Automated Certificate Management with cert-manager
cert-manager automatically requests missing or expired certificates from a range of supported issuers (including Let's Encrypt) by monitoring ingress resources.
To set up cert-manager you should take a look at this full example.
To enable it for an ingress resource you have to deploy cert-manager, configure a certificate issuer update the manifest:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-demo
annotations:
cert-manager.io/issuer: "letsencrypt-staging" # Replace this with a production issuer once you've tested it
[..]
spec:
tls:
- hosts:
- ingress-demo.example.com
secretName: ingress-demo-tls
[...]