Refactor nginx config into own package

controllers/nginx/controller.go

@@ -42,6 +42,7 @@ import (
 
 	"k8s.io/contrib/ingress/controllers/nginx/nginx"
 	"k8s.io/contrib/ingress/controllers/nginx/nginx/auth"
+	"k8s.io/contrib/ingress/controllers/nginx/nginx/config"
 	"k8s.io/contrib/ingress/controllers/nginx/nginx/healthcheck"
 	"k8s.io/contrib/ingress/controllers/nginx/nginx/ratelimit"
 	"k8s.io/contrib/ingress/controllers/nginx/nginx/rewrite"
@@ -647,7 +648,7 @@ func (lbc *loadBalancerController) getDefaultUpstream() *nginx.Upstream {
 	return upstream
 }
 
-func (lbc *loadBalancerController) getUpstreamServers(ngxCfg nginx.Configuration, data []interface{}) ([]*nginx.Upstream, []*nginx.Server) {
+func (lbc *loadBalancerController) getUpstreamServers(ngxCfg config.Configuration, data []interface{}) ([]*nginx.Upstream, []*nginx.Server) {
 	upstreams := lbc.createUpstreams(ngxCfg, data)
 	upstreams[defUpstreamName] = lbc.getDefaultUpstream()
 
@@ -785,7 +786,7 @@ func (lbc *loadBalancerController) getUpstreamServers(ngxCfg nginx.Configuration
 
 // createUpstreams creates the NGINX upstreams for each service referenced in
 // Ingress rules. The servers inside the upstream are endpoints.
-func (lbc *loadBalancerController) createUpstreams(ngxCfg nginx.Configuration, data []interface{}) map[string]*nginx.Upstream {
+func (lbc *loadBalancerController) createUpstreams(ngxCfg config.Configuration, data []interface{}) map[string]*nginx.Upstream {
 	upstreams := make(map[string]*nginx.Upstream)
 
 	for _, ingIf := range data {

controllers/nginx/nginx/command.go

@@ -25,6 +25,8 @@ import (
 	"github.com/golang/glog"
 
 	"k8s.io/kubernetes/pkg/healthz"
+
+	"k8s.io/contrib/ingress/controllers/nginx/nginx/config"
 )
 
 // Start starts a nginx (master process) and waits. If the process ends
@@ -54,7 +56,7 @@ func (ngx *Manager) Start() {
 // shut down, stop accepting new connections and continue to service current requests
 // until all such requests are serviced. After that, the old worker processes exit.
 // http://nginx.org/en/docs/beginners_guide.html#control
-func (ngx *Manager) CheckAndReload(cfg Configuration, ingressCfg IngressConfig) {
+func (ngx *Manager) CheckAndReload(cfg config.Configuration, ingressCfg IngressConfig) {
 	ngx.reloadRateLimiter.Accept()
 
 	ngx.reloadLock.Lock()

controllers/nginx/nginx/config/config.go

@@ -0,0 +1,280 @@
+/*
+Copyright 2016 The Kubernetes Authors All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package config
+
+import (
+	"runtime"
+	"strconv"
+
+	"github.com/golang/glog"
+)
+
+const (
+	// http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
+	// Sets the maximum allowed size of the client request body
+	bodySize = "1m"
+
+	// http://nginx.org/en/docs/ngx_core_module.html#error_log
+	// Configures logging level [debug | info | notice | warn | error | crit | alert | emerg]
+	// Log levels above are listed in the order of increasing severity
+	errorLevel = "notice"
+
+	// HTTP Strict Transport Security (often abbreviated as HSTS) is a security feature (HTTP header)
+	// that tell browsers that it should only be communicated with using HTTPS, instead of using HTTP.
+	// https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
+	// max-age is the time, in seconds, that the browser should remember that this site is only to be accessed using HTTPS.
+	hstsMaxAge = "15724800"
+
+	// If UseProxyProtocol is enabled defIPCIDR defines the default the IP/network address of your external load balancer
+	defIPCIDR = "0.0.0.0/0"
+
+	gzipTypes = "application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component"
+
+	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size
+	// Sets the size of the buffer used for sending data.
+	// 4k helps NGINX to improve TLS Time To First Byte (TTTFB)
+	// https://www.igvita.com/2013/12/16/optimizing-nginx-tls-time-to-first-byte/
+	sslBufferSize = "4k"
+
+	// Enabled ciphers list to enabled. The ciphers are specified in the format understood by the OpenSSL library
+	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers
+	sslCiphers = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
+
+	// SSL enabled protocols to use
+	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols
+	sslProtocols = "TLSv1 TLSv1.1 TLSv1.2"
+
+	// Time during which a client may reuse the session parameters stored in a cache.
+	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_timeout
+	sslSessionTimeout = "10m"
+
+	// Size of the SSL shared cache between all worker processes.
+	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache
+	sslSessionCacheSize = "10m"
+)
+
+var (
+	// SSLDirectory contains the mounted secrets with SSL certificates, keys and
+	SSLDirectory = "/etc/nginx-ssl"
+)
+
+// Configuration represents the content of nginx.conf file
+type Configuration struct {
+	// http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
+	// Sets the maximum allowed size of the client request body
+	BodySize string `structs:"body-size,omitempty"`
+
+	// EnableStickySessions enabled sticky sessions using cookies
+	// https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng
+	// By default this is disabled
+	EnableStickySessions bool `structs:"enable-sticky-sessions,omitempty"`
+
+	// EnableVtsStatus allows the replacement of the default status page with a third party module named
+	// nginx-module-vts - https://github.com/vozlt/nginx-module-vts
+	// By default this is disabled
+	EnableVtsStatus bool `structs:"enable-vts-status,omitempty"`
+
+	VtsStatusZoneSize string `structs:"vts-status-zone-size,omitempty"`
+
+	// RetryNonIdempotent since 1.9.13 NGINX will not retry non-idempotent requests (POST, LOCK, PATCH)
+	// in case of an error. The previous behavior can be restored using the value true
+	RetryNonIdempotent bool `structs:"retry-non-idempotent"`
+
+	// http://nginx.org/en/docs/ngx_core_module.html#error_log
+	// Configures logging level [debug | info | notice | warn | error | crit | alert | emerg]
+	// Log levels above are listed in the order of increasing severity
+	ErrorLogLevel string `structs:"error-log-level,omitempty"`
+
+	// Enables or disables the header HSTS in servers running SSL
+	HSTS bool `structs:"hsts,omitempty"`
+
+	// Enables or disables the use of HSTS in all the subdomains of the servername
+	// Default: true
+	HSTSIncludeSubdomains bool `structs:"hsts-include-subdomains,omitempty"`
+
+	// HTTP Strict Transport Security (often abbreviated as HSTS) is a security feature (HTTP header)
+	// that tell browsers that it should only be communicated with using HTTPS, instead of using HTTP.
+	// https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
+	// max-age is the time, in seconds, that the browser should remember that this site is only to be
+	// accessed using HTTPS.
+	HSTSMaxAge string `structs:"hsts-max-age,omitempty"`
+
+	// enables which HTTP codes should be passed for processing with the error_page directive
+	// http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors
+	// http://nginx.org/en/docs/http/ngx_http_core_module.html#error_page
+	// By default this is disabled
+	CustomHTTPErrors []int `structs:"custom-http-errors,-"`
+
+	// Time during which a keep-alive client connection will stay open on the server side.
+	// The zero value disables keep-alive client connections
+	// http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
+	KeepAlive int `structs:"keep-alive,omitempty"`
+
+	// Maximum number of simultaneous connections that can be opened by each worker process
+	// http://nginx.org/en/docs/ngx_core_module.html#worker_connections
+	MaxWorkerConnections int `structs:"max-worker-connections,omitempty"`
+
+	// Defines a timeout for establishing a connection with a proxied server.
+	// It should be noted that this timeout cannot usually exceed 75 seconds.
+	// http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout
+	ProxyConnectTimeout int `structs:"proxy-connect-timeout,omitempty"`
+
+	// If UseProxyProtocol is enabled ProxyRealIPCIDR defines the default the IP/network address
+	// of your external load balancer
+	ProxyRealIPCIDR string `structs:"proxy-real-ip-cidr,omitempty"`
+
+	// Timeout in seconds for reading a response from the proxied server. The timeout is set only between
+	// two successive read operations, not for the transmission of the whole response
+	// http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout
+	ProxyReadTimeout int `structs:"proxy-read-timeout,omitempty"`
+
+	// Timeout in seconds for transmitting a request to the proxied server. The timeout is set only between
+	// two successive write operations, not for the transmission of the whole request.
+	// http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_send_timeout
+	ProxySendTimeout int `structs:"proxy-send-timeout,omitempty"`
+
+	// Configures name servers used to resolve names of upstream servers into addresses
+	// http://nginx.org/en/docs/http/ngx_http_core_module.html#resolver
+	Resolver string `structs:"resolver,omitempty"`
+
+	// Maximum size of the server names hash tables used in server names, map directive’s values,
+	// MIME types, names of request header strings, etcd.
+	// http://nginx.org/en/docs/hash.html
+	// http://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_max_size
+	ServerNameHashMaxSize int `structs:"server-name-hash-max-size,omitempty"`
+
+	// Size of the bucker for the server names hash tables
+	// http://nginx.org/en/docs/hash.html
+	// http://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_bucket_size
+	ServerNameHashBucketSize int `structs:"server-name-hash-bucket-size,omitempty"`
+
+	// Enables or disables the redirect (301) to the HTTPS port
+	SSLRedirect bool `structs:"ssl-redirect,omitempty"`
+
+	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size
+	// Sets the size of the buffer used for sending data.
+	// 4k helps NGINX to improve TLS Time To First Byte (TTTFB)
+	// https://www.igvita.com/2013/12/16/optimizing-nginx-tls-time-to-first-byte/
+	SSLBufferSize string `structs:"ssl-buffer-size,omitempty"`
+
+	// Enabled ciphers list to enabled. The ciphers are specified in the format understood by
+	// the OpenSSL library
+	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers
+	SSLCiphers string `structs:"ssl-ciphers,omitempty"`
+
+	// Base64 string that contains Diffie-Hellman key to help with "Perfect Forward Secrecy"
+	// https://www.openssl.org/docs/manmaster/apps/dhparam.html
+	// https://wiki.mozilla.org/Security/Server_Side_TLS#DHE_handshake_and_dhparam
+	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam
+	SSLDHParam string `structs:"ssl-dh-param,omitempty"`
+
+	// SSL enabled protocols to use
+	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols
+	SSLProtocols string `structs:"ssl-protocols,omitempty"`
+
+	// Enables or disables the use of shared SSL cache among worker processes.
+	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache
+	SSLSessionCache bool `structs:"ssl-session-cache,omitempty"`
+
+	// Size of the SSL shared cache between all worker processes.
+	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache
+	SSLSessionCacheSize string `structs:"ssl-session-cache-size,omitempty"`
+
+	// Enables or disables session resumption through TLS session tickets.
+	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets
+	SSLSessionTickets bool `structs:"ssl-session-tickets,omitempty"`
+
+	// Time during which a client may reuse the session parameters stored in a cache.
+	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_timeout
+	SSLSessionTimeout string `structs:"ssl-session-timeout,omitempty"`
+
+	// Number of unsuccessful attempts to communicate with the server that should happen in the
+	// duration set by the fail_timeout parameter to consider the server unavailable
+	// http://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream
+	// Default: 0, ie use platform liveness probe
+	UpstreamMaxFails int `structs:"upstream-max-fails,omitempty"`
+
+	// Time during which the specified number of unsuccessful attempts to communicate with
+	// the server should happen to consider the server unavailable
+	// http://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream
+	// Default: 0, ie use platform liveness probe
+	UpstreamFailTimeout int `structs:"upstream-fail-timeout,omitempty"`
+
+	// Enables or disables the use of the PROXY protocol to receive client connection
+	// (real IP address) information passed through proxy servers and load balancers
+	// such as HAproxy and Amazon Elastic Load Balancer (ELB).
+	// https://www.nginx.com/resources/admin-guide/proxy-protocol/
+	UseProxyProtocol bool `structs:"use-proxy-protocol,omitempty"`
+
+	// Enables or disables the use of the nginx module that compresses responses using the "gzip" method
+	// http://nginx.org/en/docs/http/ngx_http_gzip_module.html
+	UseGzip bool `structs:"use-gzip,omitempty"`
+
+	// Enables or disables the HTTP/2 support in secure connections
+	// http://nginx.org/en/docs/http/ngx_http_v2_module.html
+	// Default: true
+	UseHTTP2 bool `structs:"use-http2,omitempty"`
+
+	// MIME types in addition to "text/html" to compress. The special value “*” matches any MIME type.
+	// Responses with the “text/html” type are always compressed if UseGzip is enabled
+	GzipTypes string `structs:"gzip-types,omitempty"`
+
+	// Defines the number of worker processes. By default auto means number of available CPU cores
+	// http://nginx.org/en/docs/ngx_core_module.html#worker_processes
+	WorkerProcesses string `structs:"worker-processes,omitempty"`
+}
+
+// NewDefault returns the default configuration contained
+// in the file default-conf.json
+func NewDefault() Configuration {
+	cfg := Configuration{
+		BodySize:      bodySize,
+		ErrorLogLevel: errorLevel,
+		HSTS:          true,
+		HSTSIncludeSubdomains:    true,
+		HSTSMaxAge:               hstsMaxAge,
+		GzipTypes:                gzipTypes,
+		KeepAlive:                75,
+		MaxWorkerConnections:     16384,
+		ProxyConnectTimeout:      5,
+		ProxyRealIPCIDR:          defIPCIDR,
+		ProxyReadTimeout:         60,
+		ProxySendTimeout:         60,
+		ServerNameHashMaxSize:    512,
+		ServerNameHashBucketSize: 64,
+		SSLRedirect:              true,
+		SSLBufferSize:            sslBufferSize,
+		SSLCiphers:               sslCiphers,
+		SSLProtocols:             sslProtocols,
+		SSLSessionCache:          true,
+		SSLSessionCacheSize:      sslSessionCacheSize,
+		SSLSessionTickets:        true,
+		SSLSessionTimeout:        sslSessionTimeout,
+		UseProxyProtocol:         false,
+		UseGzip:                  true,
+		WorkerProcesses:          strconv.Itoa(runtime.NumCPU()),
+		VtsStatusZoneSize:        "10m",
+		UseHTTP2:                 true,
+		CustomHTTPErrors:         make([]int, 0),
+	}
+
+	if glog.V(5) {
+		cfg.ErrorLogLevel = "debug"
+	}
+
+	return cfg
+}

controllers/nginx/nginx/healthcheck/main.go

@@ -22,7 +22,7 @@ import (
 
 	"k8s.io/kubernetes/pkg/apis/extensions"
 
-	"k8s.io/contrib/ingress/controllers/nginx/nginx"
+	"k8s.io/contrib/ingress/controllers/nginx/nginx/config"
 )
 
 const (
@@ -82,7 +82,7 @@ func (a ingAnnotations) failTimeout() (int, error) {
 
 // ParseAnnotations parses the annotations contained in the ingress
 // rule used to configure upstream check parameters
-func ParseAnnotations(cfg nginx.Configuration, ing *extensions.Ingress) *Upstream {
+func ParseAnnotations(cfg config.Configuration, ing *extensions.Ingress) *Upstream {
 	if ing.GetAnnotations() == nil {
 		return &Upstream{cfg.UpstreamMaxFails, cfg.UpstreamFailTimeout}
 	}

controllers/nginx/nginx/healthcheck/main_test.go

@@ -23,7 +23,7 @@ import (
 	"k8s.io/kubernetes/pkg/apis/extensions"
 	"k8s.io/kubernetes/pkg/util/intstr"
 
-	"k8s.io/contrib/ingress/controllers/nginx/nginx"
+	"k8s.io/contrib/ingress/controllers/nginx/nginx/config"
 )
 
 func buildIngress() *extensions.Ingress {
@@ -103,7 +103,7 @@ func TestIngressHealthCheck(t *testing.T) {
 	data[upsMaxFails] = "2"
 	ing.SetAnnotations(data)
 
-	cfg := nginx.Configuration{}
+	cfg := config.Configuration{}
 	cfg.UpstreamFailTimeout = 1
 
 	nginxHz := ParseAnnotations(cfg, ing)

controllers/nginx/nginx/main.go

@@ -19,8 +19,6 @@ package nginx
 import (
 	"fmt"
 	"os"
-	"runtime"
-	"strconv"
 	"strings"
 	"sync"
 	"text/template"
@@ -33,225 +31,15 @@ import (
 	"k8s.io/kubernetes/pkg/api"
 	client "k8s.io/kubernetes/pkg/client/unversioned"
 	"k8s.io/kubernetes/pkg/util/flowcontrol"
+
+	"k8s.io/contrib/ingress/controllers/nginx/nginx/config"
 )
 
-const (
-	// http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
-	// Sets the maximum allowed size of the client request body
-	bodySize = "1m"
-
-	// http://nginx.org/en/docs/ngx_core_module.html#error_log
-	// Configures logging level [debug | info | notice | warn | error | crit | alert | emerg]
-	// Log levels above are listed in the order of increasing severity
-	errorLevel = "notice"
-
-	// HTTP Strict Transport Security (often abbreviated as HSTS) is a security feature (HTTP header)
-	// that tell browsers that it should only be communicated with using HTTPS, instead of using HTTP.
-	// https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
-	// max-age is the time, in seconds, that the browser should remember that this site is only to be accessed using HTTPS.
-	hstsMaxAge = "15724800"
-
-	// If UseProxyProtocol is enabled defIPCIDR defines the default the IP/network address of your external load balancer
-	defIPCIDR = "0.0.0.0/0"
-
-	gzipTypes = "application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component"
-
-	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size
-	// Sets the size of the buffer used for sending data.
-	// 4k helps NGINX to improve TLS Time To First Byte (TTTFB)
-	// https://www.igvita.com/2013/12/16/optimizing-nginx-tls-time-to-first-byte/
-	sslBufferSize = "4k"
-
-	// Enabled ciphers list to enabled. The ciphers are specified in the format understood by the OpenSSL library
-	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers
-	sslCiphers = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
-
-	// SSL enabled protocols to use
-	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols
-	sslProtocols = "TLSv1 TLSv1.1 TLSv1.2"
-
-	// Time during which a client may reuse the session parameters stored in a cache.
-	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_timeout
-	sslSessionTimeout = "10m"
-
-	// Size of the SSL shared cache between all worker processes.
-	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache
-	sslSessionCacheSize = "10m"
-)
-
-var (
-	// Base directory that contains the mounted secrets with SSL certificates, keys and
-	sslDirectory = "/etc/nginx-ssl"
-)
-
-// Configuration represents the content of nginx.conf file
-type Configuration struct {
-	// http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
-	// Sets the maximum allowed size of the client request body
-	BodySize string `structs:"body-size,omitempty"`
-
-	// EnableStickySessions enabled sticky sessions using cookies
-	// https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng
-	// By default this is disabled
-	EnableStickySessions bool `structs:"enable-sticky-sessions,omitempty"`
-
-	// EnableVtsStatus allows the replacement of the default status page with a third party module named
-	// nginx-module-vts - https://github.com/vozlt/nginx-module-vts
-	// By default this is disabled
-	EnableVtsStatus bool `structs:"enable-vts-status,omitempty"`
-
-	VtsStatusZoneSize string `structs:"vts-status-zone-size,omitempty"`
-
-	// RetryNonIdempotent since 1.9.13 NGINX will not retry non-idempotent requests (POST, LOCK, PATCH)
-	// in case of an error. The previous behavior can be restored using the value true
-	RetryNonIdempotent bool `structs:"retry-non-idempotent"`
-
-	// http://nginx.org/en/docs/ngx_core_module.html#error_log
-	// Configures logging level [debug | info | notice | warn | error | crit | alert | emerg]
-	// Log levels above are listed in the order of increasing severity
-	ErrorLogLevel string `structs:"error-log-level,omitempty"`
-
-	// Enables or disables the header HSTS in servers running SSL
-	HSTS bool `structs:"hsts,omitempty"`
-
-	// Enables or disables the use of HSTS in all the subdomains of the servername
-	// Default: true
-	HSTSIncludeSubdomains bool `structs:"hsts-include-subdomains,omitempty"`
-
-	// HTTP Strict Transport Security (often abbreviated as HSTS) is a security feature (HTTP header)
-	// that tell browsers that it should only be communicated with using HTTPS, instead of using HTTP.
-	// https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
-	// max-age is the time, in seconds, that the browser should remember that this site is only to be
-	// accessed using HTTPS.
-	HSTSMaxAge string `structs:"hsts-max-age,omitempty"`
-
-	// enables which HTTP codes should be passed for processing with the error_page directive
-	// http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors
-	// http://nginx.org/en/docs/http/ngx_http_core_module.html#error_page
-	// By default this is disabled
-	CustomHTTPErrors []int `structs:"custom-http-errors,-"`
-
-	// Time during which a keep-alive client connection will stay open on the server side.
-	// The zero value disables keep-alive client connections
-	// http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
-	KeepAlive int `structs:"keep-alive,omitempty"`
-
-	// Maximum number of simultaneous connections that can be opened by each worker process
-	// http://nginx.org/en/docs/ngx_core_module.html#worker_connections
-	MaxWorkerConnections int `structs:"max-worker-connections,omitempty"`
-
-	// Defines a timeout for establishing a connection with a proxied server.
-	// It should be noted that this timeout cannot usually exceed 75 seconds.
-	// http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout
-	ProxyConnectTimeout int `structs:"proxy-connect-timeout,omitempty"`
-
-	// If UseProxyProtocol is enabled ProxyRealIPCIDR defines the default the IP/network address
-	// of your external load balancer
-	ProxyRealIPCIDR string `structs:"proxy-real-ip-cidr,omitempty"`
-
-	// Timeout in seconds for reading a response from the proxied server. The timeout is set only between
-	// two successive read operations, not for the transmission of the whole response
-	// http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout
-	ProxyReadTimeout int `structs:"proxy-read-timeout,omitempty"`
-
-	// Timeout in seconds for transmitting a request to the proxied server. The timeout is set only between
-	// two successive write operations, not for the transmission of the whole request.
-	// http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_send_timeout
-	ProxySendTimeout int `structs:"proxy-send-timeout,omitempty"`
-
-	// Configures name servers used to resolve names of upstream servers into addresses
-	// http://nginx.org/en/docs/http/ngx_http_core_module.html#resolver
-	Resolver string `structs:"resolver,omitempty"`
-
-	// Maximum size of the server names hash tables used in server names, map directive’s values,
-	// MIME types, names of request header strings, etcd.
-	// http://nginx.org/en/docs/hash.html
-	// http://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_max_size
-	ServerNameHashMaxSize int `structs:"server-name-hash-max-size,omitempty"`
-
-	// Size of the bucker for the server names hash tables
-	// http://nginx.org/en/docs/hash.html
-	// http://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_bucket_size
-	ServerNameHashBucketSize int `structs:"server-name-hash-bucket-size,omitempty"`
-
-	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size
-	// Sets the size of the buffer used for sending data.
-	// 4k helps NGINX to improve TLS Time To First Byte (TTTFB)
-	// https://www.igvita.com/2013/12/16/optimizing-nginx-tls-time-to-first-byte/
-	SSLBufferSize string `structs:"ssl-buffer-size,omitempty"`
-
-	// Enabled ciphers list to enabled. The ciphers are specified in the format understood by
-	// the OpenSSL library
-	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers
-	SSLCiphers string `structs:"ssl-ciphers,omitempty"`
-
-	// Base64 string that contains Diffie-Hellman key to help with "Perfect Forward Secrecy"
-	// https://www.openssl.org/docs/manmaster/apps/dhparam.html
-	// https://wiki.mozilla.org/Security/Server_Side_TLS#DHE_handshake_and_dhparam
-	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam
-	SSLDHParam string `structs:"ssl-dh-param,omitempty"`
-
-	// SSL enabled protocols to use
-	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols
-	SSLProtocols string `structs:"ssl-protocols,omitempty"`
-
-	// Enables or disables the use of shared SSL cache among worker processes.
-	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache
-	SSLSessionCache bool `structs:"ssl-session-cache,omitempty"`
-
-	// Size of the SSL shared cache between all worker processes.
-	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache
-	SSLSessionCacheSize string `structs:"ssl-session-cache-size,omitempty"`
-
-	// Enables or disables session resumption through TLS session tickets.
-	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets
-	SSLSessionTickets bool `structs:"ssl-session-tickets,omitempty"`
-
-	// Time during which a client may reuse the session parameters stored in a cache.
-	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_timeout
-	SSLSessionTimeout string `structs:"ssl-session-timeout,omitempty"`
-
-	// Number of unsuccessful attempts to communicate with the server that should happen in the
-	// duration set by the fail_timeout parameter to consider the server unavailable
-	// http://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream
-	// Default: 0, ie use platform liveness probe
-	UpstreamMaxFails int `structs:"upstream-max-fails,omitempty"`
-
-	// Time during which the specified number of unsuccessful attempts to communicate with
-	// the server should happen to consider the server unavailable
-	// http://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream
-	// Default: 0, ie use platform liveness probe
-	UpstreamFailTimeout int `structs:"upstream-fail-timeout,omitempty"`
-
-	// Enables or disables the use of the PROXY protocol to receive client connection
-	// (real IP address) information passed through proxy servers and load balancers
-	// such as HAproxy and Amazon Elastic Load Balancer (ELB).
-	// https://www.nginx.com/resources/admin-guide/proxy-protocol/
-	UseProxyProtocol bool `structs:"use-proxy-protocol,omitempty"`
-
-	// Enables or disables the use of the nginx module that compresses responses using the "gzip" method
-	// http://nginx.org/en/docs/http/ngx_http_gzip_module.html
-	UseGzip bool `structs:"use-gzip,omitempty"`
-
-	// Enables or disables the HTTP/2 support in secure connections
-	// http://nginx.org/en/docs/http/ngx_http_v2_module.html
-	// Default: true
-	UseHTTP2 bool `structs:"use-http2,omitempty"`
-
-	// MIME types in addition to "text/html" to compress. The special value “*” matches any MIME type.
-	// Responses with the “text/html” type are always compressed if UseGzip is enabled
-	GzipTypes string `structs:"gzip-types,omitempty"`
-
-	// Defines the number of worker processes. By default auto means number of available CPU cores
-	// http://nginx.org/en/docs/ngx_core_module.html#worker_processes
-	WorkerProcesses string `structs:"worker-processes,omitempty"`
-}
-
 // Manager ...
 type Manager struct {
 	ConfigFile string
 
-	defCfg Configuration
+	defCfg config.Configuration
 
 	defResolver string
 
@@ -265,59 +53,19 @@ type Manager struct {
 	reloadLock *sync.Mutex
 }
 
-// defaultConfiguration returns the default configuration contained
-// in the file default-conf.json
-func newDefaultNginxCfg() Configuration {
-	cfg := Configuration{
-		BodySize:      bodySize,
-		ErrorLogLevel: errorLevel,
-		HSTS:          true,
-		HSTSIncludeSubdomains:    true,
-		HSTSMaxAge:               hstsMaxAge,
-		GzipTypes:                gzipTypes,
-		KeepAlive:                75,
-		MaxWorkerConnections:     16384,
-		ProxyConnectTimeout:      5,
-		ProxyRealIPCIDR:          defIPCIDR,
-		ProxyReadTimeout:         60,
-		ProxySendTimeout:         60,
-		ServerNameHashMaxSize:    512,
-		ServerNameHashBucketSize: 64,
-		SSLBufferSize:            sslBufferSize,
-		SSLCiphers:               sslCiphers,
-		SSLProtocols:             sslProtocols,
-		SSLSessionCache:          true,
-		SSLSessionCacheSize:      sslSessionCacheSize,
-		SSLSessionTickets:        true,
-		SSLSessionTimeout:        sslSessionTimeout,
-		UseProxyProtocol:         false,
-		UseGzip:                  true,
-		WorkerProcesses:          strconv.Itoa(runtime.NumCPU()),
-		VtsStatusZoneSize:        "10m",
-		UseHTTP2:                 true,
-		CustomHTTPErrors:         make([]int, 0),
-	}
-
-	if glog.V(5) {
-		cfg.ErrorLogLevel = "debug"
-	}
-
-	return cfg
-}
-
 // NewManager ...
 func NewManager(kubeClient *client.Client) *Manager {
 	ngx := &Manager{
 		ConfigFile:        "/etc/nginx/nginx.conf",
-		defCfg:            newDefaultNginxCfg(),
+		defCfg:            config.NewDefault(),
 		defResolver:       strings.Join(getDNSServers(), " "),
 		reloadLock:        &sync.Mutex{},
 		reloadRateLimiter: flowcontrol.NewTokenBucketRateLimiter(0.1, 1),
 	}
 
-	ngx.createCertsDir(sslDirectory)
+	ngx.createCertsDir(config.SSLDirectory)
 
-	ngx.sslDHParam = ngx.SearchDHParamFile(sslDirectory)
+	ngx.sslDHParam = ngx.SearchDHParamFile(config.SSLDirectory)
 
 	ngx.loadTemplate()
 
@@ -342,7 +90,7 @@ func ConfigMapAsString() string {
 	cfg.Namespace = "a-valid-namespace"
 	cfg.Data = make(map[string]string)
 
-	data := structs.Map(newDefaultNginxCfg())
+	data := structs.Map(config.NewDefault())
 	for k, v := range data {
 		cfg.Data[k] = fmt.Sprintf("%v", v)
 	}

controllers/nginx/nginx/rewrite/main_test.go

@@ -22,6 +22,8 @@ import (
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/apis/extensions"
 	"k8s.io/kubernetes/pkg/util/intstr"
+
+	"k8s.io/contrib/ingress/controllers/nginx/nginx/config"
 )
 
 const (
@@ -94,7 +96,7 @@ func TestAnnotations(t *testing.T) {
 
 func TestWithoutAnnotations(t *testing.T) {
 	ing := buildIngress()
-	_, err := ParseAnnotations(ing)
+	_, err := ParseAnnotations(config.NewDefault(), ing)
 	if err == nil {
 		t.Error("Expected error with ingress without annotations")
 	}
@@ -107,7 +109,7 @@ func TestRedirect(t *testing.T) {
 	data[rewriteTo] = defRoute
 	ing.SetAnnotations(data)
 
-	redirect, err := ParseAnnotations(ing)
+	redirect, err := ParseAnnotations(config.NewDefault(), ing)
 	if err != nil {
 		t.Errorf("Uxpected error with ingress: %v", err)
 	}

controllers/nginx/nginx/ssl.go

@@ -26,6 +26,8 @@ import (
 	"os"
 
 	"github.com/golang/glog"
+
+	"k8s.io/contrib/ingress/controllers/nginx/nginx/config"
 )
 
 // SSLCert describes a SSL certificate to be used in NGINX
@@ -43,7 +45,7 @@ type SSLCert struct {
 
 // AddOrUpdateCertAndKey creates a .pem file wth the cert and the key with the specified name
 func (nginx *Manager) AddOrUpdateCertAndKey(name string, cert string, key string) (SSLCert, error) {
-	pemFileName := sslDirectory + "/" + name + ".pem"
+	pemFileName := config.SSLDirectory + "/" + name + ".pem"
 
 	pem, err := os.Create(pemFileName)
 	if err != nil {

controllers/nginx/nginx/ssl_test.go

@@ -22,10 +22,12 @@ import (
 	"os"
 	"testing"
 	"time"
+
+	"k8s.io/contrib/ingress/controllers/nginx/nginx/config"
 )
 
 func TestAddOrUpdateCertAndKey(t *testing.T) {
-	sslDirectory = os.TempDir()
+	config.SSLDirectory = os.TempDir()
 	// openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls.key -out /tmp/tls.crt -subj "/CN=echoheaders/O=echoheaders"
 	tlsCrt := "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURhakNDQWxLZ0F3SUJBZ0lKQUxHUXR5VVBKTFhYTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ3d4RkRBU0JnTlYKQkFNVEMyVmphRzlvWldGa1pYSnpNUlF3RWdZRFZRUUtFd3RsWTJodmFHVmhaR1Z5Y3pBZUZ3MHhOakF6TXpFeQpNekU1TkRoYUZ3MHhOekF6TXpFeU16RTVORGhhTUN3eEZEQVNCZ05WQkFNVEMyVmphRzlvWldGa1pYSnpNUlF3CkVnWURWUVFLRXd0bFkyaHZhR1ZoWkdWeWN6Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0MKZ2dFQkFONzVmS0N5RWwxanFpMjUxTlNabDYzeGQweG5HMHZTVjdYL0xxTHJveVNraW5nbnI0NDZZWlE4UEJWOAo5TUZzdW5RRGt1QVoyZzA3NHM1YWhLSm9BRGJOMzhld053RXNsVDJkRzhRTUw0TktrTUNxL1hWbzRQMDFlWG1PCmkxR2txZFA1ZUExUHlPZCtHM3gzZmxPN2xOdmtJdHVHYXFyc0tvMEhtMHhqTDVtRUpwWUlOa0tGSVhsWWVLZS8KeHRDR25CU2tLVHFMTG0yeExKSGFFcnJpaDZRdkx4NXF5U2gzZTU2QVpEcTlkTERvcWdmVHV3Z2IzekhQekc2NwppZ0E0dkYrc2FRNHpZUE1NMHQyU1NiVkx1M2pScWNvL3lxZysrOVJBTTV4bjRubnorL0hUWFhHKzZ0RDBaeGI1CmVVRDNQakVhTnlXaUV2dTN6UFJmdysyNURMY0NBd0VBQWFPQmpqQ0JpekFkQmdOVkhRNEVGZ1FVcktMZFhHeUUKNUlEOGRvd2lZNkdzK3dNMHFKc3dYQVlEVlIwakJGVXdVNEFVcktMZFhHeUU1SUQ4ZG93aVk2R3Mrd00wcUp1aApNS1F1TUN3eEZEQVNCZ05WQkFNVEMyVmphRzlvWldGa1pYSnpNUlF3RWdZRFZRUUtFd3RsWTJodmFHVmhaR1Z5CmM0SUpBTEdRdHlVUEpMWFhNQXdHQTFVZEV3UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUZCUUFEZ2dFQkFNZVMKMHFia3VZa3Z1enlSWmtBeE1PdUFaSDJCK0Evb3N4ODhFRHB1ckV0ZWN5RXVxdnRvMmpCSVdCZ2RkR3VBYU5jVQorUUZDRm9NakJOUDVWVUxIWVhTQ3VaczN2Y25WRDU4N3NHNlBaLzhzbXJuYUhTUjg1ZVpZVS80bmFyNUErdWErClIvMHJrSkZnOTlQSmNJd3JmcWlYOHdRcWdJVVlLNE9nWEJZcUJRL0VZS2YvdXl6UFN3UVZYRnVJTTZTeDBXcTYKTUNML3d2RlhLS0FaWDBqb3J4cHRjcldkUXNCcmYzWVRnYmx4TE1sN20zL2VuR1drcEhDUHdYeVRCOC9rRkw3SApLL2ZHTU1NWGswUkVSbGFPM1hTSUhrZUQ2SXJiRnRNV3R1RlJwZms2ZFA2TXlMOHRmTmZ6a3VvUHVEWUFaWllWCnR1NnZ0c0FRS0xWb0pGaGV0b1k9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
 	tlsKey := "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBM3ZsOG9MSVNYV09xTGJuVTFKbVhyZkYzVEdjYlM5Slh0Zjh1b3V1akpLU0tlQ2V2CmpqcGhsRHc4Rlh6MHdXeTZkQU9TNEJuYURUdml6bHFFb21nQU5zM2Z4N0EzQVN5VlBaMGJ4QXd2ZzBxUXdLcjkKZFdqZy9UVjVlWTZMVWFTcDAvbDREVS9JNTM0YmZIZCtVN3VVMitRaTI0WnFxdXdxalFlYlRHTXZtWVFtbGdnMgpRb1VoZVZoNHA3L0cwSWFjRktRcE9vc3ViYkVza2RvU3V1S0hwQzh2SG1ySktIZDdub0JrT3IxMHNPaXFCOU83CkNCdmZNYy9NYnJ1S0FEaThYNnhwRGpOZzh3elMzWkpKdFV1N2VOR3B5ai9LcUQ3NzFFQXpuR2ZpZWZQNzhkTmQKY2I3cTBQUm5Gdmw1UVBjK01SbzNKYUlTKzdmTTlGL0Q3YmtNdHdJREFRQUJBb0lCQUViNmFEL0hMNjFtMG45bgp6bVkyMWwvYW83MUFmU0h2dlZnRCtWYUhhQkY4QjFBa1lmQUdpWlZrYjBQdjJRSFJtTERoaWxtb0lROWhadHVGCldQOVIxKythTFlnbGdmenZzanBBenR2amZTUndFaEFpM2pnSHdNY1p4S2Q3UnNJZ2hxY2huS093S0NYNHNNczQKUnBCbEFBZlhZWGs4R3F4NkxUbGptSDRDZk42QzZHM1EwTTlLMUxBN2lsck1Na3hwcngxMnBlVTNkczZMVmNpOQptOFdBL21YZ2I0c3pEbVNaWVpYRmNZMEhYNTgyS3JKRHpQWEVJdGQwZk5wd3I0eFIybzdzMEwvK2RnZCtqWERjCkh2SDBKZ3NqODJJaTIxWGZGM2tST3FxR3BKNmhVcncxTUZzVWRyZ29GL3pFck0vNWZKMDdVNEhodGFlalVzWTIKMFJuNXdpRUNnWUVBKzVUTVRiV084Wkg5K2pIdVQwc0NhZFBYcW50WTZYdTZmYU04Tm5CZWNoeTFoWGdlQVN5agpSWERlZGFWM1c0SjU5eWxIQ3FoOVdseVh4cDVTWWtyQU41RnQ3elFGYi91YmorUFIyWWhMTWZpYlBSYlYvZW1MCm5YaGF6MmtlNUUxT1JLY0x6QUVwSmpuZGQwZlZMZjdmQzFHeStnS2YyK3hTY1hjMHJqRE5iNGtDZ1lFQTR1UVEKQk91TlJQS3FKcDZUZS9zUzZrZitHbEpjQSs3RmVOMVlxM0E2WEVZVm9ydXhnZXQ4a2E2ZEo1QjZDOWtITGtNcQpwdnFwMzkxeTN3YW5uWC9ONC9KQlU2M2RxZEcyd1BWRUQ0REduaE54Qm1oaWZpQ1I0R0c2ZnE4MUV6ZE1vcTZ4CklTNHA2RVJaQnZkb1RqNk9pTHl6aUJMckpxeUhIMWR6c0hGRlNqOENnWUVBOWlSSEgyQ2JVazU4SnVYak8wRXcKUTBvNG4xdS9TZkQ4TFNBZ01VTVBwS1hpRTR2S0Qyd1U4a1BUNDFiWXlIZUh6UUpkdDFmU0RTNjZjR0ZHU1ZUSgphNVNsOG5yN051ejg3bkwvUmMzTGhFQ3Y0YjBOOFRjbW1oSy9CbDdiRXBOd0dFczNoNGs3TVdNOEF4QU15c3VxCmZmQ1pJM0tkNVJYNk0zbGwyV2QyRjhFQ2dZQlQ5RU9oTG0vVmhWMUVjUVR0cVZlMGJQTXZWaTVLSGozZm5UZkUKS0FEUVIvYVZncElLR3RLN0xUdGxlbVpPbi8yeU5wUS91UnpHZ3pDUUtldzNzU1RFSmMzYVlzbFVudzdhazJhZAp2ZTdBYXowMU84YkdHTk1oamNmdVBIS05LN2Nsc3pKRHJzcys4SnRvb245c0JHWEZYdDJuaWlpTTVPWVN5TTg4CkNJMjFEUUtCZ0hEQVRZbE84UWlDVWFBQlVqOFBsb1BtMDhwa3cyc1VmQW0xMzJCY00wQk9BN1hqYjhtNm1ManQKOUlteU5kZ2ZiM080UjlKVUxTb1pZSTc1dUxIL3k2SDhQOVlpWHZOdzMrTXl6VFU2b2d1YU8xSTNya2pna29NeAo5cU5pYlJFeGswS1A5MVZkckVLSEdHZEFwT05ES1N4VzF3ektvbUxHdmtYSTVKV05KRXFkCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg=="

controllers/nginx/nginx/template.go

@@ -26,6 +26,8 @@ import (
 
 	"github.com/fatih/structs"
 	"github.com/golang/glog"
+
+	"k8s.io/contrib/ingress/controllers/nginx/nginx/config"
 )
 
 const (
@@ -57,7 +59,7 @@ func (ngx *Manager) loadTemplate() {
 	ngx.template = tmpl
 }
 
-func (ngx *Manager) writeCfg(cfg Configuration, ingressCfg IngressConfig) (bool, error) {
+func (ngx *Manager) writeCfg(cfg config.Configuration, ingressCfg IngressConfig) (bool, error) {
 	conf := make(map[string]interface{})
 	conf["upstreams"] = ingressCfg.Upstreams
 	conf["servers"] = ingressCfg.Servers

controllers/nginx/nginx/utils.go

@@ -26,9 +26,10 @@ import (
 	"strings"
 
 	"github.com/golang/glog"
-
 	"github.com/mitchellh/mapstructure"
 	"k8s.io/kubernetes/pkg/api"
+
+	"k8s.io/contrib/ingress/controllers/nginx/nginx/config"
 )
 
 const (
@@ -67,7 +68,7 @@ func getDNSServers() []string {
 // getConfigKeyToStructKeyMap returns a map with the ConfigMapKey as key and the StructName as value.
 func getConfigKeyToStructKeyMap() map[string]string {
 	keyMap := map[string]string{}
-	n := &Configuration{}
+	n := &config.Configuration{}
 	val := reflect.Indirect(reflect.ValueOf(n))
 	for i := 0; i < val.Type().NumField(); i++ {
 		fieldSt := val.Type().Field(i)
@@ -79,13 +80,13 @@ func getConfigKeyToStructKeyMap() map[string]string {
 }
 
 // ReadConfig obtains the configuration defined by the user merged with the defaults.
-func (ngx *Manager) ReadConfig(config *api.ConfigMap) Configuration {
+func (ngx *Manager) ReadConfig(conf *api.ConfigMap) config.Configuration {
-	if len(config.Data) == 0 {
+	if len(conf.Data) == 0 {
-		return newDefaultNginxCfg()
+		return config.NewDefault()
 	}
 
-	cfgCM := Configuration{}
+	cfgCM := config.Configuration{}
-	cfgDefault := newDefaultNginxCfg()
+	cfgDefault := config.NewDefault()
 
 	metadata := &mapstructure.Metadata{}
 
@@ -97,8 +98,8 @@ func (ngx *Manager) ReadConfig(config *api.ConfigMap) Configuration {
 	})
 
 	cErrors := make([]int, 0)
-	if val, ok := config.Data[customHTTPErrors]; ok {
+	if val, ok := conf.Data[customHTTPErrors]; ok {
-		delete(config.Data, customHTTPErrors)
+		delete(conf.Data, customHTTPErrors)
 		for _, i := range strings.Split(val, ",") {
 			j, err := strconv.Atoi(i)
 			if err != nil {
@@ -109,7 +110,7 @@ func (ngx *Manager) ReadConfig(config *api.ConfigMap) Configuration {
 		}
 	}
 
-	err = decoder.Decode(config.Data)
+	err = decoder.Decode(conf.Data)
 	if err != nil {
 		glog.Infof("%v", err)
 	}

controllers/nginx/nginx/utils_test.go

@@ -20,9 +20,11 @@ import (
 	"testing"
 
 	"k8s.io/kubernetes/pkg/api"
+
+	"k8s.io/contrib/ingress/controllers/nginx/nginx/config"
 )
 
-func getConfigNginxBool(data map[string]string) Configuration {
+func getConfigNginxBool(data map[string]string) config.Configuration {
 	manager := &Manager{}
 	configMap := &api.ConfigMap{
 		Data: data,