Add support for IPV6 in dns resolvers

controllers/nginx/configuration.md

@@ -227,9 +227,6 @@ http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
 **proxy-buffer-size:** Sets the size of the buffer used for [reading the first part of the response](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) received from the proxied server. This part usually contains a small response header.`
 
 
-**resolver:** Configures name servers used to [resolve](http://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) names of upstream servers into addresses
-
-
 **server-name-hash-max-size:** Sets the maximum size of the [server names hash tables](http://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_max_size) used in server names, map directive’s values, MIME types, names of request header strings, etc.
 http://nginx.org/en/docs/hash.html
 

controllers/nginx/pkg/template/configmap.go

@@ -31,6 +31,7 @@ import (
 
 	"k8s.io/ingress/controllers/nginx/pkg/config"
 	"k8s.io/ingress/core/pkg/ingress/defaults"
+	"k8s.io/ingress/core/pkg/net/dns"
 )
 
 const (
@@ -97,6 +98,13 @@ func ReadConfig(conf *api.ConfigMap) config.Configuration {
 	if err != nil {
 		glog.Infof("%v", err)
 	}
+
+	nss, err := dns.GetSystemNameServers()
+	if err != nil {
+		glog.Infof("unexpected error reading /etc/resolv.conf file: %v", err)
+	}
+	to.Resolver = nss
+
 	return to
 }
 

controllers/nginx/pkg/template/template.go

@@ -21,6 +21,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"net"
 	"os/exec"
 	"strings"
 	text_template "text/template"
@@ -29,6 +30,7 @@ import (
 
 	"k8s.io/ingress/controllers/nginx/pkg/config"
 	"k8s.io/ingress/core/pkg/ingress"
+	ing_net "k8s.io/ingress/core/pkg/net"
 	"k8s.io/ingress/core/pkg/watch"
 )
 
@@ -134,6 +136,7 @@ var (
 		"buildRateLimitZones":         buildRateLimitZones,
 		"buildRateLimit":              buildRateLimit,
 		"buildSSPassthroughUpstreams": buildSSPassthroughUpstreams,
+		"buildResolvers":              buildResolvers,
 
 		"contains":  strings.Contains,
 		"hasPrefix": strings.HasPrefix,
@@ -143,6 +146,27 @@ var (
 	}
 )
 
+// buildResolvers returns the resolvers reading the /etc/resolv.conf file
+func buildResolvers(a interface{}) string {
+	// NGINX need IPV6 addresses to be surrounded by brakets
+	nss := a.([]net.IP)
+	if len(nss) == 0 {
+		return ""
+	}
+
+	r := []string{"resolver"}
+	for _, ns := range nss {
+		if ing_net.IsIPV6(ns) {
+			r = append(r, fmt.Sprintf("[%v]", ns))
+		} else {
+			r = append(r, fmt.Sprintf("%v", ns))
+		}
+	}
+	r = append(r, "valid=30s;")
+
+	return strings.Join(r, " ")
+}
+
 func buildSSPassthroughUpstreams(b interface{}, sslb interface{}) string {
 	backends := b.([]*ingress.Backend)
 	sslBackends := sslb.([]*ingress.SSLPassthroughBackend)

controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl

@@ -85,10 +85,7 @@ http {
     access_log /var/log/nginx/access.log upstreaminfo if=$loggable;
     error_log  /var/log/nginx/error.log {{ $cfg.ErrorLogLevel }};
 
-    {{ if not (empty $cfg.Resolver) }}# Custom dns resolver.
-    resolver {{ $cfg.Resolver }} valid=30s;
-    resolver_timeout 10s;
-    {{ end }}
+    {{ buildResolvers $cfg.Resolver }}
 
     {{/* Whenever nginx proxies a request without a "Connection" header, the "Connection" header is set to "close" */}}
     {{/* when making the target request.  This means that you cannot simply use */}}