Only support SSL dynamic mode

[aledbf]

What this PR does / why we need it:

Implements changes from KEP #4351

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #

Special notes for your reviewer:

[aledbf]

/test pull-ingress-nginx-test

[codecov-io]

Codecov Report

❗ No coverage uploaded for pull request base (master@333d9fd). Click here to learn what that means.
The diff coverage is 53.91%.

@@            Coverage Diff            @@
##             master    #4356   +/-   ##
=========================================
  Coverage          ?   60.61%           
=========================================
  Files             ?       87           
  Lines             ?     7018           
  Branches          ?        0           
=========================================
  Hits              ?     4254           
  Misses            ?     2314           
  Partials          ?      450

Impacted Files	Coverage Δ
internal/ingress/controller/config/config.go	98.56% <ø> (ø)
internal/ingress/types.go	0% <ø> (ø)
cmd/nginx/main.go	6.89% <0%> (ø)
internal/ingress/types_equals.go	22.3% <0%> (ø)
internal/ingress/sslcert.go	0% <0%> (ø)
internal/ingress/controller/checker.go	35.71% <100%> (ø)
cmd/nginx/flags.go	89.41% <100%> (ø)
internal/ingress/metric/collectors/controller.go	83.73% <100%> (ø)
internal/ingress/controller/store/backend_ssl.go	51.76% <21.42%> (ø)
internal/ingress/controller/controller.go	48.78% <30%> (ø)
... and 4 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 333d9fd...80bd481. Read the comment docs.

[aledbf]

@ElvinEfendi ready for another review

[aledbf]

There is a reload that should not be required

--- /etc/nginx/nginx.conf	2019-08-11 16:14:51.018308289 +0000
+++ /tmp/new-nginx-cfg314775797	2019-08-11 16:14:54.354379138 +0000
@@ -1,5 +1,5 @@
 
-# Configuration checksum: 1642531233630393092
+# Configuration checksum: 1884626229457741760
 
 # setup custom paths that do not require root access
 pid /tmp/nginx.pid;
@@ -429,7 +429,7 @@
 			
 			rewrite_by_lua_block {
 				lua_ingress.rewrite({
-					force_ssl_redirect = false,
+					force_ssl_redirect = true,
 					use_port_in_redirects = false,
 				})
 				balancer.rewrite()
@@ -453,6 +453,10 @@
 				plugins.run()
 			}
 			
+			if ($scheme = https) {
+				more_set_headers                        "Strict-Transport-Security: max-age=15724800; includeSubDomains";
+			}
+

this happens a tls section is configured in the ingress or the secret is deleted

[aledbf]

/retest

[aledbf]

/test pull-ingress-nginx-e2e-1-15

[aledbf]

/test pull-ingress-nginx-test

[aledbf]

/retest

[ElvinEfendi]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aledbf, ElvinEfendi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ElvinEfendi,aledbf]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[aledbf]

/retest

[aledbf]

/retest

[oweise]

This is actually a breaking change as it prevents existing instances from starting if they are configured with flag "--enable-dynamic-certificates".

Result is:
`-------------------------------------------------------------------------------
NGINX Ingress controller
Release: v0.34.1
Build: v20200715-ingress-nginx-2.11.0-8-gda5fa45e2
Repository: https://github.com/kubernetes/ingress-nginx
nginx version: nginx/1.19.1

---

unknown flag: --enable-dynamic-certificates
`

[aledbf]

@oweise you don't need the flag anymore. Only dynamic certificates are supported

Edit: the flag was removed in 0.31 9c6873a#diff-e64fced222d6b682ce87183241ee6022