queue to be emptied once a week in a team triage meeting

Important soon, but no updates in 60 days (4)

Resolution: Downgrade to important-longterm

Average age: 890.2d, Avg wait: 0.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5074 Race condition between issuers, certificates, and secrets
2y 11mo 1y
lifecycle/frozen
kind/bug
priority/important-soon
commented
member-last
pr-closed
send
1174 Document the docker images and how to find them
10mo 9mo 9mo
good first issue
priority/important-soon
kind/documentation
commented
member-last
send
195 Document keystores 3y 9mo 3y
priority/important-soon
kind/documentation
commented
contributor-last
send
174 Add documentation for CRD conversion webhook ca injection 3y 3y 3y
help wanted
priority/important-soon
kind/documentation
commented
member-last
send

Important longterm, but no updates in 120 days (6)

Resolution: Downgrade to backlog

Average age: 1089.2d, Avg wait: 49.8d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
3521 Integration with ExternalDNS
4
32
3y 10mo 2y
help wanted
lifecycle/frozen
kind/feature
priority/important-longterm
commented
recv-q
send
850 Document available cert-manager Prometheus metrics
2y 9mo 2y
documentation
good first issue
priority/important-longterm
recv
recv-q
similar
551 Documentation on how to handle large-scale certificate management & best practices
2
2y 9mo 9mo
help wanted
priority/important-longterm
kind/documentation
commented
member-last
send
401 Bring tutorials up to date 2y 9mo 9mo
priority/important-longterm
commented
member-last
send
223 Document wildcard certificate tutorial 3y 3y 3y
priority/important-longterm
kind/documentation
commented
contributor-last
send
56 Route53: document use of "region" field 4y 9mo 9mo
documentation
priority/important-longterm
commented
contributor-last
send

many reactions, low priority (18)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 397.0d, Avg wait: 33.5d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6468 Gateway API v1
5
5wk 13d 5wk
kind/feature
commented
recv-q
6179 CRDs shouldn't be templated in Helm...
16
5mo 7h 4mo
commented
recv-q
send
6065 acme-http01-edit-in-place is ignored when edit ingress resource - has to be re-added
2
2
8
7mo 19d 7mo
kind/bug
recv
recv-q
5959 `ImagePullBackoff` on `cm-acme-http-solver` pod, if using private registries
8
7mo 4wk 4wk
lifecycle/frozen
kind/bug
commented
member-last
send
5957 Support Secure (non-legacy) OpenSSL v3 PKCS12 Algorithms
21
7mo 3wk 7mo
kind/feature
recv
recv-q
6150 (Cluster)Issuer with vault auth and serviceAccountRef is not accepted by cluster due to audience
3
8
5mo 2wk 2mo
commented
open-milestone
pr-unreviewed
recv
recv-q
5867 Controller can't handle hitting request rate limits of zerossl ACME API
3
11
20
8mo 4wk 4wk
lifecycle/frozen
kind/bug
commented
member-last
pr-closed
pr-merged
send
similar
2538 cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer
63
3y 4wk 4wk
area/api
help wanted
lifecycle/frozen
kind/feature
priority/backlog
commented
member-last
send
similar
4114 Endless Sync Loop when installing Helm Chart via ArgoCD
11
29
2y 15d 16d
kind/bug
lifecycle/rotten
assigned
assignee-updated
commented
pr-closed
recv-q
send
5514 Venafi Issuer Read `caBundle` from Configmap or Secret
4
9
1y 6wk 4mo
good first issue
kind/feature
assigned
assignee-updated
commented
pr-new-commits
similar
1571 Add ca.crt to TLS secret generated by ACME issuers
14
64
4y 3wk 3wk
help wanted
kind/feature
priority/backlog
area/acme
commented
pr-merged
send
583 cert-manager with ZeroSSL
44
2y 1y 1y
commented
send
1279 docs: Certificate Defaults Tutorial
9
3mo 2mo 2mo
dco-signoff: yes
size/XL
needs-rebase
commented
member-last
reviewed-with-comment
send
222 [Feature] - Ability to inject a CA cert into a cert-manager managed secret resource
5
5wk 3wk 5wk
commented
recv-q
send
199 Support of setting arbitrary password for PKCS12 truststore
2
4
7wk 15d 7wk
help wanted
good first issue
assigned
assignee-updated
contributor-last
pr-closed
pr-reviewed-with-comment
recv
recv-q
183 Create trust bundle based on Debian bookworm
11
2mo 4wk 4wk
good first issue
assigned
assignee-updated
commented
member-last
144 Add CertificateRequest as a source
7
5mo 4mo 4mo
commented
contributor-last
pr-merged
recv
similar
253 add dedicated structures for PKCS12 and JKS stores
17
8d 11h 3d
dco-signoff: yes
approved
size/L
do-not-merge/hold
ok-to-test
commented
contributor-last
recv
recv-q
reviewed-with-comment

many commenters, low priority (2)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 41.2d, Avg wait: 0.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
222 [Feature] - Ability to inject a CA cert into a cert-manager managed secret resource
5
5wk 3wk 5wk
commented
recv-q
send
214 Add helm values for annotations 6wk 5wk 5wk
dco-signoff: yes
ok-to-test
size/S
needs-rebase
changes-requested
commented
contributor-last
send

Screaming into the void (1)

Resolution: Reopen, or ask folks to open a new issue

Average age: 2067.5d, Avg wait: 1350.2d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
466 proxy_protocol mode breaks HTTP01 challenge Check stage
16
11
160
5y 2d 3y
kind/bug
closed
commented
recv
recv-q

Needs information for over 2 weeks (3)

Resolution: Close or remove triage/needs-information label

Average age: 669.8d, Avg wait: 0.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6294 Helm chart deployment is failing on update to k8s 1.25 3mo 14d 3mo
lifecycle/stale
triage/needs-information
collaborator-last
commented
send
3748 Cert-manager causes API server panic on clusters with more than 20000 secrets.
14
2y 5wk 5wk
kind/bug
triage/needs-information
commented
pr-merged
send
15 Allow data-root to be an absolute path 2y 9mo
kind/bug
triage/needs-information
contributor-last
Support request over 30 days old: No matching items

Issues nearing expiration (14)

Resolution: Close or label as frozen

Average age: 441.0d, Avg wait: 55.4d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6213 Unable to install cert-manager with argo-cd because helm chart is v1 4mo 15d 4mo
kind/bug
lifecycle/rotten
collaborator-last
commented
send
5998 Failed post-install: timed out waiting for the condition 7mo 17d 7mo
kind/bug
lifecycle/rotten
recv
similar
5626 Helm: Allow configuration of readiness, liveness and startup probes for all created Pods
1y 3wk 3wk
kind/feature
lifecycle/rotten
collaborator-last
commented
pr-closed
send
5590 Configure cluster resource namespace in ClusterIssuer spec
2
1y 3wk 1y
triage/support
lifecycle/rotten
collaborator-last
recv
recv-q
5588 --must-staple attribute for OCSP Stapling
3
1y 5d 1y
good first issue
kind/feature
lifecycle/rotten
collaborator-last
commented
recv
recv-q
6224 Option to store certificate history in individual secrets
4mo 3wk 4mo
kind/feature
lifecycle/rotten
collaborator-last
commented
recv
recv-q
4191 Setting default values for Pod's "resources"?
4
2y 10d 5wk
lifecycle/rotten
commented
recv-q
send
2930 Mirror to gcr.io or dockerhub
27
3y 3wk 3wk
kind/feature
priority/important-soon
lifecycle/rotten
area/deploy
assigned
assignee-updated
commented
contributor-last
recv-q
send
4114 Endless Sync Loop when installing Helm Chart via ArgoCD
11
29
2y 15d 16d
kind/bug
lifecycle/rotten
assigned
assignee-updated
commented
pr-closed
recv-q
send
5701 feat: added custom endpoint override flag for http solver 11mo 12d 11mo
release-note
needs-rebase
kind/feature
needs-ok-to-test
size/M
area/acme
lifecycle/rotten
dco-signoff: yes
area/acme/http01
collaborator-last
recv
recv-q
unreviewed
5373 Allow config of http01 solver pod security context
3
3
1y 17d 8mo
release-note
area/api
kind/feature
size/XXL
area/acme
lifecycle/rotten
dco-signoff: yes
ok-to-test
area/acme/http01
area/deploy
author-last
closed
commented
recv
recv-q
6015 add imagePullSecrets clauses to deployments, jobs
7mo 3d 4mo
release-note
size/S
kind/feature
lifecycle/rotten
dco-signoff: yes
ok-to-test
area/deploy
collaborator-last
commented
send
unreviewed
6146 Add Venafi custom field support to cert-shim 6mo 4wk 4mo
release-note-none
size/S
do-not-merge/hold
needs-ok-to-test
lifecycle/rotten
dco-signoff: yes
needs-kind
changes-requested
collaborator-last
commented
send
6122 Improve acmedns so that it honors followCname Setting 6mo 4wk 4mo
size/XS
release-note
area/acme
lifecycle/rotten
dco-signoff: yes
ok-to-test
area/acme/dns01
needs-kind
collaborator-last
commented
send
unreviewed

Pull requests: Approved and getting old (5)

Resolution:

Average age: 196.7d, Avg wait: 0.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6103 Unify semver version logic 6mo 13d
size/L
release-note-none
approved
kind/cleanup
lifecycle/stale
dco-signoff: yes
collaborator-last
open-milestone
unreviewed
6120 add comments explaining the Sync function & small test bugfix 6mo 3wk 4mo
release-note-none
approved
lgtm
size/S
kind/cleanup
lifecycle/stale
dco-signoff: yes
assigned
assignee-updated
collaborator-last
commented
open-milestone
reviewed-with-comment
6277 ControllerConfiguration fuzzer, only set the value in case the random value is empty 3mo 3wk 3wk
size/L
release-note-none
approved
area/api
kind/cleanup
dco-signoff: yes
area/testing
commented
member-last
unreviewed
1071 Improved the summary on the docs homepage
2
1y 2wk 2wk
approved
dco-signoff: yes
size/S
commented
member-last
reviewed-with-comment
send
48 Implement private key size annotation
13d 9d 9d
dco-signoff: yes
approved
size/L
commented
contributor-last
send
unreviewed

Pull Requests: Stale (73)

Resolution: Add comment and/or close PR

Average age: 276.5d, Avg wait: 65.6d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6228 Issue 5514 read cabundle from kube objects - design doc
3
4mo 6d 2mo
size/L
release-note-none
kind/design
needs-ok-to-test
dco-signoff: no
collaborator-last
commented
new-commits
open-milestone
recv
recv-q
6454 Feature/issue 5514 venafi issuer ca ref
6wk 11d 5wk
release-note
area/api
needs-ok-to-test
size/XXL
dco-signoff: no
area/testing
area/deploy
needs-kind
collaborator-last
commented
new-commits
send
6376 WIP: Add OCSP stapling functionality 2mo 11d 2mo
size/XL
release-note-none
needs-rebase
area/api
do-not-merge/work-in-progress
kind/feature
needs-ok-to-test
dco-signoff: no
collaborator-last
commented
send
unreviewed
5848 WIP: Design: core-issuers 9mo 15d 15d
release-note-none
approved
lgtm
do-not-merge/work-in-progress
do-not-merge/hold
kind/design
size/M
dco-signoff: yes
commented
member-last
reviewed-with-comment
send
6248 feat: allow changing the default Deployment revisionHistoryLimit 4mo 16d 4mo
release-note
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
recv
unreviewed
5447 Allow extra DNS-01 propagation time to be configured
1y 17d 1y
release-note
needs-rebase
size/S
lifecycle/stale
area/acme
dco-signoff: yes
ok-to-test
area/acme/dns01
needs-kind
collaborator-last
commented
open-milestone
recv
unreviewed
6002 Move pkg/controller/cainjector to cmd/cainjector/controller 7mo 17d 6mo
release-note-none
needs-rebase
approved
size/S
kind/cleanup
lifecycle/stale
dco-signoff: yes
collaborator-last
commented
unreviewed
6102 Move ctl utils to cmd/ctl 6mo 17d
size/L
release-note-none
needs-rebase
approved
kind/cleanup
lifecycle/stale
dco-signoff: yes
area/testing
collaborator-last
unreviewed
6155 Add Certificate Hash 5mo 3wk
release-note-none
area/api
do-not-merge/work-in-progress
kind/feature
size/XXL
area/acme
dco-signoff: yes
area/testing
collaborator-last
draft
open-milestone
unreviewed
5860 Fix helm loglevel parsing 9mo 3wk 6mo
size/XS
release-note-none
needs-ok-to-test
lifecycle/stale
dco-signoff: yes
area/deploy
needs-kind
collaborator-last
commented
open-milestone
reviewed-with-comment
send
6124 Add design/20230601.gateway-route-hostnames. 6mo 3wk 6mo
size/L
release-note-none
kind/design
needs-ok-to-test
lifecycle/stale
dco-signoff: yes
collaborator-last
new-commits
recv
recv-q
4330 Add client certificate auth method for Vault issuer
4
2y 3wk 8mo
release-note
needs-rebase
approved
area/api
kind/feature
size/XXL
lifecycle/stale
area/acme
area/vault
dco-signoff: yes
area/testing
ok-to-test
area/deploy
collaborator-last
commented
open-milestone
recv
recv-q
reviewed-with-comment
similar
6351 Handle multiple concurrent Azure DNS01 challenges for the same FQDN 2mo 3wk 2mo
size/L
release-note
area/acme
dco-signoff: yes
ok-to-test
area/acme/dns01
author-last
commented
recv
unreviewed
5823 Make it possible to split a cert-manager installation over multiple Helm releases. 9mo 4wk 6wk
do-not-merge/release-note-label-needed
size/S
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
assigned
assignee-updated
author-last
commented
recv
reviewed-with-comment
5383 Generate applyconfigurations and Apply functions 1y 5wk 5wk
release-note
needs-rebase
approved
area/api
do-not-merge/work-in-progress
priority/important-longterm
size/XXL
dco-signoff: yes
needs-kind
changes-requested
commented
draft
member-last
send
similar
6190 Adds ingress annotation support for alt-names 5mo 5wk 5wk
release-note
size/S
needs-ok-to-test
triage/needs-information
dco-signoff: yes
area/testing
needs-kind
commented
member-last
send
similar
unreviewed
6001 Improve verify-chart scripts & add helmchk 7mo 6wk 6wk
release-note-none
needs-rebase
kind/cleanup
size/M
dco-signoff: yes
collaborator-last
commented
new-commits
6145 Improve Trigger, Readiness and PostIssuance Policy chains 6mo 7wk 6mo
size/L
release-note-none
needs-rebase
approved
do-not-merge/work-in-progress
kind/cleanup
dco-signoff: yes
area/testing
ok-to-test
collaborator-last
commented
draft
unreviewed
6379 Add pod dns policy override support for both `cainjector` and `webhook` deployments
2mo 7wk 7wk
release-note-none
kind/feature
needs-ok-to-test
size/M
dco-signoff: yes
area/deploy
approved
commented
member-last
send
6420 feat: Updated configuration of TTL on Route53 (#6407) 7wk 7wk 7wk
size/XS
do-not-merge/release-note-label-needed
needs-ok-to-test
area/acme
dco-signoff: yes
area/acme/dns01
needs-kind
changes-requested
collaborator-last
recv
6193 [feat] when helm set `installCRDs: true`. crds.yaml file must be pre-install and pre-upgrade 5mo 1mo 2mo
release-note
size/S
kind/feature
needs-ok-to-test
dco-signoff: yes
area/deploy
author-last
commented
recv
recv-q
unreviewed
6192 Remove conflicting labels from CRDs 5mo 2mo 5mo
release-note-none
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
author-last
recv
unreviewed
5876 helm: add support for TLS configuration and application protocol
2
8mo 2mo 2mo
release-note
needs-rebase
size/S
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
assigned
assignee-updated
author-last
commented
recv
reviewed-with-comment
5777 helm: Add option to keep CRDs when helm chart is uninstalled
3
10mo 2mo 2mo
release-note
needs-ok-to-test
size/M
dco-signoff: yes
area/deploy
needs-kind
collaborator-last
commented
send
unreviewed
6186 feat: Add OwnerReference to the secrets created by ACME ClusterIssuer and Issuer 5mo 2mo 4mo
size/XS
release-note-none
needs-ok-to-test
area/acme
dco-signoff: yes
needs-kind
commented
send
unreviewed
1075 Move Issuer / ClusterIssuer and Certificate resource content to a sub-folder of configuration/ 1y 2wk 2wk
approved
dco-signoff: yes
size/L
needs-rebase
changes-requested
commented
member-last
send
1199 Webhook troubleshooting: advise people to set `timeoutSeconds` to 30 seconds 8mo 4wk 4wk
dco-signoff: yes
size/M
changes-requested
commented
contributor-last
send
790 Update route53.md 2y 3mo 3mo
dco-signoff: no
size/XS
needs-rebase
needs-ok-to-test
changes-requested
commented
member-last
send
1259 Fixed Azure Workload identity doc 5mo 5mo 5mo
dco-signoff: yes
size/S
recv
unreviewed
1234 Correct the cmctl release generation flow 6mo 5mo 6mo
approved
dco-signoff: yes
needs-rebase
size/S
contributor-last
recv
unreviewed
948 add note to ingress class definition 2y 6mo 6mo
dco-signoff: no
size/XS
needs-rebase
needs-ok-to-test
assigned
commented
contributor-last
send
unreviewed
1213 Draft of tutorial for Google's Public CA 8mo 6mo 6mo
dco-signoff: yes
size/L
ok-to-test
commented
member-last
reviewed-with-comment
send
1202 Add section about client cert authentication for vault 8mo 8mo 8mo
dco-signoff: yes
do-not-merge/work-in-progress
size/M
commented
contributor-last
draft
new-commits
send
similar
859 Move the meetings and slack information to a separate page
2y 2y 2y
approved
dco-signoff: yes
needs-rebase
size/M
changes-requested
commented
member-last
send
701 Issuer with IRSA needs ambient credentials flag
2y 2y 2y
dco-signoff: no
size/S
ok-to-test
commented
contributor-last
new-commits
send
528 Update "Setting Nameservers for DNS01 Self Check" example 2y 2y 2y
size/XS
dco-signoff: yes
needs-rebase
needs-ok-to-test
contributor-last
recv
unreviewed
17 Add image validation for Docker architecture 3y 2y 2y
dco-signoff: yes
lgtm
size/L
needs-rebase
assigned
assignee-updated
commented
contributor-last
new-commits
send
43 No more requirement "be in the release folder" to run cmrel, remove the flag --cloudbuild 2y 2y
dco-signoff: yes
approved
size/M
needs-rebase
contributor-last
unreviewed
36 Add the "cmrel update-release-branch" command 2y 2y 2y
dco-signoff: yes
approved
size/M
needs-rebase
do-not-merge/work-in-progress
commented
contributor-last
draft
unreviewed
220 Adds option in Makefile to check code coverage by unit tests 5wk 5wk 5wk
dco-signoff: yes
size/S
needs-ok-to-test
contributor-last
recv
unreviewed
216 feat: add the ability to specify certificate usages 5mo 2mo 5mo
dco-signoff: yes
size/M
needs-ok-to-test
contributor-last
recv
unreviewed
187 Add the ability to ignore cluster scoped resources. 11mo 6mo 9mo
dco-signoff: yes
size/XS
ok-to-test
commented
contributor-last
recv
recv-q
reviewed-with-comment
202 Support adding pod annotations 9mo 9mo 9mo
dco-signoff: yes
size/XS
needs-ok-to-test
contributor-last
recv
similar
unreviewed
221 Migrate makefiles and CI/CD 3wk 2wk
dco-signoff: yes
size/XXL
contributor-last
unreviewed
306 Migrate makefiles and CI/CD 3wk 9d
dco-signoff: yes
size/XXL
contributor-last
unreviewed
229 feat: fix app label of metrics svc for ServiceMonitor discovery
2
7mo 7mo 7mo
dco-signoff: yes
size/XS
ok-to-test
commented
member-last
reviewed-with-comment
send
195 Make `Makefile`s reusable and automate release process 2mo 11d
dco-signoff: yes
needs-rebase
size/XXL
contributor-last
unreviewed
236 chore: reconcile Bundle status unconditionally
3wk 11d 19d
dco-signoff: yes
size/L
do-not-merge/work-in-progress
needs-rebase
commented
contributor-last
draft
reviewed-with-comment
send
232 Add two new variables to the Helm chart 3wk 19d 19d
dco-signoff: yes
needs-ok-to-test
size/S
author-last
commented
recv
reviewed-with-comment
147 Add ability to set pod level securityContext
5mo 7wk 5mo
dco-signoff: yes
needs-ok-to-test
size/S
contributor-last
new-commits
recv
157 Add support for generating certificates with helm 4mo 7wk 4mo
dco-signoff: yes
approved
size/M
needs-rebase
commented
contributor-last
similar
unreviewed
149 Add Configurable Common Labels and Add a PDB 5mo 3mo 5mo
dco-signoff: yes
size/M
needs-ok-to-test
needs-rebase
contributor-last
recv
recv-q
unreviewed
161 Migrate makefiles and CI/CD 3wk 2wk
dco-signoff: yes
size/XXL
contributor-last
unreviewed
129 Add attribute support for certificate subject
11mo 2mo 2mo
dco-signoff: yes
size/L
ok-to-test
commented
member-last
reviewed-with-comment
send
135 Added options to all containers 11mo 9mo 10mo
dco-signoff: yes
size/L
needs-rebase
ok-to-test
assigned
commented
contributor-last
send
unreviewed
50 Added tolerations,nodeSelector,affinity,topologySpreadConstraints 2wk 2wk 2wk
size/M
dco-signoff: no
needs-ok-to-test
contributor-last
recv
unreviewed
44 Upload Helm chart as OCI artifact to GCHR
7wk 5d 6d
dco-signoff: yes
size/S
commented
contributor-last
new-commits
recv
29 Additional support for subject annotations
3
6mo 6wk 2mo
dco-signoff: yes
size/XXL
needs-rebase
author-last
commented
recv
recv-q
reviewed-with-comment
similar
40 Make it possible to install openshift-routes in a different namespace than "cert-manager" 2mo 2mo
dco-signoff: no
do-not-merge/work-in-progress
size/L
needs-rebase
contributor-last
draft
unreviewed
100 Configure the e2e.test binary for OpenShift environment 2mo 2mo
dco-signoff: yes
size/XS
contributor-last
unreviewed
28 Include Pod UID on CertificateRequest resources
1y 1y 1y
dco-signoff: yes
do-not-merge/hold
approved
size/XS
ok-to-test
assigned
contributor-last
recv
recv-q
unreviewed
34 WIP: E2E testing boilerplate
1y 9mo 1y
size/XXL
dco-signoff: yes
do-not-merge/hold
approved
do-not-merge/work-in-progress
needs-rebase
commented
contributor-last
new-commits
recv
recv-q
42 Switch sample-external-issuer to issuer-lib 3mo 6wk
do-not-merge/work-in-progress
dco-signoff: yes
size/XXL
needs-rebase
contributor-last
draft
unreviewed
10 previously listed items omitted: #5701 #6103 #5373 #6120 #6277 #6146 #6122 #1071 #1279 #214

Overdue answers for a question (60)

Resolution: Add a comment

Average age: 493.9d, Avg wait: 237.5d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6405 Retries not working as expected 2mo 2mo 2mo
author-last
commented
recv
recv-q
6361 Allow `cert-manager.io/allow-direct-injection` annotation on `Certificate` `Secret`s
2mo 5wk 7wk
good first issue
assigned
assignee-updated
commented
recv-q
6353 Docs: Wrong example Code for creating Issuers 2mo 2mo 2mo
kind/bug
author-last
commented
recv
recv-q
6230 cert-manager DDoSes DNS-01 solver - infinite rate limiting 4mo 2mo 4mo
kind/bug
area/acme/dns01
recv
recv-q
6229 Race condition when two identical certificate requests are made from different clusters
6
4mo 11d 4mo
help wanted
kind/bug
priority/important-longterm
lifecycle/stale
area/acme/dns01
collaborator-last
commented
pr-unreviewed
recv-q
send
6308 Route53 challenges not regulating failed requests with exponential backoffs
4
3mo 3wk 3mo
recv
recv-q
6210 Flag to write/sync secrets to a namespace other than the namespace where the Certificate object is created
3
5mo 9d 4mo
kind/feature
lifecycle/stale
collaborator-last
commented
recv
recv-q
6185 Ingress-gce:"Error syncing to GCP: error running load balancer syncing routine"
3
5mo 6wk 5mo
kind/bug
recv
recv-q
6184 Conflicting ingressClassName http01 issuer spec and acme.cert-manager.io/http01-ingress-class annotation
4
5mo 2mo 5mo
kind/bug
recv
recv-q
similar
6141 Consider exposing previous certificates/keys in the kubernetes secret so that workloads can implement a grace period when a certificate rotates
3
6mo 4wk 5mo
kind/feature
commented
recv
recv-q
6195 logLevel information in logs
5mo 9d 5mo
kind/bug
recv
recv-q
5917 Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated
4
8mo 6wk 8mo
kind/bug
assigned
assignee-updated
commented
recv
recv-q
5751 Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together
10mo 11d 10mo
kind/bug
recv
recv-q
5697 Support PodSecurityAdmission
6
11mo 2mo 11mo
kind/feature
author-last
recv
recv-q
5557 error instantiating route53 challenge solver: unable to assume role: AccessDenied:
9
1y 13d 1y
kind/bug
recv
recv-q
similar
5665 Allow defining keystore password as litteral instead of SecretRef 11mo 2mo 11mo
kind/feature
author-last
recv
recv-q
5925 Use readOnlyRootFilesystem: true for all containers
9
8mo 9d 8mo
good first issue
help wanted
kind/feature
recv
recv-q
similar
5486 Aggressive Retries from "error instantiating route53 challenge solver"
4
1y 3wk 1y
kind/bug
recv
recv-q
similar
5048 certificate not renewed for ingress with multiple hosts and http01-edit-in-place
3
2y 13d 2y
kind/bug
priority/backlog
author-last
commented
recv
recv-q
4884 Add a similar secretTemplate to the secret that is created by ACME Issuer
8
2y 5wk 2y
kind/feature
collaborator-last
commented
recv
recv-q
4797 Automatically renew certificates if OCSP indicates that it was revoked
13
2y 2mo 2y
kind/feature
area/acme
author-last
commented
recv
recv-q
4749 rfc2136 seems to not work with deep subdomains 2y 4wk 2y
kind/bug
area/acme/dns01
author-last
commented
recv
recv-q
4685 Unexpected EOF during watch stream event decoding: unexpected EOF
10
2y 3wk 2y
lifecycle/frozen
kind/bug
recv
recv-q
4423 Cert renewal loop
2
2y 2mo 2y
kind/bug
commented
recv
recv-q
1292 Allowing skipping HTTP01 and DNS01 self-check on a per-solver basis
11
181
4y 13d 2y
area/api
help wanted
kind/feature
priority/important-longterm
lifecycle/stale
area/acme
commented
pr-closed
recv-q
send
899 Upgrading from v1.7 to v1.8 check command should exclude null.
2
2y 2y 2y
recv
recv-q
944 Document how to install cert-manager in a different namespace
3
2y 4mo 2y
good first issue
recv
recv-q
693 Azure DNS pod identity incorrectly documents principal_id 2y 3wk 2y
author-last
commented
recv
recv-q
645 Investigate & add an FAQ/warning about images rolled back after GitOps upgrade 2y 2y 2y
recv
recv-q
320 Document how to install cert-manager using gitops and known issues with particular gitops implementations
5
3y 2mo 3y
documentation
help wanted
priority/backlog
commented
pr-merged
recv-q
176 certificateDuration is not used for the Istio CSR generated certificate requests 1y 1y 1y
author-last
commented
recv
recv-q
similar
141 Istio-csr pods were hung unable to handle request causes entire cluster downtime for new pods/expired pods. 2y 1y 2y
commented
recv
recv-q
137 Documentation on rotating the root certificate
2y 9mo 2y
recv
recv-q
83 commonName required for AWS PCA 2y 2y 2y
commented
recv
recv-q
53 Generate workload certificates with DNS in the SAN 2y 2y 2y
commented
recv-q
send
113 Integrating with istio helm chart installs
11
2y 4mo 2y
recv
recv-q
108 [doc] confusion with `ca.pem` and Readiness probe failed on ingress and egress gateways 2y 2y 2y
author-last
commented
recv
recv-q
227 trust-manager and Kubernetes version compatibility
4wk 4wk 4wk
author-last
recv
recv-q
similar
168 Install in openshift with existing cert-manager operator install 3mo 3mo 3mo
author-last
commented
recv
recv-q
similar
60 overriding trusted namespace
4
5
1y 7mo 11mo
commented
recv-q
send
131 Feature: per namespace trust bundle
2
7mo 3wk 7mo
author-last
recv
recv-q
145 Release Helm Chart v0.5.1 / v0.6.0
4
6mo 2mo 6mo
recv
recv-q
45 Unable to mount and read only file error
4
2y 11mo 1y
commented
recv-q
send
26 Cannot `chmod` a read only filesystem
14
3y 2y 3y
pr-closed
recv
recv-q
38 Route with cert-manager annotations is not created 3mo 2mo 3mo
author-last
recv
recv-q
similar
13 Can the plugin be configured to use a wildcard certificate?
1y 1y 1y
recv
recv-q
34 `openshift-routes` doesn't work as expected and isn't suitable for a production environment 4mo 2mo 4mo
author-last
recv
recv-q
22 Customize the deployment of cert-manager installed via OLM
5
6
2y 11mo 2y
author-last
commented
recv
recv-q
17 Operator prevents passing extraArgs helm value
7
3y 11mo 3y
recv
recv-q
11 previously listed items omitted: #6468 #6224 #6150 #6065 #5957 #5590 #4191 #3521 #4114 #850 #222

Updated support requests (169)

Resolution: Move out of support, or add a comment

Average age: 378.7d, Avg wait: 321.9d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6522 Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook code 503: 503 Service Unavailable 10d 10d 10d
kind/bug
recv
similar
6520 Creating multiple Certificates with duplicate dnsNames (Issuing certificate as Secret does not exist) 10d 10d 10d
kind/bug
recv
6510 DNS-01 challenge propagation | NS ns-512.awsdns-00.net.:53 returned REFUSED for _acme-challenge .... 16d 11d 16d
kind/bug
author-last
commented
recv
6509 reinstall failed after k8s upgrade
17d 17d 17d
recv
6502 Can the duration of the server cert that is generated for the webhook be set? 2wk 2wk 2wk
kind/feature
recv
6489 Add support for custom-fields into the ingress annotations 3wk 3wk 3wk
kind/feature
recv
6475 preferredChain attribute on Clusterissuer doesn't pull ISRG X1 root certificate on lets-encrypt provider 3wk 3wk 3wk
kind/bug
recv
6473 Ingress labels copied to certificate, causing issues with applysets
4wk 4wk 4wk
kind/bug
author-last
recv
6472 Create TLSA records automatically
2
4wk 2wk 4wk
kind/feature
recv
6470 ingress-shim: allow to impersonate ingress-creator instead of using cert-manager serviceaccount 5wk 5wk 5wk
kind/feature
recv
6465 Cannot supply trusted ca certificate bundle for the ACMEDNS solver 5wk 5wk 5wk
kind/bug
author-last
commented
recv
6464 Requeing due to optimistic locking and slow retry
5wk 19d 5wk
kind/bug
recv
6448 Can I apply for certificates across projects in GCP? 6wk 6wk 6wk
recv
6442 Question: get accountid from Lets Encrypt cert 6wk 6wk 6wk
recv
6422 Allow for Configuration of ValidatingWebhook in Helm 7wk 7wk 7wk
kind/feature
recv
similar
6417 Temporary Certificate Annotation does not work on Ingress Resources 7wk 7wk 7wk
kind/bug
recv
6413 RFC2136 challenge update queries fail silently if target nameserver listens on UDP but forces re-querying over TCP 1mo 5wk 1mo
good first issue
kind/bug
recv
6408 Cert-manager updates the spec of the applied objects 2mo 1mo 1mo
kind/bug
author-last
commented
recv
6407 Allow for Configuration of TTL on Route53 2mo 7wk 2mo
kind/feature
assigned
assignee-updated
pr-changes-requested
recv
similar
6393 Support `otherName` SAN type 2mo 2mo 2mo
kind/feature
pr-new-commits
pr-reviewed-with-comment
pr-unreviewed
recv
6388 Orders marked as "invalid" intermittently
2mo 16d 2mo
recv
6382 Conditional sub-expression always evaluates to _true_
2mo 2mo 2mo
author-last
commented
recv
6377 Restrict access to a list of namespaces 2mo 2mo 2mo
kind/feature
recv
6363 Unable to set revisionHistoryLimit on the deployments
2mo 2mo 2mo
kind/bug
pr-closed
recv
6350 Webhook inject-ca-from annotation causes downtime
4
2mo 2mo 2mo
kind/bug
author-last
commented
recv
6334 Query recursive nameservers for DNS01 challenge in round robin fashion 2mo 2mo 2mo
kind/feature
recv
6331 CSR not signed by referenced private key
2
3mo 2mo 2mo
author-last
commented
recv
6325 The RSA-SHA signature algorithm is not correctly mapped to the certificate. 3mo 2mo 2mo
assigned
assignee-updated
author-last
commented
recv
6323 Even if CA is expired, cert-manager allows to issue client cert with expired CA 3mo 6d 3mo
lifecycle/stale
collaborator-last
recv
6312 Report issuer/clusterissuer status as a metric
4
3mo 6wk 3mo
kind/feature
recv
6309 How to pass ServiceAccountName to the acme-http01-solver pod. 3mo 6wk 3mo
author-last
recv
6307 Certificates only issued for ingress in default namespace 3mo 14d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
6288 Generate cert-manager secret with certificate,key and password 3mo 2wk 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
6284 cert-manager PEM format certificate to support private key encryption 3mo 3wk 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
6283 JWK(S) support
3
3mo 5wk 3mo
recv
similar
6282 The certificate request has failed... order is in "invalid" state 3mo 3wk 3mo
lifecycle/stale
collaborator-last
recv
similar
6274 Vault Issuer - Secretless Authentication with a Service Account doesn't work
3mo 3wk 3mo
lifecycle/stale
collaborator-last
recv
6279 ServiceTemplate for solver HTTP01 3mo 3wk 3mo
lifecycle/stale
collaborator-last
recv
6197 Securing Gateway resources with non HTTPS listeners generate BadConfig events
13
5mo 2mo 5mo
kind/bug
pr-merged
recv
6160 Helm Chart global repository
5mo 6wk 5mo
recv
6138 allow unencrypted private keys for PKCS12 output
3
6mo 2mo 6mo
kind/feature
author-last
recv
6016 add imagePullSecrets clauses to helm deployment, job templates 7mo 11d 7mo
kind/feature
lifecycle/stale
collaborator-last
pr-unreviewed
recv
5973 Graduate AdditionalCertificateOutputFormats feature 7mo 3wk 7mo
kind/feature
lifecycle/stale
collaborator-last
recv
similar
5821 Allow renewBefore to be a percentage 9mo 3wk 9mo
kind/feature
author-last
recv
5540 Changelog annotations to chart 1y 6wk 1y
kind/feature
author-last
recv
5538 Unable to set IPv6 podDNS config from values 1y 19d 1y
kind/bug
author-last
recv
5430 Improving DNS-01 challenge performance
3
1y 2mo 1y
kind/feature
pr-closed
pr-unreviewed
recv
5282 cert-manager-webhook deployment spontaneously deleted
1y 11d 3mo
kind/bug
lifecycle/stale
triage/not-reproducible
collaborator-last
commented
recv
5783 Add k8s.io/client-go/applyconfigurations style *ApplyConfigurations for the included CRDs
10mo 3wk 9mo
kind/feature
author-last
commented
pr-changes-requested
recv
6212 Default duration field in cmctl check api
5mo 6d 3mo
kind/feature
lifecycle/stale
collaborator-last
commented
pr-merged
recv
1355 Add CA cert to chain tls.crt 6d 6d 6d
recv
1310 cert-manager-istio-csr Pod's Health Endpoint failing 2mo 2mo 2mo
recv
1257 ErrRegisterACMEAccount 5mo 5mo 5mo
recv
1101 Feature request for updating documentation. 1y 1y 1y
recv
1063 "Securing Ingresses with Venafi" tutorial contains link to missing manifest
1y 1y 1y
author-last
pr-merged
recv
1062 Document process for offboarding maintainers 1y 1y 1y
recv
similar
1061 Document onboarding process for new maintainers 1y 1y 1y
recv
similar
1054 Run spell checker in a pre-commit hook 1y 1y 1y
good first issue
kind/cleanup
recv
851 create Cilium ingress tls example
3
2y 1y 2y
assigned
assignee-updated
recv
866 Securing NGINX-ingress 2y 2y 2y
recv
similar
836 Syncing Secrets Across Namespaces
2y 2y 2y
recv
758 API reference docs: enum values not documented with typedef 2y 2y 2y
recv
706 Default key usages 2y 2y 2y
recv
697 [IRSA] Needs `runAsUser: 1001` 2y 2y 2y
recv
672 List required Google CloudDNS permissions exhaustively 2y 2y 2y
recv
662 Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"
2y 2y 2y
recv
1241 Remove Bitnami kubeprod as installation method 6mo 6mo 6mo
recv
561 Certificate Resources 2y 2y 2y
recv
similar
568 Add a diagram for LetsEncrypt cert issuance flow to the docs
4
2y 2y 2y
recv
469 DNS01: Delegated Domains for DNS01 example yaml solvers list items 2y 2y 2y
recv
466 installation/compatiblity 2y 2y 2y
recv
457 cainjector docs are missing the option to inject certs in apiservice resources
2y 2y 2y
recv
354 DigitalOcean access-token should not be base64-encoded 3y 2y 3y
priority/awaiting-more-evidence
author-last
commented
recv
213 charts.jetstack.io beding cluster presents a challenge and breaks deployment 5mo 5mo 5mo
recv
211 Add custom annotations to deployment 6mo 2mo 6mo
author-last
recv
197 add the compatibility matrix for Kubernetes versions to README 9mo 9mo 9mo
recv
similar
155 Invalid certificate chain when using Vault with Intermediate CA 2y 4mo 2y
recv
145 Not able to use Istio-CSR in istio(1.13.*)
2y 2y 2y
author-last
commented
pr-closed
recv
144 add a support kubernetes client QPS and Burst config 2y 2y 2y
recv
136 Document available metrics 2y 2y 2y
recv
similar
132 Allow override of istiod-tls certificate common name in helm chert (for non-standard istiod deployments) 2y 8mo 2y
recv
130 Document best-practices for minimal vault role configuration for istio-csr 2y 2y 2y
recv
117 public ca.crt aka caBundle is not being updated/propagated until the cert-manager and istiod components are restarted 2y 2y 2y
recv
94 Can't get aws pca to work 2y 2y 2y
recv
271 Include binary artifacts your releases. 2mo 2mo 2mo
recv
169 Webhook Custom CA 1y 1y 1y
recv
207 Setting .Values.nameOverride makes the pod not have rights to update secret cert-manager-approver-policy-tls 9mo 9mo 9mo
author-last
recv
245 Split Bundle controller into multiple controllers 14d 14d 14d
recv
205 Allow to select multiple "trust" namespaces 6wk 6wk 6wk
recv
196 Allow TLS to be configured on the admission webhook server 2mo 2mo 2mo
recv
175 support extra annotations on resoures in helm chart
3mo 3mo 3mo
recv
142 expose bundles CRD as release artifact
3
6mo 6mo 6mo
recv
99 Allow removing Bundles whilst keeping the synced CA certs
2
10mo 10mo 10mo
pr-unreviewed
recv
33 Support CRDs as target
4
2y 2y 2y
recv
23 Way to add labels/annotations to target
10
2y 3mo 2y
help wanted
good first issue
recv
144 Push new tag for chart fixes
6mo 6mo 6mo
recv
140 Update images to not utilize k8s.gcr.io 8mo 7mo 8mo
recv
136 SubPath support is broken or missing 11mo 11mo 11mo
recv
134 Volume empty
3
11mo 8mo 11mo
recv
130 JKS support
3
11mo 9mo 11mo
recv
similar
128 Support all subject attributes
11mo 11mo 11mo
pr-reviewed-with-comment
recv
125 Is it too late to align cert-manager annotations? 1y 11mo 1y
recv
similar
119 Certificate is re-requested when container restarts 1y 1y 1y
recv
similar
33 New key being used with old certificate 2y 2y 2y
recv
29 Deleting a pod with a cert-manager-csi volume mounted results in the pod termination hanging. 3y 3y 3y
recv
21 MountVolume.SetUp failed: cannot set blockOwnerDeletion: cannot find RESTMapping for APIVersion core/v1 Kind Pod 3y 3y 3y
recv
17 ability to specify pod IP in volume attributes
5
3y 3y 3y
commented
recv
38 Add Envoy Secret discovery service (SDS) support 7mo 7mo 7mo
recv
19 Add support for certificate expiry configuration
6
1y 6mo 1y
recv
similar
46 Ability to configure CertificateRequest revision history limit 3wk 3wk 3wk
recv
similar
42 Monitoring observability for "CertificateRequests" 2mo 6wk 2mo
recv
similar
35 How to populate certificate metadata i.e. subject details e.g. OU, Organization etc 4mo 2mo 4mo
recv
26 Missing CONTRIBUTING.md
8mo 8mo 8mo
recv
15 Feature: Support for ECC certs 1y 1y 1y
recv
14 Annotation generates CertificatesRequests repeatedly until blocked by letsencrypt 1y 1y 1y
recv
similar
12 Does this plugin support DNS validation? 1y 1y 1y
recv
46 Cert-manager operator fails to issue certificates 2y 2y 2y
recv
similar
3 Restrict operator RBAC permissions 3y 3y 3y
recv
40 Optional auto rotating/renewing certificates 1y 1y 1y
recv
similar
33 Create e2e test to validate CertificateRequest garbage collection 1y 1y 1y
assigned
recv
49 previously listed items omitted
Triage Party v1.4.0