generic Quarterly Scrub :: Triage Party

Once every quarter, look for stale issues, reprioritize, and de-duplicate.

Issues nearing expiration (23)

Resolution: Close or label as frozen

Average age: 391.2d, Avg wait: 167.3d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
7610		Expose MaxFailures as a helm paramater for FileCertificateSource			3mo	8d	3mo		kind/feature lifecycle/stale	contributor-last recv
7590		Allow issuer fallback			3mo	18d	3mo		lifecycle/stale	contributor-last recv
7587		Spaceship support			3mo	2wk	3mo		lifecycle/stale	contributor-last recv recv-q
7585		Continuous access token requests when using Venafi TPP password/username authentication			3mo	3wk	3mo		kind/bug lifecycle/stale	contributor-last recv
7581		Cert-manager is no longer triggered when multiple tls.hosts exists without secretName.			3mo	3wk	3mo		kind/bug lifecycle/stale	contributor-last recv
7580		CNameStrategy Follow not working with Cloudflare			3mo	2wk	3mo		lifecycle/stale	contributor-last recv
7586		BookMyName support			3mo	2wk	3mo		lifecycle/stale	contributor-last recv recv-q
7463		Set "ownerReference" for generated Secret via Go-SDK			6mo	16d	6mo		lifecycle/stale	contributor-last recv recv-q
7385		Failed calling webhook "webhook.cert-manager.io": Forbidden			7mo	4d	7mo		kind/bug lifecycle/stale	contributor-last recv recv-q
7311		helm schema validation should validate `featureGates`			8mo	1d	8mo		kind/feature priority/backlog lifecycle/stale	contributor-last recv recv-q
7301		Metrics for updated / patched certificates should be cleaned			8mo	4d	8mo		kind/bug priority/awaiting-more-evidence lifecycle/stale	contributor-last recv recv-q
7578		cert-manager should not use domains it doesn't control			3mo	3wk	3mo		lifecycle/stale	contributor-last pr-unreviewed recv
7156		Consider exposing previous certificates/keys in the kubernetes secret so that workloads can implement a grace period when a certificate rotates		8	11mo	3wk	11mo		kind/feature priority/backlog lifecycle/stale	contributor-last recv
7002		Confusing messaging when certificate secret name already exist			1y	6h	3mo		good first issue help wanted kind/bug priority/backlog lifecycle/stale	assigned assignee-updated commented contributor-last recv-q send
7012		Feature Request: Add support to set future date as notBefore when requesting for certificate PR#7289: Design proposal for delayed certificate activation commented			1y	3d	9mo		kind/feature priority/backlog lifecycle/stale	commented contributor-last pr-reviewed-with-comment recv
6229		Race condition when two identical certificate requests are made from different clusters		7	2y	2wk	2y		help wanted kind/bug priority/important-longterm lifecycle/stale area/acme/dns01	contributor-last pr-merged recv recv-q
6051		Detecting Gateway hostnames based on attached HTTPRoutes		3 24	2y	2d	2y		kind/feature priority/important-longterm lifecycle/stale	pr-merged recv recv-q
6179		CRDs shouldn't be templated in Helm		5 28	2y	3wk	2y		priority/backlog lifecycle/stale	commented contributor-last recv recv-q
2722		Inject CA certificate into Secrets with cainjector		26	5y	19d	3y		kind/feature priority/awaiting-more-evidence lifecycle/stale	commented contributor-last recv-q send
7614		Lower the minimum certificate duration from 1 hour to 5 minutes			3mo	8d	3mo		release-note size/S area/api kind/feature needs-ok-to-test lifecycle/stale dco-signoff: yes	contributor-last recv recv-q unreviewed
7608		WIP: certificate based on HTTPRoute design document			3mo	10d	3mo		size/L release-note-none do-not-merge/work-in-progress kind/design needs-ok-to-test lifecycle/stale dco-signoff: yes	contributor-last draft recv recv-q unreviewed
131		Feature: per namespace trust bundle		4	2y	9d	2y		lifecycle/stale	contributor-last recv recv-q
63		nit: Rename "Bundle" to "ClusterBundle"		15	2y	3wk	2y		lifecycle/stale	commented contributor-last open-milestone pr-merged send

Features that deserve a follow-up comment (1)

Resolution: Comment or close the issue

Average age: 1484.7d, Avg wait: 1484.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
492		Onboard with CertManager prow cluster for running CI tests for jniebuhr/aws-pca-issuer		2	4y	4y	4y		kind/feature	recv

Features that have not been commented on within 90 days (9)

Resolution: Comment or close the issue

Average age: 1486.2d, Avg wait: 164.9d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
4349		allowing greater configuration for the cloud provider tests			3y	3y	3y		lifecycle/frozen kind/feature	commented contributor-last send
6470		ingress-shim: allow to impersonate ingress-creator instead of using cert-manager serviceaccount			2y	8mo	11mo		lifecycle/frozen kind/feature priority/backlog	commented contributor-last send
2930		Mirror to gcr.io or dockerhub		2 28	5y	3mo	1y		lifecycle/frozen kind/feature priority/important-soon area/deploy	assigned assignee-updated commented contributor-last send
3381		Setup separate package for cert-manager API		5	4y	5mo	9mo		lifecycle/frozen kind/feature priority/important-soon	assigned assignee-updated commented contributor-last send
2178		Handling 'unregistering' certificates from Venafi TPP		22	5y	1y	1y		lifecycle/frozen kind/feature priority/important-longterm area/venafi	commented member-last send
2538		cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer Similar: #6184: Conflicting ingressClassName http01 issuer spec and acme.cert-manager.io/http01-ingress-class annotation (open) Similar: #66: ClusterIssuer not responding to ingress annotations (open)		75	5y	10mo	2y		area/api help wanted lifecycle/frozen kind/feature priority/backlog	commented send similar
155		Add 'unreleased version' & 'old version' warning banner to non-latest versions of docs			5y	4y	5y		kind/feature priority/backlog	commented contributor-last
492		Onboard with CertManager prow cluster for running CI tests for jniebuhr/aws-pca-issuer		2	4y	4y	4y		kind/feature	recv
154		Publish SBOMs			1y	10mo	10mo		kind/feature good first issue	commented member-last send

Bugs that deserve a follow-up comment (12)

Resolution: Comment or close the issue

Average age: 353.0d, Avg wait: 269.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
7687		Webhook refusing connection even when Ready			2mo	2mo	2mo		kind/bug	recv
7648		Solver selector issue			2mo	2mo	2mo		kind/bug	author-last recv
7643		jkspassword.txt file in secret is having default password			2mo	2mo	2mo		kind/bug triage/needs-information	commented contributor-last recv recv-q
7630		certmanager_http_acme_client_request_count is missed from the metrics?		2	2mo	2mo	2mo		kind/bug	recv
7629		http01-override-ingress-class is not updated when Ingress annotation is updated			2mo	2mo	2mo		kind/bug	recv
7218		cert-manager set don't fragment (DF) bit			10mo	2mo	10mo		kind/bug priority/important-longterm	assigned assignee-updated author-last recv recv-q
7506		Issues with new PEM maximum sizes PR#7642: fixes #7506: enable configurable max key/cert sizes, defaulting to original safe values introduced in #7401 unreviewed		6	5mo	2mo	5mo		kind/bug	pr-unreviewed recv recv-q
6741		ACME account private key and URI are not updated if the path of the ACME server is changed		5	1y	9mo	1y		lifecycle/frozen kind/bug priority/important-soon	contributor-last recv
6184		Conflicting ingressClassName http01 issuer spec and acme.cert-manager.io/http01-ingress-class annotation Similar: #2538: cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer (open)		13	2y	2mo	2y		kind/bug	recv recv-q similar
5751		Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together			2y	9mo	2y		lifecycle/frozen kind/bug priority/important-soon	recv recv-q
4749		rfc2136 seems to not work with deep subdomains			3y	2mo	3y		kind/bug area/acme/dns01	recv recv-q
7685		ACME GCP CA - Error waiting for authorization			2mo	2mo	2mo		kind/bug	recv

Bugs that have not been commented on within 60 days (17)

Resolution: Comment or close the issue

Average age: 483.7d, Avg wait: 189.8d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6969		Should upgrade status managed fields from CSA to SSA when ServerSideApply feature gate enabled			1y	8mo	1y		lifecycle/frozen kind/bug priority/important-longterm	commented contributor-last send
5959		`ImagePullBackoff` on `cm-acme-http-solver` pod, if using private registries		20	2y	8mo	2y		lifecycle/frozen kind/bug priority/important-longterm	commented contributor-last recv-q send
6230		cert-manager DDoSes DNS-01 solver - infinite rate limiting		4	2y	4mo	8mo		lifecycle/frozen kind/bug priority/critical-urgent area/acme/dns01	commented open-milestone send
4685		Unexpected EOF during watch stream event decoding: unexpected EOF -- possibly due to api server upgrades / restarts		11	3y	11mo	1y		lifecycle/frozen kind/bug priority/important-longterm	commented member-last send
5867		Controller can't handle hitting request rate limits of zerossl ACME API		7 12 31	2y	2mo	11mo		lifecycle/frozen kind/bug priority/important-soon	commented pr-closed pr-merged recv-q send
12 previously listed items omitted: #7687 #7648 #7685 #7643 #7630 #7629 #7218 #7506 #6741 #6184 #5751 #4749

Items that deserve a follow-up comment (171)

Resolution: Comment or close the issue

Average age: 931.7d, Avg wait: 891.6d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
7668		Allow custom values in Helm chart schema by relaxing additionalProperties: false		2	2mo	2mo	2mo			recv
7656		Add multiple DNS provider resolvers to an single webhook not working PR#7662: Fix the issue of webhook routes generating duplicate operation IDs unreviewed			2mo	2mo	2mo			pr-unreviewed recv
7636		cermanager order in pending state			2mo	2mo	2mo			recv
7572		Certificate Issuance takes long time up to 50 minutes when attempting to create 40+ certificates		2	4mo	2mo	4mo			recv
7267		`error finalizing order` message is light on details		2	9mo	2mo	9mo		priority/important-soon	contributor-last recv
6820		Ongoing dependency evaluation			1y	11mo	1y		lifecycle/frozen priority/important-longterm	contributor-last recv
1643		Let's Encrypt Ending Support for Notification Emails			4mo	4mo	4mo			recv
1625		Configuration issue potentially leading to a memory leak			4mo	4mo	4mo			recv
1623		Claim about v1beta1/v1alpha2 support for gateway api is misleading			4mo	4mo	4mo			recv
1620		Cert Manager allows the creation of Illegal wilcard SANs			5mo	5mo	5mo			recv
1609		Azure DNS Documentation Update Similar: #1101: Feature request for updating documentation. (open)			6mo	5mo	6mo			author-last recv recv-q similar
1608		Renaming Securing NGINX-ingress to ingress-nginx Similar: #866: Securing NGINX-ingress (open) Similar: #326: Securing Ingresses with Venafi (open)			6mo	6mo	6mo			recv similar
1596		Wrong key for cloudflare secret ref in DNS Validation tutorial page			7mo	7mo	7mo			recv
1585		Broken install instructions due wrong cert_manager_latest_version - v1.16.1			8mo	8mo	8mo			recv
1552		Broken inbound link from IBM			9mo	9mo	9mo			recv
1549		Brand guideline page			9mo	9mo	9mo		priority/backlog	contributor-last recv
1490		GKE tutorial falsely claims it's possible to create LE certificate without domain (only IP)			1y	8mo	1y			author-last recv
1257		ErrRegisterACMEAccount			2y	2y	2y			recv
1241		Remove Bitnami kubeprod as installation method			2y	2y	2y			recv
1473		Add ArtifactHub packages to website			1y	9mo	1y		priority/backlog	recv
1054		Run spell checker in a pre-commit hook			2y	2y	2y		good first issue kind/cleanup	recv
998		Documentation venafi configuration references venafi documentation page which returns 403			3y	2y	3y			contributor-last recv
993		Document which resources do/do not get garbage collected			3y	3y	3y		good first issue	contributor-last recv
944		Document how to install cert-manager in a different namespace		3	3y	1y	3y		good first issue	recv recv-q
868		Document RBAC Similar: #844: Document feature gates (open)			3y	3y	3y			contributor-last recv similar
866		Securing NGINX-ingress Similar: #1608: Renaming Securing NGINX-ingress to ingress-nginx (open) Similar: #326: Securing Ingresses with Venafi (open)			3y	3y	3y			recv similar
850		Document available cert-manager Prometheus metrics Similar: #136: Document available metrics (open)			3y	2y	3y		documentation good first issue priority/important-longterm	recv recv-q similar
847		missing documentation/information olm based installation metric prometheus			3y	3y	3y			contributor-last recv
841		remove dependency on golang from cmctl and kubectl-plugin installation documentation			3y	3y	3y			contributor-last pr-merged recv recv-q
836		Syncing Secrets Across Namespaces			3y	3y	3y			recv
1061		Document onboarding process for new maintainers Similar: #1062: Document process for offboarding maintainers (open)			2y	2y	2y			recv similar
758		API reference docs: enum values not documented with typedef			3y	3y	3y			recv
706		Default key usages			3y	3y	3y			recv
693		Azure DNS pod identity incorrectly documents principal_id			3y	2y	3y			author-last commented recv recv-q
672		List required Google CloudDNS permissions exhaustively			3y	3y	3y			recv
662		Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"			3y	3y	3y			recv
604		Make it so that it is easier to find the doc for fixing webhook issues			4y	3y	4y			contributor-last recv
844		Document feature gates Similar: #868: Document RBAC (open)			3y	3y	3y			recv similar
561		Certificate Resources Similar: #560: Support rotated certificate sources (open)			4y	4y	4y			recv similar
554		HTTP Validation, privateKeySecretRef			4y	4y	4y			contributor-last recv
568		Add a diagram for LetsEncrypt cert issuance flow to the docs		4	4y	4y	4y			recv
484		Please add anchor tags to your subheadings			4y	4y	4y		priority/backlog kind/documentation	commented contributor-last pr-merged recv
469		DNS01: Delegated Domains for DNS01 example yaml solvers list items			4y	4y	4y			recv
466		installation/compatiblity			4y	4y	4y			recv
457		cainjector docs are missing the option to inject certs in apiservice resources			4y	4y	4y			recv
1125		Describe cert-manager feature policy			2y	2y	2y			contributor-last recv recv-q
386		Uninstalling on Kubernetes - How to delete all those user created resources?			4y	4y	4y			contributor-last recv
354		DigitalOcean access-token should not be base64-encoded			4y	4y	4y		priority/awaiting-more-evidence	author-last recv recv-q
326		Securing Ingresses with Venafi Similar: #1608: Renaming Securing NGINX-ingress to ingress-nginx (open) Similar: #866: Securing NGINX-ingress (open)			4y	4y	4y			contributor-last recv similar
237		docs for ACMEChallengeSolverHTTP01Ingress doesn't specify what `class` values are available			5y	4y	5y		priority/backlog kind/documentation	contributor-last pr-closed recv
232		Document keystored in usage/certificate			5y	4y	5y		priority/backlog kind/documentation	contributor-last recv
228		Documentation needs correction for external-account-bindings			5y	2mo	5y		good first issue priority/backlog kind/documentation	contributor-last pr-merged recv
197		Document ACME account mismatch			5y	3mo	5y		good first issue priority/backlog kind/documentation	recv recv-q
130		FAQ: How does cert-manager handle ingresses with valid TLS secrets?			5y	4y	5y		help wanted priority/backlog kind/documentation	contributor-last recv
76		Upgrading from v0.10 to v0.11 - missing cainjector annotation			5y	4y	5y		priority/backlog kind/documentation	contributor-last recv
1063		"Securing Ingresses with Venafi" tutorial contains link to missing manifest			2y	8mo	2y		priority/important-longterm	author-last pr-merged recv
1062		Document process for offboarding maintainers Similar: #1061: Document onboarding process for new maintainers (open)			2y	2y	2y			recv similar
516		Add PodDisruptionBudget to helm chart PR#517: Add `PodDisruptionBudget` to helm chart unreviewed			3mo	3mo	3mo			pr-unreviewed recv
431		istio-csr pod healthz check fails for long time in v0.11.0 and v0.12.0			7mo	6mo	7mo			recv recv-q
501		Error logs not very helpful			3mo	3mo	3mo			recv
413		Panic: runtime error on new installation			8mo	7mo	8mo			author-last recv recv-q
287		Getting Readiness probe failed when using cert-manager-istio-csr Similar: #84: csr readiness probe failed, istio ingress pod also failed (open)			1y	1y	1y			author-last recv recv-q similar
224		ClusterRole & ClusterRoleBindings for istio-csr			2y	2y	2y			recv
244		Populate Subject Fields in Certificate			1y	8mo	1y			contributor-last recv
197		add the compatibility matrix for Kubernetes versions to README			2y	2y	2y			recv
155		Invalid certificate chain when using Vault with Intermediate CA			3y	2y	3y			recv recv-q
176		certificateDuration is not used for the Istio CSR generated certificate requests PR#469: Add app.server.certificateDuration commented Similar: #119: Certificate is re-requested when container restarts (open) Similar: #14: Annotation generates CertificatesRequests repeatedly until blocked by letsencrypt (open)			2y	6mo	2y			pr-closed pr-reviewed-with-comment recv recv-q similar
141		Istio-csr pods were hung unable to handle request causes entire cluster downtime for new pods/expired pods.			3y	2y	3y			recv recv-q
138		istio-csr doesn't retry upon failed certificate requests			3y	2y	3y			contributor-last recv
145		*Not able to use Istio-CSR in istio(1.13.)**			3y	3y	3y			author-last pr-closed recv
136		Document available metrics Similar: #850: Document available cert-manager Prometheus metrics (open)			3y	3y	3y			recv similar
133		latest supported cert-manager version with cert-manager-istio-csr?			3y	3y	3y			contributor-last recv
161		updating ConfigMap data doesn't stop			3y	3y	3y			contributor-last recv recv-q
130		Document best-practices for minimal vault role configuration for istio-csr			3y	1y	3y			recv recv-q
131		metrics to check certificate expiry for istio workloads ?			3y	3y	3y			contributor-last recv recv-q
108		[doc] confusion with `ca.pem` and Readiness probe failed on ingress and egress gateways			3y	3y	3y			author-last recv recv-q
106		Helm chart is failing with "certificate.spec.revisionHistoryLimit" issue Similar: #46: Ability to configure CertificateRequest revision history limit (open) Similar: #4071: Add a default value to RevisionHistoryLimit if none is provided in the Certificate (closed)			3y	3y	3y			contributor-last recv similar
113		Integrating with istio helm chart installs		15	3y	8mo	3y			recv recv-q
94		Can't get aws pca to work			3y	3y	3y			recv
84		csr readiness probe failed, istio ingress pod also failed Similar: #287: Getting Readiness probe failed when using cert-manager-istio-csr (open)		2	3y	1y	3y		support	recv recv-q similar
83		commonName required for AWS PCA			3y	3y	3y			recv recv-q
87		Failing to integrate with GCP CAS			3y	3y	3y			contributor-last recv recv-q
64		Is there way to hot restart envoy proxy using istio-csr? I'm trying to renew root certificate by changing the istio-ca secret manually. The workload does not pick the new root certificate unless I delete the workload pods			4y	4y	4y			recv recv-q
213		charts.jetstack.io beding cluster presents a challenge and breaks deployment			2y	2y	2y			recv
117		public ca.crt aka caBundle is not being updated/propagated until the cert-manager and istiod components are restarted			3y	3y	3y			recv
211		Add custom annotations to deployment			2y	1y	2y			pr-closed pr-merged recv
53		Generate workload certificates with DNS in the SAN			4y	4y	4y			recv recv-q
559		Flakey Tests in pull-cert-manager-approver-policy-test Similar: #61: Flakey Tests in pull-cert-manager-approver-policy-verify (open)			5mo	5mo	5mo			recv similar
394		Limit number of SANs by policy			1y	1y	1y			contributor-last recv
271		Include binary artifacts your releases.			2y	2y	2y			recv
449		Rotation Policy Constraint			1y	6mo	1y			contributor-last recv recv-q
466		Document How to Configure Common Scenarios			11mo	11mo	11mo			recv
452		CRDs in the Release files		3	1y	1y	1y			recv
574		Add a top level variable called `enabled` to the Helm chart schema PR#578: feat: add toplevel enable value to helmchart unreviewed			2mo	2mo	2mo		help wanted good first issue	contributor-last pr-unreviewed recv recv-q
142		expose bundles CRD as release artifact		9	2y	2mo	2y			author-last recv recv-q
301		Add support for kubectl installation Similar: #197: Kubectl One-line Installation Support (open)			1y	5mo	1y		lifecycle/frozen	author-last commented open-milestone recv recv-q similar
33		Support CRDs as target		5	3y	2mo	3y		priority/backlog	contributor-last recv recv-q
242		New version of Bundle API PR#475: Replace webhook validations with CEL validation new-commits		2 4	2y	2mo	1y		lifecycle/frozen	commented contributor-last pr-merged pr-new-commits recv
231		### Question about Configuring Retries in cert-manager			2mo	2mo	2mo			recv
204		clarify SetCAOnCertificateRequest deprecation status			5mo	5mo	5mo			recv
385		Helm Install of cert-manager-csi-driver Fails on Minikube with /dev/bus/usb Errors			2mo	2mo	2mo			author-last recv
241		Missing cert-manager.io/revision-history-limit volume attributes for CSI-Driver		5	1y	1y	1y			recv
267		Does cert-manager-csi-driver support AWS EKS with AWS Fargate nodes?			1y	11mo	1y			recv
134		Volume empty		4	2y	2y	2y			recv
136		SubPath support is broken or missing			2y	2y	2y			recv
130		JKS support		5	2y	1y	2y			recv recv-q
125		Is it too late to align cert-manager annotations? Similar: #1695: Create redirects for cert-manager annotations (open) Similar: #38: Route with cert-manager annotations is not created (open)			2y	2y	2y			recv similar
116		Does csi-driver support Wìndows nodes?			2y	2y	2y			contributor-last recv
74		Investigate and change the default mounted host path for driver			3y	3y	3y			recv
119		Certificate is re-requested when container restarts Similar: #176: certificateDuration is not used for the Istio CSR generated certificate requests (open)			2y	2y	2y			recv similar
33		New key being used with old certificate			4y	4y	4y			recv
383		[Feature Request] Adding attributes that available in Certificate CRD to CSI Driver			2mo	2mo	2mo			recv
353		mismatch between the key and the certificate signature algorithm			5mo	5mo	5mo			recv
21		MountVolume.SetUp failed: cannot set blockOwnerDeletion: cannot find RESTMapping for APIVersion core/v1 Kind Pod			5y	5y	5y			recv
264		Certificate renewal doesn't change file 'modified date'			1y	1y	1y			recv
26		Cannot `chmod` a read only filesystem		14	4y	3y	4y			pr-closed recv recv-q
29		Deleting a pod with a cert-manager-csi volume mounted results in the pod termination hanging.			4y	4y	4y			recv
17		ability to specify pod IP in volume attributes		7	5y	6mo	5y			commented recv recv-q
19		Add support for certificate expiry configuration		6	2y	2y	2y			recv
38		Add Envoy Secret discovery service (SDS) support			2y	2y	2y			recv
174		Standby Replicas without lease use lots of CPU			2mo	2mo	2mo			recv
58		certificate cannot be renewed, error message: "key does not match certificate"		4	1y	1y	1y			recv recv-q
54		Same certificate in path based Routes		2	1y	3mo	1y			pr-closed recv
12		Does this plugin support DNS validation?			2y	2y	2y			recv
13		Can the plugin be configured to use a wildcard certificate?		2	2y	2y	2y			pr-closed recv recv-q
116		Release static manifests (no helm) for v0.6.0-alpha.0+			7mo	7mo	7mo			recv
56		Support for destinationCaCertificate / Reencrypt Routes			1y	1y	1y			recv
26		Missing CONTRIBUTING.md			2y	2y	2y			recv
46		Ability to configure CertificateRequest revision history limit Similar: #106: Helm chart is failing with "certificate.spec.revisionHistoryLimit" issue (open) Similar: #3958: Sane defaults for Certificate revision history limit (closed)		2	2y	2y	2y			recv similar
46		Cert-manager operator fails to issue certificates			3y	3y	3y			recv
3		Restrict operator RBAC permissions			5y	9mo	5y		priority/backlog	pr-merged recv
22		Customize the deployment of cert-manager installed via OLM		5 6	4y	8mo	3y			commented recv recv-q
17		Operator prevents passing extraArgs helm value		7	4y	2y	4y			recv recv-q
40		Optional auto rotating/renewing certificates			2y	1y	2y			contributor-last recv recv-q
33		Create e2e test to validate CertificateRequest garbage collection			2y	11mo	2y		priority/backlog	assigned recv
74		Consistency issues due to the use of mount binds			6mo	6mo	6mo			author-last commented recv recv-q
122		asdf cmctl installer issues		2	8mo	8mo	8mo			author-last commented recv
83		As cmctl user, I want to use different kubectl context on command line ( --context='kubectl-context-abc' )			1y	11mo	1y		priority/important-longterm	recv
700		Ensure optional periodics get run if relevant files change			3y	3y	3y			recv
693		Set up periodics against 'previous previous' branch			3y	9mo	3y		priority/backlog	recv
602		Image build jobs always appear to error			3y	3y	3y			recv
594		Document infra image bumps and versioning Similar: #520: Document how infra images are built (open)			3y	9mo	3y		priority/backlog	recv similar
690		Clean up Presets			3y	9mo	3y		priority/backlog	pr-merged recv
520		Document how infra images are built Similar: #594: Document infra image bumps and versioning (open)			4y	4y	4y			pr-merged recv similar
499		RBAC Rules for trusted prowjobs		2	4y	3y	4y			contributor-last recv
691		Document how to test ProwJobs locally			3y	3y	3y			recv
593		Document how updates to job config files make it to the Prow cluster			3y	3y	3y			recv
653		Allow adding newly required presubmits that aren't run against older branches			3y	3y	3y			recv
43		Allow non-Venafi employee maintainers full release capabilities		2	6mo	4mo	4mo			assigned assignee-updated commented contributor-last recv
49		cannot create resource "godaddy" in API group			2y	2y	2y			recv recv-q
80		How to deal with K8s timelimit in 30s ?			6mo	6mo	6mo			recv
81		How to enable leader election in the webhook?			4mo	4mo	4mo			recv
74		Why cert-manager looks for a CNAME record instead of a TXT record?			10mo	10mo	10mo			recv
37		Add logging example			3y	11mo	3y			pr-closed recv
72		readyz and healthz api			11mo	11mo	11mo			recv
10		How to add api key secret during testing		2	5y	4y	5y			pr-closed recv
63		make test prints the apiKey			1y	9mo	1y		priority/important-soon	recv
38		Set repository to be a GitHub template repository			3y	9mo	3y		priority/important-longterm	recv
8		Question: namespace to install the resources Similar: #297: Allow all resources to be namespaced (open)			5y	5y	5y			pr-closed pr-unreviewed recv similar
26		Guidance on how to deploy webhook solver into a kubernetes cluster		5	4y	2y	4y			pr-closed pr-unreviewed recv recv-q
46		Code reference a pull request to be merged, but the pull request was closed by a robot			2y	2y	2y			recv
162		Issue: Broken config when using commonLabels			1y	1y	1y			recv
148		Certificate chain is not split correctly PR#159: Split certificate chain commented		5	1y	1y	1y			author-last pr-reviewed-with-comment recv recv-q
133		Allow to use a custom Service Account PR#143: feat: allow creating or reusing an existing sa unreviewed		5	1y	10mo	1y			pr-unreviewed recv
94		admission webhook denied GoogleCASIssuer must be one of Issuer or ClusterIssuer			2y	2y	2y			recv
49		Should surface certificateAuthorityId more clearly in docs			3y	3y	3y		documentation	recv
85		can't get cas issuer to work doesn't matter which way I go with number of issues		2	2y	2y	2y			recv
66		ClusterIssuer not responding to ingress annotations Similar: #2538: cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer (open)			3y	2y	3y			recv recv-q similar
65		Set revisionHistoryLimit to 1 to reduce load on the issuer			3y	7mo	7mo			author-last commented recv
57		README is slightly incomplete			3y	3y	3y			recv
102		certificate renewal does not work in due to auth issue to privatecaapi end point			2y	7mo	2y			recv

Items that have not been commented on within 60 days (207)

Resolution: Comment or close the issue

Average age: 1036.9d, Avg wait: 721.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6709		1.14 Release Review		3	1y	9mo	1y		lifecycle/frozen priority/important-soon	commented contributor-last send
6160		Helm Chart global repository PR#7558: feat: add (helm) global.imageRepository commented		2	2y	4mo	4mo		lifecycle/frozen	commented member-last pr-reviewed-with-comment send
6132		Checklist: CNCF Graduation			2y	8mo	8mo		lifecycle/frozen priority/important-soon	commented member-last pr-unreviewed
5298		Complete the Migration Away From Jetstack Names			2y	9mo	1y		lifecycle/frozen kind/cleanup priority/important-soon	commented member-last send
4191		Setting default values for Pod's "resources"?		7	3y	8mo	8mo		lifecycle/frozen priority/important-longterm	commented contributor-last recv-q send
4950		General flakiness of our end-to-end suite		3	3y	11mo	2y		lifecycle/frozen priority/important-longterm kind/flake	commented member-last pr-closed pr-merged send
1168		docs: Add info about client side certificate rotation best practices.		27	6y	5y	5y		help wanted lifecycle/frozen kind/documentation priority/backlog	commented contributor-last pr-closed send
1546		Self upgrade PRs don't run checks			9mo	9mo	9mo			commented member-last
1262		v1.9 to v1.10 upgrade instructions does not mention container name change			2y	3mo	11mo		priority/backlog	assigned assignee-updated commented member-last send
1194		Confusing paragraph - cert-manager integration.			2y	9mo	2y		documentation priority/important-longterm	commented member-last send
1186		Document that/why we don't use Helm's CRD installation mechanism			2y	11mo	11mo		good first issue priority/important-longterm kind/documentation	assigned assignee-updated commented member-last send
1174		Document the docker images and how to find them			2y	2y	2y		good first issue priority/important-soon kind/documentation	commented member-last send
1168		Rendering issues for generated API docs			2y	2y	2y			commented member-last pr-merged
1101		Feature request for updating documentation. Similar: #1609: Azure DNS Documentation Update (open)			2y	9mo	9mo		priority/backlog	commented member-last send similar
899		Upgrading from v1.7 to v1.8 check command should exclude null. PR#1589: Apply change proposed in issue 899 approved		2	3y	8mo	8mo		priority/important-soon	commented member-last pr-approved send
776		Explain that you can pre-provision a Secret and Certificate.Spec.SecretName can refer to an existing Secret			3y	3y	3y			commented member-last send
697		[IRSA] Needs `runAsUser: 1001`			3y	8mo	8mo			commented member-last pr-merged send
583		cert-manager with ZeroSSL		45	4y	2y	2y			commented send
543		Add getting started documentation for users who want to quickly use cert-manager to issue LetsEncrypt certificates		4	4y	4y	4y			commented member-last send
532		Rework of the landing page (cert-manager.io)		3	4y	3y	4y		help wanted good first issue	commented member-last send
425		Document ocspServers			4y	4y	4y		kind/documentation	commented member-last
414		Explain cert-manager repo structure		2	4y	4y	4y		priority/backlog kind/documentation	assigned assignee-updated commented member-last pr-closed pr-merged send
401		Bring tutorials up to date			4y	2y	2y		priority/important-longterm	commented member-last send
320		Document how to install cert-manager using gitops and known issues with particular gitops implementations		5	4y	2y	4y		documentation help wanted priority/backlog	commented pr-merged recv-q
295		Route53			4y	4y	4y		kind/documentation	commented member-last send
223		Document wildcard certificate tutorial			5y	4y	5y		priority/important-longterm kind/documentation	commented contributor-last send
195		Document keystores			5y	2y	4y		priority/important-soon kind/documentation	commented contributor-last send
174		Add documentation for CRD conversion webhook ca injection			5y	4y	4y		help wanted priority/important-soon kind/documentation	commented member-last send
234		Backup and Restore Resources		3	5y	4y	4y		priority/backlog kind/documentation	commented member-last pr-merged send
79		Design for partial automation of release process			3y	3y	3y			commented member-last send
42		Publish latest release number as part of creating a final release			3y	3y	3y			commented member-last send
19		Incorrect command line help: should include a --branch argument			4y	4y	4y		kind/cleanup	commented contributor-last
31		Move the manual steps of our release process to cmrel commands			4y	3y	3y			commented member-last pr-closed
153		It is possible to have several CAs within the same cluster.		3	3y	7mo	2y			commented send
288		Feature: Take control of approval for the whole cluster		2	2y	1y	1y			commented member-last
245		Split Bundle controller into multiple controllers			2y	5mo	5mo		lifecycle/frozen	commented member-last send
171		E2E Test Cleanup			1y	1y	1y		good first issue	commented member-last
45		Unable to mount and read only file error		5	3y	9mo	9mo		priority/awaiting-more-evidence	commented send
42		Intermittent csi-driver-spiffe failure: Unable to mount cert			2y	2y	2y			commented member-last send
39		csi-driver-spiffe vs csi-driver		5	2y	2y	2y			commented member-last send
14		Annotation generates CertificatesRequests repeatedly until blocked by letsencrypt Similar: #176: certificateDuration is not used for the Istio CSR generated certificate requests (open)			2y	2y	2y			commented member-last send similar
70		OLM deployment with ArgoCD is OutOfSync			3y	2y	2y			commented send
60		Support prometheus metrics PR#73: Support prometheus metrics commented			1y	7mo	7mo		priority/backlog	commented member-last pr-reviewed-with-comment send
81		Configuring Peribolos for Github org management			6y	9mo	9mo		priority/backlog	commented member-last send
202		Makefile Modules, Go Versions and Vendoring			8mo	8mo	8mo			commented contributor-last
35		Post-Graduation Suggestion Tracker			9mo	9mo	9mo			commented member-last pr-merged
6		security description			6y	6y	6y			commented member-last send
3		Make unit testing easier/make examples work			6y	9mo	3y		priority/important-longterm	commented member-last pr-closed send
27		failed with: OpenAPI spec does not exist		2 6	4y	9mo	2y		priority/critical-urgent	commented pr-closed pr-unreviewed send
197		Kubectl One-line Installation Support Similar: #301: Add support for kubectl installation (open)			9mo	7mo	7mo			commented member-last send similar
157 previously listed items omitted