diff --git a/cmd/kube-proxy/app/server.go b/cmd/kube-proxy/app/server.go index 062ded83f8d..8a6f9f92f04 100644 --- a/cmd/kube-proxy/app/server.go +++ b/cmd/kube-proxy/app/server.go @@ -68,14 +68,14 @@ type ProxyServer struct { const ( proxyModeUserspace = "userspace" - proxyModeIptables = "iptables" + proxyModeIPTables = "iptables" experimentalProxyModeAnnotation = options.ExperimentalProxyModeAnnotation betaProxyModeAnnotation = "net.beta.kubernetes.io/proxy-mode" ) func checkKnownProxyMode(proxyMode string) bool { switch proxyMode { - case "", proxyModeUserspace, proxyModeIptables: + case "", proxyModeUserspace, proxyModeIPTables: return true } return false @@ -199,18 +199,18 @@ func NewProxyServerDefault(config *options.ProxyServerConfig) (*ProxyServer, err var endpointsHandler proxyconfig.EndpointsConfigHandler proxyMode := getProxyMode(string(config.Mode), client.Nodes(), hostname, iptInterface, iptables.LinuxKernelCompatTester{}) - if proxyMode == proxyModeIptables { + if proxyMode == proxyModeIPTables { glog.V(0).Info("Using iptables Proxier.") if config.IPTablesMasqueradeBit == nil { // IPTablesMasqueradeBit must be specified or defaulted. return nil, fmt.Errorf("Unable to read IPTablesMasqueradeBit from config") } - proxierIptables, err := iptables.NewProxier(iptInterface, utilsysctl.New(), execer, config.IPTablesSyncPeriod.Duration, config.MasqueradeAll, int(*config.IPTablesMasqueradeBit), config.ClusterCIDR, hostname, getNodeIP(client, hostname)) + proxierIPTables, err := iptables.NewProxier(iptInterface, utilsysctl.New(), execer, config.IPTablesSyncPeriod.Duration, config.MasqueradeAll, int(*config.IPTablesMasqueradeBit), config.ClusterCIDR, hostname, getNodeIP(client, hostname)) if err != nil { glog.Fatalf("Unable to create proxier: %v", err) } - proxier = proxierIptables - endpointsHandler = proxierIptables + proxier = proxierIPTables + endpointsHandler = proxierIPTables // No turning back. Remove artifacts that might still exist from the userspace Proxier. glog.V(0).Info("Tearing down userspace rules.") userspace.CleanupLeftovers(iptInterface) @@ -350,28 +350,28 @@ type nodeGetter interface { Get(hostname string) (*api.Node, error) } -func getProxyMode(proxyMode string, client nodeGetter, hostname string, iptver iptables.IptablesVersioner, kcompat iptables.KernelCompatTester) string { +func getProxyMode(proxyMode string, client nodeGetter, hostname string, iptver iptables.IPTablesVersioner, kcompat iptables.KernelCompatTester) string { if proxyMode == proxyModeUserspace { return proxyModeUserspace - } else if proxyMode == proxyModeIptables { - return tryIptablesProxy(iptver, kcompat) + } else if proxyMode == proxyModeIPTables { + return tryIPTablesProxy(iptver, kcompat) } else if proxyMode != "" { glog.Warningf("Flag proxy-mode=%q unknown, assuming iptables proxy", proxyMode) - return tryIptablesProxy(iptver, kcompat) + return tryIPTablesProxy(iptver, kcompat) } // proxyMode == "" - choose the best option. if client == nil { glog.Errorf("nodeGetter is nil: assuming iptables proxy") - return tryIptablesProxy(iptver, kcompat) + return tryIPTablesProxy(iptver, kcompat) } node, err := client.Get(hostname) if err != nil { glog.Errorf("Can't get Node %q, assuming iptables proxy, err: %v", hostname, err) - return tryIptablesProxy(iptver, kcompat) + return tryIPTablesProxy(iptver, kcompat) } if node == nil { glog.Errorf("Got nil Node %q, assuming iptables proxy", hostname) - return tryIptablesProxy(iptver, kcompat) + return tryIPTablesProxy(iptver, kcompat) } proxyMode, found := node.Annotations[betaProxyModeAnnotation] if found { @@ -387,19 +387,19 @@ func getProxyMode(proxyMode string, client nodeGetter, hostname string, iptver i glog.V(1).Infof("Annotation demands userspace proxy") return proxyModeUserspace } - return tryIptablesProxy(iptver, kcompat) + return tryIPTablesProxy(iptver, kcompat) } -func tryIptablesProxy(iptver iptables.IptablesVersioner, kcompat iptables.KernelCompatTester) string { +func tryIPTablesProxy(iptver iptables.IPTablesVersioner, kcompat iptables.KernelCompatTester) string { var err error // guaranteed false on error, error only necessary for debugging - useIptablesProxy, err := iptables.CanUseIptablesProxier(iptver, kcompat) + useIPTablesProxy, err := iptables.CanUseIPTablesProxier(iptver, kcompat) if err != nil { glog.Errorf("Can't determine whether to use iptables proxy, using userspace proxier: %v", err) return proxyModeUserspace } - if useIptablesProxy { - return proxyModeIptables + if useIPTablesProxy { + return proxyModeIPTables } // Fallback. glog.V(1).Infof("Can't use iptables proxy, using userspace proxier: %v", err) diff --git a/cmd/kube-proxy/app/server_test.go b/cmd/kube-proxy/app/server_test.go index 3c9f19ea98d..33c100ed7c1 100644 --- a/cmd/kube-proxy/app/server_test.go +++ b/cmd/kube-proxy/app/server_test.go @@ -38,12 +38,12 @@ func (fake *fakeNodeInterface) Get(hostname string) (*api.Node, error) { return &fake.node, nil } -type fakeIptablesVersioner struct { +type fakeIPTablesVersioner struct { version string // what to return err error // what to return } -func (fake *fakeIptablesVersioner) GetVersion() (string, error) { +func (fake *fakeIPTablesVersioner) GetVersion() (string, error) { return fake.version, fake.err } @@ -95,7 +95,7 @@ func Test_getProxyMode(t *testing.T) { flag: "iptables", iptablesVersion: iptables.MinCheckVersion, kernelCompat: true, - expected: proxyModeIptables, + expected: proxyModeIPTables, }, { // detect, error flag: "", @@ -117,7 +117,7 @@ func Test_getProxyMode(t *testing.T) { flag: "", iptablesVersion: iptables.MinCheckVersion, kernelCompat: true, - expected: proxyModeIptables, + expected: proxyModeIPTables, }, { // annotation says userspace flag: "", @@ -153,7 +153,7 @@ func Test_getProxyMode(t *testing.T) { annotationVal: "iptables", iptablesVersion: iptables.MinCheckVersion, kernelCompat: true, - expected: proxyModeIptables, + expected: proxyModeIPTables, }, { // annotation says something else, version ok flag: "", @@ -161,7 +161,7 @@ func Test_getProxyMode(t *testing.T) { annotationVal: "other", iptablesVersion: iptables.MinCheckVersion, kernelCompat: true, - expected: proxyModeIptables, + expected: proxyModeIPTables, }, { // annotation says nothing, version ok flag: "", @@ -169,7 +169,7 @@ func Test_getProxyMode(t *testing.T) { annotationVal: "", iptablesVersion: iptables.MinCheckVersion, kernelCompat: true, - expected: proxyModeIptables, + expected: proxyModeIPTables, }, { // annotation says userspace flag: "", @@ -205,7 +205,7 @@ func Test_getProxyMode(t *testing.T) { annotationVal: "iptables", iptablesVersion: iptables.MinCheckVersion, kernelCompat: true, - expected: proxyModeIptables, + expected: proxyModeIPTables, }, { // annotation says something else, version ok flag: "", @@ -213,7 +213,7 @@ func Test_getProxyMode(t *testing.T) { annotationVal: "other", iptablesVersion: iptables.MinCheckVersion, kernelCompat: true, - expected: proxyModeIptables, + expected: proxyModeIPTables, }, { // annotation says nothing, version ok flag: "", @@ -221,7 +221,7 @@ func Test_getProxyMode(t *testing.T) { annotationVal: "", iptablesVersion: iptables.MinCheckVersion, kernelCompat: true, - expected: proxyModeIptables, + expected: proxyModeIPTables, }, { // flag says userspace, annotation disagrees flag: "userspace", @@ -236,7 +236,7 @@ func Test_getProxyMode(t *testing.T) { annotationVal: "userspace", iptablesVersion: iptables.MinCheckVersion, kernelCompat: true, - expected: proxyModeIptables, + expected: proxyModeIPTables, }, { // flag says userspace, annotation disagrees flag: "userspace", @@ -251,13 +251,13 @@ func Test_getProxyMode(t *testing.T) { annotationVal: "userspace", iptablesVersion: iptables.MinCheckVersion, kernelCompat: true, - expected: proxyModeIptables, + expected: proxyModeIPTables, }, } for i, c := range cases { getter := &fakeNodeInterface{} getter.node.Annotations = map[string]string{c.annotationKey: c.annotationVal} - versioner := &fakeIptablesVersioner{c.iptablesVersion, c.iptablesError} + versioner := &fakeIPTablesVersioner{c.iptablesVersion, c.iptablesError} kcompater := &fakeKernelCompatTester{c.kernelCompat} r := getProxyMode(c.flag, getter, "host", versioner, kcompater) if r != c.expected { diff --git a/pkg/kubelet/eviction/eviction_manager.go b/pkg/kubelet/eviction/eviction_manager.go index 4e3ff2f7418..8395b3c4fa6 100644 --- a/pkg/kubelet/eviction/eviction_manager.go +++ b/pkg/kubelet/eviction/eviction_manager.go @@ -98,12 +98,8 @@ func (m *managerImpl) Admit(attrs *lifecycle.PodAdmitAttributes) lifecycle.PodAd return lifecycle.PodAdmitResult{Admit: true} } - // Check the node conditions to identify the resource under pressure. - // The resource can only be either disk or memory; set the default to disk. - resource := api.ResourceStorage + // the node has memory pressure, admit if not best-effort if hasNodeCondition(m.nodeConditions, api.NodeMemoryPressure) { - resource = api.ResourceMemory - // the node has memory pressure, admit if not best-effort notBestEffort := qos.BestEffort != qos.GetPodQOS(attrs.Pod) if notBestEffort { return lifecycle.PodAdmitResult{Admit: true} @@ -111,11 +107,11 @@ func (m *managerImpl) Admit(attrs *lifecycle.PodAdmitAttributes) lifecycle.PodAd } // reject pods when under memory pressure (if pod is best effort), or if under disk pressure. - glog.Warningf("Failed to admit pod %q - node has conditions: %v", format.Pod(attrs.Pod), m.nodeConditions) + glog.Warningf("Failed to admit pod %v - %s", format.Pod(attrs.Pod), "node has conditions: %v", m.nodeConditions) return lifecycle.PodAdmitResult{ Admit: false, Reason: reason, - Message: getMessage(resource), + Message: message, } } @@ -248,7 +244,6 @@ func (m *managerImpl) synchronize(diskInfoProvider DiskInfoProvider, podFunc Act glog.Infof("eviction manager: pods ranked for eviction: %s", format.Pods(activePods)) // we kill at most a single pod during each eviction interval - message := getMessage(resourceToReclaim) for i := range activePods { pod := activePods[i] status := api.PodStatus{ diff --git a/pkg/kubelet/eviction/helpers.go b/pkg/kubelet/eviction/helpers.go index d4cf17273b4..e70dd2cf8f5 100644 --- a/pkg/kubelet/eviction/helpers.go +++ b/pkg/kubelet/eviction/helpers.go @@ -37,8 +37,8 @@ const ( unsupportedEvictionSignal = "unsupported eviction signal %v" // the reason reported back in status. reason = "Evicted" - // the message format associated with the reason. - messageFmt = "The node was low on %s." + // the message associated with the reason. + message = "The node was low on compute resources." // disk, in bytes. internal to this module, used to account for local disk usage. resourceDisk api.ResourceName = "disk" // inodes, number. internal to this module, used to account for local disk inode consumption. @@ -894,7 +894,3 @@ func deleteImages(imageGC ImageGC, reportBytesFreed bool) nodeReclaimFunc { return resource.NewQuantity(reclaimed, resource.BinarySI), nil } } - -func getMessage(resource api.ResourceName) string { - return fmt.Sprintf(messageFmt, resource) -} diff --git a/pkg/kubelet/network/hostport/fake_iptables.go b/pkg/kubelet/network/hostport/fake_iptables.go index 5b1a1367ae6..dad4b5cd0f1 100644 --- a/pkg/kubelet/network/hostport/fake_iptables.go +++ b/pkg/kubelet/network/hostport/fake_iptables.go @@ -35,21 +35,21 @@ type fakeTable struct { chains map[string]*fakeChain } -type fakeIptables struct { +type fakeIPTables struct { tables map[string]*fakeTable } -func NewFakeIptables() *fakeIptables { - return &fakeIptables{ +func NewFakeIPTables() *fakeIPTables { + return &fakeIPTables{ tables: make(map[string]*fakeTable, 0), } } -func (f *fakeIptables) GetVersion() (string, error) { +func (f *fakeIPTables) GetVersion() (string, error) { return "1.4.21", nil } -func (f *fakeIptables) getTable(tableName utiliptables.Table) (*fakeTable, error) { +func (f *fakeIPTables) getTable(tableName utiliptables.Table) (*fakeTable, error) { table, ok := f.tables[string(tableName)] if !ok { return nil, fmt.Errorf("Table %s does not exist", tableName) @@ -57,7 +57,7 @@ func (f *fakeIptables) getTable(tableName utiliptables.Table) (*fakeTable, error return table, nil } -func (f *fakeIptables) getChain(tableName utiliptables.Table, chainName utiliptables.Chain) (*fakeTable, *fakeChain, error) { +func (f *fakeIPTables) getChain(tableName utiliptables.Table, chainName utiliptables.Chain) (*fakeTable, *fakeChain, error) { table, err := f.getTable(tableName) if err != nil { return nil, nil, err @@ -71,7 +71,7 @@ func (f *fakeIptables) getChain(tableName utiliptables.Table, chainName utilipta return table, chain, nil } -func (f *fakeIptables) ensureChain(tableName utiliptables.Table, chainName utiliptables.Chain) (bool, *fakeChain) { +func (f *fakeIPTables) ensureChain(tableName utiliptables.Table, chainName utiliptables.Chain) (bool, *fakeChain) { table, chain, err := f.getChain(tableName, chainName) if err != nil { // either table or table+chain don't exist yet @@ -92,12 +92,12 @@ func (f *fakeIptables) ensureChain(tableName utiliptables.Table, chainName utili return true, chain } -func (f *fakeIptables) EnsureChain(tableName utiliptables.Table, chainName utiliptables.Chain) (bool, error) { +func (f *fakeIPTables) EnsureChain(tableName utiliptables.Table, chainName utiliptables.Chain) (bool, error) { existed, _ := f.ensureChain(tableName, chainName) return existed, nil } -func (f *fakeIptables) FlushChain(tableName utiliptables.Table, chainName utiliptables.Chain) error { +func (f *fakeIPTables) FlushChain(tableName utiliptables.Table, chainName utiliptables.Chain) error { _, chain, err := f.getChain(tableName, chainName) if err != nil { return err @@ -106,7 +106,7 @@ func (f *fakeIptables) FlushChain(tableName utiliptables.Table, chainName utilip return nil } -func (f *fakeIptables) DeleteChain(tableName utiliptables.Table, chainName utiliptables.Chain) error { +func (f *fakeIPTables) DeleteChain(tableName utiliptables.Table, chainName utiliptables.Chain) error { table, _, err := f.getChain(tableName, chainName) if err != nil { return err @@ -125,7 +125,7 @@ func findRule(chain *fakeChain, rule string) int { return -1 } -func (f *fakeIptables) ensureRule(position utiliptables.RulePosition, tableName utiliptables.Table, chainName utiliptables.Chain, rule string) (bool, error) { +func (f *fakeIPTables) ensureRule(position utiliptables.RulePosition, tableName utiliptables.Table, chainName utiliptables.Chain, rule string) (bool, error) { _, chain, err := f.getChain(tableName, chainName) if err != nil { _, chain = f.ensureChain(tableName, chainName) @@ -192,7 +192,7 @@ func normalizeRule(rule string) (string, error) { return normalized, nil } -func (f *fakeIptables) EnsureRule(position utiliptables.RulePosition, tableName utiliptables.Table, chainName utiliptables.Chain, args ...string) (bool, error) { +func (f *fakeIPTables) EnsureRule(position utiliptables.RulePosition, tableName utiliptables.Table, chainName utiliptables.Chain, args ...string) (bool, error) { ruleArgs := make([]string, 0) for _, arg := range args { // quote args with internal spaces (like comments) @@ -204,7 +204,7 @@ func (f *fakeIptables) EnsureRule(position utiliptables.RulePosition, tableName return f.ensureRule(position, tableName, chainName, strings.Join(ruleArgs, " ")) } -func (f *fakeIptables) DeleteRule(tableName utiliptables.Table, chainName utiliptables.Chain, args ...string) error { +func (f *fakeIPTables) DeleteRule(tableName utiliptables.Table, chainName utiliptables.Chain, args ...string) error { _, chain, err := f.getChain(tableName, chainName) if err == nil { rule := strings.Join(args, " ") @@ -217,7 +217,7 @@ func (f *fakeIptables) DeleteRule(tableName utiliptables.Table, chainName utilip return nil } -func (f *fakeIptables) IsIpv6() bool { +func (f *fakeIPTables) IsIpv6() bool { return false } @@ -227,7 +227,7 @@ func saveChain(chain *fakeChain, data *bytes.Buffer) { } } -func (f *fakeIptables) Save(tableName utiliptables.Table) ([]byte, error) { +func (f *fakeIPTables) Save(tableName utiliptables.Table) ([]byte, error) { table, err := f.getTable(tableName) if err != nil { return nil, err @@ -246,7 +246,7 @@ func (f *fakeIptables) Save(tableName utiliptables.Table) ([]byte, error) { return data.Bytes(), nil } -func (f *fakeIptables) SaveAll() ([]byte, error) { +func (f *fakeIPTables) SaveAll() ([]byte, error) { data := bytes.NewBuffer(nil) for _, table := range f.tables { tableData, err := f.Save(table.name) @@ -260,7 +260,7 @@ func (f *fakeIptables) SaveAll() ([]byte, error) { return data.Bytes(), nil } -func (f *fakeIptables) restore(restoreTableName utiliptables.Table, data []byte, flush utiliptables.FlushFlag) error { +func (f *fakeIPTables) restore(restoreTableName utiliptables.Table, data []byte, flush utiliptables.FlushFlag) error { buf := bytes.NewBuffer(data) var tableName utiliptables.Table for { @@ -320,16 +320,16 @@ func (f *fakeIptables) restore(restoreTableName utiliptables.Table, data []byte, return nil } -func (f *fakeIptables) Restore(tableName utiliptables.Table, data []byte, flush utiliptables.FlushFlag, counters utiliptables.RestoreCountersFlag) error { +func (f *fakeIPTables) Restore(tableName utiliptables.Table, data []byte, flush utiliptables.FlushFlag, counters utiliptables.RestoreCountersFlag) error { return f.restore(tableName, data, flush) } -func (f *fakeIptables) RestoreAll(data []byte, flush utiliptables.FlushFlag, counters utiliptables.RestoreCountersFlag) error { +func (f *fakeIPTables) RestoreAll(data []byte, flush utiliptables.FlushFlag, counters utiliptables.RestoreCountersFlag) error { return f.restore("", data, flush) } -func (f *fakeIptables) AddReloadFunc(reloadFunc func()) { +func (f *fakeIPTables) AddReloadFunc(reloadFunc func()) { } -func (f *fakeIptables) Destroy() { +func (f *fakeIPTables) Destroy() { } diff --git a/pkg/kubelet/network/hostport/hostport.go b/pkg/kubelet/network/hostport/hostport.go index 86d9594fa40..e673702f7fb 100644 --- a/pkg/kubelet/network/hostport/hostport.go +++ b/pkg/kubelet/network/hostport/hostport.go @@ -162,7 +162,7 @@ func writeLine(buf *bytes.Buffer, words ...string) { //hostportChainName takes containerPort for a pod and returns associated iptables chain. // This is computed by hashing (sha256) // then encoding to base32 and truncating with the prefix "KUBE-SVC-". We do -// this because Iptables Chain Names must be <= 28 chars long, and the longer +// this because IPTables Chain Names must be <= 28 chars long, and the longer // they are the harder they are to read. func hostportChainName(cp api.ContainerPort, podFullName string) utiliptables.Chain { hash := sha256.Sum256([]byte(string(cp.HostPort) + string(cp.Protocol) + podFullName)) @@ -293,7 +293,7 @@ func (h *handler) SyncHostports(natInterfaceName string, runningPods []*RunningP writeLine(natRules, args...) // Create hostport chain to DNAT traffic to final destination - // Iptables will maintained the stats for this chain + // IPTables will maintained the stats for this chain args = []string{ "-A", string(hostportChain), "-m", "comment", "--comment", fmt.Sprintf(`"%s hostport %d"`, target.podFullName, containerPort.HostPort), diff --git a/pkg/kubelet/network/hostport/hostport_test.go b/pkg/kubelet/network/hostport/hostport_test.go index 42bdd9c247f..cbf0e7aae5a 100644 --- a/pkg/kubelet/network/hostport/hostport_test.go +++ b/pkg/kubelet/network/hostport/hostport_test.go @@ -52,11 +52,11 @@ type ruleMatch struct { } func TestOpenPodHostports(t *testing.T) { - fakeIptables := NewFakeIptables() + fakeIPTables := NewFakeIPTables() h := &handler{ hostPortMap: make(map[hostport]closeable), - iptables: fakeIptables, + iptables: fakeIPTables, portOpener: openFakeSocket, } @@ -198,7 +198,7 @@ func TestOpenPodHostports(t *testing.T) { } for _, rule := range genericRules { - _, chain, err := fakeIptables.getChain(utiliptables.TableNAT, utiliptables.Chain(rule.chain)) + _, chain, err := fakeIPTables.getChain(utiliptables.TableNAT, utiliptables.Chain(rule.chain)) if err != nil { t.Fatalf("Expected NAT chain %s did not exist", rule.chain) } @@ -211,7 +211,7 @@ func TestOpenPodHostports(t *testing.T) { for _, test := range tests { for _, match := range test.matches { // Ensure chain exists - _, chain, err := fakeIptables.getChain(utiliptables.TableNAT, utiliptables.Chain(match.chain)) + _, chain, err := fakeIPTables.getChain(utiliptables.TableNAT, utiliptables.Chain(match.chain)) if err != nil { t.Fatalf("Expected NAT chain %s did not exist", match.chain) } diff --git a/pkg/kubelet/network/kubenet/kubenet_linux.go b/pkg/kubelet/network/kubenet/kubenet_linux.go index 996524f7b26..d75b7eb97d8 100644 --- a/pkg/kubelet/network/kubenet/kubenet_linux.go +++ b/pkg/kubelet/network/kubenet/kubenet_linux.go @@ -54,7 +54,7 @@ const ( BridgeName = "cbr0" DefaultCNIDir = "/opt/cni/bin" - sysctlBridgeCallIptables = "net/bridge/bridge-nf-call-iptables" + sysctlBridgeCallIPTables = "net/bridge/bridge-nf-call-iptables" // fallbackMTU is used if an MTU is not specified, and we cannot determine the MTU fallbackMTU = 1460 @@ -139,9 +139,9 @@ func (plugin *kubenetNetworkPlugin) Init(host network.Host, hairpinMode componen // was built-in, we simply ignore the error here. A better thing to do is // to check the kernel version in the future. plugin.execer.Command("modprobe", "br-netfilter").CombinedOutput() - err := plugin.sysctl.SetSysctl(sysctlBridgeCallIptables, 1) + err := plugin.sysctl.SetSysctl(sysctlBridgeCallIPTables, 1) if err != nil { - glog.Warningf("can't set sysctl %s: %v", sysctlBridgeCallIptables, err) + glog.Warningf("can't set sysctl %s: %v", sysctlBridgeCallIPTables, err) } plugin.loConfig, err = libcni.ConfFromBytes([]byte(`{ diff --git a/pkg/kubelet/network/plugins.go b/pkg/kubelet/network/plugins.go index fd08c01a68b..58fbf396122 100644 --- a/pkg/kubelet/network/plugins.go +++ b/pkg/kubelet/network/plugins.go @@ -154,7 +154,7 @@ func UnescapePluginName(in string) string { type NoopNetworkPlugin struct { } -const sysctlBridgeCallIptables = "net/bridge/bridge-nf-call-iptables" +const sysctlBridgeCallIPTables = "net/bridge/bridge-nf-call-iptables" func (plugin *NoopNetworkPlugin) Init(host Host, hairpinMode componentconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) error { // Set bridge-nf-call-iptables=1 to maintain compatibility with older @@ -166,8 +166,8 @@ func (plugin *NoopNetworkPlugin) Init(host Host, hairpinMode componentconfig.Hai // Ensure the netfilter module is loaded on kernel >= 3.18; previously // it was built-in. utilexec.New().Command("modprobe", "br-netfilter").CombinedOutput() - if err := utilsysctl.New().SetSysctl(sysctlBridgeCallIptables, 1); err != nil { - glog.Warningf("can't set sysctl %s: %v", sysctlBridgeCallIptables, err) + if err := utilsysctl.New().SetSysctl(sysctlBridgeCallIPTables, 1); err != nil { + glog.Warningf("can't set sysctl %s: %v", sysctlBridgeCallIPTables, err) } return nil diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go index 2758d50f114..83a8ec89c86 100644 --- a/pkg/proxy/iptables/proxier.go +++ b/pkg/proxy/iptables/proxier.go @@ -74,8 +74,8 @@ const ( KubeMarkDropChain utiliptables.Chain = "KUBE-MARK-DROP" ) -// IptablesVersioner can query the current iptables version. -type IptablesVersioner interface { +// IPTablesVersioner can query the current iptables version. +type IPTablesVersioner interface { // returns "X.Y.Z" GetVersion() (string, error) } @@ -86,12 +86,12 @@ type KernelCompatTester interface { IsCompatible() error } -// CanUseIptablesProxier returns true if we should use the iptables Proxier +// CanUseIPTablesProxier returns true if we should use the iptables Proxier // instead of the "classic" userspace Proxier. This is determined by checking // the iptables version and for the existence of kernel features. It may return // an error if it fails to get the iptables version without error, in which // case it will also return false. -func CanUseIptablesProxier(iptver IptablesVersioner, kcompat KernelCompatTester) (bool, error) { +func CanUseIPTablesProxier(iptver IPTablesVersioner, kcompat KernelCompatTester) (bool, error) { minVersion, err := semver.NewVersion(iptablesMinVersion) if err != nil { return false, err @@ -127,7 +127,7 @@ func (lkct LinuxKernelCompatTester) IsCompatible() error { } const sysctlRouteLocalnet = "net/ipv4/conf/all/route_localnet" -const sysctlBridgeCallIptables = "net/bridge/bridge-nf-call-iptables" +const sysctlBridgeCallIPTables = "net/bridge/bridge-nf-call-iptables" // internal struct for string service information type serviceInfo struct { @@ -211,7 +211,7 @@ func NewProxier(ipt utiliptables.Interface, sysctl utilsysctl.Interface, exec ut // Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers // are connected to a Linux bridge (but not SDN bridges). Until most // plugins handle this, log when config is missing - if val, err := sysctl.GetSysctl(sysctlBridgeCallIptables); err == nil && val != 1 { + if val, err := sysctl.GetSysctl(sysctlBridgeCallIPTables); err == nil && val != 1 { glog.Infof("missing br-netfilter module or unset sysctl br-nf-call-iptables; proxy may not work as intended") } @@ -639,7 +639,7 @@ func flattenValidEndpoints(endpoints []hostPortInfo) []string { // portProtoHash takes the ServicePortName and protocol for a service // returns the associated 16 character hash. This is computed by hashing (sha256) -// then encoding to base32 and truncating to 16 chars. We do this because Iptables +// then encoding to base32 and truncating to 16 chars. We do this because IPTables // Chain Names must be <= 28 chars long, and the longer they are the harder they are to read. func portProtoHash(s proxy.ServicePortName, protocol string) string { hash := sha256.Sum256([]byte(s.String() + protocol)) @@ -664,7 +664,7 @@ func serviceFirewallChainName(s proxy.ServicePortName, protocol string) utilipta // serviceLBPortChainName takes the ServicePortName for a service and // returns the associated iptables chain. This is computed by hashing (sha256) // then encoding to base32 and truncating with the prefix "KUBE-XLB-". We do -// this because Iptables Chain Names must be <= 28 chars long, and the longer +// this because IPTables Chain Names must be <= 28 chars long, and the longer // they are the harder they are to read. func serviceLBChainName(s proxy.ServicePortName, protocol string) utiliptables.Chain { return utiliptables.Chain("KUBE-XLB-" + portProtoHash(s, protocol)) diff --git a/pkg/util/iptables/iptables.go b/pkg/util/iptables/iptables.go index 936de9bf041..afc2a95452c 100644 --- a/pkg/util/iptables/iptables.go +++ b/pkg/util/iptables/iptables.go @@ -97,9 +97,9 @@ const ( ) const ( - cmdIptablesSave string = "iptables-save" - cmdIptablesRestore string = "iptables-restore" - cmdIptables string = "iptables" + cmdIPTablesSave string = "iptables-save" + cmdIPTablesRestore string = "iptables-restore" + cmdIPTables string = "iptables" cmdIp6tables string = "ip6tables" ) @@ -138,7 +138,7 @@ type runner struct { // New returns a new Interface which will exec iptables. func New(exec utilexec.Interface, dbus utildbus.Interface, protocol Protocol) Interface { - vstring, err := getIptablesVersionString(exec) + vstring, err := getIPTablesVersionString(exec) if err != nil { glog.Warningf("Error checking iptables version, assuming version at least %s: %v", MinCheckVersion, err) vstring = MinCheckVersion @@ -147,8 +147,8 @@ func New(exec utilexec.Interface, dbus utildbus.Interface, protocol Protocol) In exec: exec, dbus: dbus, protocol: protocol, - hasCheck: getIptablesHasCheckCommand(vstring), - waitFlag: getIptablesWaitFlag(vstring), + hasCheck: getIPTablesHasCheckCommand(vstring), + waitFlag: getIPTablesWaitFlag(vstring), } runner.connectToFirewallD() return runner @@ -191,7 +191,7 @@ func (runner *runner) connectToFirewallD() { // GetVersion returns the version string. func (runner *runner) GetVersion() (string, error) { - return getIptablesVersionString(runner.exec) + return getIPTablesVersionString(runner.exec) } // EnsureChain is part of Interface. @@ -296,7 +296,7 @@ func (runner *runner) Save(table Table) ([]byte, error) { // run and return args := []string{"-t", string(table)} glog.V(4).Infof("running iptables-save %v", args) - return runner.exec.Command(cmdIptablesSave, args...).CombinedOutput() + return runner.exec.Command(cmdIPTablesSave, args...).CombinedOutput() } // SaveAll is part of Interface. @@ -306,7 +306,7 @@ func (runner *runner) SaveAll() ([]byte, error) { // run and return glog.V(4).Infof("running iptables-save") - return runner.exec.Command(cmdIptablesSave, []string{}...).CombinedOutput() + return runner.exec.Command(cmdIPTablesSave, []string{}...).CombinedOutput() } // Restore is part of Interface. @@ -337,7 +337,7 @@ func (runner *runner) restoreInternal(args []string, data []byte, flush FlushFla // run the command and return the output or an error including the output and error glog.V(4).Infof("running iptables-restore %v", args) - cmd := runner.exec.Command(cmdIptablesRestore, args...) + cmd := runner.exec.Command(cmdIPTablesRestore, args...) cmd.SetStdin(bytes.NewBuffer(data)) b, err := cmd.CombinedOutput() if err != nil { @@ -350,7 +350,7 @@ func (runner *runner) iptablesCommand() string { if runner.IsIpv6() { return cmdIp6tables } else { - return cmdIptables + return cmdIPTables } } @@ -379,7 +379,7 @@ func (runner *runner) checkRule(table Table, chain Chain, args ...string) (bool, // of hack and half-measures. We should nix this ASAP. func (runner *runner) checkRuleWithoutCheck(table Table, chain Chain, args ...string) (bool, error) { glog.V(1).Infof("running iptables-save -t %s", string(table)) - out, err := runner.exec.Command(cmdIptablesSave, "-t", string(table)).CombinedOutput() + out, err := runner.exec.Command(cmdIPTablesSave, "-t", string(table)).CombinedOutput() if err != nil { return false, fmt.Errorf("error checking rule: %v", err) } @@ -453,7 +453,7 @@ func makeFullArgs(table Table, chain Chain, args ...string) []string { } // Checks if iptables has the "-C" flag -func getIptablesHasCheckCommand(vstring string) bool { +func getIPTablesHasCheckCommand(vstring string) bool { minVersion, err := semver.NewVersion(MinCheckVersion) if err != nil { glog.Errorf("MinCheckVersion (%s) is not a valid version string: %v", MinCheckVersion, err) @@ -471,7 +471,7 @@ func getIptablesHasCheckCommand(vstring string) bool { } // Checks if iptables version has a "wait" flag -func getIptablesWaitFlag(vstring string) []string { +func getIPTablesWaitFlag(vstring string) []string { version, err := semver.NewVersion(vstring) if err != nil { glog.Errorf("vstring (%s) is not a valid version string: %v", vstring, err) @@ -499,11 +499,11 @@ func getIptablesWaitFlag(vstring string) []string { } } -// getIptablesVersionString runs "iptables --version" to get the version string +// getIPTablesVersionString runs "iptables --version" to get the version string // in the form "X.X.X" -func getIptablesVersionString(exec utilexec.Interface) (string, error) { +func getIPTablesVersionString(exec utilexec.Interface) (string, error) { // this doesn't access mutable state so we don't need to use the interface / runner - bytes, err := exec.Command(cmdIptables, "--version").CombinedOutput() + bytes, err := exec.Command(cmdIPTables, "--version").CombinedOutput() if err != nil { return "", err } diff --git a/pkg/util/iptables/iptables_test.go b/pkg/util/iptables/iptables_test.go index 374b0a939a1..1b6aa45ec92 100644 --- a/pkg/util/iptables/iptables_test.go +++ b/pkg/util/iptables/iptables_test.go @@ -26,9 +26,9 @@ import ( "k8s.io/kubernetes/pkg/util/sets" ) -func getIptablesCommand(protocol Protocol) string { +func getIPTablesCommand(protocol Protocol) string { if protocol == ProtocolIpv4 { - return cmdIptables + return cmdIPTables } if protocol == ProtocolIpv6 { return cmdIp6tables @@ -70,7 +70,7 @@ func testEnsureChain(t *testing.T, protocol Protocol) { if fcmd.CombinedOutputCalls != 2 { t.Errorf("expected 2 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls) } - cmd := getIptablesCommand(protocol) + cmd := getIPTablesCommand(protocol) if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll(cmd, "-t", "nat", "-N", "FOOBAR") { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[1]) } @@ -427,7 +427,7 @@ func TestDeleteRuleErrorCreating(t *testing.T) { } } -func TestGetIptablesHasCheckCommand(t *testing.T) { +func TestGetIPTablesHasCheckCommand(t *testing.T) { testCases := []struct { Version string Err bool @@ -451,12 +451,12 @@ func TestGetIptablesHasCheckCommand(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - version, err := getIptablesVersionString(&fexec) + version, err := getIPTablesVersionString(&fexec) if (err != nil) != testCase.Err { t.Errorf("Expected error: %v, Got error: %v", testCase.Err, err) } if err == nil { - check := getIptablesHasCheckCommand(version) + check := getIPTablesHasCheckCommand(version) if testCase.Expected != check { t.Errorf("Expected result: %v, Got result: %v", testCase.Expected, check) } @@ -540,7 +540,7 @@ COMMIT } } -func TestIptablesWaitFlag(t *testing.T) { +func TestIPTablesWaitFlag(t *testing.T) { testCases := []struct { Version string Result string @@ -556,7 +556,7 @@ func TestIptablesWaitFlag(t *testing.T) { } for _, testCase := range testCases { - result := getIptablesWaitFlag(testCase.Version) + result := getIPTablesWaitFlag(testCase.Version) if strings.Join(result, "") != testCase.Result { t.Errorf("For %s expected %v got %v", testCase.Version, testCase.Result, result) } diff --git a/test/e2e_node/environment/conformance.go b/test/e2e_node/environment/conformance.go index c5022c8343f..2a1b3262b2a 100644 --- a/test/e2e_node/environment/conformance.go +++ b/test/e2e_node/environment/conformance.go @@ -195,7 +195,7 @@ const iptablesForwardRegexStr = `Chain FORWARD \(policy DROP\)` func firewall() error { out, err := exec.Command("iptables", "-L", "INPUT").CombinedOutput() if err != nil { - return printSuccess("Firewall Iptables Check %s: Could not run iptables", skipped) + return printSuccess("Firewall IPTables Check %s: Could not run iptables", skipped) } inputRegex, err := regexp.Compile(iptablesInputRegexStr) if err != nil { @@ -203,13 +203,13 @@ func firewall() error { panic(err) } if inputRegex.Match(out) { - return printError("Firewall Iptables Check %s: Found INPUT rule matching %s", failed, iptablesInputRegexStr) + return printError("Firewall IPTables Check %s: Found INPUT rule matching %s", failed, iptablesInputRegexStr) } // Check GCE forward rules out, err = exec.Command("iptables", "-L", "FORWARD").CombinedOutput() if err != nil { - return printSuccess("Firewall Iptables Check %s: Could not run iptables", skipped) + return printSuccess("Firewall IPTables Check %s: Could not run iptables", skipped) } forwardRegex, err := regexp.Compile(iptablesForwardRegexStr) if err != nil { @@ -217,10 +217,10 @@ func firewall() error { panic(err) } if forwardRegex.Match(out) { - return printError("Firewall Iptables Check %s: Found FORWARD rule matching %s", failed, iptablesInputRegexStr) + return printError("Firewall IPTables Check %s: Found FORWARD rule matching %s", failed, iptablesInputRegexStr) } - return printSuccess("Firewall Iptables Check %s", success) + return printSuccess("Firewall IPTables Check %s", success) } // daemons checks that the required node programs are running: kubelet, kube-proxy, and docker