Add command line argument to manually disable IPV6 listeners for unsupported clusters (#3040)

* Add command line argument to disable IPV6 listeners
* update helm chart and documentation
* Add automated test
* update documentation
* fix import

Co-authored-by: Venktesh <[email protected]>

Author: haywoodsh

cmd/nginx-ingress/flags.go

@@ -180,6 +180,9 @@ var (
 	includeYearInLogs = flag.Bool("include-year", false,
 		"Option to include the year in the log header")
 
+	disableIPV6 = flag.Bool("disable-ipv6", false,
+		`Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack`)
+
 	startupCheckFn func() error
 )
 

cmd/nginx-ingress/main.go

@@ -75,6 +75,7 @@ func main() {
 	cfgParams = processConfigMaps(kubeClient, cfgParams, nginxManager, templateExecutor)
 
 	staticCfgParams := &configs.StaticConfigParams{
+		DisableIPV6:                    *disableIPV6,
 		HealthStatus:                   *healthStatus,
 		HealthStatusURI:                *healthStatusURI,
 		NginxStatus:                    *nginxStatus,
@@ -149,6 +150,7 @@ func main() {
 		SnippetsEnabled:              *enableSnippets,
 		CertManagerEnabled:           *enableCertManager,
 		ExternalDNSEnabled:           *enableExternalDNS,
+		IsIPV6Disabled:               *disableIPV6,
 	}
 
 	lbc := k8s.NewLoadBalancerController(lbcInput)

deployments/helm-chart/README.md

@@ -245,6 +245,7 @@ Parameter | Description | Default
 `controller.enableLatencyMetrics` | Enable collection of latency metrics for upstreams. Requires `prometheus.create`. | false
 `controller.minReadySeconds` | Specifies the minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing, for it to be considered available. [docs](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds) | 0
 `controller.strategy` | Specifies the strategy used to replace old Pods by new ones. [docs](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) | {}
+`controller.disableIPV6` | Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack. | false
 `rbac.create` | Configures RBAC. | true
 `prometheus.create` | Expose NGINX or NGINX Plus metrics in the Prometheus format. | false
 `prometheus.port` | Configures the port to scrape the metrics. | 9113

deployments/helm-chart/templates/controller-daemonset.yaml

@@ -192,6 +192,7 @@ spec:
           - -enable-custom-resources={{ .Values.controller.enableCustomResources }}
           - -enable-snippets={{ .Values.controller.enableSnippets }}
           - -include-year={{ .Values.controller.includeYear }}
+          - -disable-ipv6={{ .Values.controller.disableIPV6 }}
 {{- if .Values.controller.enableCustomResources }}
           - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }}
           - -enable-preview-policies={{ .Values.controller.enablePreviewPolicies }}

deployments/helm-chart/templates/controller-deployment.yaml

@@ -195,6 +195,7 @@ spec:
           - -enable-custom-resources={{ .Values.controller.enableCustomResources }}
           - -enable-snippets={{ .Values.controller.enableSnippets }}
           - -include-year={{ .Values.controller.includeYear }}
+          - -disable-ipv6={{ .Values.controller.disableIPV6 }}
 {{- if .Values.controller.enableCustomResources }}
           - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }}
           - -enable-preview-policies={{ .Values.controller.enablePreviewPolicies }}

deployments/helm-chart/values.yaml

@@ -382,6 +382,9 @@ controller:
   ## Enable collection of latency metrics for upstreams. Requires prometheus.create.
   enableLatencyMetrics: false
 
+  ## Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack.
+  disableIPV6: false
+
 rbac:
   ## Configures RBAC.
   create: true

docs/content/configuration/global-configuration/command-line-arguments.md

@@ -459,3 +459,11 @@ The HTTP port for the readiness endpoint.
 
 Format: `[1024 - 65535]` (default `8081`)
  
+
+### -disable-ipv6
+
+Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack.
+
+Default `false`.
+ 
+<a name="cmdoption-disable-ipv6"></a>

docs/content/installation/installation-with-helm.md

@@ -237,6 +237,7 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
 |``controller.enableLatencyMetrics`` | Enable collection of latency metrics for upstreams. Requires ``prometheus.create``. | false |
 |``controller.minReadySeconds`` | Specifies the minimum number of seconds for which a newly created Pod should be ready, without any of its containers crashing, for it to be considered available. [docs](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds) | 0 |
 |``controller.strategy`` | Specifies the strategy used to replace old Pods with new ones. [docs](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) | {} |
+| `controller.disableIPV6` | Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack. | false |
 |``rbac.create`` | Configures RBAC. | true |
 |``prometheus.create`` | Expose NGINX or NGINX Plus metrics in the Prometheus format. | false |
 |``prometheus.port`` | Configures the port to scrape the metrics. | 9113 |

internal/configs/config_params.go

@@ -111,6 +111,7 @@ type ConfigParams struct {
 
 // StaticConfigParams holds immutable NGINX configuration parameters that affect the main NGINX config.
 type StaticConfigParams struct {
+	DisableIPV6                    bool
 	HealthStatus                   bool
 	HealthStatusURI                string
 	NginxStatus                    bool

internal/configs/configmaps.go

@@ -553,6 +553,7 @@ func GenerateNginxMainConfig(staticCfgParams *StaticConfigParams, config *Config
 		AccessLogOff:                       config.MainAccessLogOff,
 		DefaultServerAccessLogOff:          config.DefaultServerAccessLogOff,
 		DefaultServerReturn:                config.DefaultServerReturn,
+		DisableIPV6:                        staticCfgParams.DisableIPV6,
 		ErrorLogLevel:                      config.MainErrorLogLevel,
 		HealthStatus:                       staticCfgParams.HealthStatus,
 		HealthStatusURI:                    staticCfgParams.HealthStatusURI,