queue to be emptied once a week in a team triage meeting

Important soon, but no updates in 60 days (13)

Resolution: Downgrade to important-longterm

Average age: 920.2d, Avg wait: 96.5d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
4846 More than one Certificate nominating same Secret induces runaway creation of many CertificateRequests and Orders
2
11mo 2mo 2mo
kind/bug
priority/important-soon
collaborator-last
commented
pr-new-commits
pr-reviewed-with-comment
send
3820 Controller fails to process new certs when there are a large number of pending ones
3
2y 2mo 11mo
kind/bug
priority/important-soon
area/acme
assigned
assignee-updated
commented
contributor-last
recv-q
send
1888 Certificate not matching private key when creating multiple ingress resources
15
3y 2mo 6mo
good first issue
help wanted
kind/bug
priority/important-soon
area/acme
commented
send
709 Update Securing NGINX-ingress tutorial for apiVersion networking.k8s.io/v1
1y 1y 1y
good first issue
priority/important-soon
recv
320 Document how to install cert-manager using gitops and known issues with particular gitops implementations
3
2y 2y 2y
documentation
priority/important-soon
commented
contributor-last
262 [DOCS]: Add info on how to customize kind CertManager when using OperatorHub method on Openshift
2y 2y 2y
kind/feature
priority/important-soon
author-last
commented
recv
recv-q
229 Documenting resolution for DigitalOcean + HTTP01 "connection timed out" error 2y 2y
priority/important-soon
kind/documentation
contributor-last
198 Document release process 2y 2y 2y
priority/important-soon
kind/documentation
assigned
commented
member-last
send
195 Document keystores 2y 2y 2y
priority/important-soon
kind/documentation
commented
member-last
send
174 Add documentation for CRD conversion webhook ca injection 2y 2y 2y
help wanted
priority/important-soon
kind/documentation
commented
member-last
send
144 Improve webhook debugging info
2y 2y 2y
priority/important-soon
kind/documentation
commented
member-last
pr-merged
send
similar
90 Document Certificate Subject Changes 3y 2y 2y
help wanted
good first issue
priority/important-soon
collaborator-last
commented
69 SelfSignedIssuer configuration - API reference docs 3y 2y 2y
help wanted
good first issue
priority/important-soon
kind/documentation
commented
member-last
send

Important longterm, but no updates in 120 days (10)

Resolution: Downgrade to backlog

Average age: 881.1d, Avg wait: 207.7d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
3521 Integration with ExternalDNS
26
2y 4mo 9mo
help wanted
lifecycle/frozen
kind/feature
priority/important-longterm
commented
recv-q
send
2178 Handling 'unregistering' certificates from Venafi TPP
11
3y 1y 2y
lifecycle/frozen
kind/feature
priority/important-longterm
area/venafi
commented
recv-q
send
850 Document available cert-manager Prometheus metrics 11mo 9mo 11mo
documentation
good first issue
priority/important-longterm
contributor-last
recv
551 Documentation on how to handle large-scale certificate management & best practices
2
2y 1y 2y
help wanted
priority/important-longterm
kind/documentation
contributor-last
recv
401 Bring tutorials up to date 2y 2y
priority/important-longterm
344 Add docs to explain webhooks 2y 2y
help wanted
good first issue
priority/important-longterm
contributor-last
223 Document wildcard certificate tutorial 2y 2y 2y
priority/important-longterm
kind/documentation
commented
contributor-last
send
178 Order of versions of cert-manager in menu 2y 2y 2y
priority/important-longterm
kind/documentation
commented
contributor-last
send
154 Documenting repo management process 2y 2y 2y
priority/important-longterm
kind/documentation
commented
contributor-last
send
56 Route53: document use of "region" field 3y 2y 3y
documentation
priority/important-longterm
contributor-last
recv
recv-q

many reactions, low priority (12)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 350.3d, Avg wait: 70.2d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5742 wrong organizationalUnits order
3
13d 10d 10d
triage/support
collaborator-last
commented
send
5516 Forbidden: seccomp may not be set pod.metadata.annotations
8
3mo 3wk 3mo
kind/bug
author-last
recv
5471 Mismatch between RBAC and --leader-election-namespace in static manifests
3
9
4mo 18d 3mo
kind/bug
lifecycle/stale
triage/not-reproducible
collaborator-last
commented
recv
recv-q
5267 cm-acme-http-solver triggers no.scale.down.node.pod.not.backed.by.controller due to lack of PodDisruptionBudget
7
7mo 4wk 7mo
kind/bug
contributor-last
recv
4956 cert-manager created multiple CertificateRequest objects with the same certificate-revision
2
2
3
10mo 4wk 10mo
kind/bug
commented
pr-closed
pr-merged
recv
recv-q
4821 Allow `ingressClassName` to be set for HTTP01 solver ingresses.
5
114
1y 6wk 9mo
kind/feature
area/ingress-shim
commented
pr-unreviewed
recv-q
send
2538 cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer
60
3y 8d 1y
area/api
kind/feature
priority/backlog
commented
recv
recv-q
5174 Add support for restricting the secrets watch list in cainjector
7
8mo 3wk 2mo
release-note
needs-rebase
kind/feature
size/M
dco-signoff: yes
ok-to-test
collaborator-last
commented
send
unreviewed
5324 Create 20220720-per-certificate-owner-ref.md
5
6mo 7wk 4mo
size/L
release-note-none
approved
kind/design
dco-signoff: yes
commented
contributor-last
recv-q
reviewed-with-comment
similar
3931 Added PodDisruptionBudgets to helm chart
3
15
2y 2mo 3mo
size/L
release-note
approved
kind/feature
dco-signoff: yes
ok-to-test
area/deploy
approved
assigned
assignee-updated
commented
recv
recv-q
583 cert-manager with ZeroSSL
44
2y 7mo 7mo
commented
send
992 Initial feature gate documentation
9
8mo 13d 8mo
approved
dco-signoff: yes
size/L
commented
contributor-last
new-commits
recv
recv-q

many commenters, low priority (3)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 44.8d, Avg wait: 9.9d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5639 Design: reduce cert-manager controller's memory consumption
2
7wk 3wk 3wk
do-not-merge/release-note-label-needed
size/XL
approved
kind/design
dco-signoff: yes
collaborator-last
commented
new-commits
5670 feat(chart): support probes for cert-manager and cainjector 5wk 4wk 4wk
release-note
kind/feature
size/M
dco-signoff: yes
ok-to-test
area/deploy
assigned
assignee-updated
author-last
changes-requested
commented
recv
1132 New version of adcs-issuer
6wk 16d 16d
commented
member-last
send

Needs information for over 2 weeks (3)

Resolution: Close or remove triage/needs-information label

Average age: 479.1d, Avg wait: 0.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5735 context deadline exceeded 15d 15d 15d
triage/needs-information
collaborator-last
commented
send
3748 Cert-manager causes API server panic on clusters with more than 20000 secrets.
13
2y 1mo 1y
kind/bug
triage/needs-information
commented
pr-merged
send
3640 Challenge Records Not Always Cleaned Up 2y 3wk 4wk
kind/bug
area/acme
triage/needs-information
collaborator-last
commented
pr-merged
pr-unreviewed

Support request over 30 days old (3)

Resolution: Close, or add to triage/long-term-support

Average age: 448.9d, Avg wait: 368.7d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5189 Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": context deadline exceeded
10
8mo 2mo 6mo
triage/support
area/webhook
commented
recv-q
send
similar
770 Helm template fails with `--create-namespace` 1y 1y 1y
triage/support
contributor-last
recv
recv-q
480 Secret gets UID added to end of name 2y 2y 2y
triage/support
contributor-last
recv
recv-q

Issues nearing expiration (23)

Resolution: Close or label as frozen

Average age: 244.1d, Avg wait: 110.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5482 Implement support for hooks that get triggered after issuing or renewing certificates 4mo 22h 4mo
kind/feature
lifecycle/rotten
collaborator-last
recv
5480 Route53 solver's STS certificate chain is not being trusted by the cert-manager pod 4mo 2d 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
5479 Could not determine authoritative nameservers for \"_acme-challenge.XXX.com.
2
4mo 3d 4mo
lifecycle/rotten
collaborator-last
recv
recv-q
5472 Ability to check Venafi API parameter in log
4mo 5d 4mo
kind/feature
lifecycle/rotten
collaborator-last
recv
5470 Waiting on certificate issuance from order default/nginx-app-tls-z9xlj-2268860154: "pending" Issuing certificate as Secret does not exist 4mo 6d 4mo
lifecycle/rotten
collaborator-last
recv
recv-q
5467 External Key Generator 4mo 9d 4mo
kind/feature
lifecycle/rotten
collaborator-last
recv
5455 Support assuming role for route53 in AWS China (and other partitions) 4mo 14d 4mo
kind/feature
lifecycle/rotten
collaborator-last
recv
5454 make setup-integration-tests fail
4mo 5d 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
5449 Gateway API exist, still getting error "the Gateway API CRDs do not seem to be present" 4mo 15d 4mo
lifecycle/rotten
collaborator-last
recv
5439 setting certificate attributes in certificate resources 4mo 7d 4mo
kind/feature
lifecycle/rotten
collaborator-last
commented
send
similar
5435 Issuer/ClusterIssuer vault with mounted JWT token 4mo 2wk 4mo
lifecycle/rotten
collaborator-last
recv
5434 v1.7.3 still having "expired challenges" issue 4mo 2wk 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
5431 After generating a new Let's Encrypt certificate, it still uses the default cluster certificate. 4mo 15d 4mo
lifecycle/rotten
recv
5428 [Helm chart] Cert-manager's metrics can't be added to grafana data soource 4mo 3wk 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
5359 Packaging cert-manager with Carvel
4
6mo 2wk 4mo
kind/feature
lifecycle/rotten
collaborator-last
commented
send
5211 Question about tolerations 7mo 19d 7mo
lifecycle/rotten
collaborator-last
recv
4959 Support AWS Auth Method for Vault 10mo 16d 10mo
kind/feature
lifecycle/rotten
collaborator-last
pr-unreviewed
recv
4947 Custom labels/annotations in ACME solver services created by Issuer/ClusterIssuer
7
10mo 3wk 10mo
kind/feature
lifecycle/rotten
collaborator-last
recv
4620 Vault Issuer does not retry signing CertificateRequests if the status is pending
6
1y 15d 5mo
kind/bug
priority/important-longterm
area/vault
lifecycle/rotten
collaborator-last
commented
recv-q
send
4489 Externalize controller argument config
1y 19d 8mo
kind/feature
priority/important-longterm
lifecycle/rotten
assigned
collaborator-last
commented
recv
3565 requestmanager_controller got stuck in a loop and stopped generating new certificates afterward
13
2y 12d 1y
kind/bug
lifecycle/rotten
collaborator-last
commented
recv-q
send
3283 Passing apiVersion as apiGroup should give a validation error
2
25
2y 7d 2y
area/api
kind/bug
priority/important-longterm
lifecycle/rotten
collaborator-last
commented
recv
recv-q
5446 Allow concurrent same-FQDN DNS-01 challenges when using route53 4mo 8d 4mo
release-note
needs-ok-to-test
size/M
area/acme
lifecycle/rotten
dco-signoff: yes
area/testing
needs-kind
collaborator-last
commented
reviewed-with-comment
send

Pull requests: Approved and getting old (6)

Resolution:

Average age: 231.7d, Avg wait: 17.5d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5747 BUGFIX: if a LiteralSubject is set, the RequestMatchesSpec function does skip too many checks 9d 6d
release-note-none
approved
kind/bug
kind/cleanup
kind/design
kind/documentation
kind/feature
size/M
dco-signoff: yes
collaborator-last
unreviewed
5436 Move CSR resource in design to GA
4mo 6wk 4mo
release-note
approved
size/S
kind/design
dco-signoff: yes
commented
contributor-last
reviewed-with-comment
send
1071 Improved the summary on the docs homepage
2
4mo 4mo 4mo
approved
dco-signoff: yes
size/S
commented
contributor-last
new-commits
recv-q
3 previously listed items omitted: #5324 #3931 #992

Pull Requests: Stale (58)

Resolution: Add comment and/or close PR

Average age: 300.9d, Avg wait: 58.6d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5542 [helm] Introduce cert-manager-resources helm chart 3mo 8d 3mo
size/L
do-not-merge/release-note-label-needed
needs-ok-to-test
lifecycle/stale
dco-signoff: yes
area/deploy
needs-kind
collaborator-last
recv
unreviewed
5303 Stop infinitely reissuing certs with shared Secret
3
6mo 10d 3mo
release-note
size/S
do-not-merge/work-in-progress
needs-ok-to-test
lifecycle/stale
dco-signoff: yes
needs-kind
assigned
assignee-updated
commented
contributor-last
draft
new-commits
recv-q
send
5452 Update Azure SDK and remove deprecated autorest dependency
4mo 12d 6wk
size/L
release-note-none
needs-rebase
do-not-merge/work-in-progress
area/acme
dco-signoff: yes
ok-to-test
area/acme/dns01
needs-kind
commented
contributor-last
draft
new-commits
send
5003 Implement the DNS-over-HTTPS check
2
10mo 14d 6mo
release-note-none
needs-rebase
do-not-merge/work-in-progress
size/XXL
area/acme
dco-signoff: yes
area/testing
ok-to-test
area/acme/dns01
needs-kind
collaborator-last
commented
draft
recv
recv-q
unreviewed
5438 Add option tokenPath to Vault (cluster)issuer 4mo 3wk 4mo
do-not-merge/release-note-label-needed
size/S
area/api
needs-ok-to-test
lifecycle/stale
area/vault
dco-signoff: no
needs-kind
assigned
collaborator-last
commented
send
unreviewed
5158 Added certificate owner ref field
4
8mo 3wk 6wk
release-note
size/XL
needs-rebase
area/api
do-not-merge/work-in-progress
dco-signoff: yes
area/testing
ok-to-test
area/deploy
needs-kind
collaborator-last
commented
draft
recv
reviewed-with-comment
similar
5701 feat: added custom endpoint override flag for http solver 3wk 3wk 3wk
release-note
kind/feature
needs-ok-to-test
size/M
area/acme
dco-signoff: yes
area/acme/http01
recv
recv-q
unreviewed
4810 Server Side Apply: Adds support for CA Injector controller to use SSA with Feature Gate
4
1y 3wk 2mo
size/L
release-note
needs-rebase
approved
kind/feature
priority/important-soon
dco-signoff: yes
area/deploy
collaborator-last
commented
reviewed-with-comment
send
5567 WIP: Certificates: preventing CertificateRequest creation runaway 2mo 4wk 4wk
release-note
approved
area/api
do-not-merge/work-in-progress
kind/feature
size/XXL
dco-signoff: yes
area/testing
area/deploy
commented
member-last
open-milestone
reviewed-with-comment
send
5686 Add missing healthz port to PSP in Helm Chart when hostNetwork is used 4wk 4wk 4wk
size/XS
release-note
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
collaborator-last
recv
unreviewed
5373 Allow config of http01 solver pod security context
2
5mo 4wk 4wk
size/L
release-note
area/api
kind/feature
area/acme
dco-signoff: yes
ok-to-test
area/acme/http01
area/deploy
commented
member-last
open-milestone
send
unreviewed
5356 Allow ECDSA for ACME client keys 6mo 6wk 7wk
size/L
release-note
needs-rebase
area/api
kind/feature
area/acme
dco-signoff: yes
area/testing
ok-to-test
area/deploy
changes-requested
collaborator-last
commented
send
5225 Add flag to allow switching ingressClassName specification
5
7mo 6wk 7mo
release-note
needs-ok-to-test
size/M
area/acme
dco-signoff: yes
area/acme/http01
needs-kind
commented
recv-q
send
unreviewed
4209 Auto generate README.md, Chart.yaml, values.schema.json and values.yaml using tem & helm-jsonschema-gen
3
2y 6wk 7mo
release-note
size/XL
approved
do-not-merge/work-in-progress
kind/feature
dco-signoff: yes
ok-to-test
area/deploy
collaborator-last
commented
draft
new-commits
similar
4330 Add client certificate auth method for Vault issuer 2y 6wk 9mo
release-note
size/XL
area/api
kind/feature
area/acme
area/vault
dco-signoff: yes
area/testing
ok-to-test
area/deploy
collaborator-last
commented
recv
recv-q
unreviewed
4570 `RevisionHistoryLimit` has a default value of 25
1y 6wk 6mo
release-note
area/api
size/M
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
assigned
collaborator-last
commented
new-commits
send
5083 WIP: Generate applyconfigurations and Apply functions 9mo 6wk 9mo
release-note-none
needs-rebase
approved
do-not-merge/work-in-progress
size/XXL
dco-signoff: yes
area/testing
needs-kind
assigned
assignee-updated
collaborator-last
commented
send
similar
unreviewed
5126 WIP: Only remove the cleanup finalizer if the cleanup succeeds 8mo 6wk 8mo
size/L
release-note-none
needs-rebase
approved
do-not-merge/work-in-progress
kind/cleanup
area/acme
dco-signoff: yes
area/testing
collaborator-last
commented
unreviewed
5094 WIP server-side apply in tests v2 9mo 6wk
size/L
release-note-none
needs-rebase
approved
do-not-merge/work-in-progress
kind/cleanup
dco-signoff: yes
area/testing
collaborator-last
unreviewed
5447 Allow extra DNS-01 propagation time to be configured
4mo 6wk 4mo
release-note
size/S
area/acme
dco-signoff: yes
ok-to-test
area/acme/dns01
needs-kind
author-last
commented
recv
unreviewed
5370 Use CUE to generate values.yaml and values.schema.json
6mo 6wk 5mo
release-note
needs-rebase
approved
do-not-merge/work-in-progress
kind/feature
size/XXL
dco-signoff: yes
area/deploy
collaborator-last
commented
draft
new-commits
similar
5378 Unify semver version generation 5mo 6wk 5mo
size/L
release-note-none
needs-rebase
approved
do-not-merge/work-in-progress
kind/cleanup
dco-signoff: yes
changes-requested
collaborator-last
commented
draft
5383 Generate applyconfigurations and Apply functions 5mo 6wk 5mo
release-note
needs-rebase
approved
area/api
do-not-merge/work-in-progress
size/XXL
dco-signoff: yes
needs-kind
collaborator-last
commented
draft
send
similar
unreviewed
5530 Added support for using env config for configuring Vault issuer. 3mo 2mo 3mo
size/L
release-note
area/api
do-not-merge/work-in-progress
needs-ok-to-test
area/vault
dco-signoff: no
area/deploy
needs-kind
assigned
collaborator-last
draft
recv
unreviewed
5337 WIP: Controller configuration file 6mo 2mo 6mo
release-note-none
needs-rebase
area/api
do-not-merge/work-in-progress
needs-ok-to-test
size/XXL
dco-signoff: no
needs-kind
collaborator-last
recv
unreviewed
982 WIP: [GSOD] Define our audiences 8mo 10d 10d
approved
dco-signoff: yes
lgtm
do-not-merge/work-in-progress
size/M
assigned
assignee-updated
commented
member-last
send
unreviewed
1089 Update docs to remove subchart warning 3mo 3wk 3wk
approved
dco-signoff: yes
needs-rebase
size/S
ok-to-test
assigned
changes-requested
commented
contributor-last
send
1081 Vault: document the new field "serviceAccountRef" 4mo 2mo
approved
dco-signoff: yes
do-not-merge/work-in-progress
size/M
draft
unreviewed
1075 Move Issuer / ClusterIssuer and Certificate resource content to a sub-folder of configuration/ 4mo 4mo
approved
dco-signoff: yes
size/L
needs-rebase
contributor-last
reviewed-with-comment
1048 [WIP] Document structure updates 6mo 5mo 5mo
dco-signoff: yes
size/XXL
needs-rebase
do-not-merge/work-in-progress
ok-to-test
commented
contributor-last
send
unreviewed
1034 Add link to ACME DNS01 webhook for PowerDNS 6mo 6mo 6mo
size/XS
dco-signoff: yes
needs-rebase
needs-ok-to-test
contributor-last
recv
unreviewed
1005 Route53 accessKeyIDSecretRef docs 7mo 7mo 7mo
size/XS
dco-signoff: yes
needs-ok-to-test
recv
unreviewed
859 Move the meetings and slack information to a separate page
10mo 8mo 8mo
approved
dco-signoff: yes
needs-rebase
size/M
changes-requested
commented
member-last
send
948 add note to ingress class definition 9mo 9mo 9mo
dco-signoff: no
size/XS
needs-ok-to-test
assigned
author-last
recv
unreviewed
701 Issuer with IRSA needs ambient credentials flag
1y 9mo 1y
dco-signoff: no
size/S
ok-to-test
commented
contributor-last
new-commits
send
446 Add multiple ingresses usage section 2y 9mo 1y
size/XS
dco-signoff: yes
needs-rebase
needs-ok-to-test
changes-requested
commented
contributor-last
send
589 cloud DNS: include missing project ID
2y 9mo 2y
size/XS
dco-signoff: yes
needs-rebase
ok-to-test
changes-requested
commented
contributor-last
send
689 Retro 1.5 follow-up: PR to website on every feature PR
1y 9mo 1y
approved
size/XS
dco-signoff: yes
needs-rebase
changes-requested
commented
contributor-last
send
751 Added kubectl config for recursive nameservers 1y 9mo 1y
dco-signoff: no
size/XS
needs-rebase
ok-to-test
approved
commented
contributor-last
send
765 Document that DNS-01 ClusterIssuer use kube-system secret 1y 9mo 1y
size/XS
dco-signoff: yes
needs-rebase
needs-ok-to-test
assigned
changes-requested
commented
contributor-last
send
790 Update route53.md 1y 9mo 1y
dco-signoff: no
size/XS
needs-rebase
needs-ok-to-test
changes-requested
commented
contributor-last
send
884 remove duplicate code 10mo 9mo 10mo
dco-signoff: no
size/XS
needs-rebase
needs-ok-to-test
changes-requested
contributor-last
recv
528 Update "Setting Nameservers for DNS01 Self Check" example 2y 10mo 2y
size/XS
dco-signoff: yes
needs-rebase
needs-ok-to-test
contributor-last
recv
unreviewed
451 update to ingress. 2y 1y 2y
dco-signoff: no
size/XS
needs-rebase
needs-ok-to-test
contributor-last
recv
unreviewed
548 More doc around the approval API in the /concepts/certificaterequest page
2y 1y 2y
approved
dco-signoff: yes
kind/cleanup
size/XL
needs-rebase
assigned
assignee-updated
changes-requested
commented
contributor-last
send
112 Bump helm.sh/helm/v3 from 3.9.4 to 3.10.3 7wk 7wk 7wk
dco-signoff: yes
needs-ok-to-test
size/L
dependencies
contributor-last
recv
unreviewed
17 Add image validation for Docker architecture 2y 1y 2y
dco-signoff: yes
lgtm
size/L
needs-rebase
assigned
assignee-updated
commented
contributor-last
new-commits
send
43 No more requirement "be in the release folder" to run cmrel, remove the flag --cloudbuild 1y 1y
dco-signoff: yes
approved
size/M
needs-rebase
contributor-last
unreviewed
36 Add the "cmrel update-release-branch" command 2y 1y 2y
dco-signoff: yes
approved
size/M
needs-rebase
do-not-merge/work-in-progress
commented
contributor-last
draft
unreviewed
9 previously listed items omitted: #5446 #5639 #5174 #5670 #5436 #5324 #3931 #992 #1071

Overdue answers for a question (38)

Resolution: Add a comment

Average age: 543.2d, Avg wait: 116.7d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5608 Unable to inject linkerd sidecar proxy to Cert-Manager pods 2mo 2mo 2mo
author-last
recv
recv-q
5549 unknown field "enabled" in io.k8s.api.core.v1.PodSecurityContext
2
3mo 6wk 3mo
recv
recv-q
5543 Using Azure workload identity instead of AAD Pod Identities to configure the AzureDNS DNS01 challenge. 3mo 1mo 3mo
kind/feature
recv
recv-q
5537 Left over artifacts from cert-manager 3mo 9d 3mo
lifecycle/stale
collaborator-last
recv
recv-q
similar
5524 cert-manager v1.10.0 always tries to access clusterissuers at cluster scope 3mo 2mo 3mo
kind/bug
recv
recv-q
5520 CrashLoopBackOff after restart of all deployments 3mo 9d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
recv-q
5513 Deploy of cert-manager-webhook/cainjector:v1.9.1 got permission error
3mo 10d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
recv-q
similar
5437 Issuer/ClusterIssuer support to specify vault token on local filesystem 4mo 10d 4mo
lifecycle/stale
collaborator-last
pr-unreviewed
recv
recv-q
5220 Investigate improving resource consumption and performance in clusters with large amount of resources
9
7mo 2mo 3mo
kind/feature
commented
pr-new-commits
recv-q
4931 Enable Testing on ARM64 11mo 6wk 10mo
kind/feature
author-last
commented
recv
recv-q
4918 Leader election timeout (?) causes exit
2
11mo 3wk 9mo
priority/important-longterm
commented
recv
recv-q
4877 HTTP01 solver fails self-check/propagation check on 1.7.1 when used with client-certificate auth on nginx Ingress 1.1.1
11mo 2mo 11mo
kind/bug
author-last
recv
recv-q
4685 Unexpected EOF during watch stream event decoding: unexpected EOF
5
1y 1mo 1y
lifecycle/frozen
kind/bug
recv
recv-q
4594 TLS handshake error: EOF
14
1y 7wk 8mo
kind/bug
commented
recv-q
send
4423 Cert renewal loop
2
1y 3wk 1y
kind/bug
author-last
commented
recv
recv-q
3958 Sane defaults for Certificate revision history limit
10
2y 2mo 2mo
kind/feature
commented
recv-q
send
3896 Cert Manager failing to renew certificate
17
2y 2mo 1y
kind/bug
commented
recv-q
send
similar
3103 Adding probes to the cert-manager pods
5
2y 7wk 7mo
kind/feature
priority/important-longterm
area/deploy
commented
recv-q
send
2722 Inject CA certificate into Secrets with cainjector
19
2y 7wk 1y
kind/feature
priority/awaiting-more-evidence
commented
recv-q
send
2605 No flag to set structured logging output, e.g. JSON?
47
3y 7wk 2y
help wanted
kind/feature
priority/backlog
commented
recv
recv-q
2478 Allow CA issuer secret rotation
36
3y 2mo 2y
kind/feature
priority/important-longterm
area/ca
collaborator-last
commented
recv-q
send
2380 Helm chart version is not SemVer-compatible
5
3y 2mo 2y
kind/bug
author-last
commented
recv
recv-q
2334 Add network policy allowance into documentation
16
3y 7wk 1y
good first issue
help wanted
kind/documentation
priority/backlog
area/deploy
commented
pr-merged
recv
recv-q
2239 Create a CertificatePreset resource type to allow configurable defaulting
64
3y 11d 9mo
area/api
kind/feature
priority/backlog
priority/important-soon
commented
pr-closed
pr-merged
recv-q
send
899 Upgrading from v1.7 to v1.8 check command should exclude null.
2
10mo 9mo 10mo
recv
recv-q
645 Investigate & add an FAQ/warning about images rolled back after GitOps upgrade 2y 11mo 2y
recv
recv-q
12 previously listed items omitted: #5471 #5470 #5189 #4956 #4821 #4620 #3565 #3521 #3283 #2538 #2178 #262

Updated support requests (109)

Resolution: Move out of support, or add a comment

Average age: 285.8d, Avg wait: 198.2d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5752 Waiting for HTTP-01 challenge propagation: wrong status code '404', expected '200'
8d 8d 8d
kind/bug
recv
similar
5716 Certificate renewal fails during DNS challenge with Route53 3wk 10d 3wk
kind/bug
recv
similar
5708 Cert Manager working with only example.com not with svc.cluster.local 3wk 3wk 3wk
kind/bug
collaborator-last
recv
5700 Support for issuing public certs using AWS ACM and DNS verification
3wk 3wk 3wk
kind/feature
author-last
recv
5697 Support PodSecurityAdmission 3wk 3wk 3wk
kind/feature
recv
5673 Error presenting challenge: init sdk: get token: extract secret: resource name may not be empty 4wk 2wk 4wk
author-last
recv
5665 Allow defining keystore password as litteral instead of SecretRef 5wk 5wk 5wk
kind/feature
recv
5650 provider rfc2136 send updates to top level zone 6wk 6wk 6wk
kind/bug
recv
similar
5630 provider rfc2136: updates are sent to wrong dns zone 7wk 7wk 7wk
recv
similar
5626 Helm: Allow configuration of readiness, liveness and startup probes for all created Pods 1mo 3wk 4wk
kind/feature
author-last
commented
pr-changes-requested
recv
5615 Integrate cert-manager with DigitalOcean LBs 1mo 1mo 1mo
kind/feature
recv
5611 ACME HTTP challenge pods blocked by OpenShift 2mo 4wk 2mo
kind/bug
recv
5596 Current PSP is not sufficient to work with CSI volume 2mo 2mo 2mo
kind/bug
recv
5590 Configure cluster resource namespace in ClusterIssuer spec 2mo 2mo 2mo
recv
similar
5585 ClusterIssuer cannot read the ServiceAccount token secret 2mo 2mo 2mo
kind/bug
recv
5580 Mounting emptyDir to /tmp directory (webhook) 2mo 2mo 2mo
kind/feature
author-last
recv
5575 Can cert manager be used as a multi-cluster active-active certificate manager? 2mo 2mo 2mo
recv
5572 Add the possibility to use two cluster issuers in a single ingress 2mo 2mo 2mo
kind/feature
recv
5565 cert-manager aws route53 hosted zone automatically add records. 2mo 2mo 2mo
recv
5557 error instantiating route53 challenge solver: unable to assume role: AccessDenied:
2
2mo 2mo 2mo
kind/bug
recv
similar
5548 Pod is not running due to AppArmor not Enabled 3mo 2mo 3mo
recv
5540 Changelog annotations to chart 3mo 8d 3mo
kind/feature
author-last
recv
5538 Unable to set IPv6 podDNS config from values 3mo 9d 3mo
kind/bug
author-last
recv
5536 Challenge stack on self check when host is unavailable from cluster. 3mo 10d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
5527 Allow to add out-of-tree signers for cert-manager to approve. 3mo 15d 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
5526 Separate section for breaking changes in release notes 3mo 15d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
5521 Webhook Pod HealthCheck Port is missing in Webhook PSP 3mo 15d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
5512 GoogleCloud API call failed: googleapi: Error 403: Permission denied on resource project $PROJECT_ID 3mo 2wk 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
5509 Label cert-manager managed objects with 'app.kubernetes.io/managed-by' 3mo 3wk 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
5508 is it possible to create k8s tls secret when I store crt and key into vault? 3mo 3wk 3mo
lifecycle/stale
collaborator-last
recv
5507 CA provider authentication of issuer via certificate 3mo 3wk 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
5503 cert-manager sub-chart documentation
3mo 3wk 3mo
lifecycle/stale
collaborator-last
recv
5494 Adding Custom extensions to certificates, the Subject Alternative Name (SAN) extension criticality ( OID = 2.5.29.17 ) 3mo 4wk 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
5488 Add support for creating pki secret engine in Vault 4mo 4wk 4mo
kind/feature
lifecycle/stale
collaborator-last
recv
5481 Need metrics for DNS01 Challenges 4mo 16d 4mo
kind/feature
lifecycle/stale
collaborator-last
recv
5448 how to disabled serverSideApply
2
4mo 17d 4mo
help wanted
lifecycle/stale
collaborator-last
recv
5433 Support certs that live for < 1h
3
4mo 7wk 4mo
kind/feature
author-last
recv
5430 Improving DNS-01 challenge performance
4mo 7wk 4mo
kind/feature
pr-reviewed-with-comment
pr-unreviewed
recv
5069 Error presenting challenge: the server could not find the requested resource even though resource exists 9mo 5wk 9mo
kind/bug
recv
5062 Cert-manager stops processing order request in "processing" status after several attempts 9mo 2mo 2mo
kind/bug
area/acme
author-last
commented
recv
5048 certificate not renewed for ingress with multiple hosts and http01-edit-in-place
2
9mo 9d 9mo
kind/bug
priority/backlog
author-last
commented
recv
4561 Ability to specify secret ownerReference as part of the Certificate request
3
1y 4wk 1y
kind/feature
recv
4216 Error getting keypair for CA issuer: error parsing ecdsa private key: x509: failed to parse EC private key: asn1: structure error: length too large 2y 3wk 2y
lifecycle/stale
collaborator-last
recv
4153 Support DoT (DNS over TLS) for Recursive Nameservers
2y 19d 9mo
kind/feature
priority/backlog
area/acme/dns01
author-last
commented
recv
3992 Add non-CRD yaml file
2
2y 3wk 2y
priority/important-soon
area/deploy
author-last
commented
recv
3898 Allow setting PodDisruptionBudget policies via helm chart
3
2y 7wk 2y
kind/feature
priority/important-longterm
area/deploy
author-last
pr-approved
pr-closed
recv
1159 Why the sample issuer still uses kubebuilder version 2 ? 18d 18d 18d
recv
1101 Feature request for updating documentation. 2mo 2mo 2mo
recv
1063 "Securing Ingresses with Venafi" tutorial contains link to missing manifest
5mo 5mo 5mo
author-last
pr-merged
recv
1062 Document process for offboarding maintainers 5mo 5mo 5mo
recv
similar
1061 Document onboarding process for new maintainers 5mo 5mo 5mo
recv
similar
1054 Run spell checker in a pre-commit hook 5mo 5mo 5mo
good first issue
kind/cleanup
recv
1006 Use descriptive text instead of alt for `feature icon` 7mo 7mo 7mo
recv
1001 Document a policy for required CI health before we can release 7mo 7mo 7mo
recv
988 Document how feature gated fields can be added to API 8mo 8mo 8mo
recv
931 Improve upgrade instructions using helm
9mo 9mo 9mo
recv
866 Securing NGINX-ingress 10mo 10mo 10mo
recv
similar
851 create Cilium ingress tls example
3
11mo 7mo 11mo
assigned
assignee-updated
recv
836 Syncing Secrets Across Namespaces
1y 10mo 1y
recv
758 API reference docs: enum values not documented with typedef 1y 1y 1y
recv
746 Enable Dark mode in the docs website 1y 1y 1y
recv
706 Default key usages 1y 1y 1y
recv
697 [IRSA] Needs `runAsUser: 1001` 1y 1y 1y
recv
672 List required Google CloudDNS permissions exhaustively 2y 2y 2y
recv
662 Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"
2y 1y 2y
recv
568 Add a diagram for LetsEncrypt cert issuance flow to the docs
4
2y 2y 2y
recv
561 Certificate Resources 2y 2y 2y
recv
similar
469 DNS01: Delegated Domains for DNS01 example yaml solvers list items 2y 2y 2y
recv
466 installation/compatiblity 2y 2y 2y
recv
457 cainjector docs are missing the option to inject certs in apiservice resources
2y 2y 2y
recv
454 Cluster Resource Namespace 2y 2y 2y
recv
similar
354 DigitalOcean access-token should not be base64-encoded 2y 2y 2y
priority/awaiting-more-evidence
author-last
commented
recv
37 previously listed items omitted
Triage Party v1.3.0