generic Weekly Triage :: Triage Party

queue to be emptied once a week in a team triage meeting

Important soon, but no updates in 60 days (4)

Resolution: Downgrade to important-longterm

Average age: 890.2d, Avg wait: 0.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5074		Race condition between issuers, certificates, and secrets			2y	11mo	1y		lifecycle/frozen kind/bug priority/important-soon	commented member-last pr-closed send
1174		Document the docker images and how to find them			10mo	9mo	9mo		good first issue priority/important-soon kind/documentation	commented member-last send
195		Document keystores			3y	9mo	3y		priority/important-soon kind/documentation	commented contributor-last send
174		Add documentation for CRD conversion webhook ca injection			3y	3y	3y		help wanted priority/important-soon kind/documentation	commented member-last send

Important longterm, but no updates in 120 days (6)

Resolution: Downgrade to backlog

Average age: 1089.2d, Avg wait: 49.8d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
3521		Integration with ExternalDNS		4 32	3y	10mo	2y		help wanted lifecycle/frozen kind/feature priority/important-longterm	commented recv-q send
850		Document available cert-manager Prometheus metrics Similar: #136: Document available metrics (open)			2y	9mo	2y		documentation good first issue priority/important-longterm	recv recv-q similar
551		Documentation on how to handle large-scale certificate management & best practices		2	2y	9mo	9mo		help wanted priority/important-longterm kind/documentation	commented member-last send
401		Bring tutorials up to date			2y	9mo	9mo		priority/important-longterm	commented member-last send
223		Document wildcard certificate tutorial			3y	3y	3y		priority/important-longterm kind/documentation	commented contributor-last send
56		Route53: document use of "region" field			4y	9mo	9mo		documentation priority/important-longterm	commented contributor-last send

many reactions, low priority (18)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 397.0d, Avg wait: 33.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6468		Gateway API v1		5	5wk	13d	5wk		kind/feature	commented recv-q
6179		CRDs shouldn't be templated in Helm...		16	5mo	7h	4mo			commented recv-q send
6065		acme-http01-edit-in-place is ignored when edit ingress resource - has to be re-added		2 2 8	7mo	19d	7mo		kind/bug	recv recv-q
5959		`ImagePullBackoff` on `cm-acme-http-solver` pod, if using private registries		8	7mo	4wk	4wk		lifecycle/frozen kind/bug	commented member-last send
5957		Support Secure (non-legacy) OpenSSL v3 PKCS12 Algorithms		21	7mo	3wk	7mo		kind/feature	recv recv-q
6150		(Cluster)Issuer with vault auth and serviceAccountRef is not accepted by cluster due to audience		3 8	5mo	2wk	2mo			commented open-milestone pr-unreviewed recv recv-q
5867		Controller can't handle hitting request rate limits of zerossl ACME API Similar: #6106: Controller can't handle hitting request rate limits when is registering the issuer (open)		3 11 20	8mo	4wk	4wk		lifecycle/frozen kind/bug	commented member-last pr-closed pr-merged send similar
2538		cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer Similar: #6184: Conflicting ingressClassName http01 issuer spec and acme.cert-manager.io/http01-ingress-class annotation (open)		63	3y	4wk	4wk		area/api help wanted lifecycle/frozen kind/feature priority/backlog	commented member-last send similar
4114		Endless Sync Loop when installing Helm Chart via ArgoCD		11 29	2y	15d	16d		kind/bug lifecycle/rotten	assigned assignee-updated commented pr-closed recv-q send
5514		Venafi Issuer Read `caBundle` from Configmap or Secret PR#6228: Issue 5514 read cabundle from kube objects - design doc new-commits PR#6454: Feature/issue 5514 venafi issuer ca ref new-commits Similar: #6117: Vault Issuer Read caBundle from ConfigMap (open)		4 9	1y	6wk	4mo		good first issue kind/feature	assigned assignee-updated commented pr-new-commits similar
1571		Add ca.crt to TLS secret generated by ACME issuers		14 64	4y	3wk	3wk		help wanted kind/feature priority/backlog area/acme	commented pr-merged send
583		cert-manager with ZeroSSL		44	2y	1y	1y			commented send
1279		docs: Certificate Defaults Tutorial		9	3mo	2mo	2mo		dco-signoff: yes size/XL needs-rebase	commented member-last reviewed-with-comment send
222		[Feature] - Ability to inject a CA cert into a cert-manager managed secret resource		5	5wk	3wk	5wk			commented recv-q send
199		Support of setting arbitrary password for PKCS12 truststore PR#253: add dedicated structures for PKCS12 and JKS stores commented		2 4	7wk	15d	7wk		help wanted good first issue	assigned assignee-updated contributor-last pr-closed pr-reviewed-with-comment recv recv-q
183		Create trust bundle based on Debian bookworm		11	2mo	4wk	4wk		good first issue	assigned assignee-updated commented member-last
144		Add CertificateRequest as a source Similar: #561: Certificate Resources (open) Similar: #119: Certificate is re-requested when container restarts (open)		7	5mo	4mo	4mo			commented contributor-last pr-merged recv similar
253		add dedicated structures for PKCS12 and JKS stores		17	8d	11h	3d		dco-signoff: yes approved size/L do-not-merge/hold ok-to-test	commented contributor-last recv recv-q reviewed-with-comment

many commenters, low priority (2)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 41.2d, Avg wait: 0.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
222		[Feature] - Ability to inject a CA cert into a cert-manager managed secret resource		5	5wk	3wk	5wk			commented recv-q send
214		Add helm values for annotations			6wk	5wk	5wk		dco-signoff: yes ok-to-test size/S needs-rebase	changes-requested commented contributor-last send

Screaming into the void (1)

Resolution: Reopen, or ask folks to open a new issue

Average age: 2067.5d, Avg wait: 1350.2d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
466		proxy_protocol mode breaks HTTP01 challenge Check stage		16 11 160	5y	2d	3y		kind/bug	closed commented recv recv-q

Needs information for over 2 weeks (3)

Resolution: Close or remove triage/needs-information label

Average age: 669.8d, Avg wait: 0.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6294		Helm chart deployment is failing on update to k8s 1.25			3mo	14d	3mo		lifecycle/stale triage/needs-information	collaborator-last commented send
3748		Cert-manager causes API server panic on clusters with more than 20000 secrets.		14	2y	5wk	5wk		kind/bug triage/needs-information	commented pr-merged send
15		Allow data-root to be an absolute path			2y	9mo			kind/bug triage/needs-information	contributor-last

Support request over 30 days old: No matching items

Issues nearing expiration (14)

Resolution: Close or label as frozen

Average age: 441.0d, Avg wait: 55.4d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6213		Unable to install cert-manager with argo-cd because helm chart is v1			4mo	15d	4mo		kind/bug lifecycle/rotten	collaborator-last commented send
5998		Failed post-install: timed out waiting for the condition Similar: #5664: Error: INSTALLATION FAILED: failed post-install: timed out waiting for the condition (closed) Similar: #4646: Failed to install " failed post-install: timed out waiting for the condition" (closed)			7mo	17d	7mo		kind/bug lifecycle/rotten	recv similar
5626		Helm: Allow configuration of readiness, liveness and startup probes for all created Pods			1y	3wk	3wk		kind/feature lifecycle/rotten	collaborator-last commented pr-closed send
5590		Configure cluster resource namespace in ClusterIssuer spec		2	1y	3wk	1y		triage/support lifecycle/rotten	collaborator-last recv recv-q
5588		--must-staple attribute for OCSP Stapling		3	1y	5d	1y		good first issue kind/feature lifecycle/rotten	collaborator-last commented recv recv-q
6224		Option to store certificate history in individual secrets			4mo	3wk	4mo		kind/feature lifecycle/rotten	collaborator-last commented recv recv-q
4191		Setting default values for Pod's "resources"?		4	2y	10d	5wk		lifecycle/rotten	commented recv-q send
2930		Mirror to gcr.io or dockerhub		27	3y	3wk	3wk		kind/feature priority/important-soon lifecycle/rotten area/deploy	assigned assignee-updated commented contributor-last recv-q send
4114		Endless Sync Loop when installing Helm Chart via ArgoCD		11 29	2y	15d	16d		kind/bug lifecycle/rotten	assigned assignee-updated commented pr-closed recv-q send
5701		feat: added custom endpoint override flag for http solver			11mo	12d	11mo		release-note needs-rebase kind/feature needs-ok-to-test size/M area/acme lifecycle/rotten dco-signoff: yes area/acme/http01	collaborator-last recv recv-q unreviewed
5373		Allow config of http01 solver pod security context		3 3	1y	17d	8mo		release-note area/api kind/feature size/XXL area/acme lifecycle/rotten dco-signoff: yes ok-to-test area/acme/http01 area/deploy	author-last closed commented recv recv-q
6015		add imagePullSecrets clauses to deployments, jobs			7mo	3d	4mo		release-note size/S kind/feature lifecycle/rotten dco-signoff: yes ok-to-test area/deploy	collaborator-last commented send unreviewed
6146		Add Venafi custom field support to cert-shim			6mo	4wk	4mo		release-note-none size/S do-not-merge/hold needs-ok-to-test lifecycle/rotten dco-signoff: yes needs-kind	changes-requested collaborator-last commented send
6122		Improve acmedns so that it honors followCname Setting			6mo	4wk	4mo		size/XS release-note area/acme lifecycle/rotten dco-signoff: yes ok-to-test area/acme/dns01 needs-kind	collaborator-last commented send unreviewed

Pull requests: Approved and getting old (5)

Resolution:

Average age: 196.7d, Avg wait: 0.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6103		Unify semver version logic			6mo	13d			size/L release-note-none approved kind/cleanup lifecycle/stale dco-signoff: yes	collaborator-last open-milestone unreviewed
6120		add comments explaining the Sync function & small test bugfix			6mo	3wk	4mo		release-note-none approved lgtm size/S kind/cleanup lifecycle/stale dco-signoff: yes	assigned assignee-updated collaborator-last commented open-milestone reviewed-with-comment
6277		ControllerConfiguration fuzzer, only set the value in case the random value is empty			3mo	3wk	3wk		size/L release-note-none approved area/api kind/cleanup dco-signoff: yes area/testing	commented member-last unreviewed
1071		Improved the summary on the docs homepage		2	1y	2wk	2wk		approved dco-signoff: yes size/S	commented member-last reviewed-with-comment send
48		Implement private key size annotation			13d	9d	9d		dco-signoff: yes approved size/L	commented contributor-last send unreviewed

Pull Requests: Stale (73)

Resolution: Add comment and/or close PR

Average age: 276.5d, Avg wait: 65.6d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6228		Issue 5514 read cabundle from kube objects - design doc		3	4mo	6d	2mo		size/L release-note-none kind/design needs-ok-to-test dco-signoff: no	collaborator-last commented new-commits open-milestone recv recv-q
6454		Feature/issue 5514 venafi issuer ca ref			6wk	11d	5wk		release-note area/api needs-ok-to-test size/XXL dco-signoff: no area/testing area/deploy needs-kind	collaborator-last commented new-commits send
6376		WIP: Add OCSP stapling functionality			2mo	11d	2mo		size/XL release-note-none needs-rebase area/api do-not-merge/work-in-progress kind/feature needs-ok-to-test dco-signoff: no	collaborator-last commented send unreviewed
5848		WIP: Design: core-issuers			9mo	15d	15d		release-note-none approved lgtm do-not-merge/work-in-progress do-not-merge/hold kind/design size/M dco-signoff: yes	commented member-last reviewed-with-comment send
6248		feat: allow changing the default Deployment revisionHistoryLimit			4mo	16d	4mo		release-note size/S needs-ok-to-test dco-signoff: yes area/deploy needs-kind	recv unreviewed
5447		Allow extra DNS-01 propagation time to be configured			1y	17d	1y		release-note needs-rebase size/S lifecycle/stale area/acme dco-signoff: yes ok-to-test area/acme/dns01 needs-kind	collaborator-last commented open-milestone recv unreviewed
6002		Move pkg/controller/cainjector to cmd/cainjector/controller			7mo	17d	6mo		release-note-none needs-rebase approved size/S kind/cleanup lifecycle/stale dco-signoff: yes	collaborator-last commented unreviewed
6102		Move ctl utils to cmd/ctl			6mo	17d			size/L release-note-none needs-rebase approved kind/cleanup lifecycle/stale dco-signoff: yes area/testing	collaborator-last unreviewed
6155		Add Certificate Hash			5mo	3wk			release-note-none area/api do-not-merge/work-in-progress kind/feature size/XXL area/acme dco-signoff: yes area/testing	collaborator-last draft open-milestone unreviewed
5860		Fix helm loglevel parsing			9mo	3wk	6mo		size/XS release-note-none needs-ok-to-test lifecycle/stale dco-signoff: yes area/deploy needs-kind	collaborator-last commented open-milestone reviewed-with-comment send
6124		Add design/20230601.gateway-route-hostnames.			6mo	3wk	6mo		size/L release-note-none kind/design needs-ok-to-test lifecycle/stale dco-signoff: yes	collaborator-last new-commits recv recv-q
4330		Add client certificate auth method for Vault issuer Similar: #1202: Add section about client cert authentication for vault (open)		4	2y	3wk	8mo		release-note needs-rebase approved area/api kind/feature size/XXL lifecycle/stale area/acme area/vault dco-signoff: yes area/testing ok-to-test area/deploy	collaborator-last commented open-milestone recv recv-q reviewed-with-comment similar
6351		Handle multiple concurrent Azure DNS01 challenges for the same FQDN			2mo	3wk	2mo		size/L release-note area/acme dco-signoff: yes ok-to-test area/acme/dns01	author-last commented recv unreviewed
5823		Make it possible to split a cert-manager installation over multiple Helm releases.			9mo	4wk	6wk		do-not-merge/release-note-label-needed size/S dco-signoff: yes ok-to-test area/deploy needs-kind	assigned assignee-updated author-last commented recv reviewed-with-comment
5383		Generate applyconfigurations and Apply functions Similar: #239: chore: start using generated Bundle API apply configurations (open)			1y	5wk	5wk		release-note needs-rebase approved area/api do-not-merge/work-in-progress priority/important-longterm size/XXL dco-signoff: yes needs-kind	changes-requested commented draft member-last send similar
6190		Adds ingress annotation support for alt-names Similar: #202: Support adding pod annotations (open) Similar: #29: Additional support for subject annotations (open)			5mo	5wk	5wk		release-note size/S needs-ok-to-test triage/needs-information dco-signoff: yes area/testing needs-kind	commented member-last send similar unreviewed
6001		Improve verify-chart scripts & add helmchk			7mo	6wk	6wk		release-note-none needs-rebase kind/cleanup size/M dco-signoff: yes	collaborator-last commented new-commits
6145		Improve Trigger, Readiness and PostIssuance Policy chains			6mo	7wk	6mo		size/L release-note-none needs-rebase approved do-not-merge/work-in-progress kind/cleanup dco-signoff: yes area/testing ok-to-test	collaborator-last commented draft unreviewed
6379		Add pod dns policy override support for both `cainjector` and `webhook` deployments			2mo	7wk	7wk		release-note-none kind/feature needs-ok-to-test size/M dco-signoff: yes area/deploy	approved commented member-last send
6420		feat: Updated configuration of TTL on Route53 (#6407)			7wk	7wk	7wk		size/XS do-not-merge/release-note-label-needed needs-ok-to-test area/acme dco-signoff: yes area/acme/dns01 needs-kind	changes-requested collaborator-last recv
6193		[feat] when helm set `installCRDs: true`. crds.yaml file must be pre-install and pre-upgrade			5mo	1mo	2mo		release-note size/S kind/feature needs-ok-to-test dco-signoff: yes area/deploy	author-last commented recv recv-q unreviewed
6192		Remove conflicting labels from CRDs			5mo	2mo	5mo		release-note-none size/S needs-ok-to-test dco-signoff: yes area/deploy needs-kind	author-last recv unreviewed
5876		helm: add support for TLS configuration and application protocol		2	8mo	2mo	2mo		release-note needs-rebase size/S dco-signoff: yes ok-to-test area/deploy needs-kind	assigned assignee-updated author-last commented recv reviewed-with-comment
5777		helm: Add option to keep CRDs when helm chart is uninstalled		3	10mo	2mo	2mo		release-note needs-ok-to-test size/M dco-signoff: yes area/deploy needs-kind	collaborator-last commented send unreviewed
6186		feat: Add OwnerReference to the secrets created by ACME ClusterIssuer and Issuer			5mo	2mo	4mo		size/XS release-note-none needs-ok-to-test area/acme dco-signoff: yes needs-kind	commented send unreviewed
1075		Move Issuer / ClusterIssuer and Certificate resource content to a sub-folder of configuration/			1y	2wk	2wk		approved dco-signoff: yes size/L needs-rebase	changes-requested commented member-last send
1199		Webhook troubleshooting: advise people to set `timeoutSeconds` to 30 seconds			8mo	4wk	4wk		dco-signoff: yes size/M	changes-requested commented contributor-last send
790		Update route53.md			2y	3mo	3mo		dco-signoff: no size/XS needs-rebase needs-ok-to-test	changes-requested commented member-last send
1259		Fixed Azure Workload identity doc			5mo	5mo	5mo		dco-signoff: yes size/S	recv unreviewed
1234		Correct the cmctl release generation flow			6mo	5mo	6mo		approved dco-signoff: yes needs-rebase size/S	contributor-last recv unreviewed
948		add note to ingress class definition			2y	6mo	6mo		dco-signoff: no size/XS needs-rebase needs-ok-to-test	assigned commented contributor-last send unreviewed
1213		Draft of tutorial for Google's Public CA			8mo	6mo	6mo		dco-signoff: yes size/L ok-to-test	commented member-last reviewed-with-comment send
1202		Add section about client cert authentication for vault Similar: #4330: Add client certificate auth method for Vault issuer (open)			8mo	8mo	8mo		dco-signoff: yes do-not-merge/work-in-progress size/M	commented contributor-last draft new-commits send similar
859		Move the meetings and slack information to a separate page			2y	2y	2y		approved dco-signoff: yes needs-rebase size/M	changes-requested commented member-last send
701		Issuer with IRSA needs ambient credentials flag			2y	2y	2y		dco-signoff: no size/S ok-to-test	commented contributor-last new-commits send
528		Update "Setting Nameservers for DNS01 Self Check" example			2y	2y	2y		size/XS dco-signoff: yes needs-rebase needs-ok-to-test	contributor-last recv unreviewed
17		Add image validation for Docker architecture			3y	2y	2y		dco-signoff: yes lgtm size/L needs-rebase	assigned assignee-updated commented contributor-last new-commits send
43		No more requirement "be in the release folder" to run cmrel, remove the flag --cloudbuild			2y	2y			dco-signoff: yes approved size/M needs-rebase	contributor-last unreviewed
36		Add the "cmrel update-release-branch" command			2y	2y	2y		dco-signoff: yes approved size/M needs-rebase do-not-merge/work-in-progress	commented contributor-last draft unreviewed
220		Adds option in Makefile to check code coverage by unit tests			5wk	5wk	5wk		dco-signoff: yes size/S needs-ok-to-test	contributor-last recv unreviewed
216		feat: add the ability to specify certificate usages			5mo	2mo	5mo		dco-signoff: yes size/M needs-ok-to-test	contributor-last recv unreviewed
187		Add the ability to ignore cluster scoped resources.			11mo	6mo	9mo		dco-signoff: yes size/XS ok-to-test	commented contributor-last recv recv-q reviewed-with-comment
202		Support adding pod annotations Similar: #6190: Adds ingress annotation support for alt-names (open) Similar: #29: Additional support for subject annotations (open)			9mo	9mo	9mo		dco-signoff: yes size/XS needs-ok-to-test	contributor-last recv similar unreviewed
221		Migrate makefiles and CI/CD			3wk	2wk			dco-signoff: yes size/XXL	contributor-last unreviewed
306		Migrate makefiles and CI/CD			3wk	9d			dco-signoff: yes size/XXL	contributor-last unreviewed
229		feat: fix app label of metrics svc for ServiceMonitor discovery		2	7mo	7mo	7mo		dco-signoff: yes size/XS ok-to-test	commented member-last reviewed-with-comment send
195		Make `Makefile`s reusable and automate release process			2mo	11d			dco-signoff: yes needs-rebase size/XXL	contributor-last unreviewed
236		chore: reconcile Bundle status unconditionally			3wk	11d	19d		dco-signoff: yes size/L do-not-merge/work-in-progress needs-rebase	commented contributor-last draft reviewed-with-comment send
232		Add two new variables to the Helm chart			3wk	19d	19d		dco-signoff: yes needs-ok-to-test size/S	author-last commented recv reviewed-with-comment
147		Add ability to set pod level securityContext			5mo	7wk	5mo		dco-signoff: yes needs-ok-to-test size/S	contributor-last new-commits recv
157		Add support for generating certificates with helm Similar: #6404: Other name sans support in Certificates (open)			4mo	7wk	4mo		dco-signoff: yes approved size/M needs-rebase	commented contributor-last similar unreviewed
149		Add Configurable Common Labels and Add a PDB			5mo	3mo	5mo		dco-signoff: yes size/M needs-ok-to-test needs-rebase	contributor-last recv recv-q unreviewed
161		Migrate makefiles and CI/CD			3wk	2wk			dco-signoff: yes size/XXL	contributor-last unreviewed
129		Add attribute support for certificate subject			11mo	2mo	2mo		dco-signoff: yes size/L ok-to-test	commented member-last reviewed-with-comment send
135		Added options to all containers			11mo	9mo	10mo		dco-signoff: yes size/L needs-rebase ok-to-test	assigned commented contributor-last send unreviewed
50		Added tolerations,nodeSelector,affinity,topologySpreadConstraints			2wk	2wk	2wk		size/M dco-signoff: no needs-ok-to-test	contributor-last recv unreviewed
44		Upload Helm chart as OCI artifact to GCHR			7wk	5d	6d		dco-signoff: yes size/S	commented contributor-last new-commits recv
29		Additional support for subject annotations Similar: #6190: Adds ingress annotation support for alt-names (open) Similar: #202: Support adding pod annotations (open)		3	6mo	6wk	2mo		dco-signoff: yes size/XXL needs-rebase	author-last commented recv recv-q reviewed-with-comment similar
40		Make it possible to install openshift-routes in a different namespace than "cert-manager"			2mo	2mo			dco-signoff: no do-not-merge/work-in-progress size/L needs-rebase	contributor-last draft unreviewed
100		Configure the e2e.test binary for OpenShift environment			2mo	2mo			dco-signoff: yes size/XS	contributor-last unreviewed
28		Include Pod UID on CertificateRequest resources			1y	1y	1y		dco-signoff: yes do-not-merge/hold approved size/XS ok-to-test	assigned contributor-last recv recv-q unreviewed
34		WIP: E2E testing boilerplate			1y	9mo	1y		size/XXL dco-signoff: yes do-not-merge/hold approved do-not-merge/work-in-progress needs-rebase	commented contributor-last new-commits recv recv-q
42		Switch sample-external-issuer to issuer-lib			3mo	6wk			do-not-merge/work-in-progress dco-signoff: yes size/XXL needs-rebase	contributor-last draft unreviewed
10 previously listed items omitted: #5701 #6103 #5373 #6120 #6277 #6146 #6122 #1071 #1279 #214

Overdue answers for a question (60)

Resolution: Add a comment

Average age: 493.9d, Avg wait: 237.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6405		Retries not working as expected			2mo	2mo	2mo			author-last commented recv recv-q
6361		Allow `cert-manager.io/allow-direct-injection` annotation on `Certificate` `Secret`s			2mo	5wk	7wk		good first issue	assigned assignee-updated commented recv-q
6353		Docs: Wrong example Code for creating Issuers			2mo	2mo	2mo		kind/bug	author-last commented recv recv-q
6230		cert-manager DDoSes DNS-01 solver - infinite rate limiting			4mo	2mo	4mo		kind/bug area/acme/dns01	recv recv-q
6229		Race condition when two identical certificate requests are made from different clusters PR#6351: Handle multiple concurrent Azure DNS01 challenges for the same FQDN unreviewed		6	4mo	11d	4mo		help wanted kind/bug priority/important-longterm lifecycle/stale area/acme/dns01	collaborator-last commented pr-unreviewed recv-q send
6308		Route53 challenges not regulating failed requests with exponential backoffs		4	3mo	3wk	3mo			recv recv-q
6210		Flag to write/sync secrets to a namespace other than the namespace where the Certificate object is created		3	5mo	9d	4mo		kind/feature lifecycle/stale	collaborator-last commented recv recv-q
6185		Ingress-gce:"Error syncing to GCP: error running load balancer syncing routine"		3	5mo	6wk	5mo		kind/bug	recv recv-q
6184		Conflicting ingressClassName http01 issuer spec and acme.cert-manager.io/http01-ingress-class annotation Similar: #2538: cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer (open)		4	5mo	2mo	5mo		kind/bug	recv recv-q similar
6141		Consider exposing previous certificates/keys in the kubernetes secret so that workloads can implement a grace period when a certificate rotates		3	6mo	4wk	5mo		kind/feature	commented recv recv-q
6195		logLevel information in logs			5mo	9d	5mo		kind/bug	recv recv-q
5917		Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated		4	8mo	6wk	8mo		kind/bug	assigned assignee-updated commented recv recv-q
5751		Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together			10mo	11d	10mo		kind/bug	recv recv-q
5697		Support PodSecurityAdmission		6	11mo	2mo	11mo		kind/feature	author-last recv recv-q
5557		error instantiating route53 challenge solver: unable to assume role: AccessDenied: Similar: #5486: Aggressive Retries from "error instantiating route53 challenge solver" (open)		9	1y	13d	1y		kind/bug	recv recv-q similar
5665		Allow defining keystore password as litteral instead of SecretRef			11mo	2mo	11mo		kind/feature	author-last recv recv-q
5925		Use readOnlyRootFilesystem: true for all containers Similar: #5937: Harden containers with read-only root filesystems (closed)		9	8mo	9d	8mo		good first issue help wanted kind/feature	recv recv-q similar
5486		Aggressive Retries from "error instantiating route53 challenge solver" Similar: #5557: error instantiating route53 challenge solver: unable to assume role: AccessDenied: (open)		4	1y	3wk	1y		kind/bug	recv recv-q similar
5048		certificate not renewed for ingress with multiple hosts and http01-edit-in-place		3	2y	13d	2y		kind/bug priority/backlog	author-last commented recv recv-q
4884		Add a similar secretTemplate to the secret that is created by ACME Issuer		8	2y	5wk	2y		kind/feature	collaborator-last commented recv recv-q
4797		Automatically renew certificates if OCSP indicates that it was revoked		13	2y	2mo	2y		kind/feature area/acme	author-last commented recv recv-q
4749		rfc2136 seems to not work with deep subdomains			2y	4wk	2y		kind/bug area/acme/dns01	author-last commented recv recv-q
4685		Unexpected EOF during watch stream event decoding: unexpected EOF		10	2y	3wk	2y		lifecycle/frozen kind/bug	recv recv-q
4423		Cert renewal loop		2	2y	2mo	2y		kind/bug	commented recv recv-q
1292		Allowing skipping HTTP01 and DNS01 self-check on a per-solver basis		11 181	4y	13d	2y		area/api help wanted kind/feature priority/important-longterm lifecycle/stale area/acme	commented pr-closed recv-q send
899		Upgrading from v1.7 to v1.8 check command should exclude null.		2	2y	2y	2y			recv recv-q
944		Document how to install cert-manager in a different namespace		3	2y	4mo	2y		good first issue	recv recv-q
693		Azure DNS pod identity incorrectly documents principal_id			2y	3wk	2y			author-last commented recv recv-q
645		Investigate & add an FAQ/warning about images rolled back after GitOps upgrade			2y	2y	2y			recv recv-q
320		Document how to install cert-manager using gitops and known issues with particular gitops implementations		5	3y	2mo	3y		documentation help wanted priority/backlog	commented pr-merged recv-q
176		certificateDuration is not used for the Istio CSR generated certificate requests Similar: #119: Certificate is re-requested when container restarts (open) Similar: #14: Annotation generates CertificatesRequests repeatedly until blocked by letsencrypt (open)			1y	1y	1y			author-last commented recv recv-q similar
141		Istio-csr pods were hung unable to handle request causes entire cluster downtime for new pods/expired pods.			2y	1y	2y			commented recv recv-q
137		Documentation on rotating the root certificate			2y	9mo	2y			recv recv-q
83		commonName required for AWS PCA			2y	2y	2y			commented recv recv-q
53		Generate workload certificates with DNS in the SAN			2y	2y	2y			commented recv-q send
113		Integrating with istio helm chart installs		11	2y	4mo	2y			recv recv-q
108		[doc] confusion with `ca.pem` and Readiness probe failed on ingress and egress gateways			2y	2y	2y			author-last commented recv recv-q
227		trust-manager and Kubernetes version compatibility Similar: #197: add the compatibility matrix for Kubernetes versions to README (open)			4wk	4wk	4wk			author-last recv recv-q similar
168		Install in openshift with existing cert-manager operator install Similar: #459: cert manager is no longer on the OpenShift operator list (open) Similar: #39: Support latest cert-manager operator for openshift (open)			3mo	3mo	3mo			author-last commented recv recv-q similar
60		overriding trusted namespace		4 5	1y	7mo	11mo			commented recv-q send
131		Feature: per namespace trust bundle		2	7mo	3wk	7mo			author-last recv recv-q
145		Release Helm Chart v0.5.1 / v0.6.0		4	6mo	2mo	6mo			recv recv-q
45		Unable to mount and read only file error		4	2y	11mo	1y			commented recv-q send
26		Cannot `chmod` a read only filesystem		14	3y	2y	3y			pr-closed recv recv-q
38		Route with cert-manager annotations is not created Similar: #125: Is it too late to align cert-manager annotations? (open)			3mo	2mo	3mo			author-last recv recv-q similar
13		Can the plugin be configured to use a wildcard certificate?			1y	1y	1y			recv recv-q
34		`openshift-routes` doesn't work as expected and isn't suitable for a production environment			4mo	2mo	4mo			author-last recv recv-q
22		Customize the deployment of cert-manager installed via OLM		5 6	2y	11mo	2y			author-last commented recv recv-q
17		Operator prevents passing extraArgs helm value		7	3y	11mo	3y			recv recv-q
11 previously listed items omitted: #6468 #6224 #6150 #6065 #5957 #5590 #4191 #3521 #4114 #850 #222

Updated support requests (169)

Resolution: Move out of support, or add a comment

Average age: 378.7d, Avg wait: 321.9d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6522		Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook code 503: 503 Service Unavailable Similar: #6457: Error from server (InternalError): Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": No agent available (open)			10d	10d	10d		kind/bug	recv similar
6520		Creating multiple Certificates with duplicate dnsNames (Issuing certificate as Secret does not exist)			10d	10d	10d		kind/bug	recv
6510		DNS-01 challenge propagation \| NS ns-512.awsdns-00.net.:53 returned REFUSED for _acme-challenge ....			16d	11d	16d		kind/bug	author-last commented recv
6509		reinstall failed after k8s upgrade			17d	17d	17d			recv
6502		Can the duration of the server cert that is generated for the webhook be set?			2wk	2wk	2wk		kind/feature	recv
6489		Add support for custom-fields into the ingress annotations			3wk	3wk	3wk		kind/feature	recv
6475		preferredChain attribute on Clusterissuer doesn't pull ISRG X1 root certificate on lets-encrypt provider			3wk	3wk	3wk		kind/bug	recv
6473		Ingress labels copied to certificate, causing issues with applysets			4wk	4wk	4wk		kind/bug	author-last recv
6472		Create TLSA records automatically		2	4wk	2wk	4wk		kind/feature	recv
6470		ingress-shim: allow to impersonate ingress-creator instead of using cert-manager serviceaccount			5wk	5wk	5wk		kind/feature	recv
6465		Cannot supply trusted ca certificate bundle for the ACMEDNS solver			5wk	5wk	5wk		kind/bug	author-last commented recv
6464		Requeing due to optimistic locking and slow retry			5wk	19d	5wk		kind/bug	recv
6448		Can I apply for certificates across projects in GCP?			6wk	6wk	6wk			recv
6442		Question: get accountid from Lets Encrypt cert			6wk	6wk	6wk			recv
6422		Allow for Configuration of ValidatingWebhook in Helm Similar: #72: Add the configmap on all pod via mutatingWebhookConfiguration (open)			7wk	7wk	7wk		kind/feature	recv similar
6417		Temporary Certificate Annotation does not work on Ingress Resources			7wk	7wk	7wk		kind/bug	recv
6413		RFC2136 challenge update queries fail silently if target nameserver listens on UDP but forces re-querying over TCP			1mo	5wk	1mo		good first issue kind/bug	recv
6408		Cert-manager updates the spec of the applied objects			2mo	1mo	1mo		kind/bug	author-last commented recv
6407		Allow for Configuration of TTL on Route53 PR#6420: feat: Updated configuration of TTL on Route53 (#6407) changes-requested Similar: #4349: allowing greater configuration for the cloud provider tests (open)			2mo	7wk	2mo		kind/feature	assigned assignee-updated pr-changes-requested recv similar
6393		Support `otherName` SAN type PR#6404: Other name sans support in Certificates commented			2mo	2mo	2mo		kind/feature	pr-new-commits pr-reviewed-with-comment pr-unreviewed recv
6388		Orders marked as "invalid" intermittently			2mo	16d	2mo			recv
6382		Conditional sub-expression always evaluates to _true_			2mo	2mo	2mo			author-last commented recv
6377		Restrict access to a list of namespaces			2mo	2mo	2mo		kind/feature	recv
6363		Unable to set revisionHistoryLimit on the deployments			2mo	2mo	2mo		kind/bug	pr-closed recv
6350		Webhook inject-ca-from annotation causes downtime		4	2mo	2mo	2mo		kind/bug	author-last commented recv
6334		Query recursive nameservers for DNS01 challenge in round robin fashion			2mo	2mo	2mo		kind/feature	recv
6331		CSR not signed by referenced private key		2	3mo	2mo	2mo			author-last commented recv
6325		The RSA-SHA signature algorithm is not correctly mapped to the certificate.			3mo	2mo	2mo			assigned assignee-updated author-last commented recv
6323		Even if CA is expired, cert-manager allows to issue client cert with expired CA			3mo	6d	3mo		lifecycle/stale	collaborator-last recv
6312		Report issuer/clusterissuer status as a metric		4	3mo	6wk	3mo		kind/feature	recv
6309		How to pass ServiceAccountName to the acme-http01-solver pod.			3mo	6wk	3mo			author-last recv
6307		Certificates only issued for ingress in default namespace			3mo	14d	3mo		kind/bug lifecycle/stale	collaborator-last recv
6288		Generate cert-manager secret with certificate,key and password			3mo	2wk	3mo		kind/feature lifecycle/stale	collaborator-last recv
6284		cert-manager PEM format certificate to support private key encryption			3mo	3wk	3mo		kind/feature lifecycle/stale	collaborator-last recv
6283		JWK(S) support Similar: #130: JKS support (open)		3	3mo	5wk	3mo			recv similar
6282		The certificate request has failed... order is in "invalid" state Similar: #119: Certificate is re-requested when container restarts (open)			3mo	3wk	3mo		lifecycle/stale	collaborator-last recv similar
6274		Vault Issuer - Secretless Authentication with a Service Account doesn't work			3mo	3wk	3mo		lifecycle/stale	collaborator-last recv
6279		ServiceTemplate for solver HTTP01			3mo	3wk	3mo		lifecycle/stale	collaborator-last recv
6197		Securing Gateway resources with non HTTPS listeners generate BadConfig events		13	5mo	2mo	5mo		kind/bug	pr-merged recv
6160		Helm Chart global repository			5mo	6wk	5mo			recv
6138		allow unencrypted private keys for PKCS12 output		3	6mo	2mo	6mo		kind/feature	author-last recv
6016		add imagePullSecrets clauses to helm deployment, job templates PR#6015: add imagePullSecrets clauses to deployments, jobs unreviewed			7mo	11d	7mo		kind/feature lifecycle/stale	collaborator-last pr-unreviewed recv
5973		Graduate AdditionalCertificateOutputFormats feature Similar: #6356: Graduate AdditionalCertificateOutputFormats feature gate (open)			7mo	3wk	7mo		kind/feature lifecycle/stale	collaborator-last recv similar
5821		Allow renewBefore to be a percentage			9mo	3wk	9mo		kind/feature	author-last recv
5540		Changelog annotations to chart			1y	6wk	1y		kind/feature	author-last recv
5538		Unable to set IPv6 podDNS config from values			1y	19d	1y		kind/bug	author-last recv
5430		Improving DNS-01 challenge performance PR#5447: Allow extra DNS-01 propagation time to be configured unreviewed		3	1y	2mo	1y		kind/feature	pr-closed pr-unreviewed recv
5282		cert-manager-webhook deployment spontaneously deleted			1y	11d	3mo		kind/bug lifecycle/stale triage/not-reproducible	collaborator-last commented recv
5783		*Add k8s.io/client-go/applyconfigurations style ApplyConfigurations for the included CRDs** PR#5383: Generate applyconfigurations and Apply functions changes-requested			10mo	3wk	9mo		kind/feature	author-last commented pr-changes-requested recv
6212		Default duration field in cmctl check api			5mo	6d	3mo		kind/feature lifecycle/stale	collaborator-last commented pr-merged recv
1355		Add CA cert to chain tls.crt			6d	6d	6d			recv
1310		cert-manager-istio-csr Pod's Health Endpoint failing			2mo	2mo	2mo			recv
1257		ErrRegisterACMEAccount			5mo	5mo	5mo			recv
1101		Feature request for updating documentation.			1y	1y	1y			recv
1063		"Securing Ingresses with Venafi" tutorial contains link to missing manifest			1y	1y	1y			author-last pr-merged recv
1062		Document process for offboarding maintainers Similar: #1061: Document onboarding process for new maintainers (open)			1y	1y	1y			recv similar
1061		Document onboarding process for new maintainers Similar: #1062: Document process for offboarding maintainers (open)			1y	1y	1y			recv similar
1054		Run spell checker in a pre-commit hook			1y	1y	1y		good first issue kind/cleanup	recv
851		create Cilium ingress tls example		3	2y	1y	2y			assigned assignee-updated recv
866		Securing NGINX-ingress Similar: #326: Securing Ingresses with Venafi (open)			2y	2y	2y			recv similar
836		Syncing Secrets Across Namespaces			2y	2y	2y			recv
758		API reference docs: enum values not documented with typedef			2y	2y	2y			recv
706		Default key usages			2y	2y	2y			recv
697		[IRSA] Needs `runAsUser: 1001`			2y	2y	2y			recv
672		List required Google CloudDNS permissions exhaustively			2y	2y	2y			recv
662		Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"			2y	2y	2y			recv
1241		Remove Bitnami kubeprod as installation method			6mo	6mo	6mo			recv
561		Certificate Resources Similar: #144: Add CertificateRequest as a source (open)			2y	2y	2y			recv similar
568		Add a diagram for LetsEncrypt cert issuance flow to the docs		4	2y	2y	2y			recv
469		DNS01: Delegated Domains for DNS01 example yaml solvers list items			2y	2y	2y			recv
466		installation/compatiblity			2y	2y	2y			recv
457		cainjector docs are missing the option to inject certs in apiservice resources			2y	2y	2y			recv
354		DigitalOcean access-token should not be base64-encoded			3y	2y	3y		priority/awaiting-more-evidence	author-last commented recv
213		charts.jetstack.io beding cluster presents a challenge and breaks deployment			5mo	5mo	5mo			recv
211		Add custom annotations to deployment			6mo	2mo	6mo			author-last recv
197		add the compatibility matrix for Kubernetes versions to README Similar: #227: trust-manager and Kubernetes version compatibility (open)			9mo	9mo	9mo			recv similar
155		Invalid certificate chain when using Vault with Intermediate CA			2y	4mo	2y			recv
145		*Not able to use Istio-CSR in istio(1.13.)**			2y	2y	2y			author-last commented pr-closed recv
144		add a support kubernetes client QPS and Burst config			2y	2y	2y			recv
136		Document available metrics Similar: #850: Document available cert-manager Prometheus metrics (open)			2y	2y	2y			recv similar
132		Allow override of istiod-tls certificate common name in helm chert (for non-standard istiod deployments)			2y	8mo	2y			recv
130		Document best-practices for minimal vault role configuration for istio-csr			2y	2y	2y			recv
117		public ca.crt aka caBundle is not being updated/propagated until the cert-manager and istiod components are restarted			2y	2y	2y			recv
94		Can't get aws pca to work			2y	2y	2y			recv
271		Include binary artifacts your releases.			2mo	2mo	2mo			recv
169		Webhook Custom CA			1y	1y	1y			recv
207		Setting .Values.nameOverride makes the pod not have rights to update secret cert-manager-approver-policy-tls			9mo	9mo	9mo			author-last recv
245		Split Bundle controller into multiple controllers			14d	14d	14d			recv
205		Allow to select multiple "trust" namespaces			6wk	6wk	6wk			recv
196		Allow TLS to be configured on the admission webhook server			2mo	2mo	2mo			recv
175		support extra annotations on resoures in helm chart			3mo	3mo	3mo			recv
142		expose bundles CRD as release artifact		3	6mo	6mo	6mo			recv
99		Allow removing Bundles whilst keeping the synced CA certs		2	10mo	10mo	10mo			pr-unreviewed recv
33		Support CRDs as target		4	2y	2y	2y			recv
23		Way to add labels/annotations to target		10	2y	3mo	2y		help wanted good first issue	recv
144		Push new tag for chart fixes			6mo	6mo	6mo			recv
140		Update images to not utilize k8s.gcr.io			8mo	7mo	8mo			recv
136		SubPath support is broken or missing			11mo	11mo	11mo			recv
134		Volume empty		3	11mo	8mo	11mo			recv
130		JKS support Similar: #6283: JWK(S) support (open) Similar: #159: No support for EKS in helm (closed)		3	11mo	9mo	11mo			recv similar
128		Support all subject attributes PR#129: Add attribute support for certificate subject commented			11mo	11mo	11mo			pr-reviewed-with-comment recv
125		Is it too late to align cert-manager annotations? Similar: #38: Route with cert-manager annotations is not created (open)			1y	11mo	1y			recv similar
119		Certificate is re-requested when container restarts Similar: #176: certificateDuration is not used for the Istio CSR generated certificate requests (open) Similar: #6282: The certificate request has failed... order is in "invalid" state (open) Similar: #144: Add CertificateRequest as a source (open)			1y	1y	1y			recv similar
33		New key being used with old certificate			2y	2y	2y			recv
29		Deleting a pod with a cert-manager-csi volume mounted results in the pod termination hanging.			3y	3y	3y			recv
21		MountVolume.SetUp failed: cannot set blockOwnerDeletion: cannot find RESTMapping for APIVersion core/v1 Kind Pod			3y	3y	3y			recv
17		ability to specify pod IP in volume attributes		5	3y	3y	3y			commented recv
38		Add Envoy Secret discovery service (SDS) support			7mo	7mo	7mo			recv
19		Add support for certificate expiry configuration Similar: #3404: Add support for custom Certificate Extensions (closed)		6	1y	6mo	1y			recv similar
46		Ability to configure CertificateRequest revision history limit Similar: #3958: Sane defaults for Certificate revision history limit (open) Similar: #106: Helm chart is failing with "certificate.spec.revisionHistoryLimit" issue (open) Similar: #42: Monitoring observability for "CertificateRequests" (open)			3wk	3wk	3wk			recv similar
42		Monitoring observability for "CertificateRequests" Similar: #46: Ability to configure CertificateRequest revision history limit (open)			2mo	6wk	2mo			recv similar
35		How to populate certificate metadata i.e. subject details e.g. OU, Organization etc			4mo	2mo	4mo			recv
26		Missing CONTRIBUTING.md			8mo	8mo	8mo			recv
15		Feature: Support for ECC certs			1y	1y	1y			recv
14		Annotation generates CertificatesRequests repeatedly until blocked by letsencrypt Similar: #176: certificateDuration is not used for the Istio CSR generated certificate requests (open)			1y	1y	1y			recv similar
12		Does this plugin support DNS validation?			1y	1y	1y			recv
46		Cert-manager operator fails to issue certificates Similar: #3896: Cert Manager failing to renew certificate (open)			2y	2y	2y			recv similar
3		Restrict operator RBAC permissions			3y	3y	3y			recv
40		Optional auto rotating/renewing certificates Similar: #4658: cert-manager is auto-renewing the Let's Encrypt certificates every 24hr (closed)			1y	1y	1y			recv similar
33		Create e2e test to validate CertificateRequest garbage collection			1y	1y	1y			assigned recv
49 previously listed items omitted