Allow using default certificate with ingress

Change-Id: Ie7eeff6e733c9d7da152ce4ac35a1808d7e83967
(cherry picked from commit 49b0933cf09e6c72f0d7c1da226024fb5bae96af)
diff --git a/releasenotes/notes/allow-using-default-cert-b28067c8a1525e1f.yaml b/releasenotes/notes/allow-using-default-cert-b28067c8a1525e1f.yaml
new file mode 100644
index 0000000..aac6ce0
--- /dev/null
+++ b/releasenotes/notes/allow-using-default-cert-b28067c8a1525e1f.yaml
@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    It's now possible to use the default TLS certificates configured within the
+    ingress by using the ``ingress_use_default_tls_certificate`` variable which
+    will omit the ``tls`` section from any ``Ingress`` resources managed by
+    Atmosphere.
diff --git a/roles/ingress/defaults/main.yml b/roles/ingress/defaults/main.yml
index 05a2cc3..82ea1e0 100644
--- a/roles/ingress/defaults/main.yml
+++ b/roles/ingress/defaults/main.yml
@@ -38,3 +38,6 @@
 
 # List of annotations to apply to all Ingress resources as default
 ingress_default_annotations: "{{ ingress_global_annotations | default(atmosphere_ingress_annotations) }}"
+
+# Use default TLS certificate
+ingress_use_default_tls_certificate: false
diff --git a/roles/ingress/templates/ingress.yml.j2 b/roles/ingress/templates/ingress.yml.j2
index 04135bc..6da2788 100644
--- a/roles/ingress/templates/ingress.yml.j2
+++ b/roles/ingress/templates/ingress.yml.j2
@@ -21,7 +21,9 @@
                 name: {{ ingress_service_name }}

                 port:

                   number: {{ ingress_service_port }}

+{% if not ingress_use_default_tls_certificate %}

   tls:

     - secretName: {{ ingress_secret_name | default(ingress_service_name ~ '-certs') }}

       hosts:

         - {{ ingress_host }}

+{% endif %}