Define a constant for kube-system

antrea-io · Dec 18, 2020 · 470dc8e · 470dc8e
1 parent e91c270
commit 470dc8e
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/pkg/controller/networkpolicy/validate.go b/pkg/controller/networkpolicy/validate.go
@@ -69,6 +69,8 @@ var (
 	reservedTierNames = sets.NewString("baseline", "application", "platform", "networkops", "securityops", "emergency")
 )
 
+const defaultControllerNamespace = "kube-system"
+
 // RegisterAntreaPolicyValidator registers an Antrea-native policy validator
 // to the resource registry. A new validator must be registered by calling
 // this function before the Run phase of the APIServer.
@@ -412,13 +414,13 @@ func (t *tierValidator) updateValidate(curObj, oldObj interface{}, userInfo auth
 	curTier := curObj.(*secv1alpha1.Tier)
 	oldTier := oldObj.(*secv1alpha1.Tier)
 	// Retrieve antrea-controller's Namespace
-	ns := env.GetPodNamespace()
-	if ns == "" {
+	namespace := env.GetPodNamespace()
+	if namespace == "" {
 		// antrea-controller by default is created in the kube-system Namespace
-		ns = "kube-system"
+		namespace = defaultControllerNamespace
 	}
 	// Allow exception of Tier Priority updates performed by the antrea-controller
-	if serviceaccount.MatchesUsername(ns, env.GetAntreaControllerServiceAccount(), userInfo.Username) {
+	if serviceaccount.MatchesUsername(namespace, env.GetAntreaControllerServiceAccount(), userInfo.Username) {
 		return "", true
 	}
 	if curTier.Spec.Priority != oldTier.Spec.Priority {

diff --git a/pkg/util/env/env.go b/pkg/util/env/env.go
@@ -67,7 +67,7 @@ func GetPodNamespace() string {
 	return podNamespace
 }
 
-// GetAntreaControllerServiceAccountName returns the ServiceAccount's name associated with antrea-controller.
+// GetAntreaControllerServiceAccountName returns the ServiceAccount name associated with antrea-controller.
 func GetAntreaControllerServiceAccount() string {
 	svcAcctName := os.Getenv(svcAcctNameEnvKey)
 	if svcAcctName == "" {