Open PRs (179)

Resolution:

Average age: 334.4d, Avg wait: 84.3d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
8723 feat(deploy): adding helm unit tests 2d 3h 3h
size/XL
release-note-none
kind/feature
dco-signoff: yes
area/deploy
collaborator-last
commented
new-commits
8732 feat: move enableGatewayAPI/enableGatewayAPIListenerSet into GatewayAPIConfig 17h 3h 3h
size/L
release-note
area/api
kind/cleanup
dco-signoff: yes
changes-requested
collaborator-last
commented
send
8727 feat(cert-shim): adding listener ignore annotation
1d 8h 8h
size/L
release-note
area/api
kind/feature
dco-signoff: yes
area/testing
collaborator-last
commented
new-commits
8734 Fix: include annotations derived from ingress in certificate reconciliation loop 9h 9h 9h
size/L
do-not-merge/release-note-label-needed
kind/bug
needs-ok-to-test
dco-signoff: yes
contributor-last
recv
recv-q
unreviewed
8718 fix: apply ingressTemplate annotations to edit-in-place ingresses 3d 15h 3d
do-not-merge/release-note-label-needed
needs-ok-to-test
size/M
area/acme
dco-signoff: yes
area/acme/http01
needs-kind
contributor-last
recv
recv-q
unreviewed
8592 docs: Update Helm repository references to OCI registry 5wk 1d 5wk
size/XS
release-note
kind/documentation
needs-ok-to-test
dco-signoff: yes
area/deploy
author-last
recv
recv-q
unreviewed
8336 Add global.tolerations to helm chart 4mo 2d 3mo
release-note
needs-rebase
kind/feature
needs-ok-to-test
size/M
dco-signoff: yes
area/deploy
changes-requested
commented
recv-q
send
8722 fix(dns): propagate caBundle to acmeDNS solver, add per-solver override 2d 2d 2d
do-not-merge/release-note-label-needed
size/XL
area/api
kind/bug
kind/feature
needs-ok-to-test
area/acme
dco-signoff: yes
area/acme/dns01
area/deploy
contributor-last
recv
recv-q
unreviewed
8717 fix: remove OS-dependent path literals from TestFSLoader_Load 3d 3d 3d
do-not-merge/release-note-label-needed
size/S
needs-ok-to-test
dco-signoff: yes
needs-kind
contributor-last
recv
recv-q
unreviewed
8614 Feature/ignore namespaces
2
 5wk 1d 5wk
release-note
area/api
kind/feature
size/M
dco-signoff: yes
tide/merge-method-squash
ok-to-test
contributor-last
new-commits
recv
recv-q
8255 add dns issuer secrets validation before marking it as ready 5mo 4d 14d
release-note
kind/bug
size/XXL
area/acme
dco-signoff: yes
area/testing
ok-to-test
commented
contributor-last
new-commits
recv
8713 fix: use filepath functions in TestFSLoader_Load for Windows compatibility 4d 4d 4d
do-not-merge/release-note-label-needed
size/S
kind/bug
needs-ok-to-test
dco-signoff: yes
contributor-last
recv
recv-q
unreviewed
8339 feat(pkcs12): Add flag to specify pkcs12 keystore alias 4mo 5d 4mo
size/L
release-note
needs-rebase
area/api
kind/design
kind/feature
area/acme
dco-signoff: yes
area/testing
area/acme/dns01
area/acme/http01
area/deploy
contributor-last
recv
recv-q
unreviewed
8712 feat(metrics): add Vault Sign() request duration instrumentation 5d 5d 5d
size/L
do-not-merge/release-note-label-needed
needs-ok-to-test
dco-signoff: yes
area/monitoring
needs-kind
contributor-last
recv
recv-q
unreviewed
8574 feat(design): proposed ari design 6wk 6d 6d
size/L
release-note-none
kind/design
dco-signoff: yes
commented
new-commits
8698 fix(digitalocean): resolve DNS01 zones from managed domains 9d 6d 6d
size/L
release-note
kind/bug
needs-ok-to-test
area/acme
dco-signoff: yes
area/acme/dns01
collaborator-last
commented
send
unreviewed
8687 Normalize challenge reason in certmanager_certificate_challenge_status metric
12d 9d 12d
size/L
release-note-none
needs-ok-to-test
dco-signoff: yes
needs-kind
contributor-last
recv
recv-q
reviewed-with-comment
8697 fix: retry ACME challenge on timeout, closes #8696 9d 9d 9d
release-note
size/S
kind/bug
needs-ok-to-test
area/acme
dco-signoff: yes
contributor-last
recv
recv-q
unreviewed
8141 fix(helm): Align targetPorts in metrics endpoints for webhook and cainjector services
2
 6mo 9d 6mo
size/XS
release-note-none
lgtm
lifecycle/stale
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
commented
contributor-last
send
unreviewed
8692 Make cainjector use SSA unconditionally 11d 11d 11d
release-note
kind/feature
size/M
dco-signoff: yes
commented
contributor-last
new-commits
8648 fix: for ACME challenge scheduler, allow parallel challenges with dif… 3wk 16d 3wk
release-note
kind/bug
needs-ok-to-test
size/M
area/acme
dco-signoff: yes
assigned
assignee-updated
contributor-last
recv
recv-q
unreviewed
8674 Allow specifying secret namespaces for CAIssuers 17d 17d 17d
size/L
do-not-merge/release-note-label-needed
area/api
needs-ok-to-test
dco-signoff: yes
needs-kind
contributor-last
recv
recv-q
unreviewed
7662 Fix the issue of webhook routes generating duplicate operation IDs 1y 2wk 1y
do-not-merge/release-note-label-needed
needs-ok-to-test
size/M
area/acme
lifecycle/rotten
dco-signoff: yes
needs-kind
contributor-last
recv
recv-q
unreviewed
8637 fix(helm): roll deployments on config changes (checksum)
4wk 2wk 2wk
do-not-merge/release-note-label-needed
kind/feature
needs-ok-to-test
size/M
dco-signoff: yes
area/deploy
changes-requested
collaborator-last
commented
send
8529 fix: schedule readiness re-evaluation at certificate expiry time 1mo 3wk 3wk
size/L
release-note
kind/bug
dco-signoff: yes
ok-to-test
collaborator-last
commented
new-commits
send
8613 Update test case to natively pass independently of executing OS 5wk 3wk 5wk
release-note-none
size/S
kind/cleanup
needs-ok-to-test
dco-signoff: yes
contributor-last
recv
recv-q
unreviewed
8485 Adds Sign API call metric for the Vault issuer. 2mo 3wk 2mo
size/L
release-note
kind/feature
needs-ok-to-test
dco-signoff: yes
area/monitoring
author-last
recv
recv-q
unreviewed
8585 feat: support ECC keys for ACME account private keys 6wk 3wk 5wk
size/L
do-not-merge/release-note-label-needed
needs-ok-to-test
area/acme
dco-signoff: yes
needs-kind
collaborator-last
commented
send
similar
unreviewed
8639 fix(dns01): don't follow wildcard CNAMEs for challenge domain 4wk 4wk 4wk
size/L
do-not-merge/release-note-label-needed
kind/bug
needs-ok-to-test
area/acme
dco-signoff: yes
area/acme/dns01
contributor-last
recv
recv-q
unreviewed
8624 feat: add autoAnnotations support for Gateway-API 4wk 4wk 4wk
size/XS
release-note
do-not-merge/work-in-progress
kind/feature
needs-ok-to-test
dco-signoff: yes
collaborator-last
commented
draft
send
unreviewed
5743 Add MaxPathLen and add EncodeBasicConstraintsInRequest option to Certificate and CertificateRequest resources 3y 4wk 4wk
size/L
release-note
area/api
kind/cleanup
dco-signoff: yes
area/testing
ok-to-test
area/deploy
commented
member-last
reviewed-with-comment
8631 fix(acme): detect server URL path changes for account re-registration 4wk 4wk 4wk
size/L
do-not-merge/release-note-label-needed
area/api
kind/bug
needs-ok-to-test
area/acme
dco-signoff: yes
area/testing
area/deploy
contributor-last
recv
recv-q
unreviewed
8630 fix(vault): detect mismatched key from issue endpoint and fail permanently 4wk 4wk 4wk
size/L
do-not-merge/release-note-label-needed
needs-ok-to-test
dco-signoff: yes
needs-kind
contributor-last
recv
recv-q
unreviewed
8457 feat(acme): add support for ECDSA account key algorithm in ACME issuers
2mo 3d 6wk
release-note
size/XL
area/api
kind/feature
area/acme
dco-signoff: yes
area/testing
ok-to-test
area/deploy
author-last
commented
recv
recv-q
reviewed-with-comment
similar
8536 Re-enable the ListenerSet e2e tests 7wk 4wk 7wk
release-note-none
needs-rebase
do-not-merge/hold
kind/cleanup
size/XXL
dco-signoff: yes
area/testing
commented
contributor-last
new-commits
recv-q
send
7908 WIP: Graduate ServerSideApply feature gates to Beta
8mo 4wk 5mo
size/L
release-note
do-not-merge/work-in-progress
kind/feature
area/acme
dco-signoff: yes
area/testing
cybr
assigned
assignee-updated
commented
contributor-last
recv-q
send
unreviewed
7906 fix: Venafi call GetRefreshToken only when access token invalid for password/username authentication
2
 8mo 4wk 4wk
release-note
size/S
kind/bug
dco-signoff: yes
ok-to-test
commented
member-last
send
unreviewed
7764 Doc: Add leaderElection.namespace recommendation 11mo 4wk 7mo
size/XS
release-note-none
lifecycle/stale
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
commented
contributor-last
recv-q
send
unreviewed
8608 fix: reduce happy-eyeballs fallback delay in Cloudflare DNS provider 5wk 5wk 5wk
size/L
release-note
needs-rebase
kind/bug
needs-ok-to-test
area/acme
dco-signoff: yes
area/testing
area/acme/dns01
contributor-last
recv
recv-q
unreviewed
8594 Fix typo "commonname" in PreferredChain field comment 5wk 5wk 5wk
release-note-none
size/S
area/api
kind/cleanup
needs-ok-to-test
dco-signoff: yes
area/deploy
contributor-last
recv
recv-q
unreviewed
7289 Design proposal for delayed certificate activation 2y 5wk 1y
size/L
release-note-none
kind/design
needs-ok-to-test
lifecycle/rotten
dco-signoff: yes
commented
contributor-last
recv
recv-q
reviewed-with-comment
7521 ClusterIssuer read caBundle from Secret 1y 5wk 11mo
size/L
release-note
needs-rebase
area/api
kind/feature
needs-ok-to-test
area/acme
lifecycle/rotten
dco-signoff: yes
area/deploy
commented
contributor-last
recv-q
send
unreviewed
7689 Add Vertical Pod Autoscaler
2
 1y 6wk 6wk
size/L
release-note
approved
kind/feature
dco-signoff: yes
ok-to-test
area/deploy
assigned
assignee-updated
changes-requested
collaborator-last
commented
send
8395 Clarify code around DNS01 Self Check 3mo 6wk 6wk
release-note-none
kind/cleanup
size/M
area/acme
dco-signoff: yes
ok-to-test
area/acme/dns01
author-last
commented
recv
recv-q
reviewed-with-comment
7733 fixes #5864: cert-manager CA to issue certs after verify with CA Certs Validity
11mo 6wk 10mo
size/L
release-note
kind/bug
kind/feature
lifecycle/rotten
dco-signoff: yes
ok-to-test
commented
contributor-last
new-commits
recv
recv-q
7654 Implement fallback for git_version creation in forked environments 1y 6wk 1y
release-note-none
size/S
kind/cleanup
needs-ok-to-test
lifecycle/rotten
dco-signoff: yes
commented
contributor-last
recv-q
reviewed-with-comment
send
7852 adds cli option configure ACME challange authorization timeout
9mo 6wk 8mo
release-note
area/api
kind/feature
size/M
area/acme
dco-signoff: yes
ok-to-test
author-last
commented
new-commits
recv
recv-q
similar
7897 wip: add retry mechanism for challenge solver whenever we detect unauthorized error
8mo 6wk 5mo
size/XL
release-note-none
area/api
do-not-merge/work-in-progress
area/acme
dco-signoff: yes
area/testing
ok-to-test
area/acme/dns01
area/monitoring
area/deploy
needs-kind
commented
contributor-last
recv
recv-q
reviewed-with-comment
7399 Add renew window to restrict when certificate renewal can happen 1y 7wk 1y
size/L
release-note
needs-rebase
area/api
kind/feature
needs-ok-to-test
lifecycle/stale
dco-signoff: yes
area/testing
area/deploy
contributor-last
recv
recv-q
unreviewed
8379 acmechallenges: stabilize solver resource names 3mo 7wk 3mo
size/XS
release-note
needs-rebase
kind/bug
area/acme
dco-signoff: yes
ok-to-test
commented
contributor-last
recv
recv-q
unreviewed
8527 [WIP]:AddS ML-DSA-65 post-quantum signature algorithm support 1mo 7wk 1mo
do-not-merge/release-note-label-needed
size/XL
needs-rebase
area/api
do-not-merge/work-in-progress
kind/feature
needs-ok-to-test
dco-signoff: yes
area/testing
area/deploy
contributor-last
recv
recv-q
unreviewed
8534 feat: add --dns01-timeout flag to make DNS01 provider API timeout configurable 7wk 7wk 7wk
release-note
area/api
needs-ok-to-test
size/M
area/acme
dco-signoff: yes
area/acme/dns01
needs-kind
contributor-last
recv
recv-q
unreviewed
8480 Add Subject Key Identifier (SKI) to issued certificates
3
 2mo 2mo 2mo
size/L
release-note
kind/feature
dco-signoff: yes
area/testing
ok-to-test
author-last
commented
new-commits
recv
7886 Improve array field characteristics in API 8mo 2mo 2mo
size/L
release-note
area/api
do-not-merge/hold
kind/bug
kind/cleanup
dco-signoff: yes
area/deploy
commented
member-last
new-commits
7583 Support for ACME servers that don't finalize within the ACME client finalizer retry window 1y 4wk 4wk
release-note
kind/bug
needs-ok-to-test
size/M
area/acme
dco-signoff: yes
approved
commented
member-last
send
8504 WIP: Enable KAL 2mo 2mo
release-note-none
do-not-merge/work-in-progress
size/M
dco-signoff: yes
needs-kind
contributor-last
recv-q
unreviewed
8464 improve dynamic source serving certificate renewal logic 2mo 2mo 2mo
release-note
kind/bug
size/M
dco-signoff: yes
ok-to-test
commented
contributor-last
recv
unreviewed
8253 refactor(issuer): add shared factory and per-instance registries 5mo 2mo 2mo
size/L
release-note-none
lgtm
kind/cleanup
dco-signoff: yes
ok-to-test
commented
member-last
reviewed-with-comment
send
7725 chore: allow additional properties in Helm setup #7668
2
 11mo 2mo 11mo
size/XS
release-note-none
needs-ok-to-test
lifecycle/rotten
dco-signoff: no
area/deploy
needs-kind
commented
contributor-last
send
unreviewed
8438 POC: single cert-manager binary 2mo 2mo
release-note-none
do-not-merge/work-in-progress
kind/feature
size/XXL
dco-signoff: no
contributor-last
draft
recv-q
unreviewed
7646 Support custom ACME account key type.
2
 1y 2mo 10mo
size/L
release-note
needs-rebase
area/api
area/acme
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
commented
new-commits
recv
recv-q
8220 Add predicate filtering to queuing handler
5mo 3mo 5mo
size/XL
release-note-none
needs-rebase
area/acme
dco-signoff: yes
area/acme/dns01
needs-kind
commented
contributor-last
recv-q
send
unreviewed
8367 feat(helm) add startupProbe and readinessProbe to cert-manager-controller 3mo 3mo 3mo
release-note-none
kind/feature
needs-ok-to-test
size/M
dco-signoff: yes
area/deploy
commented
contributor-last
recv
recv-q
unreviewed
4835 Making sure per fixture only 1 setup is active at the same time 4y 3mo 9mo
release-note-none
needs-rebase
lifecycle/frozen
kind/bug
size/M
dco-signoff: yes
area/testing
assigned
assignee-updated
commented
contributor-last
recv-q
reviewed-with-comment
5447 Allow extra DNS-01 propagation time to be configured
3y 3mo 9mo
release-note
needs-rebase
size/S
lifecycle/frozen
kind/feature
area/acme
dco-signoff: yes
ok-to-test
area/acme/dns01
commented
contributor-last
recv-q
send
unreviewed
7382 Implement a single package for controlling cert-manager RNG
3
 2y 3mo 1y
size/L
release-note
needs-rebase
do-not-merge/hold
kind/feature
area/acme
dco-signoff: yes
area/testing
commented
contributor-last
recv-q
send
unreviewed
7236 Route53: Allow STS token to be refreshed by the AWS client if necessary 2y 3mo 1y
release-note
size/XL
needs-rebase
area/api
kind/bug
kind/feature
area/acme
dco-signoff: yes
area/acme/dns01
area/deploy
commented
contributor-last
recv-q
reviewed-with-comment
send
7437 fix: annotate account private key secrets 1y 3mo 1y
release-note
needs-rebase
size/S
area/api
kind/feature
area/acme
dco-signoff: yes
ok-to-test
commented
contributor-last
recv
recv-q
unreviewed
7449 WIP: reconcile issuers using issuer-lib 1y 3mo 10mo
release-note-none
needs-rebase
area/api
do-not-merge/work-in-progress
kind/cleanup
size/XXL
area/acme
area/ca
area/vault
dco-signoff: yes
area/testing
area/deploy
commented
contributor-last
recv-q
unreviewed
7718 Switch to makefile modules completely (part 1) 11mo 3mo 5mo
release-note-none
needs-rebase
area/api
kind/cleanup
size/XXL
area/acme
dco-signoff: yes
area/testing
area/deploy
cybr
commented
contributor-last
new-commits
recv-q
send
7805 feat: refactor challenge controller to be entirely non blocking 10mo 3mo 5mo
release-note
needs-rebase
area/api
kind/bug
size/XXL
area/acme
dco-signoff: yes
area/testing
area/acme/dns01
area/acme/http01
area/deploy
cybr
commented
contributor-last
new-commits
recv-q
send
7823 Adding read perms for pods and services to DNS01 ClusterRole
10mo 3mo 9mo
size/XS
release-note
needs-rebase
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
commented
contributor-last
recv
recv-q
reviewed-with-comment
8263 fix: dont copy `kapp.k14s.io` annotations from Ingress to created resources
5mo 3mo 4mo
size/XS
release-note
needs-rebase
kind/feature
dco-signoff: yes
ok-to-test
commented
contributor-last
recv-q
send
unreviewed
7450 Make ACME Authorization Timeout Configurable 1y 3mo 1y
size/L
release-note
needs-rebase
area/api
needs-ok-to-test
area/acme
dco-signoff: yes
area/acme/http01
area/deploy
needs-kind
commented
contributor-last
new-commits
recv
recv-q
similar
8071 Handle ACME Accept asynchronously 7mo 3mo 7mo
size/L
release-note
needs-rebase
area/api
needs-ok-to-test
area/acme
dco-signoff: yes
area/testing
area/deploy
needs-kind
contributor-last
recv
recv-q
unreviewed
8262 Bugfix #7388 kid missing issue with Infisical ACME server or any other ACME that requires EAB
5mo 4mo 4mo
size/L
release-note
needs-ok-to-test
area/acme
dco-signoff: yes
needs-kind
author-last
commented
recv
unreviewed
7614 Lower the minimum certificate duration from 1 hour to 5 minutes 1y 5mo 1y
release-note
size/S
area/api
kind/feature
dco-signoff: yes
ok-to-test
contributor-last
recv
recv-q
unreviewed
8187 fix: add case for parsing key with ec parameters 6mo 5mo 6mo
size/XS
release-note-none
kind/bug
needs-ok-to-test
dco-signoff: yes
author-last
changes-requested
recv
recv-q
2069 fix(deps): update misc npm packages 20h 26min 20h
dco-signoff: yes
size/L
ok-to-test
dependencies
recv
recv-q
unreviewed
2064 docs: add NetworkPolicy example manifests 3d 3d 3d
dco-signoff: yes
size/L
recv
recv-q
unreviewed
2062 Deploy `cert-manager` on Google Kubernetes Engine Tutorial - remove `google domains` 5d 5d 5d
dco-signoff: no
size/XS
do-not-merge/work-in-progress
draft
recv
recv-q
unreviewed
2042 docs: list cert-manager container images 12d 7d 7d
dco-signoff: yes
size/S
commented
member-last
reviewed-with-comment
send
2041 docs: link HTTP01 guide to network policy requirements 12d 12d 12d
dco-signoff: yes
size/M
recv
recv-q
unreviewed
2004 Add adcs-issuer (lcwsre) to external issuers list 5wk 19d 5wk
dco-signoff: yes
size/L
author-last
recv
recv-q
unreviewed
2020 docs: add ENISA NIS2 reference to best practice intro 3wk 2wk 3wk
dco-signoff: yes
size/M
recv
recv-q
unreviewed
1785 WIP: Add release-notes generator script and update release docs 6mo 3wk 3wk
dco-signoff: yes
size/XXL
needs-rebase
do-not-merge/work-in-progress
commented
member-last
reviewed-with-comment
send
2023 Adds troubleshooting guide for host missmatch error 3wk 3wk 3wk
size/XS
dco-signoff: yes
recv
recv-q
unreviewed
1607 Document Log Level settings. Document DNS01 delegation using multiple providers. 1y 5wk 1y
dco-signoff: yes
needs-rebase
size/M
contributor-last
recv
recv-q
unreviewed
1197 doc about new option default-cleanup-policy
3y 5wk 7mo
approved
dco-signoff: yes
needs-rebase
size/M
commented
member-last
new-commits
send
1202 Add section about client cert authentication for vault 3y 5wk 3y
dco-signoff: yes
do-not-merge/work-in-progress
size/M
commented
contributor-last
draft
new-commits
send
1213 Draft of tutorial for Google's Public CA 3y 5wk 2y
dco-signoff: yes
size/L
needs-rebase
ok-to-test
commented
contributor-last
reviewed-with-comment
send
859 Move the meetings and slack information to a separate page
4y 5wk 3y
approved
dco-signoff: yes
needs-rebase
size/M
changes-requested
commented
member-last
send
1909 docs: add ACK RRSA supported AliDNS webhook 3mo 5wk 2mo
size/XS
dco-signoff: yes
author-last
commented
new-commits
recv
948 add note to ingress class definition 4y 5wk 2y
dco-signoff: no
size/XS
needs-rebase
needs-ok-to-test
assigned
commented
contributor-last
send
unreviewed
1787 Update Slack links to include both invite and direct channel URLs 6mo 5wk 6mo
size/XS
dco-signoff: yes
cybr
changes-requested
commented
member-last
send
1640 Update issuer.md 1y 5wk 7mo
size/XS
dco-signoff: yes
commented
member-last
reviewed-with-comment
send
1569 wip: update cert-manager logo svg 2y 5wk 1y
dco-signoff: yes
size/L
do-not-merge/work-in-progress
commented
member-last
send
unreviewed
1075 Move Issuer / ClusterIssuer and Certificate resource content to a sub-folder of configuration/ 3y 5wk 2y
approved
dco-signoff: yes
size/L
needs-rebase
changes-requested
commented
member-last
send
1364 WIP: Patch release checklist 2y 5wk
dco-signoff: yes
needs-rebase
do-not-merge/work-in-progress
size/M
contributor-last
recv-q
unreviewed
1587 Custom Certificate Support for cert-manager Webhook Endpoint 2y 5wk 2y
dco-signoff: yes
size/S
recv
recv-q
unreviewed
1447 Explain how to install cert-manager using ArgoCD
3
 2y 5wk 2y
dco-signoff: yes
size/L
commented
contributor-last
recv-q
reviewed-with-comment
send
1450 Docker testing and validation 2y 5wk 2y
dco-signoff: yes
needs-rebase
size/M
contributor-last
new-commits
recv
recv-q
1686 docs: harmonize `<p>` formatting by dropping internal spaces 11mo 5wk 11mo
size/XS
dco-signoff: yes
assigned
changes-requested
contributor-last
recv
recv-q
1672 WIP: docs: Add an wrap-up announcement page
1y 5wk 1y
dco-signoff: yes
do-not-merge/work-in-progress
size/M
commented
draft
member-last
new-commits
send
790 Update route53.md 4y 5wk 2y
dco-signoff: no
size/XS
needs-rebase
needs-ok-to-test
changes-requested
commented
member-last
send
1724 DRAFT: feat(tutorials): Add Gateway API
9mo 5wk 2mo
dco-signoff: yes
size/L
do-not-merge/work-in-progress
author-last
commented
draft
recv
unreviewed
1611 Update webhook troubleshooting documentation to including necessary curl command. 1y 5wk 1y
dco-signoff: yes
size/S
changes-requested
contributor-last
recv
recv-q
1419 fix: TLSConfig secretName description 2y 5wk 2y
dco-signoff: yes
needs-rebase
size/S
changes-requested
commented
contributor-last
recv-q
send
1602 acme troubleshooting: how to fix errored challenges 1y 5wk 1y
size/XS
dco-signoff: yes
contributor-last
recv
recv-q
reviewed-with-comment
528 Update "Setting Nameservers for DNS01 Self Check" example 5y 4y 5y
size/XS
dco-signoff: yes
needs-rebase
needs-ok-to-test
contributor-last
recv
unreviewed
290 Add OCI signing as part of existing publish pipeline 1d 1d
dco-signoff: yes
size/L
recv-q
reviewed-with-comment
43 No more requirement "be in the release folder" to run cmrel, remove the flag --cloudbuild 4y 4y
dco-signoff: yes
approved
size/M
needs-rebase
contributor-last
unreviewed
279 chore(deps): pin nginx docker tag to 7f0adca 11d 10d 11d
dco-signoff: yes
size/XS
dependencies
ok-to-test
contributor-last
recv
recv-q
unreviewed
36 Add the "cmrel update-release-branch" command 4y 4y 4y
dco-signoff: yes
approved
size/M
needs-rebase
do-not-merge/work-in-progress
commented
contributor-last
draft
unreviewed
769 Fix HasIssuerConfig to use RLock instead of Lock 19d 19d 19d
dco-signoff: yes
size/XS
needs-ok-to-test
contributor-last
recv
recv-q
unreviewed
728 Deprioritize resync operations 2mo 6wk 7wk
dco-signoff: yes
size/S
ok-to-test
needs-rebase
commented
contributor-last
recv
recv-q
reviewed-with-comment
637 Fix/chartadditional annotations for cli args 6mo 2mo 6mo
dco-signoff: yes
size/XS
ok-to-test
commented
contributor-last
recv
recv-q
reviewed-with-comment
768 Add unit tests for pkg/tls Provider 19d 19d 19d
dco-signoff: yes
size/L
needs-ok-to-test
contributor-last
recv
recv-q
unreviewed
854 test: add unit tests for registry package
19d 9d 9d
dco-signoff: yes
size/L
ok-to-test
commented
contributor-last
reviewed-with-comment
send
868 feat(annotations): Add annotation-based policy enforcement 16d 16d 16d
dco-signoff: yes
size/L
author-last
recv
recv-q
reviewed-with-comment
628 Grant cert-manager RBAC to use all policies by default 11mo 5mo 5mo
dco-signoff: yes
size/M
commented
contributor-last
recv-q
send
unreviewed
875 Fix Store() to detect duplicate approver names within a single call 9d 9d 9d
dco-signoff: yes
size/L
needs-ok-to-test
contributor-last
recv
recv-q
unreviewed
918 add bundle metrics 2wk 3d 12d
dco-signoff: yes
size/XL
ok-to-test
author-last
commented
new-commits
recv
recv-q
921 Add explicit unit tests for v1alpha1 Bundle conversion
19d 9d 12d
dco-signoff: yes
size/XL
ok-to-test
commented
contributor-last
new-commits
recv-q
send
900 chart: add startupapicheck to ensure trust-manager is ready after install 6wk 6wk 6wk
dco-signoff: yes
needs-ok-to-test
size/XL
contributor-last
recv
recv-q
unreviewed
836 Set securityContext and podSecurityContext in values 3mo 1mo 2mo
dco-signoff: yes
size/L
ok-to-test
commented
member-last
send
similar
unreviewed
558 feat(helm-chart): add ability to set pod level security context 1y 1mo 8mo
dco-signoff: yes
ok-to-test
size/S
commented
recv-q
send
unreviewed
683 feat: Add a very basic pre-commit configuration 8mo 2mo 8mo
dco-signoff: yes
size/XS
lifecycle/stale
commented
contributor-last
new-commits
395 WIP: feat: inject bundle data into configmap 2y 2mo 2mo
dco-signoff: yes
size/L
do-not-merge/work-in-progress
commented
member-last
unreviewed
762 Add support for injecting CA from secret for trust manager Webhook 6mo 3mo 3mo
dco-signoff: yes
needs-ok-to-test
size/S
commented
member-last
reviewed-with-comment
send
702 User-facing migration to ClusterBundle 7mo 22h 11d
dco-signoff: yes
do-not-merge/hold
size/XXL
commented
contributor-last
reviewed-with-comment
689 Add build process for Debian Trixie 8mo 5mo 8mo
dco-signoff: yes
size/L
needs-rebase
commented
contributor-last
recv-q
unreviewed
654 Add design for trust source plugins
9mo 3mo 9mo
dco-signoff: yes
size/M
do-not-merge/work-in-progress
commented
draft
reviewed-with-comment
send
188 Remove SetCertificateRequestConditionError
3
 1y 7wk 7wk
dco-signoff: yes
size/XXL
commented
member-last
new-commits
324 [VC-35742] Handle canceled context to prevent extra retries 7mo 7mo 7mo
dco-signoff: yes
size/S
do-not-merge/work-in-progress
needs-ok-to-test
commented
draft
member-last
send
unreviewed
186 Remove GetIssuerTypeIdentifier from Issuer API 1y 9mo
dco-signoff: yes
needs-rebase
size/L
contributor-last
recv-q
unreviewed
24 Add conformance tests 2y 2y 2y
dco-signoff: yes
size/XXL
approved
needs-rebase
assigned
commented
contributor-last
reviewed-with-comment
432 fix(deps): update module github.com/cert-manager/cert-manager to v1.20.2 7d 2d 7d
dco-signoff: yes
size/M
needs-ok-to-test
contributor-last
recv
recv-q
similar
unreviewed
616 Allow setting hostNetwork values in helm chart 10d 2d 10d
dco-signoff: yes
size/S
needs-ok-to-test
author-last
recv
recv-q
unreviewed
618 feat(pki): add pkcs12-password-file (auto-mounts password) 9d 9d 9d
dco-signoff: no
size/M
do-not-merge/work-in-progress
needs-ok-to-test
contributor-last
draft
recv
recv-q
unreviewed
502 Enable csi-lib metrics 5mo 5wk 5wk
dco-signoff: yes
size/S
needs-rebase
ok-to-test
commented
member-last
reviewed-with-comment
send
627 feat: add --kube-api-qps and --kube-api-burst flags to CSI driver 1d 1d 1d
dco-signoff: yes
size/M
needs-ok-to-test
contributor-last
recv
recv-q
unreviewed
129 Add attribute support for certificate subject
3y 2y 2y
dco-signoff: yes
size/L
needs-rebase
ok-to-test
commented
contributor-last
reviewed-with-comment
send
135 Added options to all containers 3y 2y 3y
dco-signoff: yes
size/L
needs-rebase
ok-to-test
commented
contributor-last
send
unreviewed
251 PoC: Generate SPIFFE identities in csi-driver 2y 2y 2y
dco-signoff: yes
size/S
do-not-merge/work-in-progress
needs-rebase
commented
contributor-last
draft
recv-q
unreviewed
107 Remove csi-driver-spiffe approver 2y 2y
size/XXL
dco-signoff: no
do-not-merge/work-in-progress
needs-rebase
contributor-last
draft
unreviewed
477 Mark SAN extension critical in SPIFFE CSRs for RFC 5280 and AWS PCA compliance 5wk 18d 18d
dco-signoff: yes
size/M
ok-to-test
author-last
commented
recv
unreviewed
148 limit-namespaces for namespace-scope deployments
1y 16d 1y
dco-signoff: no
size/S
needs-ok-to-test
contributor-last
recv
recv-q
unreviewed
303 feat: add support for setting private key encoding 4mo 3mo 4mo
dco-signoff: yes
size/L
needs-ok-to-test
recv
recv-q
reviewed-with-comment
similar
117 fill spec.tls.caCertificate in route with intermediate ca certificate…
1y 1y 1y
dco-signoff: yes
size/M
needs-rebase
ok-to-test
commented
contributor-last
new-commits
recv-q
send
71 Refactor filesystem.go and adapt tests to use a real file system 1y 9mo 9mo
dco-signoff: yes
size/L
commented
member-last
reviewed-with-comment
443 inspect secret: close response body on error path in CRL check 4wk 4wk 4wk
needs-ok-to-test
size/XS
dco-signoff: no
contributor-last
recv
recv-q
unreviewed
69 Add KubeCon infrastructure 3wk 4d
dco-signoff: yes
size/L
contributor-last
recv-q
unreviewed
70 chore(deps): update terraform google to v7.28.0 3wk 4d 3wk
dco-signoff: yes
size/XS
dependencies
ok-to-test
contributor-last
recv
recv-q
similar
unreviewed
1160 config: exempt Copilot-authored PRs from DCO requirement in Tide 5wk 11d 11d
dco-signoff: no
size/S
do-not-merge/work-in-progress
needs-ok-to-test
commented
draft
member-last
send
unreviewed
1114 Add the 'cybr' label 6mo 6mo 6mo
size/XS
dco-signoff: yes
commented
member-last
reviewed-with-comment
send
1169 Update k8s-infra-prow images, cert-manager-infra-images images as needed 3d 1d 3d
dco-signoff: yes
size/M
contributor-last
recv
recv-q
unreviewed
595 chore(deps): update module oras.land/oras to v1.3.2 16h 16h 16h
dco-signoff: yes
size/XS
dependencies
ok-to-test
contributor-last
recv
recv-q
unreviewed
590 chore(deps): update dependency hashicorp/vault to v2 4d 20h 4d
dco-signoff: yes
size/S
dependencies
ok-to-test
contributor-last
recv
recv-q
similar
unreviewed
492 chore(deps): update module github.com/sigstore/cosign/v2 to v3 4mo 9d 4mo
dco-signoff: yes
size/XS
do-not-merge/hold
dependencies
ok-to-test
commented
member-last
send
unreviewed
549 Split (helm) generate-crds target 2mo 2mo 2mo
dco-signoff: yes
size/M
commented
member-last
reviewed-with-comment
541 Add Kube API linter 2mo 2mo 2mo
dco-signoff: yes
size/M
needs-rebase
commented
contributor-last
recv-q
reviewed-with-comment
send
470 feat(helm): adding `helm-diff` target
5mo 4mo 4mo
dco-signoff: yes
size/S
cybr
ok-to-test
commented
contributor-last
new-commits
recv
recv-q
293 Add Helm chart image baking 11mo 7mo
dco-signoff: yes
size/S
needs-rebase
contributor-last
recv-q
similar
unreviewed
55 feat: add test module 2y 2y 2y
dco-signoff: yes
size/M
commented
contributor-last
recv
reviewed-with-comment
104 Add Chart image baking 11mo 7mo 7mo
dco-signoff: yes
size/L
needs-rebase
commented
member-last
reviewed-with-comment
send
similar
11 Governance: folks meaningfully contributing to the biweekly can become GitHub Members 2y 5mo
do-not-merge/work-in-progress
dco-signoff: yes
size/S
draft
reviewed-with-comment
69 Add auditing tool for confirming who has access to the cert-manager org 4wk 4wk
dco-signoff: yes
size/XL
contributor-last
recv-q
unreviewed
59 cleanup: remove unused NOTES.txt file 2y 2y 2y
size/XS
dco-signoff: yes
needs-ok-to-test
contributor-last
recv
unreviewed
64 Add imagePullSecrets to template 2y 2y 2y
size/XS
dco-signoff: yes
needs-ok-to-test
contributor-last
recv
unreviewed
1 Manage the cert-manager GitHub organisation from this repo 2y 2y 2y
dco-signoff: yes
size/XXL
commented
member-last
unreviewed
75 chore(deps): update goreleaser/goreleaser-action action to v7.1.0 12h 12h 12h
dco-signoff: yes
size/XS
dependencies
ok-to-test
contributor-last
recv
recv-q
similar
unreviewed
13 Various QA fixes 2mo 2mo 2mo
dco-signoff: yes
size/L
needs-ok-to-test
author-last
commented
new-commits
recv
4 Add support for custom license templates 2y 8mo
dco-signoff: yes
size/S
contributor-last
recv-q
unreviewed
8 Optionally output a unified diff
4mo 2mo 2mo
dco-signoff: yes
size/XL
needs-ok-to-test
author-last
commented
recv
recv-q
unreviewed
159 Split certificate chain 2y 11d 1y
needs-rebase
commented
contributor-last
recv-q
reviewed-with-comment
send
143 feat: allow creating or reusing an existing sa 2y 11mo 2y
ok-to-test
recv
recv-q
unreviewed
141 re-adding required clusterrole permission 2y 1y 2y
size/XS
author-last
recv
unreviewed
345 chore: add existing securityContext settings to values 6mo 6mo 6mo
size/M
dco-signoff: yes
contributor-last
recv
recv-q
similar
unreviewed

Open Issues (380)

Resolution:

Average age: 707.8d, Avg wait: 243.9d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
8716 Feature Request: Add a CMPv2 issuer for certificate enrollment and renewal (RFC 4210) 3d 2d 2d
kind/feature
commented
member-last
send
8729 Feature Request: allow to configure max retry backoff duration for failed CertificateRequest 1d 1d 1d
kind/feature
recv
8668 Add helm unit tests for cert-manager chart 19d 19d 19d
kind/feature
assigned
assignee-updated
collaborator-last
commented
similar
8733 Updates or removal of solver ingress class annotations on ingresses are not propagated to existing certificates 9h 9h 9h
kind/bug
pr-unreviewed
recv
8702 202 Accepted Response - Certificate Request failed - Unexpected status code on TPP Certificate Request. 8d 8d 8d
recv
8672 Allow specifying the secret namespace for CA issuer spec 17d 17d 17d
commented
member-last
pr-unreviewed
send
8641 ContribFest KubeCon EU 2026 - Amsterdam (March 24, 2026) 4wk 3wk 4wk
kind/documentation
commented
member-last
8643 ACME challenge scheduler: allow parallel challenges with different HTTP01 ingress classes or DNS01 providers 4wk 3wk
good first issue
help wanted
kind/bug
assigned
assignee-updated
contributor-last
pr-unreviewed
8612 Unneeded OS dependency in TestFSLoader_Load 5wk 5wk 5wk
kind/bug
kind/cleanup
author-last
pr-unreviewed
recv
8609 Skip certain listener's certificate management for Gateway API
5wk 3wk 3wk
kind/feature
collaborator-last
commented
pr-new-commits
send
8611 Move from LetsEncrypt staging endpoint to production endpoint causes loop of the same error
3
2
 5wk 3wk 3wk
kind/bug
commented
member-last
pr-closed
send
8572 Solver ingressTemplate annotations are not applied to existing Ingress resources when acme.cert-manager.io/http01-edit-in-place: 'true' is set
6wk 5wk 6wk
kind/bug
author-last
pr-closed
pr-unreviewed
recv
similar
8530 Allow usage of the new DNS-PERSIST-01 challange for ACME
14
 1mo 1mo 1mo
kind/feature
recv
similar
8522 Support pulling additional fields from secret when using external account binding
2mo 2mo 2mo
kind/feature
recv
recv-q
8586 Misconfiguration caused hammering of DigitalOcean API 6wk 6wk 6wk
kind/bug
pr-unreviewed
recv
8512 ArtifactHub install command causes Helm fallback warning due to missing v prefix 2mo 2mo 2mo
recv
8499 Add custom labels to be exposed in prometheus metrics 2mo 9d 9d
kind/feature
area/monitoring
collaborator-last
commented
send
8513 Exclude namespace(s) from CA Injector 2mo 5wk 2mo
kind/feature
contributor-last
pr-new-commits
recv
8679 Allow managing SSH-CA 15d 15d 15d
kind/feature
recv
8481 FYI: cert-manager-webhook-libdns
2mo 2mo 2mo
recv
8476 Helm chart defaults leaderElection namespace to kube-system, blocking cert-manager controller and certificate creation 2mo 2mo 2mo
kind/bug
author-last
commented
recv
recv-q
8659 v1.20.1 release progress tracking 3wk 3wk
8450 Introducing DelayedInformers for CRD check 2mo 2mo 2mo
kind/feature
assigned
assignee-updated
commented
contributor-last
send
8656 v1.20.0 release progress tracking 3wk 3wk
8493 cloudflare DNS01 - Client.Timeout exceeded while awaiting headers
4
11
 2mo 18d 1mo
good first issue
help wanted
kind/bug
assigned
assignee-updated
commented
pr-unreviewed
recv-q
send
8416 Make Venafi client timeout configurable for slower servers 3mo 2mo 2mo
kind/feature
commented
member-last
send
8402 ZeroSSL issues all certs with the same hour (yyyy-mm-ddT15:59:59Z) 3mo 11d 2wk
kind/feature
priority/important-longterm
author-last
commented
recv
8378 Support `PodCertificateRequest`
3mo 3mo 3mo
kind/feature
collaborator-last
commented
send
similar
8696 Challenge is not reconciled on ACME API timeout 9d 9d 9d
kind/bug
pr-unreviewed
recv
8372 HTTP-01 challenge: support stateless http-01 challenge 3mo 3mo 3mo
kind/feature
recv
8364 Replace Hetzner DNS01 Webhook 3mo 3mo 3mo
collaborator-last
commented
send
8458 Vault approle configuration
2mo 2mo 2mo
kind/feature
recv
8340 Top-level: CA Issuer rotation problem 4mo 4mo
cybr
8309 Dependency Dashboard 4mo 23h 4mo
recv
8296 HTTP-01 challenge stuck in pending with status code 400 4mo 3mo 3mo
triage/support
commented
member-last
send
8280 Unblocking SSA: Document changes in SSA-by-default 4mo 4mo
cybr
8279 Unblocking SSA: Fix unit tests 4mo 4mo
cybr
8277 Unblocking Server Side Apply (SSA) by Default 4mo 2mo 2mo
cybr
commented
member-last
8251 Top-level ticket: ListenerSet
8
 5mo 2d 6wk
cybr
commented
pr-merged
recv-q
send
8235 Cert-manager support for Issuer-managed keys 5mo 5mo 5mo
kind/feature
author-last
commented
recv
8373 DNS-PERSIST-01 challenge support (planned for late Q1 2026)
2
2
105
 3mo 3wk 3mo
kind/feature
recv
recv-q
similar
8218 Include Vault hostname as default JWT audiences
5mo 2mo 2mo
kind/feature
assigned
assignee-updated
commented
member-last
pr-merged
send
8209 Add revocation at certificate deletion
3
 5mo 5mo 5mo
kind/feature
recv
similar
8201 Timeout contacting Cloudflare API during cert-manager DNS-01 challenge 5mo 5mo 5mo
commented
send
8200 Add commonLabels support for acmesolver 5mo 1d 1d
kind/feature
priority/important-longterm
assigned
assignee-updated
commented
member-last
send
8194 Update e2e Documentation - for the make e2e-setup command 6mo 6mo 6mo
kind/feature
collaborator-last
commented
send
8183 Add helm diff output to cert-manager PRs 6mo 4mo 5mo
assigned
assignee-updated
collaborator-last
commented
send
8121 Support for Creating CertificateRequest from Kubernetes Secret 6mo 5mo 6mo
kind/feature
triage/needs-information
contributor-last
recv
recv-q
similar
8102 cert-manager-startupapicheck erroring while installation
4
 6mo 4mo 4mo
kind/bug
triage/needs-information
commented
member-last
send
8095 DNS-01 Delegated zone is not following CNAME and creating wrong records
4
 7mo 5mo 6mo
kind/bug
author-last
commented
recv
recv-q
8094 HTTP-01 challenge returns 502 with App Gateway (works with NGINX ingress controller) 7mo 2mo 7mo
recv
recv-q
8086 ACME ClusterIssuer not recovering after Vault restart 7mo 4wk 7mo
kind/bug
lifecycle/stale
contributor-last
recv
8234 Vault Issuer: certmanager spams thousands of CertificateRequest resources if Issuer is configured to use the Vault issue endpoint rather than the sign endpoint
5mo 5mo 5mo
kind/bug
commented
member-last
pr-unreviewed
send
8082 EOF during self check with Pomerium 7mo 4wk 7mo
lifecycle/stale
contributor-last
recv
8085 Feature Request: Add annotation to disable automatic certificate renewal
7mo 12d 7mo
priority/important-longterm
lifecycle/stale
contributor-last
pr-closed
recv
similar
8023 ACME issuer fails when CA includes Name Constraints with x509: unhandled critical extension 7mo 6wk 7mo
lifecycle/stale
commented
contributor-last
recv
recv-q
7914 Output tls.crt in CA cert to another secret 8mo 2mo 8mo
kind/feature
lifecycle/stale
contributor-last
recv
8058 Cert-manager fails to import ECDSA private keys generated by openssl 7mo 12d 7mo
kind/bug
priority/important-longterm
lifecycle/stale
contributor-last
pr-changes-requested
recv
7895 if certificate is already expired, it shown like a True
2
 8mo 3mo 6mo
help wanted
priority/important-soon
commented
pr-new-commits
pr-unreviewed
recv
7879 Remove no-op certificate metrics controller 8mo 12d 8mo
kind/feature
priority/backlog
lifecycle/stale
assigned
assignee-updated
commented
contributor-last
7868 Metrics for webhook certificate
3
 9mo 5mo 9mo
kind/feature
author-last
recv
7864 failed to call webhook: certificate has expired or is not yet valid
2
 9mo 3mo 9mo
kind/bug
assigned
assignee-updated
contributor-last
recv
recv-q
similar
7862 Requesting a certificate from ZeroSSL sometimes takes more than 10 minutes to complete
7
 9mo 16d 9mo
kind/bug
lifecycle/stale
contributor-last
recv
7846 ClusterIssuer.Status.Acme.URI disappeared
3
 9mo 11d 7mo
good first issue
kind/bug
priority/awaiting-more-evidence
area/acme
triage/needs-information
assigned
assignee-updated
commented
send
7845 ClusterIssuer.cert-manager.io "letsencrypt" is invalid: spec.acme.privateKeySecretRef: Required value...
6
 9mo 3wk 7mo
kind/bug
priority/awaiting-more-evidence
lifecycle/stale
area/acme
triage/needs-information
commented
contributor-last
send
7834 Provide race condition mitigation support 9mo 3mo 9mo
kind/feature
author-last
recv
7829 Support to auto delete Certificaterequest
9mo 3wk 9mo
kind/feature
lifecycle/rotten
commented
contributor-last
send
similar
7828 Cert-manager created multiple CertificateRequests (over 30k) for a valid certificate
9mo 5mo 8mo
kind/bug
commented
send
8441 Add instrumentation to Vault issuer Sign() operation 2mo 2mo 2mo
good first issue
kind/feature
priority/backlog
assigned
assignee-updated
commented
contributor-last
pr-unreviewed
recv
recv-q
8434 Allow external account binding (EAB) with ECC keys 2mo 2mo 2mo
good first issue
kind/feature
priority/backlog
commented
member-last
pr-reviewed-with-comment
pr-unreviewed
send
7821 Request to support AWS ACM Exportable certificates
56
 10mo 4mo 6mo
kind/feature
commented
send
similar
7817 Support `global.nodeSelector` in the Helm chart
2
 10mo 6mo 10mo
kind/feature
contributor-last
pr-merged
recv
7788 Be able to default `acme.cert-manager.io/http01-edit-in-place: "true"` behavior in deployment/chart values
4
 10mo 4mo 4mo
kind/feature
collaborator-last
commented
send
7779 RevisionHistoryLimit should follow Kubernetes definition 10mo 6wk 10mo
lifecycle/rotten
contributor-last
recv
7772 Reviewing the use of https://github.com/SSLMate/go-pkcs12 10mo 6wk 10mo
kind/feature
lifecycle/rotten
commented
contributor-last
send
7768 Stuck in a loop with `multiple challenge solver pods found for challenge` 10mo 4mo 10mo
kind/bug
author-last
recv
7766 Certificate: Let me specify the concatenation order for CombinedPEM output format
11mo 1mo 11mo
kind/feature
author-last
recv
recv-q
7765 Propagation tests fails when using IPv6 recursive DNS nameservers
11mo 1mo 11mo
kind/bug
lifecycle/rotten
recv
7760 Is the zone responsible for a domain changes, cert-manager will not pick it up 11mo 2mo 11mo
kind/bug
lifecycle/rotten
contributor-last
recv
7755 cert-manager-challenges Error presenting challenge: expected array of Record 11mo 2mo 11mo
lifecycle/rotten
contributor-last
recv
recv-q
7751 Custom key usage extensions 11mo 6wk 2mo
kind/feature
commented
recv
recv-q
7749 Http and PROXY protocol
5
 11mo 2mo 11mo
lifecycle/rotten
contributor-last
recv
7747 [suggestion] Add Kustomize install documentation
5
6
 11mo 5wk 11mo
kind/feature
lifecycle/stale
commented
contributor-last
recv
recv-q
7717 After uninstalling cert-manager, ingress resources can still only be accessed via https 11mo 2mo 11mo
lifecycle/rotten
contributor-last
recv
7699 Adding Helm Unittest to all certmanager projects 1y 3mo 3mo
priority/backlog
assigned
assignee-updated
commented
member-last
send
similar
7684 Add support for namespaced deployment
1y 9d 1y
kind/feature
lifecycle/rotten
contributor-last
pr-merged
recv
recv-q
similar
7660 cert-manager produces invalid (per RFC5280) certificates when `cert sign` usage is set along with another usage 1y 2mo 11mo
kind/bug
lifecycle/rotten
commented
contributor-last
send
7659 Challenge and resolver pod/ingress killed too soon
2
 1y 2mo 1y
lifecycle/rotten
contributor-last
recv
7649 [GKE][Cert-Manager]Document Might Need Implementation Details Update to GSA/KSA Integration 1y 5wk 1y
kind/bug
lifecycle/rotten
contributor-last
recv
recv-q
7645 Support cross-signed intermediate CAs issued with Vault
5
 1y 17d 2mo
kind/feature
commented
send
7625 Clean install fails to create Issuer
4
 1y 2mo 1y
kind/bug
lifecycle/rotten
contributor-last
recv
recv-q
7598 More fine-grained control of powerful RBAC permission granted via Helm chart
2
5
 1y 12d 9mo
kind/feature
priority/important-longterm
lifecycle/stale
assigned
assignee-updated
commented
contributor-last
pr-merged
recv-q
send
7594 Cloudflare delegated domains returns Found no Zones for domain _acme-challenge.mydomain.com
1y 2mo 1y
kind/bug
lifecycle/rotten
contributor-last
recv
7561 Feature Request RFC: Push notifications from cert-manager to <other service> when certificates are issued 1y 5mo 5mo
kind/feature
author-last
commented
recv
recv-q
7551 Unhelpful log messages 1y 4mo
lifecycle/frozen
contributor-last
7536 Digicert ACME order is failing due to invalid validity_years
2
 1y 3d 4mo
good first issue
lifecycle/frozen
kind/feature
priority/backlog
area/acme
commented
contributor-last
recv
recv-q
7531 punycode issue 1y 5mo 1y
author-last
recv
7522 Non standard "cert-manager.io" used in event "Reason" 1y 5mo 1y
lifecycle/frozen
kind/bug
commented
contributor-last
recv
7520 ClusterIssuer read caBundle from Secret
7
 1y 4mo 1y
kind/feature
commented
pr-unreviewed
send
7514 Replace some of the webhook functionality with `ValidatingAdmissionPolicy` & CEL
1y 2mo 8mo
kind/feature
priority/important-longterm
author-last
commented
recv
7510 Key Size for Acme Account Key
1y 6wk 1y
kind/feature
lifecycle/rotten
contributor-last
pr-new-commits
recv
7492 `UseCertificateRequestBasicConstraints` should probably add `Critical` for `isCA` 1y 5mo 11mo
lifecycle/frozen
commented
contributor-last
recv
7486 `"Unhandled Error" err="ingress '...' in work queue no longer exists"` should be handled (clean up dangling `Certificate`)
6
 1y 5mo 1y
lifecycle/frozen
kind/bug
contributor-last
recv
recv-q
7476 [Helm Chart] - Wrong handling of image registry and repository
4
 1y 5wk 4mo
kind/bug
commented
pr-closed
send
7473 Create certificate based on HTTPRoute configuration
63
7
98
 1y 14d 14d
kind/feature
assigned
assignee-updated
commented
pr-closed
pr-merged
send
7438 certificate not updated after enabling SSA 1y 4mo 1y
kind/bug
author-last
recv
7422 Please provide standalone helm chart for CRDs
20
 1y 6wk 1y
kind/feature
lifecycle/stale
contributor-last
recv
7388 Kid missing in the new order request
2
 2y 5mo 2y
kind/bug
pr-unreviewed
recv
recv-q
7311 helm schema validation should validate `featureGates`
2y 3mo 10mo
lifecycle/frozen
kind/feature
priority/backlog
commented
contributor-last
recv
7288 Missing UID in webhook challenge request 2y 2mo 2y
kind/bug
priority/backlog
lifecycle/rotten
contributor-last
recv
7234 AWS Route53: Stale/Stuck Challenges should be deleted after a given timeout
4
 2y 4mo 2y
kind/bug
priority/important-soon
assigned
assignee-updated
commented
contributor-last
pr-closed
pr-merged
pr-reviewed-with-comment
recv
recv-q
6969 Should upgrade status managed fields from CSA to SSA when ServerSideApply feature gate enabled 2y 2y 2y
lifecycle/frozen
kind/bug
priority/important-longterm
commented
contributor-last
send
6890 Allow client-side rate-limiting to be disabled 2y 16d 16d
kind/feature
priority/backlog
lifecycle/rotten
area/deploy
assigned
assignee-updated
commented
contributor-last
recv-q
send
6820 Ongoing dependency evaluation
2y 2y 2y
lifecycle/frozen
priority/important-longterm
contributor-last
recv
6799 ACME challenges stopped working after 1.13/1.14 update
2y 6wk 2y
priority/critical-urgent
lifecycle/rotten
commented
contributor-last
recv
recv-q
6741 ACME account private key and URI are not updated if the path of the ACME server is changed
7
 2y 4mo 2y
lifecycle/frozen
kind/bug
priority/important-soon
pr-unreviewed
recv
6716 leader election namespace should default to `.Release.Namespace`, not `kube-system`
3
41
 2y 5wk 2y
lifecycle/frozen
kind/bug
triage/not-reproducible
commented
pr-closed
pr-unreviewed
recv-q
send
6709 1.14 Release Review
3
 2y 2y 2y
lifecycle/frozen
priority/important-soon
commented
contributor-last
send
6662 support overriding of ttl in cloudflare
2
 2y 4mo 2y
kind/feature
priority/backlog
author-last
commented
recv
6622 `make update-licenses` is non-deterministic.
2y 6wk 10mo
kind/bug
lifecycle/rotten
commented
contributor-last
pr-merged
pr-unreviewed
6472 Create TLSA records automatically
15
 2y 2mo 2y
kind/feature
priority/backlog
contributor-last
recv
6470 ingress-shim: allow to impersonate ingress-creator instead of using cert-manager serviceaccount
2
 2y 2y 2y
lifecycle/frozen
kind/feature
priority/backlog
commented
contributor-last
send
6331 CSR not signed by referenced private key
10
 2y 4mo 2y
lifecycle/frozen
kind/bug
priority/important-soon
commented
contributor-last
recv-q
send
6230 DigitalOcean: cert-manager DDoSes DNS-01 solver - infinite rate limiting
6
 2y 4mo 5mo
lifecycle/frozen
kind/bug
priority/critical-urgent
area/acme/dns01
commented
member-last
pr-closed
pr-merged
send
6224 Option to store certificate history in individual secrets
2
 2y 5wk 7mo
kind/feature
lifecycle/stale
commented
contributor-last
recv-q
send
6210 Flag to write/sync secrets to a namespace other than the namespace where the Certificate object is created
6
 2y 3mo 2y
kind/feature
priority/backlog
commented
send
6179 CRDs shouldn't be templated in Helm
5
2
30
 2y 4wk 7mo
priority/backlog
lifecycle/stale
commented
recv-q
send
7890 Cluster issuer for HTTP-01 gatewayHTTPRoute should not require a gateway parentRef
26
 8mo 9d 3wk
kind/feature
priority/awaiting-more-evidence
area/acme/http01
assigned
assignee-updated
commented
pr-merged
send
6051 Detecting Gateway hostnames based on attached HTTPRoutes
7
32
 2y 8mo 9mo
lifecycle/frozen
kind/feature
priority/important-longterm
commented
pr-merged
send
similar
6010 Support the ACME Renewal Information (ARI) extension
2
16
 3y 19d 10mo
kind/feature
commented
pr-new-commits
recv
recv-q
8319 Improve cert-manager's event handler to allow us to selectively skip some reconciliations 4mo 4mo
cybr
8479 Subject Key Identifier (SKI) missing on issued certificates by self-signed CA 2mo 2mo 2mo
kind/feature
pr-new-commits
recv
5959 `ImagePullBackoff` on `cm-acme-http-solver` pod, if using private registries
23
 3y 4mo 2y
lifecycle/frozen
kind/bug
priority/important-longterm
commented
contributor-last
recv-q
send
7826 If issuer is incorrect, it is still shown as READY 10mo 5mo 10mo
kind/bug
priority/important-longterm
assigned
assignee-updated
author-last
pr-new-commits
recv
recv-q
5751 Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together
3y 5mo 3y
lifecycle/frozen
kind/bug
priority/important-soon
author-last
pr-closed
pr-unreviewed
recv
recv-q
5540 Changelog annotations to chart
3y 2mo 3y
kind/feature
priority/backlog
author-last
recv
5298 Complete the Migration Away From Jetstack Names 3y 2y 2y
lifecycle/frozen
kind/cleanup
priority/important-soon
commented
member-last
send
5101 No backoff/delay when failing to create challenge solver pods
9
 4y 4mo 4mo
kind/bug
priority/important-longterm
triage/needs-information
commented
member-last
pr-unreviewed
send
5048 certificate not renewed for ingress with multiple hosts and http01-edit-in-place
4
 4y 10d 4y
kind/bug
priority/backlog
lifecycle/rotten
commented
recv
recv-q
4950 General flakiness of our end-to-end suite
3
 4y 2y 3y
lifecycle/frozen
priority/important-longterm
kind/flake
commented
member-last
pr-closed
pr-merged
send
4749 rfc2136 seems to not work with deep subdomains
4y 5mo 4y
kind/bug
area/acme/dns01
recv
recv-q
4685 Unexpected EOF during watch stream event decoding: unexpected EOF -- possibly due to api server upgrades / restarts
12
 4y 6mo 6mo
lifecycle/frozen
kind/bug
priority/important-longterm
commented
contributor-last
recv
4191 Setting default values for Pod's "resources"?
7
 4y 2y 2y
lifecycle/frozen
priority/important-longterm
commented
contributor-last
recv-q
send
3992 Add non-CRD yaml file
4
 5y 5mo 2y
priority/important-soon
area/deploy
author-last
commented
recv
3706 renewal-hooks
4
21
 5y 2mo 2mo
kind/feature
priority/important-longterm
lifecycle/rotten
commented
contributor-last
recv-q
send
3521 Integration with ExternalDNS
4
52
 5y 7mo 1y
help wanted
lifecycle/frozen
kind/feature
priority/important-longterm
commented
recv-q
3381 Setup separate package for cert-manager API
5
 5y 1y 1y
lifecycle/frozen
kind/feature
priority/important-soon
assigned
assignee-updated
commented
member-last
send
3298 Let's encrypt certificate caching to mitigate rate limits problems
3
5
24
 5y 5mo 2y
help wanted
kind/feature
priority/backlog
commented
send
3103 Adding probes to the cert-manager pods
10
 5y 2mo 2mo
good first issue
help wanted
kind/feature
priority/important-longterm
area/deploy
commented
member-last
pr-closed
send
2930 Mirror to gcr.io or dockerhub
2
29
 6y 1y 1y
lifecycle/frozen
kind/feature
priority/important-soon
area/deploy
assigned
assignee-updated
commented
contributor-last
send
2820 Add ability to set `pathlen:0` for CA certs in `X509v3 Basic Constraints`
6y 4wk 4wk
area/api
good first issue
kind/feature
priority/important-longterm
assigned
assignee-updated
commented
pr-closed
pr-merged
recv-q
send
5917 Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated
43
 3y 17d 3y
kind/bug
priority/important-longterm
assigned
assignee-updated
recv
recv-q
5864 Certmgr allows creating certificates expiring after ca expiration.
4
33
 3y 6mo 11mo
lifecycle/frozen
kind/bug
cybr
commented
pr-new-commits
recv-q
send
7822 Tracking: Kubernetes Gateway API follow up tasks
5
 10mo 4mo 4mo
commented
member-last
pr-merged
send
2538 cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer
74
 6y 2y 2y
area/api
help wanted
lifecycle/frozen
kind/feature
priority/backlog
commented
send
5861 cert manager API showing error - "x509: certificate has expired or is not yet valid"
3
 3y 3mo 4mo
good first issue
lifecycle/frozen
priority/important-longterm
assigned
assignee-updated
commented
contributor-last
pr-unreviewed
send
similar
5867 Controller can't handle hitting request rate limits of zerossl ACME API
7
12
31
 3y 1y 2y
lifecycle/frozen
kind/bug
priority/important-soon
commented
pr-closed
pr-merged
recv-q
send
2178 Handling 'unregistering' certificates from Venafi TPP
22
 6y 2y 2y
lifecycle/frozen
kind/feature
priority/important-longterm
area/venafi
commented
member-last
send
2334 Add network policy allowance into documentation
2
24
 6y 12d 2y
good first issue
help wanted
kind/documentation
priority/backlog
area/deploy
commented
pr-merged
send
1292 Allowing skipping HTTP01 and DNS01 self-check on a per-solver basis
18
4
233
 7y 3wk 4y
area/api
help wanted
kind/feature
priority/important-longterm
area/acme
commented
pr-closed
recv-q
send
2525 Better support multi-namespace & single-namespace deployments
27
 6y 11mo 2y
lifecycle/frozen
kind/feature
priority/important-longterm
area/deploy
commented
contributor-last
pr-closed
send
similar
2478 Allow CA issuer secret rotation
2
71
 6y 4mo 1y
kind/feature
priority/important-longterm
area/ca
commented
contributor-last
recv
2239 Create a CertificatePreset resource type to allow configurable defaulting
2
4
105
 6y 3wk 10mo
area/api
kind/feature
priority/backlog
priority/important-soon
commented
pr-closed
pr-unreviewed
send
2061 Tutorial: `cert-manager` on Google Kubernetes Engine - Remove Google Domains 5d 5d 5d
author-last
pr-unreviewed
recv
2019 Add ENISA NIS2 reference to best practice intro 3wk 3wk 3wk
recv
2010 The flag description "Enable client cert authenticate of apiserver to webhooks." is ungrammatical/unclear 5wk 5wk
2009 The flag description "Enable client cert authenticate of apiserver to webhooks." is ungrammatical/unclear 5wk 5wk
1935 add third party cert-manager-webhook-infomaniak 2mo 2mo 2mo
recv
1926 Change the Cert Manager Webhook DNS01 of Hetzner Cloud
2mo 2mo 2mo
author-last
pr-closed
recv
1874 Dependency Dashboard 4mo 27min 4mo
recv
1806 Tutorial depends on no longer available image of kuard
4
 6mo 6mo 6mo
recv
1802 Invalid certificate 6mo 6mo 6mo
recv
1715 The ingress annotation `cert-manager.io/secret-template` is not documented
2
 10mo 10mo
contributor-last
similar
1643 Let's Encrypt Ending Support for Notification Emails 1y 8mo 1y
recv
1625 Configuration issue potentially leading to a memory leak 1y 1y 1y
recv
1623 Claim about v1beta1/v1alpha2 support for gateway api is misleading 1y 1y 1y
recv
1620 Cert Manager allows the creation of Illegal wilcard SANs 1y 1y 1y
recv
1608 Renaming Securing NGINX-ingress to ingress-nginx 1y 1y 1y
recv
1596 Wrong key for cloudflare secret ref in DNS Validation tutorial page 1y 1y 1y
recv
1585 Broken install instructions due wrong cert_manager_latest_version - v1.16.1 2y 2y 2y
recv
1549 Brand guideline page 2y 2y 2y
priority/backlog
contributor-last
recv
1546 Self upgrade PRs don't run checks
2y 6mo 2y
cybr
commented
member-last
1490 GKE tutorial falsely claims it's possible to create LE certificate without domain (only IP) 2y 2y 2y
author-last
recv
1473 Add ArtifactHub packages to website 2y 2y 2y
priority/backlog
recv
1586 Now that cert-manager 1.16 has been released, `--set config.enableGatewayAPI=true` is now the recommended approach for projects that show instructions on how to enable cert-manager's gateway API support, especially on visible projects like Cilium:
2y 2y
pr-merged
1425 The `issuer.vault.spec.caBundleSecretRef` docs are missing 2y 2y
priority/important-soon
1194 Confusing paragraph - cert-manager integration.
3y 12d 2y
documentation
priority/important-longterm
commented
contributor-last
pr-merged
send
1186 Document that/why we don't use Helm's CRD installation mechanism 3y 2y 2y
good first issue
priority/important-longterm
kind/documentation
assigned
assignee-updated
commented
member-last
send
1174 Document the docker images and how to find them
3y 12d 3y
good first issue
priority/important-soon
kind/documentation
commented
contributor-last
pr-reviewed-with-comment
send
1101 Feature request for updating documentation. 3y 2y 2y
priority/backlog
commented
member-last
send
975 Some pages do not make it clear what the user should read next 4y 2y
priority/important-longterm
955 Document when the vault pki role required setting `require_cn=false`
2
 4y 2y
priority/important-soon
944 Document how to install cert-manager in a different namespace
4
 4y 2y 4y
good first issue
recv
recv-q
850 Document available cert-manager Prometheus metrics
4y 3y 4y
documentation
good first issue
priority/important-longterm
recv
recv-q
1063 "Securing Ingresses with Venafi" tutorial contains link to missing manifest
3y 2y 3y
priority/important-longterm
author-last
pr-merged
recv
802 Spelling errors are unclear in pull request CI results and spell checker is unmaintained
4y 2y
kind/bug
priority/important-soon
contributor-last
pr-merged
697 [IRSA] Needs `runAsUser: 1001`
4y 2y 2y
commented
member-last
pr-merged
send
484 Please add anchor tags to your subheadings
5y 5y 5y
priority/backlog
kind/documentation
commented
contributor-last
pr-merged
recv
401 Bring tutorials up to date 5y 3y 3y
priority/important-longterm
commented
member-last
send
354 DigitalOcean access-token should not be base64-encoded 5y 5y 5y
priority/awaiting-more-evidence
author-last
recv
recv-q
414 Explain cert-manager repo structure
2
 5y 5y 5y
priority/backlog
kind/documentation
assigned
assignee-updated
commented
member-last
pr-closed
pr-merged
send
320 Document how to install cert-manager using gitops and known issues with particular gitops implementations
5
 5y 2y 5y
documentation
help wanted
priority/backlog
commented
pr-merged
recv-q
237 docs for ACMEChallengeSolverHTTP01Ingress doesn't specify what `class` values are available
5y 5y 5y
priority/backlog
kind/documentation
contributor-last
pr-closed
recv
228 Documentation needs correction for external-account-bindings
5y 1y 5y
good first issue
priority/backlog
kind/documentation
contributor-last
pr-merged
recv
234 Backup and Restore Resources
3
 5y 5y 5y
priority/backlog
kind/documentation
commented
member-last
pr-merged
send
223 Document wildcard certificate tutorial 6y 5y 6y
priority/important-longterm
kind/documentation
commented
contributor-last
send
195 Document keystores 6y 3y 5y
priority/important-soon
kind/documentation
commented
contributor-last
send
174 Add documentation for CRD conversion webhook ca injection 6y 5y 5y
help wanted
priority/important-soon
kind/documentation
commented
member-last
send
155 Add 'unreleased version' & 'old version' warning banner to non-latest versions of docs 6y 5y 6y
kind/feature
priority/backlog
commented
contributor-last
130 FAQ: How does cert-manager handle ingresses with valid TLS secrets? 6y 5y 6y
help wanted
priority/backlog
kind/documentation
contributor-last
recv
76 Upgrading from v0.10 to v0.11 - missing cainjector annotation 6y 5y 6y
priority/backlog
kind/documentation
contributor-last
recv
1262 v1.9 to v1.10 upgrade instructions does not mention container name change
2y 1y 2y
priority/backlog
assigned
assignee-updated
commented
member-last
send
197 Document ACME account mismatch 6y 1y 6y
good first issue
priority/backlog
kind/documentation
pr-unreviewed
recv
recv-q
209 Dependency Dashboard
4mo 22h 4mo
pr-merged
recv
2 Set up periodic job to publish an experimental release build
6y 5y
priority/backlog
assigned
contributor-last
687 Dependency Dashboard 4mo 29min 4mo
recv
501 Error logs not very helpful
2
 1y 1y 1y
recv
431 istio-csr pod healthz check fails for long time in v0.11.0 and v0.12.0 1y 1y 1y
recv
recv-q
287 Getting Readiness probe failed when using cert-manager-istio-csr 2y 2y 2y
author-last
recv
recv-q
similar
283 Document / improve that sometimes the issuer needs to set `ca.crt`
2y 2y
244 Populate Subject Fields in Certificate
2y 2y 2y
recv
223 False positive warnings from trivy and dependabot
7
 2y 2y
176 certificateDuration is not used for the Istio CSR generated certificate requests
3y 8mo 3y
pr-closed
recv
recv-q
153 It is possible to have several CAs within the same cluster.
3
 4y 1y 2y
commented
send
137 Documentation on rotating the root certificate
2
 4y 11mo 4y
recv
recv-q
130 Document best-practices for minimal vault role configuration for istio-csr 4y 2y 4y
recv
recv-q
84 csr readiness probe failed, istio ingress pod also failed
2
 4y 2y 4y
support
recv
recv-q
similar
113 Integrating with istio helm chart installs
15
 4y 2y 4y
recv
recv-q
803 Request to build images for main
2mo 2wk 2wk
commented
member-last
send
782 Ensuring approver-policy is ready to accept CRDs after install 3mo 3mo
good first issue
similar
869 [Feature Request] Support Annotations in Approval Policies 16d 15d 15d
author-last
commented
pr-reviewed-with-comment
recv
recv-q
761 Dependency Dashboard 4mo 2d 4mo
recv
667 Cannot create secret cert-manager-approver-policy-tls 8mo 8mo 8mo
commented
contributor-last
recv
similar
559 Flakey Tests in pull-cert-manager-approver-policy-test 1y 1y
similar
466 Document How to Configure Common Scenarios 2y 2y 2y
recv
452 CRDs in the Release files
3
 2y 2y 2y
recv
394 Limit number of SANs by policy
2y 2y 2y
commented
member-last
send
288 Feature: Take control of approval for the whole cluster
2
 2y 2y 2y
commented
member-last
216 Simplify configuration by creating RBAC by default
2
 3y 1y 1y
help wanted
commented
contributor-last
pr-merged
pr-unreviewed
recv-q
send
203 Improve CRD fields for specifying key requirements
3
 3y 1y 1y
commented
member-last
send
169 Webhook Custom CA 3y 11mo 11mo
help wanted
commented
contributor-last
recv-q
send
638 Approver cannot find applicable policy 11mo 19d 19d
commented
member-last
send
908 v0.22.0: image template does not work when installing trust-manager and cert-manager from one umbrella chart
4
 5wk 5wk 5wk
recv
913 Feature Request: Allow files as a source. 4wk 4wk 4wk
recv
886 Allow creating `ClusterRole` aggregations 2mo 2mo 2mo
kind/feature
recv
881 Helm install fails when extraObjects contains Bundles 2mo 2mo 2mo
recv
848 Request for cryptographic mechanisms used in cert-manager-trust-manager 2mo 2mo 2mo
recv
841 Does trust-manager require cluster level permissions to read secrets?
3mo 19d 19d
commented
member-last
send
892 Eliminate the duplicate code for managing default trust bundle images
7wk 7wk
assigned
assignee-updated
pr-closed
837 Ensuring trust-manager is ready to accept CRDs after install 3mo 3mo
good first issue
pr-unreviewed
similar
815 Support Debian Trixie for trust packages 4mo 4mo
cybr
835 Helm Chart cannot set securityContext 3mo 3mo 3mo
recv
800 When creating a trust bundle with additionalFormats/pkcs12, no pkcs12 is produced
4mo 7wk 7wk
commented
send
805 Dependency Dashboard 4mo 2d 4mo
recv
778 Add option to use a specific issuer in the helm chart 6mo 6mo 6mo
recv
750 Feat: Emit Events on the controller Pod instead of cluster-scoped Bundle 7mo 3wk 6mo
lifecycle/stale
commented
contributor-last
recv
742 Add option to disable webhook in Helm chart 7mo 4mo 7mo
kind/feature
author-last
commented
recv
741 Using an Image Volume to deploy certifiats
7mo 4wk 7mo
lifecycle/stale
commented
contributor-last
send
650 Pod goes out of readiness 9mo 14d 9mo
lifecycle/rotten
contributor-last
recv
629 The crds is not installed automatically when trust-manager is a sub-chart 11mo 13d 11mo
lifecycle/rotten
contributor-last
recv
recv-q
761 Feat: Add a namespaced trust bundle CRD alongside the cluster-scoped Bundle 6mo 4mo 6mo
commented
contributor-last
recv
recv-q
592 Feature: ClusterTrustBundle as Sources
1y 5mo 5mo
commented
member-last
send
similar
588 Add ability to monitor validity period for CAs in bundle
5
 1y 6wk 3mo
kind/feature
help wanted
assigned
assignee-updated
commented
pr-new-commits
send
560 Support rotated certificate sources
38
 1y 3mo 1y
commented
recv
recv-q
similar
301 Add support for kubectl installation
2y 1y 2y
lifecycle/frozen
author-last
commented
open-milestone
recv
recv-q
similar
297 Allow all resources to be namespaced
7
 2y 4wk 7mo
priority/backlog
lifecycle/stale
commented
contributor-last
send
245 Split Bundle controller into multiple controllers
2y 1y 1y
lifecycle/frozen
commented
member-last
pr-merged
send
243 More flexible and better organized target specification in API
5
 2y 3mo 5mo
lifecycle/frozen
commented
pr-merged
222 [Feature] - Ability to inject a CA cert into a cert-manager managed secret resource
16
 2y 6wk 7mo
lifecycle/stale
commented
contributor-last
pr-merged
send
205 Allow to select multiple "trust" namespaces
48
 2y 2mo 9mo
commented
send
142 expose bundles CRD as release artifact
2
12
 2y 4d 8mo
help wanted
lifecycle/stale
author-last
commented
recv
recv-q
131 Feature: per namespace trust bundle
8
 2y 6mo 9mo
lifecycle/frozen
commented
send
99 Allow removing Bundles whilst keeping the synced CA certs
5
 3y 11mo 11mo
lifecycle/frozen
commented
member-last
pr-unreviewed
242 New version of Bundle API
2
4
 2y 1y 1y
lifecycle/frozen
commented
pr-closed
pr-merged
60 overriding trusted namespace
10
18
 3y 6wk 1y
commented
recv-q
send
591 Feature: ClusterTrustBundle as Target
12
 1y 5mo 5mo
commented
member-last
pr-merged
send
similar
33 Support CRDs as target
5
 3y 8d 9mo
lifecycle/rotten
priority/backlog
commented
contributor-last
send
4 Feature: By default, require only self-signed certificates in a bundle
4y 16d 9mo
kind/feature
help wanted
good first issue
lifecycle/rotten
commented
contributor-last
send
39 Don't sync targets to all namespaces by default
8
 3y 11mo 11mo
lifecycle/frozen
commented
member-last
open-milestone
pr-merged
send
63 nit: Rename "Bundle" to "ClusterBundle"
18
 3y 9mo 9mo
lifecycle/frozen
commented
member-last
open-milestone
pr-merged
send
58 Support injection pem into an existing configmap
8
 3y 11mo 11mo
priority/important-longterm
lifecycle/frozen
assigned
assignee-updated
commented
member-last
pr-closed
pr-merged
pr-unreviewed
send
279 Persisting identifiers for retry calls to Sign() 8mo 2mo 2mo
commented
member-last
send
231 ### Question about Configuring Retries in cert-manager 1y 2mo 2mo
commented
member-last
send
204 clarify SetCAOnCertificateRequest deprecation status 1y 10mo 10mo
commented
member-last
send
362 Dependency Dashboard 4mo 1d 4mo
recv
583 Security Posture improvements 7wk 6wk 7wk
recv
recv-q
530 Dependency Dashboard 4mo 2d 4mo
recv
613 Support POD_HOSTNAME as a variable 15d 15d 15d
recv
521 RFC: Cert-Manager CSI Driver as Secret Store Provider
4mo 4mo 4mo
recv
385 Helm Install of cert-manager-csi-driver Fails on Minikube with /dev/bus/usb Errors 1y 1y 1y
author-last
recv
383 [Feature Request] Adding attributes that available in Certificate CRD to CSI Driver
6
 1y 1y 1y
recv
353 mismatch between the key and the certificate signature algorithm
1y 1y 1y
recv
267 Does cert-manager-csi-driver support AWS EKS with AWS Fargate nodes? 2y 2y 2y
recv
264 Certificate renewal doesn't change file 'modified date'
2y 2y 2y
recv
256 Broken comma-separated splitting logic 2y 2y
171 E2E Test Cleanup 2y 2y 2y
good first issue
commented
member-last
241 Missing cert-manager.io/revision-history-limit volume attributes for CSI-Driver
6
 2y 2y 2y
recv
130 JKS support
6
 3y 2y 3y
recv
recv-q
45 Unable to mount and read only file error
5
 4y 2y 2y
priority/awaiting-more-evidence
commented
send
17 ability to specify pod IP in volume attributes
8
 6y 1y 5y
commented
recv
recv-q
132 Investigate test timeouts 2y 2y
priority/backlog
129 Increase e2e test timeouts 2y 2y
priority/important-longterm
411 Dependency Dashboard 4mo 1d 4mo
recv
41 The default `csiDataDir` value might collide with csi-driver
2y 6mo
contributor-last
pr-merged
recv-q
295 Dependency Dashboard 4mo 1d 4mo
recv
204 Support for creating certificate for wildcard route 9mo 4mo 9mo
recv
similar
306 [FEATURE]Enable setting private key encoding via annotation 4mo 4mo 4mo
kind/feature
author-last
pr-reviewed-with-comment
recv
174 Standby Replicas without lease use lots of CPU 1y 1y 1y
recv
116 Release static manifests (no helm) for v0.6.0-alpha.0+
2
 1y 1y 1y
recv
58 certificate cannot be renewed, error message: "key does not match certificate"
4
 2y 2y 2y
recv
recv-q
56 Support for destinationCaCertificate / Reencrypt Routes
2
 2y 2y 2y
recv
similar
38 Route with cert-manager annotations is not created
4
 2y 10mo 2y
commented
send
54 Same certificate in path based Routes
3
 2y 1y 2y
pr-closed
recv
70 OLM deployment with ArgoCD is OutOfSync
3y 3y 3y
commented
send
46 Cert-manager operator fails to issue certificates 4y 4y 4y
recv
22 Customize the deployment of cert-manager installed via OLM
5
6
 5y 2y 3y
commented
recv
recv-q
17 Operator prevents passing extraArgs helm value
7
 5y 3y 5y
recv
recv-q
3 Restrict operator RBAC permissions
6y 2y 6y
priority/backlog
pr-merged
recv
144 Dependency Dashboard 4mo 3d 4mo
recv
74 Consistency issues due to the use of mount binds 1y 1y 1y
author-last
commented
recv
recv-q
40 Optional auto rotating/renewing certificates 3y 2y 3y
contributor-last
recv
recv-q
similar
33 Create e2e test to validate CertificateRequest garbage collection 3y 2y 2y
priority/backlog
assigned
commented
member-last
send
15 Allow data-root to be an absolute path 4y 3y
kind/bug
triage/needs-information
contributor-last
pr-reviewed-with-comment
100 Dependency Dashboard 4mo 23h 4mo
recv
63 Is it possible to only create Issuer and remove the CluserIssuer 10mo 10mo 10mo
recv
62 Limit the controller-manager to access secrets only from specific namespace 10mo 10mo 10mo
recv
56 Struggling to get controller running in local KIND cluster
1y 11mo 11mo
commented
member-last
send
442 inspect secret: response body not closed on error path during CRL check 4wk 3wk
kind/bug
good first issue
help wanted
pr-unreviewed
recv-q
361 Dependency Dashboard 4mo 2d 4mo
recv
127 cmctl version reports only the old CRD version if I upgrade cert-manager without including the CRDs 2y 2y
priority/important-soon
122 asdf cmctl installer issues
2
 2y 2y 2y
author-last
commented
recv
83 As cmctl user, I want to use different kubectl context on command line ( --context='kubectl-context-abc' )
4
 2y 2y 2y
priority/important-longterm
recv
65 Dependency Dashboard 4mo 4d 4mo
recv
59 Process regarding worrying emails sent to the maintainers mailing list
7mo 7mo 7mo
commented
member-last
1125 Dependency Dashboard 4mo 29min 4mo
recv
690 Clean up Presets
3y 2y 3y
priority/backlog
pr-merged
recv
594 Document infra image bumps and versioning 4y 2y 4y
priority/backlog
recv
81 Configuring Peribolos for Github org management 7y 2y 2y
priority/backlog
commented
member-last
send
487 Dependency Dashboard 4mo 31min 4mo
recv
481 Embed go version in `go install` binaries in cache 4mo 4mo
451 Re-enable testing with specific kubernetes versions in subprojects 6mo 6mo 6mo
cybr
commented
member-last
send
295 `make generate-golangci-lint-config` clobbers local exclusions added to the local config. 10mo 10mo
202 Makefile Modules, Go Versions and Vendoring
2y 2y 2y
commented
contributor-last
154 Publish SBOMs 2y 2y 2y
kind/feature
good first issue
commented
member-last
send
98 Document new release process for all repos 2y 2y
priority/important-longterm
assigned
3 Migrating all cert-manager projects to "Makefile modules" 2y 4mo 10mo
priority/backlog
commented
member-last
202 Dependency Dashboard 4mo 1d 4mo
recv
26 helm-tool inject adds trailing white space to the generated markdown 2y 2y
kind/bug
25 helm-tool inject sometimes omits the context (prefix) of commented out values in the generated markdown 2y 2y
kind/bug
contributor-last
64 Open Standup: Updating an event didn't send new invitations to already registered people
4mo 4mo 4mo
commented
member-last
send
63 CNCF-paid GitHub Actions runners 5mo 4mo 4mo
commented
member-last
62 Lazy vote: Enhancing the triaging process 5mo 5mo
60 Lazy vote: Zoom for standup meetings to be able to add the standups to the LFX calendar
5mo 5mo 5mo
commented
member-last
43 Allow non-Venafi employee maintainers full release capabilities
3
 1y 4mo 4mo
priority/backlog
assigned
assignee-updated
commented
member-last
35 Post-Graduation Suggestion Tracker
2y 2y 2y
commented
member-last
pr-merged
92 Dependency Dashboard 4mo 23h 4mo
recv
81 How to enable leader election in the webhook? 1y 1y 1y
recv
80 How to deal with K8s timelimit in 30s ? 1y 1y 1y
recv
74 Why cert-manager looks for a CNAME record instead of a TXT record? 2y 2y 2y
recv
72 readyz and healthz api 2y 2y 2y
recv
46 Code reference a pull request to be merged, but the pull request was closed by a robot 3y 2mo 3y
recv
38 Set repository to be a GitHub template repository
4y 2y 4y
priority/important-longterm
recv
37 Add logging example
4y 2y 4y
pr-closed
recv
27 failed with: OpenAPI spec does not exist
2
6
 4y 2y 2y
priority/critical-urgent
commented
pr-closed
pr-unreviewed
send
3 Make unit testing easier/make examples work
7y 2y 4y
priority/important-longterm
commented
member-last
pr-closed
send
2 Set up basic e2e test that deploys the webhook and ensures we can POST a challenge
7y 6mo
contributor-last
pr-closed
recv-q
24 Dependency Dashboard 4mo 5d 4mo
recv
8 Find solution for automatically disabled GitHub Actions 2y 2y
22 Dependency Dashboard 4mo 12h 4mo
recv
18 Feature: Git bundles? 1y 1y
7 Dependency Dashboard 4mo 2mo 4mo
recv
375 Dependency Dashboard 4mo 23h 4mo
recv
361 [Helm] allow `enabled` as key in values schema 5mo 5mo 5mo
recv
197 Kubectl One-line Installation Support 2y 2y 2y
commented
member-last
send
similar
162 Issue: Broken config when using commonLabels 2y 2y 2y
recv
148 Certificate chain is not split correctly
5
 2y 2y 2y
author-last
pr-reviewed-with-comment
recv
recv-q
133 Allow to use a custom Service Account
5
 2y 2y 2y
pr-unreviewed
recv
102 certificate renewal does not work in due to auth issue to privatecaapi end point 3y 1y 3y
recv
53 Support crlDistributionPoints & ocspServers 4y 4y 4y
triage/support
commented
send
28 Certificate revocation from CAS Console 5y 5y 5y
triage/support
commented
member-last
send
similar
Triage Party v1.4.0