When auth is disabled, annotations are no longer set

scc-digitalhub · Jan 24, 2024 · fb6aedc · fb6aedc
1 parent ab06baa
commit fb6aedc
Showing 1 changed file with 17 additions and 10 deletions.
diff --git a/internal/controller/apigw_controller.go b/internal/controller/apigw_controller.go
@@ -391,6 +391,7 @@ func (r *ApiGwReconciler) ingressForApiGw(ctx context.Context, apigw *operatorv1
 		}},
 	}
 
+	// Add TLS to the spec, if enabled
 	enableTls, found := os.LookupEnv(envEnableTls)
 	if found && strings.EqualFold(enableTls, "true") {
 		tls := networkingv1.IngressTLS{
@@ -405,17 +406,23 @@ func (r *ApiGwReconciler) ingressForApiGw(ctx context.Context, apigw *operatorv1
 		ingressSpec.TLS = []networkingv1.IngressTLS{tls}
 	}
 
+	objectMeta := metav1.ObjectMeta{
+		Name:      formatResourceName(apigw.Name),
+		Namespace: apigw.Namespace,
+		Labels:    labelsForApiGw(apigw.Name),
+	}
+
+	// Add auth annotations to metadata, if enabled
+	if apigw.Spec.Auth.Type != "" && apigw.Spec.Auth.Type != "none" {
+		objectMeta.Annotations = map[string]string{
+			"nginx.ingress.kubernetes.io/auth-type":   apigw.Spec.Auth.Type,
+			"nginx.ingress.kubernetes.io/auth-secret": formatResourceName(apigw.Name),
+		}
+	}
+
 	ingress := &networkingv1.Ingress{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      formatResourceName(apigw.Name),
-			Namespace: apigw.Namespace,
-			Labels:    labelsForApiGw(apigw.Name),
-			Annotations: map[string]string{
-				"nginx.ingress.kubernetes.io/auth-type":   apigw.Spec.Auth.Type,
-				"nginx.ingress.kubernetes.io/auth-secret": formatResourceName(apigw.Name),
-			},
-		},
-		Spec: ingressSpec,
+		ObjectMeta: objectMeta,
+		Spec:       ingressSpec,
 	}
 
 	// Set the ownerRef for the Ingress