From d30dcda814875757a6caa9d695a41eea7bd12c44 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sun, 3 Oct 2021 19:14:27 +0200
Subject: [PATCH] providers/proxy: always check ingress secret in kubernetes
 controller

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/providers/proxy/controllers/k8s/ingress.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/authentik/providers/proxy/controllers/k8s/ingress.py b/authentik/providers/proxy/controllers/k8s/ingress.py
index 07d3d8c08..601cf9c1b 100644
--- a/authentik/providers/proxy/controllers/k8s/ingress.py
+++ b/authentik/providers/proxy/controllers/k8s/ingress.py
@@ -63,8 +63,15 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
         have_hosts_tls = []
         if current.spec.tls:
             for tls_config in current.spec.tls:
-                if tls_config and tls_config.hosts:
+                if not tls_config:
+                    continue
+                if tls_config.hosts:
                     have_hosts_tls += tls_config.hosts
+                if (
+                    tls_config.secret_name
+                    != self.controller.outpost.config.kubernetes_ingress_secret_name
+                ):
+                    raise NeedsUpdate()
         have_hosts_tls.sort()
 
         if have_hosts != expected_hosts: