Use authbind to bind privileged ports

internal/ingress/metric/collectors/controller.go

@@ -77,7 +77,7 @@ func NewController(pod, namespace, class string) *Controller {
 			prometheus.GaugeOpts{
 				Namespace:   PrometheusNamespace,
 				Name:        "config_last_reload_successful",
-				Help:        "Whether the last configuration reload attemp was successful",
+				Help:        "Whether the last configuration reload attempt was successful",
 				ConstLabels: constLabels,
 			}),
 		configSuccessTime: prometheus.NewGauge(

internal/ingress/metric/collectors/controller_test.go

@@ -26,7 +26,7 @@ import (
 
 func TestControllerCounters(t *testing.T) {
 	const metadata = `
-		# HELP nginx_ingress_controller_config_last_reload_successful Whether the last configuration reload attemp was successful
+		# HELP nginx_ingress_controller_config_last_reload_successful Whether the last configuration reload attempt was successful
 		# TYPE nginx_ingress_controller_config_last_reload_successful gauge
 		# HELP nginx_ingress_controller_success Cumulative number of Ingress controller reload operations
 		# TYPE nginx_ingress_controller_success counter

internal/ingress/metric/collectors/socket.go

@@ -21,6 +21,7 @@ import (
 	"fmt"
 	"io"
 	"net"
+	"os"
 
 	"github.com/golang/glog"
 	"github.com/prometheus/client_golang/prometheus"
@@ -95,7 +96,13 @@ var (
 // NewSocketCollector creates a new SocketCollector instance using
 // the ingresss watch namespace and class used by the controller
 func NewSocketCollector(pod, namespace, class string) (*SocketCollector, error) {
-	listener, err := net.Listen("unix", "/tmp/prometheus-nginx.socket")
+	socket := "/tmp/prometheus-nginx.socket"
+	listener, err := net.Listen("unix", socket)
+	if err != nil {
+		return nil, err
+	}
+
+	err = os.Chmod(socket, 0777)
 	if err != nil {
 		return nil, err
 	}