backport of commit 2145f95 (hashicorp#19972)

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

website/content/docs/platform/k8s/injector/examples.mdx

@@ -340,3 +340,48 @@ spec:
           ports:
             - containerPort: 9090
 ```
+
+## PKI Cert Example
+
+The following example demonstrates how to use the [`pkiCert` function][pkiCert] and
+[`writeToFile` function][writeToFile] from consul-template to create two files
+from a template: one for the certificate and CA (`cert.pem`) and one for the key
+(`cert.key`) generated by [Vault's PKI Secrets Engine](/vault/docs/secrets/pki).
+
+```yaml
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: web-deployment
+  labels:
+    app: web
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: web
+  template:
+    metadata:
+      labels:
+        app: web
+      annotations:
+        vault.hashicorp.com/agent-inject: 'true'
+        vault.hashicorp.com/role: 'web'
+        vault.hashicorp.com/agent-inject-secret-certs: 'pki/issue/cert'
+        vault.hashicorp.com/agent-inject-template-certs: |
+          {{- with pkiCert "pki/issue/cert" "common_name=test.example.com" "ttl=2h" -}}
+          {{ .Cert }}{{ .CA }}{{ .Key }}
+          {{ .Key | writeToFile "/vault/secrets/cert.key" "vault" "vault" "0644" }}
+          {{ .CA | writeToFile "/vault/secrets/cert.pem" "vault" "vault" "0644" }}
+          {{ .Cert | writeToFile "/vault/secrets/cert.pem" "vault" "vault" "0644" "append" }}
+          {{- end -}}
+    spec:
+      serviceAccountName: web
+      containers:
+        - name: web
+          image: nginx
+```
+
+[pkiCert]: https://github.com/hashicorp/consul-template/blob/main/docs/templating-language.md#pkicert
+[writeToFile]: https://github.com/hashicorp/consul-template/blob/main/docs/templating-language.md#writeToFile