generic Weekly Triage :: Triage Party

queue to be emptied once a week in a team triage meeting

Important soon, but no updates in 60 days (17)

Resolution: Downgrade to important-longterm

Average age: 1274.6d, Avg wait: 66.1d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6741		ACME account private key and URI are not updated if the path of the ACME server is changed		7	2y	2mo	2y		lifecycle/frozen kind/bug priority/important-soon	recv
5298		Complete the Migration Away From Jetstack Names			3y	1y	2y		lifecycle/frozen kind/cleanup priority/important-soon	commented member-last send
5751		Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together PR#8474: fix: prevent wildcard CNAME from redirecting ACME challenges to unrelated zones unreviewed			3y	3mo	3y		lifecycle/frozen kind/bug priority/important-soon	author-last pr-unreviewed recv recv-q
3992		Add non-CRD yaml file		4	4y	3mo	2y		priority/important-soon area/deploy	author-last commented recv
3381		Setup separate package for cert-manager API		5	5y	1y	1y		lifecycle/frozen kind/feature priority/important-soon	assigned assignee-updated commented member-last send
2930		Mirror to gcr.io or dockerhub		2 29	5y	11mo	1y		lifecycle/frozen kind/feature priority/important-soon area/deploy	assigned assignee-updated commented contributor-last send
6331		CSR not signed by referenced private key		9	2y	2mo	2y		lifecycle/frozen kind/bug priority/important-soon	commented contributor-last
7234		AWS Route53: Stale/Stuck Challenges should be deleted after a given timeout PR#7897: wip: add retry mechanism for challenge solver whenever we detect unauthorized error new-commits		4	2y	2mo	1y		kind/bug priority/important-soon	assigned assignee-updated commented contributor-last open-milestone pr-closed pr-merged pr-new-commits recv recv-q
6709		1.14 Release Review		3	2y	1y	2y		lifecycle/frozen priority/important-soon	commented contributor-last send
5867		Controller can't handle hitting request rate limits of zerossl ACME API		7 12 31	2y	10mo	2y		lifecycle/frozen kind/bug priority/important-soon	commented pr-closed pr-merged recv-q send
1425		The `issuer.vault.spec.caBundleSecretRef` docs are missing			2y	2y			priority/important-soon
1174		Document the docker images and how to find them			3y	3y	3y		good first issue priority/important-soon kind/documentation	commented member-last send
955		Document when the vault pki role required setting `require_cn=false`		2	3y	1y			priority/important-soon
802		Spelling errors are unclear in pull request CI results and spell checker is unmaintained			4y	1y			kind/bug priority/important-soon	contributor-last pr-merged
174		Add documentation for CRD conversion webhook ca injection			5y	5y	5y		help wanted priority/important-soon kind/documentation	commented member-last send
195		Document keystores			5y	3y	5y		priority/important-soon kind/documentation	commented contributor-last send
127		cmctl version reports only the old CRD version if I upgrade cert-manager without including the CRDs			1y	1y			priority/important-soon

Important longterm, but no updates in 120 days (27)

Resolution: Downgrade to backlog

Average age: 1338.2d, Avg wait: 201.1d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8085		Feature Request: Add annotation to disable automatic certificate renewal Similar: #40: Optional auto rotating/renewing certificates (open)			5mo	4mo	5mo		priority/important-longterm	pr-closed recv similar
8058		Cert-manager fails to import ECDSA private keys generated by openssl PR#8187: fix: add case for parsing key with ec parameters changes-requested			5mo	4mo	5mo		kind/bug priority/important-longterm	pr-changes-requested recv
6969		Should upgrade status managed fields from CSA to SSA when ServerSideApply feature gate enabled			2y	1y	2y		lifecycle/frozen kind/bug priority/important-longterm	commented contributor-last send
6820		Ongoing dependency evaluation			2y	2y	2y		lifecycle/frozen priority/important-longterm	contributor-last recv
4191		Setting default values for Pod's "resources"?		7	4y	1y	1y		lifecycle/frozen priority/important-longterm	commented contributor-last recv-q send
7598		More fine-grained control of powerful RBAC permission granted via Helm chart		2 5	11mo	4mo	7mo		kind/feature priority/important-longterm	assigned assignee-updated commented pr-merged recv-q send
2820		Add ability to set `pathlen:0` for CA certs in `X509v3 Basic Constraints`			5y	5mo	7mo		area/api good first issue kind/feature priority/important-longterm	assigned assignee-updated commented pr-closed pr-merged send
3521		Integration with ExternalDNS		4 51	5y	5mo	1y		help wanted lifecycle/frozen kind/feature priority/important-longterm	commented recv-q
2178		Handling 'unregistering' certificates from Venafi TPP		22	6y	2y	2y		lifecycle/frozen kind/feature priority/important-longterm area/venafi	commented member-last send
4950		General flakiness of our end-to-end suite		3	3y	2y	3y		lifecycle/frozen priority/important-longterm kind/flake	commented member-last pr-closed pr-merged send
1292		Allowing skipping HTTP01 and DNS01 self-check on a per-solver basis		17 4 228	7y	4mo	4y		area/api help wanted kind/feature priority/important-longterm area/acme	commented pr-closed recv-q send
4685		Unexpected EOF during watch stream event decoding: unexpected EOF -- possibly due to api server upgrades / restarts		12	4y	4mo	4mo		lifecycle/frozen kind/bug priority/important-longterm	commented contributor-last recv
6051		Detecting Gateway hostnames based on attached HTTPRoutes Similar: #8442: Gateway-API HTTP-01: HTTPRoute rejected when hostname is an IP address (closed)		7 31	2y	6mo	7mo		lifecycle/frozen kind/feature priority/important-longterm	commented pr-merged send similar
2525		Better support multi-namespace & single-namespace deployments Similar: #7684: Add support for namespaced deployment (open)		27	6y	9mo	2y		lifecycle/frozen kind/feature priority/important-longterm area/deploy	commented contributor-last open-milestone pr-closed send similar
1186		Document that/why we don't use Helm's CRD installation mechanism			3y	2y	2y		good first issue priority/important-longterm kind/documentation	assigned assignee-updated commented member-last send
1194		Confusing paragraph - cert-manager integration.			3y	1y	2y		documentation priority/important-longterm	commented member-last send
975		Some pages do not make it clear what the user should read next			3y	1y			priority/important-longterm
1063		"Securing Ingresses with Venafi" tutorial contains link to missing manifest			3y	1y	3y		priority/important-longterm	author-last pr-merged recv
850		Document available cert-manager Prometheus metrics			4y	3y	4y		documentation good first issue priority/important-longterm	recv recv-q
223		Document wildcard certificate tutorial			5y	5y	5y		priority/important-longterm kind/documentation	commented contributor-last send
401		Bring tutorials up to date			5y	3y	3y		priority/important-longterm	commented member-last send
58		Support injection pem into an existing configmap PR#395: WIP: feat: inject bundle data into configmap unreviewed		8	3y	9mo	9mo		priority/important-longterm lifecycle/frozen	assigned assignee-updated commented member-last pr-closed pr-merged pr-unreviewed send
129		Increase e2e test timeouts			2y	1y			priority/important-longterm
83		As cmctl user, I want to use different kubectl context on command line ( --context='kubectl-context-abc' )		2	2y	2y	2y		priority/important-longterm	recv
98		Document new release process for all repos			2y	2y			priority/important-longterm	assigned
38		Set repository to be a GitHub template repository			3y	1y	3y		priority/important-longterm	recv
3		Make unit testing easier/make examples work			6y	1y	4y		priority/important-longterm	commented member-last pr-closed send

many reactions, low priority (8)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 453.5d, Avg wait: 1.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8493		cloudflare DNS01 - Client.Timeout exceeded while awaiting headers		2	6d	37min	6d		kind/bug	recv
8300		Support for custom, TLS-based application protocols		4	2mo	2mo	2mo		kind/feature triage/needs-information	commented member-last send
7890		Cluster issuer for HTTP-01 gatewayHTTPRoute should not require a gateway parentRef		15	6mo	5wk	5wk		kind/feature priority/awaiting-more-evidence area/acme/http01	commented member-last send
6179		CRDs shouldn't be templated in Helm		5 2 30	2y	5mo	5mo		priority/backlog	commented recv-q send
5566		upload Helm charts to OCI registry and sign them with cosign		4 56	3y	4mo	4mo		kind/feature	commented member-last pr-merged send
6716		leader election namespace should default to `.Release.Namespace`, not `kube-system` PR#7764: Doc: Add leaderElection.namespace recommendation unreviewed		3 40	2y	1mo	2y		lifecycle/frozen kind/bug triage/not-reproducible	commented pr-closed pr-unreviewed recv-q send
7473		Create certificate based on HTTPRoute configuration		59 7 79	1y	15d	15d		kind/feature	assigned assignee-updated commented member-last pr-closed pr-merged send
8422		feat: Add AWS authentication method for Vault Issuer		3	3wk	4d	11d		do-not-merge/release-note-label-needed area/api kind/feature size/XXL area/vault dco-signoff: yes area/testing ok-to-test area/deploy	commented contributor-last recv recv-q reviewed-with-comment

many commenters, low priority (5)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 49.0d, Avg wait: 17.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8375		feat: add health probes to cert-manager pods			6wk	19d	19d		size/L do-not-merge/release-note-label-needed area/api dco-signoff: yes tide/merge-method-squash ok-to-test area/deploy needs-kind	commented member-last new-commits send
8379		acmechallenges: stabilize solver resource names			6wk	5wk	5wk		size/XS release-note kind/bug area/acme dco-signoff: yes ok-to-test	author-last commented recv unreviewed
8258		feat(certificate): renewal policy and windows code Similar: #7399: Add renew window to restrict when certificate renewal can happen (open)			3mo	2d	2d		release-note area/api kind/feature size/XXL area/acme dco-signoff: yes area/testing area/acme/dns01 area/deploy	commented contributor-last recv reviewed-with-comment similar
1909		docs: add ACK RRSA supported AliDNS webhook			5wk	2wk	2wk		size/XS dco-signoff: yes	author-last commented new-commits recv
841		Does trust-manager require cluster level permissions to read secrets?			4wk	4wk	4wk			author-last commented recv recv-q

Screaming into the void: No matching items

Needs information for over 2 weeks (7)

Resolution: Close or remove triage/needs-information label

Average age: 553.2d, Avg wait: 82.2d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8300		Support for custom, TLS-based application protocols		4	2mo	2mo	2mo		kind/feature triage/needs-information	commented member-last send
8102		cert-manager-startupapicheck erroring while installation		4	4mo	2mo	2mo		kind/bug triage/needs-information	commented member-last send
8121		Support for Creating CertificateRequest from Kubernetes Secret Similar: #8378: Support `PodCertificateRequest` (open) Similar: #7829: Support to auto delete Certificaterequest (open) Similar: #204: Support for creating certificate for wildcard route (open)			4mo	3mo	4mo		kind/feature triage/needs-information	contributor-last recv recv-q similar
7845		ClusterIssuer.cert-manager.io "letsencrypt" is invalid: spec.acme.privateKeySecretRef: Required value...		6	7mo	4mo	7mo		kind/bug priority/awaiting-more-evidence area/acme triage/needs-information	contributor-last recv recv-q
7846		ClusterIssuer.Status.Acme.URI disappeared			7mo	4mo	7mo		good first issue kind/bug priority/awaiting-more-evidence area/acme triage/needs-information	assigned assignee-updated contributor-last recv recv-q
5101		No backoff/delay when failing to create challenge solver pods PR#8379: acmechallenges: stabilize solver resource names unreviewed		9	3y	2mo	2mo		kind/bug priority/important-longterm triage/needs-information	commented member-last pr-unreviewed send
15		Allow data-root to be an absolute path PR#71: Refactor filesystem.go and adapt tests to use a real file system commented			4y	3y			kind/bug triage/needs-information	contributor-last pr-reviewed-with-comment

Support request over 30 days old (3)

Resolution: Close, or add to triage/long-term-support

Average age: 1159.5d, Avg wait: 0.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8296		HTTP-01 challenge stuck in pending with status code 400			2mo	5wk	5wk		triage/support	commented member-last send
53		Support crlDistributionPoints & ocspServers			4y	4y	4y		triage/support	commented send
28		Certificate revocation from CAS Console Similar: #8209: Add revocation at certificate deletion (open)			5y	5y	5y		triage/support	commented member-last send similar

Issues nearing expiration (12)

Resolution: Close or label as frozen

Average age: 477.2d, Avg wait: 189.4d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
7749		Http and PROXY protocol		5	9mo	3d	9mo		lifecycle/rotten	contributor-last recv
7717		After uninstalling cert-manager, ingress resources can still only be accessed via https			9mo	17d	9mo		lifecycle/rotten	contributor-last recv
7660		cert-manager produces invalid (per RFC5280) certificates when `cert sign` usage is set along with another usage			10mo	4d	10mo		kind/bug lifecycle/rotten	contributor-last recv recv-q
7659		Challenge and resolver pod/ingress killed too soon		2	10mo	17d	10mo		lifecycle/rotten	contributor-last recv
7625		Clean install fails to create Issuer		4	11mo	2wk	11mo		kind/bug lifecycle/rotten	contributor-last recv recv-q
7594		Cloudflare delegated domains returns Found no Zones for domain _acme-challenge.mydomain.com			11mo	19d	11mo		kind/bug lifecycle/rotten	contributor-last recv
7288		Missing UID in webhook challenge request			1y	3d	1y		kind/bug priority/backlog lifecycle/rotten	contributor-last recv
3706		renewal-hooks		4 21	5y	1d	1d		kind/feature priority/important-longterm lifecycle/rotten	commented contributor-last recv-q send
7654		Implement fallback for git_version creation in forked environments			10mo	5d	10mo		release-note-none size/S kind/cleanup needs-ok-to-test lifecycle/rotten dco-signoff: yes	commented contributor-last recv-q reviewed-with-comment send
7725		chore: allow additional properties in Helm setup #7668		2	9mo	15d	9mo		size/XS release-note-none needs-ok-to-test lifecycle/rotten dco-signoff: no area/deploy needs-kind	commented contributor-last send unreviewed
7467		fix: ❗dns-01 route53 query change status retry timeout		2	1y	6wk	10mo		release-note needs-rebase size/S kind/bug area/acme lifecycle/rotten dco-signoff: yes ok-to-test area/acme/dns01	approved commented contributor-last recv-q send
465		Installing trust-manager just after installing cert-manager makes it FAIL forever			1y	6wk	4mo		lifecycle/rotten	commented contributor-last recv

Pull requests: Approved and getting old (1)

Resolution:

Average age: 305.5d, Avg wait: 31.7d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
7689		Add Vertical Pod Autoscaler		2	10mo	10d	9mo		size/L release-note approved kind/feature dco-signoff: yes ok-to-test area/deploy	commented new-commits recv recv-q

Pull Requests: Stale (111)

Resolution: Add comment and/or close PR

Average age: 473.8d, Avg wait: 123.1d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8253		refactor(issuer): add shared factory and per-instance registries			3mo	6d	6d		size/L release-note-none lgtm kind/cleanup dco-signoff: yes ok-to-test	commented member-last reviewed-with-comment send
8440		feat(chart): Set ttlSecondsAfterFinished for statupapicheck			3wk	8d	3wk		release-note size/S kind/feature needs-ok-to-test dco-signoff: yes area/deploy	contributor-last recv recv-q unreviewed
7897		wip: add retry mechanism for challenge solver whenever we detect unauthorized error			6mo	9d	3mo		size/XL release-note-none needs-rebase area/api do-not-merge/work-in-progress area/acme dco-signoff: yes area/testing ok-to-test area/acme/dns01 area/monitoring area/deploy needs-kind	commented contributor-last new-commits recv-q send
8255		add dns issuer secrets validation before marking it as ready			3mo	12d	1mo		release-note size/XL lgtm kind/bug area/acme dco-signoff: yes area/testing ok-to-test	commented contributor-last new-commits recv recv-q
8438		POC: single cert-manager binary			3wk	3wk			release-note-none do-not-merge/work-in-progress kind/feature size/XXL dco-signoff: no	contributor-last draft recv-q unreviewed
7646		Support custom ACME account key type.		2	10mo	3wk	8mo		size/L release-note needs-rebase area/api area/acme dco-signoff: yes ok-to-test area/deploy needs-kind	commented new-commits recv recv-q
8336		Add global.tolerations to helm chart			2mo	3wk	6wk		release-note needs-rebase kind/feature needs-ok-to-test size/M dco-signoff: yes area/deploy	changes-requested commented contributor-last recv recv-q
8407		Use generics to make predicates typed			4wk	4wk	4wk		size/L release-note-none kind/cleanup dco-signoff: yes area/testing	commented member-last new-commits
8220		Add predicate filtering to queuing handler			3mo	4wk	2mo		size/XL release-note-none needs-rebase area/acme dco-signoff: yes area/acme/dns01 needs-kind	commented contributor-last recv-q send unreviewed
8395		Clarify code around DNS01 Self Check			5wk	5wk	5wk		release-note-none kind/cleanup needs-ok-to-test size/M area/acme dco-signoff: yes area/acme/dns01	contributor-last recv recv-q unreviewed
8367		feat(helm) add startupProbe and readinessProbe to cert-manager-controller			7wk	5wk	5wk		release-note-none kind/feature needs-ok-to-test size/M dco-signoff: yes area/deploy	commented contributor-last recv recv-q unreviewed
4835		Making sure per fixture only 1 setup is active at the same time			4y	6wk	7mo		release-note-none needs-rebase lifecycle/frozen kind/bug size/M dco-signoff: yes area/testing	assigned assignee-updated commented contributor-last recv-q reviewed-with-comment
5447		Allow extra DNS-01 propagation time to be configured			3y	6wk	7mo		release-note needs-rebase size/S lifecycle/frozen kind/feature area/acme dco-signoff: yes ok-to-test area/acme/dns01	commented contributor-last open-milestone recv-q send unreviewed
5743		Add MaxPathLen and add EncodeBasicConstraintsInRequest option to Certificate and CertificateRequest resources			3y	6wk	10mo		size/L release-note needs-rebase area/api kind/cleanup dco-signoff: yes area/testing ok-to-test area/deploy	commented contributor-last open-milestone recv-q reviewed-with-comment
7236		Route53: Allow STS token to be refreshed by the AWS client if necessary			2y	6wk	10mo		release-note size/XL needs-rebase area/api kind/bug kind/feature area/acme dco-signoff: yes area/acme/dns01 area/deploy	commented contributor-last recv-q reviewed-with-comment send
7382		Implement a single package for controlling cert-manager RNG		3	1y	6wk	10mo		size/L release-note needs-rebase do-not-merge/hold kind/feature area/acme dco-signoff: yes area/testing	commented contributor-last recv-q send unreviewed
7449		WIP: reconcile issuers using issuer-lib			1y	6wk	8mo		release-note-none needs-rebase area/api do-not-merge/work-in-progress kind/cleanup size/XXL area/acme area/ca area/vault dco-signoff: yes area/testing area/deploy	commented contributor-last recv-q unreviewed
7437		fix: annotate account private key secrets			1y	6wk	1y		release-note needs-rebase size/S area/api kind/feature area/acme dco-signoff: yes ok-to-test	commented contributor-last open-milestone recv recv-q unreviewed
7718		Switch to makefile modules completely (part 1)			9mo	6wk	3mo		release-note-none needs-rebase area/api kind/cleanup size/XXL area/acme dco-signoff: yes area/testing area/deploy cybr	commented contributor-last new-commits recv-q send
7805		feat: refactor challenge controller to be entirely non blocking			8mo	6wk	3mo		release-note needs-rebase area/api kind/bug size/XXL area/acme dco-signoff: yes area/testing area/acme/dns01 area/acme/http01 area/deploy cybr	commented contributor-last new-commits recv-q send
7823		Adding read perms for pods and services to DNS01 ClusterRole			7mo	6wk	7mo		size/XS release-note needs-rebase dco-signoff: yes ok-to-test area/deploy needs-kind	commented contributor-last recv recv-q reviewed-with-comment
8263		fix: dont copy `kapp.k14s.io` annotations from Ingress to created resources			2mo	6wk	2mo		size/XS release-note needs-rebase kind/feature dco-signoff: yes ok-to-test	commented contributor-last recv-q send unreviewed
8339		feat(pkcs12): Add flag to specify pkcs12 keystore alias			2mo	6wk	2mo		size/L release-note needs-rebase area/api kind/feature dco-signoff: yes area/testing area/deploy	contributor-last recv recv-q unreviewed
7662		Fix the issue of webhook routes generating duplicate operation IDs			10mo	6wk	10mo		do-not-merge/release-note-label-needed needs-ok-to-test size/M lifecycle/stale area/acme dco-signoff: yes needs-kind	contributor-last recv recv-q unreviewed
7450		Make ACME Authorization Timeout Configurable Similar: #7852: adds cli option configure ACME challange authorization timeout (open)			1y	7wk	1y		size/L release-note needs-rebase area/api needs-ok-to-test area/acme dco-signoff: yes area/acme/http01 area/deploy needs-kind	commented contributor-last new-commits recv recv-q similar
8071		Handle ACME Accept asynchronously			5mo	7wk	5mo		size/L release-note needs-rebase area/api needs-ok-to-test area/acme dco-signoff: yes area/testing area/deploy needs-kind	contributor-last recv recv-q unreviewed
8262		Bugfix #7388 kid missing issue with Infisical ACME server or any other ACME that requires EAB			2mo	1mo	2mo		size/L release-note needs-ok-to-test area/acme dco-signoff: yes needs-kind	author-last commented recv unreviewed
7289		Design proposal for delayed certificate activation			1y	2mo	1y		size/L release-note-none kind/design needs-ok-to-test lifecycle/stale dco-signoff: yes	commented contributor-last open-milestone recv recv-q reviewed-with-comment
7521		ClusterIssuer read caBundle from Secret			1y	2mo	9mo		size/L release-note needs-rebase area/api kind/feature needs-ok-to-test lifecycle/stale area/acme dco-signoff: yes area/deploy	commented contributor-last recv-q send unreviewed
7652		Helm chart: add ability to add appprotocol to port in service		3	10mo	2mo	10mo		size/XS release-note kind/bug lifecycle/stale dco-signoff: yes ok-to-test area/deploy	commented contributor-last recv-q reviewed-with-comment send
7733		fixes #5864: cert-manager CA to issue certs after verify with CA Certs Validity			9mo	2mo	8mo		size/L release-note kind/bug kind/feature lifecycle/stale dco-signoff: yes ok-to-test	commented new-commits recv recv-q
7439		helm: add checksum/config annotations			1y	2mo	1y		release-note-none size/S kind/feature needs-ok-to-test lifecycle/stale dco-signoff: yes area/deploy	contributor-last recv recv-q unreviewed
7583		Support for ACME servers that don't finalize within the ACME client finalizer retry window			11mo	2mo	11mo		release-note kind/bug needs-ok-to-test size/M area/acme dco-signoff: yes	recv recv-q unreviewed
7614		Lower the minimum certificate duration from 1 hour to 5 minutes			11mo	3mo	11mo		release-note size/S area/api kind/feature dco-signoff: yes ok-to-test	contributor-last recv recv-q unreviewed
8187		fix: add case for parsing key with ec parameters			4mo	3mo	4mo		size/XS release-note-none kind/bug needs-ok-to-test dco-signoff: yes	author-last changes-requested recv recv-q
8141		fix(helm): Align targetPorts in metrics endpoints for webhook and cainjector services		2	4mo	4mo	4mo		size/XS release-note-none lgtm dco-signoff: yes ok-to-test area/deploy needs-kind	commented member-last send unreviewed
7764		Doc: Add leaderElection.namespace recommendation			9mo	5mo	5mo		size/XS release-note-none dco-signoff: yes ok-to-test area/deploy needs-kind	commented contributor-last recv-q send unreviewed
7906		fix: Venafi call GetRefreshToken only when access token invalid for password/username authentication		2	6mo	5mo	5mo		release-note size/S kind/bug dco-signoff: yes ok-to-test	commented member-last send unreviewed
7399		Add renew window to restrict when certificate renewal can happen Similar: #8258: feat(certificate): renewal policy and windows code (open)			1y	5mo	1y		size/L release-note needs-rebase area/api kind/feature needs-ok-to-test dco-signoff: yes area/testing area/deploy	contributor-last recv recv-q similar unreviewed
7824		Add Azure Private DNS support to cert-manager			7mo	5mo	7mo		release-note needs-rebase area/api kind/feature needs-ok-to-test size/XXL area/acme dco-signoff: yes area/acme/dns01 area/deploy	contributor-last new-commits recv recv-q
1927		Update Hetzner webhook link in README.md			3wk	2wk	2wk		size/XS dco-signoff: yes	commented member-last send unreviewed
1787		Update Slack links to include both invite and direct channel URLs			4mo	2mo	4mo		size/XS dco-signoff: yes cybr	changes-requested commented member-last send
1785		WIP: Add release-notes generator script and update release docs			4mo	4mo			dco-signoff: yes size/XXL needs-rebase do-not-merge/work-in-progress	contributor-last new-commits recv-q
1447		Explain how to install cert-manager using ArgoCD		2	2y	4mo	2y		dco-signoff: yes size/L	commented contributor-last recv-q reviewed-with-comment send
1640		Update issuer.md			1y	5mo	5mo		size/XS dco-signoff: yes	commented member-last reviewed-with-comment send
1602		acme troubleshooting: how to fix errored challenges			1y	5mo	1y		size/XS dco-signoff: yes	contributor-last recv recv-q reviewed-with-comment
1197		doc about new option default-cleanup-policy			2y	5mo	5mo		approved dco-signoff: yes needs-rebase size/M	commented member-last new-commits send
1686		docs: harmonize `<p>` formatting by dropping internal spaces			9mo	9mo	9mo		size/XS dco-signoff: yes	assigned changes-requested contributor-last recv recv-q
1672		WIP: docs: Add an wrap-up announcement page			10mo	9mo	9mo		dco-signoff: yes do-not-merge/work-in-progress size/M	commented draft member-last new-commits send
1569		wip: update cert-manager logo svg			1y	10mo	10mo		dco-signoff: yes size/L do-not-merge/work-in-progress	commented member-last send unreviewed
1364		WIP: Patch release checklist			2y	1y			dco-signoff: yes needs-rebase do-not-merge/work-in-progress size/M	contributor-last recv-q unreviewed
1611		Update webhook troubleshooting documentation to including necessary curl command.			1y	1y	1y		dco-signoff: yes size/S	changes-requested recv recv-q
1607		Document Log Level settings. Document DNS01 delegation using multiple providers.			1y	1y	1y		dco-signoff: yes size/M	recv recv-q unreviewed
1587		Custom Certificate Support for cert-manager Webhook Endpoint			1y	1y	1y		dco-signoff: yes size/S	recv recv-q unreviewed
1202		Add section about client cert authentication for vault			2y	2y	2y		dco-signoff: yes do-not-merge/work-in-progress size/M	commented contributor-last draft new-commits send
1419		fix: TLSConfig secretName description			2y	2y	2y		dco-signoff: yes needs-rebase size/S	changes-requested commented contributor-last recv-q send
1450		Docker testing and validation			2y	2y	2y		dco-signoff: yes needs-rebase size/M	contributor-last new-commits recv recv-q
1213		Draft of tutorial for Google's Public CA			2y	2y	2y		dco-signoff: yes size/L needs-rebase ok-to-test	commented contributor-last reviewed-with-comment send
1075		Move Issuer / ClusterIssuer and Certificate resource content to a sub-folder of configuration/			3y	2y	2y		approved dco-signoff: yes size/L needs-rebase	changes-requested commented member-last send
790		Update route53.md			4y	2y	2y		dco-signoff: no size/XS needs-rebase needs-ok-to-test	changes-requested commented member-last send
1259		Fixed Azure Workload identity doc			2y	2y	2y		dco-signoff: yes size/S	recv unreviewed
948		add note to ingress class definition			3y	2y	2y		dco-signoff: no size/XS needs-rebase needs-ok-to-test	assigned commented contributor-last send unreviewed
859		Move the meetings and slack information to a separate page			3y	3y	3y		approved dco-signoff: yes needs-rebase size/M	changes-requested commented member-last send
528		Update "Setting Nameservers for DNS01 Self Check" example			4y	3y	4y		size/XS dco-signoff: yes needs-rebase needs-ok-to-test	contributor-last recv unreviewed
43		No more requirement "be in the release folder" to run cmrel, remove the flag --cloudbuild			4y	4y			dco-signoff: yes approved size/M needs-rebase	contributor-last unreviewed
36		Add the "cmrel update-release-branch" command			4y	4y	4y		dco-signoff: yes approved size/M needs-rebase do-not-merge/work-in-progress	commented contributor-last draft unreviewed
637		Fix/chartadditional annotations for cli args			4mo	3mo	4mo		dco-signoff: yes size/XS ok-to-test	commented contributor-last recv recv-q reviewed-with-comment
628		Grant cert-manager RBAC to use all policies by default			9mo	3mo	3mo		dco-signoff: yes size/M	commented contributor-last recv-q send unreviewed
558		feat(helm-chart): add ability to set pod level security context			1y	5d	6mo		dco-signoff: yes ok-to-test size/S lifecycle/stale	commented contributor-last send unreviewed
395		WIP: feat: inject bundle data into configmap			2y	2wk	2wk		dco-signoff: yes size/L do-not-merge/work-in-progress	commented member-last unreviewed
762		Add support for injecting CA from secret for trust manager Webhook			4mo	3wk	3wk		dco-signoff: yes needs-ok-to-test size/S	commented member-last reviewed-with-comment send
654		Add design for trust source plugins			7mo	4wk	7mo		dco-signoff: yes size/M do-not-merge/work-in-progress	commented draft reviewed-with-comment send
689		Add build process for Debian Trixie			5mo	3mo	5mo		dco-signoff: yes size/L needs-rebase	commented contributor-last recv-q unreviewed
683		feat: Add a very basic pre-commit configuration			6mo	5mo	5mo		dco-signoff: yes size/XS	commented member-last new-commits
324		[VC-35742] Handle canceled context to prevent extra retries			5mo	5mo	5mo		dco-signoff: yes size/S do-not-merge/work-in-progress needs-ok-to-test	commented draft member-last send unreviewed
186		Remove GetIssuerTypeIdentifier from Issuer API			1y	7mo			dco-signoff: yes needs-rebase size/L	contributor-last recv-q unreviewed
24		Add conformance tests			2y	2y	2y		dco-signoff: yes size/XXL approved needs-rebase	assigned commented contributor-last reviewed-with-comment
188		Remove SetCertificateRequestConditionError		3	1y	18d	18d		dco-signoff: yes size/XL	commented member-last new-commits send
251		PoC: Generate SPIFFE identities in csi-driver			2y	2y	2y		dco-signoff: yes size/S do-not-merge/work-in-progress needs-rebase	commented contributor-last draft recv-q unreviewed
129		Add attribute support for certificate subject			3y	2y	2y		dco-signoff: yes size/L needs-rebase ok-to-test	commented contributor-last reviewed-with-comment send
135		Added options to all containers			3y	2y	3y		dco-signoff: yes size/L needs-rebase ok-to-test	commented contributor-last send unreviewed
502		Enable csi-lib metrics			3mo	15d	2mo		dco-signoff: yes size/S needs-rebase ok-to-test	commented contributor-last recv-q send unreviewed
107		Remove csi-driver-spiffe approver			2y	2y			size/XXL dco-signoff: no do-not-merge/work-in-progress needs-rebase	contributor-last draft unreviewed
303		feat: add support for setting private key encoding			2mo	7wk	2mo		dco-signoff: yes size/L needs-ok-to-test	recv recv-q reviewed-with-comment
148		limit-namespaces for namespace-scope deployments			1y	1y	1y		dco-signoff: no size/S needs-ok-to-test	author-last recv recv-q unreviewed
117		fill spec.tls.caCertificate in route with intermediate ca certificate…			1y	1y	1y		dco-signoff: yes size/M needs-rebase ok-to-test	commented contributor-last new-commits recv-q send
71		Refactor filesystem.go and adapt tests to use a real file system			1y	7mo	7mo		dco-signoff: yes size/L	commented member-last reviewed-with-comment
120		Upgrade golangci-lint			3wk	3wk	3wk		dco-signoff: yes size/S	commented member-last reviewed-with-comment
1119		Disable DCO for Copilot-authored PRs			3mo	2mo			dco-signoff: yes size/S needs-rebase	contributor-last recv-q unreviewed
1114		Add the 'cybr' label			4mo	4mo	4mo		size/XS dco-signoff: yes	commented member-last reviewed-with-comment send
293		Add Helm chart image baking Similar: #104: Add Chart image baking (open)			9mo	5mo			dco-signoff: yes size/S needs-rebase	contributor-last recv-q similar unreviewed
55		feat: add test module			2y	2y	2y		dco-signoff: yes size/M	commented contributor-last recv reviewed-with-comment
470		feat(helm): adding `helm-diff` target			3mo	2mo	2mo		dco-signoff: yes size/S cybr ok-to-test	commented contributor-last new-commits recv recv-q
104		Add Chart image baking Similar: #293: Add Helm chart image baking (open)			9mo	5mo	5mo		dco-signoff: yes size/L needs-rebase	commented member-last reviewed-with-comment send similar
11		Governance: folks meaningfully contributing to the biweekly can become GitHub Members			2y	3mo			do-not-merge/work-in-progress dco-signoff: yes size/S	draft reviewed-with-comment
64		Add imagePullSecrets to template			2y	2y	2y		size/XS dco-signoff: yes needs-ok-to-test	contributor-last recv unreviewed
59		cleanup: remove unused NOTES.txt file			2y	2y	2y		size/XS dco-signoff: yes needs-ok-to-test	contributor-last recv unreviewed
1		Manage the cert-manager GitHub organisation from this repo			2y	2y	2y		dco-signoff: yes size/XXL	commented member-last unreviewed
4		Add support for custom license templates			2y	6mo			dco-signoff: yes size/S	contributor-last recv-q unreviewed
413		Add optional fetchCaBundle boolean flag to optionally return root CA certificates of all CAS CA Pool CAs			3wk	8d	8d		size/L ok-to-test dco-signoff: yes	commented member-last new-commits send
345		chore: add existing securityContext settings to values Similar: #836: Set securityContext and podSecurityContext in values (open)			4mo	4mo	4mo		size/M dco-signoff: yes	contributor-last recv recv-q similar unreviewed
143		feat: allow creating or reusing an existing sa			2y	9mo	2y		ok-to-test	recv recv-q unreviewed
159		Split certificate chain			2y	1y	1y			commented member-last reviewed-with-comment send
141		re-adding required clusterrole permission			2y	1y	2y		size/XS	author-last recv unreviewed
7 previously listed items omitted: #7654 #7689 #7725 #8375 #8379 #7467 #1909

Overdue answers for a question (44)

Resolution: Add a comment

Average age: 988.2d, Avg wait: 628.1d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8476		Helm chart defaults leaderElection namespace to kube-system, blocking cert-manager controller and certificate creation			10d	10d	10d		kind/bug	author-last commented recv recv-q
8352		Add AWS, GCP, and Azure Authentication Methods for Vault Issuer PR#8422: feat: Add AWS authentication method for Vault Issuer commented			1mo	3wk	5wk		kind/feature priority/backlog area/vault	commented pr-reviewed-with-comment recv recv-q
8095		DNS-01 Delegated zone is not following CNAME and creating wrong records		4	4mo	3mo	4mo		kind/bug	author-last recv recv-q
8094		HTTP-01 challenge returns 502 with App Gateway (works with NGINX ingress controller)			4mo	10d	4mo			recv recv-q
8023		ACME issuer fails when CA includes Name Constraints with x509: unhandled critical extension			5mo	5mo	5mo			author-last commented recv recv-q
7826		If issuer is incorrect, it is still shown as READY PR#8255: add dns issuer secrets validation before marking it as ready new-commits			7mo	3mo	7mo		kind/bug priority/important-longterm	assigned assignee-updated author-last pr-new-commits recv recv-q
7747		[suggestion] Add Kustomize install documentation		3 4	9mo	5mo	9mo		kind/feature	commented recv recv-q
7561		Feature Request RFC: Push notifications from cert-manager to <other service> when certificates are issued			1y	3mo	3mo		kind/feature	author-last commented recv recv-q
7388		Kid missing in the new order request PR#8262: Bugfix #7388 kid missing issue with Infisical ACME server or any other ACME that requires EAB unreviewed		2	1y	3mo	1y		kind/bug	pr-unreviewed recv recv-q
6010		Support the ACME Renewal Information (ARI) extension		12	2y	2mo	8mo		kind/feature	author-last commented recv recv-q
5917		Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated		42	2y	9d	2y		kind/bug priority/important-longterm	assigned assignee-updated recv recv-q
5864		Certmgr allows creating certificates expiring after ca expiration. PR#7733: fixes #5864: cert-manager CA to issue certs after verify with CA Certs Validity new-commits		4 33	2y	4mo	9mo		lifecycle/frozen kind/bug cybr	commented pr-new-commits recv-q send
4749		rfc2136 seems to not work with deep subdomains			4y	3mo	4y		kind/bug area/acme/dns01	recv recv-q
944		Document how to install cert-manager in a different namespace		4	3y	2y	3y		good first issue	recv recv-q
354		DigitalOcean access-token should not be base64-encoded			5y	5y	5y		priority/awaiting-more-evidence	author-last recv recv-q
320		Document how to install cert-manager using gitops and known issues with particular gitops implementations		5	5y	2y	5y		documentation help wanted priority/backlog	commented pr-merged recv-q
197		Document ACME account mismatch			5y	1y	5y		good first issue priority/backlog kind/documentation	recv recv-q
431		istio-csr pod healthz check fails for long time in v0.11.0 and v0.12.0			1y	1y	1y			recv recv-q
137		Documentation on rotating the root certificate		2	4y	9mo	4y			recv recv-q
130		Document best-practices for minimal vault role configuration for istio-csr			4y	2y	4y			recv recv-q
176		certificateDuration is not used for the Istio CSR generated certificate requests			3y	6mo	3y			pr-closed recv recv-q
113		Integrating with istio helm chart installs		15	4y	1y	4y			recv recv-q
413		Panic: runtime error on new installation			1y	1y	1y			author-last recv recv-q
287		Getting Readiness probe failed when using cert-manager-istio-csr Similar: #84: csr readiness probe failed, istio ingress pod also failed (open)			2y	2y	2y			author-last recv recv-q similar
84		csr readiness probe failed, istio ingress pod also failed Similar: #287: Getting Readiness probe failed when using cert-manager-istio-csr (open)		2	4y	2y	4y		support	recv recv-q similar
638		Approver cannot find applicable policy			8mo	7mo	8mo			author-last recv recv-q
560		Support rotated certificate sources Similar: #8378: Support `PodCertificateRequest` (open)		35	1y	5wk	11mo			commented recv recv-q similar
301		Add support for kubectl installation Similar: #197: Kubectl One-line Installation Support (open)			2y	1y	2y		lifecycle/frozen	author-last commented open-milestone recv recv-q similar
130		JKS support		6	3y	2y	3y			recv recv-q
17		ability to specify pod IP in volume attributes		7	6y	1y	5y			commented recv recv-q
58		certificate cannot be renewed, error message: "key does not match certificate"		4	2y	2y	2y			recv recv-q
22		Customize the deployment of cert-manager installed via OLM		5 6	4y	1y	3y			commented recv recv-q
17		Operator prevents passing extraArgs helm value		7	5y	3y	5y			recv recv-q
74		Consistency issues due to the use of mount binds			1y	1y	1y			author-last commented recv recv-q
148		Certificate chain is not split correctly PR#159: Split certificate chain commented Similar: #3848: Wildcard certificates not being resolved correctly. (closed)		5	2y	2y	2y			author-last pr-reviewed-with-comment recv recv-q similar
9 previously listed items omitted: #7598 #6716 #6179 #5751 #3521 #5867 #1292 #850 #841

Updated support requests (122)

Resolution: Move out of support, or add a comment

Average age: 591.5d, Avg wait: 503.2d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8481		FYI: cert-manager-webhook-libdns			10d	10d	10d			recv
8479		Subject Key Identifier (SKI) missing on issued certificates by self-signed CA PR#8480: Add Subject Key Identifier (SKI) to issued certificates new-commits			10d	10d	10d		kind/feature	pr-new-commits recv
8458		Vault approle configuration			15d	15d	15d		kind/feature	recv
8373		DNS-PERSIST-01 challenge support (planned for 2026)		2	6wk	4wk	6wk		kind/feature	author-last recv
8372		HTTP-01 challenge: support stateless http-01 challenge			6wk	6wk	6wk		kind/feature	recv
8235		Cert-manager support for Issuer-managed keys			3mo	3mo	3mo		kind/feature	author-last commented recv
8209		Add revocation at certificate deletion Similar: #28: Certificate revocation from CAS Console (open) Similar: #797: Add a verification the certificate is a CA certificate (closed)		3	3mo	3mo	3mo		kind/feature	recv similar
8201		Timeout contacting Cloudflare API during cert-manager DNS-01 challenge			3mo	3mo	3mo			recv
8086		ACME ClusterIssuer not recovering after Vault restart			5mo	5mo	5mo		kind/bug	recv
8082		EOF during self check with Pomerium			5mo	5mo	5mo			recv
7895		if certificate is already expired, it shown like a True		2	6mo	5wk	4mo		help wanted priority/important-soon	commented recv
7879		Remove no-op certificate metrics controller			6mo	4mo	6mo		kind/feature priority/backlog	assigned assignee-updated recv
7868		Metrics for webhook certificate		3	6mo	3mo	6mo		kind/feature	author-last recv
7862		Requesting a certificate from ZeroSSL sometimes takes more than 10 minutes to complete		7	7mo	4mo	7mo		kind/bug	recv
7834		Provide race condition mitigation support			7mo	6wk	7mo		kind/feature	author-last recv
7768		Stuck in a loop with `multiple challenge solver pods found for challenge`			8mo	2mo	8mo		kind/bug	author-last recv
7536		Digicert ACME order is failing due to invalid validity_years			1y	5wk	2mo		good first issue lifecycle/frozen kind/feature priority/backlog area/acme	author-last commented recv
7531		punycode issue			1y	3mo	1y			author-last recv
7438		certificate not updated after enabling SSA			1y	2mo	1y		kind/bug	author-last recv
7422		Please provide standalone helm chart for CRDs		19	1y	5mo	1y		kind/feature	recv
6662		support overriding of ttl in cloudflare		2	2y	2mo	1y		kind/feature priority/backlog	author-last commented recv
5540		Changelog annotations to chart			3y	9d	3y		kind/feature priority/backlog	author-last recv
1947		Add note for username and groups being usable for CEL validation			12d	12d	12d			recv
1935		add third party cert-manager-webhook-infomaniak			18d	18d	18d			recv
1926		Change the Cert Manager Webhook DNS01 of Hetzner Cloud PR#1927: Update Hetzner webhook link in README.md unreviewed			3wk	3wk	3wk			author-last pr-unreviewed recv
1806		Tutorial depends on no longer available image of kuard		4	4mo	4mo	4mo			recv
1802		Invalid certificate Similar: #797: Add a verification the certificate is a CA certificate (closed)			4mo	4mo	4mo			recv similar
1643		Let's Encrypt Ending Support for Notification Emails			1y	6mo	1y			recv
1625		Configuration issue potentially leading to a memory leak			1y	1y	1y			recv
1623		Claim about v1beta1/v1alpha2 support for gateway api is misleading			1y	1y	1y			recv
1609		Azure DNS Documentation Update Similar: #1101: Feature request for updating documentation. (open)			1y	1y	1y			author-last commented recv similar
1608		Renaming Securing NGINX-ingress to ingress-nginx			1y	1y	1y			recv
1596		Wrong key for cloudflare secret ref in DNS Validation tutorial page			1y	1y	1y			recv
1585		Broken install instructions due wrong cert_manager_latest_version - v1.16.1			1y	1y	1y			recv
1549		Brand guideline page			1y	1y	1y		priority/backlog	author-last recv
1490		GKE tutorial falsely claims it's possible to create LE certificate without domain (only IP)			2y	1y	2y			author-last recv
1473		Add ArtifactHub packages to website			2y	1y	2y		priority/backlog	recv
1620		Cert Manager allows the creation of Illegal wilcard SANs			1y	1y	1y			recv
501		Error logs not very helpful			1y	11mo	1y			recv
244		Populate Subject Fields in Certificate			2y	1y	2y			recv
788		Request for cryptographic mechanisms used in cert-manager-approver-policy Similar: #848: Request for cryptographic mechanisms used in cert-manager-trust-manager (open) Similar: #8418: Request for cryptographic mechanisms used in cert-manager (closed)			3wk	3wk	3wk			recv similar
466		Document How to Configure Common Scenarios			2y	2y	2y			recv
452		CRDs in the Release files		3	2y	2y	2y			recv
848		Request for cryptographic mechanisms used in cert-manager-trust-manager Similar: #788: Request for cryptographic mechanisms used in cert-manager-approver-policy (open) Similar: #8418: Request for cryptographic mechanisms used in cert-manager (closed)			3wk	3wk	3wk			recv similar
835		Helm Chart cannot set securityContext			4wk	4wk	4wk			recv
800		When creating a trust bundle with additionalFormats/pkcs12, no pkcs12 is produced			2mo	2mo	2mo			recv
778		Add option to use a specific issuer in the helm chart			3mo	3mo	3mo			recv
742		Add option to disable webhook in Helm chart			5mo	2mo	5mo		kind/feature	author-last commented recv
521		RFC: Cert-Manager CSI Driver as Secret Store Provider			2mo	2mo	2mo			recv
385		Helm Install of cert-manager-csi-driver Fails on Minikube with /dev/bus/usb Errors			10mo	10mo	10mo			author-last recv
383		[Feature Request] Adding attributes that available in Certificate CRD to CSI Driver		5	11mo	11mo	11mo			recv
353		mismatch between the key and the certificate signature algorithm			1y	1y	1y			recv
267		Does cert-manager-csi-driver support AWS EKS with AWS Fargate nodes?			2y	2y	2y			recv
264		Certificate renewal doesn't change file 'modified date'			2y	2y	2y			recv
241		Missing cert-manager.io/revision-history-limit volume attributes for CSI-Driver		6	2y	2y	2y			recv
306		[FEATURE]Enable setting private key encoding via annotation PR#303: feat: add support for setting private key encoding commented			2mo	2mo	2mo		kind/feature	author-last pr-reviewed-with-comment recv
204		Support for creating certificate for wildcard route Similar: #8121: Support for Creating CertificateRequest from Kubernetes Secret (open) Similar: #56: Support for destinationCaCertificate / Reencrypt Routes (open)			7mo	2mo	7mo			recv similar
174		Standby Replicas without lease use lots of CPU			10mo	10mo	10mo			recv
116		Release static manifests (no helm) for v0.6.0-alpha.0+		2	1y	1y	1y			recv
56		Support for destinationCaCertificate / Reencrypt Routes Similar: #204: Support for creating certificate for wildcard route (open)		2	2y	2y	2y			recv similar
54		Same certificate in path based Routes		2	2y	11mo	2y			pr-closed recv
46		Cert-manager operator fails to issue certificates			4y	4y	4y			recv
3		Restrict operator RBAC permissions			5y	1y	5y		priority/backlog	pr-merged recv
63		Is it possible to only create Issuer and remove the CluserIssuer			8mo	8mo	8mo			recv
62		Limit the controller-manager to access secrets only from specific namespace			8mo	8mo	8mo			recv
122		asdf cmctl installer issues		2	1y	1y	1y			author-last commented recv
690		Clean up Presets			3y	1y	3y		priority/backlog	pr-merged recv
594		Document infra image bumps and versioning			4y	1y	4y		priority/backlog	recv
81		How to enable leader election in the webhook?			1y	1y	1y			recv
80		How to deal with K8s timelimit in 30s ?			1y	1y	1y			recv
72		readyz and healthz api			2y	2y	2y			recv
37		Add logging example			3y	2y	3y			pr-closed recv
74		Why cert-manager looks for a CNAME record instead of a TXT record?			2y	2y	2y			recv
22		Dependency Dashboard			2mo	6d	2mo			recv
412		Provide root CA certs of all CAS CA Pool CAs in ca.crt to support and simplify root CA migration process			3wk	3wk	3wk			recv
361		[Helm] allow `enabled` as key in values schema			3mo	3mo	3mo			recv
162		Issue: Broken config when using commonLabels			2y	2y	2y			recv
133		Allow to use a custom Service Account PR#143: feat: allow creating or reusing an existing sa unreviewed		5	2y	2y	2y			pr-unreviewed recv
102		certificate renewal does not work in due to auth issue to privatecaapi end point			3y	1y	3y			recv
43 previously listed items omitted