I've set up Kubernetes with nginx ingress and cert-manager. I want to use ECDSA Certificate instead of RSA certificate so I followed the documentation and set cert-manager.io/private-key-algorithm: ECDSA
in Ingress configuration. Unfortunately cert-manager seems to ignore this setting and creating a RSA certificate.
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: {{ include "myapp.fullname" . }}-ingress
labels:
{{- include "myapp.labels" . | nindent 4 }}
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/issuer: {{ .Values.certManager.name }}
cert-manager.io/private-key-algorithm: ECDSA
spec:
ingressClassName: nginx
tls:
- hosts:
- {{ .Values.ingressHostName }}
secretName: "{{ include "myapp.fullname" . }}-{{ .Values.certManager.privateKeySecretRef }}"
rules:
- host: {{ .Values.ingressHostName }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ .Values.landingpage.frontend.service.fullname }}
port:
number: {{ .Values.landingpage.frontend.service.port }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ .Values.certManager.name }}
spec:
acme:
# The ACME server URL
server: {{ .Values.certManager.server }}
# Email address used for ACME registration
email: {{ .Values.certManager.email }}
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: "{{ include "myapp.fullname" . }}-cert-manager-key"
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx
It does not appear you can do this via the ingress resource yet, but you can do it via the Certificate resource:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.