Enable option to define a list of explicitly blocked ports for the Ingress Controller

[shaun-nx]

Cluster admins want to have the confidence that application resources presented the Ingress Controller will not be presented on a set or range of ports.

For example: there is a particular range of ports that is forbidden from being used, or specifically reserved for one single application's traffic. And no other applications should be able to use these restricted ports.
The intention here is to provide configuration safety to the administrator that application users will never be able to define port listeners using a particular set/range of ports.

The resulting event that would be returned back to a resource trying to use a port in the blocked set/range is:

Events:
  Type     Reason    Age   From                      Message
  ----     ------    ----  ----                      -------
  Warning  Rejected  38s   nginx-ingress-controller  [[]: Forbidden: port 80 is blocked, []: Forbidden: port 443 is blocked]

We have an open question.

There are currently two ways we can chose to enable this option for the Ingress Controller:
Both options would accomplish the same outcome.

1. A CLI Argument

args:
- -blocked-ports=80,443,8080,1000-1024

This option would require the Ingress Controller to be re-deployed if a port is added or removed from the list

2. ConfigMap

kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx-config
data:
 blocked-ports="80,443,8080,1000-1024"

This option, users could configure this list and apply it to their cluster without the need to re-deploy Ingress Controller.