Error during getting secret: resource name may not be empty

[KingJ]

Looking in the logs for the kube-lego pod, i'm seeing "Error during getting secret: resource name may not be empty" appear quite frequently. kube-lego is able to fetch a certificate, but because of this error it appears to not store it and thus tries to fetch a new certificate, eventually hitting LE's rate limit on certificate issuance.

2016-11-20T12:17:22.492732131Z time="2016-11-20T12:17:22Z" level=info msg="requesting certificate for domain1.kingj.net,domain2.kingj.net" context="ingress_tls" name=domain1-ingress namespace=default 
2016-11-20T12:17:23.207569614Z time="2016-11-20T12:17:23Z" level=debug msg="testing reachablity of http://domain2.kingj.net/.well-known/acme-challenge/_selftest" context=acme domain=domain2.kingj.net 
2016-11-20T12:17:23.207887947Z time="2016-11-20T12:17:23Z" level=debug msg="testing reachablity of http://domain1.kingj.net/.well-known/acme-challenge/_selftest" context=acme domain=domain1.kingj.net 
2016-11-20T12:17:24.507967398Z time="2016-11-20T12:17:24Z" level=debug msg="got authorization: &{URI:https://acme-v01.api.letsencrypt.org/acme/challenge/REMOVED Status:valid Identifier:{Type: Value:} Challenges:[] Combinations:[]}" context=acme domain=domain1.kingj.net 
2016-11-20T12:17:24.508068395Z time="2016-11-20T12:17:24Z" level=info msg="authorization successful" context=acme domain=domain1.kingj.net 
2016-11-20T12:17:24.508862168Z time="2016-11-20T12:17:24Z" level=debug msg="got authorization: &{URI:https://acme-v01.api.letsencrypt.org/acme/challenge/REMOVED Status:valid Identifier:{Type: Value:} Challenges:[] Combinations:[]}" context=acme domain=domain2.kingj.net 
2016-11-20T12:17:24.508943840Z time="2016-11-20T12:17:24Z" level=info msg="authorization successful" context=acme domain=domain2.kingj.net 
2016-11-20T12:17:25.726043026Z time="2016-11-20T12:17:25Z" level=info msg="successfully got certificate: domains=[domain1.kingj.net domain2.kingj.net] url=https://acme-v01.api.letsencrypt.org/acme/cert/REMOVED" context=acme 
2016-11-20T12:17:25.726140077Z time="2016-11-20T12:17:25Z" level=debug msg="certificate pem data:"REMOVED" context=acme 
2016-11-20T12:17:25.726308003Z time="2016-11-20T12:17:25Z" level=warning msg="Error during getting secret: resource name may not be empty" context=kubelego 
2016-11-20T12:17:25.726400451Z time="2016-11-20T12:17:25Z" level=error msg="Error while process certificate requests: resource name may not be empty" context=kubelego 
2016-11-20T12:17:25.726414706Z time="2016-11-20T12:17:25Z" level=debug msg="worker: done processing true" context=kubelego 

The ingress i'm requesting a certificate for, the nginx LB and kube-lego are all part of the default namespace.

[KingJ]

Looks like this was a case of user error! In my application's Ingress configuration, I had neglected to specify a secretName in the tls section - I had only specified the hosts. I'm guessing that this meant that kube-lego attempted to read/write from a secret without a name, causing the error I saw. This may also be the cause of some Secret default/ does not exists errors I saw in the nginx load balancer's logs.

After re-deploying my application with a secretName specified (and a different set of domains so as to bypass the LE lockout), kube-lego was able to retrieve and store the certificate 😄 .