From 7cc0110081a64dcff28042207cdb9ffde7a06aab Mon Sep 17 00:00:00 2001 From: yuzhiquan Date: Thu, 28 Nov 2019 19:24:19 +0800 Subject: [PATCH 1/2] fix typo --- pkg/agent/containerd/containerd.go | 4 ++-- pkg/agent/netpol/network_policy_controller.go | 22 +++++++++---------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/pkg/agent/containerd/containerd.go b/pkg/agent/containerd/containerd.go index 9d40462a79..fe829ed6ba 100644 --- a/pkg/agent/containerd/containerd.go +++ b/pkg/agent/containerd/containerd.go @@ -76,13 +76,13 @@ func Run(ctx context.Context, cfg *config.Node) error { }() for { - addr, dailer, err := util.GetAddressAndDialer("unix://" + cfg.Containerd.Address) + addr, dialer, err := util.GetAddressAndDialer("unix://" + cfg.Containerd.Address) if err != nil { time.Sleep(1 * time.Second) continue } - conn, err := grpc.Dial(addr, grpc.WithInsecure(), grpc.WithTimeout(3*time.Second), grpc.WithDialer(dailer), grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize))) + conn, err := grpc.Dial(addr, grpc.WithInsecure(), grpc.WithTimeout(3*time.Second), grpc.WithDialer(dialer), grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize))) if err != nil { time.Sleep(1 * time.Second) continue diff --git a/pkg/agent/netpol/network_policy_controller.go b/pkg/agent/netpol/network_policy_controller.go index ae35bb1c58..ade765529b 100644 --- a/pkg/agent/netpol/network_policy_controller.go +++ b/pkg/agent/netpol/network_policy_controller.go @@ -49,11 +49,11 @@ const ( // filter table a rule is added to jump the traffic originating (in case of egress network policy) from the pod // or destined (in case of ingress network policy) to the pod specific iptables chain. Each // pod specific iptables chain has rules to jump to the network polices chains, that pod matches. So packet -// originating/destined from/to pod goes through fitler table's, FORWARD chain, followed by pod specific chain, +// originating/destined from/to pod goes through filter table's, FORWARD chain, followed by pod specific chain, // followed by one or more network policy chains, till there is a match which will accept the packet, or gets // dropped by the rule in the pod chain, if there is no match. -// NetworkPolicyController strcut to hold information required by NetworkPolicyController +// NetworkPolicyController struct to hold information required by NetworkPolicyController type NetworkPolicyController struct { nodeIP net.IP nodeHostName string @@ -138,7 +138,7 @@ type numericPort2eps map[string]*endPoints type protocol2eps map[string]numericPort2eps type namedPort2eps map[string]protocol2eps -// Run runs forver till we receive notification on stopCh +// Run runs forever till we receive notification on stopCh func (npc *NetworkPolicyController) Run(stopCh <-chan struct{}) { t := time.NewTicker(npc.syncPeriod) defer t.Stop() @@ -320,16 +320,16 @@ func (npc *NetworkPolicyController) syncNetworkPolicyChains(version string) (map activePolicyIPSets[targetDestPodIPSet.Name] = true activePolicyIPSets[targetSourcePodIPSet.Name] = true - currnetPodIPs := make([]string, 0, len(policy.targetPods)) + currentPodIPs := make([]string, 0, len(policy.targetPods)) for ip := range policy.targetPods { - currnetPodIPs = append(currnetPodIPs, ip) + currentPodIPs = append(currentPodIPs, ip) } - err = targetSourcePodIPSet.Refresh(currnetPodIPs, OptionTimeout, "0") + err = targetSourcePodIPSet.Refresh(currentPodIPs, OptionTimeout, "0") if err != nil { log.Errorf("failed to refresh targetSourcePodIPSet: " + err.Error()) } - err = targetDestPodIPSet.Refresh(currnetPodIPs, OptionTimeout, "0") + err = targetDestPodIPSet.Refresh(currentPodIPs, OptionTimeout, "0") if err != nil { log.Errorf("failed to refresh targetDestPodIPSet: " + err.Error()) } @@ -463,7 +463,7 @@ func (npc *NetworkPolicyController) processIngressRules(policy networkPolicyInfo } } - // case where nether ports nor from details are speified in the ingress rule + // case where nether ports nor from details are specified in the ingress rule // so match on all ports, protocol, source IP's if ingressRule.matchAllSource && ingressRule.matchAllPorts { comment := "rule to ACCEPT traffic from all sources to dest pods selected by policy name: " + @@ -621,7 +621,7 @@ func (npc *NetworkPolicyController) processEgressRules(policy networkPolicyInfo, } } - // case where nether ports nor from details are speified in the egress rule + // case where nether ports nor from details are specified in the egress rule // so match on all ports, protocol, source IP's if egressRule.matchAllDestinations && egressRule.matchAllPorts { comment := "rule to ACCEPT traffic from source pods to all destinations selected by policy name: " + @@ -808,7 +808,7 @@ func (npc *NetworkPolicyController) syncPodFirewallChains(version string) (map[s return nil, fmt.Errorf("Failed to run iptables command: %s", err.Error()) } - // ensure statefull firewall, that permits return traffic for the traffic originated by the pod + // ensure stateful firewall, that permits return traffic for the traffic originated by the pod comment = "rule for stateful firewall for pod" args = []string{"-m", "comment", "--comment", comment, "-m", "conntrack", "--ctstate", "RELATED,ESTABLISHED", "-j", "ACCEPT"} exists, err = iptablesCmdHandler.Exists("filter", podFwChainName, args...) @@ -906,7 +906,7 @@ func (npc *NetworkPolicyController) syncPodFirewallChains(version string) (map[s return nil, fmt.Errorf("Failed to run iptables command: %s", err.Error()) } - // ensure statefull firewall, that permits return traffic for the traffic originated by the pod + // ensure stateful firewall, that permits return traffic for the traffic originated by the pod comment = "rule for stateful firewall for pod" args = []string{"-m", "comment", "--comment", comment, "-m", "conntrack", "--ctstate", "RELATED,ESTABLISHED", "-j", "ACCEPT"} exists, err = iptablesCmdHandler.Exists("filter", podFwChainName, args...) From 24869ddf2128da458338d18842cddb58d849ecfd Mon Sep 17 00:00:00 2001 From: yuzhiquan Date: Thu, 28 Nov 2019 19:26:45 +0800 Subject: [PATCH 2/2] remove []byte trans, handle func error --- pkg/agent/containerd/containerd.go | 2 +- pkg/agent/netpol/utils.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/agent/containerd/containerd.go b/pkg/agent/containerd/containerd.go index fe829ed6ba..9c71e88f0a 100644 --- a/pkg/agent/containerd/containerd.go +++ b/pkg/agent/containerd/containerd.go @@ -197,7 +197,7 @@ func getPrivateRegistries(ctx context.Context, cfg *config.Node) (*templates.Reg return nil, err } logrus.Infof("Using registry config file at %s", cfg.AgentConfig.PrivateRegistry) - if err := yaml.Unmarshal([]byte(privRegistryFile), &privRegistries); err != nil { + if err := yaml.Unmarshal(privRegistryFile, &privRegistries); err != nil { return nil, err } return privRegistries, nil diff --git a/pkg/agent/netpol/utils.go b/pkg/agent/netpol/utils.go index 74980890f9..c4c7a48950 100644 --- a/pkg/agent/netpol/utils.go +++ b/pkg/agent/netpol/utils.go @@ -246,8 +246,8 @@ func (entry *Entry) Del() error { if err != nil { return err } - entry.Set.Parent.Save() - return nil + + return entry.Set.Parent.Save() } // Test wether an entry is in a set or not. Exit status number is zero if the