Issue with docs/reference/config/networking/gateway/index.html

[farcaller]

ServerTLSSettings.credentialName states:

For gateways running on Kubernetes, the name of the secret that holds the TLS certs including the CA certificates. Applicable only on Kubernetes. The secret (of type generic) should contain the following keys and values: key: <privateKey> and cert: <serverCert>. For mutual TLS, cacert: <CACertificate> can be provided in the same secret or a separate secret named -cacert. Secret of type tls for server certificates along with ca.crt key for CA certificates is also supported. Only one of server certificates and CA certificate or credentialName can be specified.

It seems that the keys aren't correct (or are partially incorrect), as istio will ingest keys tls.crt / tls.key for a secret of type kubernetes.io/tls.

This documentation is also missing a crucial point that the secret referenced in credentialName must reside in the same namespace as the ingress gateway.

[ericvn]

I expect the snippet you are referring to come from here:

https://github.com/istio/api/blob/master/networking/v1alpha3/gateway.pb.html#L771. for preliminary.istio.io and from the release-9 branch for istio.io.

I'll transfer this issue to the api repo.

[howardjohn]

"Secret of type tls for server certificates along with ca.crt key for CA certificates is also supported." is intending to cover this. It should probably say

"Secret of type kubernetes.io/tls, with keys tls.crt and tls.key for server certificates, along with ca.crt key for CA certificates is also supported."

[howardjohn]

This has been updated at some point to include this