Add info on custom certificate

01-Home.md

@@ -133,12 +133,44 @@ Here we are defining our applications secret or variables. Please refers to [var
 
 #### Bring your own certificate and domain
 
-[WIP]
+You can add the `cert-manager.io/cluster-issuer: nginx-production` annotation to your ingress/route to generate a letsencrypt certificate for your domain. You also need to specify the `secretName` in the `tls` section of the ingress.
 
+Please notice that you need to ensure your domain DNS is resolving to the cluster ingress/route public ip. This can be done with a CNAME record pointing to:
+
+- `dummy.pub.<cluster_name>.kvant.cloud` for Kubernetes Ingress
+- `dummy.app.<cluster_name>.kvant.cloud` for Openshift Route
+
+Example for Ingress:
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    # add an annotation indicating the issuer to use.
+    cert-manager.io/cluster-issuer: nginx-production # < set up on all kvant clusters
+  name: myIngress
+  namespace: myIngress
+spec:
+  rules:
+  - host: example.com
+    http:
+      paths:
+      - pathType: Prefix
+        path: /
+        backend:
+          service:
+            name: myservice
+            port:
+              number: 80
+  tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
+  - hosts:
+    - example.com
+    secretName: myingress-cert # < cert-manager will store the created certificate in this secret.
+ ```
 #### Use Predefined Domain
 
 You can spawn any application using your namespace associated Domain.
-`${REPO_NAME}.pub.${CLUSTER}.kvant.cloud`
+`${TENANT_DOMAIN}`
 
 ### Storage