Avg wait: 0.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6294		Helm chart deployment is failing on update to k8s 1.25			4wk	4wk	4wk		triage/needs-information	commented member-last send
3748		Cert-manager causes API server panic on clusters with more than 20000 secrets.		13	2y	7wk	2y		kind/bug triage/needs-information	commented pr-merged send
15		Allow data-root to be an absolute path			2y	7mo			kind/bug triage/needs-information	contributor-last

Support request over 30 days old: No matching items

Issues nearing expiration (23)

Resolution: Close or label as frozen

Average age: 284.9d, Avg wait: 62.1d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6113		Integrate with Istio multi-cluster certificate management			4mo	1d	4mo		kind/feature lifecycle/rotten	collaborator-last recv
6111		ACME Route53 dns01 resolver doesn't find private hosted zones when `hostedZoneID` is omitted			4mo	15h	4mo		lifecycle/rotten	collaborator-last recv
6096		Sporadic failures at the order lever with CAA errors			4mo	6d	4mo		kind/bug lifecycle/rotten	collaborator-last recv
6021		Make it possible to specify logging options for the ACME solver			4mo	3wk			kind/feature lifecycle/rotten	collaborator-last
6010		Support the ACME Renewal Information (ARI) extension			4mo	3wk	4mo		kind/feature lifecycle/rotten	collaborator-last commented recv
6007		support HA acme service with freeipa			4mo	4wk	4mo		kind/feature lifecycle/rotten	collaborator-last recv
6005		Venafi custom field ca-dn ignored			4mo	4wk	4mo		kind/bug lifecycle/rotten	collaborator-last recv
6004		Support TLS-ALPN-01 challenges		2	4mo	4wk	4mo		kind/feature lifecycle/rotten	collaborator-last recv
5987		Orders sent by cert-manager using a cluster-issuer with an EAB are not RFC8555 compliant \| Step-CA private ACME Server		14	5mo	3wk	5mo		kind/bug lifecycle/rotten	collaborator-last recv
5974		Issue with version upgrade causing multiple containers in deployment		6	5mo	2wk	5mo		kind/bug lifecycle/rotten	collaborator-last recv
5862		http01.ingress.class doesn't work		4	6mo	2wk	5mo		kind/bug lifecycle/rotten	collaborator-last commented recv-q send
5846		Failed to create certificate for my domain			6mo	3wk	6mo		triage/support lifecycle/rotten	collaborator-last commented recv-q send
5774		Add descriptions for container image repos			7mo	3wk	4mo		good first issue kind/documentation lifecycle/rotten	collaborator-last commented
5643		AdditionalOutputFormat is still in alpha			9mo	7d	6mo		kind/feature lifecycle/rotten	collaborator-last commented send
5515		stuck on propagation check failed DNS record not yet propagated Similar: #5917: Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated (open) Similar: #5042: propagation check failed: DNS record for xxx not yet propagated (closed)		12	11mo	3wk	11mo		kind/bug lifecycle/rotten	recv similar
5171		TPP Allowed Domains can cause valid certificate to error			1y	14d	8mo		kind/bug lifecycle/rotten area/venafi	collaborator-last commented
2380		Helm chart version is not SemVer-compatible		7	3y	1d	1d		kind/bug lifecycle/rotten	commented contributor-last send
6001		Improve verify-chart scripts & add helmchk			5mo	3d	5mo		release-note-none needs-rebase approved kind/cleanup size/M lifecycle/rotten dco-signoff: yes	collaborator-last commented new-commits
5446		Allow concurrent same-FQDN DNS-01 challenges when using route53 Similar: #6351: Handle multiple concurrent Azure DNS01 challenges for the same FQDN (open)			1y	3d	5mo		release-note size/M area/acme lifecycle/rotten dco-signoff: yes area/testing ok-to-test needs-kind	collaborator-last commented open-milestone reviewed-with-comment send similar
5356		Allow ECDSA for ACME client keys		2 4	1y	3d	4mo		size/L release-note needs-rebase area/api kind/feature area/acme lifecycle/rotten dco-signoff: yes area/testing ok-to-test area/deploy	collaborator-last commented reviewed-with-comment send
5373		Allow config of http01 solver pod security context		2	1y	3d	5mo		size/L release-note needs-rebase area/api kind/feature area/acme lifecycle/rotten dco-signoff: yes ok-to-test area/acme/http01 area/deploy	collaborator-last commented recv-q send unreviewed
6003		move pkg/issuer/acme/http/solver to cmd/acmesolver/solver			5mo	6d			release-note-none approved size/S kind/cleanup area/acme lifecycle/rotten dco-signoff: yes area/acme/http01	collaborator-last unreviewed
5324		Create 20220720-per-certificate-owner-ref.md Similar: #5158: Added certificate owner ref field (open)		6	1y	3wk	3wk		size/L release-note-none approved kind/design lifecycle/rotten dco-signoff: yes	commented member-last reviewed-with-comment similar

Pull requests: Approved and getting old (13)

Resolution:

Average age: 200.2d, Avg wait: 3.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6003		move pkg/issuer/acme/http/solver to cmd/acmesolver/solver			5mo	6d			release-note-none approved size/S kind/cleanup area/acme lifecycle/rotten dco-signoff: yes area/acme/http01	collaborator-last unreviewed
6103		Unify semver version logic			4mo	4wk			size/L release-note-none approved kind/cleanup dco-signoff: yes	collaborator-last open-milestone unreviewed
6120		add comments explaining the Sync function & small test bugfix			3mo	5wk	2mo		release-note-none approved lgtm size/S kind/cleanup dco-signoff: yes	assigned assignee-updated commented member-last open-milestone reviewed-with-comment
5324		Create 20220720-per-certificate-owner-ref.md Similar: #5158: Added certificate owner ref field (open)		6	1y	3wk	3wk		size/L release-note-none approved kind/design lifecycle/rotten dco-signoff: yes	commented member-last reviewed-with-comment similar
6277		ControllerConfiguration fuzzer, only set the value in case the random value is empty			6wk	5wk			size/L release-note-none approved area/api kind/cleanup dco-signoff: yes area/testing	collaborator-last unreviewed
6053		Make KeyUsage and BasicConstraints Critical extensions			4mo	6wk			release-note approved kind/bug size/M dco-signoff: yes	collaborator-last open-milestone unreviewed
1071		Improved the summary on the docs homepage		2	1y	4mo	4mo		approved dco-signoff: yes size/S	commented contributor-last reviewed-with-comment send
1199		Webhook troubleshooting: advise people to set `timeoutSeconds` to 30 seconds			6mo	6mo			approved dco-signoff: yes size/M	unreviewed
1197		doc about new option default-cleanup-policy			6mo	5mo	5mo		approved dco-signoff: yes size/M	commented member-last new-commits send
204		Add "inner workings" section to README.md			4mo	4mo	4mo		dco-signoff: yes approved size/XS	commented member-last unreviewed
116		feat: add support for additional pod annotations/labels Similar: #202: Support adding pod annotations (open) Similar: #29: Additional support for subject annotations (open)			7mo	10d	5wk		dco-signoff: yes approved ok-to-test size/S	assigned assignee-updated commented contributor-last recv similar unreviewed
98		Cert formats proposal			8mo	8mo			dco-signoff: yes approved size/L	contributor-last unreviewed
24		Document release process and update the versions of the GitHub Actions workflows			6mo	4mo			dco-signoff: yes size/M approved	contributor-last unreviewed

Pull Requests: Stale (83)

Resolution: Add comment and/or close PR

Average age: 236.4d, Avg wait: 39.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6248		feat: allow changing the default Deployment revisionHistoryLimit Similar: #6365: update revisionhistoryLimit for deployment (open)			1mo	5d	1mo		release-note size/S needs-ok-to-test dco-signoff: yes area/deploy needs-kind	collaborator-last recv similar unreviewed
6186		feat: Add OwnerReference to the secrets created by ACME ClusterIssuer and Issuer			3mo	6d	2mo		size/XS release-note-none needs-ok-to-test area/acme dco-signoff: yes needs-kind	commented send unreviewed
6028		Fix runtime.Scheme errors in tests			4mo	6d			size/L release-note-none kind/cleanup lifecycle/stale area/acme dco-signoff: yes area/testing	collaborator-last open-milestone unreviewed
6190		Adds ingress annotation support for alt-names Similar: #202: Support adding pod annotations (open) Similar: #29: Additional support for subject annotations (open)			3mo	6d	6d		release-note size/S needs-ok-to-test dco-signoff: yes area/testing needs-kind	commented member-last send similar unreviewed
6314		Upgrade go-licenses to the latest master version			3wk	15d	3wk		release-note-none needs-rebase approved kind/cleanup size/M area/acme dco-signoff: yes area/testing	collaborator-last commented unreviewed
5420		Add SkipTLSVerify option to Vault issuer		2	1y	18d	2mo		release-note size/S area/api needs-ok-to-test dco-signoff: no needs-kind	author-last commented new-commits recv recv-q
5743		Add MaxPathLen and add EncodeBasicConstraintsInRequest option to Certificate and CertificateRequest resources			8mo	3wk	6wk		release-note size/XL needs-rebase approved area/api kind/cleanup dco-signoff: yes area/testing ok-to-test area/deploy	collaborator-last commented new-commits open-milestone
6315		Upgrade go to 1.21			3wk	3wk			size/L release-note-none needs-rebase kind/cleanup area/acme dco-signoff: yes area/testing	collaborator-last unreviewed
5848		WIP: Design: core-issuers			6mo	4wk	3mo		release-note-none approved lgtm do-not-merge/work-in-progress do-not-merge/hold kind/design size/M dco-signoff: yes	collaborator-last commented reviewed-with-comment send
5383		Generate applyconfigurations and Apply functions			1y	4wk	7mo		release-note needs-rebase approved area/api do-not-merge/work-in-progress priority/important-longterm size/XXL dco-signoff: yes needs-kind	changes-requested collaborator-last commented draft
5447		Allow extra DNS-01 propagation time to be configured			1y	4wk	1y		release-note needs-rebase size/S area/acme dco-signoff: yes ok-to-test area/acme/dns01 needs-kind	collaborator-last commented open-milestone recv unreviewed
5567		Certificates: preventing CertificateRequest creation runaway			10mo	4wk	3mo		release-note needs-rebase approved area/api kind/feature size/XXL dco-signoff: yes area/testing area/deploy	assigned assignee-updated collaborator-last commented open-milestone reviewed-with-comment
6002		Move pkg/controller/cainjector to cmd/cainjector/controller			5mo	4wk	4mo		release-note-none needs-rebase approved size/S kind/cleanup dco-signoff: yes	collaborator-last commented unreviewed
6102		Move ctl utils to cmd/ctl			4mo	4wk			size/L release-note-none needs-rebase approved kind/cleanup dco-signoff: yes area/testing	collaborator-last unreviewed
6145		Improve Trigger, Readiness and PostIssuance Policy chains			3mo	4wk	3mo		size/L release-note-none approved do-not-merge/work-in-progress kind/cleanup dco-signoff: yes area/testing ok-to-test	collaborator-last commented draft unreviewed
6155		Add Certificate Hash			3mo	4wk			size/L release-note-none needs-rebase approved area/api do-not-merge/work-in-progress kind/feature dco-signoff: yes	collaborator-last draft unreviewed
5860		Fix helm loglevel parsing			6mo	5wk	4mo		size/XS release-note-none needs-ok-to-test dco-signoff: yes area/deploy needs-kind	commented member-last open-milestone reviewed-with-comment send
6266		fix(rbac): add patch verb on secrets to issuer clusterrole			6wk	6wk	6wk		size/XS release-note-none do-not-merge/hold dco-signoff: yes ok-to-test area/deploy needs-kind	approved commented member-last send
6124		Add design/20230601.gateway-route-hostnames.			3mo	6wk	3mo		size/L release-note-none kind/design needs-ok-to-test dco-signoff: yes	collaborator-last new-commits recv recv-q
6015		add imagePullSecrets clauses to deployments, jobs			4mo	7wk	7wk		release-note size/S kind/feature dco-signoff: yes ok-to-test area/deploy	collaborator-last commented send unreviewed
5701		feat: added custom endpoint override flag for http solver			8mo	1mo	8mo		release-note needs-rebase kind/feature needs-ok-to-test size/M area/acme dco-signoff: yes area/acme/http01	collaborator-last recv recv-q unreviewed
4330		Add client certificate auth method for Vault issuer Similar: #1202: Add section about client cert authentication for vault (open)		4	2y	6wk	6mo		release-note needs-rebase approved area/api kind/feature size/XXL area/acme area/vault dco-signoff: yes area/testing ok-to-test area/deploy	collaborator-last commented open-milestone recv recv-q reviewed-with-comment similar
6146		Add Venafi custom field support to cert-shim			3mo	2mo	2mo		release-note-none size/S do-not-merge/hold needs-ok-to-test dco-signoff: yes needs-kind	changes-requested commented member-last send
6122		Improve acmedns so that it honors followCname Setting			3mo	2mo	2mo		size/XS release-note area/acme dco-signoff: yes ok-to-test area/acme/dns01 needs-kind	commented member-last send unreviewed
6193		[feat] when helm set `installCRDs: true`. crds.yaml file must be pre-install and pre-upgrade			3mo	2mo	2mo		release-note size/S kind/feature needs-ok-to-test dco-signoff: yes area/deploy	commented member-last send unreviewed
1289		Add diagrams to explain all the "requesting certificates"/ "obtaining certificates" flows			2wk	6d			dco-signoff: yes size/XL	unreviewed
1291		Reorganise the usage section & move missing topics to this section			2wk	6d			dco-signoff: yes size/L	unreviewed
1260		WIP: Clearer top-level menu layout			2mo	3wk	2mo		approved dco-signoff: yes size/XL needs-rebase do-not-merge/work-in-progress	assigned assignee-updated commented contributor-last reviewed-with-comment send
1276		Release-process: sed command not compatible with BSD sed and other improvements			3wk	12d	12d		approved dco-signoff: yes lgtm do-not-merge/hold size/L	approved commented contributor-last
1253		Remove Bitnami kubeprod as installation method			3mo	3wk	3wk		dco-signoff: yes size/S	commented member-last reviewed-with-comment send
1283		Run "npm update"			3wk	3wk	3wk		approved dco-signoff: yes size/XXL do-not-merge/work-in-progress	commented draft unreviewed
790		Update route53.md			2y	3wk	3wk		dco-signoff: no size/XS needs-rebase needs-ok-to-test	changes-requested commented member-last send
1259		Fixed Azure Workload identity doc			2mo	2mo	2mo		dco-signoff: yes size/S	recv unreviewed
1249		Correct `kubectl operator install` for latest version of operator-sdk			3mo	3mo	3mo		size/XS dco-signoff: yes	changes-requested commented member-last send
1234		Correct the cmctl release generation flow			4mo	3mo	4mo		approved dco-signoff: yes needs-rebase size/S	contributor-last recv unreviewed
948		add note to ingress class definition			1y	4mo	4mo		dco-signoff: no size/XS needs-rebase needs-ok-to-test	assigned commented contributor-last send unreviewed
1075		Move Issuer / ClusterIssuer and Certificate resource content to a sub-folder of configuration/			1y	3mo			approved dco-signoff: yes size/L needs-rebase	changes-requested contributor-last
1213		Draft of tutorial for Google's Public CA			5mo	4mo	4mo		dco-signoff: yes size/L ok-to-test	commented member-last reviewed-with-comment send
1202		Add section about client cert authentication for vault Similar: #4330: Add client certificate auth method for Vault issuer (open)			6mo	5mo	5mo		dco-signoff: yes do-not-merge/work-in-progress size/M	commented contributor-last draft new-commits send similar
548		Move the "Approval API" documentation to /concepts/certificaterequest			2y	7mo	2y		approved dco-signoff: yes kind/cleanup size/XL needs-rebase	assigned assignee-updated changes-requested commented contributor-last send
859		Move the meetings and slack information to a separate page			2y	1y	1y		approved dco-signoff: yes needs-rebase size/M	changes-requested commented member-last send
701		Issuer with IRSA needs ambient credentials flag			2y	1y	2y		dco-signoff: no size/S ok-to-test	commented contributor-last new-commits send
528		Update "Setting Nameservers for DNS01 Self Check" example			2y	2y	2y		size/XS dco-signoff: yes needs-rebase needs-ok-to-test	contributor-last recv unreviewed
17		Add image validation for Docker architecture			3y	2y	2y		dco-signoff: yes lgtm size/L needs-rebase	assigned assignee-updated commented contributor-last new-commits send
43		No more requirement "be in the release folder" to run cmrel, remove the flag --cloudbuild			2y	2y			dco-signoff: yes approved size/M needs-rebase	contributor-last unreviewed
36		Add the "cmrel update-release-branch" command			2y	2y	2y		dco-signoff: yes approved size/M needs-rebase do-not-merge/work-in-progress	commented contributor-last draft unreviewed
128		Bump google.golang.org/grpc from 1.49.0 to 1.53.0			2mo	2mo	2mo		dco-signoff: yes size/XL dependencies ok-to-test	commented member-last send unreviewed
216		feat: add the ability to specify certificate usages			2mo	7d	2mo		dco-signoff: yes size/M needs-ok-to-test	contributor-last recv unreviewed
187		Add the ability to ignore cluster scoped resources.			9mo	4mo	7mo		dco-signoff: yes size/XS ok-to-test	commented contributor-last recv recv-q reviewed-with-comment
202		Support adding pod annotations Similar: #6190: Adds ingress annotation support for alt-names (open) Similar: #116: feat: add support for additional pod annotations/labels (open) Similar: #29: Additional support for subject annotations (open)			6mo	6mo	6mo		dco-signoff: yes size/XS needs-ok-to-test	contributor-last recv similar unreviewed
229		feat: fix app label of metrics svc for ServiceMonitor discovery		2	5mo	4mo	4mo		dco-signoff: yes size/XS ok-to-test	commented member-last reviewed-with-comment send
176		Allow configuring of the priorityClass			2wk	19d	2wk		dco-signoff: yes size/XS ok-to-test	contributor-last recv unreviewed
151		Respect seccomp toggle in init container			2mo	4wk	4wk		size/XS needs-ok-to-test dco-signoff: no	commented member-last send unreviewed
149		Add Configurable Common Labels and Add a PDB			2mo	5wk	2mo		dco-signoff: yes size/M needs-ok-to-test needs-rebase	contributor-last recv recv-q unreviewed
147		Add ability to set pod level securityContext			3mo	3mo	3mo		dco-signoff: yes size/XS needs-ok-to-test	contributor-last recv unreviewed
118		Make seccompProfile optional in initContainer			5mo	4mo	4mo		dco-signoff: yes size/XS ok-to-test needs-rebase	commented member-last send unreviewed
129		Add attribute support for certificate subject			9mo	10d	10d		dco-signoff: yes size/L ok-to-test	commented member-last reviewed-with-comment send
135		Added options to all containers			8mo	7mo	7mo		dco-signoff: yes size/L needs-rebase ok-to-test	assigned commented contributor-last send unreviewed
139		Bump golang.org/x/text from 0.3.7 to 0.3.8 in /hack/tools			7mo	16d	16d		dco-signoff: yes size/S ok-to-test dependencies	commented member-last send unreviewed
25		Fix default renewal period			5mo	12d	12d		dco-signoff: yes size/XS	commented member-last reviewed-with-comment send
32		Allow installation in a custom namespace			3mo	12d	12d		dco-signoff: yes size/L	commented member-last send unreviewed
29		Additional support for subject annotations Similar: #116: feat: add support for additional pod annotations/labels (open) Similar: #6190: Adds ingress annotation support for alt-names (open) Similar: #202: Support adding pod annotations (open)		3	3mo	12d	12d		dco-signoff: yes size/XXL	commented member-last reviewed-with-comment send similar
46		Add timeout to renewal issuance logic			7mo	3wk	3wk		dco-signoff: yes size/M ok-to-test	commented contributor-last new-commits recv
48		Retry pending request when issue is called			7mo	3wk	3wk		dco-signoff: yes size/L ok-to-test	assigned assignee-updated commented member-last new-commits send
34		WIP: E2E testing boilerplate			1y	7mo	1y		size/XXL dco-signoff: yes do-not-merge/hold approved do-not-merge/work-in-progress needs-rebase	commented contributor-last new-commits recv recv-q
28		Include Pod UID on CertificateRequest resources			1y	1y	1y		dco-signoff: yes do-not-merge/hold approved size/XS ok-to-test	assigned contributor-last recv recv-q unreviewed
42		Switch sample-external-issuer to issuer-lib			6wk	19d			do-not-merge/work-in-progress dco-signoff: yes size/XXL	contributor-last draft unreviewed
16 previously listed items omitted: #6003 #5324 #6103 #6120 #6277 #6053 #1071 #1199 #1197 #204 #156 #116 #98 #28 #24 #51

Overdue answers for a question (52)

Resolution: Add a comment

Average age: 568.2d, Avg wait: 223.2d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6230		cert-manager DDoSes DNS-01 solver - infinite rate limiting			2mo	11d	2mo		kind/bug area/acme/dns01	recv recv-q
6229		Race condition when two identical certificate requests are made from different clusters PR#6351: Handle multiple concurrent Azure DNS01 challenges for the same FQDN unreviewed		5	2mo	3wk	2mo		help wanted kind/bug priority/important-longterm area/acme/dns01	commented pr-unreviewed recv-q send
6224		Option to store certificate history in individual secrets			2mo	2mo	2mo		kind/feature	author-last commented recv recv-q
6185		Ingress-gce:"Error syncing to GCP: error running load balancer syncing routine"			3mo	10d	3mo		kind/bug	recv recv-q
6210		Flag to write/sync secrets to a namespace other than the namespace where the Certificate object is created		3	2mo	3wk	2mo		kind/feature	commented recv recv-q
6174		Certificates Ready : False Similar: #561: Certificate Resources (open)			3mo	2mo	3mo		kind/bug	recv recv-q similar
6051		Detecting Gateway hostnames based on attached HTTPRoutes PR#6124: Add design/20230601.gateway-route-hostnames. new-commits			4mo	4wk	4mo		kind/feature lifecycle/stale	author-last pr-new-commits recv recv-q
5897		"cert-manager.io/alt-names" annotation under Ingress resources PR#6190: Adds ingress annotation support for alt-names unreviewed			6mo	14d	5mo		triage/support lifecycle/stale	collaborator-last commented pr-unreviewed recv recv-q
5751		Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together			8mo	3wk	8mo		kind/bug	recv recv-q
5697		Support PodSecurityAdmission		6	8mo	2mo	8mo		kind/feature	recv recv-q
5665		Allow defining keystore password as litteral instead of SecretRef			9mo	8d	9mo		kind/feature	author-last recv recv-q
5557		error instantiating route53 challenge solver: unable to assume role: AccessDenied: Similar: #5486: Aggressive Retries from "error instantiating route53 challenge solver" (open) Similar: #5893: Route53 challenge with IRSA service account: Unable to assume role: AccessDenied (closed)		8	10mo	6wk	10mo		kind/bug	recv recv-q similar
5048		certificate not renewed for ingress with multiple hosts and http01-edit-in-place		3	1y	4wk	1y		kind/bug priority/backlog	commented recv recv-q
5851		CA cert in Secret not updated when self-signed CA itself gets renewed.		14	6mo	2wk	5wk		kind/bug	commented recv-q send
4749		rfc2136 seems to not work with deep subdomains			2y	6wk	2y		kind/bug area/acme/dns01	collaborator-last commented recv recv-q
4594		TLS handshake error: EOF		20	2y	4wk	1y		kind/bug lifecycle/stale	collaborator-last commented recv-q send
4423		Cert renewal loop		2	2y	2mo	2y		kind/bug	author-last commented recv recv-q
3896		Cert Manager failing to renew certificate Similar: #46: Cert-manager operator fails to issue certificates (open)		18	2y	2wk	2y		kind/bug area/acme/dns01	commented recv-q send similar
2722		Inject CA certificate into Secrets with cainjector		22	3y	17d	2y		kind/feature priority/awaiting-more-evidence	commented recv-q send
4685		Unexpected EOF during watch stream event decoding: unexpected EOF		8	2y	9mo	2y		lifecycle/frozen kind/bug	recv recv-q
3958		Sane defaults for Certificate revision history limit		12	2y	9d	10mo		kind/feature lifecycle/stale	collaborator-last commented recv-q send
2334		Add network policy allowance into documentation		20	3y	14d	2y		good first issue help wanted kind/documentation priority/backlog area/deploy	commented pr-merged recv recv-q
2178		Handling 'unregistering' certificates from Venafi TPP		21	4y	2mo	3y		lifecycle/frozen kind/feature priority/important-longterm area/venafi	commented recv-q
1292		Allowing skipping HTTP01 and DNS01 self-check on a per-solver basis		11 173	4y	4wk	2y		area/api help wanted kind/feature priority/important-longterm area/acme	commented pr-closed recv-q send
2478		Allow CA issuer secret rotation		53	3y	7wk	3y		kind/feature priority/important-longterm area/ca	commented recv-q send
944		Document how to install cert-manager in a different namespace		3	1y	1mo	1y		good first issue	recv recv-q
899		Upgrading from v1.7 to v1.8 check command should exclude null.		2	1y	1y	1y			recv recv-q
645		Investigate & add an FAQ/warning about images rolled back after GitOps upgrade			2y	2y	2y			recv recv-q
176		certificateDuration is not used for the Istio CSR generated certificate requests Similar: #119: Certificate is re-requested when container restarts (open) Similar: #14: Annotation generates CertificatesRequests repeatedly until blocked by letsencrypt (open)			1y	1y	1y			author-last commented recv recv-q similar
141		Istio-csr pods were hung unable to handle request causes entire cluster downtime for new pods/expired pods.			2y	1y	2y			commented recv recv-q
137		Documentation on rotating the root certificate			2y	7mo	2y			recv recv-q
108		[doc] confusion with `ca.pem` and Readiness probe failed on ingress and egress gateways			2y	2y	2y			author-last commented recv recv-q
83		commonName required for AWS PCA			2y	2y	2y			commented recv recv-q
53		Generate workload certificates with DNS in the SAN			2y	2y	2y			commented recv-q send
113		Integrating with istio helm chart installs		11	2y	6wk	2y			recv recv-q
168		Install in openshift with existing cert-manager operator install Similar: #459: cert manager is no longer on the OpenShift operator list (open) Similar: #39: Support latest cert-manager operator for openshift (open)			4wk	3wk	3wk			author-last commented recv recv-q similar
131		Feature: per namespace trust bundle			4mo	7wk	4mo			recv recv-q
60		overriding trusted namespace Similar: #145: Override namespace installation (open)		4 5	11mo	5mo	8mo			commented recv-q send similar
45		Unable to mount and read only file error		4	2y	8mo	1y			commented recv-q send
26		Cannot `chmod` a read only filesystem		14	3y	2y	3y			pr-closed recv recv-q
13		Can the plugin be configured to use a wildcard certificate?			1y	10mo	1y			recv recv-q
34		`openshift-routes` doesn't work as expected and isn't suitable for a production environment			2mo	13d	2mo			author-last recv recv-q
30		Installation is only possible in the default `cert-manager` NS PR#32: Allow installation in a custom namespace unreviewed			3mo	2mo	3mo			author-last pr-closed pr-unreviewed recv recv-q
22		Customize the deployment of cert-manager installed via OLM		5 6	2y	9mo	1y			author-last commented recv recv-q
17		Operator prevents passing extraArgs helm value		7	3y	9mo	3y			recv recv-q
7 previously listed items omitted: #6065 #5867 #5862 #5846 #3521 #2538 #850

Updated support requests (158)

Resolution: Move out of support, or add a comment

Average age: 373.3d, Avg wait: 306.7d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6334		Query recursive nameservers for DNS01 challenge in round robin fashion			16d	13d	16d		kind/feature	recv
6331		CSR not signed by referenced private key		2	16d	15d	15d			author-last commented recv
6327		wrong status code '404', expected '200' with one specific Ingress			18d	18d	18d		kind/bug	recv
6325		The RSA-SHA signature algorithm is not correctly mapped to the certificate.			2wk	13d	15d			assigned assignee-updated author-last commented recv
6323		Even if CA is expired, cert-manager allows to issue client cert with expired CA			3wk	3wk	3wk			recv
6312		Report issuer/clusterissuer status as a metric			4wk	4wk	4wk		kind/feature	recv
6309		How to pass ServiceAccountName to the acme-http01-solver pod.			4wk	19d	4wk			author-last recv
6307		Certificates only issued for ingress in default namespace			4wk	4wk	4wk		kind/bug	recv
6305		Error "Waiting for DNS-01 challenge propagation: dial udp: address udp/53': unknown port"			4wk	4wk	4wk			recv
6288		Generate cert-manager secret with certificate,key and password			5wk	5wk	5wk		kind/feature	recv
6284		cert-manager PEM format certificate to support private key encryption			5wk	5wk	5wk		kind/feature	recv
6283		JWK(S) support Similar: #130: JKS support (open)		2	5wk	4wk	5wk			recv similar
6282		The certificate request has failed... order is in "invalid" state Similar: #119: Certificate is re-requested when container restarts (open)			5wk	5wk	5wk			recv similar
6279		ServiceTemplate for solver HTTP01			6wk	6wk	6wk			recv
6274		Vault Issuer - Secretless Authentication with a Service Account doesn't work			6wk	6wk	6wk			recv
6273		Solver RFC2136 without TSIG			6wk	4wk	4wk		kind/feature	author-last commented recv
6270		Feature Request/Idea - Cert-Manager saves TLS Secret to Azure KeyVault			6wk	6wk	6wk		kind/feature	recv
6254		Logging-format json sometimes drops plaintext messages			7wk	7wk	7wk		kind/bug	recv
6212		Default duration field in cmctl check api			2mo	3wk	4wk		kind/feature	author-last commented pr-merged recv
6201		Configure retry strategy			2mo	2mo	2mo			recv
6195		logLevel information in logs			2mo	2mo	2mo		kind/bug	recv
6181		helm repo add jetstack https://charts.jetstack.io with errors, certificate has expired or is not yet valid			3mo	1mo	3mo		kind/bug	recv
6175		`region` should be optional in a Route53 dns solver			3mo	6d	3mo		kind/bug lifecycle/stale	collaborator-last recv
6197		Securing Gateway resources with non HTTPS listeners generate BadConfig events PR#6347: Do not process non-HTTPS listeners on Gateways unreviewed		6	2mo	2mo	2mo		kind/bug	pr-unreviewed recv
6163		is there a way to save dhparam with certificat			3mo	16d	3mo			recv
6161		certificate lost Subject Key Identifier			3mo	11d	3mo		kind/bug lifecycle/stale	collaborator-last recv
6016		add imagePullSecrets clauses to helm deployment, job templates PR#6015: add imagePullSecrets clauses to deployments, jobs unreviewed			4mo	3wk	4mo		kind/feature	author-last pr-unreviewed recv
5998		Failed post-install: timed out waiting for the condition Similar: #4646: Failed to install " failed post-install: timed out waiting for the condition" (closed)			5mo	6d	5mo		kind/bug lifecycle/stale	collaborator-last recv similar
5957		Support Secure (non-legacy) OpenSSL v3 PKCS12 Algorithms		10	5mo	15d	5mo		kind/feature	recv
5864		Certmgr allows creating certificates expiring after ca expiration.		4	6mo	3wk	6mo		kind/bug	recv
5821		Allow renewBefore to be a percentage			7mo	5wk	7mo		kind/feature	author-last recv
5783		*Add k8s.io/client-go/applyconfigurations style ApplyConfigurations for the included CRDs** PR#5383: Generate applyconfigurations and Apply functions changes-requested			7mo	6wk	7mo		kind/feature	author-last commented pr-changes-requested recv
5540		Changelog annotations to chart			11mo	2mo	11mo		kind/feature	author-last recv
5538		Unable to set IPv6 podDNS config from values			11mo	5wk	11mo		kind/bug	author-last recv
5430		Improving DNS-01 challenge performance PR#5446: Allow concurrent same-FQDN DNS-01 challenges when using route53 commented PR#5447: Allow extra DNS-01 propagation time to be configured unreviewed		3	1y	2mo	1y		kind/feature	pr-reviewed-with-comment pr-unreviewed recv
5282		cert-manager-webhook deployment spontaneously deleted Similar: #6306: cert-manager-webhook deployment deletes on startup (closed)			1y	3wk	4wk		kind/bug triage/not-reproducible	author-last commented recv similar
3992		Add non-CRD yaml file		3	2y	6wk	2y		priority/important-soon area/deploy	author-last commented recv
1888		Certificate not matching private key when creating multiple ingress resources		15	4y	5wk	1y		good first issue help wanted kind/bug priority/important-soon area/acme	commented recv
6134		cert-manager-cainjector process is stopped by leader election lost, but not start again			3mo	3wk	3mo		kind/bug lifecycle/stale	collaborator-last recv
6158		Had to apply static installation file twice			3mo	14d	3mo		kind/bug lifecycle/stale	collaborator-last recv
6141		Consider exposing previous certificates/keys in the kubernetes secret so that workloads can implement a grace period when a certificate rotates		2	3mo	14d	3mo		kind/feature lifecycle/stale	collaborator-last commented recv
6139		Include 3rd party CA's in generated certificate			3mo	2wk	3mo		kind/feature lifecycle/stale	collaborator-last recv
1294		Replace and update Jetstack image and copy on cert-manager support page			15d	15d	15d			recv
1241		Remove Bitnami kubeprod as installation method			3mo	3mo	3mo			recv
1101		Feature request for updating documentation.			10mo	10mo	10mo			recv
1063		"Securing Ingresses with Venafi" tutorial contains link to missing manifest			1y	1y	1y			author-last pr-merged recv
1054		Run spell checker in a pre-commit hook			1y	1y	1y		good first issue kind/cleanup	recv
1061		Document onboarding process for new maintainers Similar: #1062: Document process for offboarding maintainers (open)			1y	1y	1y			recv similar
931		Improve upgrade instructions using helm			1y	1y	1y			recv
866		Securing NGINX-ingress Similar: #326: Securing Ingresses with Venafi (open)			2y	2y	2y			recv similar
851		create Cilium ingress tls example		3	2y	1y	2y			assigned assignee-updated recv
836		Syncing Secrets Across Namespaces			2y	2y	2y			recv
758		API reference docs: enum values not documented with typedef			2y	2y	2y			recv
706		Default key usages			2y	2y	2y			recv
697		[IRSA] Needs `runAsUser: 1001`			2y	2y	2y			recv
672		List required Google CloudDNS permissions exhaustively			2y	2y	2y			recv
662		Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"			2y	2y	2y			recv
568		Add a diagram for LetsEncrypt cert issuance flow to the docs		4	2y	2y	2y			recv
561		Certificate Resources Similar: #6174: Certificates Ready : False (open) Similar: #144: Add CertificateRequest as a source (open)			2y	2y	2y			recv similar
1062		Document process for offboarding maintainers Similar: #1061: Document onboarding process for new maintainers (open)			1y	1y	1y			recv similar
469		DNS01: Delegated Domains for DNS01 example yaml solvers list items			2y	2y	2y			recv
466		installation/compatiblity			2y	2y	2y			recv
457		cainjector docs are missing the option to inject certs in apiservice resources			2y	2y	2y			recv
354		DigitalOcean access-token should not be base64-encoded			2y	2y	2y		priority/awaiting-more-evidence	author-last commented recv
1159		Why the sample issuer still uses kubebuilder version 2 ?			8mo	8mo	8mo			recv
1257		ErrRegisterACMEAccount			3mo	3mo	3mo			recv
213		charts.jetstack.io beding cluster presents a challenge and breaks deployment			3mo	3mo	3mo			recv
211		Add custom annotations to deployment			3mo	6d	3mo			author-last recv
197		add the compatibility matrix for Kubernetes versions to README			7mo	7mo	7mo			recv
155		Invalid certificate chain when using Vault with Intermediate CA			1y	6wk	1y			recv
145		*Not able to use Istio-CSR in istio(1.13.)**			1y	1y	1y			author-last commented pr-closed recv
144		add a support kubernetes client QPS and Burst config			2y	2y	2y			recv
136		Document available metrics Similar: #850: Document available cert-manager Prometheus metrics (open)			2y	2y	2y			recv similar
132		Allow override of istiod-tls certificate common name in helm chert (for non-standard istiod deployments)			2y	5mo	2y			recv
130		Document best-practices for minimal vault role configuration for istio-csr			2y	2y	2y			recv
117		public ca.crt aka caBundle is not being updated/propagated until the cert-manager and istiod components are restarted			2y	2y	2y			recv
217		Restarting a namespace with 30+ deployments causes errors in istio-csr which tends to reolve after a while.			5wk	5wk	5wk			recv
94		Can't get aws pca to work			2y	2y	2y			recv
207		Setting .Values.nameOverride makes the pod not have rights to update secret cert-manager-approver-policy-tls			6mo	6mo	6mo			author-last recv
169		Webhook Custom CA			9mo	9mo	9mo			recv
271		Include binary artifacts your releases.			6d	6d	6d			recv
62		CertificateRequestPolicy based on which namespace the certificate request belongs to PR#256: CEL expressions approver design new-commits		7	1y	3mo	6mo			author-last commented pr-closed pr-merged pr-new-commits recv
175		support extra annotations on resoures in helm chart			2wk	2wk	2wk			recv
159		No support for EKS in helm PR#156: Allow enabling hostNetwork mode in Helm chart approved Similar: #130: JKS support (open)			5wk	5wk	5wk			author-last pr-approved recv similar
142		expose bundles CRD as release artifact		3	3mo	3mo	3mo			recv
99		Allow removing Bundles whilst keeping the synced CA certs		2	8mo	8mo	8mo			pr-unreviewed recv
33		Support CRDs as target Similar: #10: Feature: support secret target (open)		3	1y	1y	1y			recv similar
23		Way to add labels/annotations to target		8	1y	3wk	1y		help wanted good first issue	recv
144		Push new tag for chart fixes			3mo	3mo	3mo			recv
140		Update images to not utilize k8s.gcr.io			5mo	5mo	5mo			recv
136		SubPath support is broken or missing			8mo	8mo	8mo			recv
134		Volume empty		3	9mo	5mo	9mo			recv
128		Support all subject attributes PR#129: Add attribute support for certificate subject commented			9mo	9mo	9mo			pr-reviewed-with-comment recv
125		Is it too late to align cert-manager annotations? Similar: #38: Route with cert-manager annotations is not created (open)			9mo	9mo	9mo			recv similar
119		Certificate is re-requested when container restarts Similar: #144: Add CertificateRequest as a source (open) Similar: #6282: The certificate request has failed... order is in "invalid" state (open) Similar: #176: certificateDuration is not used for the Istio CSR generated certificate requests (open)			11mo	11mo	11mo			recv similar
33		New key being used with old certificate			2y	2y	2y			recv
29		Deleting a pod with a cert-manager-csi volume mounted results in the pod termination hanging.			3y	3y	3y			recv
21		MountVolume.SetUp failed: cannot set blockOwnerDeletion: cannot find RESTMapping for APIVersion core/v1 Kind Pod			3y	3y	3y			recv
17		ability to specify pod IP in volume attributes		5	3y	3y	3y			commented recv
130		JKS support Similar: #159: No support for EKS in helm (open) Similar: #6283: JWK(S) support (open)		3	9mo	7mo	9mo			recv similar
38		Add Envoy Secret discovery service (SDS) support			4mo	4mo	4mo			recv
19		Add support for certificate expiry configuration		6	11mo	4mo	11mo			recv
35		How to populate certificate metadata i.e. subject details e.g. OU, Organization etc			7wk	14d	7wk			recv
26		Missing CONTRIBUTING.md			5mo	5mo	5mo			recv
15		Feature: Support for ECC certs Similar: #5433: Support certs that live for < 1h (closed)			11mo	11mo	11mo			recv similar
14		Annotation generates CertificatesRequests repeatedly until blocked by letsencrypt Similar: #176: certificateDuration is not used for the Istio CSR generated certificate requests (open)			1y	1y	1y			recv similar
12		Does this plugin support DNS validation?			1y	1y	1y			recv
46		Cert-manager operator fails to issue certificates Similar: #3896: Cert Manager failing to renew certificate (open)			2y	2y	2y			recv similar
3		Restrict operator RBAC permissions			3y	3y	3y			recv
47		Race condition: CertificateRequests may never be fulfilled if the issuer was overwhelmed			7mo	7mo	7mo			recv
45