We're almost there; let's request a certificate from the letsencrypt service:
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: tls-secret
spec:
secretName: tls-secret
dnsNames:
- handsonaks-ingress-<yourname>.westus2.cloudapp.azure.com
acme:
config:
- http01:
ingressClass: nginx
domains:
- handsonaks-ingress-<yourname>.westus2.cloudapp.azure.com
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
The certificate manager obtains the certificate for the domain specified and handles the handshake required for verification. Pretty cool stuff.