To clarify, there’s very little in the controller that exists independent of Kong–what controller-specific stuff does exist is more switching between different modes of generating Kong configuration. You generally can’t just add an annotation; the annotation needs to correspond to something in Kong configuration down the line, and is more an alternate means of expressing that configuration rather than a standalone thing.
Can you elaborate a bit more on what you want to do, and do you know of a way you can configure this as desired without the controller involved? If the answer to the latter is no, this would definitely require additional core functionality.
I’m not that familiar with OCSP, and am not entirely sure what should happen here. I’m a bit confused by your reference to mounting certificates–any certificate specified at the Ingress level isn’t mounted on the filesystem, but rather stored in Kong’s database or in-memory config. If you’d need
ssl_stapling_file as well that’s almost certainly not possible, since those certs are never files, and TLS operations on them generally must be handled in Lua rather than using NGINX directives, which typically expect files.