kubernetes cert-manager 忽略入口注释

Question

我已经使用 nginx 入口和证书管理器设置了 Kubernetes。 我想使用 ECDSA 证书而不是 RSA 证书，所以我遵循文档并在入口配置中设置cert-manager.io/private-key-algorithm: ECDSA 。 不幸的是 cert-manager 似乎忽略了这个设置并创建了一个 RSA 证书。

kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: {{ include "myapp.fullname" . }}-ingress
  labels:
    {{- include "myapp.labels" . | nindent 4 }}
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    cert-manager.io/issuer: {{ .Values.certManager.name }}
    cert-manager.io/private-key-algorithm: ECDSA
spec:
  ingressClassName: nginx
  tls:
    - hosts:
      - {{ .Values.ingressHostName }}
      secretName: "{{ include "myapp.fullname" . }}-{{ .Values.certManager.privateKeySecretRef }}"
  rules:
    - host: {{ .Values.ingressHostName }}
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: {{ .Values.landingpage.frontend.service.fullname }}
                port:
                  number: {{ .Values.landingpage.frontend.service.port }}

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: {{ .Values.certManager.name }}
spec:
  acme:
    # The ACME server URL
    server: {{ .Values.certManager.server }}
    # Email address used for ACME registration
    email: {{ .Values.certManager.email }}
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: "{{ include "myapp.fullname" . }}-cert-manager-key"
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class:  nginx

Answer 1

您似乎还不能通过入口资源执行此操作，但您可以通过证书资源执行此操作：

https://github.com/cert-manager/cert-manager/issues/2567