mirror of https://github.com/k3s-io/k3s
Spell check upstream code
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>pull/2896/head
Brad Davidson
Brad Davidson
parent
29483d0651
commit
95a1a86847
|
|
@ -41,7 +41,7 @@ const (
|
||||||
// filter table a rule is added to jump the traffic originating (in case of egress network policy) from the pod
|
// filter table a rule is added to jump the traffic originating (in case of egress network policy) from the pod
|
||||||
// or destined (in case of ingress network policy) to the pod specific iptables chain. Each
|
// or destined (in case of ingress network policy) to the pod specific iptables chain. Each
|
||||||
// pod specific iptables chain has rules to jump to the network polices chains, that pod matches. So packet
|
// pod specific iptables chain has rules to jump to the network polices chains, that pod matches. So packet
|
||||||
// originating/destined from/to pod goes through fitler table's, FORWARD chain, followed by pod specific chain,
|
// originating/destined from/to pod goes through filter table's, FORWARD chain, followed by pod specific chain,
|
||||||
// followed by one or more network policy chains, till there is a match which will accept the packet, or gets
|
// followed by one or more network policy chains, till there is a match which will accept the packet, or gets
|
||||||
// dropped by the rule in the pod chain, if there is no match.
|
// dropped by the rule in the pod chain, if there is no match.
|
||||||
|
|
||||||
|
|
@ -130,7 +130,7 @@ type numericPort2eps map[string]*endPoints
|
||||||
type protocol2eps map[string]numericPort2eps
|
type protocol2eps map[string]numericPort2eps
|
||||||
type namedPort2eps map[string]protocol2eps
|
type namedPort2eps map[string]protocol2eps
|
||||||
|
|
||||||
// Run runs forver till we receive notification on stopCh
|
// Run runs forever till we receive notification on stopCh
|
||||||
func (npc *NetworkPolicyController) Run(healthChan chan<- *healthcheck.ControllerHeartbeat, stopCh <-chan struct{}, wg *sync.WaitGroup) {
|
func (npc *NetworkPolicyController) Run(healthChan chan<- *healthcheck.ControllerHeartbeat, stopCh <-chan struct{}, wg *sync.WaitGroup) {
|
||||||
t := time.NewTicker(npc.syncPeriod)
|
t := time.NewTicker(npc.syncPeriod)
|
||||||
defer t.Stop()
|
defer t.Stop()
|
||||||
|
|
@ -500,7 +500,7 @@ func (npc *NetworkPolicyController) Cleanup() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: need a better way to delte rule with out using number
|
// TODO: need a better way to delete rule with out using number
|
||||||
var realRuleNo int
|
var realRuleNo int
|
||||||
for i, rule := range forwardChainRules {
|
for i, rule := range forwardChainRules {
|
||||||
if strings.Contains(rule, kubePodFirewallChainPrefix) {
|
if strings.Contains(rule, kubePodFirewallChainPrefix) {
|
||||||
|
|
@ -519,7 +519,7 @@ func (npc *NetworkPolicyController) Cleanup() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: need a better way to delte rule with out using number
|
// TODO: need a better way to delete rule with out using number
|
||||||
realRuleNo = 0
|
realRuleNo = 0
|
||||||
for i, rule := range forwardChainRules {
|
for i, rule := range forwardChainRules {
|
||||||
if strings.Contains(rule, kubePodFirewallChainPrefix) {
|
if strings.Contains(rule, kubePodFirewallChainPrefix) {
|
||||||
|
|
|
||||||
|
|
@ -102,7 +102,7 @@ func (npc *NetworkPolicyController) syncPodFirewallChains(networkPoliciesInfo []
|
||||||
for _, pod := range *ingressNetworkPolicyEnabledPods {
|
for _, pod := range *ingressNetworkPolicyEnabledPods {
|
||||||
|
|
||||||
// below condition occurs when we get trasient update while removing or adding pod
|
// below condition occurs when we get trasient update while removing or adding pod
|
||||||
// subseqent update will do the correct action
|
// subsequent update will do the correct action
|
||||||
if len(pod.ip) == 0 || pod.ip == "" {
|
if len(pod.ip) == 0 || pod.ip == "" {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
@ -223,7 +223,7 @@ func (npc *NetworkPolicyController) syncPodFirewallChains(networkPoliciesInfo []
|
||||||
for _, pod := range *egressNetworkPolicyEnabledPods {
|
for _, pod := range *egressNetworkPolicyEnabledPods {
|
||||||
|
|
||||||
// below condition occurs when we get trasient update while removing or adding pod
|
// below condition occurs when we get trasient update while removing or adding pod
|
||||||
// subseqent update will do the correct action
|
// subsequent update will do the correct action
|
||||||
if len(pod.ip) == 0 || pod.ip == "" {
|
if len(pod.ip) == 0 || pod.ip == "" {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,7 @@ const (
|
||||||
|
|
||||||
// DefaultMaxElem Default OptionMaxElem value.
|
// DefaultMaxElem Default OptionMaxElem value.
|
||||||
DefaultMaxElem = "65536"
|
DefaultMaxElem = "65536"
|
||||||
// DefaultHasSize Defaul OptionHashSize value.
|
// DefaultHasSize Default OptionHashSize value.
|
||||||
DefaultHasSize = "1024"
|
DefaultHasSize = "1024"
|
||||||
|
|
||||||
// TypeHashIP The hash:ip set type uses a hash to store IP host addresses (default) or network addresses. Zero valued IP address cannot be stored in a hash:ip type of set.
|
// TypeHashIP The hash:ip set type uses a hash to store IP host addresses (default) or network addresses. Zero valued IP address cannot be stored in a hash:ip type of set.
|
||||||
|
|
@ -86,7 +86,7 @@ type IPSet struct {
|
||||||
isIpv6 bool
|
isIpv6 bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set reprensent a ipset set entry.
|
// Set represent a ipset set entry.
|
||||||
type Set struct {
|
type Set struct {
|
||||||
Parent *IPSet
|
Parent *IPSet
|
||||||
Name string
|
Name string
|
||||||
|
|
@ -281,7 +281,7 @@ func (entry *Entry) Del() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Test wether an entry is in a set or not. Exit status number is zero if the
|
// Test whether an entry is in a set or not. Exit status number is zero if the
|
||||||
// tested entry is in the set and nonzero if it is missing from the set.
|
// tested entry is in the set and nonzero if it is missing from the set.
|
||||||
func (set *Set) Test(testOptions ...string) (bool, error) {
|
func (set *Set) Test(testOptions ...string) (bool, error) {
|
||||||
_, err := set.Parent.run(append([]string{"test", set.name()}, testOptions...)...)
|
_, err := set.Parent.run(append([]string{"test", set.name()}, testOptions...)...)
|
||||||
|
|
@ -412,7 +412,7 @@ func (ipset *IPSet) Save() error {
|
||||||
// stdin. Please note, existing sets and elements are not erased by restore
|
// stdin. Please note, existing sets and elements are not erased by restore
|
||||||
// unless specified so in the restore file. All commands are allowed in restore
|
// unless specified so in the restore file. All commands are allowed in restore
|
||||||
// mode except list, help, version, interactive mode and restore itself.
|
// mode except list, help, version, interactive mode and restore itself.
|
||||||
// Send formated ipset.sets into stdin of "ipset restore" command.
|
// Send formatted ipset.sets into stdin of "ipset restore" command.
|
||||||
func (ipset *IPSet) Restore() error {
|
func (ipset *IPSet) Restore() error {
|
||||||
stdin := bytes.NewBufferString(buildIPSetRestore(ipset))
|
stdin := bytes.NewBufferString(buildIPSetRestore(ipset))
|
||||||
_, err := ipset.runWithStdin(stdin, "restore", "-exist")
|
_, err := ipset.runWithStdin(stdin, "restore", "-exist")
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue