docs: Fix spelling for "IPsec"

IPsec should not be IPSec. Fix all occurrences in the docs, and in source files used to auto-generate documentation. This commit does not change the occurrences of "IPSec" in the rest of the code base. Ideally, we would like to prevent "IPSec" to come back to the documentation via spell checks. However, I could not find a good solution to do that. This is based on the following considerations: - We currently have "ipsec" and "IPsec" in the list of spelling exceptions (the second is probably useless as the first should be treated by the spell checker as case-insensitive). They correspond to the syntax we accept when "ipsec" occurs in some technical terms, and for the rightfully-spelt "IPsec", respectively. The list of exceptions does not contain "IPSec" (even though it should be allowed due to "ipsec" being case-insensitive). - We can remove both occurrences from the list of spelling exceptions, and cover them instead by a custom filter, the same way as we do for "wireguard" and "WireGuard". This solution, however, does not work, for two reasons. - One reason is that "ipsec" sometimes appear in the middle of a compound-term, as in "something-ipsec-something", and a custom filter modeled after the one for WireGuard wouldn't "skip" it. We would have to make it more robust to detect "ipsec" in the middle of such compounds. - The other reason is that even if we accept only "ipsec" and "IPsec" in the custom filter, ... it turns out that the spell checker still accepts "IPSec". After some investigation, it turns out that this is because the spell checker configuration option spelling_ignore_wiki_words defaults to True. This option determines "whether words that follow the CamelCase conventions used for page names in wikis should be treated as spelled properly." As it turns out, "IPsec" does not follow these conventions, at least in the eyes of the spell checker, but "IPSec" does, making it a valid word. - Can we easily update a custom filter to make the spell checker reject a specific word? The answer is no, we can only skip words (and consider them correct) or tokenize them more: sphinx-contrib/spelling#120. - As a consequence, the best way to reject "IPSec" would be to set spelling_ignore_wiki_words to False in the configuration file. So I tried that, and obtained: Please fix the following documentation warnings: WARNING: Found 1271 misspelled words It turns out we have a lot of words that implicitely follow camel case conventions and are skipped by the spell checker for that reason. It's not worth adding all of them to the list of exceptions. Let's just accept that "IPSec" may come back, and clean it up from time to time. Signed-off-by: Quentin Monnet <qmo@qmon.net>
qmonnet · Apr 23, 2024 · eba7d19 · eba7d19
1 parent 5948c1e
commit eba7d19
Show file tree

Hide file tree

Showing 11 changed files with 18 additions and 18 deletions.
diff --git a/Documentation/cmdref/cilium-agent.md b/Documentation/cmdref/cilium-agent.md
diff --git a/Documentation/community/roadmap.rst b/Documentation/community/roadmap.rst
@@ -28,7 +28,7 @@ Major Feature Status
 ++-------------------------------------------------+----------------------------------------------------------+
 || :ref:`egress-gateway`                           | Stable                                                   |
 ++-------------------------------------------------+----------------------------------------------------------+
-|| :ref:`gsg_encryption` (IPSec and WireGuard)     | Stable                                                   |
+|| :ref:`gsg_encryption` (IPsec and WireGuard)     | Stable                                                   |
 ++-------------------------------------------------+----------------------------------------------------------+
 || :ref:`bandwidth-manager`                        | Stable                                                   |
 ++-------------------------------------------------+----------------------------------------------------------+

diff --git a/Documentation/helm-values.rst b/Documentation/helm-values.rst
diff --git a/Documentation/network/concepts/ipam/multi-pool.rst b/Documentation/network/concepts/ipam/multi-pool.rst
@@ -153,7 +153,7 @@ Multi-Pool IPAM mode:
 
 .. warning::
    - Tunnel mode is not supported. Multi-Pool IPAM may only be used in direct routing mode.
-   - Transparent encryption is only supported with WireGuard and cannot be used with IPSec.
+   - Transparent encryption is only supported with WireGuard and cannot be used with IPsec.
    - IPAM pools with overlapping CIDRs are not supported. Each pod IP must be
      unique in the cluster due the way Cilium determines the security identity
      of endpoints by way of the IPCache.

diff --git a/Documentation/observability/metrics.rst b/Documentation/observability/metrics.rst
@@ -340,7 +340,7 @@ Name                                          Labels
 ``datapath_conntrack_gc_duration_seconds``    ``status``                                         Enabled    Duration in seconds of the garbage collector process
 ============================================= ================================================== ========== ========================================================
 
-IPSec
+IPsec
 ~~~~~
 
 ============================================= ================================================== ========== ===========================================================

diff --git a/Documentation/operations/system_requirements.rst b/Documentation/operations/system_requirements.rst
@@ -332,7 +332,7 @@ to enable health monitoring. If the firewall does not permit either of these
 methods, Cilium will still operate fine but will not be able to provide health
 information.
 
-For IPSec enabled Cilium deployments, you need to ensure that the firewall
+For IPsec enabled Cilium deployments, you need to ensure that the firewall
 allows ESP traffic through. For example, AWS Security Groups doesn't allow ESP
 traffic by default.
 

diff --git a/Documentation/security/network/encryption-ipsec.rst b/Documentation/security/network/encryption-ipsec.rst
@@ -29,7 +29,7 @@ example below demonstrates generation of the necessary IPsec configuration
 which will be distributed as a Kubernetes secret called ``cilium-ipsec-keys``.
 A Kubernetes secret should consist of one key-value pair where the key is the
 name of the file to be mounted as a volume in cilium-agent pods, and the
-value is an IPSec configuration in the following format::
+value is an IPsec configuration in the following format::
 
     key-id encryption-algorithms PSK-in-hex-format key-size
 
@@ -197,7 +197,7 @@ Troubleshooting
 ===============
 
  * If the ``cilium`` Pods fail to start after enabling encryption, double-check if
-   the IPSec ``Secret`` and Cilium are deployed in the same namespace together.
+   the IPsec ``Secret`` and Cilium are deployed in the same namespace together.
 
  * Check for ``level=warning`` and ``level=error`` messages in the Cilium log files
 

diff --git a/daemon/cmd/daemon_main.go b/daemon/cmd/daemon_main.go
@@ -360,10 +360,10 @@ func InitGlobalFlags(cmd *cobra.Command, vp *viper.Viper) {
 	flags.Bool(option.EnableWellKnownIdentities, defaults.EnableWellKnownIdentities, "Enable well-known identities for known Kubernetes components")
 	option.BindEnv(vp, option.EnableWellKnownIdentities)
 
-	flags.Bool(option.EnableIPSecName, defaults.EnableIPSec, "Enable IPSec support")
+	flags.Bool(option.EnableIPSecName, defaults.EnableIPSec, "Enable IPsec support")
 	option.BindEnv(vp, option.EnableIPSecName)
 
-	flags.String(option.IPSecKeyFileName, "", "Path to IPSec key file")
+	flags.String(option.IPSecKeyFileName, "", "Path to IPsec key file")
 	option.BindEnv(vp, option.IPSecKeyFileName)
 
 	flags.Duration(option.IPsecKeyRotationDuration, defaults.IPsecKeyRotationDuration, "Maximum duration of the IPsec key rotation. The previous key will be removed after that delay.")
@@ -372,7 +372,7 @@ func InitGlobalFlags(cmd *cobra.Command, vp *viper.Viper) {
 	flags.Bool(option.EnableIPsecKeyWatcher, defaults.EnableIPsecKeyWatcher, "Enable watcher for IPsec key. If disabled, a restart of the agent will be necessary on key rotations.")
 	option.BindEnv(vp, option.EnableIPsecKeyWatcher)
 
-	flags.Bool(option.EnableIPSecEncryptedOverlay, defaults.EnableIPSecEncryptedOverlay, "Enable IPSec encrypted overlay. If enabled tunnel traffic will be encrypted before leaving the host.")
+	flags.Bool(option.EnableIPSecEncryptedOverlay, defaults.EnableIPSecEncryptedOverlay, "Enable IPsec encrypted overlay. If enabled tunnel traffic will be encrypted before leaving the host.")
 	option.BindEnv(vp, option.EnableIPSecEncryptedOverlay)
 
 	flags.Bool(option.EnableWireguard, false, "Enable WireGuard")

diff --git a/install/kubernetes/cilium/README.md b/install/kubernetes/cilium/README.md
diff --git a/install/kubernetes/cilium/values.yaml b/install/kubernetes/cilium/values.yaml
diff --git a/install/kubernetes/cilium/values.yaml.tmpl b/install/kubernetes/cilium/values.yaml.tmpl
@@ -862,7 +862,7 @@ encryption:
     # -- Maximum duration of the IPsec key rotation. The previous key will be
     # removed after that delay.
     keyRotationDuration: "5m"
-    # -- Enable IPSec encrypted overlay
+    # -- Enable IPsec encrypted overlay
     encryptedOverlay: false
   wireguard:
     # -- Enables the fallback to the user-space implementation (deprecated).
@@ -3293,7 +3293,7 @@ authentication:
   gcInterval: "5m0s"
   # Configuration for Cilium's service-to-service mutual authentication using TLS handshakes.
   # Note that this is not full mTLS support without also enabling encryption of some form.
-  # Current encryption options are WireGuard or IPSec, configured in encryption block above.
+  # Current encryption options are WireGuard or IPsec, configured in encryption block above.
   mutual:
     # -- Port on the agent where mutual authentication handshakes between agents will be performed
     port: 4250