Kubernetes NGINX Ingress Controller not picking up TLS Certificates

Just faced that issue as well with v0.30.0 and it turns out that having an ingress config like this without explicit hostnames is ok:

spec:
  tls:
    - secretName: ssl-certificate

On my side the problem was that I had a annotation on the ingress with an int64 value that was not parsed correctly and below that was the definiton kubernetes.io/ingress.class so essentially nginx did not find the ingress controller which was stated in the logs correctly:

ignoring add for ingress <ingressname> based on annotation kubernetes.io/ingress.class with value

So using strings in the annotations fixed the problem.

Turns out that the ingress definition needs to look like:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ssl-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  tls:
    - hosts:
      - app.example.com
      secretName: tls-secret
  rules:
    - host: app.example.com
      http:
        paths:
        - path: /
          backend:
            serviceName: demo-echo-service
            servicePort: 80

The host entry under rules needs to match one of the hosts entries under tls.