Kubernetes - ingress contoller question

Cluster information:

Kubernetes version:
Cloud being used: VCF,VPC, Baremetal
CNI : Antrea

this is my first topic and I have a dump question because i’m green in Kubernetes.

I create tkgm Tanzu Cluster and need help with ingress.

Now I try to move to Tanzu kubernetes and have a problem. How to get reach my apps in cluster properly?
Properly I mean using DNS names not IP.

First of all in my setup I use NSX ALB as load balancer to get into cluster.
If service type is Load balancer it get IP and i can reach my app so it is ok.
But i want use ingress. I read about this and try some one like contour, haproxy ingress controller (my favorite) and also nginx.
I deploy ingress controller for example nginx, create ingress etc and it’s working thru http like a charm.
Also I was able to make ingress run thru https with test app adding tls secret in the same namespace.

My problem problem is with certs.
I want to use multiple tls wildcard certificates for specific domains for example domain1.com,domain2.com
and want ro use ingress controller to do this for me.
Now when making https ingress I need to create specific tls secret in namespace with cert and add it to it.

The idea is to create TLS secrets which will be used by ingress controller (anyone -nginx or haproxy) and server it to all ingresses in cluster.

How to make it work or it is even possible ?
I hear about kubed and similiar operators which sync secrets betwen namespaceses.
Problem is with cert expiration. What I want to archive is to have single place where I can replace expired certificate for all of them in all namespaces. With separated TLS secrets in each one of them can be difficult.
Now I use OKD 3.11 and make routes from cluster thru http and realize tls on external haproxy. When certificate expire I just replace it reload and finish. I need also the same funcionality here with ingress.