🌱 cert-manager: Support adding custom annotations to generated secret

solutions/cncf-generated/cert-manager/cert-manager-2576-support-adding-custom-annotations-to-generated-secret.json

@@ -0,0 +1,75 @@
+{
+  "version": "kc-mission-v1",
+  "name": "cert-manager-2576-support-adding-custom-annotations-to-generated-secret",
+  "missionClass": "solution",
+  "author": "KubeStellar Bot",
+  "authorGithub": "kubestellar",
+  "mission": {
+    "title": "cert-manager: Support adding custom annotations to generated secret",
+    "description": "Support adding custom annotations to generated secret. Requested by 26+ users.",
+    "type": "feature",
+    "status": "completed",
+    "steps": [
+      {
+        "title": "Check current cert-manager deployment",
+        "description": "Verify your cert-manager version and configuration:\n```bash\nkubectl get pods -n cert-manager -l app.kubernetes.io/name=cert-manager\nhelm list -n cert-manager 2>/dev/null || echo \"Not installed via Helm\"\n```\nThis feature requires a working cert-manager installation."
+      },
+      {
+        "title": "Review cert-manager configuration",
+        "description": "Inspect the relevant cert-manager configuration:\n```bash\nkubectl get all -n cert-manager -l app.kubernetes.io/name=cert-manager\nkubectl get configmap -n cert-manager -l app.kubernetes.io/part-of=cert-manager\n```\nIs there support for adding custom annotations to generated secret for syncing using kubed or similar?\n\nIf not, is this feature in the pipeline?"
+      },
+      {
+        "title": "Apply the fix for Support adding custom annotations to generated secret",
+        "description": ":\n\nThis change introduces the concept of SecretTemplate for Certificates. When a certificate is issued, a new secret is created to hold the certificate data. This secret is created by cert-manager. In order to use solutions like [kubed](https://appscode.com/products/kubed/v0.12.0/guides/config-syncer/intra-cluster/) to copy this secret to multiple namespaces, this created secret must be annotated. \n\nSecretTemplate is a property of CertificateSpec. Labels and Annotations defined there will be\n\nSee the fix PR for details: linked PR"
+      },
+      {
+        "title": "Verify the feature works",
+        "description": "Test that the new capability is working as expected:\n```bash\nkubectl get pods -n cert-manager -l app.kubernetes.io/name=cert-manager\nkubectl get events -n cert-manager --sort-by='.lastTimestamp' | tail -10\n```\nConfirm the feature described in \"Support adding custom annotations to generated secret\" is functioning correctly."
+      }
+    ],
+    "resolution": {
+      "summary": ":\n\nThis change introduces the concept of SecretTemplate for Certificates. When a certificate is issued, a new secret is created to hold the certificate data. This secret is created by cert-manager.",
+      "codeSnippets": []
+    }
+  },
+  "metadata": {
+    "tags": [
+      "cert-manager",
+      "graduated",
+      "security",
+      "feature"
+    ],
+    "cncfProjects": [
+      "cert-manager"
+    ],
+    "targetResourceKinds": [
+      "Namespace"
+    ],
+    "difficulty": "intermediate",
+    "issueTypes": [
+      "feature"
+    ],
+    "maturity": "graduated",
+    "sourceUrls": {
+      "issue": "https://github.com/cert-manager/cert-manager/issues/2576",
+      "repo": "https://github.com/cert-manager/cert-manager",
+      "pr": "https://github.com/cert-manager/cert-manager/pull/3828"
+    },
+    "reactions": 26,
+    "comments": 21,
+    "synthesizedBy": "copilot"
+  },
+  "prerequisites": {
+    "kubernetes": ">=1.24",
+    "tools": [
+      "kubectl"
+    ],
+    "description": "A running Kubernetes cluster with cert-manager installed or the issue environment reproducible."
+  },
+  "security": {
+    "scannedAt": "2026-03-11T02:49:51.956Z",
+    "scannerVersion": "cncf-gen-3.0.0",
+    "sanitized": true,
+    "findings": []
+  }
+}