From 099bbb8be7986d4c128312c9f4c83fdec6323975 Mon Sep 17 00:00:00 2001 From: Daniel Tomcej Date: Tue, 8 Jan 2019 02:22:03 -0600 Subject: [PATCH] Skip TLS section with no secret in Kubernetes ingress --- old/provider/kubernetes/kubernetes.go | 5 +++++ old/provider/kubernetes/kubernetes_test.go | 16 ++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/old/provider/kubernetes/kubernetes.go b/old/provider/kubernetes/kubernetes.go index b8fefb7f3..887dd7b2c 100644 --- a/old/provider/kubernetes/kubernetes.go +++ b/old/provider/kubernetes/kubernetes.go @@ -642,6 +642,11 @@ func getRuleForHost(host string) string { func getTLS(ingress *extensionsv1beta1.Ingress, k8sClient Client, tlsConfigs map[string]*tls.Configuration) error { for _, t := range ingress.Spec.TLS { + if t.SecretName == "" { + log.Debugf("Skipping TLS sub-section for ingress %s/%s: No secret name provided", ingress.Namespace, ingress.Name) + continue + } + newEntryPoints := getSliceStringValue(ingress.Annotations, annotationKubernetesFrontendEntryPoints) configKey := ingress.Namespace + "/" + t.SecretName diff --git a/old/provider/kubernetes/kubernetes_test.go b/old/provider/kubernetes/kubernetes_test.go index 4062a8555..c936170ea 100644 --- a/old/provider/kubernetes/kubernetes_test.go +++ b/old/provider/kubernetes/kubernetes_test.go @@ -2850,6 +2850,16 @@ func TestGetTLS(t *testing.T) { ), ) + testIngressWithoutSecret := buildIngress( + iNamespace("testing"), + iRules( + iRule(iHost("ep1.example.com")), + ), + iTLSes( + iTLS("", "foo.com"), + ), + ) + testCases := []struct { desc string ingress *extensionsv1beta1.Ingress @@ -2976,6 +2986,12 @@ func TestGetTLS(t *testing.T) { }, }, }, + { + desc: "return nil when no secret is defined", + ingress: testIngressWithoutSecret, + client: clientMock{}, + result: map[string]*tls.Configuration{}, + }, { desc: "pass the endpoints defined in the annotation to the certificate", ingress: buildIngress(