provisioning/templates/services/k8s-deploy/make_istio-system_secret.sh.j2

#!/bin/bash
{%- for prxy in k8s_deploy.prxyGatewayServers %}
{%- if prxy.tls and prxy.tls.credentialName and k8s_deploy.prxy == "istio" %}
SECRET_NAME={{prxy.tls.credentialName}}
SSL_PATH=${1:-{{k8s_deploy.tls_path}}}
[ ! -r "$SSL_PATH" ] && echo "SSL_PATH $SSLPATH not directory"  && exit 1

NAMESPACE=istio-system

echo "create $NAMESPACE secret $SECRET_NAME for tls ... "
kubectl delete -n $NAMESPACE secret $SECRET_NAME 2>/dev/null
kubectl create -n $NAMESPACE secret tls $SECRET_NAME \
  --key=$SSL_PATH/privkey.pem \
  --cert=$SSL_PATH/fullchain.pem 
{% break %}
{%- endif %}
{%- endfor %}