queue to be emptied once a day

Unprioritized issues older than 7 days (261)

Resolution: Add a priority/ or triage/ label

Average age: 463.7d, Avg wait: 229.8d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
8696 Challenge is not reconciled on ACME API timeout 9d 9d 9d
kind/bug
pr-unreviewed
recv
8668 Add helm unit tests for cert-manager chart 19d 19d 19d
kind/feature
assigned
assignee-updated
collaborator-last
commented
similar
8659 v1.20.1 release progress tracking 3wk 3wk
8656 v1.20.0 release progress tracking 3wk 3wk
8643 ACME challenge scheduler: allow parallel challenges with different HTTP01 ingress classes or DNS01 providers 4wk 3wk
good first issue
help wanted
kind/bug
assigned
assignee-updated
contributor-last
pr-unreviewed
8641 ContribFest KubeCon EU 2026 - Amsterdam (March 24, 2026) 4wk 3wk 4wk
kind/documentation
commented
member-last
8612 Unneeded OS dependency in TestFSLoader_Load 5wk 5wk 5wk
kind/bug
kind/cleanup
author-last
pr-unreviewed
recv
8609 Skip certain listener's certificate management for Gateway API
5wk 3wk 3wk
kind/feature
collaborator-last
commented
pr-new-commits
send
8611 Move from LetsEncrypt staging endpoint to production endpoint causes loop of the same error
3
2
 5wk 3wk 3wk
kind/bug
commented
member-last
pr-closed
send
8586 Misconfiguration caused hammering of DigitalOcean API 6wk 6wk 6wk
kind/bug
pr-unreviewed
recv
8530 Allow usage of the new DNS-PERSIST-01 challange for ACME
14
 1mo 1mo 1mo
kind/feature
recv
similar
8522 Support pulling additional fields from secret when using external account binding
2mo 2mo 2mo
kind/feature
recv
recv-q
8513 Exclude namespace(s) from CA Injector 2mo 5wk 2mo
kind/feature
contributor-last
pr-new-commits
recv
8512 ArtifactHub install command causes Helm fallback warning due to missing v prefix 2mo 2mo 2mo
recv
8499 Add custom labels to be exposed in prometheus metrics 2mo 9d 9d
kind/feature
area/monitoring
collaborator-last
commented
send
8493 cloudflare DNS01 - Client.Timeout exceeded while awaiting headers
4
11
 2mo 18d 1mo
good first issue
help wanted
kind/bug
assigned
assignee-updated
commented
pr-unreviewed
recv-q
send
8481 FYI: cert-manager-webhook-libdns
2mo 2mo 2mo
recv
8479 Subject Key Identifier (SKI) missing on issued certificates by self-signed CA 2mo 2mo 2mo
kind/feature
pr-new-commits
recv
8476 Helm chart defaults leaderElection namespace to kube-system, blocking cert-manager controller and certificate creation 2mo 2mo 2mo
kind/bug
author-last
commented
recv
recv-q
8458 Vault approle configuration
2mo 2mo 2mo
kind/feature
recv
8450 Introducing DelayedInformers for CRD check 2mo 2mo 2mo
kind/feature
assigned
assignee-updated
commented
contributor-last
send
8416 Make Venafi client timeout configurable for slower servers 3mo 2mo 2mo
kind/feature
commented
member-last
send
8378 Support `PodCertificateRequest`
3mo 3mo 3mo
kind/feature
collaborator-last
commented
send
similar
8373 DNS-PERSIST-01 challenge support (planned for late Q1 2026)
2
2
105
 3mo 3wk 3mo
kind/feature
recv
recv-q
similar
8372 HTTP-01 challenge: support stateless http-01 challenge 3mo 3mo 3mo
kind/feature
recv
8364 Replace Hetzner DNS01 Webhook 3mo 3mo 3mo
collaborator-last
commented
send
8340 Top-level: CA Issuer rotation problem 4mo 4mo
cybr
8319 Improve cert-manager's event handler to allow us to selectively skip some reconciliations 4mo 4mo
cybr
8309 Dependency Dashboard 4mo 22h 4mo
recv
8280 Unblocking SSA: Document changes in SSA-by-default 4mo 4mo
cybr
8279 Unblocking SSA: Fix unit tests 4mo 4mo
cybr
8277 Unblocking Server Side Apply (SSA) by Default 4mo 2mo 2mo
cybr
commented
member-last
8251 Top-level ticket: ListenerSet
8
 5mo 1d 6wk
cybr
commented
pr-merged
recv-q
send
8235 Cert-manager support for Issuer-managed keys 5mo 5mo 5mo
kind/feature
author-last
commented
recv
8234 Vault Issuer: certmanager spams thousands of CertificateRequest resources if Issuer is configured to use the Vault issue endpoint rather than the sign endpoint
5mo 5mo 5mo
kind/bug
commented
member-last
pr-unreviewed
send
8218 Include Vault hostname as default JWT audiences
5mo 2mo 2mo
kind/feature
assigned
assignee-updated
commented
member-last
pr-merged
send
8209 Add revocation at certificate deletion
3
 5mo 5mo 5mo
kind/feature
recv
similar
8201 Timeout contacting Cloudflare API during cert-manager DNS-01 challenge 5mo 5mo 5mo
commented
send
8194 Update e2e Documentation - for the make e2e-setup command 6mo 6mo 6mo
kind/feature
collaborator-last
commented
send
8183 Add helm diff output to cert-manager PRs 6mo 4mo 5mo
assigned
assignee-updated
collaborator-last
commented
send
8672 Allow specifying the secret namespace for CA issuer spec 17d 16d 16d
commented
member-last
pr-unreviewed
send
8094 HTTP-01 challenge returns 502 with App Gateway (works with NGINX ingress controller) 7mo 2mo 7mo
recv
recv-q
8086 ACME ClusterIssuer not recovering after Vault restart 7mo 4wk 7mo
kind/bug
lifecycle/stale
contributor-last
recv
8082 EOF during self check with Pomerium 7mo 4wk 7mo
lifecycle/stale
contributor-last
recv
8023 ACME issuer fails when CA includes Name Constraints with x509: unhandled critical extension 7mo 6wk 7mo
lifecycle/stale
commented
contributor-last
recv
recv-q
7914 Output tls.crt in CA cert to another secret 8mo 2mo 8mo
kind/feature
lifecycle/stale
contributor-last
recv
7868 Metrics for webhook certificate
3
 9mo 5mo 9mo
kind/feature
author-last
recv
7862 Requesting a certificate from ZeroSSL sometimes takes more than 10 minutes to complete
7
 9mo 16d 9mo
kind/bug
lifecycle/stale
contributor-last
recv
7834 Provide race condition mitigation support 9mo 3mo 9mo
kind/feature
author-last
recv
7829 Support to auto delete Certificaterequest
9mo 3wk 9mo
kind/feature
lifecycle/rotten
commented
contributor-last
send
similar
7828 Cert-manager created multiple CertificateRequests (over 30k) for a valid certificate
9mo 5mo 8mo
kind/bug
commented
send
8572 Solver ingressTemplate annotations are not applied to existing Ingress resources when acme.cert-manager.io/http01-edit-in-place: 'true' is set
6wk 5wk 6wk
kind/bug
author-last
pr-closed
pr-unreviewed
recv
similar
7822 Tracking: Kubernetes Gateway API follow up tasks
5
 10mo 4mo 4mo
commented
member-last
pr-merged
send
7817 Support `global.nodeSelector` in the Helm chart
2
 10mo 6mo 10mo
kind/feature
contributor-last
pr-merged
recv
7788 Be able to default `acme.cert-manager.io/http01-edit-in-place: "true"` behavior in deployment/chart values
4
 10mo 4mo 4mo
kind/feature
collaborator-last
commented
send
7779 RevisionHistoryLimit should follow Kubernetes definition 10mo 6wk 10mo
lifecycle/rotten
contributor-last
recv
7772 Reviewing the use of https://github.com/SSLMate/go-pkcs12 10mo 6wk 10mo
kind/feature
lifecycle/rotten
commented
contributor-last
send
7768 Stuck in a loop with `multiple challenge solver pods found for challenge` 10mo 4mo 10mo
kind/bug
author-last
recv
7766 Certificate: Let me specify the concatenation order for CombinedPEM output format
11mo 1mo 11mo
kind/feature
author-last
recv
recv-q
7765 Propagation tests fails when using IPv6 recursive DNS nameservers
11mo 1mo 11mo
kind/bug
lifecycle/rotten
recv
8095 DNS-01 Delegated zone is not following CNAME and creating wrong records
4
 7mo 5mo 6mo
kind/bug
author-last
commented
recv
recv-q
7760 Is the zone responsible for a domain changes, cert-manager will not pick it up 11mo 2mo 11mo
kind/bug
lifecycle/rotten
contributor-last
recv
7755 cert-manager-challenges Error presenting challenge: expected array of Record 11mo 2mo 11mo
lifecycle/rotten
contributor-last
recv
recv-q
7751 Custom key usage extensions 11mo 6wk 2mo
kind/feature
commented
recv
recv-q
7749 Http and PROXY protocol
5
 11mo 2mo 11mo
lifecycle/rotten
contributor-last
recv
7747 [suggestion] Add Kustomize install documentation
5
6
 11mo 5wk 11mo
kind/feature
lifecycle/stale
commented
contributor-last
recv
recv-q
7717 After uninstalling cert-manager, ingress resources can still only be accessed via https 11mo 2mo 11mo
lifecycle/rotten
contributor-last
recv
7660 cert-manager produces invalid (per RFC5280) certificates when `cert sign` usage is set along with another usage 1y 2mo 11mo
kind/bug
lifecycle/rotten
commented
contributor-last
send
7659 Challenge and resolver pod/ingress killed too soon
2
 1y 2mo 1y
lifecycle/rotten
contributor-last
recv
7649 [GKE][Cert-Manager]Document Might Need Implementation Details Update to GSA/KSA Integration 1y 5wk 1y
kind/bug
lifecycle/rotten
contributor-last
recv
recv-q
7645 Support cross-signed intermediate CAs issued with Vault
5
 1y 17d 2mo
kind/feature
commented
send
7625 Clean install fails to create Issuer
4
 1y 2mo 1y
kind/bug
lifecycle/rotten
contributor-last
recv
recv-q
7594 Cloudflare delegated domains returns Found no Zones for domain _acme-challenge.mydomain.com
1y 2mo 1y
kind/bug
lifecycle/rotten
contributor-last
recv
7561 Feature Request RFC: Push notifications from cert-manager to <other service> when certificates are issued 1y 5mo 5mo
kind/feature
author-last
commented
recv
recv-q
7551 Unhelpful log messages 1y 4mo
lifecycle/frozen
contributor-last
7531 punycode issue 1y 5mo 1y
author-last
recv
7522 Non standard "cert-manager.io" used in event "Reason" 1y 5mo 1y
lifecycle/frozen
kind/bug
commented
contributor-last
recv
7684 Add support for namespaced deployment
1y 9d 1y
kind/feature
lifecycle/rotten
contributor-last
pr-merged
recv
recv-q
similar
7510 Key Size for Acme Account Key
1y 6wk 1y
kind/feature
lifecycle/rotten
contributor-last
pr-new-commits
recv
7492 `UseCertificateRequestBasicConstraints` should probably add `Critical` for `isCA` 1y 5mo 11mo
lifecycle/frozen
commented
contributor-last
recv
7486 `"Unhandled Error" err="ingress '...' in work queue no longer exists"` should be handled (clean up dangling `Certificate`)
6
 1y 5mo 1y
lifecycle/frozen
kind/bug
contributor-last
recv
recv-q
7476 [Helm Chart] - Wrong handling of image registry and repository
4
 1y 5wk 4mo
kind/bug
commented
pr-closed
send
7520 ClusterIssuer read caBundle from Secret
7
 1y 4mo 1y
kind/feature
commented
pr-unreviewed
send
7438 certificate not updated after enabling SSA 1y 4mo 1y
kind/bug
author-last
recv
7473 Create certificate based on HTTPRoute configuration
63
7
98
 1y 14d 14d
kind/feature
assigned
assignee-updated
commented
pr-closed
pr-merged
send
7422 Please provide standalone helm chart for CRDs
20
 1y 6wk 1y
kind/feature
lifecycle/stale
contributor-last
recv
7388 Kid missing in the new order request
2
 2y 5mo 2y
kind/bug
pr-unreviewed
recv
recv-q
6622 `make update-licenses` is non-deterministic.
2y 6wk 10mo
kind/bug
lifecycle/rotten
commented
contributor-last
pr-merged
pr-unreviewed
6010 Support the ACME Renewal Information (ARI) extension
2
16
 3y 18d 10mo
kind/feature
commented
pr-new-commits
recv
recv-q
8702 202 Accepted Response - Certificate Request failed - Unexpected status code on TPP Certificate Request. 8d 8d 8d
recv
5864 Certmgr allows creating certificates expiring after ca expiration.
4
33
 3y 6mo 11mo
lifecycle/frozen
kind/bug
cybr
commented
pr-new-commits
recv-q
send
4749 rfc2136 seems to not work with deep subdomains
4y 5mo 4y
kind/bug
area/acme/dns01
recv
recv-q
6224 Option to store certificate history in individual secrets
2
 2y 5wk 7mo
kind/feature
lifecycle/stale
commented
contributor-last
recv-q
send
7864 failed to call webhook: certificate has expired or is not yet valid
2
 9mo 3mo 9mo
kind/bug
assigned
assignee-updated
contributor-last
recv
recv-q
similar
8679 Allow managing SSH-CA 15d 15d 15d
kind/feature
recv
7821 Request to support AWS ACM Exportable certificates
56
 10mo 4mo 6mo
kind/feature
commented
send
similar
2019 Add ENISA NIS2 reference to best practice intro 3wk 3wk 3wk
recv
2010 The flag description "Enable client cert authenticate of apiserver to webhooks." is ungrammatical/unclear 5wk 5wk
2009 The flag description "Enable client cert authenticate of apiserver to webhooks." is ungrammatical/unclear 5wk 5wk
1935 add third party cert-manager-webhook-infomaniak 2mo 2mo 2mo
recv
1926 Change the Cert Manager Webhook DNS01 of Hetzner Cloud
2mo 2mo 2mo
author-last
pr-closed
recv
1874 Dependency Dashboard 4mo 15h 4mo
recv
1806 Tutorial depends on no longer available image of kuard
4
 6mo 6mo 6mo
recv
1802 Invalid certificate 6mo 6mo 6mo
recv
1715 The ingress annotation `cert-manager.io/secret-template` is not documented
2
 10mo 10mo
contributor-last
similar
1643 Let's Encrypt Ending Support for Notification Emails 1y 8mo 1y
recv
1625 Configuration issue potentially leading to a memory leak 1y 1y 1y
recv
1623 Claim about v1beta1/v1alpha2 support for gateway api is misleading 1y 1y 1y
recv
1620 Cert Manager allows the creation of Illegal wilcard SANs 1y 1y 1y
recv
1608 Renaming Securing NGINX-ingress to ingress-nginx 1y 1y 1y
recv
1596 Wrong key for cloudflare secret ref in DNS Validation tutorial page 1y 1y 1y
recv
1586 Now that cert-manager 1.16 has been released, `--set config.enableGatewayAPI=true` is now the recommended approach for projects that show instructions on how to enable cert-manager's gateway API support, especially on visible projects like Cilium:
2y 2y
pr-merged
1585 Broken install instructions due wrong cert_manager_latest_version - v1.16.1 2y 2y 2y
recv
1546 Self upgrade PRs don't run checks
2y 6mo 2y
cybr
commented
member-last
1490 GKE tutorial falsely claims it's possible to create LE certificate without domain (only IP) 2y 2y 2y
author-last
recv
944 Document how to install cert-manager in a different namespace
4
 4y 2y 4y
good first issue
recv
recv-q
697 [IRSA] Needs `runAsUser: 1001`
4y 2y 2y
commented
member-last
pr-merged
send
209 Dependency Dashboard
4mo 21h 4mo
pr-merged
recv
687 Dependency Dashboard 4mo 19h 4mo
recv
501 Error logs not very helpful
2
 1y 1y 1y
recv
431 istio-csr pod healthz check fails for long time in v0.11.0 and v0.12.0 1y 1y 1y
recv
recv-q
287 Getting Readiness probe failed when using cert-manager-istio-csr 2y 2y 2y
author-last
recv
recv-q
similar
283 Document / improve that sometimes the issuer needs to set `ca.crt`
2y 2y
244 Populate Subject Fields in Certificate
2y 2y 2y
recv
223 False positive warnings from trivy and dependabot
7
 2y 2y
153 It is possible to have several CAs within the same cluster.
3
 4y 1y 2y
commented
send
137 Documentation on rotating the root certificate
2
 4y 11mo 4y
recv
recv-q
130 Document best-practices for minimal vault role configuration for istio-csr 4y 2y 4y
recv
recv-q
84 csr readiness probe failed, istio ingress pod also failed
2
 4y 2y 4y
support
recv
recv-q
similar
176 certificateDuration is not used for the Istio CSR generated certificate requests
3y 8mo 3y
pr-closed
recv
recv-q
113 Integrating with istio helm chart installs
15
 4y 2y 4y
recv
recv-q
803 Request to build images for main
2mo 2wk 2wk
commented
member-last
send
667 Cannot create secret cert-manager-approver-policy-tls 8mo 8mo 8mo
commented
contributor-last
recv
similar
869 [Feature Request] Support Annotations in Approval Policies 16d 15d 15d
author-last
commented
pr-reviewed-with-comment
recv
recv-q
638 Approver cannot find applicable policy 11mo 19d 19d
commented
member-last
send
394 Limit number of SANs by policy
2y 2y 2y
commented
member-last
send
288 Feature: Take control of approval for the whole cluster
2
 2y 2y 2y
commented
member-last
466 Document How to Configure Common Scenarios 2y 2y 2y
recv
203 Improve CRD fields for specifying key requirements
3
 3y 1y 1y
commented
member-last
send
169 Webhook Custom CA 3y 11mo 11mo
help wanted
commented
contributor-last
recv-q
send
216 Simplify configuration by creating RBAC by default
2
 3y 1y 1y
help wanted
commented
contributor-last
pr-merged
pr-unreviewed
recv-q
send
559 Flakey Tests in pull-cert-manager-approver-policy-test 1y 1y
similar
761 Dependency Dashboard 4mo 2d 4mo
recv
452 CRDs in the Release files
3
 2y 2y 2y
recv
782 Ensuring approver-policy is ready to accept CRDs after install 3mo 3mo
good first issue
similar
913 Feature Request: Allow files as a source. 4wk 4wk 4wk
recv
892 Eliminate the duplicate code for managing default trust bundle images
7wk 7wk
assigned
assignee-updated
pr-closed
886 Allow creating `ClusterRole` aggregations 2mo 2mo 2mo
kind/feature
recv
881 Helm install fails when extraObjects contains Bundles 2mo 2mo 2mo
recv
848 Request for cryptographic mechanisms used in cert-manager-trust-manager 2mo 2mo 2mo
recv
841 Does trust-manager require cluster level permissions to read secrets?
3mo 19d 19d
commented
member-last
send
837 Ensuring trust-manager is ready to accept CRDs after install 3mo 3mo
good first issue
pr-unreviewed
similar
835 Helm Chart cannot set securityContext 3mo 3mo 3mo
recv
815 Support Debian Trixie for trust packages 4mo 4mo
cybr
805 Dependency Dashboard 4mo 2d 4mo
recv
800 When creating a trust bundle with additionalFormats/pkcs12, no pkcs12 is produced
4mo 7wk 7wk
commented
send
778 Add option to use a specific issuer in the helm chart 6mo 6mo 6mo
recv
761 Feat: Add a namespaced trust bundle CRD alongside the cluster-scoped Bundle 6mo 4mo 6mo
commented
contributor-last
recv
recv-q
750 Feat: Emit Events on the controller Pod instead of cluster-scoped Bundle 7mo 3wk 6mo
lifecycle/stale
commented
contributor-last
recv
742 Add option to disable webhook in Helm chart 7mo 4mo 7mo
kind/feature
author-last
commented
recv
741 Using an Image Volume to deploy certifiats
7mo 4wk 7mo
lifecycle/stale
commented
contributor-last
send
650 Pod goes out of readiness 9mo 14d 9mo
lifecycle/rotten
contributor-last
recv
629 The crds is not installed automatically when trust-manager is a sub-chart 11mo 13d 11mo
lifecycle/rotten
contributor-last
recv
recv-q
592 Feature: ClusterTrustBundle as Sources
1y 5mo 5mo
commented
member-last
send
similar
591 Feature: ClusterTrustBundle as Target
12
 1y 5mo 5mo
commented
member-last
pr-merged
send
similar
588 Add ability to monitor validity period for CAs in bundle
5
 1y 6wk 3mo
kind/feature
help wanted
assigned
assignee-updated
commented
pr-new-commits
send
301 Add support for kubectl installation
2y 1y 2y
lifecycle/frozen
author-last
commented
open-milestone
recv
recv-q
similar
245 Split Bundle controller into multiple controllers
2y 1y 1y
lifecycle/frozen
commented
member-last
pr-merged
send
242 New version of Bundle API
2
4
 2y 1y 1y
lifecycle/frozen
commented
pr-closed
pr-merged
243 More flexible and better organized target specification in API
5
 2y 3mo 5mo
lifecycle/frozen
commented
pr-merged
222 [Feature] - Ability to inject a CA cert into a cert-manager managed secret resource
16
 2y 6wk 7mo
lifecycle/stale
commented
contributor-last
pr-merged
send
142 expose bundles CRD as release artifact
2
12
 2y 4d 8mo
help wanted
lifecycle/stale
author-last
commented
recv
recv-q
205 Allow to select multiple "trust" namespaces
48
 2y 2mo 9mo
commented
send
99 Allow removing Bundles whilst keeping the synced CA certs
5
 3y 11mo 11mo
lifecycle/frozen
commented
member-last
pr-unreviewed
63 nit: Rename "Bundle" to "ClusterBundle"
18
 3y 9mo 9mo
lifecycle/frozen
commented
member-last
open-milestone
pr-merged
send
131 Feature: per namespace trust bundle
8
 2y 6mo 9mo
lifecycle/frozen
commented
send
39 Don't sync targets to all namespaces by default
8
 3y 11mo 11mo
lifecycle/frozen
commented
member-last
open-milestone
pr-merged
send
908 v0.22.0: image template does not work when installing trust-manager and cert-manager from one umbrella chart
4
 5wk 5wk 5wk
recv
560 Support rotated certificate sources
38
 1y 3mo 1y
commented
recv
recv-q
similar
4 Feature: By default, require only self-signed certificates in a bundle
4y 16d 9mo
kind/feature
help wanted
good first issue
lifecycle/rotten
commented
contributor-last
send
60 overriding trusted namespace
10
18
 3y 6wk 1y
commented
recv-q
send
362 Dependency Dashboard 4mo 1d 4mo
recv
279 Persisting identifiers for retry calls to Sign() 8mo 2mo 2mo
commented
member-last
send
231 ### Question about Configuring Retries in cert-manager 1y 2mo 2mo
commented
member-last
send
204 clarify SetCAOnCertificateRequest deprecation status 1y 10mo 10mo
commented
member-last
send
583 Security Posture improvements 7wk 6wk 7wk
recv
recv-q
385 Helm Install of cert-manager-csi-driver Fails on Minikube with /dev/bus/usb Errors 1y 1y 1y
author-last
recv
613 Support POD_HOSTNAME as a variable 15d 15d 15d
recv
267 Does cert-manager-csi-driver support AWS EKS with AWS Fargate nodes? 2y 2y 2y
recv
264 Certificate renewal doesn't change file 'modified date'
2y 2y 2y
recv
256 Broken comma-separated splitting logic 2y 2y
241 Missing cert-manager.io/revision-history-limit volume attributes for CSI-Driver
6
 2y 2y 2y
recv
171 E2E Test Cleanup 2y 2y 2y
good first issue
commented
member-last
130 JKS support
6
 3y 2y 3y
recv
recv-q
353 mismatch between the key and the certificate signature algorithm
1y 1y 1y
recv
530 Dependency Dashboard 4mo 2d 4mo
recv
17 ability to specify pod IP in volume attributes
8
 6y 1y 5y
commented
recv
recv-q
521 RFC: Cert-Manager CSI Driver as Secret Store Provider
4mo 4mo 4mo
recv
383 [Feature Request] Adding attributes that available in Certificate CRD to CSI Driver
6
 1y 1y 1y
recv
411 Dependency Dashboard 4mo 1d 4mo
recv
41 The default `csiDataDir` value might collide with csi-driver
2y 6mo
contributor-last
pr-merged
recv-q
295 Dependency Dashboard 4mo 23h 4mo
recv
204 Support for creating certificate for wildcard route 9mo 4mo 9mo
recv
similar
116 Release static manifests (no helm) for v0.6.0-alpha.0+
2
 1y 1y 1y
recv
174 Standby Replicas without lease use lots of CPU 1y 1y 1y
recv
56 Support for destinationCaCertificate / Reencrypt Routes
2
 2y 2y 2y
recv
similar
54 Same certificate in path based Routes
3
 2y 1y 2y
pr-closed
recv
38 Route with cert-manager annotations is not created
4
 2y 10mo 2y
commented
send
306 [FEATURE]Enable setting private key encoding via annotation 4mo 4mo 4mo
kind/feature
author-last
pr-reviewed-with-comment
recv
58 certificate cannot be renewed, error message: "key does not match certificate"
4
 2y 2y 2y
recv
recv-q
70 OLM deployment with ArgoCD is OutOfSync
3y 3y 3y
commented
send
46 Cert-manager operator fails to issue certificates 4y 4y 4y
recv
17 Operator prevents passing extraArgs helm value
7
 5y 3y 5y
recv
recv-q
22 Customize the deployment of cert-manager installed via OLM
5
6
 5y 2y 3y
commented
recv
recv-q
74 Consistency issues due to the use of mount binds 1y 1y 1y
author-last
commented
recv
recv-q
40 Optional auto rotating/renewing certificates 3y 2y 3y
contributor-last
recv
recv-q
similar
144 Dependency Dashboard 4mo 2d 4mo
recv
100 Dependency Dashboard 4mo 22h 4mo
recv
63 Is it possible to only create Issuer and remove the CluserIssuer 10mo 10mo 10mo
recv
62 Limit the controller-manager to access secrets only from specific namespace 10mo 10mo 10mo
recv
56 Struggling to get controller running in local KIND cluster
1y 11mo 11mo
commented
member-last
send
361 Dependency Dashboard 4mo 2d 4mo
recv
122 asdf cmctl installer issues
2
 2y 2y 2y
author-last
commented
recv
442 inspect secret: response body not closed on error path during CRL check 4wk 3wk
kind/bug
good first issue
help wanted
pr-unreviewed
recv-q
59 Process regarding worrying emails sent to the maintainers mailing list
7mo 7mo 7mo
commented
member-last
65 Dependency Dashboard 4mo 4d 4mo
recv
1125 Dependency Dashboard 4mo 11h 4mo
recv
451 Re-enable testing with specific kubernetes versions in subprojects 6mo 6mo 6mo
cybr
commented
member-last
send
202 Makefile Modules, Go Versions and Vendoring
2y 2y 2y
commented
contributor-last
154 Publish SBOMs 2y 2y 2y
kind/feature
good first issue
commented
member-last
send
481 Embed go version in `go install` binaries in cache 4mo 4mo
295 `make generate-golangci-lint-config` clobbers local exclusions added to the local config. 10mo 10mo
487 Dependency Dashboard 4mo 15h 4mo
recv
202 Dependency Dashboard 4mo 1d 4mo
recv
26 helm-tool inject adds trailing white space to the generated markdown 2y 2y
kind/bug
25 helm-tool inject sometimes omits the context (prefix) of commented out values in the generated markdown 2y 2y
kind/bug
contributor-last
64 Open Standup: Updating an event didn't send new invitations to already registered people
4mo 4mo 4mo
commented
member-last
send
63 CNCF-paid GitHub Actions runners 5mo 4mo 4mo
commented
member-last
60 Lazy vote: Zoom for standup meetings to be able to add the standups to the LFX calendar
5mo 5mo 5mo
commented
member-last
62 Lazy vote: Enhancing the triaging process 5mo 5mo
35 Post-Graduation Suggestion Tracker
2y 2y 2y
commented
member-last
pr-merged
46 Code reference a pull request to be merged, but the pull request was closed by a robot 3y 2mo 3y
recv
92 Dependency Dashboard 4mo 22h 4mo
recv
2 Set up basic e2e test that deploys the webhook and ensures we can POST a challenge
7y 6mo
contributor-last
pr-closed
recv-q
81 How to enable leader election in the webhook? 1y 1y 1y
recv
80 How to deal with K8s timelimit in 30s ? 1y 1y 1y
recv
74 Why cert-manager looks for a CNAME record instead of a TXT record? 2y 2y 2y
recv
72 readyz and healthz api 2y 2y 2y
recv
37 Add logging example
4y 2y 4y
pr-closed
recv
24 Dependency Dashboard 4mo 5d 4mo
recv
8 Find solution for automatically disabled GitHub Actions 2y 2y
22 Dependency Dashboard 4mo 11h 4mo
recv
18 Feature: Git bundles? 1y 1y
7 Dependency Dashboard 4mo 2mo 4mo
recv
197 Kubectl One-line Installation Support 2y 2y 2y
commented
member-last
send
similar
162 Issue: Broken config when using commonLabels 2y 2y 2y
recv
148 Certificate chain is not split correctly
5
 2y 2y 2y
author-last
pr-reviewed-with-comment
recv
recv-q
102 certificate renewal does not work in due to auth issue to privatecaapi end point 3y 1y 3y
recv
133 Allow to use a custom Service Account
5
 2y 2y 2y
pr-unreviewed
recv
375 Dependency Dashboard 4mo 22h 4mo
recv
361 [Helm] allow `enabled` as key in values schema 5mo 5mo 5mo
recv

Uncommented older than 7 days (160)

Resolution: Add a priority/ or triage/ label

Average age: 555.4d, Avg wait: 503.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
8121 Support for Creating CertificateRequest from Kubernetes Secret 6mo 5mo 6mo
kind/feature
triage/needs-information
contributor-last
recv
recv-q
similar
8058 Cert-manager fails to import ECDSA private keys generated by openssl 7mo 11d 7mo
kind/bug
priority/important-longterm
lifecycle/stale
contributor-last
pr-changes-requested
recv
8085 Feature Request: Add annotation to disable automatic certificate renewal
7mo 11d 7mo
priority/important-longterm
lifecycle/stale
contributor-last
pr-closed
recv
similar
7826 If issuer is incorrect, it is still shown as READY 9mo 5mo 9mo
kind/bug
priority/important-longterm
assigned
assignee-updated
author-last
pr-new-commits
recv
recv-q
7288 Missing UID in webhook challenge request 2y 2mo 2y
kind/bug
priority/backlog
lifecycle/rotten
contributor-last
recv
6820 Ongoing dependency evaluation
2y 2y 2y
lifecycle/frozen
priority/important-longterm
contributor-last
recv
6741 ACME account private key and URI are not updated if the path of the ACME server is changed
7
 2y 4mo 2y
lifecycle/frozen
kind/bug
priority/important-soon
pr-unreviewed
recv
6472 Create TLSA records automatically
15
 2y 2mo 2y
kind/feature
priority/backlog
contributor-last
recv
5917 Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated
43
 3y 17d 3y
kind/bug
priority/important-longterm
assigned
assignee-updated
recv
recv-q
5540 Changelog annotations to chart
3y 2mo 3y
kind/feature
priority/backlog
author-last
recv
5751 Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together
3y 5mo 3y
lifecycle/frozen
kind/bug
priority/important-soon
author-last
pr-closed
pr-unreviewed
recv
recv-q
1549 Brand guideline page 2y 2y 2y
priority/backlog
contributor-last
recv
1473 Add ArtifactHub packages to website 2y 2y 2y
priority/backlog
recv
1063 "Securing Ingresses with Venafi" tutorial contains link to missing manifest
3y 2y 3y
priority/important-longterm
author-last
pr-merged
recv
850 Document available cert-manager Prometheus metrics
4y 3y 4y
documentation
good first issue
priority/important-longterm
recv
recv-q
354 DigitalOcean access-token should not be base64-encoded 5y 5y 5y
priority/awaiting-more-evidence
author-last
recv
recv-q
237 docs for ACMEChallengeSolverHTTP01Ingress doesn't specify what `class` values are available
5y 5y 5y
priority/backlog
kind/documentation
contributor-last
pr-closed
recv
228 Documentation needs correction for external-account-bindings
5y 1y 5y
good first issue
priority/backlog
kind/documentation
contributor-last
pr-merged
recv
130 FAQ: How does cert-manager handle ingresses with valid TLS secrets? 6y 5y 6y
help wanted
priority/backlog
kind/documentation
contributor-last
recv
76 Upgrading from v0.10 to v0.11 - missing cainjector annotation 6y 5y 6y
priority/backlog
kind/documentation
contributor-last
recv
197 Document ACME account mismatch 6y 1y 6y
good first issue
priority/backlog
kind/documentation
pr-unreviewed
recv
recv-q
3 Restrict operator RBAC permissions
6y 2y 6y
priority/backlog
pr-merged
recv
83 As cmctl user, I want to use different kubectl context on command line ( --context='kubectl-context-abc' )
4
 2y 2y 2y
priority/important-longterm
recv
690 Clean up Presets
3y 2y 3y
priority/backlog
pr-merged
recv
594 Document infra image bumps and versioning 4y 2y 4y
priority/backlog
recv
38 Set repository to be a GitHub template repository
4y 2y 4y
priority/important-longterm
recv
134 previously listed items omitted

Important soon, but no updates in 90 days (17)

Resolution: Downgrade to important-longterm

Average age: 1283.8d, Avg wait: 93.1d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
7895 if certificate is already expired, it shown like a True
2
 8mo 3mo 6mo
help wanted
priority/important-soon
commented
pr-new-commits
pr-unreviewed
recv
7234 AWS Route53: Stale/Stuck Challenges should be deleted after a given timeout
4
 2y 4mo 2y
kind/bug
priority/important-soon
assigned
assignee-updated
commented
contributor-last
pr-closed
pr-merged
pr-reviewed-with-comment
recv
recv-q
6741 ACME account private key and URI are not updated if the path of the ACME server is changed
7
 2y 4mo 2y
lifecycle/frozen
kind/bug
priority/important-soon
pr-unreviewed
recv
6331 CSR not signed by referenced private key
10
 2y 4mo 2y
lifecycle/frozen
kind/bug
priority/important-soon
commented
contributor-last
recv-q
send
6709 1.14 Release Review
3
 2y 2y 2y
lifecycle/frozen
priority/important-soon
commented
contributor-last
send
5751 Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together
3y 5mo 3y
lifecycle/frozen
kind/bug
priority/important-soon
author-last
pr-closed
pr-unreviewed
recv
recv-q
5298 Complete the Migration Away From Jetstack Names 3y 2y 2y
lifecycle/frozen
kind/cleanup
priority/important-soon
commented
member-last
send
3992 Add non-CRD yaml file
4
 5y 5mo 2y
priority/important-soon
area/deploy
author-last
commented
recv
5867 Controller can't handle hitting request rate limits of zerossl ACME API
7
12
31
 3y 1y 2y
lifecycle/frozen
kind/bug
priority/important-soon
commented
pr-closed
pr-merged
recv-q
send
2930 Mirror to gcr.io or dockerhub
2
29
 5y 1y 1y
lifecycle/frozen
kind/feature
priority/important-soon
area/deploy
assigned
assignee-updated
commented
contributor-last
send
3381 Setup separate package for cert-manager API
5
 5y 1y 1y
lifecycle/frozen
kind/feature
priority/important-soon
assigned
assignee-updated
commented
member-last
send
955 Document when the vault pki role required setting `require_cn=false`
2
 4y 2y
priority/important-soon
174 Add documentation for CRD conversion webhook ca injection 6y 5y 5y
help wanted
priority/important-soon
kind/documentation
commented
member-last
send
1425 The `issuer.vault.spec.caBundleSecretRef` docs are missing 2y 2y
priority/important-soon
802 Spelling errors are unclear in pull request CI results and spell checker is unmaintained
4y 2y
kind/bug
priority/important-soon
contributor-last
pr-merged
195 Document keystores 6y 3y 5y
priority/important-soon
kind/documentation
commented
contributor-last
send
127 cmctl version reports only the old CRD version if I upgrade cert-manager without including the CRDs 2y 2y
priority/important-soon

Important longterm, but no updates in 180 days (21)

Resolution: Downgrade to backlog

Average age: 1477.2d, Avg wait: 262.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6969 Should upgrade status managed fields from CSA to SSA when ServerSideApply feature gate enabled 2y 2y 2y
lifecycle/frozen
kind/bug
priority/important-longterm
commented
contributor-last
send
6051 Detecting Gateway hostnames based on attached HTTPRoutes
7
32
 2y 8mo 9mo
lifecycle/frozen
kind/feature
priority/important-longterm
commented
pr-merged
send
similar
4685 Unexpected EOF during watch stream event decoding: unexpected EOF -- possibly due to api server upgrades / restarts
12
 4y 6mo 6mo
lifecycle/frozen
kind/bug
priority/important-longterm
commented
contributor-last
recv
4191 Setting default values for Pod's "resources"?
7
 4y 2y 2y
lifecycle/frozen
priority/important-longterm
commented
contributor-last
recv-q
send
3521 Integration with ExternalDNS
4
52
 5y 7mo 1y
help wanted
lifecycle/frozen
kind/feature
priority/important-longterm
commented
recv-q
2525 Better support multi-namespace & single-namespace deployments
27
 6y 11mo 2y
lifecycle/frozen
kind/feature
priority/important-longterm
area/deploy
commented
contributor-last
pr-closed
send
similar
2178 Handling 'unregistering' certificates from Venafi TPP
22
 6y 2y 2y
lifecycle/frozen
kind/feature
priority/important-longterm
area/venafi
commented
member-last
send
4950 General flakiness of our end-to-end suite
3
 4y 2y 3y
lifecycle/frozen
priority/important-longterm
kind/flake
commented
member-last
pr-closed
pr-merged
send
1186 Document that/why we don't use Helm's CRD installation mechanism 3y 2y 2y
good first issue
priority/important-longterm
kind/documentation
assigned
assignee-updated
commented
member-last
send
975 Some pages do not make it clear what the user should read next 4y 2y
priority/important-longterm
401 Bring tutorials up to date 5y 3y 3y
priority/important-longterm
commented
member-last
send
223 Document wildcard certificate tutorial 6y 5y 6y
priority/important-longterm
kind/documentation
commented
contributor-last
send
58 Support injection pem into an existing configmap
8
 3y 11mo 11mo
priority/important-longterm
lifecycle/frozen
assigned
assignee-updated
commented
member-last
pr-closed
pr-merged
pr-unreviewed
send
129 Increase e2e test timeouts 2y 2y
priority/important-longterm
98 Document new release process for all repos 2y 2y
priority/important-longterm
assigned
3 Make unit testing easier/make examples work
7y 2y 4y
priority/important-longterm
commented
member-last
pr-closed
send
5 previously listed items omitted: #6820 #1063 #850 #83 #38

Pull Requests: Review Ready (72)

Resolution: Review requests or mark them as do-not-merge/work-in-progress

Average age: 191.8d, Avg wait: 112.2d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
8723 feat(deploy): adding helm unit tests 2d 2h 2h
size/XL
release-note-none
kind/feature
dco-signoff: yes
area/deploy
collaborator-last
commented
new-commits
8727 feat(cert-shim): adding listener ignore annotation
1d 7h 7h
size/L
release-note
area/api
kind/feature
dco-signoff: yes
area/testing
collaborator-last
commented
new-commits
8592 docs: Update Helm repository references to OCI registry 5wk 1d 5wk
size/XS
release-note
kind/documentation
needs-ok-to-test
dco-signoff: yes
area/deploy
author-last
recv
recv-q
unreviewed
8614 Feature/ignore namespaces
2
 5wk 1d 5wk
release-note
area/api
kind/feature
size/M
dco-signoff: yes
tide/merge-method-squash
ok-to-test
contributor-last
new-commits
recv
recv-q
8457 feat(acme): add support for ECDSA account key algorithm in ACME issuers
2mo 3d 6wk
release-note
size/XL
area/api
kind/feature
area/acme
dco-signoff: yes
area/testing
ok-to-test
area/deploy
author-last
commented
recv
recv-q
reviewed-with-comment
similar
8574 feat(design): proposed ari design 6wk 5d 6d
size/L
release-note-none
kind/design
dco-signoff: yes
commented
new-commits
8687 Normalize challenge reason in certmanager_certificate_challenge_status metric
12d 9d 12d
size/L
release-note-none
needs-ok-to-test
dco-signoff: yes
needs-kind
contributor-last
recv
recv-q
reviewed-with-comment
8697 fix: retry ACME challenge on timeout, closes #8696 9d 9d 9d
release-note
size/S
kind/bug
needs-ok-to-test
area/acme
dco-signoff: yes
contributor-last
recv
recv-q
unreviewed
8692 Make cainjector use SSA unconditionally 11d 11d 11d
release-note
kind/feature
size/M
dco-signoff: yes
commented
contributor-last
new-commits
8648 fix: for ACME challenge scheduler, allow parallel challenges with dif… 3wk 16d 3wk
release-note
kind/bug
needs-ok-to-test
size/M
area/acme
dco-signoff: yes
assigned
assignee-updated
contributor-last
recv
recv-q
unreviewed
8613 Update test case to natively pass independently of executing OS 5wk 3wk 5wk
release-note-none
size/S
kind/cleanup
needs-ok-to-test
dco-signoff: yes
contributor-last
recv
recv-q
unreviewed
8485 Adds Sign API call metric for the Vault issuer. 2mo 3wk 2mo
size/L
release-note
kind/feature
needs-ok-to-test
dco-signoff: yes
area/monitoring
author-last
recv
recv-q
unreviewed
5743 Add MaxPathLen and add EncodeBasicConstraintsInRequest option to Certificate and CertificateRequest resources 3y 4wk 4wk
size/L
release-note
area/api
kind/cleanup
dco-signoff: yes
area/testing
ok-to-test
area/deploy
commented
member-last
reviewed-with-comment
8255 add dns issuer secrets validation before marking it as ready 5mo 3d 14d
release-note
kind/bug
size/XXL
area/acme
dco-signoff: yes
area/testing
ok-to-test
commented
contributor-last
new-commits
recv
8594 Fix typo "commonname" in PreferredChain field comment 5wk 5wk 5wk
release-note-none
size/S
area/api
kind/cleanup
needs-ok-to-test
dco-signoff: yes
area/deploy
contributor-last
recv
recv-q
unreviewed
7289 Design proposal for delayed certificate activation 2y 5wk 1y
size/L
release-note-none
kind/design
needs-ok-to-test
lifecycle/rotten
dco-signoff: yes
commented
contributor-last
recv
recv-q
reviewed-with-comment
8395 Clarify code around DNS01 Self Check 3mo 6wk 6wk
release-note-none
kind/cleanup
size/M
area/acme
dco-signoff: yes
ok-to-test
area/acme/dns01
author-last
commented
recv
recv-q
reviewed-with-comment
7733 fixes #5864: cert-manager CA to issue certs after verify with CA Certs Validity
11mo 6wk 10mo
size/L
release-note
kind/bug
kind/feature
lifecycle/rotten
dco-signoff: yes
ok-to-test
commented
contributor-last
new-commits
recv
recv-q
7852 adds cli option configure ACME challange authorization timeout
9mo 6wk 8mo
release-note
area/api
kind/feature
size/M
area/acme
dco-signoff: yes
ok-to-test
author-last
commented
new-commits
recv
recv-q
similar
8534 feat: add --dns01-timeout flag to make DNS01 provider API timeout configurable 7wk 7wk 7wk
release-note
area/api
needs-ok-to-test
size/M
area/acme
dco-signoff: yes
area/acme/dns01
needs-kind
contributor-last
recv
recv-q
unreviewed
8480 Add Subject Key Identifier (SKI) to issued certificates
3
 2mo 2mo 2mo
size/L
release-note
kind/feature
dco-signoff: yes
area/testing
ok-to-test
author-last
commented
new-commits
recv
8464 improve dynamic source serving certificate renewal logic 2mo 2mo 2mo
release-note
kind/bug
size/M
dco-signoff: yes
ok-to-test
commented
contributor-last
recv
unreviewed
8367 feat(helm) add startupProbe and readinessProbe to cert-manager-controller 3mo 3mo 3mo
release-note-none
kind/feature
needs-ok-to-test
size/M
dco-signoff: yes
area/deploy
commented
contributor-last
recv
recv-q
unreviewed
8262 Bugfix #7388 kid missing issue with Infisical ACME server or any other ACME that requires EAB
5mo 4mo 4mo
size/L
release-note
needs-ok-to-test
area/acme
dco-signoff: yes
needs-kind
author-last
commented
recv
unreviewed
7614 Lower the minimum certificate duration from 1 hour to 5 minutes 1y 5mo 1y
release-note
size/S
area/api
kind/feature
dco-signoff: yes
ok-to-test
contributor-last
recv
recv-q
unreviewed
2064 docs: add NetworkPolicy example manifests 3d 3d 3d
dco-signoff: yes
size/L
recv
recv-q
unreviewed
2041 docs: link HTTP01 guide to network policy requirements 12d 12d 12d
dco-signoff: yes
size/M
recv
recv-q
unreviewed
2004 Add adcs-issuer (lcwsre) to external issuers list 5wk 19d 5wk
dco-signoff: yes
size/L
author-last
recv
recv-q
unreviewed
2020 docs: add ENISA NIS2 reference to best practice intro 3wk 2wk 3wk
dco-signoff: yes
size/M
recv
recv-q
unreviewed
2023 Adds troubleshooting guide for host missmatch error 3wk 3wk 3wk
size/XS
dco-signoff: yes
recv
recv-q
unreviewed
1909 docs: add ACK RRSA supported AliDNS webhook 3mo 5wk 2mo
size/XS
dco-signoff: yes
author-last
commented
new-commits
recv
1587 Custom Certificate Support for cert-manager Webhook Endpoint 2y 5wk 2y
dco-signoff: yes
size/S
recv
recv-q
unreviewed
1602 acme troubleshooting: how to fix errored challenges 1y 5wk 1y
size/XS
dco-signoff: yes
contributor-last
recv
recv-q
reviewed-with-comment
2069 chore(deps): update misc npm packages 19h 15h 19h
dco-signoff: yes
size/S
ok-to-test
dependencies
recv
recv-q
unreviewed
290 Add OCI signing as part of existing publish pipeline 1d 1d
dco-signoff: yes
size/L
recv-q
reviewed-with-comment
279 chore(deps): pin nginx docker tag to 7f0adca 11d 10d 11d
dco-signoff: yes
size/XS
dependencies
ok-to-test
contributor-last
recv
recv-q
unreviewed
768 Add unit tests for pkg/tls Provider 19d 19d 19d
dco-signoff: yes
size/L
needs-ok-to-test
contributor-last
recv
recv-q
unreviewed
769 Fix HasIssuerConfig to use RLock instead of Lock 19d 19d 19d
dco-signoff: yes
size/XS
needs-ok-to-test
contributor-last
recv
recv-q
unreviewed
637 Fix/chartadditional annotations for cli args 6mo 2mo 6mo
dco-signoff: yes
size/XS
ok-to-test
commented
contributor-last
recv
recv-q
reviewed-with-comment
875 Fix Store() to detect duplicate approver names within a single call 9d 9d 9d
dco-signoff: yes
size/L
needs-ok-to-test
contributor-last
recv
recv-q
unreviewed
868 feat(annotations): Add annotation-based policy enforcement 16d 16d 16d
dco-signoff: yes
size/L
author-last
recv
recv-q
reviewed-with-comment
918 add bundle metrics 2wk 3d 12d
dco-signoff: yes
size/XL
ok-to-test
author-last
commented
new-commits
recv
recv-q
900 chart: add startupapicheck to ensure trust-manager is ready after install 6wk 6wk 6wk
dco-signoff: yes
needs-ok-to-test
size/XL
contributor-last
recv
recv-q
unreviewed
683 feat: Add a very basic pre-commit configuration 8mo 2mo 8mo
dco-signoff: yes
size/XS
lifecycle/stale
commented
contributor-last
new-commits
188 Remove SetCertificateRequestConditionError
3
 1y 7wk 7wk
dco-signoff: yes
size/XXL
commented
member-last
new-commits
432 fix(deps): update module github.com/cert-manager/cert-manager to v1.20.2 7d 2d 7d
dco-signoff: yes
size/M
needs-ok-to-test
contributor-last
recv
recv-q
similar
unreviewed
616 Allow setting hostNetwork values in helm chart 10d 2d 10d
dco-signoff: yes
size/S
needs-ok-to-test
author-last
recv
recv-q
unreviewed
627 feat: add --kube-api-qps and --kube-api-burst flags to CSI driver 1d 1d 1d
dco-signoff: yes
size/M
needs-ok-to-test
contributor-last
recv
recv-q
unreviewed
477 Mark SAN extension critical in SPIFFE CSRs for RFC 5280 and AWS PCA compliance 5wk 18d 18d
dco-signoff: yes
size/M
ok-to-test
author-last
commented
recv
unreviewed
148 limit-namespaces for namespace-scope deployments
1y 16d 1y
dco-signoff: no
size/S
needs-ok-to-test
contributor-last
recv
recv-q
unreviewed
303 feat: add support for setting private key encoding 4mo 3mo 4mo
dco-signoff: yes
size/L
needs-ok-to-test
recv
recv-q
reviewed-with-comment
similar
71 Refactor filesystem.go and adapt tests to use a real file system 1y 9mo 9mo
dco-signoff: yes
size/L
commented
member-last
reviewed-with-comment
443 inspect secret: close response body on error path in CRL check 4wk 4wk 4wk
needs-ok-to-test
size/XS
dco-signoff: no
contributor-last
recv
recv-q
unreviewed
69 Add KubeCon infrastructure 3wk 4d
dco-signoff: yes
size/L
contributor-last
recv-q
unreviewed
70 chore(deps): update terraform google to v7.28.0 3wk 4d 3wk
dco-signoff: yes
size/XS
dependencies
ok-to-test
contributor-last
recv
recv-q
similar
unreviewed
1169 Update k8s-infra-prow images, cert-manager-infra-images images as needed 3d 1d 3d
dco-signoff: yes
size/M
contributor-last
recv
recv-q
unreviewed
549 Split (helm) generate-crds target 2mo 2mo 2mo
dco-signoff: yes
size/M
commented
member-last
reviewed-with-comment
590 chore(deps): update dependency hashicorp/vault to v2 4d 19h 4d
dco-signoff: yes
size/S
dependencies
ok-to-test
contributor-last
recv
recv-q
similar
unreviewed
55 feat: add test module 2y 2y 2y
dco-signoff: yes
size/M
commented
contributor-last
recv
reviewed-with-comment
470 feat(helm): adding `helm-diff` target
5mo 4mo 4mo
dco-signoff: yes
size/S
cybr
ok-to-test
commented
contributor-last
new-commits
recv
recv-q
595 chore(deps): update module oras.land/oras to v1.3.2 15h 15h 15h
dco-signoff: yes
size/XS
dependencies
ok-to-test
contributor-last
recv
recv-q
unreviewed
69 Add auditing tool for confirming who has access to the cert-manager org 4wk 4wk
dco-signoff: yes
size/XL
contributor-last
recv-q
unreviewed
64 Add imagePullSecrets to template 2y 2y 2y
size/XS
dco-signoff: yes
needs-ok-to-test
contributor-last
recv
unreviewed
59 cleanup: remove unused NOTES.txt file 2y 2y 2y
size/XS
dco-signoff: yes
needs-ok-to-test
contributor-last
recv
unreviewed
1 Manage the cert-manager GitHub organisation from this repo 2y 2y 2y
dco-signoff: yes
size/XXL
commented
member-last
unreviewed
75 chore(deps): update goreleaser/goreleaser-action action to v7.1.0 11h 11h 11h
dco-signoff: yes
size/XS
dependencies
ok-to-test
contributor-last
recv
recv-q
similar
unreviewed
13 Various QA fixes 2mo 2mo 2mo
dco-signoff: yes
size/L
needs-ok-to-test
author-last
commented
new-commits
recv
4 Add support for custom license templates 2y 8mo
dco-signoff: yes
size/S
contributor-last
recv-q
unreviewed
8 Optionally output a unified diff
4mo 2mo 2mo
dco-signoff: yes
size/XL
needs-ok-to-test
author-last
commented
recv
recv-q
unreviewed
143 feat: allow creating or reusing an existing sa 2y 11mo 2y
ok-to-test
recv
recv-q
unreviewed
345 chore: add existing securityContext settings to values 6mo 6mo 6mo
size/M
dco-signoff: yes
contributor-last
recv
recv-q
similar
unreviewed
141 re-adding required clusterrole permission 2y 1y 2y
size/XS
author-last
recv
unreviewed

Unkinded Issues (228)

Resolution: Add a kind/ or triage/support label

Average age: 654.5d, Avg wait: 291.8d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
7699 Adding Helm Unittest to all certmanager projects 1y 3mo 3mo
priority/backlog
assigned
assignee-updated
commented
member-last
send
similar
6799 ACME challenges stopped working after 1.13/1.14 update
2y 6wk 2y
priority/critical-urgent
lifecycle/rotten
commented
contributor-last
recv
recv-q
6179 CRDs shouldn't be templated in Helm
5
2
30
 2y 4wk 7mo
priority/backlog
lifecycle/stale
commented
recv-q
send
5861 cert manager API showing error - "x509: certificate has expired or is not yet valid"
3
 3y 3mo 4mo
good first issue
lifecycle/frozen
priority/important-longterm
assigned
assignee-updated
commented
contributor-last
pr-unreviewed
send
similar
2061 Tutorial: `cert-manager` on Google Kubernetes Engine - Remove Google Domains 5d 5d 5d
author-last
pr-unreviewed
recv
1194 Confusing paragraph - cert-manager integration.
3y 12d 2y
documentation
priority/important-longterm
commented
contributor-last
pr-merged
send
1101 Feature request for updating documentation. 3y 2y 2y
priority/backlog
commented
member-last
send
1262 v1.9 to v1.10 upgrade instructions does not mention container name change
2y 1y 2y
priority/backlog
assigned
assignee-updated
commented
member-last
send
320 Document how to install cert-manager using gitops and known issues with particular gitops implementations
5
 5y 2y 5y
documentation
help wanted
priority/backlog
commented
pr-merged
recv-q
2 Set up periodic job to publish an experimental release build
6y 5y
priority/backlog
assigned
contributor-last
297 Allow all resources to be namespaced
7
 2y 4wk 7mo
priority/backlog
lifecycle/stale
commented
contributor-last
send
33 Support CRDs as target
5
 3y 8d 9mo
lifecycle/rotten
priority/backlog
commented
contributor-last
send
45 Unable to mount and read only file error
5
 4y 2y 2y
priority/awaiting-more-evidence
commented
send
132 Investigate test timeouts 2y 2y
priority/backlog
33 Create e2e test to validate CertificateRequest garbage collection 3y 2y 2y
priority/backlog
assigned
commented
member-last
send
81 Configuring Peribolos for Github org management 7y 2y 2y
priority/backlog
commented
member-last
send
3 Migrating all cert-manager projects to "Makefile modules" 2y 4mo 9mo
priority/backlog
commented
member-last
43 Allow non-Venafi employee maintainers full release capabilities
3
 1y 4mo 4mo
priority/backlog
assigned
assignee-updated
commented
member-last
27 failed with: OpenAPI spec does not exist
2
6
 4y 2y 2y
priority/critical-urgent
commented
pr-closed
pr-unreviewed
send
209 previously listed items omitted

Unprioritized Recent Issues (265)

Resolution: Add a priority/ or triage/ label

Average age: 456.7d, Avg wait: 226.3d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
8716 Feature Request: Add a CMPv2 issuer for certificate enrollment and renewal (RFC 4210) 3d 1d 1d
kind/feature
commented
member-last
send
8733 Updates or removal of solver ingress class annotations on ingresses are not propagated to existing certificates 8h 7h 8h
kind/bug
pr-unreviewed
recv
8729 Feature Request: allow to configure max retry backoff duration for failed CertificateRequest 22h 22h 22h
kind/feature
recv
262 previously listed items omitted

Uncommented Recent Issues (3)

Resolution: Add a comment

Average age: 2.2d, Avg wait: 1.4d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
3 previously listed items omitted: #8733 #8729 #2061
New, has multiple reactions, but not important-soon: No matching items
New, has multiple commenters, but not important-soon: No matching items

needs information, has update (1)

Resolution: Comment and remove triage/needs-information tag

Average age: 201.7d, Avg wait: 197.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
8121 Support for Creating CertificateRequest from Kubernetes Secret 6mo 5mo 6mo
kind/feature
triage/needs-information
contributor-last
recv
recv-q
similar

Recently updated issue has a question (1)

Resolution: Add an answer

Average age: 1047.4d, Avg wait: 3.5d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
142 expose bundles CRD as release artifact
2
12
 2y 4d 8mo
help wanted
lifecycle/stale
author-last
commented
recv
recv-q
Triage Party v1.4.0