From 90cbae6d29fff2cc1a31511418a963e04e3a46a8 Mon Sep 17 00:00:00 2001
From: Philipp Kolberg <philipp.kolberg@t-online.de>
Date: Mon, 16 Oct 2023 18:32:47 +0200
Subject: [PATCH] Only create k8s TLS Ingress config if secretName is set

---
 authentik/providers/proxy/controllers/k8s/ingress.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/authentik/providers/proxy/controllers/k8s/ingress.py b/authentik/providers/proxy/controllers/k8s/ingress.py
index a8eb967d0..3e1d183e1 100644
--- a/authentik/providers/proxy/controllers/k8s/ingress.py
+++ b/authentik/providers/proxy/controllers/k8s/ingress.py
@@ -55,7 +55,10 @@ class IngressReconciler(KubernetesObjectReconciler[V1Ingress]):
             proxy_provider: ProxyProvider
             external_host_name = urlparse(proxy_provider.external_host)
             expected_hosts.append(external_host_name.hostname)
-            if external_host_name.scheme == "https":
+            if (
+                external_host_name.scheme == "https"
+                and self.controller.outpost.config.kubernetes_ingress_secret_name
+            ):
                 expected_hosts_tls.append(external_host_name.hostname)
         expected_hosts.sort()
         expected_hosts_tls.sort()
@@ -115,7 +118,10 @@ class IngressReconciler(KubernetesObjectReconciler[V1Ingress]):
         ):
             proxy_provider: ProxyProvider
             external_host_name = urlparse(proxy_provider.external_host)
-            if external_host_name.scheme == "https":
+            if (
+                external_host_name.scheme == "https"
+                and self.controller.outpost.config.kubernetes_ingress_secret_name
+            ):
                 tls_hosts.append(external_host_name.hostname)
             if proxy_provider.mode in [
                 ProxyMode.FORWARD_SINGLE,