feat(nginx): add ipFamilies option for IPv4 and IPv6

[mdallaire]

Description of the change

Add an option to configure the listening IP address for the nginx container.

Benefits

This will allow setting the IP to a value like "[::]" for IPv6 deployments. The current generated configs force the address to 0.0.0.0

Possible drawbacks

None that I can think of. The default value is 0.0.0.0 which is equivalent to the configuration generated by the chart at the moment.

Applicable issues

• fixes Nginx container will not listen on IPv6 #636

Additional information

Checklist

• I have read the CONTRIBUTING.md doc.
• DCO has been signed off on the commit.
• Chart version bumped in Chart.yaml according to semver.
• (optional) Parameters are documented in the README.md

[wrenix]

should we add an array of multiple adresses (dualstack) or listen just on both (ipv4 and ipv6)

[provokateurin]

Array sounds like a good idea, if we add it before merging this it also doesn't result in a breaking change.
As for always listening on both, I don't know if that is a good idea. If ipv6 is disabled in the kernel the container will always fail.
So array with both ipv4 and ipv6 by default would make sense to me, then it can still be reduced to ipv4 only if necessary.

[provokateurin]

Blocking for now

[mdallaire]

That would be achieved with the ipv6only nginx option. I can add it to the chart.

[mdallaire]

It could also be a single option similar to the ipFamilies for services. This array with possible values of IPv4 and IPv6 or both would decide how both listening address and ipv6only is built in the configuration template.

Let me know how you prefer this be done and I will adjust the PR.

[provokateurin]

All good from my side, but haven't tested it. @jessebot @wrenix can one of you also review?

[provokateurin]

(A squash of all commits would be nice to have)

[mdallaire]

(A squash of all commits would be nice to have)

Done!

[wrenix]

I am fine with it.

I am just thinking of dualstack, is not everywhere automatically on if listen [::]:80;.

Maybe we should define listen multiple time.I am not sure.
Maybe we should merge this state and wait for an Bug-Issue if somebody try to run it on a "tweaked" Node and Kernel with special option on the behaviour of binding.

[provokateurin]

Agreed, we can easily fix this if there is a problem.

[mdallaire]

I am just thinking of dualstack, is not everywhere automatically on if listen [::]:80;.

When listen [::]:80; is set, nginx will only listen to IPv6 (the default value for the ipv6only option is on ref). This is why we have to set listen [::]:80 ipv6only=off; when both IPv4 and IPv6 are present in the array.