From 2b45872b9f108391a6bc573fb10d0156c7c7f447 Mon Sep 17 00:00:00 2001
From: root <mohanadimad9@gmail.com>
Date: Fri, 11 Oct 2024 15:58:20 +0300
Subject: [PATCH] doc webhook custom certificate

Signed-off-by: root <mohanadimad9@gmail.com>
---
 .../docs/installation/configuring-components.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/content/docs/installation/configuring-components.md b/content/docs/installation/configuring-components.md
index 6e6f53476b..6ce6ba6546 100644
--- a/content/docs/installation/configuring-components.md
+++ b/content/docs/installation/configuring-components.md
@@ -99,3 +99,20 @@ Each cert-manager component has its own set of feature gates. They can be enable
 - cert-manager controller: [controller feature gates](https://github.com/cert-manager/cert-manager/blob/master/internal/controller/feature/features.go)
 - cert-manager webhook: [webhook feature gates](https://github.com/cert-manager/cert-manager/blob/master/internal/webhook/feature/features.go)
 - cert-manager cainjector: [cainjector feature gates](https://github.com/cert-manager/cert-manager/blob/master/internal/cainjector/feature/features.go)
+
+## Configuring webhook endpoint certificate
+
+By default, the webhook certificate is managed by the dynamic certificate service. To use your own certificate, you can use the `tlsConfig` property. Below is an example of how to set it up:
+
+```yaml
+apiVersion: webhook.config.cert-manager.io/v1alpha1
+kind: WebhookConfiguration
+tlsConfig:
+  filesystem:
+    certFile: /etc/certs/tls.crt
+    keyFile: /etc/certs/tls.key
+```
+
+> **Notes:**
+> - Using this configuration will disable the default `--dynamic-serving-` flags.
+> - Remember to mount your certificate files into the webhook deployment using volumes and volumeMounts.