Kubernetes: Example HTTPS Certificate Resources

config.yml

---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    # Change this to your email to receive notifications about the HTTPS certificate
    email: user@example.com
    privateKeySecretRef:
      name: letsencrypt-staging-issuer-account-key
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    solvers:
    - http01:
        ingress:
          class: nginx

---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # Change this to your email to receive notifications about the HTTPS certificate
    email: user@example.com
    privateKeySecretRef:
      name: letsencrypt-prod-issuer-account-key
    server: https://acme-v02.api.letsencrypt.org/directory
    solvers:
    - http01:
        ingress:
          class: nginx

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    # Use the staging issuer first to test it is working, then switch to prod
    # cert-manager.io/cluster-issuer: letsencrypt-staging
    cert-manager.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/tls-acme: "true"
  name: helloworld
spec:
  ingressClassName: nginx
  rules:
  - host: helloworld.10.0.0.1.nip.io
    http:
      paths:
      - backend:
          service:
            name: helloworld
            port:
              number: 8080
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - helloworld.10.0.0.1.nip.io
    secretName: helloworld-tls