From e598d6bccac428d7c5519fe3d6da2d6aebca61b0 Mon Sep 17 00:00:00 2001
From: Daniel Tomcej <daniel.tomcej@gmail.com>
Date: Tue, 8 Jan 2019 02:22:03 -0600
Subject: [PATCH] Skip TLS section with no secret in Kubernetes ingress

---
 provider/kubernetes/kubernetes.go      |  5 +++++
 provider/kubernetes/kubernetes_test.go | 16 ++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/provider/kubernetes/kubernetes.go b/provider/kubernetes/kubernetes.go
index 9d09a6051..667b9664e 100644
--- a/provider/kubernetes/kubernetes.go
+++ b/provider/kubernetes/kubernetes.go
@@ -642,6 +642,11 @@ func getRuleForHost(host string) string {
 
 func getTLS(ingress *extensionsv1beta1.Ingress, k8sClient Client, tlsConfigs map[string]*tls.Configuration) error {
 	for _, t := range ingress.Spec.TLS {
+		if t.SecretName == "" {
+			log.Debugf("Skipping TLS sub-section for ingress %s/%s: No secret name provided", ingress.Namespace, ingress.Name)
+			continue
+		}
+
 		newEntryPoints := getSliceStringValue(ingress.Annotations, annotationKubernetesFrontendEntryPoints)
 
 		configKey := ingress.Namespace + "/" + t.SecretName
diff --git a/provider/kubernetes/kubernetes_test.go b/provider/kubernetes/kubernetes_test.go
index 3bc0c74ce..bc1f39144 100644
--- a/provider/kubernetes/kubernetes_test.go
+++ b/provider/kubernetes/kubernetes_test.go
@@ -2824,6 +2824,16 @@ func TestGetTLS(t *testing.T) {
 		),
 	)
 
+	testIngressWithoutSecret := buildIngress(
+		iNamespace("testing"),
+		iRules(
+			iRule(iHost("ep1.example.com")),
+		),
+		iTLSes(
+			iTLS("", "foo.com"),
+		),
+	)
+
 	testCases := []struct {
 		desc      string
 		ingress   *extensionsv1beta1.Ingress
@@ -2950,6 +2960,12 @@ func TestGetTLS(t *testing.T) {
 				},
 			},
 		},
+		{
+			desc:    "return nil when no secret is defined",
+			ingress: testIngressWithoutSecret,
+			client:  clientMock{},
+			result:  map[string]*tls.Configuration{},
+		},
 		{
 			desc: "pass the endpoints defined in the annotation to the certificate",
 			ingress: buildIngress(