generic Daily Triage :: Triage Party

queue to be emptied once a day

Unprioritized issues older than 7 days (229)

Resolution: Add a priority/ or triage/ label

Average age: 437.8d, Avg wait: 213.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8280		Unblocking SSA: Document changes in SSA-by-default			10d	10d			cybr
8279		Unblocking SSA: Fix unit tests			10d	10d			cybr
8277		Unblocking Server Side Apply (SSA) by Default			10d	10d			cybr
8257		Update helm install NOTES			18d	10d	11d		good first issue	commented member-last send
8252		Implement XListenerSet			3wk	3wk			cybr
8209		Add revocation at certificate deletion Similar: #797: Add a verification the certificate is a CA certificate (open) Similar: #28: Certificate revocation from CAS Console (open)		3	5wk	5wk	5wk		kind/feature	recv similar
8201		Timeout contacting Cloudflare API during cert-manager DNS-01 challenge			6wk	3wk	6wk			recv
8251		Top-level ticket: XListenerSet PR#7839: Design: support Gateway API's new XListenerSet resource commented			3wk	10d			cybr	pr-reviewed-with-comment
8194		Update e2e Documentation - for the make e2e-setup command			6wk	6wk	6wk		kind/feature	contributor-last recv
8183		Add helm diff output to cert-manager PRs			7wk	7d	7wk			assigned assignee-updated commented contributor-last send
8110		Add ability to be a incoming `HTTP-01` to outgoing `DNS-01` proxy			2mo	2mo	2mo		kind/feature	recv
8102		cert-manager-startupapicheck erroring while installation		2	2mo	5d	2mo		kind/bug	recv recv-q
8095		DNS-01 Delegated zone is not following CNAME and creating wrong records		3	2mo	5wk	2mo		kind/bug	author-last recv recv-q
8094		HTTP-01 challenge returns 502 with App Gateway (works with NGINX ingress controller)			2mo	2mo	2mo			recv
8086		ACME ClusterIssuer not recovering after Vault restart			2mo	2mo	2mo		kind/bug	recv
8082		EOF during self check with Pomerium			2mo	2mo	2mo			recv
8235		Cert-manager support for Issuer-managed keys			4wk	3wk	3wk		kind/feature	author-last commented recv
8023		ACME issuer fails when CA includes Name Constraints with x509: unhandled critical extension			3mo	3mo	3mo			author-last commented recv recv-q
7959		Failed to generate serving certificate, retrying..." err="no tls.Certificate available yet, try again later" Similar: #7138: Failed to generate serving certificate (open)			3mo	1d	3mo		kind/bug	commented send similar
8234		Vault Issuer: certmanager spams thousands of CertificateRequest resources if Issuer is configured to use the Vault issue endpoint rather than the sign endpoint			4wk	4wk	4wk		kind/bug	commented member-last send
8218		Include Vault hostname as default JWT audiences PR#8228: feat(vault): add server as default audience new-commits			5wk	4wk	4wk		kind/feature	assigned assignee-updated commented member-last pr-new-commits send
7868		Metrics for webhook certificate		3	4mo	5wk	4mo		kind/feature	author-last recv
7864		failed to call webhook: certificate has expired or is not yet valid		2	4mo	15d	4mo		kind/bug	recv recv-q
7862		Requesting a certificate from ZeroSSL sometimes takes more than 10 minutes to complete		4	4mo	2mo	4mo		kind/bug	recv
8213		Duration and renew-before annotation changes in ingress resources don't trigger certificate updates PR#8232: Add checks for Duration/RenewBefore changes when determining if an ingress/gateway-api change should trigger a certificate update commented		2	5wk	5wk	5wk		help wanted kind/bug	contributor-last pr-reviewed-with-comment recv
8200		Add commonLabels support for acmesolver			6wk	6wk	6wk		kind/feature	recv
7829		Support to auto delete Certificaterequest Similar: #8121: Support for Creating CertificateRequest from Kubernetes Secret (open) Similar: #7821: Request to support AWS ACM Exportable certificates (open) Similar: #7688: Feature Request: Vertical Pod Autoscaler Support for cert-manager (open)			5mo	5mo	5mo		kind/feature	commented contributor-last send similar
7914		Output tls.crt in CA cert to another secret			3mo	3mo	3mo		kind/feature	recv
7821		Request to support AWS ACM Exportable certificates Similar: #7829: Support to auto delete Certificaterequest (open)		56	5mo	3wk	1mo		kind/feature	commented send similar
7817		Support `global.nodeSelector` in the Helm chart		2	5mo	6wk	5mo		kind/feature	contributor-last pr-merged recv
7788		Be able to default `acme.cert-manager.io/http01-edit-in-place: "true"` behavior in deployment/chart values		3	5mo	8d	5mo		kind/feature	contributor-last recv recv-q
7779		RevisionHistoryLimit should follow Kubernetes definition			6mo	2d	6mo		lifecycle/stale	contributor-last recv
7772		Reviewing the use of https://github.com/SSLMate/go-pkcs12			6mo	1d	6mo		kind/feature lifecycle/stale	contributor-last recv recv-q
7768		Stuck in a loop with `multiple challenge solver pods found for challenge`			6mo	8d	6mo		kind/bug lifecycle/stale	contributor-last recv
7766		Certificate: Let me specify the concatenation order for CombinedPEM output format			6mo	15d	6mo		kind/feature lifecycle/stale	contributor-last recv recv-q
7765		Propagation tests fails when using IPv6 recursive DNS nameservers			6mo	16d	6mo		kind/bug lifecycle/stale	contributor-last recv
7760		Is the zone responsible for a domain changes, cert-manager will not pick it up			6mo	18d	6mo		kind/bug lifecycle/stale	contributor-last recv
7755		cert-manager-challenges Error presenting challenge: expected array of Record			6mo	18d	6mo		lifecycle/stale	contributor-last recv recv-q
7751		Custom key usage extensions			6mo	3wk	6mo		kind/feature	recv
7749		Http and PROXY protocol		5	6mo	3wk	6mo		lifecycle/stale	contributor-last recv
7747		[suggestion] Add Kustomize install documentation		2 2	6mo	2mo	6mo		kind/feature	commented recv recv-q
7741		Certmanager attempts infinite renewals if the Issuer Certificate read from Vault has expired		3	7mo	3wk	6mo		kind/bug lifecycle/stale	commented contributor-last recv
7717		After uninstalling cert-manager, ingress resources can still only be accessed via https			7mo	5wk	7mo		lifecycle/stale	contributor-last recv
7691		Why is the value of the certificate expiration time captured in blackbox different from the value of the certificate expiration time exposed by certmanager			7mo	7wk	7mo		lifecycle/rotten	commented contributor-last send
7688		Feature Request: Vertical Pod Autoscaler Support for cert-manager PR#7689: Add Vertical Pod Autoscaler new-commits Similar: #7829: Support to auto delete Certificaterequest (open)		3	7mo	7wk	7mo		kind/feature lifecycle/rotten	commented contributor-last pr-new-commits send similar
7687		Webhook refusing connection even when Ready			7mo	7wk	7mo		kind/bug lifecycle/rotten	contributor-last recv
8040		Dependency Dashboard			3mo	17h	3mo			pr-merged recv
7673		Support for acmesolver.tolerations/affinity/nodeSelector			7mo	7wk	7mo		kind/feature lifecycle/rotten	contributor-last recv recv-q
7684		Add support for namespaced deployment Similar: #2525: Better support multi-namespace & single-namespace deployments (open)			7mo	4mo	7mo		kind/feature	contributor-last pr-merged recv recv-q similar
7660		cert-manager produces invalid (per RFC5280) certificates when `cert sign` usage is set along with another usage			8mo	3wk	8mo		kind/bug lifecycle/stale	contributor-last recv recv-q
7659		Challenge and resolver pod/ingress killed too soon		2	8mo	5wk	8mo		lifecycle/stale	contributor-last recv
7656		Add multiple DNS provider resolvers to an single webhook not working PR#7662: Fix the issue of webhook routes generating duplicate operation IDs unreviewed			8mo	2mo	8mo		lifecycle/rotten	contributor-last pr-unreviewed recv
7649		[GKE][Cert-Manager]Document Might Need Implementation Details Update to GSA/KSA Integration			8mo	5mo	8mo		kind/bug	author-last recv recv-q
7648		Solver selector issue			8mo	7wk	8mo		kind/bug lifecycle/rotten	contributor-last recv
7645		Support cross-signed intermediate CAs issued with Vault		2	8mo	5mo	8mo		kind/feature	author-last recv
7636		cermanager order in pending state			8mo	2mo	8mo		lifecycle/rotten	contributor-last recv
7635		Mirroring bind9 image for e2e tests			8mo	2mo			lifecycle/rotten	contributor-last
7625		Clean install fails to create Issuer		4	8mo	5wk	8mo		kind/bug lifecycle/stale	contributor-last recv recv-q
7594		Cloudflare delegated domains returns Found no Zones for domain _acme-challenge.mydomain.com			9mo	5wk	9mo		kind/bug lifecycle/stale	contributor-last recv
7572		Certificate Issuance takes long time up to 50 minutes when attempting to create 40+ certificates		2	9mo	2mo	9mo		lifecycle/rotten	contributor-last recv
7561		Feature Request RFC: Push notifications from cert-manager to <other service> when certificates are issued			9mo	3wk	3wk		kind/feature	author-last commented recv recv-q
7551		Unhelpful log messages			10mo	1d			lifecycle/frozen	contributor-last
7536		Digicert ACME order is failing due to invalid validity_years			10mo	5wk	10mo		lifecycle/stale	contributor-last recv
7531		punycode issue			10mo	5wk	10mo			author-last recv
7522		Non standard "cert-manager.io" used in event "Reason"			10mo	6wk	7mo		lifecycle/frozen kind/bug	commented contributor-last recv
7520		ClusterIssuer read caBundle from Secret PR#7521: ClusterIssuer read caBundle from Secret unreviewed		5	10mo	1d	7mo		kind/feature	commented pr-unreviewed send
7510		Key Size for Acme Account Key PR#7646: Support custom ACME account key type. new-commits			10mo	6mo	10mo		kind/feature	pr-new-commits recv
7492		`UseCertificateRequestBasicConstraints` should probably add `Critical` for `isCA`			11mo	4wk	7mo		lifecycle/frozen	commented contributor-last recv
7486		`"Unhandled Error" err="ingress '...' in work queue no longer exists"` should be handled (clean up dangling `Certificate`)		6	11mo	4wk	11mo		lifecycle/frozen kind/bug	contributor-last recv recv-q
7476		[Helm Chart] - Wrong handling of image registry and repository		4	11mo	4mo	11mo		kind/bug	recv recv-q
7473		Create certificate based on HTTPRoute configuration PR#7839: Design: support Gateway API's new XListenerSet resource commented		48 4 73	11mo	3wk	1mo		kind/feature	assigned assignee-updated author-last commented pr-closed pr-reviewed-with-comment recv
7438		certificate not updated after enabling SSA			1y	13d	1y		kind/bug	author-last recv
7422		Please provide standalone helm chart for CRDs		15	1y	3mo	1y		kind/feature	recv
7388		Kid missing in the new order request PR#8262: Bugfix #7388 kid missing issue with Infisical ACME server or any other ACME that requires EAB unreviewed		2	1y	2wk	1y		kind/bug	pr-unreviewed recv recv-q
6622		`make update-licenses` is non-deterministic.			2y	6mo	6mo		kind/bug	commented member-last pr-merged pr-unreviewed
6224		Option to store certificate history in individual secrets		2	2y	2mo	2mo		kind/feature	commented contributor-last recv-q send
6160		Helm Chart global repository PR#7558: feat: add (helm) global.imageRepository commented PR#8115: feat: implements `global.imageRegistry` and fixes #6160 commented		2	2y	10mo	10mo		lifecycle/frozen	commented member-last pr-reviewed-with-comment send
6010		Support the ACME Renewal Information (ARI) extension		9	2y	1d	6mo		kind/feature	author-last commented recv recv-q
7668		Allow custom values in Helm chart schema by relaxing additionalProperties: false PR#7725: chore: allow additional properties in Helm setup #7668 unreviewed		2	8mo	2mo	8mo		lifecycle/rotten	contributor-last pr-unreviewed recv
5904		Support Azure Private DNS Zones for DNS Challenge		4 6 20	2y	4mo	4mo		kind/feature	commented contributor-last recv-q send
5566		upload Helm charts to OCI registry and sign them with cosign		4 55	3y	1mo	1mo		kind/feature	commented member-last pr-merged send
4749		rfc2136 seems to not work with deep subdomains			3y	5wk	3y		kind/bug area/acme/dns01	recv recv-q
7873		Add labels to leases managed by cert-manager PR#8043: WIP: feat(controller): adding labels to lease unreviewed		2	4mo	3mo	3mo		kind/feature	assigned assignee-updated commented member-last pr-unreviewed
7834		Provide race condition mitigation support			5mo	5mo	5mo		kind/feature	recv
7828		Cert-manager created multiple CertificateRequests (over 30k) for a valid certificate			5mo	4wk	4mo		kind/bug	commented send
7822		Tracking: Kubernetes Gateway API follow up tasks PR#7839: Design: support Gateway API's new XListenerSet resource commented		5	5mo	11d	11d			commented member-last pr-reviewed-with-comment send
5864		Certmgr allows creating certificates expiring after ca expiration. PR#7733: fixes #5864: cert-manager CA to issue certs after verify with CA Certs Validity new-commits		4 33	2y	7wk	6mo		lifecycle/frozen kind/bug cybr	commented pr-new-commits recv-q send
1806		Tutorial depends on no longer available image of kuard		4	7wk	7wk	7wk			recv
1802		Invalid certificate Similar: #797: Add a verification the certificate is a CA certificate (open)			7wk	7wk	7wk			recv similar
1758		Dependency Dashboard			3mo	1d	3mo			recv
1715		The ingress annotation `cert-manager.io/secret-template` is not documented		2	5mo	5mo				contributor-last
1625		Configuration issue potentially leading to a memory leak			10mo	10mo	10mo			recv
1623		Claim about v1beta1/v1alpha2 support for gateway api is misleading			10mo	10mo	10mo			recv
1620		Cert Manager allows the creation of Illegal wilcard SANs			11mo	11mo	11mo			recv
1609		Azure DNS Documentation Update Similar: #1101: Feature request for updating documentation. (open)			1y	11mo	11mo			author-last commented recv similar
1608		Renaming Securing NGINX-ingress to ingress-nginx			1y	1y	1y			recv
1643		Let's Encrypt Ending Support for Notification Emails			9mo	4mo	9mo			recv
1586		Now that cert-manager 1.16 has been released, `--set config.enableGatewayAPI=true` is now the recommended approach for projects that show instructions on how to enable cert-manager's gateway API support, especially on visible projects like Cilium:			1y	1y				pr-merged
1585		Broken install instructions due wrong cert_manager_latest_version - v1.16.1			1y	1y	1y			recv
1490		GKE tutorial falsely claims it's possible to create LE certificate without domain (only IP)			2y	1y	2y			author-last recv
1546		Self upgrade PRs don't run checks			1y	7wk	1y		cybr	commented member-last
944		Document how to install cert-manager in a different namespace		3	3y	2y	3y		good first issue	recv recv-q
697		[IRSA] Needs `runAsUser: 1001`			4y	1y	1y			commented member-last pr-merged send
1596		Wrong key for cloudflare secret ref in DNS Validation tutorial page			1y	1y	1y			recv
619		Dependency Dashboard			3mo	17h	3mo			recv
501		Error logs not very helpful			9mo	8mo	9mo			recv
431		istio-csr pod healthz check fails for long time in v0.11.0 and v0.12.0			1y	11mo	1y			recv recv-q
413		Panic: runtime error on new installation			1y	1y	1y			author-last recv recv-q
283		Document / improve that sometimes the issuer needs to set `ca.crt`			2y	2y
244		Populate Subject Fields in Certificate			2y	1y	2y			recv
223		False positive warnings from trivy and dependabot		7	2y	2y
287		Getting Readiness probe failed when using cert-manager-istio-csr Similar: #84: csr readiness probe failed, istio ingress pod also failed (open)			2y	2y	2y			author-last recv recv-q similar
153		It is possible to have several CAs within the same cluster.		3	3y	1y	2y			commented send
137		Documentation on rotating the root certificate			3y	7mo	3y			recv recv-q
130		Document best-practices for minimal vault role configuration for istio-csr			3y	2y	3y			recv recv-q
176		certificateDuration is not used for the Istio CSR generated certificate requests			3y	3mo	3y			pr-closed recv recv-q
84		csr readiness probe failed, istio ingress pod also failed Similar: #287: Getting Readiness probe failed when using cert-manager-istio-csr (open)		2	4y	2y	4y		support	recv recv-q similar
113		Integrating with istio helm chart installs		15	4y	1y	4y			recv recv-q
667		Cannot create secret cert-manager-approver-policy-tls Similar: #559: Flakey Tests in pull-cert-manager-approver-policy-test (open)			3mo	3mo	3mo			commented contributor-last recv similar
638		Approver cannot find applicable policy			6mo	4mo	6mo			author-last recv recv-q
713		Remove deprecated approverpolicy_certificaterequest_ metrics			2mo	2mo
394		Limit number of SANs by policy			2y	2y	2y			commented member-last send
466		Document How to Configure Common Scenarios			1y	1y	1y			recv
288		Feature: Take control of approval for the whole cluster		2	2y	2y	2y			commented member-last
203		Improve CRD fields for specifying key requirements		3	2y	1y	1y			commented member-last send
169		Webhook Custom CA			3y	7mo	7mo		help wanted	commented contributor-last recv-q send
700		Dependency Dashboard			3mo	17h	3mo			recv
559		Flakey Tests in pull-cert-manager-approver-policy-test Similar: #667: Cannot create secret cert-manager-approver-policy-tls (open)			11mo	11mo				similar
452		CRDs in the Release files		3	2y	2y	2y			recv
216		Simplify configuration by creating RBAC by default PR#628: Grant cert-manager RBAC to use all policies by default unreviewed		2	2y	8mo	8mo		help wanted	commented contributor-last pr-merged pr-unreviewed recv-q send
778		Add option to use a specific issuer in the helm chart			6wk	6wk	6wk			recv
761		Feat: Add a namespaced trust bundle CRD alongside the cluster-scoped Bundle			2mo	1d	2mo			commented contributor-last recv recv-q
750		Feat: Emit Events on the controller Pod instead of cluster-scoped Bundle			2mo	2mo	2mo			commented contributor-last recv
742		Add option to disable webhook in Helm chart			2mo	1d	2mo		kind/feature	author-last commented recv
741		Using an Image Volume to deploy certifiats			2mo	2mo	2mo			commented member-last send
733		Dependency Dashboard			3mo	17h	3mo			recv
650		Pod goes out of readiness			5mo	5mo	5mo			recv
645		Unable to pass helm lint due to certificate yaml stripping too much whitespace			5mo	5mo	5mo			commented member-last send
629		The crds is not installed automatically when trust-manager is a sub-chart			7mo	5mo	7mo			recv recv-q
592		Feature: ClusterTrustBundle as Sources Similar: #591: Feature: ClusterTrustBundle as Target (open)			7mo	5wk	5wk			commented member-last send similar
588		Add ability to monitor validity period for CAs in bundle		5	7mo	4mo	4mo		kind/feature help wanted	commented member-last send
560		Support rotated certificate sources		30	9mo	5mo	8mo			commented recv recv-q
465		Installing trust-manager just after installing cert-manager makes it FAIL forever			1y	2mo	2mo		lifecycle/stale	author-last commented recv
301		Add support for kubectl installation Similar: #197: Kubectl One-line Installation Support (open)			2y	11mo	2y		lifecycle/frozen	author-last commented open-milestone recv recv-q similar
245		Split Bundle controller into multiple controllers			2y	11mo	11mo		lifecycle/frozen	commented member-last pr-merged send
243		More flexible and better organized target specification in API		4	2y	6wk	6wk		lifecycle/frozen	commented member-last pr-merged
591		Feature: ClusterTrustBundle as Target Similar: #592: Feature: ClusterTrustBundle as Sources (open)		8	7mo	5wk	5wk			commented member-last pr-merged send similar
222		[Feature] - Ability to inject a CA cert into a cert-manager managed secret resource		16	2y	3mo	3mo			commented member-last pr-merged send
205		Allow to select multiple "trust" namespaces		46	2y	3mo	5mo			commented send
142		expose bundles CRD as release artifact		2 11	2y	4mo	4mo		help wanted	commented contributor-last recv-q send
131		Feature: per namespace trust bundle		6	2y	2mo	5mo		lifecycle/frozen	commented send
242		New version of Bundle API		2 4	2y	7mo	1y		lifecycle/frozen	commented pr-closed pr-merged
39		Don't sync targets to all namespaces by default		8	3y	7mo	7mo		lifecycle/frozen	commented member-last open-milestone pr-merged send
4		Feature: By default, require only self-signed certificates in a bundle			4y	5mo	5mo		kind/feature help wanted good first issue	commented member-last send
60		overriding trusted namespace		10 17	3y	4mo	7mo			commented recv-q send
99		Allow removing Bundles whilst keeping the synced CA certs		5	2y	7mo	7mo		lifecycle/frozen	commented member-last pr-unreviewed
63		nit: Rename "Bundle" to "ClusterBundle"		18	3y	5mo	5mo		lifecycle/frozen	commented member-last open-milestone pr-merged send
279		Persisting identifiers for retry calls to Sign()			4mo	4mo	4mo			author-last recv recv-q
204		clarify SetCAOnCertificateRequest deprecation status			11mo	5mo	5mo			commented member-last send
231		### Question about Configuring Retries in cert-manager			8mo	8mo	8mo			recv
314		Dependency Dashboard			3mo	17h	3mo			recv
521		RFC: Cert-Manager CSI Driver as Secret Store Provider			11d	11d	11d			recv
385		Helm Install of cert-manager-csi-driver Fails on Minikube with /dev/bus/usb Errors			8mo	8mo	8mo			author-last recv
267		Does cert-manager-csi-driver support AWS EKS with AWS Fargate nodes?			2y	1y	2y			recv
383		[Feature Request] Adding attributes that available in Certificate CRD to CSI Driver			8mo	8mo	8mo			recv
171		E2E Test Cleanup			2y	2y	2y		good first issue	commented member-last
130		JKS support		6	2y	2y	2y			recv recv-q
241		Missing cert-manager.io/revision-history-limit volume attributes for CSI-Driver		6	2y	2y	2y			recv
264		Certificate renewal doesn't change file 'modified date'			2y	2y	2y			recv
471		Dependency Dashboard			3mo	17h	3mo			recv
17		ability to specify pod IP in volume attributes		7	5y	1y	5y			commented recv recv-q
353		mismatch between the key and the certificate signature algorithm			10mo	10mo	10mo			recv
256		Broken comma-separated splitting logic			2y	2y
128		Incorrect logger initialisation			2y	2y
354		Dependency Dashboard			3mo	17h	3mo			recv
41		The default `csiDataDir` value might collide with csi-driver			2y	1mo				contributor-last pr-merged recv-q
204		Support for creating certificate for wildcard route Similar: #8121: Support for Creating CertificateRequest from Kubernetes Secret (open) Similar: #56: Support for destinationCaCertificate / Reencrypt Routes (open)			5mo	5d	5mo			recv similar
58		certificate cannot be renewed, error message: "key does not match certificate"		4	2y	2y	2y			recv recv-q
38		Route with cert-manager annotations is not created		4	2y	6mo	2y			commented send
247		Dependency Dashboard			3mo	17h	3mo			recv
174		Standby Replicas without lease use lots of CPU			7mo	7mo	7mo			recv
116		Release static manifests (no helm) for v0.6.0-alpha.0+		2	1y	1y	1y			recv
56		Support for destinationCaCertificate / Reencrypt Routes Similar: #204: Support for creating certificate for wildcard route (open)		2	2y	2y	2y			recv similar
54		Same certificate in path based Routes		2	2y	9mo	2y			pr-closed recv
70		OLM deployment with ArgoCD is OutOfSync			3y	3y	3y			commented send
46		Cert-manager operator fails to issue certificates			4y	4y	4y			recv
17		Operator prevents passing extraArgs helm value		7	5y	3y	5y			recv recv-q
22		Customize the deployment of cert-manager installed via OLM		5 6	4y	1y	3y			commented recv recv-q
74		Consistency issues due to the use of mount binds			1y	1y	1y			author-last commented recv recv-q
40		Optional auto rotating/renewing certificates Similar: #8085: Feature Request: Add annotation to disable automatic certificate renewal (open)			3y	2y	3y			contributor-last recv recv-q similar
108		Dependency Dashboard			3mo	17h	3mo			recv
67		Dependency Dashboard			2mo	1mo	2mo			recv
56		Struggling to get controller running in local KIND cluster			9mo	7mo	7mo			commented member-last send
62		Limit the controller-manager to access secrets only from specific namespace			6mo	6mo	6mo			recv
63		Is it possible to only create Issuer and remove the CluserIssuer			6mo	6mo	6mo			recv
264		commands should provide help when called w/o arguments if they require inputs			3mo	3mo	3mo			commented member-last send
301		Dependency Dashboard			3mo	17h	3mo			recv
122		asdf cmctl installer issues		2	1y	1y	1y			author-last commented recv
128		cmctl always reports v0.0.0 in the user-agent header			1y	8mo
59		Process regarding worrying emails sent to the maintainers mailing list			2mo	2mo	2mo			commented member-last
451		Re-enable testing with specific kubernetes versions in subprojects			7wk	7wk	7wk		cybr	commented member-last send
481		Embed go version in `go install` binaries in cache			15d	15d
295		`make generate-golangci-lint-config` clobbers local exclusions added to the local config.			6mo	6mo
202		Makefile Modules, Go Versions and Vendoring			1y	1y	1y			commented contributor-last
154		Publish SBOMs			2y	1y	1y		kind/feature good first issue	commented member-last send
487		Dependency Dashboard			11d	3h	11d			recv
26		helm-tool inject adds trailing white space to the generated markdown			2y	2y			kind/bug
25		helm-tool inject sometimes omits the context (prefix) of commented out values in the generated markdown			2y	2y			kind/bug	contributor-last
141		Dependency Dashboard			3mo	17h	3mo			recv
63		CNCF-paid GitHub Actions runners			4wk	2d	2d			commented member-last
62		Lazy vote: Enhancing the triaging process			4wk	4wk
60		Lazy vote: Zoom for standup meetings to be able to add the standups to the LFX calendar			4wk	3wk	3wk			commented member-last
35		Post-Graduation Suggestion Tracker			1y	1y	1y			commented member-last pr-merged
81		How to enable leader election in the webhook?			10mo	10mo	10mo			recv
72		readyz and healthz api			1y	1y	1y			recv
46		Code reference a pull request to be merged, but the pull request was closed by a robot			2y	2y	2y			recv
37		Add logging example			3y	1y	3y			pr-closed recv
80		How to deal with K8s timelimit in 30s ?			1y	1y	1y			recv
2		Set up basic e2e test that deploys the webhook and ensures we can POST a challenge			6y	1mo				contributor-last pr-closed recv-q
74		Why cert-manager looks for a CNAME record instead of a TXT record?			1y	1y	1y			recv
8		Find solution for automatically disabled GitHub Actions			1y	1y
18		Feature: Git bundles?			8mo	8mo
361		[Helm] allow `enabled` as key in values schema			3wk	3wk	3wk			recv
162		Issue: Broken config when using commonLabels			2y	2y	2y			recv
148		Certificate chain is not split correctly PR#159: Split certificate chain commented Similar: #3848: Wildcard certificates not being resolved correctly. (open)		5	2y	2y	2y			author-last pr-reviewed-with-comment recv recv-q similar
133		Allow to use a custom Service Account PR#143: feat: allow creating or reusing an existing sa unreviewed		5	2y	1y	2y			pr-unreviewed recv
102		certificate renewal does not work in due to auth issue to privatecaapi end point			2y	1y	2y			recv
315		Dependency Dashboard			3mo	17h	3mo			recv
197		Kubectl One-line Installation Support Similar: #301: Add support for kubectl installation (open)			1y	1y	1y			commented member-last send similar

Uncommented older than 7 days (158)

Resolution: Add a priority/ or triage/ label

Average age: 486.5d, Avg wait: 437.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8259		Request to reduce initial retry backoff for failed CertificateRequest			18d	14h	18d		kind/feature priority/important-longterm	assigned assignee-updated contributor-last recv recv-q
8121		Support for Creating CertificateRequest from Kubernetes Secret Similar: #7829: Support to auto delete Certificaterequest (open) Similar: #204: Support for creating certificate for wildcard route (open)			2mo	5wk	2mo		kind/feature triage/needs-information	contributor-last recv recv-q similar
8085		Feature Request: Add annotation to disable automatic certificate renewal Similar: #40: Optional auto rotating/renewing certificates (open)			2mo	1mo	2mo		priority/important-longterm	pr-closed recv similar
8058		Cert-manager fails to import ECDSA private keys generated by openssl PR#8187: fix: add case for parsing key with ec parameters changes-requested			2mo	1mo	2mo		kind/bug priority/important-longterm	pr-changes-requested recv
7890		Cluster issuer for HTTP-01 gatewayHTTPRoute should not require a gateway parentRef		3	4mo	3mo	4mo		kind/feature priority/awaiting-more-evidence	contributor-last recv recv-q
7879		Remove no-op certificate metrics controller			4mo	1mo	4mo		kind/feature priority/backlog	assigned assignee-updated recv
7846		ClusterIssuer.Status.Acme.URI disappeared			4mo	2mo	4mo		good first issue kind/bug priority/awaiting-more-evidence area/acme triage/needs-information	assigned assignee-updated contributor-last recv recv-q
7826		If issuer is incorrect, it is still shown as READY PR#8255: add dns issuer secrets validation before marking it as ready unreviewed			5mo	5wk	5mo		kind/bug priority/important-longterm	assigned assignee-updated author-last pr-unreviewed recv recv-q
7845		ClusterIssuer.cert-manager.io "letsencrypt" is invalid: spec.acme.privateKeySecretRef: Required value...		6	5mo	2mo	5mo		kind/bug priority/awaiting-more-evidence area/acme triage/needs-information	contributor-last recv recv-q
7699		Adding Helm Unittest to all certmanager projects			7mo	1mo	7mo		priority/backlog	assigned assignee-updated recv
7288		Missing UID in webhook challenge request			1y	3wk	1y		kind/bug priority/backlog lifecycle/stale	contributor-last recv
7218		cert-manager set don't fragment (DF) bit			1y	2mo	1y		kind/bug priority/important-longterm lifecycle/rotten	assigned assignee-updated contributor-last recv recv-q
6820		Ongoing dependency evaluation			2y	1y	2y		lifecycle/frozen priority/important-longterm	contributor-last recv
6741		ACME account private key and URI are not updated if the path of the ACME server is changed		5	2y	4h	2y		lifecycle/frozen kind/bug priority/important-soon	recv
6472		Create TLSA records automatically		14	2y	4mo	2y		kind/feature priority/backlog	author-last recv
5917		Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated		40	2y	2mo	2y		kind/bug priority/important-longterm	assigned assignee-updated recv recv-q
5751		Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together			2y	3wk	2y		lifecycle/frozen kind/bug priority/important-soon	author-last recv recv-q
5540		Changelog annotations to chart			3y	4mo	3y		kind/feature priority/backlog	author-last recv
1549		Brand guideline page			1y	1y	1y		priority/backlog	author-last recv
1473		Add ArtifactHub packages to website			2y	1y	2y		priority/backlog	recv
1063		"Securing Ingresses with Venafi" tutorial contains link to missing manifest			3y	1y	3y		priority/important-longterm	author-last pr-merged recv
850		Document available cert-manager Prometheus metrics			3y	2y	3y		documentation good first issue priority/important-longterm	recv recv-q
354		DigitalOcean access-token should not be base64-encoded			5y	4y	5y		priority/awaiting-more-evidence	author-last recv recv-q
237		docs for ACMEChallengeSolverHTTP01Ingress doesn't specify what `class` values are available			5y	5y	5y		priority/backlog kind/documentation	contributor-last pr-closed recv
228		Documentation needs correction for external-account-bindings			5y	8mo	5y		good first issue priority/backlog kind/documentation	contributor-last pr-merged recv
197		Document ACME account mismatch			5y	9mo	5y		good first issue priority/backlog kind/documentation	recv recv-q
130		FAQ: How does cert-manager handle ingresses with valid TLS secrets?			5y	5y	5y		help wanted priority/backlog kind/documentation	contributor-last recv
76		Upgrading from v0.10 to v0.11 - missing cainjector annotation			5y	5y	5y		priority/backlog kind/documentation	contributor-last recv
3		Restrict operator RBAC permissions			5y	1y	5y		priority/backlog	pr-merged recv
83		As cmctl user, I want to use different kubectl context on command line ( --context='kubectl-context-abc' )		2	2y	1y	2y		priority/important-longterm	recv
594		Document infra image bumps and versioning			4y	1y	4y		priority/backlog	recv
690		Clean up Presets			3y	1y	3y		priority/backlog	pr-merged recv
38		Set repository to be a GitHub template repository			3y	1y	3y		priority/important-longterm	recv
125 previously listed items omitted

Important soon, but no updates in 90 days (15)

Resolution: Downgrade to important-longterm

Average age: 1287.8d, Avg wait: 14.7d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
5298		Complete the Migration Away From Jetstack Names			3y	1y	2y		lifecycle/frozen kind/cleanup priority/important-soon	commented member-last send
2930		Mirror to gcr.io or dockerhub		2 29	5y	8mo	11mo		lifecycle/frozen kind/feature priority/important-soon area/deploy	assigned assignee-updated commented contributor-last send
7234		Stale/Stuck Challenges should be deleted after a given timeout PR#7286: Only remove the cleanup finalizer if the cleanup succeeds commented PR#7897: wip: add retry mechanism for challenge solver whenever we detect unauthorized error new-commits		4	1y	4mo	1y		kind/bug priority/important-soon	assigned assignee-updated commented contributor-last open-milestone pr-closed pr-new-commits pr-reviewed-with-comment recv recv-q
3381		Setup separate package for cert-manager API		5	5y	10mo	10mo		lifecycle/frozen kind/feature priority/important-soon	assigned assignee-updated commented member-last send
6709		1.14 Release Review		3	2y	1y	2y		lifecycle/frozen priority/important-soon	commented contributor-last send
6331		CSR not signed by referenced private key		10	2y	5mo	2y		kind/bug priority/important-soon	commented recv-q send
2239		Create a CertificatePreset resource type to allow configurable defaulting		2 3 99	6y	5mo	5mo		area/api kind/feature priority/backlog priority/important-soon	commented member-last pr-closed pr-unreviewed send
5867		Controller can't handle hitting request rate limits of zerossl ACME API		7 12 31	2y	8mo	1y		lifecycle/frozen kind/bug priority/important-soon	commented pr-closed pr-merged recv-q send
1425		The `issuer.vault.spec.caBundleSecretRef` docs are missing			2y	1y			priority/important-soon
1174		Document the docker images and how to find them			2y	2y	2y		good first issue priority/important-soon kind/documentation	commented member-last send
955		Document when the vault pki role required setting `require_cn=false`			3y	1y			priority/important-soon
802		Spelling errors are unclear in pull request CI results and spell checker is unmaintained			3y	1y			kind/bug priority/important-soon	contributor-last pr-merged
195		Document keystores			5y	2y	5y		priority/important-soon kind/documentation	commented contributor-last send
174		Add documentation for CRD conversion webhook ca injection			5y	5y	5y		help wanted priority/important-soon kind/documentation	commented member-last send
127		cmctl version reports only the old CRD version if I upgrade cert-manager without including the CRDs			1y	1y			priority/important-soon

Important longterm, but no updates in 180 days (20)

Resolution: Downgrade to backlog

Average age: 1298.5d, Avg wait: 232.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6969		Should upgrade status managed fields from CSA to SSA when ServerSideApply feature gate enabled			2y	1y	2y		lifecycle/frozen kind/bug priority/important-longterm	commented contributor-last send
5959		`ImagePullBackoff` on `cm-acme-http-solver` pod, if using private registries		22	2y	1y	2y		lifecycle/frozen kind/bug priority/important-longterm	commented contributor-last recv-q send
4191		Setting default values for Pod's "resources"?		7	4y	1y	1y		lifecycle/frozen priority/important-longterm	commented contributor-last recv-q send
4950		General flakiness of our end-to-end suite		3	3y	1y	3y		lifecycle/frozen priority/important-longterm kind/flake	commented member-last pr-closed pr-merged send
2178		Handling 'unregistering' certificates from Venafi TPP		22	6y	1y	1y		lifecycle/frozen kind/feature priority/important-longterm area/venafi	commented member-last send
2525		Better support multi-namespace & single-namespace deployments Similar: #7684: Add support for namespaced deployment (open)		26	5y	7mo	2y		lifecycle/frozen kind/feature priority/important-longterm area/deploy	commented contributor-last open-milestone pr-closed send similar
1194		Confusing paragraph - cert-manager integration.			2y	1y	2y		documentation priority/important-longterm	commented member-last send
1186		Document that/why we don't use Helm's CRD installation mechanism			2y	1y	1y		good first issue priority/important-longterm kind/documentation	assigned assignee-updated commented member-last send
975		Some pages do not make it clear what the user should read next			3y	1y			priority/important-longterm
401		Bring tutorials up to date			4y	2y	2y		priority/important-longterm	commented member-last send
223		Document wildcard certificate tutorial			5y	5y	5y		priority/important-longterm kind/documentation	commented contributor-last send
58		Support injection pem into an existing configmap PR#395: WIP: feat: inject bundle data into configmap unreviewed		8	3y	7mo	7mo		priority/important-longterm lifecycle/frozen	assigned assignee-updated commented member-last pr-closed pr-merged pr-unreviewed send
129		Increase e2e test timeouts			2y	1y			priority/important-longterm
98		Document new release process for all repos			2y	1y			priority/important-longterm	assigned
3		Make unit testing easier/make examples work			6y	1y	3y		priority/important-longterm	commented member-last pr-closed send
5 previously listed items omitted: #6820 #1063 #850 #83 #38

Pull Requests: Review Ready (71)

Resolution: Review requests or mark them as do-not-merge/work-in-progress

Average age: 167.1d, Avg wait: 110.7d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8262		Bugfix #7388 kid missing issue with Infisical ACME server or any other ACME that requires EAB			17d	1h	17d		size/L release-note needs-ok-to-test area/acme dco-signoff: yes needs-kind	contributor-last recv recv-q unreviewed
8301		venafi: Process custom fields annotations on Issuer		2	1d	10h	13h		size/L release-note kind/feature dco-signoff: yes ok-to-test	commented contributor-last new-commits recv
8258		feat(certificate): renewal policy and windows code Similar: #7399: Add renew window to restrict when certificate renewal can happen (open)			18d	14h	18d		release-note area/api kind/feature size/XXL area/acme dco-signoff: yes area/testing area/acme/dns01 area/deploy	contributor-last recv recv-q similar unreviewed
8304		fix(deps): update module sigs.k8s.io/gateway-api to v1.4.1 (master) Similar: #359: fix(deps): update module sigs.k8s.io/gateway-api to v1.4.1 (open)			17h	17h	17h		release-note-none size/S kind/cleanup dco-signoff: yes area/testing ok-to-test dependencies	contributor-last recv recv-q similar unreviewed
7733		fixes #5864: cert-manager CA to issue certs after verify with CA Certs Validity			7mo	21h	6mo		size/L release-note kind/bug kind/feature lifecycle/stale dco-signoff: yes ok-to-test	commented new-commits recv recv-q
8305		fix(deps): update module github.com/cloudflare/cloudflare-go/v6 to v6.4.0 (master) Similar: #760: fix(deps): update module github.com/spf13/cobra to v1.10.2 (open) Similar: #802: fix(deps): update module github.com/spf13/cobra to v1.10.2 (open) Similar: #527: fix(deps): update module github.com/spf13/cobra to v1.10.2 (open) Similar: #408: fix(deps): update module github.com/spf13/cobra to v1.10.2 (open) Similar: #292: fix(deps): update module github.com/spf13/cobra to v1.10.2 (open) Similar: #358: fix(deps): update module github.com/spf13/cobra to v1.10.2 (open) Similar: #199: fix(deps): update module github.com/spf13/cobra to v1.10.2 (open) Similar: #373: fix(deps): update module github.com/spf13/cobra to v1.10.2 (open) Similar: #495: fix(deps): update module github.com/google/go-containerregistry to v0.20.7 (open)			17h	17h	17h		size/XS release-note-none kind/cleanup dco-signoff: yes area/testing ok-to-test dependencies	contributor-last recv recv-q similar unreviewed
8232		Add checks for Duration/RenewBefore changes when determining if an ingress/gateway-api change should trigger a certificate update			4wk	1d	4wk		size/L release-note kind/bug needs-ok-to-test dco-signoff: yes	contributor-last recv recv-q reviewed-with-comment
8261		Improve event handler: add predicate support & replace deepequal with resource version comparison			17d	1d			size/XL release-note-none kind/cleanup area/acme dco-signoff: yes	contributor-last recv-q unreviewed
8263		fix: dont copy `kapp.k14s.io` annotations from Ingress to created resources			16d	1d	4d		size/XS release-note kind/feature dco-signoff: yes ok-to-test cybr	assigned assignee-updated author-last commented recv recv-q unreviewed
7839		Design: support Gateway API's new XListenerSet resource		9 7	5mo	1d	4d		release-note-none approved kind/design size/XXL dco-signoff: yes cybr	commented contributor-last recv-q reviewed-with-comment
8228		feat(vault): add server as default audience			4wk	9d	3wk		release-note area/api kind/feature size/M dco-signoff: yes ok-to-test area/deploy	commented contributor-last new-commits recv
8255		add dns issuer secrets validation before marking it as ready			19d	12d	13d		release-note size/XL area/acme dco-signoff: yes area/testing ok-to-test needs-kind	commented contributor-last recv unreviewed
7439		helm: add checksum/config annotations			1y	14d	1y		release-note-none size/S kind/feature needs-ok-to-test lifecycle/stale dco-signoff: yes area/deploy	contributor-last recv recv-q unreviewed
7583		Support for ACME servers that don't finalize within the ACME client finalizer retry window			9mo	15d	9mo		release-note kind/bug needs-ok-to-test size/M area/acme dco-signoff: yes	recv recv-q unreviewed
7614		Lower the minimum certificate duration from 1 hour to 5 minutes			9mo	4wk	9mo		release-note size/S area/api kind/feature dco-signoff: yes ok-to-test	contributor-last recv recv-q unreviewed
7646		Support custom ACME account key type.		2	8mo	7wk	6mo		size/L release-note area/api area/acme dco-signoff: yes ok-to-test area/deploy needs-kind	author-last commented new-commits recv recv-q
8071		Handle ACME Accept asynchronously			2mo	1mo	2mo		size/L release-note area/api needs-ok-to-test area/acme dco-signoff: yes area/testing area/deploy needs-kind	author-last recv recv-q unreviewed
7450		Make ACME Authorization Timeout Configurable Similar: #7852: adds cli option configure ACME challange authorization timeout (open)			1y	3mo	1y		size/L release-note area/api needs-ok-to-test area/acme dco-signoff: yes area/acme/http01 area/deploy needs-kind	commented contributor-last new-commits recv recv-q similar
7689		Add Vertical Pod Autoscaler		2	7mo	4mo	7mo		size/L release-note approved kind/feature dco-signoff: yes ok-to-test area/deploy	author-last commented new-commits recv recv-q
7289		Design proposal for delayed certificate activation			1y	5mo	10mo		size/L release-note-none kind/design needs-ok-to-test dco-signoff: yes	commented contributor-last open-milestone recv recv-q reviewed-with-comment
1866		Use admonitions similar to docusaurus			1d	1d			dco-signoff: yes size/XXL	recv-q unreviewed
1827		Update NetworkPolicy guidelines to reflect the correct namespace			4wk	4wk	4wk		size/XS dco-signoff: yes	author-last recv recv-q reviewed-with-comment
1602		acme troubleshooting: how to fix errored challenges			1y	2mo	1y		size/XS dco-signoff: yes	contributor-last recv recv-q reviewed-with-comment
1607		Document Log Level settings. Document DNS01 delegation using multiple providers.			1y	1y	1y		dco-signoff: yes size/M	recv recv-q unreviewed
1587		Custom Certificate Support for cert-manager Webhook Endpoint			1y	1y	1y		dco-signoff: yes size/S	recv recv-q unreviewed
1259		Fixed Azure Workload identity doc			2y	2y	2y		dco-signoff: yes size/S	recv unreviewed
684		fix(deps): update misc go deps			1d	17h	1d		dco-signoff: yes size/XS ok-to-test dependencies	contributor-last recv recv-q unreviewed
637		Fix/chartadditional annotations for cli args			2mo	18d	2mo		dco-signoff: yes size/XS ok-to-test	commented contributor-last recv recv-q reviewed-with-comment
759		[CI] Merge self-upgrade-main into main			1d	19h	1d		dco-signoff: yes size/M release-note-none kind/cleanup ok-to-test skip-review	contributor-last recv recv-q unreviewed
760		fix(deps): update module github.com/spf13/cobra to v1.10.2 Similar: #8305: fix(deps): update module github.com/cloudflare/cloudflare-go/v6 to v6.4.0 (master) (open) Similar: #492: chore(deps): update module github.com/sigstore/cosign/v2 to v3 (open)			1d	1d	1d		dco-signoff: yes size/XS ok-to-test dependencies	contributor-last recv recv-q similar unreviewed
758		chore(deps): update actions/checkout action to v6.0.1 Similar: #502: chore(deps): update octo-sts/action action to v1.1.1 (open)			2d	2d	2d		dco-signoff: yes size/XS ok-to-test dependencies	contributor-last recv recv-q similar unreviewed
802		fix(deps): update module github.com/spf13/cobra to v1.10.2 Similar: #8305: fix(deps): update module github.com/cloudflare/cloudflare-go/v6 to v6.4.0 (master) (open) Similar: #492: chore(deps): update module github.com/sigstore/cosign/v2 to v3 (open)			1d	1d	1d		dco-signoff: yes size/XS ok-to-test dependencies	contributor-last recv recv-q similar unreviewed
799		chore(deps): update actions/checkout action to v6.0.1 Similar: #502: chore(deps): update octo-sts/action action to v1.1.1 (open)			2d	2d	2d		dco-signoff: yes ok-to-test size/S dependencies	contributor-last recv recv-q similar unreviewed
683		feat: Add a very basic pre-commit configuration			3mo	3mo	3mo		dco-signoff: yes size/XS	commented member-last new-commits
762		Add support for injecting CA from secret for trust manager Webhook			2mo	2mo	2mo		dco-signoff: yes needs-ok-to-test size/S	author-last commented recv unreviewed
188		Remove SetCertificateRequestConditionError			1y	5mo			dco-signoff: yes size/XL	contributor-last recv-q unreviewed
350		bug(controller): fix missing ignore issuers logic			4wk	14d	15d		dco-signoff: yes size/M	commented contributor-last recv recv-q reviewed-with-comment
527		fix(deps): update module github.com/spf13/cobra to v1.10.2 Similar: #8305: fix(deps): update module github.com/cloudflare/cloudflare-go/v6 to v6.4.0 (master) (open) Similar: #492: chore(deps): update module github.com/sigstore/cosign/v2 to v3 (open)			1d	1d	1d		dco-signoff: yes size/XS ok-to-test dependencies	contributor-last recv recv-q similar unreviewed
525		chore(deps): update actions/checkout action to v6.0.1 Similar: #502: chore(deps): update octo-sts/action action to v1.1.1 (open)			2d	2d	2d		dco-signoff: yes size/XS ok-to-test dependencies	contributor-last recv recv-q similar unreviewed
408		fix(deps): update module github.com/spf13/cobra to v1.10.2 Similar: #8305: fix(deps): update module github.com/cloudflare/cloudflare-go/v6 to v6.4.0 (master) (open) Similar: #492: chore(deps): update module github.com/sigstore/cosign/v2 to v3 (open)			1d	1d	1d		dco-signoff: yes size/XS ok-to-test dependencies	contributor-last recv recv-q similar unreviewed
407		chore(deps): update actions/checkout action to v6.0.1 Similar: #502: chore(deps): update octo-sts/action action to v1.1.1 (open)			2d	2d	2d		dco-signoff: yes size/XS ok-to-test dependencies	contributor-last recv recv-q similar unreviewed
292		fix(deps): update module github.com/spf13/cobra to v1.10.2 Similar: #8305: fix(deps): update module github.com/cloudflare/cloudflare-go/v6 to v6.4.0 (master) (open) Similar: #492: chore(deps): update module github.com/sigstore/cosign/v2 to v3 (open)			1d	1d	1d		dco-signoff: yes size/XS dependencies ok-to-test	contributor-last recv recv-q similar unreviewed
290		chore(deps): update actions/checkout action to v6.0.1 Similar: #502: chore(deps): update octo-sts/action action to v1.1.1 (open)			2d	2d	2d		dco-signoff: yes size/XS dependencies ok-to-test	contributor-last recv recv-q similar unreviewed
148		limit-namespaces for namespace-scope deployments			10mo	10mo	10mo		dco-signoff: no size/S needs-ok-to-test	author-last recv recv-q unreviewed
137		fix(deps): update module google.golang.org/grpc to v1.77.0 Similar: #371: fix(deps): update module google.golang.org/api to v0.257.0 (open)			17d	6d	17d		dco-signoff: yes size/L ok-to-test dependencies	contributor-last recv recv-q similar unreviewed
71		Refactor filesystem.go and adapt tests to use a real file system			1y	5mo	5mo		dco-signoff: yes size/L	commented member-last reviewed-with-comment
93		Bump the all group with 3 updates Similar: #200: Bump the all group across 1 directory with 12 updates (open)			3d	3d	3d		dco-signoff: yes size/S dependencies github_actions	contributor-last recv recv-q similar unreviewed
92		Bump golang from `e68f6a0` to `6981837` in the all group			3d	3d	3d		dco-signoff: yes size/XS dependencies docker	contributor-last recv recv-q unreviewed
358		fix(deps): update module github.com/spf13/cobra to v1.10.2 Similar: #8305: fix(deps): update module github.com/cloudflare/cloudflare-go/v6 to v6.4.0 (master) (open) Similar: #492: chore(deps): update module github.com/sigstore/cosign/v2 to v3 (open)			1d	1d	1d		dco-signoff: yes size/XS dependencies ok-to-test	contributor-last recv recv-q similar unreviewed
359		fix(deps): update module sigs.k8s.io/gateway-api to v1.4.1 Similar: #8304: fix(deps): update module sigs.k8s.io/gateway-api to v1.4.1 (master) (open) Similar: #371: fix(deps): update module google.golang.org/api to v0.257.0 (open)			17h	17h	17h		dco-signoff: yes size/XS dependencies ok-to-test	contributor-last recv recv-q similar unreviewed
355		chore(deps): update actions/checkout action to v6.0.1 Similar: #502: chore(deps): update octo-sts/action action to v1.1.1 (open)			2d	1d	2d		dco-signoff: yes size/XS dependencies ok-to-test	contributor-last recv recv-q similar unreviewed
1119		Disable DCO for Copilot-authored PRs			3wk	3wk			dco-signoff: yes size/S	contributor-last recv-q unreviewed
1088		Update k8s-infra-prow images, k8s-staging-test-infra images, cert-manager-infra-images images as needed			7mo	1h	7mo		dco-signoff: yes size/M	contributor-last recv recv-q unreviewed
506		Allow renovate to run `make generate` after updating the `go.mod` files			2h	2h	2h		dco-signoff: yes size/L	commented contributor-last reviewed-with-comment
505		Remove Renovate workflow from repository-base module			3h	2h	3h		dco-signoff: yes lgtm size/M	commented contributor-last unreviewed
470		feat(helm): adding `helm-diff` target			4wk	14h	8d		dco-signoff: yes size/S cybr ok-to-test	commented contributor-last new-commits recv recv-q
310		Add generate-applyconfigurations target to controller-gen module			4mo	4mo			dco-signoff: yes size/S	contributor-last recv-q unreviewed
55		feat: add test module			2y	2y	2y		dco-signoff: yes size/M	commented contributor-last recv reviewed-with-comment
199		fix(deps): update module github.com/spf13/cobra to v1.10.2 Similar: #8305: fix(deps): update module github.com/cloudflare/cloudflare-go/v6 to v6.4.0 (master) (open) Similar: #492: chore(deps): update module github.com/sigstore/cosign/v2 to v3 (open)			1d	1d	1d		dco-signoff: yes dependencies size/XS ok-to-test	contributor-last recv recv-q similar unreviewed
197		chore(deps): update actions/checkout action to v6.0.1 Similar: #502: chore(deps): update octo-sts/action action to v1.1.1 (open)			2d	2d	2d		dco-signoff: yes dependencies size/XS ok-to-test	contributor-last recv recv-q similar unreviewed
64		Add imagePullSecrets to template			2y	2y	2y		size/XS dco-signoff: yes needs-ok-to-test	contributor-last recv unreviewed
79		Bump github.com/cert-manager/cert-manager from 1.15.1 to 1.15.4 in the go_modules group across 1 directory			1y	1y	1y		size/XS dco-signoff: yes needs-ok-to-test dependencies	contributor-last recv recv-q unreviewed
59		cleanup: remove unused NOTES.txt file			2y	2y	2y		size/XS dco-signoff: yes needs-ok-to-test	contributor-last recv unreviewed
1		Manage the cert-manager GitHub organisation from this repo			2y	1y	2y		dco-signoff: yes size/XXL	commented member-last unreviewed
4		Add support for custom license templates			2y	3mo			dco-signoff: yes size/S	contributor-last recv-q unreviewed
371		fix(deps): update module google.golang.org/api to v0.257.0 Similar: #359: fix(deps): update module sigs.k8s.io/gateway-api to v1.4.1 (open) Similar: #137: fix(deps): update module google.golang.org/grpc to v1.77.0 (open)			2d	2d	2d		size/L ok-to-test dependencies dco-signoff: yes	contributor-last recv recv-q similar unreviewed
370		chore(deps): update actions/checkout action to v6.0.1 Similar: #502: chore(deps): update octo-sts/action action to v1.1.1 (open)			2d	2d	2d		size/XS ok-to-test dependencies dco-signoff: yes	contributor-last recv recv-q similar unreviewed
345		chore: add existing securityContext settings to values			7wk	7wk	7wk		size/M dco-signoff: yes	contributor-last recv recv-q unreviewed
143		feat: allow creating or reusing an existing sa			2y	6mo	2y		ok-to-test	recv recv-q unreviewed
141		re-adding required clusterrole permission			2y	10mo	2y		size/XS	author-last recv unreviewed
373		fix(deps): update module github.com/spf13/cobra to v1.10.2 Similar: #8305: fix(deps): update module github.com/cloudflare/cloudflare-go/v6 to v6.4.0 (master) (open) Similar: #492: chore(deps): update module github.com/sigstore/cosign/v2 to v3 (open)			1d	1d	1d		size/XS ok-to-test dependencies dco-signoff: yes	contributor-last recv recv-q similar unreviewed

Unkinded Issues (216)

Resolution: Add a kind/ or triage/support label

Average age: 588.3d, Avg wait: 255.7d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8285		Egress NetworkPolicy from Helm blocks kube-api traffic with Cilium			5d	3d	3d			commented member-last send
8296		HTTP-01 challenge stuck in pending with status code 400			2d	2d	2d			recv
8241		PrivateKeyEncoding PKCS1 is misleading for EC keys			3wk	17d	17d		good first issue priority/backlog	commented member-last send
7895		if certificate is already expired, it shown like a True		2	4mo	5wk	2mo		help wanted priority/important-soon	commented contributor-last recv
6799		ACME challenges stopped working after 1.13/1.14 update			2y	5d	2y		priority/critical-urgent lifecycle/stale	commented contributor-last recv recv-q
6179		CRDs shouldn't be templated in Helm		5 2 30	2y	2mo	3mo		priority/backlog	commented recv-q send
3992		Add non-CRD yaml file		4	4y	3wk	1y		priority/important-soon area/deploy	author-last commented recv
1101		Feature request for updating documentation. Similar: #1609: Azure DNS Documentation Update (open)			3y	1y	1y		priority/backlog	commented member-last send similar
1262		v1.9 to v1.10 upgrade instructions does not mention container name change			2y	8mo	1y		priority/backlog	assigned assignee-updated commented member-last send
320		Document how to install cert-manager using gitops and known issues with particular gitops implementations		5	5y	2y	5y		documentation help wanted priority/backlog	commented pr-merged recv-q
2		Set up periodic job to publish an experimental release build			5y	4y			priority/backlog	assigned contributor-last
797		Add a verification the certificate is a CA certificate Similar: #1802: Invalid certificate (open) Similar: #8209: Add revocation at certificate deletion (open)		2	3d	8h	8h			commented member-last send similar
800		When creating a trust bundle with additionalFormats/pkcs12, no pkcs12 is produced			2d	2d	2d			recv
297		Allow all resources to be namespaced		7	2y	2mo	2mo		priority/backlog	commented member-last send
33		Support CRDs as target		5	3y	4mo	4mo		priority/backlog	commented member-last send
45		Unable to mount and read only file error		5	4y	1y	1y		priority/awaiting-more-evidence	commented send
132		Investigate test timeouts			2y	1y			priority/backlog
33		Create e2e test to validate CertificateRequest garbage collection			3y	1y	1y		priority/backlog	assigned commented member-last send
60		Support prometheus metrics PR#73: Support prometheus metrics commented			2y	1y	1y		priority/backlog	commented member-last pr-reviewed-with-comment send
81		Configuring Peribolos for Github org management			7y	1y	1y		priority/backlog	commented member-last send
3		Migrating all cert-manager sub-projects to "Makefile modules"			2y	5mo	5mo		priority/backlog	commented member-last
65		KubeCon EU 26: Submit CFP for ContribFest and submit request for a kiosk			1d	1d	1d		cybr	assigned assignee-updated commented member-last send
64		Open Standup: Updating an event didn't send new invitations to already registered people			3d	2d	2d			commented member-last send
66		KubeCon EU 26: Maintainer Track Talk		3	1d	8h	8h			commented member-last send
43		Allow non-Venafi employee maintainers full release capabilities		3	1y	5d	5d		priority/backlog	assigned assignee-updated commented member-last
27		failed with: OpenAPI spec does not exist		2 6	4y	1y	2y		priority/critical-urgent	commented pr-closed pr-unreviewed send
190 previously listed items omitted

Unprioritized Recent Issues (237)

Resolution: Add a priority/ or triage/ label

Average age: 423.1d, Avg wait: 205.8d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8300		Support for custom, TLS-based application protocols			1d	1d	1d		kind/feature	recv
236 previously listed items omitted

Uncommented Recent Issues (3)

Resolution: Add a comment

Average age: 1.8d, Avg wait: 1.7d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
3 previously listed items omitted: #8296 #8300 #800

New, has multiple reactions, but not important-soon: No matching items

New, has multiple commenters, but not important-soon: No matching items

needs information, has update (3)

Resolution: Comment and remove triage/needs-information tag

Average age: 122.8d, Avg wait: 121.3d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
3 previously listed items omitted: #8121 #7846 #7845

Unprioritized issues older than 7 days (229)

Resolution: Add a priority/ or triage/ label

Average age: 437.8d, Avg wait: 213.0d

Uncommented older than 7 days (158)

Resolution: Add a priority/ or triage/ label

Average age: 486.5d, Avg wait: 437.5d

Important soon, but no updates in 90 days (15)

Resolution: Downgrade to important-longterm

Average age: 1287.8d, Avg wait: 14.7d

Important longterm, but no updates in 180 days (20)

Resolution: Downgrade to backlog

Average age: 1298.5d, Avg wait: 232.5d

Pull Requests: Review Ready (71)

Resolution: Review requests or mark them as do-not-merge/work-in-progress

Average age: 167.1d, Avg wait: 110.7d

Unkinded Issues (216)

Resolution: Add a kind/ or triage/support label

Average age: 588.3d, Avg wait: 255.7d

Unprioritized Recent Issues (237)

Resolution: Add a priority/ or triage/ label

Average age: 423.1d, Avg wait: 205.8d

Uncommented Recent Issues (3)

Resolution: Add a comment

Average age: 1.8d, Avg wait: 1.7d

needs information, has update (3)

Resolution: Comment and remove triage/needs-information tag

Average age: 122.8d, Avg wait: 121.3d

Recently updated issue has a question (1)

Resolution: Add an answer

Average age: 75.3d, Avg wait: 75.1d