From a3594f6c4c671d72547b4c2588181d35e048e91a Mon Sep 17 00:00:00 2001
From: Seth Pollack <seth@sethpollack.net>
Date: Tue, 22 Aug 2017 14:53:53 -0400
Subject: [PATCH] keep zones unique per ingress resource

---
 controllers/nginx/pkg/template/template.go             | 9 +++++++--
 controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl | 7 ++++---
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/controllers/nginx/pkg/template/template.go b/controllers/nginx/pkg/template/template.go
index 93479112185..c1d588c1009 100644
--- a/controllers/nginx/pkg/template/template.go
+++ b/controllers/nginx/pkg/template/template.go
@@ -133,6 +133,7 @@ var (
 		"buildAuthResponseHeaders": buildAuthResponseHeaders,
 		"buildProxyPass":           buildProxyPass,
 		"buildWhitelistVariable":   buildWhitelistVariable,
+		"whitelistExists":          whitelistExists,
 		"buildRateLimitZones":      buildRateLimitZones,
 		"buildRateLimit":           buildRateLimit,
 		"buildResolvers":           buildResolvers,
@@ -340,6 +341,11 @@ var (
 	whitelistVarMap = map[string]string{}
 )
 
+func whitelistExists(s string) bool {
+	_, ok := whitelistVarMap[s]
+	return ok
+}
+
 func buildWhitelistVariable(s string) string {
 	if _, ok := whitelistVarMap[s]; !ok {
 		whitelistVarMap[s] = buildRandomUUID()
@@ -360,8 +366,7 @@ func buildRateLimitZones(input interface{}) []string {
 
 	for _, server := range servers {
 		for _, loc := range server.Locations {
-			lrn := fmt.Sprintf("%v_%v", server.Hostname, loc.RateLimit.Name)
-			whitelistVar := buildWhitelistVariable(lrn)
+			whitelistVar := buildWhitelistVariable(loc.RateLimit.Name)
 
 			if loc.RateLimit.Connections.Limit > 0 {
 				zone := fmt.Sprintf("limit_conn_zone $limit_%s zone=%v:%vm;",
diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
index 9dca204fcaf..9f833fc7d25 100644
--- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
+++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
@@ -292,22 +292,23 @@ http {
     {{ end }}
 
     {{ if ne $location.RateLimit.Name "" }}
+    {{ if ne (whitelistExists $location.RateLimit.Name) true }}
     # Ratelimit {{ $location.RateLimit.Name }}
-    {{ $rln := (print $server.Hostname "_" $location.RateLimit.Name) }}
-    geo $whitelist_{{ buildWhitelistVariable $rln }} {
+    geo $whitelist_{{ buildWhitelistVariable $location.RateLimit.Name }} {
         default 0;
         {{ range $ip := $location.RateLimit.Whitelist }}
         {{ $ip }} 1;{{ end }}
     }
 
     # Ratelimit {{ $location.RateLimit.Name }}
-    map $whitelist_{{ buildWhitelistVariable $rln }} $limit_{{ buildWhitelistVariable $rln }} {
+    map $whitelist_{{ buildWhitelistVariable $location.RateLimit.Name }} $limit_{{ buildWhitelistVariable $location.RateLimit.Name }} {
         0 {{ $cfg.LimitConnZoneVariable }};
         1 "";
     }
     {{ end }}
     {{ end }}
     {{ end }}
+    {{ end }}
 
     {{/* build all the required rate limit zones. Each annotation requires a dedicated zone */}}
     {{/* 1MB -> 16 thousand 64-byte states or about 8 thousand 128-byte states */}}