Unable to use Ingress TLS with an empty Secret name (use case: ingress controller provides a default certificate for all connections)

[juliohm1978]

Name and Version

bitnami/phpmyadmin:14.2.1

What architecture are you using?

amd64

What steps will reproduce the bug?

Current chart template is unable to render the Ingress object without a TLS secret:

helm install --dry-run myrelease oci://registry-1.docker.io/bitnamicharts/phpmyadmin --version 14.2.1 --set ingress.enabled=true --se
t ingress.tls=true > output.yaml

Inspecting output.yaml, the Ingress will be:

# Source: phpmyadmin/templates/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: myrelease-phpmyadmin
  namespace: "default"
  labels:
    app.kubernetes.io/instance: myrelease
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: phpmyadmin
    app.kubernetes.io/version: 5.2.1
    helm.sh/chart: phpmyadmin-14.2.1
spec:
  rules:
    - host: phpmyadmin.local
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: myrelease-phpmyadmin
                port:
                  name: http
  tls:
    - hosts:
        - phpmyadmin.local
      secretName: phpmyadmin.local-tls

The value for tls[].secretName defaults to phpmyadmin.local-tls.

What is the expected behavior?

Under particular scenarios, I expect the chart to be table to render an Ingress with a tls array as follows:

  tls:
    - hosts:
        - phpmyadmin.local

The use case for this might not be very common, but very possible. Ingress Nginx controller, for example, allows for a default SSL certificate which can be served for all Ingresses that do not define a TLS secret.

The only workaround I found is to deploy a release with ingress.enabled=false and kubectl apply my own custom Ingress without a TLS secret defined.

[juliohm1978]

Follow up: another workaround is to use ingress.extraTls to define your own TLS list.

ingress:
  tls: false
  extraTls:
  - hosts:
    - my.domain.com

Not as intuitive, since we need to use ingress.tls: false while defining a custom extraTls list. Perhaps a simple note in the README for this chart can instruct chart users on that.

[carrodher]

Thank you for bringing this issue to our attention. We appreciate your involvement! If you're interested in contributing a solution, we welcome you to create a pull request. The Bitnami team is excited to review your submission and offer feedback. You can find the contributing guidelines here.

Your contribution will greatly benefit the community. Feel free to reach out if you have any questions or need assistance.

[juliohm1978]

I could send a PR, but honestly, I'm not quite sure what the best approach would be. Maybe a hideSecretNameFromTLS in the values.yaml? I'm terrible for naming variables 🤣

Besides, all charts in the repo seem to have the same behavior.

Would a note in the README suffice?

[rafariossaa]

Hi, Sorry for the delay. I you think a note in the README would do, please don't hesitate to send a PR with the note. We will be glad to review and merge it.

[github-actions[bot]]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[github-actions[bot]]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.