How should secrets be handled for Ingress controllers?

        # Example of handling secrets using Kubernetes secrets for an Ingress controller
        apiVersion: v1
        kind: Secret
        metadata:
          name: my-tls-secret
          namespace: my-namespace
        type: kubernetes.io/tls
        data:
          tls.crt: BASE64_ENCODED_CERTIFICATE
          tls.key: BASE64_ENCODED_PRIVATE_KEY

        ---
        
        apiVersion: networking.k8s.io/v1
        kind: Ingress
        metadata:
          name: my-ingress
          namespace: my-namespace
          annotations:
            nginx.ingress.kubernetes.io/ssl-redirect: "true"
        spec:
          tls:
          - secretName: my-tls-secret
          rules:
          - host: mydomain.com
            http:
              paths:
              - path: /
                pathType: Prefix
                backend:
                  service:
                    name: my-service
                    port:
                      number: 80