diff --git a/pkg/network/common/dns.go b/pkg/network/common/dns.go index deb654400d29..1d3a9fee7713 100644 --- a/pkg/network/common/dns.go +++ b/pkg/network/common/dns.go @@ -110,7 +110,7 @@ func (d *DNS) updateOne(dns string) (error, bool) { // . < IN A out, err := d.execer.Command(dig, "+nocmd", "+noall", "+answer", "+ttlid", "a", dns).CombinedOutput() if err != nil || len(out) == 0 { - return fmt.Errorf("Failed to fetch IP addr and TTL value for domain: %q, err: %v", dns, err), false + return fmt.Errorf("failed to fetch IP addr and TTL value for domain: %q, err: %v", dns, err), false } outStr := strings.Trim(string(out[:]), "\n") diff --git a/pkg/network/master/subnets.go b/pkg/network/master/subnets.go index 13d5cd3dd197..2e077cfb5e50 100644 --- a/pkg/network/master/subnets.go +++ b/pkg/network/master/subnets.go @@ -33,7 +33,7 @@ func (master *OsdnMaster) SubnetStartMaster(clusterNetworks []common.ClusterNetw glog.Infof("Found existing HostSubnet %s", common.HostSubnetToString(&sub)) _, subnetIP, err := net.ParseCIDR(sub.Subnet) if err != nil { - return fmt.Errorf("Failed to parse network address: %q", sub.Subnet) + return fmt.Errorf("failed to parse network address: %q", sub.Subnet) } for _, cn := range clusterNetworks { diff --git a/pkg/network/master/vnids.go b/pkg/network/master/vnids.go index 0af5c26c3f10..5901274079c2 100644 --- a/pkg/network/master/vnids.go +++ b/pkg/network/master/vnids.go @@ -140,7 +140,7 @@ func (vmap *masterVNIDMap) releaseNetID(nsName string) error { // If not, then release the netid if count := vmap.getVNIDCount(netid); count == 0 { if err := vmap.netIDManager.Release(netid); err != nil { - return fmt.Errorf("Error while releasing netid %d for namespace %q, %v", netid, nsName, err) + return fmt.Errorf("error while releasing netid %d for namespace %q, %v", netid, nsName, err) } glog.Infof("Released netid %d for namespace %q", netid, nsName) } else { @@ -170,6 +170,9 @@ func (vmap *masterVNIDMap) updateNetID(nsName string, action network.PodNetworkA return 0, fmt.Errorf("netid not found for namespace %q", joinNsName) } case network.IsolatePodNetwork: + if nsName == kapi.NamespaceDefault { + return 0, fmt.Errorf("network isolation for namespace %q is not allowed", nsName) + } // Check if the given namespace is already isolated if count := vmap.getVNIDCount(oldnetid); count == 1 { return oldnetid, nil diff --git a/pkg/network/node/runtime.go b/pkg/network/node/runtime.go index 5f71d533a879..9f41426e2b6f 100644 --- a/pkg/network/node/runtime.go +++ b/pkg/network/node/runtime.go @@ -35,7 +35,7 @@ func (node *OsdnNode) getRuntimeService() (kubeletapi.RuntimeService, error) { return true, nil }) if err != nil { - return nil, fmt.Errorf("Failed to fetch runtime service: %v", err) + return nil, fmt.Errorf("failed to fetch runtime service: %v", err) } return node.runtimeService, nil } @@ -48,10 +48,10 @@ func (node *OsdnNode) getPodSandboxID(filter *kruntimeapi.PodSandboxFilter) (str podSandboxList, err := runtimeService.ListPodSandbox(filter) if err != nil { - return "", fmt.Errorf("Failed to list pod sandboxes: %v", err) + return "", fmt.Errorf("failed to list pod sandboxes: %v", err) } if len(podSandboxList) == 0 { - return "", fmt.Errorf("Pod sandbox not found for filter: %v", filter) + return "", fmt.Errorf("pod sandbox not found for filter: %v", filter) } return podSandboxList[0].Id, nil } diff --git a/pkg/oc/admin/network/isolate_projects.go b/pkg/oc/admin/network/isolate_projects.go index 7428fec432c7..e9926920da3c 100644 --- a/pkg/oc/admin/network/isolate_projects.go +++ b/pkg/oc/admin/network/isolate_projects.go @@ -7,6 +7,7 @@ import ( "github.com/spf13/cobra" kerrors "k8s.io/apimachinery/pkg/util/errors" + kapi "k8s.io/kubernetes/pkg/apis/core" "k8s.io/kubernetes/pkg/kubectl/cmd/templates" kcmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util" @@ -72,8 +73,12 @@ func (i *IsolateOptions) Run() error { errList := []error{} for _, project := range projects { + if project.Name == kapi.NamespaceDefault { + errList = append(errList, fmt.Errorf("network isolation for project %q is forbidden", project.Name)) + continue + } if err = i.Options.UpdatePodNetwork(project.Name, network.IsolatePodNetwork, ""); err != nil { - errList = append(errList, fmt.Errorf("Network isolation for project %q failed, error: %v", project.Name, err)) + errList = append(errList, fmt.Errorf("network isolation for project %q failed, error: %v", project.Name, err)) } } return kerrors.NewAggregate(errList) diff --git a/pkg/oc/admin/network/join_projects.go b/pkg/oc/admin/network/join_projects.go index 426910234f74..ec56bac0ac10 100644 --- a/pkg/oc/admin/network/join_projects.go +++ b/pkg/oc/admin/network/join_projects.go @@ -92,7 +92,7 @@ func (j *JoinOptions) Run() error { for _, project := range projects { if project.Name != j.joinProjectName { if err = j.Options.UpdatePodNetwork(project.Name, network.JoinPodNetwork, j.joinProjectName); err != nil { - errList = append(errList, fmt.Errorf("Project %q failed to join %q, error: %v", project.Name, j.joinProjectName, err)) + errList = append(errList, fmt.Errorf("project %q failed to join %q, error: %v", project.Name, j.joinProjectName, err)) } } } diff --git a/pkg/oc/admin/network/make_projects_global.go b/pkg/oc/admin/network/make_projects_global.go index cd877f1adee3..ea2a46134b8f 100644 --- a/pkg/oc/admin/network/make_projects_global.go +++ b/pkg/oc/admin/network/make_projects_global.go @@ -74,7 +74,7 @@ func (m *MakeGlobalOptions) Run() error { errList := []error{} for _, project := range projects { if err = m.Options.UpdatePodNetwork(project.Name, network.GlobalPodNetwork, ""); err != nil { - errList = append(errList, fmt.Errorf("Removing network isolation for project %q failed, error: %v", project.Name, err)) + errList = append(errList, fmt.Errorf("removing network isolation for project %q failed, error: %v", project.Name, err)) } } return kerrors.NewAggregate(errList) diff --git a/pkg/oc/admin/network/project_options.go b/pkg/oc/admin/network/project_options.go index 99fbb3ca1c80..a948329b1372 100644 --- a/pkg/oc/admin/network/project_options.go +++ b/pkg/oc/admin/network/project_options.go @@ -90,12 +90,12 @@ func (p *ProjectOptions) Validate() error { clusterNetwork, err := p.Oclient.Network().ClusterNetworks().Get(networkapi.ClusterNetworkDefault, metav1.GetOptions{}) if err != nil { if kapierrors.IsNotFound(err) { - errList = append(errList, errors.New("Managing pod network is only supported for openshift multitenant network plugin")) + errList = append(errList, errors.New("managing pod network is only supported for openshift multitenant network plugin")) } else { - errList = append(errList, errors.New("Failed to fetch current network plugin info")) + errList = append(errList, errors.New("failed to fetch current network plugin info")) } } else if !network.IsOpenShiftMultitenantNetworkPlugin(clusterNetwork.PluginName) { - errList = append(errList, fmt.Errorf("Using plugin: %q, managing pod network is only supported for openshift multitenant network plugin", clusterNetwork.PluginName)) + errList = append(errList, fmt.Errorf("using plugin: %q, managing pod network is only supported for openshift multitenant network plugin", clusterNetwork.PluginName)) } return kerrors.NewAggregate(errList) @@ -140,7 +140,7 @@ func (p *ProjectOptions) GetProjects() ([]*projectapi.Project, error) { } if len(projectList) == 0 { - return projectList, fmt.Errorf("No projects found") + return projectList, fmt.Errorf("no projects found") } else { givenProjectNames := sets.NewString(p.ProjectNames...) foundProjectNames := sets.String{} @@ -149,7 +149,7 @@ func (p *ProjectOptions) GetProjects() ([]*projectapi.Project, error) { } skippedProjectNames := givenProjectNames.Difference(foundProjectNames) if skippedProjectNames.Len() > 0 { - return projectList, fmt.Errorf("Projects %v not found", strings.Join(skippedProjectNames.List(), ", ")) + return projectList, fmt.Errorf("projects %v not found", strings.Join(skippedProjectNames.List(), ", ")) } } return projectList, nil