kubernetes cert-manager 忽略入口注释

Question

I've set up Kubernetes with nginx ingress and cert-manager. I want to use ECDSA Certificate instead of RSA certificate so I followed the documentation and set cert-manager.io/private-key-algorithm: ECDSA in Ingress configuration. Unfortunately cert-manager seems to ignore this setting and creating a RSA certificate.

kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: {{ include "myapp.fullname" . }}-ingress
  labels:
    {{- include "myapp.labels" . | nindent 4 }}
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    cert-manager.io/issuer: {{ .Values.certManager.name }}
    cert-manager.io/private-key-algorithm: ECDSA
spec:
  ingressClassName: nginx
  tls:
    - hosts:
      - {{ .Values.ingressHostName }}
      secretName: "{{ include "myapp.fullname" . }}-{{ .Values.certManager.privateKeySecretRef }}"
  rules:
    - host: {{ .Values.ingressHostName }}
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: {{ .Values.landingpage.frontend.service.fullname }}
                port:
                  number: {{ .Values.landingpage.frontend.service.port }}

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: {{ .Values.certManager.name }}
spec:
  acme:
    # The ACME server URL
    server: {{ .Values.certManager.server }}
    # Email address used for ACME registration
    email: {{ .Values.certManager.email }}
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: "{{ include "myapp.fullname" . }}-cert-manager-key"
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class:  nginx

Answer 1

It does not appear you can do this via the ingress resource yet, but you can do it via the Certificate resource:

https://github.com/cert-manager/cert-manager/issues/2567