Follow up to #2054: move magic strings into constants (#2122)

Follow up to #2054: move magic strings into constants

Signed-off-by: Alejandro Pedraza <alejandro@buoyant.io>

cli/cmd/inject.go

@@ -292,7 +292,7 @@ func injectPodSpec(t *v1.PodSpec, identity k8s.TLSIdentity, controlPlaneDNSNameO
 		yes := true
 
 		configMapVolume := v1.Volume{
-			Name: "linkerd-trust-anchors",
+			Name: k8s.TLSTrustAnchorVolumeName,
 			VolumeSource: v1.VolumeSource{
 				ConfigMap: &v1.ConfigMapVolumeSource{
 					LocalObjectReference: v1.LocalObjectReference{Name: k8s.TLSTrustAnchorConfigMapName},
@@ -301,7 +301,7 @@ func injectPodSpec(t *v1.PodSpec, identity k8s.TLSIdentity, controlPlaneDNSNameO
 			},
 		}
 		secretVolume := v1.Volume{
-			Name: "linkerd-secrets",
+			Name: k8s.TLSSecretsVolumeName,
 			VolumeSource: v1.VolumeSource{
 				Secret: &v1.SecretVolumeSource{
 					SecretName: identity.ToSecretName(),

cli/cmd/install.go

@@ -33,6 +33,8 @@ type installConfig struct {
 	CreatedByAnnotation              string
 	ProxyAPIPort                     uint
 	EnableTLS                        bool
+	TLSTrustAnchorVolumeName         string
+	TLSSecretsVolumeName             string
 	TLSTrustAnchorConfigMapName      string
 	ProxyContainerName               string
 	TLSTrustAnchorFileName           string
@@ -174,6 +176,8 @@ func validateAndBuildConfig(options *installOptions) (*installConfig, error) {
 		CreatedByAnnotation:              k8s.CreatedByAnnotation,
 		ProxyAPIPort:                     options.proxyAPIPort,
 		EnableTLS:                        options.enableTLS(),
+		TLSTrustAnchorVolumeName:         k8s.TLSTrustAnchorVolumeName,
+		TLSSecretsVolumeName:             k8s.TLSSecretsVolumeName,
 		TLSTrustAnchorConfigMapName:      k8s.TLSTrustAnchorConfigMapName,
 		ProxyContainerName:               k8s.ProxyContainerName,
 		TLSTrustAnchorFileName:           k8s.TLSTrustAnchorFileName,

cli/cmd/install_test.go

@@ -39,6 +39,8 @@ func TestRender(t *testing.T) {
 		CreatedByAnnotation:              "CreatedByAnnotation",
 		ProxyAPIPort:                     123,
 		EnableTLS:                        true,
+		TLSTrustAnchorVolumeName:         "TLSTrustAnchorVolumeName",
+		TLSSecretsVolumeName:             "TLSSecretsVolumeName",
 		TLSTrustAnchorConfigMapName:      "TLSTrustAnchorConfigMapName",
 		ProxyContainerName:               "ProxyContainerName",
 		TLSTrustAnchorFileName:           "TLSTrustAnchorFileName",

cli/cmd/testdata/install_output.golden

@@ -1218,7 +1218,7 @@ spec:
           runAsUser: 2103
         volumeMounts:
         - mountPath: /var/linkerd-io/trust-anchors
-          name: linkerd-trust-anchors
+          name: TLSTrustAnchorVolumeName
           readOnly: true
         - mountPath: /var/linkerd-io/identity
           name: webhook-secrets
@@ -1450,18 +1450,18 @@ data:
     terminationMessagePolicy: FallbackToLogsOnError
     volumeMounts:
     - mountPath: /var/linkerd-io/trust-anchors
-      name: linkerd-trust-anchors
+      name: TLSTrustAnchorVolumeName
       readOnly: true
     - mountPath: /var/linkerd-io/identity
-      name: linkerd-secrets
+      name: TLSSecretsVolumeName
       readOnly: true
   TLSTrustAnchorVolumeSpecFileName: |
-    name: linkerd-trust-anchors
+    name: TLSTrustAnchorVolumeName
     configMap:
       name: TLSTrustAnchorConfigMapName
       optional: true
   TLSIdentityVolumeSpecFileName: |
-    name: linkerd-secrets
+    name: TLSSecretsVolumeName
     secret:
       secretName: "" # this value will be computed by the webhook
       optional: true

cli/cmd/uninject.go

@@ -144,7 +144,7 @@ func uninjectPodSpec(t *v1.PodSpec, report *injectReport) {
 	volumes := []v1.Volume{}
 	for _, volume := range t.Volumes {
 		// TODO: move those strings to constants
-		if volume.Name != "linkerd-trust-anchors" && volume.Name != "linkerd-secrets" {
+		if volume.Name != k8s.TLSTrustAnchorVolumeName && volume.Name != k8s.TLSSecretsVolumeName {
 			volumes = append(volumes, volume)
 		}
 	}

cli/install/template.go

@@ -922,7 +922,7 @@ spec:
         - name: proxy-injector
           containerPort: 8443
         volumeMounts:
-        - name: linkerd-trust-anchors
+        - name: {{.TLSTrustAnchorVolumeName}}
           mountPath: /var/linkerd-io/trust-anchors
           readOnly: true
         - name: webhook-secrets
@@ -1117,18 +1117,18 @@ data:
     terminationMessagePolicy: FallbackToLogsOnError
     volumeMounts:
     - mountPath: /var/linkerd-io/trust-anchors
-      name: linkerd-trust-anchors
+      name: {{.TLSTrustAnchorVolumeName}}
       readOnly: true
     - mountPath: /var/linkerd-io/identity
-      name: linkerd-secrets
+      name: {{.TLSSecretsVolumeName}}
       readOnly: true
   {{.TLSTrustAnchorVolumeSpecFileName}}: |
-    name: linkerd-trust-anchors
+    name: {{.TLSTrustAnchorVolumeName}}
     configMap:
       name: {{.TLSTrustAnchorConfigMapName}}
       optional: true
   {{.TLSIdentityVolumeSpecFileName}}: |
-    name: linkerd-secrets
+    name: {{.TLSSecretsVolumeName}}
     secret:
       secretName: "" # this value will be computed by the webhook
       optional: true

pkg/k8s/labels.go

@@ -104,6 +104,14 @@ const (
 	// proxy-injector ConfigMap that contains the proxy-init container spec.
 	ProxyInitSpecFileName = "proxy-init.yaml"
 
+	// TLSTrustAnchorVolumeName is the name of the trust anchor volume,
+	// used when injecting a proxy with TLS enabled.
+	TLSTrustAnchorVolumeName = "linkerd-trust-anchors"
+
+	// TLSSecretsVolumeName is the name of the volume holding the secrets,
+	// when injecting a proxy with TLS enabled.
+	TLSSecretsVolumeName = "linkerd-secrets"
+
 	// TLSTrustAnchorVolumeSpecFileName is the name (key) within the
 	// proxy-injector ConfigMap that contains the trust anchors volume spec.
 	TLSTrustAnchorVolumeSpecFileName = "linkerd-trust-anchors.yaml"