[ingress/controllers/nginx] Add whitelistSourceRange of global config to location block in template

[bviolier]

The current nginx.tmpl only takes into account ingress.kubernetes.io/whitelist-source-range set on an Ingress but doesn't seem to take into account whitelist-source-range set in the Configmap of Nginx.

According to the docs at https://github.com/kubernetes/ingress/blob/master/controllers/nginx/configuration.md it should take that into account though:

To configure this setting globally for all Ingress rules, the whitelist-source-range value may be set in the NGINX ConfigMap.
Note: Adding an annotation to an Ingress rule overrides any global restriction.

This pull request add's the whitelist-source-range information to nginx.tmpl, only if for the location no specific one is set.

[k8s-ci-robot]

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://github.com/kubernetes/kubernetes/wiki/CLA-FAQ to sign the CLA.

Once you've signed, please reply here (e.g. "I signed it!") and we'll verify. Thanks.

---

• If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
• If you signed the CLA as a corporation, please sign in with your organization's credentials at https://identity.linuxfoundation.org/projects/cncf to be authorized.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[k8s-reviewable]

This change is 

[bviolier]

I signed it!

[aledbf]

Note: Adding an annotation to an Ingress rule overrides any global restriction

The idea is to omit the value in the configmap if you use the annotation.

[bviolier]

@aledbf That's what my PR should do. If an annotation is set on the ingress, it doesn't set the global one for that location block.

To be clear: the global whitelist wasn't taken into account, ever.

[aledbf]

@bviolier please check the code here. This is already done internally.

[bviolier]

@aledbf That's only parsing of the annotation on the Ingress, where happens the parsing/processing of the global whitelist-source-range set in the Nginx controller Configmap? I couldn't find that.

[aledbf]

@bviolier line 60 and 66, if there is no annotation, it returns the value from the configmap.

[coveralls]

Coverage increased (+0.04%) to 46.163% when pulling 203a19c on bviolier:add-whitelistsourcerange-ngix-templ into 5ab0f28 on kubernetes:master.

[bviolier]

You are right, my bad.

But, it doesn't seem to work in the latest Nginx controller beta though (nginx-ingress-controller:0.9.0-beta.1). With my PR it did work for me.

[aledbf]

@bviolier please open an issue to fix it.

[ashb]

Issue has been reported as #473.