Merge pull request #30727 from asalkeld/iptables-caps

Automatic merge from submit-queue Clean up IPTables caps i.e.: sed -i "s/Iptables/IPTables/g" Fixes #30651
2016-09-06 09:01:27 -07:00 · 2016-09-06 09:01:27 -07:00 · 2a7d0df30d
parent 34f3633b0b f785f3d3ef
commit 2a7d0df30d
13 changed files with 107 additions and 116 deletions
--- a/cmd/kube-proxy/app/server.go
+++ b/cmd/kube-proxy/app/server.go
@ -68,14 +68,14 @@ type ProxyServer struct {
 const (
 	proxyModeUserspace              = "userspace"
-	proxyModeIptables               = "iptables"
+	proxyModeIPTables               = "iptables"
 	experimentalProxyModeAnnotation = options.ExperimentalProxyModeAnnotation
 	betaProxyModeAnnotation         = "net.beta.kubernetes.io/proxy-mode"
 )
 func checkKnownProxyMode(proxyMode string) bool {
 	switch proxyMode {
-	case "", proxyModeUserspace, proxyModeIptables:
+	case "", proxyModeUserspace, proxyModeIPTables:
 		return true
 	}
 	return false
@ -199,18 +199,18 @@ func NewProxyServerDefault(config *options.ProxyServerConfig) (*ProxyServer, err
 	var endpointsHandler proxyconfig.EndpointsConfigHandler
 	proxyMode := getProxyMode(string(config.Mode), client.Nodes(), hostname, iptInterface, iptables.LinuxKernelCompatTester{})
-	if proxyMode == proxyModeIptables {
+	if proxyMode == proxyModeIPTables {
 		glog.V(0).Info("Using iptables Proxier.")
 		if config.IPTablesMasqueradeBit == nil {
 			// IPTablesMasqueradeBit must be specified or defaulted.
 			return nil, fmt.Errorf("Unable to read IPTablesMasqueradeBit from config")
 		}
-		proxierIptables, err := iptables.NewProxier(iptInterface, utilsysctl.New(), execer, config.IPTablesSyncPeriod.Duration, config.MasqueradeAll, int(*config.IPTablesMasqueradeBit), config.ClusterCIDR, hostname, getNodeIP(client, hostname))
+		proxierIPTables, err := iptables.NewProxier(iptInterface, utilsysctl.New(), execer, config.IPTablesSyncPeriod.Duration, config.MasqueradeAll, int(*config.IPTablesMasqueradeBit), config.ClusterCIDR, hostname, getNodeIP(client, hostname))
 		if err != nil {
 			glog.Fatalf("Unable to create proxier: %v", err)
 		}
-		proxier = proxierIptables
+		proxier = proxierIPTables
-		endpointsHandler = proxierIptables
+		endpointsHandler = proxierIPTables
 		// No turning back. Remove artifacts that might still exist from the userspace Proxier.
 		glog.V(0).Info("Tearing down userspace rules.")
 		userspace.CleanupLeftovers(iptInterface)
@ -350,28 +350,28 @@ type nodeGetter interface {
 	Get(hostname string) (*api.Node, error)
 }
-func getProxyMode(proxyMode string, client nodeGetter, hostname string, iptver iptables.IptablesVersioner, kcompat iptables.KernelCompatTester) string {
+func getProxyMode(proxyMode string, client nodeGetter, hostname string, iptver iptables.IPTablesVersioner, kcompat iptables.KernelCompatTester) string {
 	if proxyMode == proxyModeUserspace {
 		return proxyModeUserspace
-	} else if proxyMode == proxyModeIptables {
+	} else if proxyMode == proxyModeIPTables {
-		return tryIptablesProxy(iptver, kcompat)
+		return tryIPTablesProxy(iptver, kcompat)
 	} else if proxyMode != "" {
 		glog.Warningf("Flag proxy-mode=%q unknown, assuming iptables proxy", proxyMode)
-		return tryIptablesProxy(iptver, kcompat)
+		return tryIPTablesProxy(iptver, kcompat)
 	}
 	// proxyMode == "" - choose the best option.
 	if client == nil {
 		glog.Errorf("nodeGetter is nil: assuming iptables proxy")
-		return tryIptablesProxy(iptver, kcompat)
+		return tryIPTablesProxy(iptver, kcompat)
 	}
 	node, err := client.Get(hostname)
 	if err != nil {
 		glog.Errorf("Can't get Node %q, assuming iptables proxy, err: %v", hostname, err)
-		return tryIptablesProxy(iptver, kcompat)
+		return tryIPTablesProxy(iptver, kcompat)
 	}
 	if node == nil {
 		glog.Errorf("Got nil Node %q, assuming iptables proxy", hostname)
-		return tryIptablesProxy(iptver, kcompat)
+		return tryIPTablesProxy(iptver, kcompat)
 	}
 	proxyMode, found := node.Annotations[betaProxyModeAnnotation]
 	if found {
@ -387,19 +387,19 @@ func getProxyMode(proxyMode string, client nodeGetter, hostname string, iptver i
 		glog.V(1).Infof("Annotation demands userspace proxy")
 		return proxyModeUserspace
 	}
-	return tryIptablesProxy(iptver, kcompat)
+	return tryIPTablesProxy(iptver, kcompat)
 }
-func tryIptablesProxy(iptver iptables.IptablesVersioner, kcompat iptables.KernelCompatTester) string {
+func tryIPTablesProxy(iptver iptables.IPTablesVersioner, kcompat iptables.KernelCompatTester) string {
 	var err error
 	// guaranteed false on error, error only necessary for debugging
-	useIptablesProxy, err := iptables.CanUseIptablesProxier(iptver, kcompat)
+	useIPTablesProxy, err := iptables.CanUseIPTablesProxier(iptver, kcompat)
 	if err != nil {
 		glog.Errorf("Can't determine whether to use iptables proxy, using userspace proxier: %v", err)
 		return proxyModeUserspace
 	}
-	if useIptablesProxy {
+	if useIPTablesProxy {
-		return proxyModeIptables
+		return proxyModeIPTables
 	}
 	// Fallback.
 	glog.V(1).Infof("Can't use iptables proxy, using userspace proxier: %v", err)
--- a/cmd/kube-proxy/app/server_test.go
+++ b/cmd/kube-proxy/app/server_test.go
@ -38,12 +38,12 @@ func (fake *fakeNodeInterface) Get(hostname string) (*api.Node, error) {
 	return &fake.node, nil
 }
-type fakeIptablesVersioner struct {
+type fakeIPTablesVersioner struct {
 	version string // what to return
 	err     error  // what to return
 }
-func (fake *fakeIptablesVersioner) GetVersion() (string, error) {
+func (fake *fakeIPTablesVersioner) GetVersion() (string, error) {
 	return fake.version, fake.err
 }
@ -95,7 +95,7 @@ func Test_getProxyMode(t *testing.T) {
 			flag:            "iptables",
 			iptablesVersion: iptables.MinCheckVersion,
 			kernelCompat:    true,
-			expected:        proxyModeIptables,
+			expected:        proxyModeIPTables,
 		},
 		{ // detect, error
 			flag:          "",
@ -117,7 +117,7 @@ func Test_getProxyMode(t *testing.T) {
 			flag:            "",
 			iptablesVersion: iptables.MinCheckVersion,
 			kernelCompat:    true,
-			expected:        proxyModeIptables,
+			expected:        proxyModeIPTables,
 		},
 		{ // annotation says userspace
 			flag:          "",
@ -153,7 +153,7 @@ func Test_getProxyMode(t *testing.T) {
 			annotationVal:   "iptables",
 			iptablesVersion: iptables.MinCheckVersion,
 			kernelCompat:    true,
-			expected:        proxyModeIptables,
+			expected:        proxyModeIPTables,
 		},
 		{ // annotation says something else, version ok
 			flag:            "",
@ -161,7 +161,7 @@ func Test_getProxyMode(t *testing.T) {
 			annotationVal:   "other",
 			iptablesVersion: iptables.MinCheckVersion,
 			kernelCompat:    true,
-			expected:        proxyModeIptables,
+			expected:        proxyModeIPTables,
 		},
 		{ // annotation says nothing, version ok
 			flag:            "",
@ -169,7 +169,7 @@ func Test_getProxyMode(t *testing.T) {
 			annotationVal:   "",
 			iptablesVersion: iptables.MinCheckVersion,
 			kernelCompat:    true,
-			expected:        proxyModeIptables,
+			expected:        proxyModeIPTables,
 		},
 		{ // annotation says userspace
 			flag:          "",
@ -205,7 +205,7 @@ func Test_getProxyMode(t *testing.T) {
 			annotationVal:   "iptables",
 			iptablesVersion: iptables.MinCheckVersion,
 			kernelCompat:    true,
-			expected:        proxyModeIptables,
+			expected:        proxyModeIPTables,
 		},
 		{ // annotation says something else, version ok
 			flag:            "",
@ -213,7 +213,7 @@ func Test_getProxyMode(t *testing.T) {
 			annotationVal:   "other",
 			iptablesVersion: iptables.MinCheckVersion,
 			kernelCompat:    true,
-			expected:        proxyModeIptables,
+			expected:        proxyModeIPTables,
 		},
 		{ // annotation says nothing, version ok
 			flag:            "",
@ -221,7 +221,7 @@ func Test_getProxyMode(t *testing.T) {
 			annotationVal:   "",
 			iptablesVersion: iptables.MinCheckVersion,
 			kernelCompat:    true,
-			expected:        proxyModeIptables,
+			expected:        proxyModeIPTables,
 		},
 		{ // flag says userspace, annotation disagrees
 			flag:            "userspace",
@ -236,7 +236,7 @@ func Test_getProxyMode(t *testing.T) {
 			annotationVal:   "userspace",
 			iptablesVersion: iptables.MinCheckVersion,
 			kernelCompat:    true,
-			expected:        proxyModeIptables,
+			expected:        proxyModeIPTables,
 		},
 		{ // flag says userspace, annotation disagrees
 			flag:            "userspace",
@ -251,13 +251,13 @@ func Test_getProxyMode(t *testing.T) {
 			annotationVal:   "userspace",
 			iptablesVersion: iptables.MinCheckVersion,
 			kernelCompat:    true,
-			expected:        proxyModeIptables,
+			expected:        proxyModeIPTables,
 		},
 	}
 	for i, c := range cases {
 		getter := &fakeNodeInterface{}
 		getter.node.Annotations = map[string]string{c.annotationKey: c.annotationVal}
-		versioner := &fakeIptablesVersioner{c.iptablesVersion, c.iptablesError}
+		versioner := &fakeIPTablesVersioner{c.iptablesVersion, c.iptablesError}
 		kcompater := &fakeKernelCompatTester{c.kernelCompat}
 		r := getProxyMode(c.flag, getter, "host", versioner, kcompater)
 		if r != c.expected {
--- a/pkg/kubelet/eviction/eviction_manager.go
+++ b/pkg/kubelet/eviction/eviction_manager.go
@ -98,12 +98,8 @@ func (m *managerImpl) Admit(attrs *lifecycle.PodAdmitAttributes) lifecycle.PodAd
 		return lifecycle.PodAdmitResult{Admit: true}
 	}
-	// Check the node conditions to identify the resource under pressure.
+	// the node has memory pressure, admit if not best-effort
 	// The resource can only be either disk or memory; set the default to disk.
 	resource := api.ResourceStorage
 	if hasNodeCondition(m.nodeConditions, api.NodeMemoryPressure) {
 		resource = api.ResourceMemory
 		// the node has memory pressure, admit if not best-effort
 		notBestEffort := qos.BestEffort != qos.GetPodQOS(attrs.Pod)
 		if notBestEffort {
 			return lifecycle.PodAdmitResult{Admit: true}
@ -111,11 +107,11 @@ func (m *managerImpl) Admit(attrs *lifecycle.PodAdmitAttributes) lifecycle.PodAd
 	}
 	// reject pods when under memory pressure (if pod is best effort), or if under disk pressure.
-	glog.Warningf("Failed to admit pod %q - node has conditions: %v", format.Pod(attrs.Pod), m.nodeConditions)
+	glog.Warningf("Failed to admit pod %v - %s", format.Pod(attrs.Pod), "node has conditions: %v", m.nodeConditions)
 	return lifecycle.PodAdmitResult{
 		Admit:   false,
 		Reason:  reason,
-		Message: getMessage(resource),
+		Message: message,
 	}
 }
@ -248,7 +244,6 @@ func (m *managerImpl) synchronize(diskInfoProvider DiskInfoProvider, podFunc Act
 	glog.Infof("eviction manager: pods ranked for eviction: %s", format.Pods(activePods))
 	// we kill at most a single pod during each eviction interval
 	message := getMessage(resourceToReclaim)
 	for i := range activePods {
 		pod := activePods[i]
 		status := api.PodStatus{
--- a/pkg/kubelet/eviction/helpers.go
+++ b/pkg/kubelet/eviction/helpers.go
@ -37,8 +37,8 @@ const (
 	unsupportedEvictionSignal = "unsupported eviction signal %v"
 	// the reason reported back in status.
 	reason = "Evicted"
-	// the message format associated with the reason.
+	// the message associated with the reason.
-	messageFmt = "The node was low on %s."
+	message = "The node was low on compute resources."
 	// disk, in bytes.  internal to this module, used to account for local disk usage.
 	resourceDisk api.ResourceName = "disk"
 	// inodes, number. internal to this module, used to account for local disk inode consumption.
@ -894,7 +894,3 @@ func deleteImages(imageGC ImageGC, reportBytesFreed bool) nodeReclaimFunc {
 		return resource.NewQuantity(reclaimed, resource.BinarySI), nil
 	}
 }
 func getMessage(resource api.ResourceName) string {
 	return fmt.Sprintf(messageFmt, resource)
 }
--- a/pkg/kubelet/network/hostport/fake_iptables.go
+++ b/pkg/kubelet/network/hostport/fake_iptables.go
@ -35,21 +35,21 @@ type fakeTable struct {
 	chains map[string]*fakeChain
 }
-type fakeIptables struct {
+type fakeIPTables struct {
 	tables map[string]*fakeTable
 }
-func NewFakeIptables() *fakeIptables {
+func NewFakeIPTables() *fakeIPTables {
-	return &fakeIptables{
+	return &fakeIPTables{
 		tables: make(map[string]*fakeTable, 0),
 	}
 }
-func (f *fakeIptables) GetVersion() (string, error) {
+func (f *fakeIPTables) GetVersion() (string, error) {
 	return "1.4.21", nil
 }
-func (f *fakeIptables) getTable(tableName utiliptables.Table) (*fakeTable, error) {
+func (f *fakeIPTables) getTable(tableName utiliptables.Table) (*fakeTable, error) {
 	table, ok := f.tables[string(tableName)]
 	if !ok {
 		return nil, fmt.Errorf("Table %s does not exist", tableName)
@ -57,7 +57,7 @@ func (f *fakeIptables) getTable(tableName utiliptables.Table) (*fakeTable, error
 	return table, nil
 }
-func (f *fakeIptables) getChain(tableName utiliptables.Table, chainName utiliptables.Chain) (*fakeTable, *fakeChain, error) {
+func (f *fakeIPTables) getChain(tableName utiliptables.Table, chainName utiliptables.Chain) (*fakeTable, *fakeChain, error) {
 	table, err := f.getTable(tableName)
 	if err != nil {
 		return nil, nil, err
@ -71,7 +71,7 @@ func (f *fakeIptables) getChain(tableName utiliptables.Table, chainName utilipta
 	return table, chain, nil
 }
-func (f *fakeIptables) ensureChain(tableName utiliptables.Table, chainName utiliptables.Chain) (bool, *fakeChain) {
+func (f *fakeIPTables) ensureChain(tableName utiliptables.Table, chainName utiliptables.Chain) (bool, *fakeChain) {
 	table, chain, err := f.getChain(tableName, chainName)
 	if err != nil {
 		// either table or table+chain don't exist yet
@ -92,12 +92,12 @@ func (f *fakeIptables) ensureChain(tableName utiliptables.Table, chainName utili
 	return true, chain
 }
-func (f *fakeIptables) EnsureChain(tableName utiliptables.Table, chainName utiliptables.Chain) (bool, error) {
+func (f *fakeIPTables) EnsureChain(tableName utiliptables.Table, chainName utiliptables.Chain) (bool, error) {
 	existed, _ := f.ensureChain(tableName, chainName)
 	return existed, nil
 }
-func (f *fakeIptables) FlushChain(tableName utiliptables.Table, chainName utiliptables.Chain) error {
+func (f *fakeIPTables) FlushChain(tableName utiliptables.Table, chainName utiliptables.Chain) error {
 	_, chain, err := f.getChain(tableName, chainName)
 	if err != nil {
 		return err
@ -106,7 +106,7 @@ func (f *fakeIptables) FlushChain(tableName utiliptables.Table, chainName utilip
 	return nil
 }
-func (f *fakeIptables) DeleteChain(tableName utiliptables.Table, chainName utiliptables.Chain) error {
+func (f *fakeIPTables) DeleteChain(tableName utiliptables.Table, chainName utiliptables.Chain) error {
 	table, _, err := f.getChain(tableName, chainName)
 	if err != nil {
 		return err
@ -125,7 +125,7 @@ func findRule(chain *fakeChain, rule string) int {
 	return -1
 }
-func (f *fakeIptables) ensureRule(position utiliptables.RulePosition, tableName utiliptables.Table, chainName utiliptables.Chain, rule string) (bool, error) {
+func (f *fakeIPTables) ensureRule(position utiliptables.RulePosition, tableName utiliptables.Table, chainName utiliptables.Chain, rule string) (bool, error) {
 	_, chain, err := f.getChain(tableName, chainName)
 	if err != nil {
 		_, chain = f.ensureChain(tableName, chainName)
@ -192,7 +192,7 @@ func normalizeRule(rule string) (string, error) {
 	return normalized, nil
 }
-func (f *fakeIptables) EnsureRule(position utiliptables.RulePosition, tableName utiliptables.Table, chainName utiliptables.Chain, args ...string) (bool, error) {
+func (f *fakeIPTables) EnsureRule(position utiliptables.RulePosition, tableName utiliptables.Table, chainName utiliptables.Chain, args ...string) (bool, error) {
 	ruleArgs := make([]string, 0)
 	for _, arg := range args {
 		// quote args with internal spaces (like comments)
@ -204,7 +204,7 @@ func (f *fakeIptables) EnsureRule(position utiliptables.RulePosition, tableName
 	return f.ensureRule(position, tableName, chainName, strings.Join(ruleArgs, " "))
 }
-func (f *fakeIptables) DeleteRule(tableName utiliptables.Table, chainName utiliptables.Chain, args ...string) error {
+func (f *fakeIPTables) DeleteRule(tableName utiliptables.Table, chainName utiliptables.Chain, args ...string) error {
 	_, chain, err := f.getChain(tableName, chainName)
 	if err == nil {
 		rule := strings.Join(args, " ")
@ -217,7 +217,7 @@ func (f *fakeIptables) DeleteRule(tableName utiliptables.Table, chainName utilip
 	return nil
 }
-func (f *fakeIptables) IsIpv6() bool {
+func (f *fakeIPTables) IsIpv6() bool {
 	return false
 }
@ -227,7 +227,7 @@ func saveChain(chain *fakeChain, data *bytes.Buffer) {
 	}
 }
-func (f *fakeIptables) Save(tableName utiliptables.Table) ([]byte, error) {
+func (f *fakeIPTables) Save(tableName utiliptables.Table) ([]byte, error) {
 	table, err := f.getTable(tableName)
 	if err != nil {
 		return nil, err
@ -246,7 +246,7 @@ func (f *fakeIptables) Save(tableName utiliptables.Table) ([]byte, error) {
 	return data.Bytes(), nil
 }
-func (f *fakeIptables) SaveAll() ([]byte, error) {
+func (f *fakeIPTables) SaveAll() ([]byte, error) {
 	data := bytes.NewBuffer(nil)
 	for _, table := range f.tables {
 		tableData, err := f.Save(table.name)
@ -260,7 +260,7 @@ func (f *fakeIptables) SaveAll() ([]byte, error) {
 	return data.Bytes(), nil
 }
-func (f *fakeIptables) restore(restoreTableName utiliptables.Table, data []byte, flush utiliptables.FlushFlag) error {
+func (f *fakeIPTables) restore(restoreTableName utiliptables.Table, data []byte, flush utiliptables.FlushFlag) error {
 	buf := bytes.NewBuffer(data)
 	var tableName utiliptables.Table
 	for {
@ -320,16 +320,16 @@ func (f *fakeIptables) restore(restoreTableName utiliptables.Table, data []byte,
 	return nil
 }
-func (f *fakeIptables) Restore(tableName utiliptables.Table, data []byte, flush utiliptables.FlushFlag, counters utiliptables.RestoreCountersFlag) error {
+func (f *fakeIPTables) Restore(tableName utiliptables.Table, data []byte, flush utiliptables.FlushFlag, counters utiliptables.RestoreCountersFlag) error {
 	return f.restore(tableName, data, flush)
 }
-func (f *fakeIptables) RestoreAll(data []byte, flush utiliptables.FlushFlag, counters utiliptables.RestoreCountersFlag) error {
+func (f *fakeIPTables) RestoreAll(data []byte, flush utiliptables.FlushFlag, counters utiliptables.RestoreCountersFlag) error {
 	return f.restore("", data, flush)
 }
-func (f *fakeIptables) AddReloadFunc(reloadFunc func()) {
+func (f *fakeIPTables) AddReloadFunc(reloadFunc func()) {
 }
-func (f *fakeIptables) Destroy() {
+func (f *fakeIPTables) Destroy() {
 }
--- a/pkg/kubelet/network/hostport/hostport.go
+++ b/pkg/kubelet/network/hostport/hostport.go
@ -162,7 +162,7 @@ func writeLine(buf *bytes.Buffer, words ...string) {
 //hostportChainName takes containerPort for a pod and returns associated iptables chain.
 // This is computed by hashing (sha256)
 // then encoding to base32 and truncating with the prefix "KUBE-SVC-".  We do
-// this because Iptables Chain Names must be <= 28 chars long, and the longer
+// this because IPTables Chain Names must be <= 28 chars long, and the longer
 // they are the harder they are to read.
 func hostportChainName(cp api.ContainerPort, podFullName string) utiliptables.Chain {
 	hash := sha256.Sum256([]byte(string(cp.HostPort) + string(cp.Protocol) + podFullName))
@ -293,7 +293,7 @@ func (h *handler) SyncHostports(natInterfaceName string, runningPods []*RunningP
 		writeLine(natRules, args...)
 		// Create hostport chain to DNAT traffic to final destination
-		// Iptables will maintained the stats for this chain
+		// IPTables will maintained the stats for this chain
 		args = []string{
 			"-A", string(hostportChain),
 			"-m", "comment", "--comment", fmt.Sprintf(`"%s hostport %d"`, target.podFullName, containerPort.HostPort),
--- a/pkg/kubelet/network/hostport/hostport_test.go
+++ b/pkg/kubelet/network/hostport/hostport_test.go
@ -52,11 +52,11 @@ type ruleMatch struct {
 }
 func TestOpenPodHostports(t *testing.T) {
-	fakeIptables := NewFakeIptables()
+	fakeIPTables := NewFakeIPTables()
 	h := &handler{
 		hostPortMap: make(map[hostport]closeable),
-		iptables:    fakeIptables,
+		iptables:    fakeIPTables,
 		portOpener:  openFakeSocket,
 	}
@ -198,7 +198,7 @@ func TestOpenPodHostports(t *testing.T) {
 	}
 	for _, rule := range genericRules {
-		_, chain, err := fakeIptables.getChain(utiliptables.TableNAT, utiliptables.Chain(rule.chain))
+		_, chain, err := fakeIPTables.getChain(utiliptables.TableNAT, utiliptables.Chain(rule.chain))
 		if err != nil {
 			t.Fatalf("Expected NAT chain %s did not exist", rule.chain)
 		}
@ -211,7 +211,7 @@ func TestOpenPodHostports(t *testing.T) {
 	for _, test := range tests {
 		for _, match := range test.matches {
 			// Ensure chain exists
-			_, chain, err := fakeIptables.getChain(utiliptables.TableNAT, utiliptables.Chain(match.chain))
+			_, chain, err := fakeIPTables.getChain(utiliptables.TableNAT, utiliptables.Chain(match.chain))
 			if err != nil {
 				t.Fatalf("Expected NAT chain %s did not exist", match.chain)
 			}
--- a/pkg/kubelet/network/kubenet/kubenet_linux.go
+++ b/pkg/kubelet/network/kubenet/kubenet_linux.go
@ -54,7 +54,7 @@ const (
 	BridgeName        = "cbr0"
 	DefaultCNIDir     = "/opt/cni/bin"
-	sysctlBridgeCallIptables = "net/bridge/bridge-nf-call-iptables"
+	sysctlBridgeCallIPTables = "net/bridge/bridge-nf-call-iptables"
 	// fallbackMTU is used if an MTU is not specified, and we cannot determine the MTU
 	fallbackMTU = 1460
@ -142,9 +142,9 @@ func (plugin *kubenetNetworkPlugin) Init(host network.Host, hairpinMode componen
 	// was built-in, we simply ignore the error here. A better thing to do is
 	// to check the kernel version in the future.
 	plugin.execer.Command("modprobe", "br-netfilter").CombinedOutput()
-	err := plugin.sysctl.SetSysctl(sysctlBridgeCallIptables, 1)
+	err := plugin.sysctl.SetSysctl(sysctlBridgeCallIPTables, 1)
 	if err != nil {
-		glog.Warningf("can't set sysctl %s: %v", sysctlBridgeCallIptables, err)
+		glog.Warningf("can't set sysctl %s: %v", sysctlBridgeCallIPTables, err)
 	}
 	plugin.loConfig, err = libcni.ConfFromBytes([]byte(`{
--- a/pkg/kubelet/network/plugins.go
+++ b/pkg/kubelet/network/plugins.go
@ -154,7 +154,7 @@ func UnescapePluginName(in string) string {
 type NoopNetworkPlugin struct {
 }
-const sysctlBridgeCallIptables = "net/bridge/bridge-nf-call-iptables"
+const sysctlBridgeCallIPTables = "net/bridge/bridge-nf-call-iptables"
 func (plugin *NoopNetworkPlugin) Init(host Host, hairpinMode componentconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) error {
 	// Set bridge-nf-call-iptables=1 to maintain compatibility with older
@ -166,8 +166,8 @@ func (plugin *NoopNetworkPlugin) Init(host Host, hairpinMode componentconfig.Hai
 	// Ensure the netfilter module is loaded on kernel >= 3.18; previously
 	// it was built-in.
 	utilexec.New().Command("modprobe", "br-netfilter").CombinedOutput()
-	if err := utilsysctl.New().SetSysctl(sysctlBridgeCallIptables, 1); err != nil {
+	if err := utilsysctl.New().SetSysctl(sysctlBridgeCallIPTables, 1); err != nil {
-		glog.Warningf("can't set sysctl %s: %v", sysctlBridgeCallIptables, err)
+		glog.Warningf("can't set sysctl %s: %v", sysctlBridgeCallIPTables, err)
 	}
 	return nil
--- a/pkg/proxy/iptables/proxier.go
+++ b/pkg/proxy/iptables/proxier.go
@ -74,8 +74,8 @@ const (
 	KubeMarkDropChain utiliptables.Chain = "KUBE-MARK-DROP"
 )
-// IptablesVersioner can query the current iptables version.
+// IPTablesVersioner can query the current iptables version.
-type IptablesVersioner interface {
+type IPTablesVersioner interface {
 	// returns "X.Y.Z"
 	GetVersion() (string, error)
 }
@ -86,12 +86,12 @@ type KernelCompatTester interface {
 	IsCompatible() error
 }
-// CanUseIptablesProxier returns true if we should use the iptables Proxier
+// CanUseIPTablesProxier returns true if we should use the iptables Proxier
 // instead of the "classic" userspace Proxier.  This is determined by checking
 // the iptables version and for the existence of kernel features. It may return
 // an error if it fails to get the iptables version without error, in which
 // case it will also return false.
-func CanUseIptablesProxier(iptver IptablesVersioner, kcompat KernelCompatTester) (bool, error) {
+func CanUseIPTablesProxier(iptver IPTablesVersioner, kcompat KernelCompatTester) (bool, error) {
 	minVersion, err := semver.NewVersion(iptablesMinVersion)
 	if err != nil {
 		return false, err
@ -127,7 +127,7 @@ func (lkct LinuxKernelCompatTester) IsCompatible() error {
 }
 const sysctlRouteLocalnet = "net/ipv4/conf/all/route_localnet"
-const sysctlBridgeCallIptables = "net/bridge/bridge-nf-call-iptables"
+const sysctlBridgeCallIPTables = "net/bridge/bridge-nf-call-iptables"
 // internal struct for string service information
 type serviceInfo struct {
@ -211,7 +211,7 @@ func NewProxier(ipt utiliptables.Interface, sysctl utilsysctl.Interface, exec ut
 	// Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers
 	// are connected to a Linux bridge (but not SDN bridges).  Until most
 	// plugins handle this, log when config is missing
-	if val, err := sysctl.GetSysctl(sysctlBridgeCallIptables); err == nil && val != 1 {
+	if val, err := sysctl.GetSysctl(sysctlBridgeCallIPTables); err == nil && val != 1 {
 		glog.Infof("missing br-netfilter module or unset sysctl br-nf-call-iptables; proxy may not work as intended")
 	}
@ -639,7 +639,7 @@ func flattenValidEndpoints(endpoints []hostPortInfo) []string {
 // portProtoHash takes the ServicePortName and protocol for a service
 // returns the associated 16 character hash. This is computed by hashing (sha256)
-// then encoding to base32 and truncating to 16 chars. We do this because Iptables
+// then encoding to base32 and truncating to 16 chars. We do this because IPTables
 // Chain Names must be <= 28 chars long, and the longer they are the harder they are to read.
 func portProtoHash(s proxy.ServicePortName, protocol string) string {
 	hash := sha256.Sum256([]byte(s.String() + protocol))
@ -664,7 +664,7 @@ func serviceFirewallChainName(s proxy.ServicePortName, protocol string) utilipta
 // serviceLBPortChainName takes the ServicePortName for a service and
 // returns the associated iptables chain.  This is computed by hashing (sha256)
 // then encoding to base32 and truncating with the prefix "KUBE-XLB-".  We do
-// this because Iptables Chain Names must be <= 28 chars long, and the longer
+// this because IPTables Chain Names must be <= 28 chars long, and the longer
 // they are the harder they are to read.
 func serviceLBChainName(s proxy.ServicePortName, protocol string) utiliptables.Chain {
 	return utiliptables.Chain("KUBE-XLB-" + portProtoHash(s, protocol))
--- a/pkg/util/iptables/iptables.go
+++ b/pkg/util/iptables/iptables.go
@ -97,9 +97,9 @@ const (
 )
 const (
-	cmdIptablesSave    string = "iptables-save"
+	cmdIPTablesSave    string = "iptables-save"
-	cmdIptablesRestore string = "iptables-restore"
+	cmdIPTablesRestore string = "iptables-restore"
-	cmdIptables        string = "iptables"
+	cmdIPTables        string = "iptables"
 	cmdIp6tables       string = "ip6tables"
 )
@ -138,7 +138,7 @@ type runner struct {
 // New returns a new Interface which will exec iptables.
 func New(exec utilexec.Interface, dbus utildbus.Interface, protocol Protocol) Interface {
-	vstring, err := getIptablesVersionString(exec)
+	vstring, err := getIPTablesVersionString(exec)
 	if err != nil {
 		glog.Warningf("Error checking iptables version, assuming version at least %s: %v", MinCheckVersion, err)
 		vstring = MinCheckVersion
@ -147,8 +147,8 @@ func New(exec utilexec.Interface, dbus utildbus.Interface, protocol Protocol) In
 		exec:     exec,
 		dbus:     dbus,
 		protocol: protocol,
-		hasCheck: getIptablesHasCheckCommand(vstring),
+		hasCheck: getIPTablesHasCheckCommand(vstring),
-		waitFlag: getIptablesWaitFlag(vstring),
+		waitFlag: getIPTablesWaitFlag(vstring),
 	}
 	runner.connectToFirewallD()
 	return runner
@ -191,7 +191,7 @@ func (runner *runner) connectToFirewallD() {
 // GetVersion returns the version string.
 func (runner *runner) GetVersion() (string, error) {
-	return getIptablesVersionString(runner.exec)
+	return getIPTablesVersionString(runner.exec)
 }
 // EnsureChain is part of Interface.
@ -296,7 +296,7 @@ func (runner *runner) Save(table Table) ([]byte, error) {
 	// run and return
 	args := []string{"-t", string(table)}
 	glog.V(4).Infof("running iptables-save %v", args)
-	return runner.exec.Command(cmdIptablesSave, args...).CombinedOutput()
+	return runner.exec.Command(cmdIPTablesSave, args...).CombinedOutput()
 }
 // SaveAll is part of Interface.
@ -306,7 +306,7 @@ func (runner *runner) SaveAll() ([]byte, error) {
 	// run and return
 	glog.V(4).Infof("running iptables-save")
-	return runner.exec.Command(cmdIptablesSave, []string{}...).CombinedOutput()
+	return runner.exec.Command(cmdIPTablesSave, []string{}...).CombinedOutput()
 }
 // Restore is part of Interface.
@ -337,7 +337,7 @@ func (runner *runner) restoreInternal(args []string, data []byte, flush FlushFla
 	// run the command and return the output or an error including the output and error
 	glog.V(4).Infof("running iptables-restore %v", args)
-	cmd := runner.exec.Command(cmdIptablesRestore, args...)
+	cmd := runner.exec.Command(cmdIPTablesRestore, args...)
 	cmd.SetStdin(bytes.NewBuffer(data))
 	b, err := cmd.CombinedOutput()
 	if err != nil {
@ -350,7 +350,7 @@ func (runner *runner) iptablesCommand() string {
 	if runner.IsIpv6() {
 		return cmdIp6tables
 	} else {
-		return cmdIptables
+		return cmdIPTables
 	}
 }
@ -379,7 +379,7 @@ func (runner *runner) checkRule(table Table, chain Chain, args ...string) (bool,
 // of hack and half-measures.  We should nix this ASAP.
 func (runner *runner) checkRuleWithoutCheck(table Table, chain Chain, args ...string) (bool, error) {
 	glog.V(1).Infof("running iptables-save -t %s", string(table))
-	out, err := runner.exec.Command(cmdIptablesSave, "-t", string(table)).CombinedOutput()
+	out, err := runner.exec.Command(cmdIPTablesSave, "-t", string(table)).CombinedOutput()
 	if err != nil {
 		return false, fmt.Errorf("error checking rule: %v", err)
 	}
@ -453,7 +453,7 @@ func makeFullArgs(table Table, chain Chain, args ...string) []string {
 }
 // Checks if iptables has the "-C" flag
-func getIptablesHasCheckCommand(vstring string) bool {
+func getIPTablesHasCheckCommand(vstring string) bool {
 	minVersion, err := semver.NewVersion(MinCheckVersion)
 	if err != nil {
 		glog.Errorf("MinCheckVersion (%s) is not a valid version string: %v", MinCheckVersion, err)
@ -471,7 +471,7 @@ func getIptablesHasCheckCommand(vstring string) bool {
 }
 // Checks if iptables version has a "wait" flag
-func getIptablesWaitFlag(vstring string) []string {
+func getIPTablesWaitFlag(vstring string) []string {
 	version, err := semver.NewVersion(vstring)
 	if err != nil {
 		glog.Errorf("vstring (%s) is not a valid version string: %v", vstring, err)
@ -499,11 +499,11 @@ func getIptablesWaitFlag(vstring string) []string {
 	}
 }
-// getIptablesVersionString runs "iptables --version" to get the version string
+// getIPTablesVersionString runs "iptables --version" to get the version string
 // in the form "X.X.X"
-func getIptablesVersionString(exec utilexec.Interface) (string, error) {
+func getIPTablesVersionString(exec utilexec.Interface) (string, error) {
 	// this doesn't access mutable state so we don't need to use the interface / runner
-	bytes, err := exec.Command(cmdIptables, "--version").CombinedOutput()
+	bytes, err := exec.Command(cmdIPTables, "--version").CombinedOutput()
 	if err != nil {
 		return "", err
 	}
--- a/pkg/util/iptables/iptables_test.go
+++ b/pkg/util/iptables/iptables_test.go
@ -26,9 +26,9 @@ import (
 	"k8s.io/kubernetes/pkg/util/sets"
 )
-func getIptablesCommand(protocol Protocol) string {
+func getIPTablesCommand(protocol Protocol) string {
 	if protocol == ProtocolIpv4 {
-		return cmdIptables
+		return cmdIPTables
 	}
 	if protocol == ProtocolIpv6 {
 		return cmdIp6tables
@ -70,7 +70,7 @@ func testEnsureChain(t *testing.T, protocol Protocol) {
 	if fcmd.CombinedOutputCalls != 2 {
 		t.Errorf("expected 2 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
 	}
-	cmd := getIptablesCommand(protocol)
+	cmd := getIPTablesCommand(protocol)
 	if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll(cmd, "-t", "nat", "-N", "FOOBAR") {
 		t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[1])
 	}
@ -427,7 +427,7 @@ func TestDeleteRuleErrorCreating(t *testing.T) {
 	}
 }
-func TestGetIptablesHasCheckCommand(t *testing.T) {
+func TestGetIPTablesHasCheckCommand(t *testing.T) {
 	testCases := []struct {
 		Version  string
 		Err      bool
@ -451,12 +451,12 @@ func TestGetIptablesHasCheckCommand(t *testing.T) {
 				func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
 			},
 		}
-		version, err := getIptablesVersionString(&fexec)
+		version, err := getIPTablesVersionString(&fexec)
 		if (err != nil) != testCase.Err {
 			t.Errorf("Expected error: %v, Got error: %v", testCase.Err, err)
 		}
 		if err == nil {
-			check := getIptablesHasCheckCommand(version)
+			check := getIPTablesHasCheckCommand(version)
 			if testCase.Expected != check {
 				t.Errorf("Expected result: %v, Got result: %v", testCase.Expected, check)
 			}
@ -540,7 +540,7 @@ COMMIT
 	}
 }
-func TestIptablesWaitFlag(t *testing.T) {
+func TestIPTablesWaitFlag(t *testing.T) {
 	testCases := []struct {
 		Version string
 		Result  string
@ -556,7 +556,7 @@ func TestIptablesWaitFlag(t *testing.T) {
 	}
 	for _, testCase := range testCases {
-		result := getIptablesWaitFlag(testCase.Version)
+		result := getIPTablesWaitFlag(testCase.Version)
 		if strings.Join(result, "") != testCase.Result {
 			t.Errorf("For %s expected %v got %v", testCase.Version, testCase.Result, result)
 		}
--- a/test/e2e_node/environment/conformance.go
+++ b/test/e2e_node/environment/conformance.go
@ -195,7 +195,7 @@ const iptablesForwardRegexStr = `Chain FORWARD \(policy DROP\)`
 func firewall() error {
 	out, err := exec.Command("iptables", "-L", "INPUT").CombinedOutput()
 	if err != nil {
-		return printSuccess("Firewall Iptables Check %s: Could not run iptables", skipped)
+		return printSuccess("Firewall IPTables Check %s: Could not run iptables", skipped)
 	}
 	inputRegex, err := regexp.Compile(iptablesInputRegexStr)
 	if err != nil {
@ -203,13 +203,13 @@ func firewall() error {
 		panic(err)
 	}
 	if inputRegex.Match(out) {
-		return printError("Firewall Iptables Check %s: Found INPUT rule matching %s", failed, iptablesInputRegexStr)
+		return printError("Firewall IPTables Check %s: Found INPUT rule matching %s", failed, iptablesInputRegexStr)
 	}
 	// Check GCE forward rules
 	out, err = exec.Command("iptables", "-L", "FORWARD").CombinedOutput()
 	if err != nil {
-		return printSuccess("Firewall Iptables Check %s: Could not run iptables", skipped)
+		return printSuccess("Firewall IPTables Check %s: Could not run iptables", skipped)
 	}
 	forwardRegex, err := regexp.Compile(iptablesForwardRegexStr)
 	if err != nil {
@ -217,10 +217,10 @@ func firewall() error {
 		panic(err)
 	}
 	if forwardRegex.Match(out) {
-		return printError("Firewall Iptables Check %s: Found FORWARD rule matching %s", failed, iptablesInputRegexStr)
+		return printError("Firewall IPTables Check %s: Found FORWARD rule matching %s", failed, iptablesInputRegexStr)
 	}
-	return printSuccess("Firewall Iptables Check %s", success)
+	return printSuccess("Firewall IPTables Check %s", success)
 }
 // daemons checks that the required node programs are running: kubelet, kube-proxy, and docker