From b1aead9f60c4b447070021780faee3debc536824 Mon Sep 17 00:00:00 2001
From: James Munnelly <james@munnelly.eu>
Date: Wed, 4 Jul 2018 12:36:13 +0100
Subject: [PATCH] Fire warning event instead of hard failing if TLS certificate
 is not present

---
 pkg/controller/controller.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go
index bd869c0ed9..f0899bfe32 100644
--- a/pkg/controller/controller.go
+++ b/pkg/controller/controller.go
@@ -27,6 +27,7 @@ import (
 
 	apiv1 "k8s.io/api/core/v1"
 	extensions "k8s.io/api/extensions/v1beta1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	unversionedcore "k8s.io/client-go/kubernetes/typed/core/v1"
@@ -415,7 +416,14 @@ func (lbc *LoadBalancerController) toRuntimeInfo(ing *extensions.Ingress, urlMap
 	if annotations.UseNamedTLS() == "" {
 		tls, err = lbc.tlsLoader.Load(ing)
 		if err != nil {
-			return nil, fmt.Errorf("cannot get certs for Ingress %v/%v: %v", ing.Namespace, ing.Name, err)
+			if apierrors.IsNotFound(err) {
+				// TODO: this path should be removed when external certificate managers migrate to a better solution.
+				const msg = "Could not find TLS certificates. Continuing setup for the load balancer to serve HTTP. Note: this behavior is deprecated and will be removed in a future version of ingress-gce"
+				lbc.ctx.Recorder(ing.Namespace).Eventf(ing, apiv1.EventTypeWarning, "Sync", msg)
+			} else {
+				glog.Errorf("Could not get certificates for ingress %s/%s: %v", ing.Namespace, ing.Name, err)
+				return nil, err
+			}
 		}
 	}