Whitelist IPv6 default route

[arno01]

Without this PR the http-01 challenge (/.well-known/acme-challenge) fails in a setup where one has IPv6 (AAAA DNS record) set.

IPv4 probe succeeds

$ HOST=mysite.com; IP=212.123.123.123; curl -4 -L -I --resolve ${HOST}:80:${IP} --resolve ${HOST}:443:${IP} http://${HOST}/.well-known/acme-challenge/_selftest
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Sep 2017 09:18:35 GMT
Content-Type: text/plain
Content-Length: 16
Strict-Transport-Security: max-age=15724800; includeSubDomains;

IPv6 probe fails

$ HOST=mysite.com; IP=2001:41e0:123:123::123; curl -6 -L -I --resolve ${HOST}:80:${IP} --resolve ${HOST}:443:${IP} http://${HOST}/.well-known/acme-challenge/_selftest
HTTP/1.1 403 Forbidden
Server: nginx
Date: Sun, 03 Sep 2017 09:18:39 GMT
Content-Type: text/html
Content-Length: 162
Strict-Transport-Security: max-age=15724800; includeSubDomains;

Introduced by https://github.com/jetstack/kube-lego/pull/114 Potentially relates to https://github.com/jetstack/kube-lego/issues/66

[munnerz]

Hey @arno01 - thanks for this! I've not got any IPv6 test environments, so feedback like this is very valuable.

Was there a particular reason for changing the image version to alpine 3.6? I've not attachment to alpine 3.5, but it does increase the surface for things to go wrong as a result!

If you could remove just that one commit, I'll merge this in!

[arno01]

@munnerz I am glad to help making kube-lego better ;-)

There was no particular reason for bumping the alpine, I have checked, the 3.5 should be fine to use until 2018-11-01 (YYYY-MM-DD) as per https://wiki.alpinelinux.org/wiki/Alpine_Linux:Releases

[arno01]

@munnerz PTAL

[abh]

FWIW this fixed kube-lego for our sites that have both IPv4 and IPv6 addresses.

quay.io/abh/kube-lego:20170922-ipv6