I am using traefik as an ingress-controller and want to serve other ingresses via auto-generated letsencrypt certificates and enforce SSL.

I set up traefik with it's official helm chart like this:

helm install stable/traefik --name traefik --set dashboard.enabled=true,dashboard.domain=traefik.mycompany.com,rbac.enabled=true,externalIP=123.456.789.123,ssl.enabled=true,ssl.enforced=true,ssl.permanentRedirect=true,acme.enabled=true,acme.staging=false,acme.challengeType=http-01

How do I need to annotate the ingresses for the apps I need to expose to use an auto-generated letsencrypt certificate?

With this setup traefik.mycompany.com is delivered via SSL with a wild-card certificate of the default host *.example.com:

I digged through the whole traefik documentation (https://docs.traefik.io/) but could only find out how I need to setup the ingresses.