generic
Daily Triage
Weekly Triage
Quarterly Scrub
Receive queue
Urgent
Important Soon
In Milestone
179 PRs
380 issues
192.8d avg wait
Showing 0 of 559 unique items, Avg age: 588.1d
Items
Milestone:
Next (0001-01-01)
trust-manager v1 (0001-01-01)
1.14 (2024-01-31)
1.18 (2025-06-04)
All items
All open PR's and Issues that should be considered for repository stats (hidden)
559 unique items
Completion ETA:
~2026-04-19
Assi
Open PRs
Open Issues
website#948
add note to ingress class definition
🌊
cert-manager#8218
Include Vault hostname as default JWT audiences
🌊
8228
cert-manager#7473
Create certificate based on HTTPRoute configuration
🌊
7608
7839
cert-manager#8200
Add commonLabels support for acmesolver
🌊
cert-manager#5917
Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated
🌊
website#414
Explain cert-manager repo structure
🌊
447
531
cert-manager#2930
Mirror to gcr.io or dockerhub
🌊
release#2
Set up periodic job to publish an experimental release build
🌊
website#1186
Document that/why we don't use Helm's CRD installation mechanism
🌊
website#1262
v1.9 to v1.10 upgrade instructions does not mention container name change
🌊
trust-manager#892
Eliminate the duplicate code for managing default trust bundle images
🌊
893
makefile-modules#98
Document new release process for all repos
🌊
nobody
cert-manager#8723
feat(deploy): adding helm unit tests
cert-manager#8732
feat: move enableGatewayAPI/enableGatewayAPIListenerSet into GatewayAPIConfig
cert-manager#8727
feat(cert-shim): adding listener ignore annotation
cert-manager#8734
Fix: include annotations derived from ingress in certificate reconciliation loop
cert-manager#8718
fix: apply ingressTemplate annotations to edit-in-place ingresses
cert-manager#8592
docs: Update Helm repository references to OCI registry
cert-manager#8336
Add global.tolerations to helm chart
cert-manager#8614
Feature/ignore namespaces
cert-manager#8722
fix(dns): propagate caBundle to acmeDNS solver, add per-solver override
cert-manager#8457
feat(acme): add support for ECDSA account key algorithm in ACME issuers
cert-manager#8717
fix: remove OS-dependent path literals from TestFSLoader_Load
cert-manager#8255
add dns issuer secrets validation before marking it as ready
cert-manager#8713
fix: use filepath functions in TestFSLoader_Load for Windows compatibility
cert-manager#8339
feat(pkcs12): Add flag to specify pkcs12 keystore alias
cert-manager#8574
feat(design): proposed ari design
cert-manager#8712
feat(metrics): add Vault Sign() request duration instrumentation
cert-manager#8698
fix(digitalocean): resolve DNS01 zones from managed domains
cert-manager#8687
Normalize challenge reason in certmanager_certificate_challenge_status metric
cert-manager#8697
fix: retry ACME challenge on timeout, closes #8696
cert-manager#8692
Make cainjector use SSA unconditionally
cert-manager#8141
fix(helm): Align targetPorts in metrics endpoints for webhook and cainjector services
cert-manager#8674
Allow specifying secret namespaces for CAIssuers
cert-manager#7662
Fix the issue of webhook routes generating duplicate operation IDs
cert-manager#8637
fix(helm): roll deployments on config changes (checksum)
cert-manager#8529
fix: schedule readiness re-evaluation at certificate expiry time
cert-manager#8613
Update test case to natively pass independently of executing OS
cert-manager#8485
Adds Sign API call metric for the Vault issuer.
cert-manager#8639
fix(dns01): don't follow wildcard CNAMEs for challenge domain
cert-manager#8585
feat: support ECC keys for ACME account private keys
cert-manager#8624
feat: add autoAnnotations support for Gateway-API
cert-manager#8631
fix(acme): detect server URL path changes for account re-registration
cert-manager#8630
fix(vault): detect mismatched key from issue endpoint and fail permanently
cert-manager#5743
Add MaxPathLen and add EncodeBasicConstraintsInRequest option to Certificate and CertificateRequest resources
cert-manager#8536
Re-enable the ListenerSet e2e tests
cert-manager#7583
Support for ACME servers that don't finalize within the ACME client finalizer retry window
cert-manager#7906
fix: Venafi call GetRefreshToken only when access token invalid for password/username authentication
cert-manager#7764
Doc: Add leaderElection.namespace recommendation
cert-manager#8594
Fix typo "commonname" in PreferredChain field comment
cert-manager#7289
Design proposal for delayed certificate activation
cert-manager#7521
ClusterIssuer read caBundle from Secret
cert-manager#8395
Clarify code around DNS01 Self Check
cert-manager#7733
fixes #5864: cert-manager CA to issue certs after verify with CA Certs Validity
cert-manager#8608
fix: reduce happy-eyeballs fallback delay in Cloudflare DNS provider
cert-manager#7654
Implement fallback for git_version creation in forked environments
cert-manager#7852
adds cli option configure ACME challange authorization timeout
cert-manager#7399
Add renew window to restrict when certificate renewal can happen
cert-manager#8379
acmechallenges: stabilize solver resource names
cert-manager#7897
wip: add retry mechanism for challenge solver whenever we detect unauthorized error
cert-manager#8527
[WIP]:AddS ML-DSA-65 post-quantum signature algorithm support
cert-manager#8534
feat: add --dns01-timeout flag to make DNS01 provider API timeout configurable
cert-manager#8480
Add Subject Key Identifier (SKI) to issued certificates
cert-manager#7886
Improve array field characteristics in API
cert-manager#8504
WIP: Enable KAL
cert-manager#8464
improve dynamic source serving certificate renewal logic
cert-manager#8253
refactor(issuer): add shared factory and per-instance registries
cert-manager#7725
chore: allow additional properties in Helm setup #7668
cert-manager#8438
POC: single cert-manager binary
cert-manager#7646
Support custom ACME account key type.
cert-manager#8220
Add predicate filtering to queuing handler
cert-manager#8367
feat(helm) add startupProbe and readinessProbe to cert-manager-controller
cert-manager#5447
Allow extra DNS-01 propagation time to be configured
cert-manager#7382
Implement a single package for controlling cert-manager RNG
cert-manager#7236
Route53: Allow STS token to be refreshed by the AWS client if necessary
cert-manager#7437
fix: annotate account private key secrets
cert-manager#7449
WIP: reconcile issuers using issuer-lib
cert-manager#7718
Switch to makefile modules completely (part 1)
cert-manager#7823
Adding read perms for pods and services to DNS01 ClusterRole
cert-manager#7805
feat: refactor challenge controller to be entirely non blocking
cert-manager#8263
fix: dont copy `kapp.k14s.io` annotations from Ingress to created resources
cert-manager#8071
Handle ACME Accept asynchronously
cert-manager#7450
Make ACME Authorization Timeout Configurable
cert-manager#8262
Bugfix #7388 kid missing issue with Infisical ACME server or any other ACME that requires EAB
cert-manager#7614
Lower the minimum certificate duration from 1 hour to 5 minutes
cert-manager#8187
fix: add case for parsing key with ec parameters
website#2069
chore(deps): update misc npm packages
website#2064
docs: add NetworkPolicy example manifests
website#2062
Deploy `cert-manager` on Google Kubernetes Engine Tutorial - remove `google domains`
website#2042
docs: list cert-manager container images
website#2041
docs: link HTTP01 guide to network policy requirements
website#2004
Add adcs-issuer (lcwsre) to external issuers list
website#2020
docs: add ENISA NIS2 reference to best practice intro
website#1785
WIP: Add release-notes generator script and update release docs
website#2023
Adds troubleshooting guide for host missmatch error
website#1607
Document Log Level settings. Document DNS01 delegation using multiple providers.
website#1197
doc about new option default-cleanup-policy
website#1202
Add section about client cert authentication for vault
website#1213
Draft of tutorial for Google's Public CA
website#859
Move the meetings and slack information to a separate page
website#1909
docs: add ACK RRSA supported AliDNS webhook
website#1787
Update Slack links to include both invite and direct channel URLs
website#1640
Update issuer.md
website#1569
wip: update cert-manager logo svg
website#1075
Move Issuer / ClusterIssuer and Certificate resource content to a sub-folder of configuration/
website#1364
WIP: Patch release checklist
website#1587
Custom Certificate Support for cert-manager Webhook Endpoint
website#1447
Explain how to install cert-manager using ArgoCD
website#1450
Docker testing and validation
website#1672
WIP: docs: Add an wrap-up announcement page
website#790
Update route53.md
website#1724
DRAFT: feat(tutorials): Add Gateway API
website#1611
Update webhook troubleshooting documentation to including necessary curl command.
website#1419
fix: TLSConfig secretName description
website#1602
acme troubleshooting: how to fix errored challenges
website#528
Update "Setting Nameservers for DNS01 Self Check" example
release#290
Add OCI signing as part of existing publish pipeline
release#279
chore(deps): pin nginx docker tag to 7f0adca
release#36
Add the "cmrel update-release-branch" command
release#43
No more requirement "be in the release folder" to run cmrel, remove the flag --cloudbuild
istio-csr#768
Add unit tests for pkg/tls Provider
istio-csr#728
Deprioritize resync operations
istio-csr#637
Fix/chartadditional annotations for cli args
istio-csr#769
Fix HasIssuerConfig to use RLock instead of Lock
approver-policy#854
test: add unit tests for registry package
approver-policy#875
Fix Store() to detect duplicate approver names within a single call
approver-policy#868
feat(annotations): Add annotation-based policy enforcement
approver-policy#628
Grant cert-manager RBAC to use all policies by default
trust-manager#918
add bundle metrics
trust-manager#921
Add explicit unit tests for v1alpha1 Bundle conversion
trust-manager#900
chart: add startupapicheck to ensure trust-manager is ready after install
trust-manager#702
User-facing migration to ClusterBundle
trust-manager#558
feat(helm-chart): add ability to set pod level security context
trust-manager#836
Set securityContext and podSecurityContext in values
trust-manager#683
feat: Add a very basic pre-commit configuration
trust-manager#395
WIP: feat: inject bundle data into configmap
trust-manager#762
Add support for injecting CA from secret for trust manager Webhook
trust-manager#654
Add design for trust source plugins
trust-manager#689
Add build process for Debian Trixie
issuer-lib#188
Remove SetCertificateRequestConditionError
issuer-lib#432
fix(deps): update module github.com/cert-manager/cert-manager to v1.20.2
issuer-lib#324
[VC-35742] Handle canceled context to prevent extra retries
issuer-lib#186
Remove GetIssuerTypeIdentifier from Issuer API
csi-driver#627
feat: add --kube-api-qps and --kube-api-burst flags to CSI driver
csi-driver#616
Allow setting hostNetwork values in helm chart
csi-driver#618
feat(pki): add pkcs12-password-file (auto-mounts password)
csi-driver#502
Enable csi-lib metrics
csi-driver#251
PoC: Generate SPIFFE identities in csi-driver
csi-driver#129
Add attribute support for certificate subject
csi-driver#135
Added options to all containers
csi-driver-spiffe#107
Remove csi-driver-spiffe approver
csi-driver-spiffe#477
Mark SAN extension critical in SPIFFE CSRs for RFC 5280 and AWS PCA compliance
openshift-routes#148
limit-namespaces for namespace-scope deployments
openshift-routes#303
feat: add support for setting private key encoding
openshift-routes#117
fill spec.tls.caCertificate in route with intermediate ca certificate…
csi-lib#71
Refactor filesystem.go and adapt tests to use a real file system
cmctl#443
inspect secret: close response body on error path in CRL check
infrastructure#70
chore(deps): update terraform google to v7.28.0
infrastructure#69
Add KubeCon infrastructure
testing#1169
Update k8s-infra-prow images, cert-manager-infra-images images as needed
testing#1160
config: exempt Copilot-authored PRs from DCO requirement in Tide
testing#1114
Add the 'cybr' label
makefile-modules#595
chore(deps): update module oras.land/oras to v1.3.2
makefile-modules#492
chore(deps): update module github.com/sigstore/cosign/v2 to v3
makefile-modules#549
Split (helm) generate-crds target
makefile-modules#541
Add Kube API linter
makefile-modules#470
feat(helm): adding `helm-diff` target
makefile-modules#590
chore(deps): update dependency hashicorp/vault to v2
makefile-modules#293
Add Helm chart image baking
makefile-modules#55
feat: add test module
helm-tool#104
Add Chart image baking
community#69
Add auditing tool for confirming who has access to the cert-manager org
community#11
Governance: folks meaningfully contributing to the biweekly can become GitHub Members
webhook-example#64
Add imagePullSecrets to template
webhook-example#59
cleanup: remove unused NOTES.txt file
org#1
Manage the cert-manager GitHub organisation from this repo
klone#75
chore(deps): update goreleaser/goreleaser-action action to v7.1.0
boilersuite#8
Optionally output a unified diff
boilersuite#13
Various QA fixes
boilersuite#4
Add support for custom license templates
google-cas-issuer#159
Split certificate chain
google-cas-issuer#345
chore: add existing securityContext settings to values
google-cas-issuer#143
feat: allow creating or reusing an existing sa
google-cas-issuer#141
re-adding required clusterrole permission
cert-manager#8733
Updates or removal of solver ingress class annotations on ingresses are not propagated to existing certificates
8734
cert-manager#8729
Feature Request: allow to configure max retry backoff duration for failed CertificateRequest
cert-manager#8716
Feature Request: Add a CMPv2 issuer for certificate enrollment and renewal (RFC 4210)
cert-manager#8702
202 Accepted Response - Certificate Request failed - Unexpected status code on TPP Certificate Request.
cert-manager#8679
Allow managing SSH-CA
cert-manager#8672
Allow specifying the secret namespace for CA issuer spec
8674
cert-manager#8659
v1.20.1 release progress tracking
cert-manager#8656
v1.20.0 release progress tracking
cert-manager#8641
ContribFest KubeCon EU 2026 - Amsterdam (March 24, 2026)
cert-manager#8612
Unneeded OS dependency in TestFSLoader_Load
8613
8713
8717
cert-manager#8611
Move from LetsEncrypt staging endpoint to production endpoint causes loop of the same error
8632
cert-manager#8609
Skip certain listener's certificate management for Gateway API
8727
cert-manager#8586
Misconfiguration caused hammering of DigitalOcean API
8698
cert-manager#8572
Solver ingressTemplate annotations are not applied to existing Ingress resources when acme.cert-manager.io/http01-edit-in-place: 'true' is set
8670
8718
cert-manager#8530
Allow usage of the new DNS-PERSIST-01 challange for ACME
cert-manager#8522
Support pulling additional fields from secret when using external account binding
cert-manager#8513
Exclude namespace(s) from CA Injector
8614
cert-manager#8512
ArtifactHub install command causes Helm fallback warning due to missing v prefix
cert-manager#8499
Add custom labels to be exposed in prometheus metrics
cert-manager#8481
FYI: cert-manager-webhook-libdns
cert-manager#8479
Subject Key Identifier (SKI) missing on issued certificates by self-signed CA
8480
cert-manager#8476
Helm chart defaults leaderElection namespace to kube-system, blocking cert-manager controller and certificate creation
cert-manager#8458
Vault approle configuration
cert-manager#8434
Allow external account binding (EAB) with ECC keys
8457
8585
cert-manager#8416
Make Venafi client timeout configurable for slower servers
cert-manager#8402
ZeroSSL issues all certs with the same hour (yyyy-mm-ddT15:59:59Z)
cert-manager#8378
Support `PodCertificateRequest`
cert-manager#8373
DNS-PERSIST-01 challenge support (planned for late Q1 2026)
cert-manager#8372
HTTP-01 challenge: support stateless http-01 challenge
cert-manager#8364
Replace Hetzner DNS01 Webhook
cert-manager#8340
Top-level: CA Issuer rotation problem
cert-manager#8319
Improve cert-manager's event handler to allow us to selectively skip some reconciliations
cert-manager#8309
Dependency Dashboard
cert-manager#8296
HTTP-01 challenge stuck in pending with status code 400
cert-manager#8280
Unblocking SSA: Document changes in SSA-by-default
cert-manager#8279
Unblocking SSA: Fix unit tests
cert-manager#8277
Unblocking Server Side Apply (SSA) by Default
cert-manager#8251
Top-level ticket: ListenerSet
7839
cert-manager#8235
Cert-manager support for Issuer-managed keys
cert-manager#8234
Vault Issuer: certmanager spams thousands of CertificateRequest resources if Issuer is configured to use the Vault issue endpoint rather than the sign endpoint
8630
cert-manager#8209
Add revocation at certificate deletion
cert-manager#8201
Timeout contacting Cloudflare API during cert-manager DNS-01 challenge
cert-manager#8194
Update e2e Documentation - for the make e2e-setup command
cert-manager#8121
Support for Creating CertificateRequest from Kubernetes Secret
cert-manager#8102
cert-manager-startupapicheck erroring while installation
cert-manager#8095
DNS-01 Delegated zone is not following CNAME and creating wrong records
cert-manager#8094
HTTP-01 challenge returns 502 with App Gateway (works with NGINX ingress controller)
cert-manager#8086
ACME ClusterIssuer not recovering after Vault restart
cert-manager#8085
Feature Request: Add annotation to disable automatic certificate renewal
8091
cert-manager#8082
EOF during self check with Pomerium
cert-manager#8023
ACME issuer fails when CA includes Name Constraints with x509: unhandled critical extension
cert-manager#7914
Output tls.crt in CA cert to another secret
cert-manager#7895
if certificate is already expired, it shown like a True
8529
8258
cert-manager#7868
Metrics for webhook certificate
cert-manager#7862
Requesting a certificate from ZeroSSL sometimes takes more than 10 minutes to complete
cert-manager#7845
ClusterIssuer.cert-manager.io "letsencrypt" is invalid: spec.acme.privateKeySecretRef: Required value...
cert-manager#7834
Provide race condition mitigation support
cert-manager#7829
Support to auto delete Certificaterequest
cert-manager#7828
Cert-manager created multiple CertificateRequests (over 30k) for a valid certificate
cert-manager#7821
Request to support AWS ACM Exportable certificates
cert-manager#7817
Support `global.nodeSelector` in the Helm chart
7818
cert-manager#7788
Be able to default `acme.cert-manager.io/http01-edit-in-place: "true"` behavior in deployment/chart values
cert-manager#7779
RevisionHistoryLimit should follow Kubernetes definition
cert-manager#7772
Reviewing the use of https://github.com/SSLMate/go-pkcs12
cert-manager#7768
Stuck in a loop with `multiple challenge solver pods found for challenge`
cert-manager#7766
Certificate: Let me specify the concatenation order for CombinedPEM output format
cert-manager#7765
Propagation tests fails when using IPv6 recursive DNS nameservers
cert-manager#7760
Is the zone responsible for a domain changes, cert-manager will not pick it up
cert-manager#7755
cert-manager-challenges Error presenting challenge: expected array of Record
cert-manager#7751
Custom key usage extensions
cert-manager#7749
Http and PROXY protocol
cert-manager#7747
[suggestion] Add Kustomize install documentation
cert-manager#7717
After uninstalling cert-manager, ingress resources can still only be accessed via https
cert-manager#7822
Tracking: Kubernetes Gateway API follow up tasks
7839
cert-manager#7660
cert-manager produces invalid (per RFC5280) certificates when `cert sign` usage is set along with another usage
cert-manager#7659
Challenge and resolver pod/ingress killed too soon
cert-manager#7649
[GKE][Cert-Manager]Document Might Need Implementation Details Update to GSA/KSA Integration
cert-manager#7645
Support cross-signed intermediate CAs issued with Vault
cert-manager#7625
Clean install fails to create Issuer
cert-manager#7594
Cloudflare delegated domains returns Found no Zones for domain _acme-challenge.mydomain.com
cert-manager#7561
Feature Request RFC: Push notifications from cert-manager to <other service> when certificates are issued
cert-manager#7551
Unhelpful log messages
cert-manager#7536
Digicert ACME order is failing due to invalid validity_years
cert-manager#7531
punycode issue
cert-manager#7522
Non standard "cert-manager.io" used in event "Reason"
cert-manager#7520
ClusterIssuer read caBundle from Secret
7521
cert-manager#7514
Replace some of the webhook functionality with `ValidatingAdmissionPolicy` & CEL
cert-manager#7510
Key Size for Acme Account Key
7646
cert-manager#7492
`UseCertificateRequestBasicConstraints` should probably add `Critical` for `isCA`
cert-manager#7486
`"Unhandled Error" err="ingress '...' in work queue no longer exists"` should be handled (clean up dangling `Certificate`)
cert-manager#7476
[Helm Chart] - Wrong handling of image registry and repository
7748
cert-manager#7684
Add support for namespaced deployment
7678
cert-manager#7422
Please provide standalone helm chart for CRDs
cert-manager#7388
Kid missing in the new order request
8262
cert-manager#7311
helm schema validation should validate `featureGates`
cert-manager#7288
Missing UID in webhook challenge request
cert-manager#8696
Challenge is not reconciled on ACME API timeout
8697
cert-manager#6969
Should upgrade status managed fields from CSA to SSA when ServerSideApply feature gate enabled
cert-manager#6820
Ongoing dependency evaluation
cert-manager#6799
ACME challenges stopped working after 1.13/1.14 update
cert-manager#8058
Cert-manager fails to import ECDSA private keys generated by openssl
8187
cert-manager#7438
certificate not updated after enabling SSA
cert-manager#6662
support overriding of ttl in cloudflare
cert-manager#6622
`make update-licenses` is non-deterministic.
7084
7752
cert-manager#6472
Create TLSA records automatically
cert-manager#6470
ingress-shim: allow to impersonate ingress-creator instead of using cert-manager serviceaccount
cert-manager#6331
CSR not signed by referenced private key
cert-manager#6230
DigitalOcean: cert-manager DDoSes DNS-01 solver - infinite rate limiting
8205
8221
cert-manager#6210
Flag to write/sync secrets to a namespace other than the namespace where the Certificate object is created
cert-manager#6224
Option to store certificate history in individual secrets
cert-manager#6051
Detecting Gateway hostnames based on attached HTTPRoutes
6124
7839
cert-manager#6010
Support the ACME Renewal Information (ARI) extension
8574
cert-manager#5959
`ImagePullBackoff` on `cm-acme-http-solver` pod, if using private registries
cert-manager#6741
ACME account private key and URI are not updated if the path of the ACME server is changed
8631
cert-manager#5867
Controller can't handle hitting request rate limits of zerossl ACME API
5901
6090
6091
8640
cert-manager#5751
Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together
8474
8639
cert-manager#5540
Changelog annotations to chart
cert-manager#5298
Complete the Migration Away From Jetstack Names
cert-manager#5101
No backoff/delay when failing to create challenge solver pods
8379
cert-manager#5048
certificate not renewed for ingress with multiple hosts and http01-edit-in-place
cert-manager#5864
Certmgr allows creating certificates expiring after ca expiration.
7733
cert-manager#4749
rfc2136 seems to not work with deep subdomains
cert-manager#4685
Unexpected EOF during watch stream event decoding: unexpected EOF -- possibly due to api server upgrades / restarts
cert-manager#4191
Setting default values for Pod's "resources"?
cert-manager#3992
Add non-CRD yaml file
cert-manager#3706
renewal-hooks
cert-manager#4950
General flakiness of our end-to-end suite
4960
5136
5141
5317
5318
5323
5325
cert-manager#3521
Integration with ExternalDNS
cert-manager#3103
Adding probes to the cert-manager pods
8375
cert-manager#2538
cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer
cert-manager#3298
Let's encrypt certificate caching to mitigate rate limits problems
cert-manager#6709
1.14 Release Review
cert-manager#6716
leader election namespace should default to `.Release.Namespace`, not `kube-system`
6766
7764
cert-manager#2478
Allow CA issuer secret rotation
cert-manager#1292
Allowing skipping HTTP01 and DNS01 self-check on a per-solver basis
2772
2783
cert-manager#2178
Handling 'unregistering' certificates from Venafi TPP
cert-manager#2334
Add network policy allowance into documentation
5417
cert-manager#2239
Create a CertificatePreset resource type to allow configurable defaulting
1738
2281
3828
5158
cert-manager#2525
Better support multi-namespace & single-namespace deployments
4219
cert-manager#6179
CRDs shouldn't be templated in Helm
website#2019
Add ENISA NIS2 reference to best practice intro
website#2010
The flag description "Enable client cert authenticate of apiserver to webhooks." is ungrammatical/unclear
website#2009
The flag description "Enable client cert authenticate of apiserver to webhooks." is ungrammatical/unclear
website#1935
add third party cert-manager-webhook-infomaniak
website#1926
Change the Cert Manager Webhook DNS01 of Hetzner Cloud
1927
website#1874
Dependency Dashboard
website#1806
Tutorial depends on no longer available image of kuard
website#1802
Invalid certificate
website#1715
The ingress annotation `cert-manager.io/secret-template` is not documented
website#1643
Let's Encrypt Ending Support for Notification Emails
website#1625
Configuration issue potentially leading to a memory leak
website#1623
Claim about v1beta1/v1alpha2 support for gateway api is misleading
website#1620
Cert Manager allows the creation of Illegal wilcard SANs
website#1608
Renaming Securing NGINX-ingress to ingress-nginx
website#1596
Wrong key for cloudflare secret ref in DNS Validation tutorial page
website#1586
Now that cert-manager 1.16 has been released, `--set config.enableGatewayAPI=true` is now the recommended approach for projects that show instructions on how to enable cert-manager's gateway API support, especially on visible projects like Cilium:
1517
website#1585
Broken install instructions due wrong cert_manager_latest_version - v1.16.1
website#1549
Brand guideline page
website#1546
Self upgrade PRs don't run checks
website#1490
GKE tutorial falsely claims it's possible to create LE certificate without domain (only IP)
website#1473
Add ArtifactHub packages to website
website#1425
The `issuer.vault.spec.caBundleSecretRef` docs are missing
website#1194
Confusing paragraph - cert-manager integration.
2043
website#1174
Document the docker images and how to find them
2042
website#1101
Feature request for updating documentation.
website#975
Some pages do not make it clear what the user should read next
website#955
Document when the vault pki role required setting `require_cn=false`
website#944
Document how to install cert-manager in a different namespace
website#850
Document available cert-manager Prometheus metrics
website#802
Spelling errors are unclear in pull request CI results and spell checker is unmaintained
806
807
1175
website#484
Please add anchor tags to your subheadings
491
website#401
Bring tutorials up to date
website#354
DigitalOcean access-token should not be base64-encoded
website#320
Document how to install cert-manager using gitops and known issues with particular gitops implementations
1338
website#237
docs for ACMEChallengeSolverHTTP01Ingress doesn't specify what `class` values are available
284
website#234
Backup and Restore Resources
531
website#228
Documentation needs correction for external-account-bindings
301
website#223
Document wildcard certificate tutorial
website#1063
"Securing Ingresses with Venafi" tutorial contains link to missing manifest
1090
website#195
Document keystores
website#174
Add documentation for CRD conversion webhook ca injection
website#197
Document ACME account mismatch
2023
website#130
FAQ: How does cert-manager handle ingresses with valid TLS secrets?
website#76
Upgrading from v0.10 to v0.11 - missing cainjector annotation
website#155
Add 'unreleased version' & 'old version' warning banner to non-latest versions of docs
website#2061
Tutorial: `cert-manager` on Google Kubernetes Engine - Remove Google Domains
2062
website#697
[IRSA] Needs `runAsUser: 1001`
1555
release#209
Dependency Dashboard
247
istio-csr#501
Error logs not very helpful
istio-csr#687
Dependency Dashboard
istio-csr#287
Getting Readiness probe failed when using cert-manager-istio-csr
istio-csr#431
istio-csr pod healthz check fails for long time in v0.11.0 and v0.12.0
istio-csr#244
Populate Subject Fields in Certificate
istio-csr#223
False positive warnings from trivy and dependabot
istio-csr#283
Document / improve that sometimes the issuer needs to set `ca.crt`
istio-csr#153
It is possible to have several CAs within the same cluster.
istio-csr#137
Documentation on rotating the root certificate
istio-csr#130
Document best-practices for minimal vault role configuration for istio-csr
istio-csr#176
certificateDuration is not used for the Istio CSR generated certificate requests
453
469
istio-csr#84
csr readiness probe failed, istio ingress pod also failed
istio-csr#113
Integrating with istio helm chart installs
approver-policy#803
Request to build images for main
approver-policy#667
Cannot create secret cert-manager-approver-policy-tls
approver-policy#559
Flakey Tests in pull-cert-manager-approver-policy-test
approver-policy#466
Document How to Configure Common Scenarios
approver-policy#638
Approver cannot find applicable policy
approver-policy#394
Limit number of SANs by policy
approver-policy#288
Feature: Take control of approval for the whole cluster
approver-policy#452
CRDs in the Release files
approver-policy#169
Webhook Custom CA
approver-policy#203
Improve CRD fields for specifying key requirements
approver-policy#782
Ensuring approver-policy is ready to accept CRDs after install
approver-policy#761
Dependency Dashboard
approver-policy#216
Simplify configuration by creating RBAC by default
310
628
approver-policy#869
[Feature Request] Support Annotations in Approval Policies
868
trust-manager#913
Feature Request: Allow files as a source.
trust-manager#841
Does trust-manager require cluster level permissions to read secrets?
trust-manager#837
Ensuring trust-manager is ready to accept CRDs after install
900
trust-manager#835
Helm Chart cannot set securityContext
trust-manager#815
Support Debian Trixie for trust packages
trust-manager#805
Dependency Dashboard
trust-manager#800
When creating a trust bundle with additionalFormats/pkcs12, no pkcs12 is produced
trust-manager#778
Add option to use a specific issuer in the helm chart
trust-manager#761
Feat: Add a namespaced trust bundle CRD alongside the cluster-scoped Bundle
trust-manager#750
Feat: Emit Events on the controller Pod instead of cluster-scoped Bundle
trust-manager#742
Add option to disable webhook in Helm chart
trust-manager#741
Using an Image Volume to deploy certifiats
trust-manager#650
Pod goes out of readiness
trust-manager#629
The crds is not installed automatically when trust-manager is a sub-chart
trust-manager#592
Feature: ClusterTrustBundle as Sources
trust-manager#591
Feature: ClusterTrustBundle as Target
486
trust-manager#560
Support rotated certificate sources
trust-manager#301
Add support for kubectl installation
trust-manager#297
Allow all resources to be namespaced
trust-manager#245
Split Bundle controller into multiple controllers
648
660
trust-manager#243
More flexible and better organized target specification in API
486
trust-manager#242
New version of Bundle API
475
485
495
647
658
trust-manager#205
Allow to select multiple "trust" namespaces
trust-manager#142
expose bundles CRD as release artifact
trust-manager#222
[Feature] - Ability to inject a CA cert into a cert-manager managed secret resource
378
trust-manager#99
Allow removing Bundles whilst keeping the synced CA certs
89
trust-manager#63
nit: Rename "Bundle" to "ClusterBundle"
485
495
trust-manager#131
Feature: per namespace trust bundle
trust-manager#881
Helm install fails when extraObjects contains Bundles
trust-manager#848
Request for cryptographic mechanisms used in cert-manager-trust-manager
trust-manager#33
Support CRDs as target
trust-manager#39
Don't sync targets to all namespaces by default
486
trust-manager#60
overriding trusted namespace
trust-manager#908
v0.22.0: image template does not work when installing trust-manager and cert-manager from one umbrella chart
trust-manager#4
Feature: By default, require only self-signed certificates in a bundle
trust-manager#886
Allow creating `ClusterRole` aggregations
issuer-lib#279
Persisting identifiers for retry calls to Sign()
issuer-lib#231
### Question about Configuring Retries in cert-manager
issuer-lib#204
clarify SetCAOnCertificateRequest deprecation status
issuer-lib#362
Dependency Dashboard
csi-driver#583
Security Posture improvements
csi-driver#530
Dependency Dashboard
csi-driver#521
RFC: Cert-Manager CSI Driver as Secret Store Provider
csi-driver#385
Helm Install of cert-manager-csi-driver Fails on Minikube with /dev/bus/usb Errors
csi-driver#383
[Feature Request] Adding attributes that available in Certificate CRD to CSI Driver
csi-driver#353
mismatch between the key and the certificate signature algorithm
csi-driver#267
Does cert-manager-csi-driver support AWS EKS with AWS Fargate nodes?
csi-driver#264
Certificate renewal doesn't change file 'modified date'
csi-driver#256
Broken comma-separated splitting logic
csi-driver#241
Missing cert-manager.io/revision-history-limit volume attributes for CSI-Driver
csi-driver#171
E2E Test Cleanup
csi-driver#130
JKS support
csi-driver#45
Unable to mount and read only file error
csi-driver#17
ability to specify pod IP in volume attributes
csi-driver#613
Support POD_HOSTNAME as a variable
csi-driver-spiffe#411
Dependency Dashboard
csi-driver-spiffe#132
Investigate test timeouts
csi-driver-spiffe#129
Increase e2e test timeouts
csi-driver-spiffe#41
The default `csiDataDir` value might collide with csi-driver
37
openshift-routes#295
Dependency Dashboard
openshift-routes#204
Support for creating certificate for wildcard route
openshift-routes#174
Standby Replicas without lease use lots of CPU
openshift-routes#306
[FEATURE]Enable setting private key encoding via annotation
303
openshift-routes#116
Release static manifests (no helm) for v0.6.0-alpha.0+
openshift-routes#56
Support for destinationCaCertificate / Reencrypt Routes
openshift-routes#54
Same certificate in path based Routes
55
openshift-routes#38
Route with cert-manager annotations is not created
openshift-routes#58
certificate cannot be renewed, error message: "key does not match certificate"
cert-manager-olm#70
OLM deployment with ArgoCD is OutOfSync
cert-manager-olm#46
Cert-manager operator fails to issue certificates
cert-manager-olm#17
Operator prevents passing extraArgs helm value
cert-manager-olm#3
Restrict operator RBAC permissions
1
cert-manager-olm#22
Customize the deployment of cert-manager installed via OLM
csi-lib#74
Consistency issues due to the use of mount binds
csi-lib#144
Dependency Dashboard
csi-lib#40
Optional auto rotating/renewing certificates
csi-lib#15
Allow data-root to be an absolute path
71
sample-external-issuer#56
Struggling to get controller running in local KIND cluster
sample-external-issuer#100
Dependency Dashboard
sample-external-issuer#62
Limit the controller-manager to access secrets only from specific namespace
sample-external-issuer#63
Is it possible to only create Issuer and remove the CluserIssuer
cmctl#442
inspect secret: response body not closed on error path during CRL check
443
cmctl#361
Dependency Dashboard
cmctl#127
cmctl version reports only the old CRD version if I upgrade cert-manager without including the CRDs
cmctl#122
asdf cmctl installer issues
cmctl#83
As cmctl user, I want to use different kubectl context on command line ( --context='kubectl-context-abc' )
infrastructure#59
Process regarding worrying emails sent to the maintainers mailing list
infrastructure#65
Dependency Dashboard
testing#1125
Dependency Dashboard
testing#81
Configuring Peribolos for Github org management
testing#594
Document infra image bumps and versioning
testing#690
Clean up Presets
689
makefile-modules#451
Re-enable testing with specific kubernetes versions in subprojects
makefile-modules#487
Dependency Dashboard
makefile-modules#202
Makefile Modules, Go Versions and Vendoring
makefile-modules#154
Publish SBOMs
makefile-modules#295
`make generate-golangci-lint-config` clobbers local exclusions added to the local config.
makefile-modules#3
Migrating all cert-manager projects to "Makefile modules"
makefile-modules#481
Embed go version in `go install` binaries in cache
helm-tool#25
helm-tool inject sometimes omits the context (prefix) of commented out values in the generated markdown
helm-tool#202
Dependency Dashboard
helm-tool#26
helm-tool inject adds trailing white space to the generated markdown
community#63
CNCF-paid GitHub Actions runners
community#64
Open Standup: Updating an event didn't send new invitations to already registered people
community#60
Lazy vote: Zoom for standup meetings to be able to add the standups to the LFX calendar
community#62
Lazy vote: Enhancing the triaging process
community#35
Post-Graduation Suggestion Tracker
36
webhook-example#80
How to deal with K8s timelimit in 30s ?
webhook-example#81
How to enable leader election in the webhook?
webhook-example#72
readyz and healthz api
webhook-example#46
Code reference a pull request to be merged, but the pull request was closed by a robot
webhook-example#38
Set repository to be a GitHub template repository
webhook-example#37
Add logging example
76
77
webhook-example#27
failed with: OpenAPI spec does not exist
73
76
77
78
82
86
webhook-example#2
Set up basic e2e test that deploys the webhook and ensures we can POST a challenge
29
31
webhook-example#74
Why cert-manager looks for a CNAME record instead of a TXT record?
webhook-example#3
Make unit testing easier/make examples work
20
31
83
webhook-example#92
Dependency Dashboard
base-images#24
Dependency Dashboard
base-images#8
Find solution for automatically disabled GitHub Actions
klone#22
Dependency Dashboard
klone#18
Feature: Git bundles?
boilersuite#7
Dependency Dashboard
google-cas-issuer#361
[Helm] allow `enabled` as key in values schema
google-cas-issuer#197
Kubectl One-line Installation Support
google-cas-issuer#148
Certificate chain is not split correctly
159
google-cas-issuer#133
Allow to use a custom Service Account
143
google-cas-issuer#102
certificate renewal does not work in due to auth issue to privatecaapi end point
google-cas-issuer#53
Support crlDistributionPoints & ocspServers
google-cas-issuer#28
Certificate revocation from CAS Console
google-cas-issuer#375
Dependency Dashboard
google-cas-issuer#162
Issue: Broken config when using commonLabels
cert-manager#7908
WIP: Graduate ServerSideApply feature gates to Beta
🌊
cert-manager#2820
Add ability to set `pathlen:0` for CA certs in `X509v3 Basic Constraints`
🌊
4232
4241
4277
4301
4302
cert-manager#7689
Add Vertical Pod Autoscaler
🌊
cert-manager#8668
Add helm unit tests for cert-manager chart
🌊
cert-manager#8450
Introducing DelayedInformers for CRD check
🌊
cert-manager#8183
Add helm diff output to cert-manager PRs
🌊
cert-manager#7890
Cluster issuer for HTTP-01 gatewayHTTPRoute should not require a gateway parentRef
🌊
8518
cert-manager#7879
Remove no-op certificate metrics controller
🌊
website#1686
docs: harmonize `<p>` formatting by dropping internal spaces
🌊
issuer-lib#24
Add conformance tests
🌊
cert-manager#6890
Allow client-side rate-limiting to be disabled
🌊
cert-manager#7846
ClusterIssuer.Status.Acme.URI disappeared
🌊
cert-manager#8648
fix: for ACME challenge scheduler, allow parallel challenges with dif…
🌊
cert-manager#8643
ACME challenge scheduler: allow parallel challenges with different HTTP01 ingress classes or DNS01 providers
🌊
8648
cert-manager#8493
cloudflare DNS01 - Client.Timeout exceeded while awaiting headers
🌊
8534
8608
cert-manager#4835
Making sure per fixture only 1 setup is active at the same time
🌊
cert-manager#8441
Add instrumentation to Vault issuer Sign() operation
🌊
8485
8712
cert-manager#7864
failed to call webhook: certificate has expired or is not yet valid
🌊
cert-manager#7234
AWS Route53: Stale/Stuck Challenges should be deleted after a given timeout
🌊
7252
7286
7897
8221
cert-manager#7826
If issuer is incorrect, it is still shown as READY
🌊
8255
cert-manager#5861
cert manager API showing error - "x509: certificate has expired or is not yet valid"
🌊
8464
trust-manager#588
Add ability to monitor validity period for CAs in bundle
🌊
918
cert-manager#7699
Adding Helm Unittest to all certmanager projects
🌊
cert-manager#7598
More fine-grained control of powerful RBAC permission granted via Helm chart
🌊
7666
7836
cert-manager#3381
Setup separate package for cert-manager API
🌊
csi-lib#33
Create e2e test to validate CertificateRequest garbage collection
🌊
trust-manager#58
Support injection pem into an existing configmap
🌊
378
395
442
648
community#43
Allow non-Venafi employee maintainers full release capabilities
🌊
Triage Party v1.4.0
