apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    # Create this with kubectl create secret generic caingress --from-file=ca.crt --namespace=default
    ingress.kubernetes.io/auth-tls-secret: "default/caingress"
    ingress.kubernetes.io/auth-tls-verify-depth: "3"
    ingress.kubernetes.io/auth-tls-verify-client: "on"
    auth-tls-error-page: "http://www.mysite.com/error-cert.html"
  name: nginx-test
  namespace: default
spec:
  rules:
  - host: ingress.test.com
    http:
      paths:
      - backend:
          serviceName: http-svc:80
          servicePort: 80
        path: /
  tls:
  - hosts:
    - ingress.test.com
    secretName: tls-secret