From c7115accf3a80e7ce018b6a593327ab8d77d3631 Mon Sep 17 00:00:00 2001
From: Tony Li <tonyli.lives@gmail.com>
Date: Fri, 27 Jan 2017 20:19:14 -0500
Subject: [PATCH] use annotation if specified, otherwise use spec

---
 controllers/gce/controller/controller.go | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/controllers/gce/controller/controller.go b/controllers/gce/controller/controller.go
index 38309a34e..051ec9086 100644
--- a/controllers/gce/controller/controller.go
+++ b/controllers/gce/controller/controller.go
@@ -423,11 +423,19 @@ func (lbc *LoadBalancerController) ListRuntimeInfo() (lbs []*loadbalancers.L7Run
 			glog.Warningf("Cannot get key for Ingress %v/%v: %v", ing.Namespace, ing.Name, err)
 			continue
 		}
-		tls, err := lbc.tlsLoader.load(&ing)
-		if err != nil {
-			glog.Warningf("Cannot get certs for Ingress %v/%v: %v", ing.Namespace, ing.Name, err)
-		}
+
+		var tls *loadbalancers.TLSCerts
+
 		annotations := ingAnnotations(ing.ObjectMeta.Annotations)
+		// Load the TLS cert from the API Spec if it is not specified in the annotation.
+		// TODO: enforce this with validation.
+		if annotations.useNamedTLS() == "" {
+			tls, err = lbc.tlsLoader.load(&ing)
+			if err != nil {
+				glog.Warningf("Cannot get certs for Ingress %v/%v: %v", ing.Namespace, ing.Name, err)
+			}
+		}
+
 		lbs = append(lbs, &loadbalancers.L7RuntimeInfo{
 			Name:         k,
 			TLS:          tls,