From 1062340b0d123d5a7d30e76a674ab41888b11460 Mon Sep 17 00:00:00 2001
From: Max Laverse <max@laverse.net>
Date: Mon, 9 Oct 2017 14:16:09 +0200
Subject: [PATCH] Return 503 by default when no endpoint is available

---
 pkg/ingress/controller/controller.go |  4 ++--
 rootfs/etc/nginx/template/nginx.tmpl | 10 ++++++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/pkg/ingress/controller/controller.go b/pkg/ingress/controller/controller.go
index 7266b22c82..c16f46a01c 100644
--- a/pkg/ingress/controller/controller.go
+++ b/pkg/ingress/controller/controller.go
@@ -603,8 +603,8 @@ func (ic *GenericController) getBackendServers(ingresses []*extensions.Ingress)
 			for _, location := range server.Locations {
 				if upstream.Name == location.Backend {
 					if len(upstream.Endpoints) == 0 {
-						glog.V(3).Infof("upstream %v does not have any active endpoints. Using default backend", upstream.Name)
-						location.Backend = "upstream-default-backend"
+						glog.V(3).Infof("upstream %v does not have any active endpoints.", upstream.Name)
+						location.Backend = ""
 
 						// check if the location contains endpoints and a custom default backend
 						if location.DefaultBackend != nil {
diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
index 00aa4e42ae..05be6bfb8f 100644
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@@ -592,7 +592,7 @@ stream {
         ssl_certificate                         {{ $server.SSLCertificate }};
         ssl_certificate_key                     {{ $server.SSLCertificate }};
         {{ if not (empty $server.SSLFullChainCertificate)}}
-        ssl_trusted_certificate                 {{ $server.SSLFullChainCertificate }};        
+        ssl_trusted_certificate                 {{ $server.SSLFullChainCertificate }};
         ssl_stapling                            on;
         ssl_stapling_verify                     on;
         {{ end }}
@@ -616,7 +616,7 @@ stream {
         {{ if not (empty $server.ServerSnippet) }}
         {{ $server.ServerSnippet }}
         {{ end }}
-        
+
         {{ range $location := $server.Locations }}
         {{ $path := buildLocation $location }}
         {{ $authPath := buildAuthLocation $location }}
@@ -808,8 +808,14 @@ stream {
             proxy_set_header       X-Service-Name     $service_name;
             {{ end }}
 
+
+            {{ if not (empty $location.Backend) }}
             {{ buildProxyPass $server.Hostname $all.Backends $location }}
             {{ else }}
+            # No endpoints available for the request
+            return 503;
+            {{ end }}
+            {{ else }}
             # Location denied. Reason: {{ $location.Denied }}
             return 503;
             {{ end }}