apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: # Create this with kubectl create secret generic caingress --from-file=ca.crt --namespace=default ingress.kubernetes.io/auth-tls-secret: "default/caingress" ingress.kubernetes.io/auth-tls-verify-depth: "3" ingress.kubernetes.io/auth-tls-verify-client: "on" auth-tls-error-page: "http://www.mysite.com/error-cert.html" name: nginx-test namespace: default spec: rules: - host: ingress.test.com http: paths: - backend: serviceName: http-svc:80 servicePort: 80 path: / tls: - hosts: - ingress.test.com secretName: tls-secret