Merge pull request #1212 from danielqsj/bind-address

Add option to specify addresses on which the server will accept

controllers/nginx/pkg/config/config.go

@@ -342,12 +342,19 @@ type Configuration struct {
 	// If no data is transmitted within this time, the connection is closed.
 	// http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_timeout
 	ProxyStreamTimeout string `json:"proxy-stream-timeout,omitempty"`
+
+	// Sets the ipv4 addresses on which the server will accept requests.
+	BindAddressIpv4 []string `json:"bind-address-ipv4,omitempty"`
+
+	// Sets the ipv6 addresses on which the server will accept requests.
+	BindAddressIpv6 []string `json:"bind-address-ipv6,omitempty"`
 }
 
 // NewDefault returns the default nginx configuration
 func NewDefault() Configuration {
 	defIPCIDR := make([]string, 0)
 	defIPCIDR = append(defIPCIDR, "0.0.0.0/0")
+	defBindAddress := make([]string, 0)
 	cfg := Configuration{
 		AllowBackendServerHeader:   false,
 		AccessLogPath:              "/var/log/nginx/access.log",
@@ -414,6 +421,8 @@ func NewDefault() Configuration {
 		},
 		UpstreamKeepaliveConnections: 0,
 		LimitConnZoneVariable:        defaultLimitConnZoneVariable,
+		BindAddressIpv4:              defBindAddress,
+		BindAddressIpv6:              defBindAddress,
 	}
 
 	if glog.V(5) {

controllers/nginx/pkg/template/configmap.go

@@ -17,6 +17,8 @@ limitations under the License.
 package template
 
 import (
+	"fmt"
+	"net"
 	"strconv"
 	"strings"
 
@@ -24,6 +26,7 @@ import (
 	"github.com/mitchellh/mapstructure"
 
 	"k8s.io/ingress/controllers/nginx/pkg/config"
+	ing_net "k8s.io/ingress/core/pkg/net"
 )
 
 const (
@@ -31,6 +34,7 @@ const (
 	skipAccessLogUrls    = "skip-access-log-urls"
 	whitelistSourceRange = "whitelist-source-range"
 	proxyRealIPCIDR      = "proxy-real-ip-cidr"
+	bindAddress          = "bind-address"
 )
 
 // ReadConfig obtains the configuration defined by the user merged with the defaults.
@@ -47,6 +51,8 @@ func ReadConfig(src map[string]string) config.Configuration {
 	skipUrls := make([]string, 0)
 	whitelist := make([]string, 0)
 	proxylist := make([]string, 0)
+	bindAddressIpv4List := make([]string, 0)
+	bindAddressIpv6List := make([]string, 0)
 
 	if val, ok := conf[customHTTPErrors]; ok {
 		delete(conf, customHTTPErrors)
@@ -73,12 +79,29 @@ func ReadConfig(src map[string]string) config.Configuration {
 	} else {
 		proxylist = append(proxylist, "0.0.0.0/0")
 	}
+	if val, ok := conf[bindAddress]; ok {
+		delete(conf, bindAddress)
+		for _, i := range strings.Split(val, ",") {
+			ns := net.ParseIP(i)
+			if ns != nil {
+				if ing_net.IsIPV6(ns) {
+					bindAddressIpv6List = append(bindAddressIpv6List, fmt.Sprintf("[%v]", ns))
+				} else {
+					bindAddressIpv4List = append(bindAddressIpv4List, fmt.Sprintf("%v", ns))
+				}
+			} else {
+				glog.Warningf("%v is not a valid textual representation of an IP address", i)
+			}
+		}
+	}
 
 	to := config.NewDefault()
 	to.CustomHTTPErrors = filterErrors(errors)
 	to.SkipAccessLogURLs = skipUrls
 	to.WhitelistSourceRange = whitelist
 	to.ProxyRealIPCIDR = proxylist
+	to.BindAddressIpv4 = bindAddressIpv4List
+	to.BindAddressIpv6 = bindAddressIpv6List
 
 	config := &mapstructure.DecoderConfig{
 		Metadata:         nil,

controllers/nginx/pkg/template/configmap_test.go

@@ -45,6 +45,7 @@ func TestMergeConfigMapToStruct(t *testing.T) {
 		"enable-dynamic-tls-records": "false",
 		"gzip-types":                 "text/html",
 		"proxy-real-ip-cidr":         "1.1.1.1/8,2.2.2.2/24",
+		"bind-address":               "1.1.1.1,2.2.2.2,3.3.3,2001:db8:a0b:12f0::1,3731:54:65fe:2::a7,33:33:33::33::33",
 	}
 	def := config.NewDefault()
 	def.CustomHTTPErrors = []int{300, 400}
@@ -58,6 +59,8 @@ func TestMergeConfigMapToStruct(t *testing.T) {
 	def.UseProxyProtocol = true
 	def.GzipTypes = "text/html"
 	def.ProxyRealIPCIDR = []string{"1.1.1.1/8", "2.2.2.2/24"}
+	def.BindAddressIpv4 = []string{"1.1.1.1", "2.2.2.2"}
+	def.BindAddressIpv6 = []string{"[2001:db8:a0b:12f0::1]", "[3731:54:65fe:2::a7]"}
 
 	to := ReadConfig(conf)
 	if diff := pretty.Compare(to, def); diff != "" {