mTLS secret generation docs incorrect

[shmargum]

TLS secret generation docs appear to be incorrect, link:
https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/#configure-a-mutual-tls-ingress-gateway

the listed key formats seem to work and are correct:

• A TLS Secret with keys tls.key and tls.crt, as described above. For mutual TLS, a ca.crt key can be used.
• A generic Secret with keys key and cert. For mutual TLS, a cacert key can be used.

the examples given are incorrect:

• kubectl create -n istio-system secret tls httpbin-credential --key=httpbin.example.com.key --cert=httpbin.example.com.crt
• kubectl create -n istio-system secret generic httpbin-credential --from-file=tls.key=httpbin.example.com.key --from-file=tls.crt=httpbin.example.com.crt --from-file=ca.crt=example.com.crt

the correct command for a generic secret would be:

• kubectl create -n istio-system secret generic httpbin-credential --from-file=key=httpbin.example.com.key --from-file=cert=httpbin.example.com.crt --from-file=cacert=example.com.crt

i have not tested tls type secrets, but docs definitely provide conflicting info

[howardjohn]

Agree the doc is wrong - the type of the secret doesn't matter, only the keys