DNS-01 ingress example

README.md

@@ -365,7 +365,9 @@ spec:
 `kubectl apply -f lets-encrypt-cluster-issuers.yaml`
 
 ## Deploying a LE-certificate <a name="user-content-cert-manager-ingress"></a>
-All you need is an `Ingress` resource of class `nginx` which references a ClusterIssuer (`letsencrypt-prod-issuer`) resource:
+All you need is an `Ingress` resource of class `nginx` which references a ClusterIssuer (`letsencrypt-prod-issuer`) resource.
+
+HTTP-01 solver (`cert-manager.io/cluster-issuer: "letsencrypt-prod-issuer"`):
 ```
 apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
@@ -390,6 +392,31 @@ spec:
           serviceName: some-target-service
           servicePort: some-target-service-port
 ```
+DNS-01 solver (`cert-manager.io/cluster-issuer: "letsencrypt-dns01-issuer"`):
+```
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  namespace: <stage>
+  name: some-ingress-name
+  annotations:
+    # use the shared ingress-nginx
+    kubernetes.io/ingress.class: "nginx"
+    cert-manager.io/cluster-issuer: "letsencrypt-dns01-issuer"
+spec:
+  tls:
+  - hosts:
+    - some-certificate.name.san
+    secretName: target-certificate-secret-name
+  rules:
+  - host: some-certificate.name.san
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: some-target-service
+          servicePort: some-target-service-port
+```
 
 ## Troubleshooting <a name="user-content-cert-manager-troubleshooting"></a>
 Docs: https://cert-manager.io/docs/faq/acme/