use constants for all annotations (#346)

2025-10-08 00:11:07 +02:00 · 2018-03-21 09:18:37 -04:00 · 2018-03-21 09:18:37 -04:00 · acb3dd45b7
commit acb3dd45b7
parent faead6dbeb
3 changed files with 48 additions and 32 deletions
--- a/app/controllers/network_policy_controller.go
+++ b/app/controllers/network_policy_controller.go
@ -24,6 +24,10 @@ import (
 	"k8s.io/client-go/kubernetes"
 )

+const (
+	networkPolicyAnnotation = "net.beta.kubernetes.io/network-policy"
+)
+
 // Network policy controller provides both ingress and egress filtering for the pods as per the defined network
 // policies. Two different types of iptables chains are used. Each pod running on the node which either
 // requires ingress or egress filtering gets a pod specific chains. Each network policy has a iptable chain, which
@ -1245,10 +1249,10 @@ func buildBetaNetworkPoliciesInfo() (*[]networkPolicyInfo, error) {
 func getNameSpaceDefaultPolicy(namespace string) (string, error) {
 	for _, nspw := range watchers.NamespaceWatcher.List() {
 		if strings.Compare(namespace, nspw.Name) == 0 {
-			networkPolicyAnnotation, ok := nspw.ObjectMeta.Annotations["net.beta.kubernetes.io/network-policy"]
+			networkPolicy, ok := nspw.ObjectMeta.Annotations[networkPolicyAnnotation]
 			var annot map[string]map[string]string
 			if ok {
-				err := json.Unmarshal([]byte(networkPolicyAnnotation), &annot)
+				err := json.Unmarshal([]byte(networkPolicy), &annot)
 				if err == nil {
 					return annot["ingress"]["isolation"], nil
 				}
--- a/app/controllers/network_routes_controller.go
+++ b/app/controllers/network_routes_controller.go
@ -37,6 +37,30 @@ import (
 	"k8s.io/client-go/tools/cache"
 )

+var (
+	podEgressArgs = []string{"-m", "set", "--match-set", podSubnetsIPSetName, "src",
+		"-m", "set", "!", "--match-set", podSubnetsIPSetName, "dst",
+		"-m", "set", "!", "--match-set", nodeAddrsIPSetName, "dst",
+		"-j", "MASQUERADE"}
+	podEgressArgsBad = [][]string{{"-m", "set", "--match-set", podSubnetsIPSetName, "src",
+		"-m", "set", "!", "--match-set", podSubnetsIPSetName, "dst",
+		"-j", "MASQUERADE"}}
+)
+
+const (
+	customRouteTableID   = "77"
+	customRouteTableName = "kube-router"
+	podSubnetsIPSetName  = "kube-router-pod-subnets"
+	nodeAddrsIPSetName   = "kube-router-node-ips"
+
+	nodeASNAnnotation      = "kube-router.io/node.asn"
+	peerASNAnnotation      = "kube-router.io/peer.asns"
+	peerIPAnnotation       = "kube-router.io/peer.ips"
+	peerPasswordAnnotation = "kube-router.io/peer.passwords"
+	rrClientAnnotation     = "kube-router.io/rr.client"
+	rrServerAnnotation     = "kube-router.io/rr.server"
+)
+
 // NetworkRoutingController is struct to hold necessary information required by controller
 type NetworkRoutingController struct {
 	nodeIP               net.IP
@ -72,23 +96,6 @@ type NetworkRoutingController struct {
 	initSrcDstCheckDone  bool
 }

-var (
-	podEgressArgs = []string{"-m", "set", "--match-set", podSubnetsIPSetName, "src",
-		"-m", "set", "!", "--match-set", podSubnetsIPSetName, "dst",
-		"-m", "set", "!", "--match-set", nodeAddrsIPSetName, "dst",
-		"-j", "MASQUERADE"}
-	podEgressArgsBad = [][]string{{"-m", "set", "--match-set", podSubnetsIPSetName, "src",
-		"-m", "set", "!", "--match-set", podSubnetsIPSetName, "dst",
-		"-j", "MASQUERADE"}}
-)
-
-const (
-	customRouteTableID   = "77"
-	customRouteTableName = "kube-router"
-	podSubnetsIPSetName  = "kube-router-pod-subnets"
-	nodeAddrsIPSetName   = "kube-router-node-ips"
-)
-
 // Run runs forever until we are notified on stop channel
 func (nrc *NetworkRoutingController) Run(healthChan chan<- *ControllerHeartbeat, stopCh <-chan struct{}, wg *sync.WaitGroup) {
 	cidr, err := utils.GetPodCidrFromCniSpec(nrc.cniConfFile)
@ -1079,7 +1086,7 @@ func (nrc *NetworkRoutingController) syncInternalPeers() {

 		// we are rr-client peer only with rr-server
 		if nrc.bgpRRClient {
-			if _, ok := node.ObjectMeta.Annotations["kube-router.io/rr.server"]; !ok {
+			if _, ok := node.ObjectMeta.Annotations[rrServerAnnotation]; !ok {
 				continue
 			}
 		}
@ -1087,7 +1094,7 @@ func (nrc *NetworkRoutingController) syncInternalPeers() {
 		// if node full mesh is not requested then just peer with nodes with same ASN
 		// (run iBGP among same ASN peers)
 		if !nrc.bgpFullMeshMode {
-			nodeasn, ok := node.ObjectMeta.Annotations["kube-router.io/node.asn"]
+			nodeasn, ok := node.ObjectMeta.Annotations[nodeASNAnnotation]
 			if !ok {
 				glog.Infof("Not peering with the Node %s as ASN number of the node is unknown.",
 					nodeIP.String())
@ -1145,7 +1152,7 @@ func (nrc *NetworkRoutingController) syncInternalPeers() {

 		// we are rr-server peer with other rr-client with reflection enabled
 		if nrc.bgpRRServer {
-			if _, ok := node.ObjectMeta.Annotations["kube-router.io/rr.client"]; ok {
+			if _, ok := node.ObjectMeta.Annotations[rrClientAnnotation]; ok {
 				//add rr options with clusterId
 				n.RouteReflector = config.RouteReflector{
 					Config: config.RouteReflectorConfig{
@ -1358,7 +1365,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error {
 	if nrc.bgpFullMeshMode {
 		nodeAsnNumber = nrc.defaultNodeAsnNumber
 	} else {
-		nodeasn, ok := node.ObjectMeta.Annotations["kube-router.io/node.asn"]
+		nodeasn, ok := node.ObjectMeta.Annotations[nodeASNAnnotation]
 		if !ok {
 			return errors.New("Could not find ASN number for the node. " +
 				"Node needs to be annotated with ASN number details to start BGP server.")
@ -1372,7 +1379,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error {
 		nrc.nodeAsnNumber = nodeAsnNumber
 	}

-	if clusterid, ok := node.ObjectMeta.Annotations["kube-router.io/rr.server"]; ok {
+	if clusterid, ok := node.ObjectMeta.Annotations[rrServerAnnotation]; ok {
 		glog.Infof("Found rr.server for the node to be %s from the node annotation", clusterid)
 		clusterId, err := strconv.ParseUint(clusterid, 0, 32)
 		if err != nil {
@ -1380,7 +1387,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error {
 		}
 		nrc.bgpClusterId = uint32(clusterId)
 		nrc.bgpRRServer = true
-	} else if clusterid, ok := node.ObjectMeta.Annotations["kube-router.io/rr.client"]; ok {
+	} else if clusterid, ok := node.ObjectMeta.Annotations[rrClientAnnotation]; ok {
 		glog.Infof("Found rr.client for the node to be %s from the node annotation", clusterid)
 		clusterId, err := strconv.ParseUint(clusterid, 0, 32)
 		if err != nil {
@ -1424,7 +1431,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error {
 	// else attempt to get peers from node specific BGP annotations.
 	if len(nrc.globalPeerRouters) == 0 {
 		// Get Global Peer Router ASN configs
-		nodeBgpPeerAsnsAnnotation, ok := node.ObjectMeta.Annotations["kube-router.io/peer.asns"]
+		nodeBgpPeerAsnsAnnotation, ok := node.ObjectMeta.Annotations[peerASNAnnotation]
 		if !ok {
 			glog.Infof("Could not find BGP peer info for the node in the node annotations so skipping configuring peer.")
 			return nil
@ -1438,7 +1445,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error {
 		}

 		// Get Global Peer Router IP Address configs
-		nodeBgpPeersAnnotation, ok := node.ObjectMeta.Annotations["kube-router.io/peer.ips"]
+		nodeBgpPeersAnnotation, ok := node.ObjectMeta.Annotations[peerIPAnnotation]
 		if !ok {
 			glog.Infof("Could not find BGP peer info for the node in the node annotations so skipping configuring peer.")
 			return nil
@ -1452,7 +1459,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error {

 		// Get Global Peer Router Password configs
 		var peerPasswords []string
-		nodeBGPPasswordsAnnotation, ok := node.ObjectMeta.Annotations["kube-router.io/peer.passwords"]
+		nodeBGPPasswordsAnnotation, ok := node.ObjectMeta.Annotations[peerPasswordAnnotation]
 		if !ok {
 			glog.Infof("Could not find BGP peer password info in the node's annotations. Assuming no passwords.")
 		} else {
--- a/app/controllers/network_services_controller.go
+++ b/app/controllers/network_services_controller.go
@ -41,6 +41,11 @@ const (
 	IFACE_HAS_NO_ADDR  = "cannot assign requested address"
 	IPVS_SERVER_EXISTS = "file exists"
 	namespace          = "kube_router"
+
+	svcDSRAnnotation       = "kube-router.io/service.dsr"
+	svcSchedulerAnnotation = "kube-router.io/service.scheduler"
+	svcHairpinAnnotation   = "kube-router.io/service.hairpin"
+	svcLocalAnnotation     = "kube-router.io/service.local"
 )

 var (
@ -847,13 +852,13 @@ func buildServicesInfo() serviceInfoMap {
 				externalIPs: make([]string, len(svc.Spec.ExternalIPs)),
 				local:       false,
 			}
-			dsrMethod, ok := svc.ObjectMeta.Annotations["kube-router.io/service.dsr"]
+			dsrMethod, ok := svc.ObjectMeta.Annotations[svcDSRAnnotation]
 			if ok {
 				svcInfo.directServerReturn = true
 				svcInfo.directServerReturnMethod = dsrMethod
 			}
 			svcInfo.scheduler = ipvs.RoundRobin
-			schedulingMethod, ok := svc.ObjectMeta.Annotations["kube-router.io/service.scheduler"]
+			schedulingMethod, ok := svc.ObjectMeta.Annotations[svcSchedulerAnnotation]
 			if ok {
 				if schedulingMethod == ipvs.RoundRobin {
 					svcInfo.scheduler = ipvs.RoundRobin
@ -867,8 +872,8 @@ func buildServicesInfo() serviceInfoMap {
 			}
 			copy(svcInfo.externalIPs, svc.Spec.ExternalIPs)
 			svcInfo.sessionAffinity = svc.Spec.SessionAffinity == "ClientIP"
-			_, svcInfo.hairpin = svc.ObjectMeta.Annotations["kube-router.io/service.hairpin"]
-			_, svcInfo.local = svc.ObjectMeta.Annotations["kube-router.io/service.local"]
+			_, svcInfo.hairpin = svc.ObjectMeta.Annotations[svcHairpinAnnotation]
+			_, svcInfo.local = svc.ObjectMeta.Annotations[svcLocalAnnotation]
 			if svc.Spec.ExternalTrafficPolicy == api.ServiceExternalTrafficPolicyTypeLocal {
 				svcInfo.local = true
 			}