Allow using default certificate with ingress
Change-Id: Ie7eeff6e733c9d7da152ce4ac35a1808d7e83967
(cherry picked from commit 49b0933cf09e6c72f0d7c1da226024fb5bae96af)
diff --git a/releasenotes/notes/allow-using-default-cert-b28067c8a1525e1f.yaml b/releasenotes/notes/allow-using-default-cert-b28067c8a1525e1f.yaml
new file mode 100644
index 0000000..aac6ce0
--- /dev/null
+++ b/releasenotes/notes/allow-using-default-cert-b28067c8a1525e1f.yaml
@@ -0,0 +1,7 @@
+---
+features:
+ - |
+ It's now possible to use the default TLS certificates configured within the
+ ingress by using the ``ingress_use_default_tls_certificate`` variable which
+ will omit the ``tls`` section from any ``Ingress`` resources managed by
+ Atmosphere.
diff --git a/roles/ingress/defaults/main.yml b/roles/ingress/defaults/main.yml
index 05a2cc3..82ea1e0 100644
--- a/roles/ingress/defaults/main.yml
+++ b/roles/ingress/defaults/main.yml
@@ -38,3 +38,6 @@
# List of annotations to apply to all Ingress resources as default
ingress_default_annotations: "{{ ingress_global_annotations | default(atmosphere_ingress_annotations) }}"
+
+# Use default TLS certificate
+ingress_use_default_tls_certificate: false
diff --git a/roles/ingress/templates/ingress.yml.j2 b/roles/ingress/templates/ingress.yml.j2
index 04135bc..6da2788 100644
--- a/roles/ingress/templates/ingress.yml.j2
+++ b/roles/ingress/templates/ingress.yml.j2
@@ -21,7 +21,9 @@
name: {{ ingress_service_name }}
port:
number: {{ ingress_service_port }}
+{% if not ingress_use_default_tls_certificate %}
tls:
- secretName: {{ ingress_secret_name | default(ingress_service_name ~ '-certs') }}
hosts:
- {{ ingress_host }}
+{% endif %}