Skip adding cert to registry when no secret is defined

TLS secrets is optional in the IngressV1 spec, using similar config for RouteGroups. Signed-off-by: Ricardo Herrera <[email protected]>
zalando · Jan 1, 2024 · ecb2e4b · ecb2e4b
1 parent bb9596d
commit ecb2e4b
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/dataclients/kubernetes/ingressv1.go b/dataclients/kubernetes/ingressv1.go
@@ -299,6 +299,13 @@ func (ing *ingress) addSpecIngressTLSV1(ic *ingressContext, ingtls *definitions.
 		ic.logger.Infof("No matching tls hosts found")
 		return
 	}
+
+	// Skip adding certs to registry since if certs defined
+	if ingtls.SecretName == "" {
+		ic.logger.Infof("No tls secret defined for hosts - %s", ingtls.Hosts)
+		return
+	}
+
 	// Secrets should always reside in same namespace as the Ingress
 	secretID := &definitions.ResourceID{Name: ingtls.SecretName, Namespace: ic.ingressV1.Metadata.Namespace}
 	secret, ok := ic.state.secrets[*secretID]

diff --git a/dataclients/kubernetes/routegroup.go b/dataclients/kubernetes/routegroup.go
@@ -490,6 +490,12 @@ func (r *routeGroups) addRouteGroupTLS(ctx *routeGroupContext, tls *definitions.
 		return
 	}
 
+	// Skip adding certs to registry since no certs defined
+	if tls.SecretName == "" {
+		ctx.logger.Infof("No tls secret defined for hosts - %s", tls.Hosts)
+		return
+	}
+
 	// Secrets should always reside in the same namespace as the RouteGroup
 	secretID := &definitions.ResourceID{Name: tls.SecretName, Namespace: ctx.routeGroup.Metadata.Namespace}
 	secret, ok := ctx.state.secrets[*secretID]