cloudnativelabs · murali-reddy · Feb 9, 2019 · Feb 7, 2019
diff --git a/docs/user-guide.md b/docs/user-guide.md
@@ -52,7 +52,7 @@ Usage of kube-router:
       --enable-overlay                   When enable-overlay set to true, IP-in-IP tunneling is used for pod-to-pod networking across nodes in different subnets. When set to false no tunneling is used and routing infrastrcture is expected to route traffic for pod-to-pod networking across nodes in different subnets (default true)
       --enable-pod-egress                SNAT traffic from Pods to destinations outside the cluster. (default true)
       --enable-pprof                     Enables pprof for debugging performance and memory leak issues.
-      --hairpin-mode                     Add iptable rules for every Service Endpoint to support hairpin traffic.
+      --hairpin-mode                     Add iptables rules for every Service Endpoint to support hairpin traffic.
       --health-port uint16               Health check port, 0 = Disabled (default 20244)
   -h, --help                             Print usage information.
       --hostname-override string         Overrides the NodeName of the node. Set this if kube-router is unable to determine your NodeName automatically.

diff --git a/pkg/controllers/netpol/network_policy_controller.go b/pkg/controllers/netpol/network_policy_controller.go
@@ -40,11 +40,11 @@ const (
 
 // Network policy controller provides both ingress and egress filtering for the pods as per the defined network
 // policies. Two different types of iptables chains are used. Each pod running on the node which either
-// requires ingress or egress filtering gets a pod specific chains. Each network policy has a iptable chain, which
+// requires ingress or egress filtering gets a pod specific chains. Each network policy has a iptables chain, which
 // has rules expressed through ipsets matching source and destination pod ip's. In the FORWARD chain of the
 // filter table a rule is added to jump the traffic originating (in case of egress network policy) from the pod
-// or destined (in case of ingress network policy) to the pod specific iptable chain. Each
-// pod specific iptable chain has rules to jump to the network polices chains, that pod matches. So packet
+// or destined (in case of ingress network policy) to the pod specific iptables chain. Each
+// pod specific iptables chain has rules to jump to the network polices chains, that pod matches. So packet
 // originating/destined from/to pod goes through fitler table's, FORWARD chain, followed by pod specific chain,
 // followed by one or more network policy chains, till there is a match which will accept the packet, or gets
 // dropped by the rule in the pod chain, if there is no match.
@@ -257,13 +257,13 @@ func (npc *NetworkPolicyController) Sync() error {
 
 	err = cleanupStaleRules(activePolicyChains, activePodFwChains, activePolicyIpSets)
 	if err != nil {
-		return errors.New("Aborting sync. Failed to cleanup stale iptable rules: " + err.Error())
+		return errors.New("Aborting sync. Failed to cleanup stale iptables rules: " + err.Error())
 	}
 
 	return nil
 }
 
-// Configure iptable rules representing each network policy. All pod's matched by
+// Configure iptables rules representing each network policy. All pod's matched by
 // network policy spec podselector labels are grouped together in one ipset which
 // is used for matching destination ip address. Each ingress rule in the network
 // policyspec is evaluated to set of matching pods, which are grouped in to a
@@ -358,7 +358,7 @@ func (npc *NetworkPolicyController) processIngressRules(policy networkPolicyInfo
 
 	policyChainName := networkPolicyChainName(policy.namespace, policy.name, version)
 
-	// run through all the ingress rules in the spec and create iptable rules
+	// run through all the ingress rules in the spec and create iptables rules
 	// in the chain for the network policy
 	for i, ingressRule := range policy.ingressRules {
 
@@ -521,7 +521,7 @@ func (npc *NetworkPolicyController) processEgressRules(policy networkPolicyInfo,
 
 	policyChainName := networkPolicyChainName(policy.namespace, policy.name, version)
 
-	// run through all the egress rules in the spec and create iptable rules
+	// run through all the egress rules in the spec and create iptables rules
 	// in the chain for the network policy
 	for i, egressRule := range policy.egressRules {
 
@@ -1460,7 +1460,7 @@ func (npc *NetworkPolicyController) Cleanup() {
 	// delete jump rules in FORWARD chain to pod specific firewall chain
 	forwardChainRules, err := iptablesCmdHandler.List("filter", "FORWARD")
 	if err != nil {
-		glog.Errorf("Failed to delete iptable rules as part of cleanup")
+		glog.Errorf("Failed to delete iptables rules as part of cleanup")
 		return
 	}
 
@@ -1476,7 +1476,7 @@ func (npc *NetworkPolicyController) Cleanup() {
 	// delete jump rules in OUTPUT chain to pod specific firewall chain
 	forwardChainRules, err = iptablesCmdHandler.List("filter", "OUTPUT")
 	if err != nil {
-		glog.Errorf("Failed to delete iptable rules as part of cleanup")
+		glog.Errorf("Failed to delete iptables rules as part of cleanup")
 		return
 	}
 
@@ -1495,12 +1495,12 @@ func (npc *NetworkPolicyController) Cleanup() {
 		if strings.HasPrefix(chain, kubePodFirewallChainPrefix) {
 			err = iptablesCmdHandler.ClearChain("filter", chain)
 			if err != nil {
-				glog.Errorf("Failed to cleanup iptable rules: " + err.Error())
+				glog.Errorf("Failed to cleanup iptables rules: " + err.Error())
 				return
 			}
 			err = iptablesCmdHandler.DeleteChain("filter", chain)
 			if err != nil {
-				glog.Errorf("Failed to cleanup iptable rules: " + err.Error())
+				glog.Errorf("Failed to cleanup iptables rules: " + err.Error())
 				return
 			}
 		}
@@ -1512,12 +1512,12 @@ func (npc *NetworkPolicyController) Cleanup() {
 		if strings.HasPrefix(chain, kubeNetworkPolicyChainPrefix) {
 			err = iptablesCmdHandler.ClearChain("filter", chain)
 			if err != nil {
-				glog.Errorf("Failed to cleanup iptable rules: " + err.Error())
+				glog.Errorf("Failed to cleanup iptables rules: " + err.Error())
 				return
 			}
 			err = iptablesCmdHandler.DeleteChain("filter", chain)
 			if err != nil {
-				glog.Errorf("Failed to cleanup iptable rules: " + err.Error())
+				glog.Errorf("Failed to cleanup iptables rules: " + err.Error())
 				return
 			}
 		}

diff --git a/pkg/controllers/proxy/network_services_controller.go b/pkg/controllers/proxy/network_services_controller.go
@@ -277,10 +277,10 @@ func (nsc *NetworkServicesController) Run(healthChan chan<- *healthcheck.Control
 
 	glog.Infof("Starting network services controller")
 
-	// enable masquerad rule
 	err := ensureMasqueradeIptablesRule(nsc.masqueradeAll, nsc.podCidr)
+	// enable masquerade rule
 	if err != nil {
-		return errors.New("Failed to do add masquerad rule in POSTROUTING chain of nat table due to: %s" + err.Error())
+		return errors.New("Failed to do add masquerade rule in POSTROUTING chain of nat table due to: %s" + err.Error())
 	}
 	// https://www.kernel.org/doc/Documentation/networking/ipvs-sysctl.txt
 	// enable ipvs connection tracking
@@ -362,17 +362,17 @@ func (nsc *NetworkServicesController) sync() error {
 	nsc.mu.Lock()
 	defer nsc.mu.Unlock()
 
-	// enable masquerad rule
 	err = ensureMasqueradeIptablesRule(nsc.masqueradeAll, nsc.podCidr)
+	// enable masquerade rule
 	if err != nil {
-		glog.Errorf("Failed to do add masquerad rule in POSTROUTING chain of nat table due to: %s", err.Error())
+		glog.Errorf("Failed to do add masquerade rule in POSTROUTING chain of nat table due to: %s", err.Error())
 	}
 
 	nsc.serviceMap = nsc.buildServicesInfo()
 	nsc.endpointsMap = nsc.buildEndpointsInfo()
 	err = nsc.syncHairpinIptablesRules()
 	if err != nil {
-		glog.Errorf("Error syncing hairpin iptable rules: %s", err.Error())
+		glog.Errorf("Error syncing hairpin iptables rules: %s", err.Error())
 	}
 
 	err = nsc.syncIpvsServices(nsc.serviceMap, nsc.endpointsMap)
@@ -931,7 +931,7 @@ func (nsc *NetworkServicesController) syncIpvsServices(serviceInfoMap serviceInf
 				fwMark := generateFwmark(externalIP, svc.protocol, strconv.Itoa(svc.port))
 				externalIpServiceId = fmt.Sprint(fwMark)
 
-				// ensure there is iptable mangle table rule to FWMARK the packet
+				// ensure there is iptables mangle table rule to FWMARK the packet
 				err = setupMangleTableRule(externalIP, svc.protocol, strconv.Itoa(svc.port), externalIpServiceId)
 				if err != nil {
 					glog.Errorf("Failed to setup mangle table rule to FMWARD the traffic to external IP")
@@ -964,7 +964,7 @@ func (nsc *NetworkServicesController) syncIpvsServices(serviceInfoMap serviceInf
 				externalIpServices = append(externalIpServices, externalIPService{ipvsSvc: ipvsExternalIPSvc, externalIp: externalIP})
 				externalIpServiceId = generateIpPortId(externalIP, svc.protocol, strconv.Itoa(svc.port))
 
-				// ensure there is NO iptable mangle table rule to FWMARK the packet
+				// ensure there is NO iptables mangle table rule to FWMARK the packet
 				fwMark := fmt.Sprint(generateFwmark(externalIP, svc.protocol, strconv.Itoa(svc.port)))
 				err = nsc.ln.cleanupMangleTableRule(externalIP, svc.protocol, strconv.Itoa(svc.port), fwMark)
 				if err != nil {
@@ -1157,7 +1157,7 @@ func (nsc *NetworkServicesController) syncIpvsServices(serviceInfoMap serviceInf
 
 	err = nsc.syncIpvsFirewall()
 	if err != nil {
-		glog.Errorf("Error syncing ipvs svc iptable rules: %s", err.Error())
+		glog.Errorf("Error syncing ipvs svc iptables rules: %s", err.Error())
 	}
 
 	glog.V(1).Info("IPVS servers and services are synced to desired state")
@@ -1471,7 +1471,7 @@ func (nsc *NetworkServicesController) buildEndpointsInfo() endpointsInfoMap {
 	return endpointsMap
 }
 
-// Add an iptable rule to masquerad outbound IPVS traffic. IPVS nat requires that reverse path traffic
+// Add an iptables rule to masquerade outbound IPVS traffic. IPVS nat requires that reverse path traffic
 // to go through the director for its functioning. So the masquerade rule ensures source IP is modifed
 // to node ip, so return traffic from real server (endpoint pods) hits the node/lvs director
 func ensureMasqueradeIptablesRule(masqueradeAll bool, podCidr string) error {
@@ -1496,7 +1496,7 @@ func ensureMasqueradeIptablesRule(masqueradeAll bool, podCidr string) error {
 			return errors.New("Failed to run iptables command" + err.Error())
 		}
 	}
-	glog.V(2).Info("Successfully synced iptables masquerad rule")
+	glog.V(2).Info("Successfully synced iptables masquerade rule")
 	return nil
 }
 
@@ -1668,7 +1668,7 @@ func deleteHairpinIptablesRules() error {
 	jumpArgs := []string{"-m", "ipvs", "--vdir", "ORIGINAL", "-j", hairpinChain}
 	hasHairpinJumpRule, err := iptablesCmdHandler.Exists("nat", "POSTROUTING", jumpArgs...)
 	if err != nil {
-		return errors.New("Failed to search POSTROUTING iptable rules: " + err.Error())
+		return errors.New("Failed to search POSTROUTING iptables rules: " + err.Error())
 	}
 
 	// Delete the jump rule to the hairpin chain
@@ -1702,7 +1702,7 @@ func deleteMasqueradeIptablesRule() error {
 	}
 	postRoutingChainRules, err := iptablesCmdHandler.List("nat", "POSTROUTING")
 	if err != nil {
-		return errors.New("Failed to list iptable rules in POSTROUTING chain in nat table" + err.Error())
+		return errors.New("Failed to list iptables rules in POSTROUTING chain in nat table" + err.Error())
 	}
 	for i, rule := range postRoutingChainRules {
 		if strings.Contains(rule, "ipvs") && strings.Contains(rule, "MASQUERADE") {
@@ -2003,7 +2003,7 @@ const (
 	externalIPRouteTableName = "external_ip"
 )
 
-// setupMangleTableRule: setsup iptable rule to FWMARK the traffic to exteranl IP vip
+// setupMangleTableRule: setsup iptables rule to FWMARK the traffic to exteranl IP vip
 func setupMangleTableRule(ip string, protocol string, port string, fwmark string) error {
 	iptablesCmdHandler, err := iptables.New()
 	if err != nil {
@@ -2250,17 +2250,17 @@ func (nsc *NetworkServicesController) Cleanup() {
 
 	handle.Close()
 
-	// cleanup iptable masquerad rule
+	// cleanup iptables masquerade rule
 	err = deleteMasqueradeIptablesRule()
 	if err != nil {
-		glog.Errorf("Failed to cleanup iptable masquerade rule due to: %s", err.Error())
+		glog.Errorf("Failed to cleanup iptablesmasquerade rule due to: %s", err.Error())
 		return
 	}
 
-	// cleanup iptable hairpin rules
+	// cleanup iptables hairpin rules
 	err = deleteHairpinIptablesRules()
 	if err != nil {
-		glog.Errorf("Failed to cleanup iptable hairpin rules: %s", err.Error())
+		glog.Errorf("Failed to cleanup iptables hairpin rules: %s", err.Error())
 		return
 	}
 

diff --git a/pkg/controllers/routing/network_routes_controller.go b/pkg/controllers/routing/network_routes_controller.go
@@ -517,12 +517,12 @@ func (nrc *NetworkRoutingController) Cleanup() {
 	// Pod egress cleanup
 	err := nrc.deletePodEgressRule()
 	if err != nil {
-		glog.Warningf("Error deleting Pod egress iptable rule: %s", err.Error())
+		glog.Warningf("Error deleting Pod egress iptables rule: %s", err.Error())
 	}
 
 	err = nrc.deleteBadPodEgressRules()
 	if err != nil {
-		glog.Warningf("Error deleting Pod egress iptable rule: %s", err.Error())
+		glog.Warningf("Error deleting Pod egress iptables rule: %s", err.Error())
 	}
 
 	// delete all ipsets created by kube-router
@@ -607,7 +607,7 @@ func (nrc *NetworkRoutingController) newIptablesCmdHandler() (*iptables.IPTables
 }
 
 // ensure there is rule in filter table and FORWARD chain to permit in/out traffic from pods
-// this rules will be appended so that any iptable rules for network policies will take
+// this rules will be appended so that any iptables rules for network policies will take
 // precedence
 func (nrc *NetworkRoutingController) enableForwarding() error {
 

diff --git a/pkg/controllers/routing/pod_egress.go b/pkg/controllers/routing/pod_egress.go
@@ -7,7 +7,7 @@ import (
 	"github.com/golang/glog"
 )
 
-// set up MASQUERADE rule so that egress traffic from the pods gets masquraded to node's IP
+// set up MASQUERADE rule so that egress traffic from the pods gets masqueraded to node's IP
 
 var (
 	podEgressArgs4 = []string{"-m", "set", "--match-set", podSubnetsIPSetName, "src",
@@ -38,12 +38,12 @@ func (nrc *NetworkRoutingController) createPodEgressRule() error {
 	}
 	err = iptablesCmdHandler.AppendUnique("nat", "POSTROUTING", podEgressArgs...)
 	if err != nil {
-		return errors.New("Failed to add iptable rule to masqurade outbound traffic from pods: " +
+		return errors.New("Failed to add iptables rule to masquerade outbound traffic from pods: " +
 			err.Error() + "External connectivity will not work.")
 
 	}
 
-	glog.V(1).Infof("Added iptables rule to masqurade outbound traffic from pods.")
+	glog.V(1).Infof("Added iptables rule to masquerade outbound traffic from pods.")
 	return nil
 }
 
@@ -59,16 +59,16 @@ func (nrc *NetworkRoutingController) deletePodEgressRule() error {
 	}
 	exists, err := iptablesCmdHandler.Exists("nat", "POSTROUTING", podEgressArgs...)
 	if err != nil {
-		return errors.New("Failed to lookup iptable rule to masqurade outbound traffic from pods: " + err.Error())
+		return errors.New("Failed to lookup iptables rule to masquerade outbound traffic from pods: " + err.Error())
 	}
 
 	if exists {
 		err = iptablesCmdHandler.Delete("nat", "POSTROUTING", podEgressArgs...)
 		if err != nil {
-			return errors.New("Failed to delete iptable rule to masqurade outbound traffic from pods: " +
+			return errors.New("Failed to delete iptables rule to masquerade outbound traffic from pods: " +
 				err.Error() + ". Pod egress might still work...")
 		}
-		glog.Infof("Deleted iptables rule to masqurade outbound traffic from pods.")
+		glog.Infof("Deleted iptables rule to masquerade outbound traffic from pods.")
 	}
 
 	return nil
@@ -92,12 +92,12 @@ func (nrc *NetworkRoutingController) deleteBadPodEgressRules() error {
 		if exists {
 			err = iptablesCmdHandler.Delete("nat", "POSTROUTING", args...)
 			if err != nil {
-				return fmt.Errorf("Failed to delete old/bad iptable rule to "+
-					"masqurade outbound traffic from pods: %s.\n"+
+				return fmt.Errorf("Failed to delete old/bad iptables rule to "+
+					"masquerade outbound traffic from pods: %s.\n"+
 					"Pod egress might still work, or bugs may persist after upgrade...",
 					err)
 			}
-			glog.Infof("Deleted old/bad iptables rule to masqurade outbound traffic from pods.")
+			glog.Infof("Deleted old/bad iptables rule to masquerade outbound traffic from pods.")
 		}
 	}
 

diff --git a/pkg/options/options.go b/pkg/options/options.go
@@ -130,7 +130,7 @@ func (s *KubeRouterConfig) AddFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&s.HostnameOverride, "hostname-override", s.HostnameOverride,
 		"Overrides the NodeName of the node. Set this if kube-router is unable to determine your NodeName automatically.")
 	fs.BoolVar(&s.GlobalHairpinMode, "hairpin-mode", false,
-		"Add iptable rules for every Service Endpoint to support hairpin traffic.")
+		"Add iptables rules for every Service Endpoint to support hairpin traffic.")
 	fs.BoolVar(&s.NodePortBindOnAllIp, "nodeport-bindon-all-ip", false,
 		"For service of NodePort type create IPVS service that listens on all IP's of the node.")
 	fs.BoolVar(&s.EnableOverlay, "enable-overlay", true,