fix: fallbackForInvalidSecret to return original secret (#1245)

2026-05-28 14:47:29 +08:00 · 2024-08-25 15:59:12 +08:00
parent a5a28aebf6
commit a2c2d1d521
2 changed files with 16 additions and 10 deletions
--- a/pkg/ingress/kube/ingress/controller.go
+++ b/pkg/ingress/kube/ingress/controller.go
@@ -431,11 +431,14 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp
 				if err != nil {
 					if k8serrors.IsNotFound(err) {
 						// If there is no matching secret, try to get it from configmap.
-						secretName = httpsCredentialConfig.MatchSecretNameByDomain(rule.Host)
+						matchSecretName := httpsCredentialConfig.MatchSecretNameByDomain(rule.Host)
 						if matchSecretName != "" {
 							namespace, secret := cert.ParseTLSSecret(matchSecretName)
 							if namespace == "" {
 								secretNamespace = c.options.SystemNamespace
-						namespace, secret := cert.ParseTLSSecret(secretName)
+							} else {
 						if namespace != "" {
 								secretNamespace = namespace
 							}
 							secretName = secret
 						}
 					}
--- a/pkg/ingress/kube/ingressv1/controller.go
+++ b/pkg/ingress/kube/ingressv1/controller.go
@@ -417,11 +417,14 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp
 				if err != nil {
 					if k8serrors.IsNotFound(err) {
 						// If there is no matching secret, try to get it from configmap.
-						secretName = httpsCredentialConfig.MatchSecretNameByDomain(rule.Host)
+						matchSecretName := httpsCredentialConfig.MatchSecretNameByDomain(rule.Host)
 						if matchSecretName != "" {
 							namespace, secret := cert.ParseTLSSecret(matchSecretName)
 							if namespace == "" {
 								secretNamespace = c.options.SystemNamespace
-						namespace, secret := cert.ParseTLSSecret(secretName)
+							} else {
 						if namespace != "" {
 								secretNamespace = namespace
 							}
 							secretName = secret
 						}
 					}