queue to be emptied once a week in a team triage meeting
Important soon, but no updates in 60 days (16)
Resolution: Downgrade to important-longterm
Average age: 1229.0d, Avg wait: 47.3d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 6741 |  |
ACME account private key and URI are not updated if the path of the ACME server is changed |
5
|
2y | 1y | 2y | |
lifecycle/frozen
kind/bug
priority/important-soon
|
contributor-last recv
|
|
| 6331 |  |
CSR not signed by referenced private key |
10
|
2y | 5mo | 2y |        |
kind/bug
priority/important-soon
|
commented recv-q send
|
|
| 5867 |  |
Controller can't handle hitting request rate limits of zerossl ACME API
|
7
12
31
|
2y | 7mo | 1y |                |
lifecycle/frozen
kind/bug
priority/important-soon
|
commented pr-closed pr-merged recv-q send
|
|
| 5298 |  |
Complete the Migration Away From Jetstack Names | 3y | 1y | 2y |  |
lifecycle/frozen
kind/cleanup
priority/important-soon
|
commented member-last send
|
||
| 7234 |  |
Stale/Stuck Challenges should be deleted after a given timeout | 
|
4
|
1y | 3mo | 1y |    |
kind/bug
priority/important-soon
|
assigned assignee-updated commented contributor-last open-milestone pr-closed pr-new-commits pr-reviewed-with-comment recv recv-q
|
| 2930 |  |
Mirror to gcr.io or dockerhub | 
|
2
29
|
5y | 8mo | 11mo |             |
lifecycle/frozen
kind/feature
priority/important-soon
area/deploy
|
assigned assignee-updated commented contributor-last send
|
| 6709 |  |
1.14 Release Review |
3
|
2y | 1y | 2y | |
lifecycle/frozen
priority/important-soon
|
commented contributor-last send
|
|
| 3381 |  |
Setup separate package for cert-manager API | 
|
5
|
5y | 10mo | 10mo |  |
lifecycle/frozen
kind/feature
priority/important-soon
|
assigned assignee-updated commented member-last send
|
| 2239 |  |
Create a CertificatePreset resource type to allow configurable defaulting
|
2
3
99
|
6y | 5mo | 5mo |                 |
area/api
kind/feature
priority/backlog
priority/important-soon
|
commented member-last pr-closed pr-unreviewed send
|
|
| 1425 | |
The `issuer.vault.spec.caBundleSecretRef` docs are missing | 2y | 1y |
priority/important-soon
|
|||||
| 955 | |
Document when the vault pki role required setting `require_cn=false` |
|
3y | 1y |  |
priority/important-soon
|
|||
| 1174 |  |
Document the docker images and how to find them |
|
2y | 2y | 2y | |
good first issue
priority/important-soon
kind/documentation
|
commented member-last send
|
|
| 195 | |
Document keystores | 5y | 2y | 5y | |
priority/important-soon
kind/documentation
|
commented contributor-last send
|
||
| 174 |  |
Add documentation for CRD conversion webhook ca injection | 5y | 5y | 5y | |
help wanted
priority/important-soon
kind/documentation
|
commented member-last send
|
||
| 802 | |
Spelling errors are unclear in pull request CI results and spell checker is unmaintained
|
3y | 1y |  |
kind/bug
priority/important-soon
|
contributor-last pr-merged
|
|||
| 127 | |
cmctl version reports only the old CRD version if I upgrade cert-manager without including the CRDs | 1y | 1y |
priority/important-soon
|
Important longterm, but no updates in 120 days (22)
Resolution: Downgrade to backlog
Average age: 1279.9d, Avg wait: 231.8d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 6969 | |
Should upgrade status managed fields from CSA to SSA when ServerSideApply feature gate enabled | 2y | 1y | 2y | |
lifecycle/frozen
kind/bug
priority/important-longterm
|
commented contributor-last send
|
||
| 6820 | |
Ongoing dependency evaluation |
|
2y | 1y | 2y | |
lifecycle/frozen
priority/important-longterm
|
contributor-last recv
|
|
| 5959 |  |
`ImagePullBackoff` on `cm-acme-http-solver` pod, if using private registries |
22
|
2y | 1y | 2y |      |
lifecycle/frozen
kind/bug
priority/important-longterm
|
commented contributor-last recv-q send
|
|
| 4191 | |
Setting default values for Pod's "resources"? |
7
|
4y | 1y | 1y |  |
lifecycle/frozen
priority/important-longterm
|
commented contributor-last recv-q send
|
|
| 3103 |  |
Adding probes to the cert-manager pods |
9
|
5y | 4mo | 2y |           |
good first issue
help wanted
kind/feature
priority/important-longterm
area/deploy
|
commented contributor-last recv-q send
|
|
| 4950 | |
General flakiness of our end-to-end suite
|
3
|
3y | 1y | 3y |  |
lifecycle/frozen
priority/important-longterm
kind/flake
|
commented member-last pr-closed pr-merged send
|
|
| 6754 |  |
Schedule certificate renewal outside business hours |
12
|
2y | 5mo | 2y |       |
kind/feature
priority/important-longterm
|
pr-closed pr-reviewed-with-comment pr-unreviewed recv recv-q
|
|
| 2178 | |
Handling 'unregistering' certificates from Venafi TPP |
22
|
6y | 1y | 1y |       |
lifecycle/frozen
kind/feature
priority/important-longterm
area/venafi
|
commented member-last send
|
|
| 2525 |  |
Better support multi-namespace & single-namespace deployments
|
26
|
5y | 6mo | 2y |        |
lifecycle/frozen
kind/feature
priority/important-longterm
area/deploy
|
commented contributor-last open-milestone pr-closed send similar
|
|
| 1194 |  |
Confusing paragraph - cert-manager integration. | 2y | 1y | 2y | |
documentation
priority/important-longterm
|
commented member-last send
|
||
| 1186 | |
Document that/why we don't use Helm's CRD installation mechanism |
| 2y | 1y | 1y | |
good first issue
priority/important-longterm
kind/documentation
|
assigned assignee-updated commented member-last send
|
|
| 1063 |  |
"Securing Ingresses with Venafi" tutorial contains link to missing manifest
|
3y | 1y | 3y | |
priority/important-longterm
|
pr-merged recv
|
||
| 223 | |
Document wildcard certificate tutorial | 5y | 5y | 5y | |
priority/important-longterm
kind/documentation
|
commented contributor-last send
|
||
| 975 | |
Some pages do not make it clear what the user should read next | 3y | 1y |
priority/important-longterm
|
|||||
| 850 | |
Document available cert-manager Prometheus metrics |
|
3y | 2y | 3y |  |
documentation
good first issue
priority/important-longterm
|
recv recv-q
|
|
| 401 | |
Bring tutorials up to date | 4y | 2y | 2y | |
priority/important-longterm
|
commented member-last send
|
||
| 58 |  |
Support injection pem into an existing configmap |
|
8
|
3y | 6mo | 6mo | |
priority/important-longterm
lifecycle/frozen
|
assigned assignee-updated commented member-last pr-closed pr-merged pr-unreviewed send
|
| 129 | |
Increase e2e test timeouts | 2y | 1y |
priority/important-longterm
|
|||||
| 83 |  |
As cmctl user, I want to use different kubectl context on command line ( --context='kubectl-context-abc' ) |
2
|
1y | 1y | 1y |
priority/important-longterm
|
recv
|
||
| 98 | |
Document new release process for all repos |
| 2y | 1y |
priority/important-longterm
|
assigned
|
|||
| 38 |  |
Set repository to be a GitHub template repository |
|
3y | 1y | 3y |
priority/important-longterm
|
recv
|
||
| 3 | |
Make unit testing easier/make examples work
|
6y | 1y | 3y |    |
priority/important-longterm
|
commented member-last pr-closed send
|
many reactions, low priority (8)
Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support
Average age: 676.5d, Avg wait: 7.2d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 8095 |  |
DNS-01 Delegated zone is not following CNAME and creating wrong records |
3
|
1mo | 16d | 1mo |   |
kind/bug
|
recv recv-q
|
|
| 6716 |  |
leader election namespace should default to `.Release.Namespace`, not `kube-system` |
3
37
|
2y | 3wk | 1y |       |
lifecycle/frozen
kind/bug
triage/not-reproducible
|
commented pr-closed pr-unreviewed recv-q send
|
|
| 7473 |  |
Create certificate based on HTTPRoute configuration |
|
33
2
63
|
11mo | 1d | 5wk |        |
kind/feature
|
assigned assignee-updated commented pr-closed pr-reviewed-with-comment recv
|
| 5566 |  |
upload Helm charts to OCI registry and sign them with cosign
|
4
55
|
3y | 5wk | 5wk |              |
kind/feature
|
commented member-last pr-merged send
|
|
| 2538 |  |
cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer |
75
|
5y | 1y | 2y |                    |
area/api
help wanted
lifecycle/frozen
kind/feature
priority/backlog
|
commented send similar
|
|
| 6179 |  |
CRDs shouldn't be templated in Helm |
5
2
30
|
2y | 2mo | 2mo |            |
priority/backlog
|
commented recv-q send
|
|
| 8010 |  |
feat: Add client verification for webhook server |
4
|
2mo | 2d | 2mo |  |
size/L
release-note-none
area/api
kind/feature
dco-signoff: yes
ok-to-test
area/deploy
|
new-commits recv recv-q
|
|
| 7748 | |
Design: "Image Configuration in Helm Chart" |
3
|
6mo | 11d | 5wk | |
size/L
release-note-none
kind/design
dco-signoff: yes
cybr
|
commented member-last new-commits send
|
many commenters, low priority (4)
Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support
Average age: 43.0d, Avg wait: 18.3d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 8139 | |
feat(design): adding initial design for certificate renewal |
2
|
5wk | 1d | 4wk |   |
size/L
release-note-none
approved
lgtm
do-not-merge/hold
kind/design
dco-signoff: yes
|
commented contributor-last recv recv-q reviewed-with-comment
|
|
| 8141 |  |
fix(helm): Align targetPorts in metrics endpoints for webhook and cainjector services |
|
5wk | 5wk | 5wk | |
size/XS
release-note-none
lgtm
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
|
commented member-last send unreviewed
|
|
| 1787 |  |
Update Slack links to include both invite and direct channel URLs | 6wk | 5wk | 5wk |  |
size/XS
dco-signoff: yes
|
changes-requested commented member-last send
|
||
| 762 |  |
Add support for injecting CA from secret for trust manager Webhook | 6wk | 6wk | 6wk | |
dco-signoff: yes
needs-ok-to-test
size/S
|
commented recv unreviewed
|
Screaming into the void (1)
Resolution: Reopen, or ask folks to open a new issue
Average age: 1537.5d, Avg wait: 4.1d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 4420 |  |
ACME DNS solver error "account credentials not found for domain" | 2
|
4y | 4d | 4y |      |
kind/bug
|
closed recv recv-q
|
Needs information for over 2 weeks (5)
Resolution: Close or remove triage/needs-information label
Average age: 428.0d, Avg wait: 60.8d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 8121 |  |
Support for Creating CertificateRequest from Kubernetes Secret | 6wk | 16d | 6wk | |
kind/feature
triage/needs-information
|
contributor-last recv recv-q similar
|
||
| 7846 |  |
ClusterIssuer.Status.Acme.URI disappeared | 
|
|
4mo | 7wk | 4mo | |
good first issue
kind/bug
priority/awaiting-more-evidence
area/acme
triage/needs-information
|
assigned assignee-updated contributor-last recv recv-q
|
| 7845 |  |
ClusterIssuer.cert-manager.io "letsencrypt" is invalid: spec.acme.privateKeySecretRef: Required value... |
6
|
4mo | 7wk | 4mo | |
kind/bug
priority/awaiting-more-evidence
area/acme
triage/needs-information
|
contributor-last recv recv-q
|
|
| 7643 |  |
jkspassword.txt file in secret is having default password | 7mo | 4wk | 7mo | |
kind/bug
triage/needs-information
lifecycle/rotten
|
commented contributor-last send
|
||
| 15 | |
Allow data-root to be an absolute path | 4y | 2y | |
kind/bug
triage/needs-information
|
contributor-last pr-reviewed-with-comment
|
Support request over 30 days old (2)
Resolution: Close, or add to triage/long-term-support
Average age: 1611.3d, Avg wait: 0.0d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 53 |  |
Support crlDistributionPoints & ocspServers | 4y | 4y | 4y |  |
triage/support
|
commented send
|
||
| 28 |  |
Certificate revocation from CAS Console | 4y | 4y | 4y | |
triage/support
|
commented member-last send similar
|
Issues nearing expiration (19)
Resolution: Close or label as frozen
Average age: 371.1d, Avg wait: 119.2d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 7691 |  |
Why is the value of the certificate expiration time captured in blackbox different from the value of the certificate expiration time exposed by certmanager | 7mo | 4wk | 7mo | |
lifecycle/rotten
|
commented contributor-last send
|
||
| 7687 |  |
Webhook refusing connection even when Ready | 7mo | 4wk | 7mo |
kind/bug
lifecycle/rotten
|
contributor-last recv
|
|||
| 7673 |  |
Support for acmesolver.tolerations/affinity/nodeSelector | 7mo | 4wk | 7mo |  |
kind/feature
lifecycle/rotten
|
contributor-last recv recv-q
|
||
| 7648 |  |
Solver selector issue | 7mo | 4wk | 7mo | |
kind/bug
lifecycle/rotten
|
contributor-last recv
|
||
| 7643 | |
jkspassword.txt file in secret is having default password | 7mo | 4wk | 7mo | |
kind/bug
triage/needs-information
lifecycle/rotten
|
commented contributor-last send
|
||
| 7688 | |
Feature Request: Vertical Pod Autoscaler Support for cert-manager |
3
|
7mo | 4wk | 7mo | |
kind/feature
lifecycle/rotten
|
commented contributor-last pr-new-commits send similar
|
|
| 7635 | |
Mirroring bind9 image for e2e tests | 8mo | 1mo |
lifecycle/rotten
|
contributor-last
|
||||
| 7572 |  |
Certificate Issuance takes long time up to 50 minutes when attempting to create 40+ certificates |
2
|
9mo | 7wk | 9mo |  |
lifecycle/rotten
|
contributor-last recv
|
|
| 7218 |  |
cert-manager set don't fragment (DF) bit |
| 1y | 6wk | 1y |  |
kind/bug
priority/important-longterm
lifecycle/rotten
|
assigned assignee-updated contributor-last recv recv-q
|
|
| 7636 |  |
cermanager order in pending state | 7mo | 1mo | 7mo |
lifecycle/rotten
|
contributor-last recv
|
|||
| 6229 |  |
Race condition when two identical certificate requests are made from different clusters
|
7
|
2y | 7wk | 7wk |     |
help wanted
kind/bug
priority/important-longterm
lifecycle/rotten
area/acme/dns01
|
commented pr-merged recv-q send
|
|
| 7668 |  |
Allow custom values in Helm chart schema by relaxing additionalProperties: false |
2
|
7mo | 5wk | 7mo |
lifecycle/rotten
|
contributor-last pr-unreviewed recv
|
||
| 3848 |  |
Wildcard certificates not being resolved correctly.
|
7
|
4y | 11d | 11d |   |
kind/bug
priority/important-soon
lifecycle/rotten
area/acme/dns01
|
commented member-last pr-closed pr-merged send similar
|
|
| 7656 |  |
Add multiple DNS provider resolvers to an single webhook not working | 7mo | 6wk | 7mo |
lifecycle/rotten
|
contributor-last pr-unreviewed recv
|
|||
| 7467 |  |
fix: ❗dns-01 route53 query change status retry timeout |
2
|
11mo | 11d | 7mo |  |
release-note
needs-rebase
size/S
kind/bug
area/acme
lifecycle/rotten
dco-signoff: yes
ok-to-test
area/acme/dns01
|
approved commented contributor-last recv-q send
|
|
| 7694 |  |
add ability to set metadata of created service | 7mo | 4wk | 7mo | |
size/L
release-note-none
needs-rebase
area/api
do-not-merge/work-in-progress
needs-ok-to-test
area/acme
lifecycle/rotten
dco-signoff: no
area/acme/http01
area/deploy
needs-kind
|
contributor-last draft recv recv-q unreviewed
|
||
| 7658 |  |
7196 order reason not set | 7mo | 5wk | 7mo | |
release-note
size/S
kind/bug
kind/design
area/acme
lifecycle/rotten
dco-signoff: yes
ok-to-test
|
commented contributor-last recv-q send unreviewed
|
||
| 7665 |  |
Add cookie jar to Acme client | 7mo | 5wk | 7mo | |
size/XS
do-not-merge/release-note-label-needed
kind/feature
needs-ok-to-test
area/acme
lifecycle/rotten
dco-signoff: yes
ok-to-test
|
contributor-last recv recv-q unreviewed
|
||
| 7064 |  |
Adds certificate name key annotation validation in secret as part of post issuance policy chain |
2
|
1y | 7wk | 7mo | |
size/L
release-note-none
approved
lgtm
kind/bug
lifecycle/rotten
dco-signoff: yes
ok-to-test
|
commented contributor-last open-milestone recv-q reviewed-with-comment send
|
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 7327 | |
add more detailed logging when service certificate is generated |
|
1y | 5d | 11d |  |
release-note-none
approved
lgtm
size/S
dco-signoff: yes
ok-to-test
needs-kind
|
approved commented contributor-last recv recv-q
|
|
| 7064 | |
Adds certificate name key annotation validation in secret as part of post issuance policy chain |
2
|
1y | 7wk | 7mo | |
size/L
release-note-none
approved
lgtm
kind/bug
lifecycle/rotten
dco-signoff: yes
ok-to-test
|
commented contributor-last open-milestone recv-q reviewed-with-comment send
|
|
| 7689 | |
Add Vertical Pod Autoscaler |
2
|
7mo | 4mo | 6mo | |
size/L
release-note
approved
kind/feature
dco-signoff: yes
ok-to-test
area/deploy
|
commented new-commits recv recv-q
|
Pull Requests: Stale (111)
Resolution: Add comment and/or close PR
Average age: 430.2d, Avg wait: 107.0d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags | |
| 7654 |  |
Implement fallback for git_version creation in forked environments | 7mo | 5d | 7mo | |
release-note-none
size/S
kind/cleanup
needs-ok-to-test
lifecycle/stale
dco-signoff: yes
|
commented contributor-last reviewed-with-comment send
|
|||
| 7728 |  |
Add unhealthyPodEvictionPolicy to supported PDB options |
|
6mo | 7d | 7d | |
release-note
approved
lgtm
do-not-merge/hold
kind/feature
size/M
lifecycle/stale
dco-signoff: yes
ok-to-test
area/deploy
|
commented contributor-last recv-q reviewed-with-comment send
|
||
| 7718 | |
Switch to makefile modules completely (part 1) | 6mo | 8d | 8d | |
release-note-none
needs-rebase
area/api
kind/cleanup
size/XXL
area/acme
dco-signoff: yes
area/testing
area/deploy
cybr
|
commented member-last new-commits send
|
|||
| 7805 | |
feat: refactor challenge controller to be entirely non blocking | 5mo | 11d | 3wk | |
release-note
needs-rebase
area/api
kind/bug
size/XXL
area/acme
dco-signoff: yes
area/testing
area/acme/dns01
area/acme/http01
area/deploy
cybr
|
commented contributor-last new-commits recv-q send
|
|||
| 7852 |  |
adds cli option configure ACME challange authorization timeout | 4mo | 11d | 3mo | |
release-note
needs-rebase
area/api
kind/feature
size/M
area/acme
dco-signoff: yes
ok-to-test
|
commented contributor-last new-commits recv-q send similar
|
|||
| 7614 |  |
Lower the minimum certificate duration from 1 hour to 5 minutes | 8mo | 11d | 8mo | |
release-note
size/S
area/api
kind/feature
dco-signoff: yes
ok-to-test
|
contributor-last recv recv-q unreviewed
|
|||
| 7725 |  |
chore: allow additional properties in Helm setup #7668 |
2
|
6mo | 15d | 6mo | |
size/XS
release-note-none
needs-ok-to-test
lifecycle/stale
dco-signoff: no
area/deploy
needs-kind
|
commented contributor-last send unreviewed
|
||
| 7646 |  |
Support custom ACME account key type. |
2
|
7mo | 4wk | 5mo |  |
size/L
release-note
area/api
area/acme
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
|
commented new-commits recv recv-q
|
||
| 8115 |  |
feat: implements `global.imageRegistry` and fixes #6160 | 7wk | 5wk | 5wk | |
release-note
kind/feature
needs-ok-to-test
size/M
dco-signoff: yes
area/deploy
|
commented member-last reviewed-with-comment send
|
|||
| 8071 |  |
Handle ACME Accept asynchronously | 2mo | 5wk | 2mo | |
size/L
release-note
area/api
needs-ok-to-test
area/acme
dco-signoff: yes
area/testing
area/deploy
needs-kind
|
recv recv-q unreviewed
|
|||
| 7558 | |
feat: add (helm) global.imageRepository |
2
2
|
9mo | 7wk | 6mo | |
size/L
release-note
do-not-merge/hold
kind/feature
dco-signoff: yes
area/deploy
|
commented contributor-last recv reviewed-with-comment
|
||
| 7764 |  |
Doc: Add leaderElection.namespace recommendation | 5mo | 2mo | 2mo | |
size/XS
release-note-none
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
|
commented contributor-last recv-q send unreviewed
|
|||
| 4835 | |
Making sure per fixture only 1 setup is active at the same time |
| 3y | 2mo | 4mo |  |
release-note-none
needs-rebase
lifecycle/frozen
kind/bug
size/M
dco-signoff: yes
area/testing
|
assigned assignee-updated commented contributor-last recv-q reviewed-with-comment
|
||
| 5447 |  |
Allow extra DNS-01 propagation time to be configured |
|
3y | 2mo | 4mo |   |
release-note
needs-rebase
size/S
lifecycle/frozen
kind/feature
area/acme
dco-signoff: yes
ok-to-test
area/acme/dns01
|
commented contributor-last open-milestone recv-q send unreviewed
|
||
| 5743 | |
Add MaxPathLen and add EncodeBasicConstraintsInRequest option to Certificate and CertificateRequest resources | 2y | 2mo | 7mo | |
size/L
release-note
needs-rebase
area/api
kind/cleanup
dco-signoff: yes
area/testing
ok-to-test
area/deploy
|
commented contributor-last open-milestone recv-q reviewed-with-comment
|
|||
| 7236 | |
Route53: Allow STS token to be refreshed by the AWS client if necessary | 1y | 2mo | 7mo | |
release-note
size/XL
needs-rebase
area/api
kind/bug
kind/feature
area/acme
dco-signoff: yes
area/acme/dns01
area/deploy
|
commented contributor-last recv-q reviewed-with-comment send
|
|||
| 7286 | |
Only remove the cleanup finalizer if the cleanup succeeds |
|
1y | 2mo | 1y | |
size/L
release-note-none
needs-rebase
do-not-merge/hold
lifecycle/frozen
kind/cleanup
area/acme
dco-signoff: yes
area/acme/dns01
area/acme/http01
|
commented contributor-last recv-q reviewed-with-comment
|
||
| 7382 | |
Implement a single package for controlling cert-manager RNG |
3
|
1y | 2mo | 7mo | |
size/L
release-note
needs-rebase
do-not-merge/hold
kind/feature
area/acme
dco-signoff: yes
area/testing
|
commented contributor-last recv-q send unreviewed
|
||
| 7437 |  |
fix: annotate account private key secrets | 11mo | 2mo | 9mo | |
release-note
needs-rebase
size/S
area/api
kind/feature
area/acme
dco-signoff: yes
ok-to-test
|
commented contributor-last open-milestone recv recv-q unreviewed
|
|||
| 7449 | |
WIP: reconcile issuers using issuer-lib | 11mo | 2mo | 5mo | |
release-note-none
needs-rebase
area/api
do-not-merge/work-in-progress
kind/cleanup
size/XXL
area/acme
area/ca
area/vault
dco-signoff: yes
area/testing
area/deploy
|
commented contributor-last recv-q unreviewed
|
|||
| 7642 |  |
fixes #7506: enable configurable max key/cert sizes, defaulting to original safe values introduced in #7401 | 7mo | 2mo | 3mo |   |
release-note
size/XL
needs-rebase
area/api
kind/bug
kind/feature
dco-signoff: yes
area/testing
ok-to-test
area/deploy
|
commented contributor-last recv-q reviewed-with-comment send
|
|||
| 7823 | |
Adding read perms for pods and services to DNS01 ClusterRole |
|
4mo | 2mo | 4mo | |
size/XS
release-note
needs-rebase
dco-signoff: yes
ok-to-test
area/deploy
needs-kind
|
commented contributor-last recv recv-q reviewed-with-comment
|
||
| 8043 | |
WIP: feat(controller): adding labels to lease | 2mo | 2mo | 2mo | |
size/XS
release-note
do-not-merge/work-in-progress
do-not-merge/hold
kind/feature
dco-signoff: yes
|
commented contributor-last recv recv-q unreviewed
|
|||
| 7906 |  |
fix: Venafi call GetRefreshToken only when access token invalid for password/username authentication |
2
|
3mo | 2mo | 2mo | |
release-note
size/S
kind/bug
dco-signoff: yes
ok-to-test
|
commented member-last send unreviewed
|
||
| 7886 | |
Improve array field characteristics in API | 3mo | 2mo | 3mo | |
size/L
release-note
area/api
do-not-merge/hold
kind/bug
kind/cleanup
dco-signoff: yes
area/deploy
|
commented member-last new-commits
|
|||
| 7399 |  |
Add renew window to restrict when certificate renewal can happen | 1y | 2mo | 1y | |
size/L
release-note
needs-rebase
area/api
kind/feature
needs-ok-to-test
dco-signoff: yes
area/testing
area/deploy
|
contributor-last recv recv-q unreviewed
|
|||
| 7824 |  |
Add Azure Private DNS support to cert-manager | 4mo | 2mo | 4mo | |
release-note
needs-rebase
area/api
kind/feature
needs-ok-to-test
size/XXL
area/acme
dco-signoff: yes
area/acme/dns01
area/deploy
|
contributor-last new-commits recv recv-q
|
|||
| 7450 | |
Make ACME Authorization Timeout Configurable | 11mo | 3mo | 11mo | |
size/L
release-note
area/api
needs-ok-to-test
area/acme
dco-signoff: yes
area/acme/http01
area/deploy
needs-kind
|
commented contributor-last new-commits recv recv-q similar
|
|||
| 7662 | |
Fix the issue of webhook routes generating duplicate operation IDs | 7mo | 4mo | 7mo | |
do-not-merge/release-note-label-needed
needs-ok-to-test
size/M
area/acme
dco-signoff: yes
needs-kind
|
contributor-last recv recv-q unreviewed
|
|||
| 7289 | |
Design proposal for delayed certificate activation | 1y | 5mo | 9mo | |
size/L
release-note-none
kind/design
needs-ok-to-test
dco-signoff: yes
|
commented contributor-last open-milestone recv recv-q reviewed-with-comment
|
|||
| 8187 |  |
fix: add case for parsing key with ec parameters | 4wk | 18d | 4wk | |
size/XS
release-note-none
kind/bug
needs-ok-to-test
dco-signoff: yes
|
changes-requested recv recv-q
|
|||
| 7733 |  |
fixes #5864: cert-manager CA to issue certs after verify with CA Certs Validity |
|
6mo | 5mo | 5mo |  |
size/L
release-note
kind/bug
kind/feature
dco-signoff: yes
ok-to-test
|
commented new-commits recv recv-q
|
||
| 7652 |  |
Helm chart: add ability to add appprotocol to port in service |
3
|
7mo | 5mo | 7mo |  |
size/XS
release-note
kind/bug
dco-signoff: yes
ok-to-test
area/deploy
|
commented recv-q reviewed-with-comment send
|
||
| 7439 |  |
helm: add checksum/config annotations | 11mo | 5mo | 11mo | |
release-note-none
size/S
kind/feature
needs-ok-to-test
dco-signoff: yes
area/deploy
|
recv recv-q unreviewed
|
|||
| 7583 |  |
Support for ACME servers that don't finalize within the ACME client finalizer retry window | 8mo | 5mo | 8mo | |
release-note
kind/bug
needs-ok-to-test
size/M
area/acme
dco-signoff: yes
|
recv recv-q unreviewed
|
|||
| 7521 |  |
ClusterIssuer read caBundle from Secret | 9mo | 5mo | 6mo |   |
size/L
release-note
needs-rebase
area/api
kind/feature
needs-ok-to-test
area/acme
dco-signoff: yes
area/deploy
|
commented contributor-last recv-q send unreviewed
|
|||
| 1785 | |
WIP: Add release-notes generator script and update release docs | 6wk | 4wk | |
dco-signoff: yes
size/XXL
needs-rebase
do-not-merge/work-in-progress
|
contributor-last new-commits recv-q
|
||||
| 1447 | |
Explain how to install cert-manager using ArgoCD |
2
|
2y | 4wk | 2y |   |
dco-signoff: yes
size/L
|
commented contributor-last recv-q reviewed-with-comment send
|
||
| 1640 |  |
Update issuer.md | 9mo | 2mo | 2mo | |
size/XS
dco-signoff: yes
|
commented member-last reviewed-with-comment send
|
|||
| 1602 |  |
acme troubleshooting: how to fix errored challenges | 11mo | 2mo | 11mo | |
size/XS
dco-signoff: yes
|
contributor-last recv recv-q reviewed-with-comment
|
|||
| 1197 |  |
doc about new option default-cleanup-policy |
|
2y | 2mo | 2mo | |
approved
dco-signoff: yes
needs-rebase
size/M
|
commented member-last new-commits send
|
||
| 1724 |  |
DRAFT: feat(tutorials): Add Gateway API | 4mo | 4mo | 4mo | |
dco-signoff: yes
size/L
do-not-merge/work-in-progress
|
draft recv recv-q unreviewed
|
|||
| 1721 |  |
Remove whitespace-nowrap from Toc component | 4mo | 4mo | 4mo | |
size/XS
dco-signoff: yes
|
recv recv-q unreviewed
|
|||
| 1686 | |
docs: harmonize `<p>` formatting by dropping internal spaces |
| 6mo | 6mo | 6mo | |
size/XS
dco-signoff: yes
|
assigned changes-requested contributor-last recv recv-q
|
||
| 1672 | |
WIP: docs: Add an wrap-up announcement page |
|
7mo | 6mo | 6mo | |
dco-signoff: yes
do-not-merge/work-in-progress
size/M
|
commented draft member-last new-commits send
|
||
| 1569 | |
wip: update cert-manager logo svg | 1y | 7mo | 7mo | |
dco-signoff: yes
size/L
do-not-merge/work-in-progress
|
commented member-last send unreviewed
|
|||
| 1364 | |
WIP: Patch release checklist | 2y | 9mo | |
dco-signoff: yes
needs-rebase
do-not-merge/work-in-progress
size/M
|
contributor-last recv-q unreviewed
|
||||
| 1607 |  |
Document Log Level settings. Document DNS01 delegation using multiple providers. | 11mo | 11mo | 11mo | |
dco-signoff: yes
size/M
|
recv recv-q unreviewed
|
|||
| 1587 |  |
Custom Certificate Support for cert-manager Webhook Endpoint | 1y | 1y | 1y | |
dco-signoff: yes
size/S
|
recv recv-q unreviewed
|
|||
| 1202 |  |
Add section about client cert authentication for vault | 2y | 1y | 2y | |
dco-signoff: yes
do-not-merge/work-in-progress
size/M
|
commented contributor-last draft new-commits send
|
|||
| 1419 |  |
fix: TLSConfig secretName description | 2y | 1y | 2y | |
dco-signoff: yes
needs-rebase
size/S
|
changes-requested commented contributor-last recv-q send
|
|||
| 1450 |  |
Docker testing and validation | 2y | 2y | 2y | |
dco-signoff: yes
needs-rebase
size/M
|
contributor-last new-commits recv recv-q
|
|||
| 1213 | |
Draft of tutorial for Google's Public CA | 2y | 2y | 2y | |
dco-signoff: yes
size/L
needs-rebase
ok-to-test
|
commented contributor-last reviewed-with-comment send
|
|||
| 1075 | |
Move Issuer / ClusterIssuer and Certificate resource content to a sub-folder of configuration/ | 3y | 2y | 2y |  |
approved
dco-signoff: yes
size/L
needs-rebase
|
changes-requested commented member-last send
|
|||
| 790 |  |
Update route53.md | 3y | 2y | 2y | |
dco-signoff: no
size/XS
needs-rebase
needs-ok-to-test
|
changes-requested commented member-last send
|
|||
| 1259 |  |
Fixed Azure Workload identity doc | 2y | 2y | 2y | |
dco-signoff: yes
size/S
|
recv unreviewed
|
|||
| 948 |  |
add note to ingress class definition |
| 3y | 2y | 2y | |
dco-signoff: no
size/XS
needs-rebase
needs-ok-to-test
|
assigned commented contributor-last send unreviewed
|
||
| 859 | |
Move the meetings and slack information to a separate page |
|
3y | 3y | 3y | |
approved
dco-signoff: yes
needs-rebase
size/M
|
changes-requested commented member-last send
|
||
| 528 |  |
Update "Setting Nameservers for DNS01 Self Check" example | 4y | 3y | 4y |
size/XS
dco-signoff: yes
needs-rebase
needs-ok-to-test
|
contributor-last recv unreviewed
|
||||
| 1611 |  |
Update webhook troubleshooting documentation to including necessary curl command. | 11mo | 11mo | 11mo | |
dco-signoff: yes
size/S
|
changes-requested recv recv-q
|
|||
| 200 |  |
Bump the all group across 1 directory with 12 updates | 9mo | 6wk | 6wk | |
dco-signoff: yes
size/L
dependencies
ok-to-test
go
|
commented contributor-last recv-q send unreviewed
|
|||
| 201 | |
Add publish stage for pushing OCI helm chart | 8mo | 3mo | 3mo | |
dco-signoff: yes
size/XL
do-not-merge/work-in-progress
|
commented draft member-last unreviewed
|
|||
| 43 | |
No more requirement "be in the release folder" to run cmrel, remove the flag --cloudbuild | 4y | 4y |
dco-signoff: yes
approved
size/M
needs-rebase
|
contributor-last unreviewed
|
|||||
| 36 | |
Add the "cmrel update-release-branch" command | 4y | 4y | 4y | |
dco-signoff: yes
approved
size/M
needs-rebase
do-not-merge/work-in-progress
|
commented contributor-last draft unreviewed
|
|||
| 628 | |
Grant cert-manager RBAC to use all policies by default | 6mo | 3wk | 3wk | |
dco-signoff: yes
size/M
|
commented contributor-last recv-q send unreviewed
|
|||
| 689 | |
Add build process for Debian Trixie | 2mo | 11d | 2mo | |
dco-signoff: yes
size/L
needs-rebase
|
commented contributor-last recv-q unreviewed
|
|||
| 702 | |
WIP: User-facing migration to ClusterBundle | 2mo | 6d | |
dco-signoff: yes
do-not-merge/work-in-progress
size/XXL
|
contributor-last recv-q unreviewed
|
||||
| 558 |  |
feat(helm-chart): add ability to set pod level security context | 9mo | 3mo | 3mo | |
dco-signoff: yes
ok-to-test
size/S
|
commented member-last send unreviewed
|
|||
| 304 |  |
Add support for PodMonitor | 2y | 3mo | 3mo | |
dco-signoff: yes
size/L
needs-ok-to-test
lifecycle/frozen
|
commented member-last send unreviewed
|
|||
| 659 | |
WIP: Dedicated controller for cleaning up bundle targets | 3mo | 3mo | |
dco-signoff: yes
size/L
do-not-merge/work-in-progress
needs-rebase
|
contributor-last recv-q unreviewed
|
||||
| 395 | |
WIP: feat: inject bundle data into configmap | 1y | 3mo | 3mo | |
dco-signoff: yes
size/L
do-not-merge/work-in-progress
|
commented member-last unreviewed
|
|||
| 654 | |
Add design for trust source plugins |
|
4mo | 4mo | 4mo | |
dco-signoff: yes
size/M
do-not-merge/work-in-progress
|
commented draft reviewed-with-comment send
|
||
| 683 | |
feat: Add a very basic pre-commit configuration | 3mo | 2mo | 2mo | |
dco-signoff: yes
size/XS
|
commented member-last new-commits
|
|||
| 324 | |
[VC-35742] Handle canceled context to prevent extra retries | 2mo | 2mo | 2mo | |
dco-signoff: yes
size/S
do-not-merge/work-in-progress
needs-ok-to-test
|
commented draft member-last send unreviewed
|
|||
| 186 | |
Remove GetIssuerTypeIdentifier from Issuer API | 11mo | 4mo |  |
dco-signoff: yes
needs-rebase
size/L
|
contributor-last recv-q unreviewed
|
||||
| 188 | |
Remove SetCertificateRequestConditionError | 11mo | 4mo | |
dco-signoff: yes
size/XL
|
contributor-last recv-q unreviewed
|
||||
| 24 | |
Add conformance tests |
| 2y | 2y | 2y | |
dco-signoff: yes
size/XXL
approved
needs-rebase
|
assigned commented contributor-last reviewed-with-comment
|
||
| 251 | |
PoC: Generate SPIFFE identities in csi-driver | 2y | 2y | 2y | |
dco-signoff: yes
size/S
do-not-merge/work-in-progress
needs-rebase
|
commented contributor-last draft recv-q unreviewed
|
|||
| 129 | |
Add attribute support for certificate subject |
|
2y | 2y | 2y | |
dco-signoff: yes
size/L
needs-rebase
ok-to-test
|
commented contributor-last reviewed-with-comment send
|
||
| 135 |  |
Added options to all containers | 2y | 2y | 2y | |
dco-signoff: yes
size/L
needs-rebase
ok-to-test
|
commented contributor-last send unreviewed
|
|||
| 502 |  |
Draft: demo for csi-lib metrics feature | 3wk | 6d | 3wk | |
dco-signoff: yes
size/M
do-not-merge/work-in-progress
needs-rebase
needs-ok-to-test
|
contributor-last draft recv recv-q unreviewed
|
|||
| 107 | |
Remove csi-driver-spiffe approver | 2y | 2y |
size/XXL
dco-signoff: no
do-not-merge/work-in-progress
needs-rebase
|
contributor-last draft unreviewed
|
|||||
| 117 |  |
fill spec.tls.caCertificate in route with intermediate ca certificate… |
|
1y | 10mo | 1y |   |
dco-signoff: yes
size/M
needs-rebase
ok-to-test
|
commented contributor-last new-commits recv-q send
|
||
| 148 |  |
limit-namespaces for namespace-scope deployments |
|
9mo | 9mo | 9mo |  |
dco-signoff: no
size/S
needs-ok-to-test
|
recv recv-q unreviewed
|
||
| 71 | |
Refactor filesystem.go and adapt tests to use a real file system | 11mo | 4mo | 4mo | |
dco-signoff: yes
size/L
|
commented member-last reviewed-with-comment
|
|||
| 1103 | |
Drop separate licenses check on master | 4mo | 5wk | |
dco-signoff: yes
size/M
needs-rebase
|
contributor-last recv-q unreviewed
|
||||
| 1114 | |
Add the 'cybr' label | 5wk | 5wk | 5wk | |
size/XS
dco-signoff: yes
|
commented member-last reviewed-with-comment send
|
|||
| 293 | |
Add Helm chart image baking | 6mo | 2mo | |
dco-signoff: yes
size/S
needs-rebase
|
contributor-last recv-q similar unreviewed
|
||||
| 310 | |
Add generate-applyconfigurations target to controller-gen module | 4mo | 3mo | |
dco-signoff: yes
size/S
|
contributor-last recv-q unreviewed
|
||||
| 55 | |
feat: add test module | 2y | 2y | 2y | |
dco-signoff: yes
size/M
|
commented contributor-last recv reviewed-with-comment
|
|||
| 104 | |
Add Chart image baking | 6mo | 2mo | 2mo | |
dco-signoff: yes
size/L
needs-rebase
|
commented member-last reviewed-with-comment send similar
|
|||
| 64 |  |
Add imagePullSecrets to template | 2y | 2y | 2y |
size/XS
dco-signoff: yes
needs-ok-to-test
|
contributor-last recv unreviewed
|
||||
| 59 |  |
cleanup: remove unused NOTES.txt file | 2y | 2y | 2y |
size/XS
dco-signoff: yes
needs-ok-to-test
|
contributor-last recv unreviewed
|
||||
| 79 | |
Bump github.com/cert-manager/cert-manager from 1.15.1 to 1.15.4 in the go_modules group across 1 directory | 11mo | 11mo | 11mo | |
size/XS
dco-signoff: yes
needs-ok-to-test
dependencies
|
contributor-last recv recv-q unreviewed
|
|||
| 1 | |
Manage the cert-manager GitHub organisation from this repo | 1y | 1y | 1y | |
dco-signoff: yes
size/XXL
|
commented member-last unreviewed
|
|||
| 4 | |
Add support for custom license templates | 2y | 3mo | |
dco-signoff: yes
size/S
|
contributor-last recv-q unreviewed
|
||||
| 143 |  |
feat: allow creating or reusing an existing sa | 2y | 6mo | 2y | |
ok-to-test
|
recv recv-q unreviewed
|
|||
| 159 |  |
Split certificate chain | 2y | 9mo | 9mo | |
commented member-last reviewed-with-comment send
|
||||
| 141 |  |
re-adding required clusterrole permission | 2y | 9mo | 2y | |
size/XS
|
recv unreviewed
|
|||
| 345 |  |
chore: add existing securityContext settings to values | 4wk | 4wk | 4wk | |
size/M
dco-signoff: yes
|
contributor-last recv recv-q unreviewed
|
|||
| 11 previously listed items omitted: #7327 #7467 #7748 #7694 #8141 #7658 #7665 #7064 #7689 #1787 #762 | |||||||||||
