cert-manager + website + release Weekly Triage

queue to be emptied once a week in a team triage meeting

Important soon, but no updates in 60 days (13)

Resolution: Downgrade to important-longterm

Average age: 920.2d, Avg wait: 96.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
4846		More than one Certificate nominating same Secret induces runaway creation of many CertificateRequests and Orders PR#5303: Stop infinitely reissuing certs with shared Secret new-commits PR#5567: WIP: Certificates: preventing CertificateRequest creation runaway commented		2	11mo	2mo	2mo		kind/bug priority/important-soon	collaborator-last commented pr-new-commits pr-reviewed-with-comment send
3820		Controller fails to process new certs when there are a large number of pending ones		3	2y	2mo	11mo		kind/bug priority/important-soon area/acme	assigned assignee-updated commented contributor-last recv-q send
1888		Certificate not matching private key when creating multiple ingress resources		15	3y	2mo	6mo		good first issue help wanted kind/bug priority/important-soon area/acme	commented send
709		Update Securing NGINX-ingress tutorial for apiVersion networking.k8s.io/v1			1y	1y	1y		good first issue priority/important-soon	recv
320		Document how to install cert-manager using gitops and known issues with particular gitops implementations		3	2y	2y	2y		documentation priority/important-soon	commented contributor-last
262		[DOCS]: Add info on how to customize kind CertManager when using OperatorHub method on Openshift			2y	2y	2y		kind/feature priority/important-soon	author-last commented recv recv-q
229		Documenting resolution for DigitalOcean + HTTP01 "connection timed out" error			2y	2y			priority/important-soon kind/documentation	contributor-last
198		Document release process			2y	2y	2y		priority/important-soon kind/documentation	assigned commented member-last send
195		Document keystores			2y	2y	2y		priority/important-soon kind/documentation	commented member-last send
174		Add documentation for CRD conversion webhook ca injection			2y	2y	2y		help wanted priority/important-soon kind/documentation	commented member-last send
144		Improve webhook debugging info Similar: #642: Move/ link to Webhook debugging docs (open)			2y	2y	2y		priority/important-soon kind/documentation	commented member-last pr-merged send similar
90		Document Certificate Subject Changes			3y	2y	2y		help wanted good first issue priority/important-soon	collaborator-last commented
69		SelfSignedIssuer configuration - API reference docs			3y	2y	2y		help wanted good first issue priority/important-soon kind/documentation	commented member-last send

Important longterm, but no updates in 120 days (10)

Resolution: Downgrade to backlog

Average age: 881.1d, Avg wait: 207.7d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
3521		Integration with ExternalDNS		26	2y	4mo	9mo		help wanted lifecycle/frozen kind/feature priority/important-longterm	commented recv-q send
2178		Handling 'unregistering' certificates from Venafi TPP		11	3y	1y	2y		lifecycle/frozen kind/feature priority/important-longterm area/venafi	commented recv-q send
850		Document available cert-manager Prometheus metrics			11mo	9mo	11mo		documentation good first issue priority/important-longterm	contributor-last recv
551		Documentation on how to handle large-scale certificate management & best practices		2	2y	1y	2y		help wanted priority/important-longterm kind/documentation	contributor-last recv
401		Bring tutorials up to date			2y	2y			priority/important-longterm
344		Add docs to explain webhooks			2y	2y			help wanted good first issue priority/important-longterm	contributor-last
223		Document wildcard certificate tutorial			2y	2y	2y		priority/important-longterm kind/documentation	commented contributor-last send
178		Order of versions of cert-manager in menu			2y	2y	2y		priority/important-longterm kind/documentation	commented contributor-last send
154		Documenting repo management process			2y	2y	2y		priority/important-longterm kind/documentation	commented contributor-last send
56		Route53: document use of "region" field			3y	2y	3y		documentation priority/important-longterm	contributor-last recv recv-q

many reactions, low priority (12)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 350.3d, Avg wait: 70.2d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5742		wrong organizationalUnits order		3	13d	10d	10d		triage/support	collaborator-last commented send
5516		Forbidden: seccomp may not be set pod.metadata.annotations		8	3mo	3wk	3mo		kind/bug	author-last recv
5471		Mismatch between RBAC and --leader-election-namespace in static manifests		3 9	4mo	18d	3mo		kind/bug lifecycle/stale triage/not-reproducible	collaborator-last commented recv recv-q
5267		cm-acme-http-solver triggers no.scale.down.node.pod.not.backed.by.controller due to lack of PodDisruptionBudget		7	7mo	4wk	7mo		kind/bug	contributor-last recv
4956		cert-manager created multiple CertificateRequest objects with the same certificate-revision		2 2 3	10mo	4wk	10mo		kind/bug	commented pr-closed pr-merged recv recv-q
4821		Allow `ingressClassName` to be set for HTTP01 solver ingresses. PR#5225: Add flag to allow switching ingressClassName specification unreviewed		5 114	1y	6wk	9mo		kind/feature area/ingress-shim	commented pr-unreviewed recv-q send
2538		cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer		60	3y	8d	1y		area/api kind/feature priority/backlog	commented recv recv-q
5174		Add support for restricting the secrets watch list in cainjector		7	8mo	3wk	2mo		release-note needs-rebase kind/feature size/M dco-signoff: yes ok-to-test	collaborator-last commented send unreviewed
5324		Create 20220720-per-certificate-owner-ref.md Similar: #5158: Added certificate owner ref field (open)		5	6mo	7wk	4mo		size/L release-note-none approved kind/design dco-signoff: yes	commented contributor-last recv-q reviewed-with-comment similar
3931		Added PodDisruptionBudgets to helm chart		3 15	2y	2mo	3mo		size/L release-note approved kind/feature dco-signoff: yes ok-to-test area/deploy	approved assigned assignee-updated commented recv recv-q
583		cert-manager with ZeroSSL		44	2y	7mo	7mo			commented send
992		Initial feature gate documentation		9	8mo	13d	8mo		approved dco-signoff: yes size/L	commented contributor-last new-commits recv recv-q

many commenters, low priority (3)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 44.8d, Avg wait: 9.9d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5639		Design: reduce cert-manager controller's memory consumption		2	7wk	3wk	3wk		do-not-merge/release-note-label-needed size/XL approved kind/design dco-signoff: yes	collaborator-last commented new-commits
5670		feat(chart): support probes for cert-manager and cainjector			5wk	4wk	4wk		release-note kind/feature size/M dco-signoff: yes ok-to-test area/deploy	assigned assignee-updated author-last changes-requested commented recv
1132		New version of adcs-issuer			6wk	16d	16d			commented member-last send

Screaming into the void (3)

Resolution: Reopen, or ask folks to open a new issue

Average age: 1009.8d, Avg wait: 768.9d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
4624		Propagation check failed when using DNS-01 Similar: #5756: Challenge is stuck at "Waiting for DNS-01 challenge propagation" (open) Similar: #5193: Stuck on "propagation check failed" (closed) Similar: #5586: "propagation check failed" for DNS-01 ACME challenge on internal EKS-cluster (closed) Similar: #5515: stuck on propagation check failed DNS record not yet propagated (open) Similar: #5042: propagation check failed: DNS record for xxx not yet propagated (closed)		4	1y	6d	9mo		kind/bug priority/awaiting-more-evidence lifecycle/rotten	closed commented recv recv-q similar
2166		[Vault PKI] Bundle the Root CA with the intermediate in ca.crt when creating the secret		26	3y	2h	2y			closed commented recv recv-q
1582		Can't delete challenge		49 41 10 37 212	3y	2d	3y		kind/bug	closed commented recv recv-q

Needs information for over 2 weeks (3)

Resolution: Close or remove triage/needs-information label

Average age: 479.1d, Avg wait: 0.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5735		context deadline exceeded			15d	15d	15d		triage/needs-information	collaborator-last commented send
3748		Cert-manager causes API server panic on clusters with more than 20000 secrets.		13	2y	1mo	1y		kind/bug triage/needs-information	commented pr-merged send
3640		Challenge Records Not Always Cleaned Up PR#5126: WIP: Only remove the cleanup finalizer if the cleanup succeeds unreviewed			2y	3wk	4wk		kind/bug area/acme triage/needs-information	collaborator-last commented pr-merged pr-unreviewed

Support request over 30 days old (3)

Resolution: Close, or add to triage/long-term-support

Average age: 448.9d, Avg wait: 368.7d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5189		Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": context deadline exceeded Similar: #5667: Not ready: Internal error occurred: failed calling webhook "webhook.cert-manager.io" [i/o timeout context, deadline exceeded] (closed) Similar: #5004: After installing cert-manager using kubectl, "cmctl check api" fails with "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": context deadline exceeded (closed)		10	8mo	2mo	6mo		triage/support area/webhook	commented recv-q send similar
770		Helm template fails with `--create-namespace`			1y	1y	1y		triage/support	contributor-last recv recv-q
480		Secret gets UID added to end of name			2y	2y	2y		triage/support	contributor-last recv recv-q

Issues nearing expiration (23)

Resolution: Close or label as frozen

Average age: 244.1d, Avg wait: 110.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5482		Implement support for hooks that get triggered after issuing or renewing certificates			4mo	22h	4mo		kind/feature lifecycle/rotten	collaborator-last recv
5480		Route53 solver's STS certificate chain is not being trusted by the cert-manager pod			4mo	2d	4mo		kind/bug lifecycle/rotten	collaborator-last recv
5479		Could not determine authoritative nameservers for \"_acme-challenge.XXX.com.		2	4mo	3d	4mo		lifecycle/rotten	collaborator-last recv recv-q
5472		Ability to check Venafi API parameter in log			4mo	5d	4mo		kind/feature lifecycle/rotten	collaborator-last recv
5470		Waiting on certificate issuance from order default/nginx-app-tls-z9xlj-2268860154: "pending" Issuing certificate as Secret does not exist			4mo	6d	4mo		lifecycle/rotten	collaborator-last recv recv-q
5467		External Key Generator			4mo	9d	4mo		kind/feature lifecycle/rotten	collaborator-last recv
5455		Support assuming role for route53 in AWS China (and other partitions)			4mo	14d	4mo		kind/feature lifecycle/rotten	collaborator-last recv
5454		make setup-integration-tests fail			4mo	5d	4mo		kind/bug lifecycle/rotten	collaborator-last recv
5449		Gateway API exist, still getting error "the Gateway API CRDs do not seem to be present"			4mo	15d	4mo		lifecycle/rotten	collaborator-last recv
5439		setting certificate attributes in certificate resources Similar: #561: Certificate Resources (open)			4mo	7d	4mo		kind/feature lifecycle/rotten	collaborator-last commented send similar
5435		Issuer/ClusterIssuer vault with mounted JWT token			4mo	2wk	4mo		lifecycle/rotten	collaborator-last recv
5434		v1.7.3 still having "expired challenges" issue			4mo	2wk	4mo		kind/bug lifecycle/rotten	collaborator-last recv
5431		After generating a new Let's Encrypt certificate, it still uses the default cluster certificate.			4mo	15d	4mo		lifecycle/rotten	recv
5428		[Helm chart] Cert-manager's metrics can't be added to grafana data soource			4mo	3wk	4mo		kind/bug lifecycle/rotten	collaborator-last recv
5359		Packaging cert-manager with Carvel		4	6mo	2wk	4mo		kind/feature lifecycle/rotten	collaborator-last commented send
5211		Question about tolerations			7mo	19d	7mo		lifecycle/rotten	collaborator-last recv
4959		Support AWS Auth Method for Vault PR#5530: Added support for using env config for configuring Vault issuer. unreviewed			10mo	16d	10mo		kind/feature lifecycle/rotten	collaborator-last pr-unreviewed recv
4947		Custom labels/annotations in ACME solver services created by Issuer/ClusterIssuer		7	10mo	3wk	10mo		kind/feature lifecycle/rotten	collaborator-last recv
4620		Vault Issuer does not retry signing CertificateRequests if the status is pending		6	1y	15d	5mo		kind/bug priority/important-longterm area/vault lifecycle/rotten	collaborator-last commented recv-q send
4489		Externalize controller argument config			1y	19d	8mo		kind/feature priority/important-longterm lifecycle/rotten	assigned collaborator-last commented recv
3565		requestmanager_controller got stuck in a loop and stopped generating new certificates afterward		13	2y	12d	1y		kind/bug lifecycle/rotten	collaborator-last commented recv-q send
3283		Passing apiVersion as apiGroup should give a validation error		2 25	2y	7d	2y		area/api kind/bug priority/important-longterm lifecycle/rotten	collaborator-last commented recv recv-q
5446		Allow concurrent same-FQDN DNS-01 challenges when using route53			4mo	8d	4mo		release-note needs-ok-to-test size/M area/acme lifecycle/rotten dco-signoff: yes area/testing needs-kind	collaborator-last commented reviewed-with-comment send

Pull requests: Approved and getting old (6)

Resolution:

Average age: 231.7d, Avg wait: 17.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5747		BUGFIX: if a LiteralSubject is set, the RequestMatchesSpec function does skip too many checks			9d	6d			release-note-none approved kind/bug kind/cleanup kind/design kind/documentation kind/feature size/M dco-signoff: yes	collaborator-last unreviewed
5436		Move CSR resource in design to GA			4mo	6wk	4mo		release-note approved size/S kind/design dco-signoff: yes	commented contributor-last reviewed-with-comment send
1071		Improved the summary on the docs homepage		2	4mo	4mo	4mo		approved dco-signoff: yes size/S	commented contributor-last new-commits recv-q
3 previously listed items omitted: #5324 #3931 #992

Pull Requests: Stale (58)

Resolution: Add comment and/or close PR

Average age: 300.9d, Avg wait: 58.6d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5542		[helm] Introduce cert-manager-resources helm chart			3mo	8d	3mo		size/L do-not-merge/release-note-label-needed needs-ok-to-test lifecycle/stale dco-signoff: yes area/deploy needs-kind	collaborator-last recv unreviewed
5303		Stop infinitely reissuing certs with shared Secret		3	6mo	10d	3mo		release-note size/S do-not-merge/work-in-progress needs-ok-to-test lifecycle/stale dco-signoff: yes needs-kind	assigned assignee-updated commented contributor-last draft new-commits recv-q send
5452		Update Azure SDK and remove deprecated autorest dependency			4mo	12d	6wk		size/L release-note-none needs-rebase do-not-merge/work-in-progress area/acme dco-signoff: yes ok-to-test area/acme/dns01 needs-kind	commented contributor-last draft new-commits send
5003		Implement the DNS-over-HTTPS check		2	10mo	14d	6mo		release-note-none needs-rebase do-not-merge/work-in-progress size/XXL area/acme dco-signoff: yes area/testing ok-to-test area/acme/dns01 needs-kind	collaborator-last commented draft recv recv-q unreviewed
5438		Add option tokenPath to Vault (cluster)issuer			4mo	3wk	4mo		do-not-merge/release-note-label-needed size/S area/api needs-ok-to-test lifecycle/stale area/vault dco-signoff: no needs-kind	assigned collaborator-last commented send unreviewed
5158		Added certificate owner ref field Similar: #5324: Create 20220720-per-certificate-owner-ref.md (open)		4	8mo	3wk	6wk		release-note size/XL needs-rebase area/api do-not-merge/work-in-progress dco-signoff: yes area/testing ok-to-test area/deploy needs-kind	collaborator-last commented draft recv reviewed-with-comment similar
5701		feat: added custom endpoint override flag for http solver			3wk	3wk	3wk		release-note kind/feature needs-ok-to-test size/M area/acme dco-signoff: yes area/acme/http01	recv recv-q unreviewed
4810		Server Side Apply: Adds support for CA Injector controller to use SSA with Feature Gate		4	1y	3wk	2mo		size/L release-note needs-rebase approved kind/feature priority/important-soon dco-signoff: yes area/deploy	collaborator-last commented reviewed-with-comment send
5567		WIP: Certificates: preventing CertificateRequest creation runaway			2mo	4wk	4wk		release-note approved area/api do-not-merge/work-in-progress kind/feature size/XXL dco-signoff: yes area/testing area/deploy	commented member-last open-milestone reviewed-with-comment send
5686		Add missing healthz port to PSP in Helm Chart when hostNetwork is used			4wk	4wk	4wk		size/XS release-note needs-ok-to-test dco-signoff: yes area/deploy needs-kind	collaborator-last recv unreviewed
5373		Allow config of http01 solver pod security context		2	5mo	4wk	4wk		size/L release-note area/api kind/feature area/acme dco-signoff: yes ok-to-test area/acme/http01 area/deploy	commented member-last open-milestone send unreviewed
5356		Allow ECDSA for ACME client keys			6mo	6wk	7wk		size/L release-note needs-rebase area/api kind/feature area/acme dco-signoff: yes area/testing ok-to-test area/deploy	changes-requested collaborator-last commented send
5225		Add flag to allow switching ingressClassName specification		5	7mo	6wk	7mo		release-note needs-ok-to-test size/M area/acme dco-signoff: yes area/acme/http01 needs-kind	commented recv-q send unreviewed
4209		Auto generate README.md, Chart.yaml, values.schema.json and values.yaml using tem & helm-jsonschema-gen Similar: #5370: Use CUE to generate values.yaml and values.schema.json (open)		3	2y	6wk	7mo		release-note size/XL approved do-not-merge/work-in-progress kind/feature dco-signoff: yes ok-to-test area/deploy	collaborator-last commented draft new-commits similar
4330		Add client certificate auth method for Vault issuer			2y	6wk	9mo		release-note size/XL area/api kind/feature area/acme area/vault dco-signoff: yes area/testing ok-to-test area/deploy	collaborator-last commented recv recv-q unreviewed
4570		`RevisionHistoryLimit` has a default value of 25			1y	6wk	6mo		release-note area/api size/M dco-signoff: yes ok-to-test area/deploy needs-kind	assigned collaborator-last commented new-commits send
5083		WIP: Generate applyconfigurations and Apply functions Similar: #5383: Generate applyconfigurations and Apply functions (open)			9mo	6wk	9mo		release-note-none needs-rebase approved do-not-merge/work-in-progress size/XXL dco-signoff: yes area/testing needs-kind	assigned assignee-updated collaborator-last commented send similar unreviewed
5126		WIP: Only remove the cleanup finalizer if the cleanup succeeds			8mo	6wk	8mo		size/L release-note-none needs-rebase approved do-not-merge/work-in-progress kind/cleanup area/acme dco-signoff: yes area/testing	collaborator-last commented unreviewed
5094		WIP server-side apply in tests v2			9mo	6wk			size/L release-note-none needs-rebase approved do-not-merge/work-in-progress kind/cleanup dco-signoff: yes area/testing	collaborator-last unreviewed
5447		Allow extra DNS-01 propagation time to be configured			4mo	6wk	4mo		release-note size/S area/acme dco-signoff: yes ok-to-test area/acme/dns01 needs-kind	author-last commented recv unreviewed
5370		Use CUE to generate values.yaml and values.schema.json Similar: #4209: Auto generate README.md, Chart.yaml, values.schema.json and values.yaml using tem & helm-jsonschema-gen (open)			6mo	6wk	5mo		release-note needs-rebase approved do-not-merge/work-in-progress kind/feature size/XXL dco-signoff: yes area/deploy	collaborator-last commented draft new-commits similar
5378		Unify semver version generation			5mo	6wk	5mo		size/L release-note-none needs-rebase approved do-not-merge/work-in-progress kind/cleanup dco-signoff: yes	changes-requested collaborator-last commented draft
5383		Generate applyconfigurations and Apply functions Similar: #5083: WIP: Generate applyconfigurations and Apply functions (open)			5mo	6wk	5mo		release-note needs-rebase approved area/api do-not-merge/work-in-progress size/XXL dco-signoff: yes needs-kind	collaborator-last commented draft send similar unreviewed
5530		Added support for using env config for configuring Vault issuer.			3mo	2mo	3mo		size/L release-note area/api do-not-merge/work-in-progress needs-ok-to-test area/vault dco-signoff: no area/deploy needs-kind	assigned collaborator-last draft recv unreviewed
5337		WIP: Controller configuration file			6mo	2mo	6mo		release-note-none needs-rebase area/api do-not-merge/work-in-progress needs-ok-to-test size/XXL dco-signoff: no needs-kind	collaborator-last recv unreviewed
982		WIP: [GSOD] Define our audiences			8mo	10d	10d		approved dco-signoff: yes lgtm do-not-merge/work-in-progress size/M	assigned assignee-updated commented member-last send unreviewed
1089		Update docs to remove subchart warning			3mo	3wk	3wk		approved dco-signoff: yes needs-rebase size/S ok-to-test	assigned changes-requested commented contributor-last send
1081		Vault: document the new field "serviceAccountRef"			4mo	2mo			approved dco-signoff: yes do-not-merge/work-in-progress size/M	draft unreviewed
1075		Move Issuer / ClusterIssuer and Certificate resource content to a sub-folder of configuration/			4mo	4mo			approved dco-signoff: yes size/L needs-rebase	contributor-last reviewed-with-comment
1048		[WIP] Document structure updates			6mo	5mo	5mo		dco-signoff: yes size/XXL needs-rebase do-not-merge/work-in-progress ok-to-test	commented contributor-last send unreviewed
1034		Add link to ACME DNS01 webhook for PowerDNS			6mo	6mo	6mo		size/XS dco-signoff: yes needs-rebase needs-ok-to-test	contributor-last recv unreviewed
1005		Route53 accessKeyIDSecretRef docs			7mo	7mo	7mo		size/XS dco-signoff: yes needs-ok-to-test	recv unreviewed
859		Move the meetings and slack information to a separate page			10mo	8mo	8mo		approved dco-signoff: yes needs-rebase size/M	changes-requested commented member-last send
948		add note to ingress class definition			9mo	9mo	9mo		dco-signoff: no size/XS needs-ok-to-test	assigned author-last recv unreviewed
701		Issuer with IRSA needs ambient credentials flag			1y	9mo	1y		dco-signoff: no size/S ok-to-test	commented contributor-last new-commits send
446		Add multiple ingresses usage section			2y	9mo	1y		size/XS dco-signoff: yes needs-rebase needs-ok-to-test	changes-requested commented contributor-last send
589		cloud DNS: include missing project ID			2y	9mo	2y		size/XS dco-signoff: yes needs-rebase ok-to-test	changes-requested commented contributor-last send
689		Retro 1.5 follow-up: PR to website on every feature PR			1y	9mo	1y		approved size/XS dco-signoff: yes needs-rebase	changes-requested commented contributor-last send
751		Added kubectl config for recursive nameservers			1y	9mo	1y		dco-signoff: no size/XS needs-rebase ok-to-test	approved commented contributor-last send
765		Document that DNS-01 ClusterIssuer use kube-system secret			1y	9mo	1y		size/XS dco-signoff: yes needs-rebase needs-ok-to-test	assigned changes-requested commented contributor-last send
790		Update route53.md			1y	9mo	1y		dco-signoff: no size/XS needs-rebase needs-ok-to-test	changes-requested commented contributor-last send
884		remove duplicate code			10mo	9mo	10mo		dco-signoff: no size/XS needs-rebase needs-ok-to-test	changes-requested contributor-last recv
528		Update "Setting Nameservers for DNS01 Self Check" example			2y	10mo	2y		size/XS dco-signoff: yes needs-rebase needs-ok-to-test	contributor-last recv unreviewed
451		update to ingress.			2y	1y	2y		dco-signoff: no size/XS needs-rebase needs-ok-to-test	contributor-last recv unreviewed
548		More doc around the approval API in the /concepts/certificaterequest page			2y	1y	2y		approved dco-signoff: yes kind/cleanup size/XL needs-rebase	assigned assignee-updated changes-requested commented contributor-last send
112		Bump helm.sh/helm/v3 from 3.9.4 to 3.10.3			7wk	7wk	7wk		dco-signoff: yes needs-ok-to-test size/L dependencies	contributor-last recv unreviewed
17		Add image validation for Docker architecture			2y	1y	2y		dco-signoff: yes lgtm size/L needs-rebase	assigned assignee-updated commented contributor-last new-commits send
43		No more requirement "be in the release folder" to run cmrel, remove the flag --cloudbuild			1y	1y			dco-signoff: yes approved size/M needs-rebase	contributor-last unreviewed
36		Add the "cmrel update-release-branch" command			2y	1y	2y		dco-signoff: yes approved size/M needs-rebase do-not-merge/work-in-progress	commented contributor-last draft unreviewed
9 previously listed items omitted: #5446 #5639 #5174 #5670 #5436 #5324 #3931 #992 #1071

Overdue answers for a question (38)

Resolution: Add a comment

Average age: 543.2d, Avg wait: 116.7d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5608		Unable to inject linkerd sidecar proxy to Cert-Manager pods			2mo	2mo	2mo			author-last recv recv-q
5549		unknown field "enabled" in io.k8s.api.core.v1.PodSecurityContext		2	3mo	6wk	3mo			recv recv-q
5543		Using Azure workload identity instead of AAD Pod Identities to configure the AzureDNS DNS01 challenge.			3mo	1mo	3mo		kind/feature	recv recv-q
5537		Left over artifacts from cert-manager Similar: #4473: Add signing for cert-manager artifacts (closed)			3mo	9d	3mo		lifecycle/stale	collaborator-last recv recv-q similar
5524		cert-manager v1.10.0 always tries to access clusterissuers at cluster scope			3mo	2mo	3mo		kind/bug	recv recv-q
5520		CrashLoopBackOff after restart of all deployments			3mo	9d	3mo		kind/bug lifecycle/stale	collaborator-last recv recv-q
5513		Deploy of cert-manager-webhook/cainjector:v1.9.1 got permission error Similar: #3281: cert-manager-cainjector and cert-manager-webhook pods are not running properly (closed)			3mo	10d	3mo		kind/bug lifecycle/stale	collaborator-last recv recv-q similar
5437		Issuer/ClusterIssuer support to specify vault token on local filesystem PR#5438: Add option tokenPath to Vault (cluster)issuer unreviewed			4mo	10d	4mo		lifecycle/stale	collaborator-last pr-unreviewed recv recv-q
5220		Investigate improving resource consumption and performance in clusters with large amount of resources PR#5639: Design: reduce cert-manager controller's memory consumption new-commits		9	7mo	2mo	3mo		kind/feature	commented pr-new-commits recv-q
4931		Enable Testing on ARM64			11mo	6wk	10mo		kind/feature	author-last commented recv recv-q
4918		Leader election timeout (?) causes exit		2	11mo	3wk	9mo		priority/important-longterm	commented recv recv-q
4877		HTTP01 solver fails self-check/propagation check on 1.7.1 when used with client-certificate auth on nginx Ingress 1.1.1			11mo	2mo	11mo		kind/bug	author-last recv recv-q
4685		Unexpected EOF during watch stream event decoding: unexpected EOF		5	1y	1mo	1y		lifecycle/frozen kind/bug	recv recv-q
4594		TLS handshake error: EOF		14	1y	7wk	8mo		kind/bug	commented recv-q send
4423		Cert renewal loop		2	1y	3wk	1y		kind/bug	author-last commented recv recv-q
3958		Sane defaults for Certificate revision history limit		10	2y	2mo	2mo		kind/feature	commented recv-q send
3896		Cert Manager failing to renew certificate Similar: #5716: Certificate renewal fails during DNS challenge with Route53 (open)		17	2y	2mo	1y		kind/bug	commented recv-q send similar
3103		Adding probes to the cert-manager pods		5	2y	7wk	7mo		kind/feature priority/important-longterm area/deploy	commented recv-q send
2722		Inject CA certificate into Secrets with cainjector		19	2y	7wk	1y		kind/feature priority/awaiting-more-evidence	commented recv-q send
2605		No flag to set structured logging output, e.g. JSON?		47	3y	7wk	2y		help wanted kind/feature priority/backlog	commented recv recv-q
2478		Allow CA issuer secret rotation		36	3y	2mo	2y		kind/feature priority/important-longterm area/ca	collaborator-last commented recv-q send
2380		Helm chart version is not SemVer-compatible		5	3y	2mo	2y		kind/bug	author-last commented recv recv-q
2334		Add network policy allowance into documentation		16	3y	7wk	1y		good first issue help wanted kind/documentation priority/backlog area/deploy	commented pr-merged recv recv-q
2239		Create a CertificatePreset resource type to allow configurable defaulting		64	3y	11d	9mo		area/api kind/feature priority/backlog priority/important-soon	commented pr-closed pr-merged recv-q send
899		Upgrading from v1.7 to v1.8 check command should exclude null.		2	10mo	9mo	10mo			recv recv-q
645		Investigate & add an FAQ/warning about images rolled back after GitOps upgrade			2y	11mo	2y			recv recv-q
12 previously listed items omitted: #5471 #5470 #5189 #4956 #4821 #4620 #3565 #3521 #3283 #2538 #2178 #262

Updated support requests (109)

Resolution: Move out of support, or add a comment

Average age: 285.8d, Avg wait: 198.2d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5752		Waiting for HTTP-01 challenge propagation: wrong status code '404', expected '200' Similar: #5756: Challenge is stuck at "Waiting for DNS-01 challenge propagation" (open) Similar: #3238: Waiting for http-01 challenge propagation: failed to perform self check GET request (closed) Similar: #2517: http-01 challenge propagation: wrong status code '404', expected '200' (closed)			8d	8d	8d		kind/bug	recv similar
5716		Certificate renewal fails during DNS challenge with Route53 Similar: #3896: Cert Manager failing to renew certificate (open)			3wk	10d	3wk		kind/bug	recv similar
5708		Cert Manager working with only example.com not with svc.cluster.local			3wk	3wk	3wk		kind/bug	collaborator-last recv
5700		Support for issuing public certs using AWS ACM and DNS verification			3wk	3wk	3wk		kind/feature	author-last recv
5697		Support PodSecurityAdmission			3wk	3wk	3wk		kind/feature	recv
5673		Error presenting challenge: init sdk: get token: extract secret: resource name may not be empty			4wk	2wk	4wk			author-last recv
5665		Allow defining keystore password as litteral instead of SecretRef			5wk	5wk	5wk		kind/feature	recv
5650		provider rfc2136 send updates to top level zone Similar: #5630: provider rfc2136: updates are sent to wrong dns zone (open)			6wk	6wk	6wk		kind/bug	recv similar
5630		provider rfc2136: updates are sent to wrong dns zone Similar: #5650: provider rfc2136 send updates to top level zone (open)			7wk	7wk	7wk			recv similar
5626		Helm: Allow configuration of readiness, liveness and startup probes for all created Pods PR#5670: feat(chart): support probes for cert-manager and cainjector changes-requested			1mo	3wk	4wk		kind/feature	author-last commented pr-changes-requested recv
5615		Integrate cert-manager with DigitalOcean LBs			1mo	1mo	1mo		kind/feature	recv
5611		ACME HTTP challenge pods blocked by OpenShift			2mo	4wk	2mo		kind/bug	recv
5596		Current PSP is not sufficient to work with CSI volume			2mo	2mo	2mo		kind/bug	recv
5590		Configure cluster resource namespace in ClusterIssuer spec Similar: #454: Cluster Resource Namespace (open)			2mo	2mo	2mo			recv similar
5585		ClusterIssuer cannot read the ServiceAccount token secret			2mo	2mo	2mo		kind/bug	recv
5580		Mounting emptyDir to /tmp directory (webhook)			2mo	2mo	2mo		kind/feature	author-last recv
5575		Can cert manager be used as a multi-cluster active-active certificate manager?			2mo	2mo	2mo			recv
5572		Add the possibility to use two cluster issuers in a single ingress			2mo	2mo	2mo		kind/feature	recv
5565		cert-manager aws route53 hosted zone automatically add records.			2mo	2mo	2mo			recv
5557		error instantiating route53 challenge solver: unable to assume role: AccessDenied: Similar: #5486: Aggressive Retries from "error instantiating route53 challenge solver" (open)		2	2mo	2mo	2mo		kind/bug	recv similar
5548		Pod is not running due to AppArmor not Enabled			3mo	2mo	3mo			recv
5540		Changelog annotations to chart			3mo	8d	3mo		kind/feature	author-last recv
5538		Unable to set IPv6 podDNS config from values			3mo	9d	3mo		kind/bug	author-last recv
5536		Challenge stack on self check when host is unavailable from cluster.			3mo	10d	3mo		kind/bug lifecycle/stale	collaborator-last recv
5527		Allow to add out-of-tree signers for cert-manager to approve.			3mo	15d	3mo		kind/feature lifecycle/stale	collaborator-last recv
5526		Separate section for breaking changes in release notes			3mo	15d	3mo		kind/bug lifecycle/stale	collaborator-last recv
5521		Webhook Pod HealthCheck Port is missing in Webhook PSP			3mo	15d	3mo		kind/bug lifecycle/stale	collaborator-last recv
5512		GoogleCloud API call failed: googleapi: Error 403: Permission denied on resource project $PROJECT_ID			3mo	2wk	3mo		kind/bug lifecycle/stale	collaborator-last recv
5509		Label cert-manager managed objects with 'app.kubernetes.io/managed-by'			3mo	3wk	3mo		kind/feature lifecycle/stale	collaborator-last recv
5508		is it possible to create k8s tls secret when I store crt and key into vault?			3mo	3wk	3mo		lifecycle/stale	collaborator-last recv
5507		CA provider authentication of issuer via certificate			3mo	3wk	3mo		kind/feature lifecycle/stale	collaborator-last recv
5503		cert-manager sub-chart documentation			3mo	3wk	3mo		lifecycle/stale	collaborator-last recv
5494		Adding Custom extensions to certificates, the Subject Alternative Name (SAN) extension criticality ( OID = 2.5.29.17 )			3mo	4wk	3mo		kind/feature lifecycle/stale	collaborator-last recv
5488		Add support for creating pki secret engine in Vault			4mo	4wk	4mo		kind/feature lifecycle/stale	collaborator-last recv
5481		Need metrics for DNS01 Challenges			4mo	16d	4mo		kind/feature lifecycle/stale	collaborator-last recv
5448		how to disabled serverSideApply		2	4mo	17d	4mo		help wanted lifecycle/stale	collaborator-last recv
5433		Support certs that live for < 1h		3	4mo	7wk	4mo		kind/feature	author-last recv
5430		Improving DNS-01 challenge performance PR#5446: Allow concurrent same-FQDN DNS-01 challenges when using route53 commented PR#5447: Allow extra DNS-01 propagation time to be configured unreviewed			4mo	7wk	4mo		kind/feature	pr-reviewed-with-comment pr-unreviewed recv
5069		Error presenting challenge: the server could not find the requested resource even though resource exists			9mo	5wk	9mo		kind/bug	recv
5062		Cert-manager stops processing order request in "processing" status after several attempts			9mo	2mo	2mo		kind/bug area/acme	author-last commented recv
5048		certificate not renewed for ingress with multiple hosts and http01-edit-in-place		2	9mo	9d	9mo		kind/bug priority/backlog	author-last commented recv
4561		Ability to specify secret ownerReference as part of the Certificate request		3	1y	4wk	1y		kind/feature	recv
4216		Error getting keypair for CA issuer: error parsing ecdsa private key: x509: failed to parse EC private key: asn1: structure error: length too large			2y	3wk	2y		lifecycle/stale	collaborator-last recv
4153		Support DoT (DNS over TLS) for Recursive Nameservers			2y	19d	9mo		kind/feature priority/backlog area/acme/dns01	author-last commented recv
3992		Add non-CRD yaml file		2	2y	3wk	2y		priority/important-soon area/deploy	author-last commented recv
3898		Allow setting PodDisruptionBudget policies via helm chart PR#3931: Added PodDisruptionBudgets to helm chart approved		3	2y	7wk	2y		kind/feature priority/important-longterm area/deploy	author-last pr-approved pr-closed recv
1159		Why the sample issuer still uses kubebuilder version 2 ?			18d	18d	18d			recv
1101		Feature request for updating documentation.			2mo	2mo	2mo			recv
1063		"Securing Ingresses with Venafi" tutorial contains link to missing manifest			5mo	5mo	5mo			author-last pr-merged recv
1062		Document process for offboarding maintainers Similar: #1061: Document onboarding process for new maintainers (open)			5mo	5mo	5mo			recv similar
1061		Document onboarding process for new maintainers Similar: #1062: Document process for offboarding maintainers (open)			5mo	5mo	5mo			recv similar
1054		Run spell checker in a pre-commit hook			5mo	5mo	5mo		good first issue kind/cleanup	recv
1006		Use descriptive text instead of alt for `feature icon`			7mo	7mo	7mo			recv
1001		Document a policy for required CI health before we can release			7mo	7mo	7mo			recv
988		Document how feature gated fields can be added to API			8mo	8mo	8mo			recv
931		Improve upgrade instructions using helm			9mo	9mo	9mo			recv
866		Securing NGINX-ingress Similar: #326: Securing Ingresses with Venafi (open)			10mo	10mo	10mo			recv similar
851		create Cilium ingress tls example		3	11mo	7mo	11mo			assigned assignee-updated recv
836		Syncing Secrets Across Namespaces			1y	10mo	1y			recv
758		API reference docs: enum values not documented with typedef			1y	1y	1y			recv
746		Enable Dark mode in the docs website			1y	1y	1y			recv
706		Default key usages			1y	1y	1y			recv
697		[IRSA] Needs `runAsUser: 1001`			1y	1y	1y			recv
672		List required Google CloudDNS permissions exhaustively			2y	2y	2y			recv
662		Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"			2y	1y	2y			recv
568		Add a diagram for LetsEncrypt cert issuance flow to the docs		4	2y	2y	2y			recv
561		Certificate Resources Similar: #5439: setting certificate attributes in certificate resources (open) Similar: #4747: Revoke Certificates (closed)			2y	2y	2y			recv similar
469		DNS01: Delegated Domains for DNS01 example yaml solvers list items			2y	2y	2y			recv
466		installation/compatiblity			2y	2y	2y			recv
457		cainjector docs are missing the option to inject certs in apiservice resources			2y	2y	2y			recv
454		Cluster Resource Namespace Similar: #5590: Configure cluster resource namespace in ClusterIssuer spec (open)			2y	2y	2y			recv similar
354		DigitalOcean access-token should not be base64-encoded			2y	2y	2y		priority/awaiting-more-evidence	author-last commented recv
37 previously listed items omitted