Use authbind to bind privileged ports

internal/ingress/controller/nginx.go

@@ -741,7 +741,10 @@ func configureDynamically(pcfg *ingress.Configuration, port int) error {
 	backends := make([]*ingress.Backend, len(pcfg.Backends))
 
 	for i, backend := range pcfg.Backends {
-		service := &apiv1.Service{Spec: backend.Service.Spec}
+		var service *apiv1.Service
+		if backend.Service != nil {
+			service = &apiv1.Service{Spec: backend.Service.Spec}
+		}
 		luaBackend := &ingress.Backend{
 			Name:            backend.Name,
 			Port:            backend.Port,

internal/ingress/controller/util.go

@@ -80,9 +80,9 @@ func nginxExecCommand(args ...string) *exec.Cmd {
 		ngx = defBinary
 	}
 
-	cmdArgs := []string{"-c", cfgPath}
+	cmdArgs := []string{"--deep", ngx, "-c", cfgPath}
 	cmdArgs = append(cmdArgs, args...)
-	return exec.Command(ngx, cmdArgs...)
+	return exec.Command("authbind", cmdArgs...)
 }
 
 func nginxTestCommand(cfg string) *exec.Cmd {
@@ -91,5 +91,5 @@ func nginxTestCommand(cfg string) *exec.Cmd {
 		ngx = defBinary
 	}
 
-	return exec.Command(ngx, "-c", cfg, "-t")
+	return exec.Command("authbind", "--deep", ngx, "-c", cfg, "-t")
 }

internal/ingress/metric/collectors/controller.go

@@ -77,7 +77,7 @@ func NewController(pod, namespace, class string) *Controller {
 			prometheus.GaugeOpts{
 				Namespace:   PrometheusNamespace,
 				Name:        "config_last_reload_successful",
-				Help:        "Whether the last configuration reload attemp was successful",
+				Help:        "Whether the last configuration reload attempt was successful",
 				ConstLabels: constLabels,
 			}),
 		configSuccessTime: prometheus.NewGauge(

internal/ingress/metric/collectors/controller_test.go

@@ -26,7 +26,7 @@ import (
 
 func TestControllerCounters(t *testing.T) {
 	const metadata = `
-		# HELP nginx_ingress_controller_config_last_reload_successful Whether the last configuration reload attemp was successful
+		# HELP nginx_ingress_controller_config_last_reload_successful Whether the last configuration reload attempt was successful
 		# TYPE nginx_ingress_controller_config_last_reload_successful gauge
 		# HELP nginx_ingress_controller_success Cumulative number of Ingress controller reload operations
 		# TYPE nginx_ingress_controller_success counter

internal/ingress/metric/collectors/socket.go

@@ -21,6 +21,7 @@ import (
 	"fmt"
 	"io"
 	"net"
+	"os"
 
 	"github.com/golang/glog"
 	"github.com/prometheus/client_golang/prometheus"
@@ -95,7 +96,13 @@ var (
 // NewSocketCollector creates a new SocketCollector instance using
 // the ingresss watch namespace and class used by the controller
 func NewSocketCollector(pod, namespace, class string) (*SocketCollector, error) {
-	listener, err := net.Listen("unix", "/tmp/prometheus-nginx.socket")
+	socket := "/tmp/prometheus-nginx.socket"
+	listener, err := net.Listen("unix", socket)
+	if err != nil {
+		return nil, err
+	}
+
+	err = os.Chmod(socket, 0777)
 	if err != nil {
 		return nil, err
 	}

internal/net/net.go

@@ -29,12 +29,12 @@ func IsIPV6(ip _net.IP) bool {
 
 // IsPortAvailable checks if a TCP port is available or not
 func IsPortAvailable(p int) bool {
-	ln, err := _net.Listen("tcp", fmt.Sprintf(":%v", p))
+	conn, err := _net.Dial("tcp", fmt.Sprintf(":%v", p))
 	if err != nil {
-		return false
+		return true
 	}
-	ln.Close()
-	return true
+	defer conn.Close()
+	return false
 }
 
 // IsIPv6Enabled checks if IPV6 is enabled or not