Skip to content

Commit

Permalink
Fix typo (#661)
Browse files Browse the repository at this point in the history
  • Loading branch information
@lucasmundim @murali-reddy
lucasmundim authored and murali-reddy committed Feb 9, 2019
1 parent 52127e6 commit 00824cd
Show file tree
Hide file tree
Showing 6 changed files with 44 additions and 44 deletions.
2 changes: 1 addition & 1 deletion docs/user-guide.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ Usage of kube-router:
--enable-overlay When enable-overlay set to true, IP-in-IP tunneling is used for pod-to-pod networking across nodes in different subnets. When set to false no tunneling is used and routing infrastrcture is expected to route traffic for pod-to-pod networking across nodes in different subnets (default true)
--enable-pod-egress SNAT traffic from Pods to destinations outside the cluster. (default true)
--enable-pprof Enables pprof for debugging performance and memory leak issues.
--hairpin-mode Add iptable rules for every Service Endpoint to support hairpin traffic.
--hairpin-mode Add iptables rules for every Service Endpoint to support hairpin traffic.
--health-port uint16 Health check port, 0 = Disabled (default 20244)
-h, --help Print usage information.
--hostname-override string Overrides the NodeName of the node. Set this if kube-router is unable to determine your NodeName automatically.
Expand Down
26 changes: 13 additions & 13 deletions pkg/controllers/netpol/network_policy_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,11 +40,11 @@ const (

// Network policy controller provides both ingress and egress filtering for the pods as per the defined network
// policies. Two different types of iptables chains are used. Each pod running on the node which either
// requires ingress or egress filtering gets a pod specific chains. Each network policy has a iptable chain, which
// requires ingress or egress filtering gets a pod specific chains. Each network policy has a iptables chain, which
// has rules expressed through ipsets matching source and destination pod ip's. In the FORWARD chain of the
// filter table a rule is added to jump the traffic originating (in case of egress network policy) from the pod
// or destined (in case of ingress network policy) to the pod specific iptable chain. Each
// pod specific iptable chain has rules to jump to the network polices chains, that pod matches. So packet
// or destined (in case of ingress network policy) to the pod specific iptables chain. Each
// pod specific iptables chain has rules to jump to the network polices chains, that pod matches. So packet
// originating/destined from/to pod goes through fitler table's, FORWARD chain, followed by pod specific chain,
// followed by one or more network policy chains, till there is a match which will accept the packet, or gets
// dropped by the rule in the pod chain, if there is no match.
Expand Down Expand Up @@ -257,13 +257,13 @@ func (npc *NetworkPolicyController) Sync() error {

err = cleanupStaleRules(activePolicyChains, activePodFwChains, activePolicyIpSets)
if err != nil {
return errors.New("Aborting sync. Failed to cleanup stale iptable rules: " + err.Error())
return errors.New("Aborting sync. Failed to cleanup stale iptables rules: " + err.Error())
}

return nil
}

// Configure iptable rules representing each network policy. All pod's matched by
// Configure iptables rules representing each network policy. All pod's matched by
// network policy spec podselector labels are grouped together in one ipset which
// is used for matching destination ip address. Each ingress rule in the network
// policyspec is evaluated to set of matching pods, which are grouped in to a
Expand Down Expand Up @@ -358,7 +358,7 @@ func (npc *NetworkPolicyController) processIngressRules(policy networkPolicyInfo

policyChainName := networkPolicyChainName(policy.namespace, policy.name, version)

// run through all the ingress rules in the spec and create iptable rules
// run through all the ingress rules in the spec and create iptables rules
// in the chain for the network policy
for i, ingressRule := range policy.ingressRules {

Expand Down Expand Up @@ -521,7 +521,7 @@ func (npc *NetworkPolicyController) processEgressRules(policy networkPolicyInfo,

policyChainName := networkPolicyChainName(policy.namespace, policy.name, version)

// run through all the egress rules in the spec and create iptable rules
// run through all the egress rules in the spec and create iptables rules
// in the chain for the network policy
for i, egressRule := range policy.egressRules {

Expand Down Expand Up @@ -1460,7 +1460,7 @@ func (npc *NetworkPolicyController) Cleanup() {
// delete jump rules in FORWARD chain to pod specific firewall chain
forwardChainRules, err := iptablesCmdHandler.List("filter", "FORWARD")
if err != nil {
glog.Errorf("Failed to delete iptable rules as part of cleanup")
glog.Errorf("Failed to delete iptables rules as part of cleanup")
return
}

Expand All @@ -1476,7 +1476,7 @@ func (npc *NetworkPolicyController) Cleanup() {
// delete jump rules in OUTPUT chain to pod specific firewall chain
forwardChainRules, err = iptablesCmdHandler.List("filter", "OUTPUT")
if err != nil {
glog.Errorf("Failed to delete iptable rules as part of cleanup")
glog.Errorf("Failed to delete iptables rules as part of cleanup")
return
}

Expand All @@ -1495,12 +1495,12 @@ func (npc *NetworkPolicyController) Cleanup() {
if strings.HasPrefix(chain, kubePodFirewallChainPrefix) {
err = iptablesCmdHandler.ClearChain("filter", chain)
if err != nil {
glog.Errorf("Failed to cleanup iptable rules: " + err.Error())
glog.Errorf("Failed to cleanup iptables rules: " + err.Error())
return
}
err = iptablesCmdHandler.DeleteChain("filter", chain)
if err != nil {
glog.Errorf("Failed to cleanup iptable rules: " + err.Error())
glog.Errorf("Failed to cleanup iptables rules: " + err.Error())
return
}
}
Expand All @@ -1512,12 +1512,12 @@ func (npc *NetworkPolicyController) Cleanup() {
if strings.HasPrefix(chain, kubeNetworkPolicyChainPrefix) {
err = iptablesCmdHandler.ClearChain("filter", chain)
if err != nil {
glog.Errorf("Failed to cleanup iptable rules: " + err.Error())
glog.Errorf("Failed to cleanup iptables rules: " + err.Error())
return
}
err = iptablesCmdHandler.DeleteChain("filter", chain)
if err != nil {
glog.Errorf("Failed to cleanup iptable rules: " + err.Error())
glog.Errorf("Failed to cleanup iptables rules: " + err.Error())
return
}
}
Expand Down
34 changes: 17 additions & 17 deletions pkg/controllers/proxy/network_services_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,10 +277,10 @@ func (nsc *NetworkServicesController) Run(healthChan chan<- *healthcheck.Control

glog.Infof("Starting network services controller")

// enable masquerad rule
err := ensureMasqueradeIptablesRule(nsc.masqueradeAll, nsc.podCidr)
// enable masquerade rule
if err != nil {
return errors.New("Failed to do add masquerad rule in POSTROUTING chain of nat table due to: %s" + err.Error())
return errors.New("Failed to do add masquerade rule in POSTROUTING chain of nat table due to: %s" + err.Error())
}
// https://www.kernel.org/doc/Documentation/networking/ipvs-sysctl.txt
// enable ipvs connection tracking
Expand Down Expand Up @@ -362,17 +362,17 @@ func (nsc *NetworkServicesController) sync() error {
nsc.mu.Lock()
defer nsc.mu.Unlock()

// enable masquerad rule
err = ensureMasqueradeIptablesRule(nsc.masqueradeAll, nsc.podCidr)
// enable masquerade rule
if err != nil {
glog.Errorf("Failed to do add masquerad rule in POSTROUTING chain of nat table due to: %s", err.Error())
glog.Errorf("Failed to do add masquerade rule in POSTROUTING chain of nat table due to: %s", err.Error())
}

nsc.serviceMap = nsc.buildServicesInfo()
nsc.endpointsMap = nsc.buildEndpointsInfo()
err = nsc.syncHairpinIptablesRules()
if err != nil {
glog.Errorf("Error syncing hairpin iptable rules: %s", err.Error())
glog.Errorf("Error syncing hairpin iptables rules: %s", err.Error())
}

err = nsc.syncIpvsServices(nsc.serviceMap, nsc.endpointsMap)
Expand Down Expand Up @@ -931,7 +931,7 @@ func (nsc *NetworkServicesController) syncIpvsServices(serviceInfoMap serviceInf
fwMark := generateFwmark(externalIP, svc.protocol, strconv.Itoa(svc.port))
externalIpServiceId = fmt.Sprint(fwMark)

// ensure there is iptable mangle table rule to FWMARK the packet
// ensure there is iptables mangle table rule to FWMARK the packet
err = setupMangleTableRule(externalIP, svc.protocol, strconv.Itoa(svc.port), externalIpServiceId)
if err != nil {
glog.Errorf("Failed to setup mangle table rule to FMWARD the traffic to external IP")
Expand Down Expand Up @@ -964,7 +964,7 @@ func (nsc *NetworkServicesController) syncIpvsServices(serviceInfoMap serviceInf
externalIpServices = append(externalIpServices, externalIPService{ipvsSvc: ipvsExternalIPSvc, externalIp: externalIP})
externalIpServiceId = generateIpPortId(externalIP, svc.protocol, strconv.Itoa(svc.port))

// ensure there is NO iptable mangle table rule to FWMARK the packet
// ensure there is NO iptables mangle table rule to FWMARK the packet
fwMark := fmt.Sprint(generateFwmark(externalIP, svc.protocol, strconv.Itoa(svc.port)))
err = nsc.ln.cleanupMangleTableRule(externalIP, svc.protocol, strconv.Itoa(svc.port), fwMark)
if err != nil {
Expand Down Expand Up @@ -1157,7 +1157,7 @@ func (nsc *NetworkServicesController) syncIpvsServices(serviceInfoMap serviceInf

err = nsc.syncIpvsFirewall()
if err != nil {
glog.Errorf("Error syncing ipvs svc iptable rules: %s", err.Error())
glog.Errorf("Error syncing ipvs svc iptables rules: %s", err.Error())
}

glog.V(1).Info("IPVS servers and services are synced to desired state")
Expand Down Expand Up @@ -1471,7 +1471,7 @@ func (nsc *NetworkServicesController) buildEndpointsInfo() endpointsInfoMap {
return endpointsMap
}

// Add an iptable rule to masquerad outbound IPVS traffic. IPVS nat requires that reverse path traffic
// Add an iptables rule to masquerade outbound IPVS traffic. IPVS nat requires that reverse path traffic
// to go through the director for its functioning. So the masquerade rule ensures source IP is modifed
// to node ip, so return traffic from real server (endpoint pods) hits the node/lvs director
func ensureMasqueradeIptablesRule(masqueradeAll bool, podCidr string) error {
Expand All @@ -1496,7 +1496,7 @@ func ensureMasqueradeIptablesRule(masqueradeAll bool, podCidr string) error {
return errors.New("Failed to run iptables command" + err.Error())
}
}
glog.V(2).Info("Successfully synced iptables masquerad rule")
glog.V(2).Info("Successfully synced iptables masquerade rule")
return nil
}

Expand Down Expand Up @@ -1668,7 +1668,7 @@ func deleteHairpinIptablesRules() error {
jumpArgs := []string{"-m", "ipvs", "--vdir", "ORIGINAL", "-j", hairpinChain}
hasHairpinJumpRule, err := iptablesCmdHandler.Exists("nat", "POSTROUTING", jumpArgs...)
if err != nil {
return errors.New("Failed to search POSTROUTING iptable rules: " + err.Error())
return errors.New("Failed to search POSTROUTING iptables rules: " + err.Error())
}

// Delete the jump rule to the hairpin chain
Expand Down Expand Up @@ -1702,7 +1702,7 @@ func deleteMasqueradeIptablesRule() error {
}
postRoutingChainRules, err := iptablesCmdHandler.List("nat", "POSTROUTING")
if err != nil {
return errors.New("Failed to list iptable rules in POSTROUTING chain in nat table" + err.Error())
return errors.New("Failed to list iptables rules in POSTROUTING chain in nat table" + err.Error())
}
for i, rule := range postRoutingChainRules {
if strings.Contains(rule, "ipvs") && strings.Contains(rule, "MASQUERADE") {
Expand Down Expand Up @@ -2003,7 +2003,7 @@ const (
externalIPRouteTableName = "external_ip"
)

// setupMangleTableRule: setsup iptable rule to FWMARK the traffic to exteranl IP vip
// setupMangleTableRule: setsup iptables rule to FWMARK the traffic to exteranl IP vip
func setupMangleTableRule(ip string, protocol string, port string, fwmark string) error {
iptablesCmdHandler, err := iptables.New()
if err != nil {
Expand Down Expand Up @@ -2250,17 +2250,17 @@ func (nsc *NetworkServicesController) Cleanup() {

handle.Close()

// cleanup iptable masquerad rule
// cleanup iptables masquerade rule
err = deleteMasqueradeIptablesRule()
if err != nil {
glog.Errorf("Failed to cleanup iptable masquerade rule due to: %s", err.Error())
glog.Errorf("Failed to cleanup iptablesmasquerade rule due to: %s", err.Error())
return
}

// cleanup iptable hairpin rules
// cleanup iptables hairpin rules
err = deleteHairpinIptablesRules()
if err != nil {
glog.Errorf("Failed to cleanup iptable hairpin rules: %s", err.Error())
glog.Errorf("Failed to cleanup iptables hairpin rules: %s", err.Error())
return
}

Expand Down
6 changes: 3 additions & 3 deletions pkg/controllers/routing/network_routes_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -517,12 +517,12 @@ func (nrc *NetworkRoutingController) Cleanup() {
// Pod egress cleanup
err := nrc.deletePodEgressRule()
if err != nil {
glog.Warningf("Error deleting Pod egress iptable rule: %s", err.Error())
glog.Warningf("Error deleting Pod egress iptables rule: %s", err.Error())
}

err = nrc.deleteBadPodEgressRules()
if err != nil {
glog.Warningf("Error deleting Pod egress iptable rule: %s", err.Error())
glog.Warningf("Error deleting Pod egress iptables rule: %s", err.Error())
}

// delete all ipsets created by kube-router
Expand Down Expand Up @@ -607,7 +607,7 @@ func (nrc *NetworkRoutingController) newIptablesCmdHandler() (*iptables.IPTables
}

// ensure there is rule in filter table and FORWARD chain to permit in/out traffic from pods
// this rules will be appended so that any iptable rules for network policies will take
// this rules will be appended so that any iptables rules for network policies will take
// precedence
func (nrc *NetworkRoutingController) enableForwarding() error {

Expand Down
18 changes: 9 additions & 9 deletions pkg/controllers/routing/pod_egress.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import (
"github.com/golang/glog"
)

// set up MASQUERADE rule so that egress traffic from the pods gets masquraded to node's IP
// set up MASQUERADE rule so that egress traffic from the pods gets masqueraded to node's IP

var (
podEgressArgs4 = []string{"-m", "set", "--match-set", podSubnetsIPSetName, "src",
Expand Down Expand Up @@ -38,12 +38,12 @@ func (nrc *NetworkRoutingController) createPodEgressRule() error {
}
err = iptablesCmdHandler.AppendUnique("nat", "POSTROUTING", podEgressArgs...)
if err != nil {
return errors.New("Failed to add iptable rule to masqurade outbound traffic from pods: " +
return errors.New("Failed to add iptables rule to masquerade outbound traffic from pods: " +
err.Error() + "External connectivity will not work.")

}

glog.V(1).Infof("Added iptables rule to masqurade outbound traffic from pods.")
glog.V(1).Infof("Added iptables rule to masquerade outbound traffic from pods.")
return nil
}

Expand All @@ -59,16 +59,16 @@ func (nrc *NetworkRoutingController) deletePodEgressRule() error {
}
exists, err := iptablesCmdHandler.Exists("nat", "POSTROUTING", podEgressArgs...)
if err != nil {
return errors.New("Failed to lookup iptable rule to masqurade outbound traffic from pods: " + err.Error())
return errors.New("Failed to lookup iptables rule to masquerade outbound traffic from pods: " + err.Error())
}

if exists {
err = iptablesCmdHandler.Delete("nat", "POSTROUTING", podEgressArgs...)
if err != nil {
return errors.New("Failed to delete iptable rule to masqurade outbound traffic from pods: " +
return errors.New("Failed to delete iptables rule to masquerade outbound traffic from pods: " +
err.Error() + ". Pod egress might still work...")
}
glog.Infof("Deleted iptables rule to masqurade outbound traffic from pods.")
glog.Infof("Deleted iptables rule to masquerade outbound traffic from pods.")
}

return nil
Expand All @@ -92,12 +92,12 @@ func (nrc *NetworkRoutingController) deleteBadPodEgressRules() error {
if exists {
err = iptablesCmdHandler.Delete("nat", "POSTROUTING", args...)
if err != nil {
return fmt.Errorf("Failed to delete old/bad iptable rule to "+
"masqurade outbound traffic from pods: %s.\n"+
return fmt.Errorf("Failed to delete old/bad iptables rule to "+
"masquerade outbound traffic from pods: %s.\n"+
"Pod egress might still work, or bugs may persist after upgrade...",
err)
}
glog.Infof("Deleted old/bad iptables rule to masqurade outbound traffic from pods.")
glog.Infof("Deleted old/bad iptables rule to masquerade outbound traffic from pods.")
}
}

Expand Down
2 changes: 1 addition & 1 deletion pkg/options/options.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ func (s *KubeRouterConfig) AddFlags(fs *pflag.FlagSet) {
fs.StringVar(&s.HostnameOverride, "hostname-override", s.HostnameOverride,
"Overrides the NodeName of the node. Set this if kube-router is unable to determine your NodeName automatically.")
fs.BoolVar(&s.GlobalHairpinMode, "hairpin-mode", false,
"Add iptable rules for every Service Endpoint to support hairpin traffic.")
"Add iptables rules for every Service Endpoint to support hairpin traffic.")
fs.BoolVar(&s.NodePortBindOnAllIp, "nodeport-bindon-all-ip", false,
"For service of NodePort type create IPVS service that listens on all IP's of the node.")
fs.BoolVar(&s.EnableOverlay, "enable-overlay", true,
Expand Down

0 comments on commit 00824cd

Please sign in to comment.