diff --git a/pkg/ingress/kube/ingress/controller.go b/pkg/ingress/kube/ingress/controller.go index 32a5cd2b7..755f26837 100644 --- a/pkg/ingress/kube/ingress/controller.go +++ b/pkg/ingress/kube/ingress/controller.go @@ -431,11 +431,14 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp if err != nil { if k8serrors.IsNotFound(err) { // If there is no matching secret, try to get it from configmap. - secretName = httpsCredentialConfig.MatchSecretNameByDomain(rule.Host) - secretNamespace = c.options.SystemNamespace - namespace, secret := cert.ParseTLSSecret(secretName) - if namespace != "" { - secretNamespace = namespace + matchSecretName := httpsCredentialConfig.MatchSecretNameByDomain(rule.Host) + if matchSecretName != "" { + namespace, secret := cert.ParseTLSSecret(matchSecretName) + if namespace == "" { + secretNamespace = c.options.SystemNamespace + } else { + secretNamespace = namespace + } secretName = secret } } diff --git a/pkg/ingress/kube/ingressv1/controller.go b/pkg/ingress/kube/ingressv1/controller.go index b15e4b198..f315e3cff 100644 --- a/pkg/ingress/kube/ingressv1/controller.go +++ b/pkg/ingress/kube/ingressv1/controller.go @@ -417,11 +417,14 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp if err != nil { if k8serrors.IsNotFound(err) { // If there is no matching secret, try to get it from configmap. - secretName = httpsCredentialConfig.MatchSecretNameByDomain(rule.Host) - secretNamespace = c.options.SystemNamespace - namespace, secret := cert.ParseTLSSecret(secretName) - if namespace != "" { - secretNamespace = namespace + matchSecretName := httpsCredentialConfig.MatchSecretNameByDomain(rule.Host) + if matchSecretName != "" { + namespace, secret := cert.ParseTLSSecret(matchSecretName) + if namespace == "" { + secretNamespace = c.options.SystemNamespace + } else { + secretNamespace = namespace + } secretName = secret } }