From acb3dd45b72c9eefdbd33daa5b0714c8080f057c Mon Sep 17 00:00:00 2001 From: Andrew Sy Kim Date: Wed, 21 Mar 2018 09:18:37 -0400 Subject: [PATCH] use constants for all annotations (#346) --- app/controllers/network_policy_controller.go | 8 ++- app/controllers/network_routes_controller.go | 59 +++++++++++-------- .../network_services_controller.go | 13 ++-- 3 files changed, 48 insertions(+), 32 deletions(-) diff --git a/app/controllers/network_policy_controller.go b/app/controllers/network_policy_controller.go index 2d77446e..035f3b22 100644 --- a/app/controllers/network_policy_controller.go +++ b/app/controllers/network_policy_controller.go @@ -24,6 +24,10 @@ import ( "k8s.io/client-go/kubernetes" ) +const ( + networkPolicyAnnotation = "net.beta.kubernetes.io/network-policy" +) + // Network policy controller provides both ingress and egress filtering for the pods as per the defined network // policies. Two different types of iptables chains are used. Each pod running on the node which either // requires ingress or egress filtering gets a pod specific chains. Each network policy has a iptable chain, which @@ -1245,10 +1249,10 @@ func buildBetaNetworkPoliciesInfo() (*[]networkPolicyInfo, error) { func getNameSpaceDefaultPolicy(namespace string) (string, error) { for _, nspw := range watchers.NamespaceWatcher.List() { if strings.Compare(namespace, nspw.Name) == 0 { - networkPolicyAnnotation, ok := nspw.ObjectMeta.Annotations["net.beta.kubernetes.io/network-policy"] + networkPolicy, ok := nspw.ObjectMeta.Annotations[networkPolicyAnnotation] var annot map[string]map[string]string if ok { - err := json.Unmarshal([]byte(networkPolicyAnnotation), &annot) + err := json.Unmarshal([]byte(networkPolicy), &annot) if err == nil { return annot["ingress"]["isolation"], nil } diff --git a/app/controllers/network_routes_controller.go b/app/controllers/network_routes_controller.go index d4f3e90b..de637f09 100644 --- a/app/controllers/network_routes_controller.go +++ b/app/controllers/network_routes_controller.go @@ -37,6 +37,30 @@ import ( "k8s.io/client-go/tools/cache" ) +var ( + podEgressArgs = []string{"-m", "set", "--match-set", podSubnetsIPSetName, "src", + "-m", "set", "!", "--match-set", podSubnetsIPSetName, "dst", + "-m", "set", "!", "--match-set", nodeAddrsIPSetName, "dst", + "-j", "MASQUERADE"} + podEgressArgsBad = [][]string{{"-m", "set", "--match-set", podSubnetsIPSetName, "src", + "-m", "set", "!", "--match-set", podSubnetsIPSetName, "dst", + "-j", "MASQUERADE"}} +) + +const ( + customRouteTableID = "77" + customRouteTableName = "kube-router" + podSubnetsIPSetName = "kube-router-pod-subnets" + nodeAddrsIPSetName = "kube-router-node-ips" + + nodeASNAnnotation = "kube-router.io/node.asn" + peerASNAnnotation = "kube-router.io/peer.asns" + peerIPAnnotation = "kube-router.io/peer.ips" + peerPasswordAnnotation = "kube-router.io/peer.passwords" + rrClientAnnotation = "kube-router.io/rr.client" + rrServerAnnotation = "kube-router.io/rr.server" +) + // NetworkRoutingController is struct to hold necessary information required by controller type NetworkRoutingController struct { nodeIP net.IP @@ -72,23 +96,6 @@ type NetworkRoutingController struct { initSrcDstCheckDone bool } -var ( - podEgressArgs = []string{"-m", "set", "--match-set", podSubnetsIPSetName, "src", - "-m", "set", "!", "--match-set", podSubnetsIPSetName, "dst", - "-m", "set", "!", "--match-set", nodeAddrsIPSetName, "dst", - "-j", "MASQUERADE"} - podEgressArgsBad = [][]string{{"-m", "set", "--match-set", podSubnetsIPSetName, "src", - "-m", "set", "!", "--match-set", podSubnetsIPSetName, "dst", - "-j", "MASQUERADE"}} -) - -const ( - customRouteTableID = "77" - customRouteTableName = "kube-router" - podSubnetsIPSetName = "kube-router-pod-subnets" - nodeAddrsIPSetName = "kube-router-node-ips" -) - // Run runs forever until we are notified on stop channel func (nrc *NetworkRoutingController) Run(healthChan chan<- *ControllerHeartbeat, stopCh <-chan struct{}, wg *sync.WaitGroup) { cidr, err := utils.GetPodCidrFromCniSpec(nrc.cniConfFile) @@ -1079,7 +1086,7 @@ func (nrc *NetworkRoutingController) syncInternalPeers() { // we are rr-client peer only with rr-server if nrc.bgpRRClient { - if _, ok := node.ObjectMeta.Annotations["kube-router.io/rr.server"]; !ok { + if _, ok := node.ObjectMeta.Annotations[rrServerAnnotation]; !ok { continue } } @@ -1087,7 +1094,7 @@ func (nrc *NetworkRoutingController) syncInternalPeers() { // if node full mesh is not requested then just peer with nodes with same ASN // (run iBGP among same ASN peers) if !nrc.bgpFullMeshMode { - nodeasn, ok := node.ObjectMeta.Annotations["kube-router.io/node.asn"] + nodeasn, ok := node.ObjectMeta.Annotations[nodeASNAnnotation] if !ok { glog.Infof("Not peering with the Node %s as ASN number of the node is unknown.", nodeIP.String()) @@ -1145,7 +1152,7 @@ func (nrc *NetworkRoutingController) syncInternalPeers() { // we are rr-server peer with other rr-client with reflection enabled if nrc.bgpRRServer { - if _, ok := node.ObjectMeta.Annotations["kube-router.io/rr.client"]; ok { + if _, ok := node.ObjectMeta.Annotations[rrClientAnnotation]; ok { //add rr options with clusterId n.RouteReflector = config.RouteReflector{ Config: config.RouteReflectorConfig{ @@ -1358,7 +1365,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error { if nrc.bgpFullMeshMode { nodeAsnNumber = nrc.defaultNodeAsnNumber } else { - nodeasn, ok := node.ObjectMeta.Annotations["kube-router.io/node.asn"] + nodeasn, ok := node.ObjectMeta.Annotations[nodeASNAnnotation] if !ok { return errors.New("Could not find ASN number for the node. " + "Node needs to be annotated with ASN number details to start BGP server.") @@ -1372,7 +1379,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error { nrc.nodeAsnNumber = nodeAsnNumber } - if clusterid, ok := node.ObjectMeta.Annotations["kube-router.io/rr.server"]; ok { + if clusterid, ok := node.ObjectMeta.Annotations[rrServerAnnotation]; ok { glog.Infof("Found rr.server for the node to be %s from the node annotation", clusterid) clusterId, err := strconv.ParseUint(clusterid, 0, 32) if err != nil { @@ -1380,7 +1387,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error { } nrc.bgpClusterId = uint32(clusterId) nrc.bgpRRServer = true - } else if clusterid, ok := node.ObjectMeta.Annotations["kube-router.io/rr.client"]; ok { + } else if clusterid, ok := node.ObjectMeta.Annotations[rrClientAnnotation]; ok { glog.Infof("Found rr.client for the node to be %s from the node annotation", clusterid) clusterId, err := strconv.ParseUint(clusterid, 0, 32) if err != nil { @@ -1424,7 +1431,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error { // else attempt to get peers from node specific BGP annotations. if len(nrc.globalPeerRouters) == 0 { // Get Global Peer Router ASN configs - nodeBgpPeerAsnsAnnotation, ok := node.ObjectMeta.Annotations["kube-router.io/peer.asns"] + nodeBgpPeerAsnsAnnotation, ok := node.ObjectMeta.Annotations[peerASNAnnotation] if !ok { glog.Infof("Could not find BGP peer info for the node in the node annotations so skipping configuring peer.") return nil @@ -1438,7 +1445,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error { } // Get Global Peer Router IP Address configs - nodeBgpPeersAnnotation, ok := node.ObjectMeta.Annotations["kube-router.io/peer.ips"] + nodeBgpPeersAnnotation, ok := node.ObjectMeta.Annotations[peerIPAnnotation] if !ok { glog.Infof("Could not find BGP peer info for the node in the node annotations so skipping configuring peer.") return nil @@ -1452,7 +1459,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error { // Get Global Peer Router Password configs var peerPasswords []string - nodeBGPPasswordsAnnotation, ok := node.ObjectMeta.Annotations["kube-router.io/peer.passwords"] + nodeBGPPasswordsAnnotation, ok := node.ObjectMeta.Annotations[peerPasswordAnnotation] if !ok { glog.Infof("Could not find BGP peer password info in the node's annotations. Assuming no passwords.") } else { diff --git a/app/controllers/network_services_controller.go b/app/controllers/network_services_controller.go index cece5046..6dde744e 100644 --- a/app/controllers/network_services_controller.go +++ b/app/controllers/network_services_controller.go @@ -41,6 +41,11 @@ const ( IFACE_HAS_NO_ADDR = "cannot assign requested address" IPVS_SERVER_EXISTS = "file exists" namespace = "kube_router" + + svcDSRAnnotation = "kube-router.io/service.dsr" + svcSchedulerAnnotation = "kube-router.io/service.scheduler" + svcHairpinAnnotation = "kube-router.io/service.hairpin" + svcLocalAnnotation = "kube-router.io/service.local" ) var ( @@ -847,13 +852,13 @@ func buildServicesInfo() serviceInfoMap { externalIPs: make([]string, len(svc.Spec.ExternalIPs)), local: false, } - dsrMethod, ok := svc.ObjectMeta.Annotations["kube-router.io/service.dsr"] + dsrMethod, ok := svc.ObjectMeta.Annotations[svcDSRAnnotation] if ok { svcInfo.directServerReturn = true svcInfo.directServerReturnMethod = dsrMethod } svcInfo.scheduler = ipvs.RoundRobin - schedulingMethod, ok := svc.ObjectMeta.Annotations["kube-router.io/service.scheduler"] + schedulingMethod, ok := svc.ObjectMeta.Annotations[svcSchedulerAnnotation] if ok { if schedulingMethod == ipvs.RoundRobin { svcInfo.scheduler = ipvs.RoundRobin @@ -867,8 +872,8 @@ func buildServicesInfo() serviceInfoMap { } copy(svcInfo.externalIPs, svc.Spec.ExternalIPs) svcInfo.sessionAffinity = svc.Spec.SessionAffinity == "ClientIP" - _, svcInfo.hairpin = svc.ObjectMeta.Annotations["kube-router.io/service.hairpin"] - _, svcInfo.local = svc.ObjectMeta.Annotations["kube-router.io/service.local"] + _, svcInfo.hairpin = svc.ObjectMeta.Annotations[svcHairpinAnnotation] + _, svcInfo.local = svc.ObjectMeta.Annotations[svcLocalAnnotation] if svc.Spec.ExternalTrafficPolicy == api.ServiceExternalTrafficPolicyTypeLocal { svcInfo.local = true }