Watch for secret after ingress creation

[thetechnick]

The nginx ingress controller will ignore the TLS configuration of ingress objects, if the specified secret does not yet exist. If the secret is created afterwards, the nginx ingress controller does not update the rendered ingress configuration and the ingress will still be served without TLS.

I would expect the nginx ingress controller to wait for the secret to be created, or at least to update the generated configuration.
This feature, aside from #76, would be needed to support https://github.com/jetstack/kube-lego

[pleshakov]

Yep, watching for Secrets is not implemented. The controller must have it. Let me know if you're interested in implementing it.

[thetechnick]

@pleshakov
I am already on it, my current plan is to requeue the ingress object if the certificate cannot be fetched, this way the ingress is not created with invalid configuration (without TLS) and it is safely retried.

Setting up another listener or retry process is much more difficult and more error prone, without good test coverage.

[pleshakov]

@thetechnick
awesome! thx

Yep, the current behavior of proceeding with an Ingress with TSL but with a missing Secret must not be allowed.

Let me know what particular parts you think should be covered with tests.

[thetechnick]

@pleshakov
Its a pleasure :)
I have thrown together a fix for this, but I was not able to test my latest commit yet:
master...thetechnick:secret-retry