queue to be emptied once a week in a team triage meeting

Important soon, but no updates in 60 days (14)

Resolution: Downgrade to important-longterm

Average age: 792.8d, Avg wait: 82.2d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
4722 High memory usage on cluster with many secrets
8
8mo 2mo 8mo
kind/bug
priority/important-soon
contributor-last
open-milestone
recv
3992 Add non-CRD yaml file
2
1y 2mo 1y
priority/important-soon
area/deploy
commented
open-milestone
recv
3381 Setup separate package for cert-manager API
4
2y 2mo 2mo
kind/feature
priority/important-soon
assigned
assignee-updated
commented
member-last
open-milestone
send
1888 Certificate not matching private key when creating multiple ingress resources
15
3y 2mo 2mo
good first issue
help wanted
kind/bug
priority/important-soon
area/acme
commented
open-milestone
send
709 Update Securing NGINX-ingress tutorial for apiVersion networking.k8s.io/v1
1y 11mo 1y
good first issue
priority/important-soon
recv
320 Document how to install cert-manager using gitops and known issues with particular gitops implementations
3
2y 1y 2y
documentation
priority/important-soon
commented
contributor-last
262 [DOCS]: Add info on how to customize kind CertManager when using OperatorHub method on Openshift
2y 2y 2y
kind/feature
priority/important-soon
author-last
commented
recv
recv-q
229 Documenting resolution for DigitalOcean + HTTP01 "connection timed out" error 2y 2y
priority/important-soon
kind/documentation
contributor-last
198 Document release process 2y 2y 2y
priority/important-soon
kind/documentation
assigned
commented
member-last
send
195 Document keystores 2y 1y 2y
priority/important-soon
kind/documentation
commented
member-last
send
174 Add documentation for CRD conversion webhook ca injection 2y 2y 2y
help wanted
priority/important-soon
kind/documentation
commented
member-last
send
144 Improve webhook debugging info
2y 1y 2y
priority/important-soon
kind/documentation
commented
member-last
pr-merged
send
similar
90 Document Certificate Subject Changes 2y 2y 2y
help wanted
good first issue
priority/important-soon
collaborator-last
commented
69 SelfSignedIssuer configuration - API reference docs 2y 2y 2y
help wanted
good first issue
priority/important-soon
kind/documentation
commented
member-last
send

Important longterm, but no updates in 120 days (9)

Resolution: Downgrade to backlog

Average age: 771.5d, Avg wait: 190.5d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
2178 Handling 'unregistering' certificates from Venafi TPP
11
3y 8mo 2y
lifecycle/frozen
kind/feature
priority/important-longterm
area/venafi
commented
recv-q
send
850 Document available cert-manager Prometheus metrics 7mo 5mo 7mo
documentation
good first issue
priority/important-longterm
contributor-last
recv
551 Documentation on how to handle large-scale certificate management & best practices
2
1y 10mo 1y
help wanted
priority/important-longterm
kind/documentation
contributor-last
recv
401 Bring tutorials up to date 2y 2y
priority/important-longterm
344 Add docs to explain webhooks 2y 1y
help wanted
good first issue
priority/important-longterm
contributor-last
223 Document wildcard certificate tutorial 2y 2y 2y
priority/important-longterm
kind/documentation
commented
contributor-last
send
178 Order of versions of cert-manager in menu 2y 2y 2y
priority/important-longterm
kind/documentation
commented
contributor-last
send
154 Documenting repo management process 2y 2y 2y
priority/important-longterm
kind/documentation
commented
contributor-last
send
56 Route53: document use of "region" field 2y 1y 2y
documentation
priority/important-longterm
contributor-last
recv
recv-q

many reactions, low priority (11)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 341.6d, Avg wait: 40.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5267 cm-acme-http-solver triggers no.scale.down.node.pod.not.backed.by.controller due to lack of PodDisruptionBudget
5
3mo 2mo 3mo
kind/bug
recv
4956 cert-manager created multiple CertificateRequest objects with the same certificate-revision
2
2
3
6mo 15h 6mo
kind/bug
commented
pr-merged
recv
recv-q
4821 Allow `ingressClassName` to be set for HTTP01 solver ingresses.
3
78
8mo 4d 5mo
kind/feature
area/ingress-shim
commented
pr-unreviewed
send
4786 Investigate whether it would be valuable to decrease the initial backoff period for certificate issuance retries
9
8mo 3wk 3wk
lifecycle/rotten
collaborator-last
commented
pr-merged
4654 Certificates issued by vault with isCa: true are missing CA:TRUE in certificate
2
3
4
9mo 2mo 2mo
kind/bug
commented
member-last
send
similar
4144 Make it possible to use a projected service account token to the Vault Issuer instead of a service account Secret
21
1y 2mo 2mo
kind/feature
priority/backlog
area/vault
commented
member-last
pr-closed
send
2538 cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer
57
2y 8d 1y
area/api
kind/feature
priority/backlog
commented
recv
recv-q
3931 Added PodDisruptionBudgets to helm chart
2
13
1y 1d 5mo
size/L
release-note
approved
kind/feature
dco-signoff: yes
ok-to-test
area/deploy
assigned
assignee-updated
commented
contributor-last
new-commits
recv
recv-q
5324 Create 20220720-per-certificate-owner-ref.md
4
2mo 12d 3wk
size/L
release-note-none
approved
kind/design
dco-signoff: yes
collaborator-last
commented
new-commits
similar
5174 Add support for restricting the secrets watch list in cainjector
5
4mo 5wk 3mo
release-note
needs-rebase
needs-ok-to-test
size/M
dco-signoff: yes
needs-kind
collaborator-last
commented
recv
recv-q
unreviewed
583 cert-manager with ZeroSSL
44
1y 3mo 3mo
commented
send

many commenters, low priority (1)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 76.8d, Avg wait: 0.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5324 Create 20220720-per-certificate-owner-ref.md
4
2mo 12d 3wk
size/L
release-note-none
approved
kind/design
dco-signoff: yes
collaborator-last
commented
new-commits
similar

Screaming into the void (2)

Resolution: Reopen, or ask folks to open a new issue

Average age: 725.7d, Avg wait: 619.8d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
4991 Successful challenge request, but no certificate
4
6mo 5d 6mo
kind/bug
closed
commented
recv
recv-q
1582 Can't delete challenge
45
39
10
36
191
3y 1d 3y
kind/bug
closed
commented
recv
recv-q

Needs information for over 2 weeks (6)

Resolution: Close or remove triage/needs-information label

Average age: 412.0d, Avg wait: 0.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5173 Unable to create certificate with cert-manager v1.7.1 using Traefik 2.6.3 4mo 3wk 3mo
kind/bug
lifecycle/stale
triage/needs-information
area/acme/http01
collaborator-last
commented
send
5159 ACME account private key rotation support 4mo 3wk 3mo
lifecycle/stale
triage/needs-information
collaborator-last
commented
send
5101 No backoff/delay when failing to create challenge solver pods 5mo 19d 3mo
kind/bug
priority/important-longterm
lifecycle/stale
triage/needs-information
collaborator-last
commented
send
3748 Cert-manager causes API server panic on clusters with more than 20000 secrets.
11
2y 2mo 8mo
kind/bug
triage/needs-information
commented
contributor-last
pr-merged
send
3640 Challenge Records Not Always Cleaned Up 2y 7wk 7wk
kind/bug
area/acme
triage/needs-information
collaborator-last
commented
pr-merged
pr-unreviewed
2882 Reuse / recovery of ExternalAccountBinding based account
3
6
30
2y 3wk 2y
kind/bug
priority/important-soon
area/acme
triage/needs-information
lifecycle/rotten
collaborator-last
commented
pr-closed
recv-q
send

Support request over 30 days old (5)

Resolution: Close, or add to triage/long-term-support

Average age: 227.5d, Avg wait: 206.3d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5294 Helm install: no matches for kind "ClusterIssuer" in version "cert-manager.io/v1alpha2" 2mo 2mo 2mo
triage/support
author-last
commented
recv
similar
5292 Unable to delete/upgrade cert-manager 2mo 2mo 2mo
triage/support
author-last
commented
recv
5236 Cert Manager appending random string/numbers on the end of secret name
2
3mo 6wk 3mo
triage/support
commented
recv-q
send
770 Helm template fails with `--create-namespace` 10mo 9mo 10mo
triage/support
contributor-last
recv
recv-q
480 Secret gets UID added to end of name 2y 1y 2y
triage/support
contributor-last
recv
recv-q

Issues nearing expiration (24)

Resolution: Close or label as frozen

Average age: 288.9d, Avg wait: 78.2d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5156 Issued certificate having more validity period than root certificates. 4mo 12d 4mo
lifecycle/rotten
collaborator-last
recv
5137 Slow healthz and livez endpoints cause liveness and readiness probe failures 4mo 21h 4mo
kind/bug
priority/important-soon
lifecycle/rotten
collaborator-last
commented
open-milestone
send
5134 Letsencrypt acme cert challenges no longer working on AKS (nginx-ingress + cert-manager + clusterissuer + letsencrypt)
4
4mo 3wk 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
5132 HTTP01 - Did not get expected response when querying endpoint, expected X, but got X
4mo 3wk 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
5131 ingressShim doesn't supply x.509 subject fields required by our providers (TPP) policies 4mo 12d 4mo
kind/feature
lifecycle/rotten
contributor-last
recv
recv-q
5128 helm chart: add annotations and labels globally 4mo 3wk 4mo
kind/feature
lifecycle/rotten
collaborator-last
recv
5120 Too many pending authorizations - On Certificate Orders 4mo 3wk 4mo
kind/bug
lifecycle/rotten
collaborator-last
commented
recv
5114 Intermediate certificate is not updated in child certificate 4mo 3wk 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
5086 Issuing certificate as Secret does not exist 5mo 9d 5mo
lifecycle/rotten
collaborator-last
recv
similar
4980 Waiting for DNS-01 challenge propagation: dial tcp 173.245.59.41:53: connect: connection refused
2
6mo 4d 6mo
kind/bug
lifecycle/rotten
collaborator-last
commented
recv-q
send
similar
4884 Add a similar secretTemplate to the secret that is created by ACME Issuer
7mo 13d 7mo
kind/feature
lifecycle/rotten
collaborator-last
commented
recv
4786 Investigate whether it would be valuable to decrease the initial backoff period for certificate issuance retries
9
8mo 3wk 3wk
lifecycle/rotten
collaborator-last
commented
pr-merged
4561 Ability to specify secret ownerReference as part of the Certificate request
3
11mo 17d 11mo
kind/feature
lifecycle/rotten
collaborator-last
recv
4535 Kubernetes: x509 certificate signed by unknown authority, possibly because of ECDSA verification failure
11mo 8d 11mo
lifecycle/rotten
collaborator-last
commented
recv-q
send
similar
4410 Support configuration via operator subscription
4
1y 18d 4mo
kind/feature
lifecycle/rotten
collaborator-last
commented
send
4250 Support parallel DNS validation for same host
6
1y 4wk 10mo
priority/important-soon
lifecycle/rotten
area/acme/dns01
collaborator-last
commented
open-milestone
recv
recv-q
4033 Automated updates of base images
1y 9d 9d
kind/feature
priority/important-soon
lifecycle/rotten
commented
member-last
open-milestone
pr-merged
3706 renewal-hooks
3
12
2y 14d 8mo
kind/feature
priority/important-longterm
lifecycle/rotten
collaborator-last
commented
send
3592 Ability to not create ca.crt
2
2y 1d 2y
lifecycle/rotten
collaborator-last
commented
recv
2882 Reuse / recovery of ExternalAccountBinding based account
3
6
30
2y 3wk 2y
kind/bug
priority/important-soon
area/acme
triage/needs-information
lifecycle/rotten
collaborator-last
commented
pr-closed
recv-q
send
4810 Server Side Apply: Adds support for CA Injector controller to use SSA with Feature Gate
4
8mo 12d 12d
size/L
release-note
needs-rebase
approved
kind/feature
priority/important-soon
lifecycle/rotten
dco-signoff: yes
area/deploy
collaborator-last
commented
open-milestone
reviewed-with-comment
send
4744 Trigger controller: test the trigger cases 8mo 12d 6mo
size/XL
release-note-none
needs-rebase
approved
kind/cleanup
lifecycle/rotten
dco-signoff: yes
area/testing
collaborator-last
commented
new-commits
5015 Update the make target "e2e-setup-traefik" so that it can work for the version v1alpha2 of the Gateway API 6mo 12d
size/L
release-note-none
needs-rebase
approved
do-not-merge/work-in-progress
kind/cleanup
lifecycle/rotten
dco-signoff: yes
area/testing
collaborator-last
draft
recv-q
unreviewed
5139 Added feature-gates arguments to webhook pod 4mo 18d 4mo
size/XS
release-note
needs-ok-to-test
lifecycle/rotten
dco-signoff: yes
area/deploy
needs-kind
changes-requested
collaborator-last
commented
send

Pull requests: Approved and getting old (6)

Resolution:

Average age: 54.7d, Avg wait: 20.9d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5324 Create 20220720-per-certificate-owner-ref.md
4
2mo 12d 3wk
size/L
release-note-none
approved
kind/design
dco-signoff: yes
collaborator-last
commented
new-commits
similar
5387 Add option to load Vault CA bundle from Kubernetes Secret 7wk 12d 19d
release-note
size/XL
approved
lgtm
area/api
kind/feature
dco-signoff: yes
area/testing
ok-to-test
area/deploy
assigned
assignee-updated
collaborator-last
commented
new-commits
open-milestone
send
5436 Move CSR resource in design to GA
19d 12d 19d
release-note
approved
size/S
kind/design
dco-signoff: yes
collaborator-last
commented
send
unreviewed
1071 Improved the summary on the docs homepage
2
3wk 3wk 3wk
approved
dco-signoff: yes
size/S
commented
contributor-last
new-commits
recv-q
1072 Adds documentation for the new `caBundleSecretRef` feature on the Vault Issuer
3wk 3wk
approved
dco-signoff: yes
size/M
changes-requested
contributor-last
992 Initial feature gate documentation
2
4mo 4mo 4mo
approved
dco-signoff: yes
size/M
commented
contributor-last
recv
recv-q
reviewed-with-comment

Pull Requests: Stale (55)

Resolution: Add comment and/or close PR

Average age: 227.7d, Avg wait: 44.1d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5427 Added support for disableChallengePresentation for issuers and clusterissuers
4wk 6d 12d
release-note
area/api
needs-ok-to-test
size/M
area/acme
dco-signoff: yes
area/deploy
needs-kind
author-last
commented
recv
unreviewed
5378 Unify semver version generation 1mo 8d 5wk
size/L
release-note-none
needs-rebase
approved
do-not-merge/work-in-progress
kind/cleanup
dco-signoff: yes
changes-requested
collaborator-last
commented
draft
5383 Generate applyconfigurations and Apply functions 7wk 8d 7wk
release-note
needs-rebase
approved
area/api
do-not-merge/work-in-progress
size/XXL
dco-signoff: yes
needs-kind
collaborator-last
commented
draft
send
similar
unreviewed
4969 add acmeHttp01SolverImage 6mo 10d 6mo
size/XS
release-note
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
author-last
commented
recv
recv-q
unreviewed
5093 Add relabeling and metricRelabelings settings for ServiceMonitor. 5mo 11d 5mo
release-note
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
recv
recv-q
unreviewed
4330 Add client certificate auth method for Vault issuer 1y 12d 5mo
release-note
size/XL
area/api
kind/feature
area/acme
area/vault
dco-signoff: yes
area/testing
ok-to-test
area/deploy
collaborator-last
commented
recv
recv-q
unreviewed
4502 support subject and email annotations for ingress/gateway
6
1y 12d 6wk
size/L
release-note-none
area/api
kind/feature
area/acme
dco-signoff: yes
area/testing
ok-to-test
area/acme/dns01
area/deploy
collaborator-last
commented
new-commits
open-milestone
send
4835 Making sure per fixture only 1 setup is active at the same time 7mo 12d 3mo
release-note-none
kind/bug
size/M
lifecycle/stale
dco-signoff: yes
area/testing
assigned
assignee-updated
collaborator-last
commented
reviewed-with-comment
4570 `RevisionHistoryLimit` has a default value of 25
11mo 12d 2mo
release-note
area/api
size/M
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
assigned
collaborator-last
commented
new-commits
send
4209 Auto generate README.md, Chart.yaml, values.schema.json and values.yaml using tem & helm-jsonschema-gen
3
1y 12d 3mo
release-note
needs-rebase
approved
do-not-merge/work-in-progress
kind/feature
size/XXL
dco-signoff: yes
ok-to-test
area/deploy
collaborator-last
commented
draft
new-commits
similar
5003 Implement the DNS-over-HTTPS check 6mo 12d 2mo
release-note-none
do-not-merge/work-in-progress
size/XXL
area/acme
dco-signoff: yes
area/testing
ok-to-test
area/acme/dns01
needs-kind
collaborator-last
commented
draft
recv
recv-q
unreviewed
5083 WIP: Generate applyconfigurations and Apply functions 5mo 12d 5mo
release-note-none
needs-rebase
approved
do-not-merge/work-in-progress
size/XXL
dco-signoff: yes
area/testing
needs-kind
assigned
assignee-updated
collaborator-last
commented
send
similar
unreviewed
5094 WIP server-side apply in tests v2 5mo 12d
size/L
release-note-none
needs-rebase
approved
do-not-merge/work-in-progress
kind/cleanup
dco-signoff: yes
area/testing
collaborator-last
unreviewed
5126 WIP: Only remove the cleanup finalizer if the cleanup succeeds 4mo 12d 4mo
size/L
release-note-none
needs-rebase
approved
do-not-merge/work-in-progress
kind/cleanup
area/acme
dco-signoff: yes
area/testing
collaborator-last
commented
unreviewed
5373 Allow config of http01 solver pod security context
2
1mo 12d 1mo
size/L
release-note
area/api
kind/feature
area/acme
dco-signoff: yes
ok-to-test
area/acme/http01
area/deploy
collaborator-last
commented
open-milestone
recv
recv-q
unreviewed
5370 Use CUE to generate values.yaml and values.schema.json
2mo 12d 5wk
release-note
needs-rebase
approved
do-not-merge/work-in-progress
kind/feature
size/XXL
dco-signoff: yes
area/deploy
collaborator-last
commented
draft
new-commits
similar
5105 Replace update with patch operation 4mo 15d 4mo
release-note-none
needs-rebase
size/S
needs-ok-to-test
lifecycle/stale
dco-signoff: yes
area/testing
needs-kind
collaborator-last
recv
unreviewed
5127 Add EncodeUsagesInRequestAnnotationKey for certificate
4mo 15d 4mo
release-note
needs-rebase
size/S
area/api
needs-ok-to-test
lifecycle/stale
dco-signoff: yes
needs-kind
collaborator-last
commented
send
unreviewed
5308 Add the Workload Identities for azureDns 2mo 4wk 6wk
size/L
release-note
needs-rebase
area/api
needs-ok-to-test
area/acme
dco-signoff: yes
area/acme/dns01
needs-kind
commented
member-last
send
unreviewed
5054 fix webhook can not run with args of kubeconfig
5mo 5wk 5wk
size/XS
release-note-none
kind/bug
needs-ok-to-test
area/acme
dco-signoff: yes
commented
member-last
send
unreviewed
5303 Stop infinitely reissuing certs with shared Secret
3
2mo 2mo 2mo
release-note
size/S
do-not-merge/work-in-progress
needs-ok-to-test
dco-signoff: yes
needs-kind
assigned
assignee-updated
collaborator-last
commented
draft
new-commits
recv
1075 Move Issuer / ClusterIssuer and Certificate resource content to a sub-folder of configuration/ 3wk 6d
approved
dco-signoff: yes
size/L
needs-rebase
contributor-last
reviewed-with-comment
984 Fix zerossl tutorial path 4mo 10d 4mo
dco-signoff: yes
size/L
ok-to-test
assigned
contributor-last
recv
recv-q
unreviewed
1048 [WIP] Document structure updates 2mo 6wk 7wk
dco-signoff: yes
size/XXL
needs-rebase
do-not-merge/work-in-progress
ok-to-test
commented
contributor-last
send
unreviewed
1032 projects/approver-policy: selector.namespace 2mo 7wk
approved
dco-signoff: yes
lgtm
do-not-merge/hold
size/M
approved
assigned
contributor-last
1034 Add link to ACME DNS01 webhook for PowerDNS 2mo 2mo 2mo
size/XS
dco-signoff: yes
needs-rebase
needs-ok-to-test
contributor-last
recv
unreviewed
1005 Route53 accessKeyIDSecretRef docs 3mo 3mo 3mo
size/XS
dco-signoff: yes
needs-ok-to-test
recv
unreviewed
930 update ibmcloud cis webhook link 5mo 4mo 5mo
size/XS
dco-signoff: yes
needs-ok-to-test
assigned
assignee-updated
author-last
commented
recv
unreviewed
982 WIP: [GSOD] Define our audiences 4mo 4mo
approved
dco-signoff: yes
do-not-merge/work-in-progress
size/M
unreviewed
859 Move the meetings and slack information to a separate page
6mo 4mo 4mo
approved
dco-signoff: yes
needs-rebase
size/M
changes-requested
commented
member-last
send
948 add note to ingress class definition 5mo 5mo 5mo
dco-signoff: no
size/XS
needs-ok-to-test
assigned
author-last
recv
unreviewed
701 Issuer with IRSA needs ambient credentials flag
1y 5mo 8mo
dco-signoff: no
size/S
ok-to-test
commented
contributor-last
new-commits
send
446 Add multiple ingresses usage section 2y 5mo 1y
size/XS
dco-signoff: yes
needs-rebase
needs-ok-to-test
changes-requested
commented
contributor-last
send
589 cloud DNS: include missing project ID
1y 5mo 1y
size/XS
dco-signoff: yes
needs-rebase
ok-to-test
changes-requested
commented
contributor-last
send
689 Retro 1.5 follow-up: PR to website on every feature PR
1y 5mo 1y
approved
size/XS
dco-signoff: yes
needs-rebase
changes-requested
commented
contributor-last
send
751 Added kubectl config for recursive nameservers 11mo 5mo 10mo
dco-signoff: no
size/XS
needs-rebase
ok-to-test
approved
commented
contributor-last
send
765 Document that DNS-01 ClusterIssuer use kube-system secret 10mo 5mo 10mo
size/XS
dco-signoff: yes
needs-rebase
needs-ok-to-test
assigned
changes-requested
commented
contributor-last
send
790 Update route53.md 9mo 5mo 8mo
dco-signoff: no
size/XS
needs-rebase
needs-ok-to-test
changes-requested
commented
contributor-last
send
884 remove duplicate code 6mo 5mo 6mo
dco-signoff: no
size/XS
needs-rebase
needs-ok-to-test
changes-requested
contributor-last
recv
528 Update "Setting Nameservers for DNS01 Self Check" example 1y 6mo 1y
size/XS
dco-signoff: yes
needs-rebase
needs-ok-to-test
contributor-last
recv
unreviewed
451 update to ingress. 2y 8mo 2y
dco-signoff: no
size/XS
needs-rebase
needs-ok-to-test
contributor-last
recv
unreviewed
548 More doc around the approval API in the /concepts/certificaterequest page
1y 1y 1y
approved
dco-signoff: yes
kind/cleanup
size/XL
needs-rebase
assigned
assignee-updated
changes-requested
commented
contributor-last
send
17 Add image validation for Docker architecture 2y 1y 1y
dco-signoff: yes
lgtm
size/L
needs-rebase
assigned
assignee-updated
commented
contributor-last
new-commits
send
43 No more requirement "be in the release folder" to run cmrel, remove the flag --cloudbuild 1y 1y
dco-signoff: yes
approved
size/M
needs-rebase
contributor-last
unreviewed
36 Add the "cmrel update-release-branch" command 1y 1y 1y
dco-signoff: yes
approved
size/M
needs-rebase
do-not-merge/work-in-progress
commented
contributor-last
draft
unreviewed
10 previously listed items omitted: #4810 #4744 #5324 #5015 #5387 #5139 #5174 #1071 #1072 #992

Overdue answers for a question (36)

Resolution: Add a comment

Average age: 549.3d, Avg wait: 108.5d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5316 Cert-manager shuts down without warning due to secret timeout 2mo 2mo 2mo
kind/bug
author-last
recv
recv-q
5215 Add relabeling in cert-manager serviceMonitor 3mo 4wk 3mo
kind/feature
author-last
commented
recv
recv-q
5042 propagation check failed: DNS record for xxx not yet propagated
3
5mo 3wk 5mo
kind/bug
lifecycle/stale
collaborator-last
recv
recv-q
similar
4941 Failed to perform self check GET request 6mo 2mo 6mo
kind/bug
recv
recv-q
similar
4931 Enable Testing on ARM64 6mo 2mo 6mo
kind/feature
author-last
commented
recv
recv-q
4918 Leader election timeout (?) causes exit
7mo 5wk 5mo
priority/important-longterm
commented
recv
recv-q
4877 HTTP01 solver fails self-check/propagation check on 1.7.1 when used with client-certificate auth on nginx Ingress 1.1.1
7mo 2mo 7mo
kind/bug
recv
recv-q
4846 More than one Certificate nominating same Secret induces runaway creation of many CertificateRequests and Orders
2
7mo 19d 7mo
kind/bug
priority/important-soon
lifecycle/stale
collaborator-last
pr-new-commits
recv
recv-q
4685 Unexpected EOF during watch stream event decoding: unexpected EOF
2
9mo 6wk 9mo
lifecycle/frozen
kind/bug
recv
recv-q
4653 Venafi TPP Support for Oauth
3
9mo 19d 9mo
kind/feature
priority/backlog
recv
recv-q
4620 Vault Issuer does not retry signing CertificateRequests if the status is pending
5
10mo 14d 6wk
kind/bug
priority/important-longterm
area/vault
commented
recv-q
send
similar
4594 TLS handshake error: EOF
8
10mo 4wk 3mo
kind/bug
commented
recv-q
send
4423 Cert renewal loop
2
1y 2mo 1y
kind/bug
author-last
commented
recv
recv-q
3958 Sane defaults for Certificate revision history limit
10
1y 4wk 1y
kind/feature
recv
recv-q
similar
3896 Cert Manager failing to renew certificate
17
1y 7wk 1y
kind/bug
commented
recv-q
send
similar
3820 Controller fails to process new certs when there are a large number of pending ones
3
2y 5wk 7mo
kind/bug
priority/important-soon
area/acme
assigned
assignee-updated
commented
recv-q
send
3565 requestmanager_controller got stuck in a loop and stopped generating new certificates afterward
12
2y 11d 1y
kind/bug
commented
recv-q
send
3521 Integration with ExternalDNS
21
2y 14d 5mo
help wanted
lifecycle/frozen
kind/feature
priority/important-longterm
commented
recv-q
send
3298 Let's encrypt certificate caching to mitigate rate limits problems
3
12
2y 2mo 8mo
help wanted
kind/feature
priority/backlog
commented
recv-q
send
3283 Passing apiVersion as apiGroup should give a validation error
2
17
2y 6d 2y
area/api
kind/bug
priority/important-longterm
commented
recv
recv-q
3103 Adding probes to the cert-manager pods
5
2y 7d 3mo
kind/feature
priority/important-longterm
area/deploy
commented
recv-q
send
2722 Inject CA certificate into Secrets with cainjector
18
2y 3wk 9mo
kind/feature
priority/awaiting-more-evidence
commented
recv-q
send
2605 No flag to set structured logging output, e.g. JSON?
37
2y 3wk 2y
help wanted
kind/feature
priority/backlog
commented
recv
recv-q
2525 Better support multi-namespace & single-namespace deployments
20
2y 2mo 1y
kind/feature
priority/important-longterm
area/deploy
commented
pr-closed
recv-q
send
2478 Allow CA issuer secret rotation
33
2y 1mo 2y
kind/feature
priority/important-longterm
area/ca
commented
open-milestone
recv-q
send
2380 Helm chart version is not SemVer-compatible
4
2y 7wk 1y
kind/bug
commented
recv
recv-q
2334 Add network policy allowance into documentation
16
2y 19d 1y
good first issue
help wanted
kind/documentation
priority/backlog
area/deploy
commented
pr-merged
recv
recv-q
2332 Private ACME authority aka custom root certificate for ACME
17
2y 2wk 2y
good first issue
help wanted
kind/feature
priority/backlog
area/acme
commented
recv
recv-q
899 Upgrading from v1.7 to v1.8 check command should exclude null.
2
6mo 5mo 6mo
recv
recv-q
645 Investigate & add an FAQ/warning about images rolled back after GitOps upgrade 1y 7mo 1y
recv
recv-q
6 previously listed items omitted: #5236 #4535 #4250 #2538 #2178 #262

Updated support requests (116)

Resolution: Move out of support, or add a comment

Average age: 249.4d, Avg wait: 154.5d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5467 External Key Generator 8d 8d 8d
kind/feature
recv
5455 Support assuming role for route53 in AWS China (and other partitions) 13d 13d 13d
kind/feature
recv
5453 `cmctl convert` not working for converting certmanager.k8s.io/v1alpha1 to cert-manager.io/v1 13d 9d 13d
kind/bug
recv
5449 Gateway API exist, still getting error "the Gateway API CRDs do not seem to be present" 14d 14d 14d
recv
5448 how to disabled serverSideApply 15d 7d 15d
help wanted
recv
5440 Enable OpenSSF Scorecard Github Action and Badge 18d 18d 18d
kind/feature
pr-unreviewed
recv
5437 Issuer/ClusterIssuer support to specify vault token on local filesystem 19d 19d 19d
pr-unreviewed
recv
5435 Issuer/ClusterIssuer vault with mounted JWT token 19d 19d 19d
recv
5434 v1.7.3 still having "expired challenges" issue 19d 19d 19d
kind/bug
author-last
recv
5433 Support certs that live for < 1h
2wk 2wk 2wk
kind/feature
recv
5432 Certificate renewed but not the linked secret 3wk 3wk 3wk
kind/bug
recv
similar
5431 After generating a new Let's Encrypt certificate, it still uses the default cluster certificate. 3wk 3wk 3wk
recv
5430 Improving DNS-01 challenge performance 3wk 3wk 3wk
kind/feature
pr-reviewed-with-comment
pr-unreviewed
recv
5428 [Helm chart] Cert-manager's metrics can't be added to grafana data soource 3wk 3wk 3wk
kind/bug
recv
5421 [Helm chart] Cert-manager's metrics are not collected by default 4wk 4wk 4wk
kind/bug
recv
5415 DNS record for xxx not yet propagated. can we use cloudflare for acme challenge and custom ns for propagation check? 4wk 4wk 4wk
kind/bug
recv
similar
5397 Certificate not re-issued after keystore format change 6wk 6wk 6wk
kind/bug
recv
similar
5396 Passing empty IP Address in the certificate spec, fails certificate creation 6wk 6wk 6wk
kind/bug
recv
5394 Cert Manager showing "error"="Operation cannot be fulfilled on certificates.cert-manager.io"
6wk 6wk 6wk
recv
similar
5392 cert-manager-webhook emit TLS handshake error from 10.240.1.63:53386: EOF 6wk 6wk 6wk
recv
5391 Regex validation on acme/solvers is too strict
6wk 6wk 6wk
recv
5388 InvalidChangeBatch: cannot be created because a non multivalue answer rrset exists with the same name and type
7wk 7wk 7wk
kind/bug
recv
5357 Support ECDSA keys for ACME accounts 2mo 2mo 2mo
kind/feature
pr-unreviewed
recv
5348 Question: usage of an own acmedns api without /update endpoint 2mo 2mo 2mo
recv
5347 Got error:0A00010B:SSL routines::wrong version number 2mo 2mo 2mo
kind/bug
author-last
recv
5344 metrics for failed calls to cloudflare 2mo 2mo 2mo
kind/feature
recv
5326 Add ability to configure podTemplate securityContext fields in http solver 2mo 2mo 2mo
kind/feature
recv
5310 Install cert-manager: error bounded in resource existing 2mo 2mo 2mo
recv
5297 Failed to update endpoint cert-manager/cert-manager-webhook 2mo 2mo 2mo
recv
5284 Challenge remain pending and does't rerun after I delegate dns zone 2mo 2mo 2mo
kind/bug
recv
5283 DNS Challenges Not Added to Specified Ingress Despite Specifying in ACME ClusterIssuer Manifest 2mo 2mo 2mo
kind/bug
recv
5254 AKS high severity : on disabling automounting API credentials for service account installation of cert manager timesout
3mo 2mo 3mo
kind/bug
author-last
recv
5253 Webhook FailedDiscoveryCheck failing or missing response from https://<ip>:10251/apis/webhook.cert-manager.io/v1alpha1: bad status 3mo 6d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
5246 Secrets are not updated when key stores added/removed 3mo 8d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
5238 no wait time between challenge requeues 3mo 13d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
5223 cert-manager reporting and alerting 3mo 18d 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
5218 Install SSL certificate on CertManager container image 3mo 2wk 3mo
lifecycle/stale
collaborator-last
recv
similar
5211 Question about tolerations 3mo 18d 3mo
author-last
recv
5210 Use instrumentedclient when performing credential verifications for Venafi client
3mo 3wk 3mo
kind/bug
lifecycle/stale
collaborator-last
pr-closed
recv
5193 Stuck on "propagation check failed"
3mo 5wk 3mo
kind/bug
area/acme
author-last
commented
pr-merged
recv
similar
5073 Allow injecting CABundle to arbitrary Custom Resources 5mo 4wk 4mo
kind/feature
lifecycle/stale
collaborator-last
commented
recv
5069 Error presenting challenge: the server could not find the requested resource even though resource exists 5mo 2mo 5mo
kind/bug
recv
5048 certificate not renewed for ingress with multiple hosts and http01-edit-in-place
2
5mo 2mo 5mo
kind/bug
priority/backlog
author-last
commented
recv
4959 Support AWS Auth Method for Vault 6mo 15d 6mo
kind/feature
author-last
recv
4947 Custom labels/annotations in ACME solver services created by Issuer/ClusterIssuer
7
6mo 3wk 6mo
kind/feature
author-last
recv
4910 CNCF incubation tracking issue 7mo 19d 6mo
priority/important-soon
lifecycle/stale
assigned
assignee-updated
collaborator-last
commented
recv
4797 Automatically renew certificates if OCSP indicates that it was revoked
6
8mo 1mo 8mo
kind/feature
area/acme
author-last
commented
recv
4747 Revoke Certificates
4
11
8mo 5wk 8mo
kind/feature
recv
similar
4490 Subject Ingress Annotations
3
1y 7wk 1y
kind/feature
pr-new-commits
recv
4489 Externalize controller argument config
1y 18d 4mo
kind/feature
priority/important-longterm
assigned
commented
recv
4246 ACME DNS Challenge and Propagation Delay (NXDOMAIN)
8
1y 2mo 1y
kind/bug
recv
4216 Error getting keypair for CA issuer: error parsing ecdsa private key: x509: failed to parse EC private key: asn1: structure error: length too large 1y 1y 1y
recv
4153 Support DoT (DNS over TLS) for Recursive Nameservers
1y 2mo 5mo
kind/feature
priority/backlog
area/acme/dns01
author-last
commented
recv
3898 Allow setting PodDisruptionBudget policies via helm chart
3
1y 3wk 1y
kind/feature
priority/important-longterm
area/deploy
author-last
pr-closed
pr-new-commits
recv
3719 DNS-01 broken scenario (GCP Cloud DNS) 2y 3wk 2y
kind/bug
lifecycle/stale
collaborator-last
recv
3383 Certificate API doc omits "3072" as valid RSA key size 2y 7wk 2y
kind/bug
priority/important-longterm
author-last
commented
recv
1063 "Securing Ingresses with Venafi" tutorial contains link to missing manifest 5wk 4wk 5wk
author-last
recv
1062 Document process for offboarding maintainers 5wk 5wk 5wk
recv
similar
1061 Document onboarding process for new maintainers 5wk 5wk 5wk
recv
similar
1054 Run spell checker in a pre-commit hook 1mo 1mo 1mo
good first issue
kind/cleanup
recv
1006 Use descriptive text instead of alt for `feature icon` 3mo 3mo 3mo
recv
1001 Document a policy for required CI health before we can release 3mo 3mo 3mo
recv
988 Document how feature gated fields can be added to API 4mo 4mo 4mo
recv
931 Improve upgrade instructions using helm
5mo 5mo 5mo
recv
866 Securing NGINX-ingress 6mo 6mo 6mo
recv
similar
851 create Cilium ingress tls example
3
7mo 3mo 7mo
assigned
assignee-updated
recv
836 Syncing Secrets Across Namespaces
8mo 6mo 8mo
recv
758 API reference docs: enum values not documented with typedef 10mo 10mo 10mo
recv
746 Enable Dark mode in the docs website 11mo 11mo 11mo
recv
706 Default key usages 1y 1y 1y
recv
697 [IRSA] Needs `runAsUser: 1001` 1y 1y 1y
recv
672 List required Google CloudDNS permissions exhaustively 1y 1y 1y
recv
662 Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"
1y 1y 1y
recv
568 Add a diagram for LetsEncrypt cert issuance flow to the docs
4
1y 1y 1y
recv
561 Certificate Resources 1y 1y 1y
recv
similar
469 DNS01: Delegated Domains for DNS01 example yaml solvers list items 2y 2y 2y
recv
466 installation/compatiblity 2y 2y 2y
recv
457 cainjector docs are missing the option to inject certs in apiservice resources
2y 2y 2y
recv
454 Cluster Resource Namespace 2y 2y 2y
recv
354 DigitalOcean access-token should not be base64-encoded 2y 2y 2y
priority/awaiting-more-evidence
author-last
commented
recv
36 previously listed items omitted
Triage Party v1.3.0