Skip to content

✨ Pass webhook logger to handler via context #1972

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jan 20, 2023
Merged

✨ Pass webhook logger to handler via context #1972

merged 3 commits into from
Jan 20, 2023

Conversation

timebertt
Copy link
Contributor

admission.Webhook now passes a request logger to the handler via the context.
It can be retrieved by handlers via logf.FromContext(ctx) and is setup with commonly interesting fields about the request.
The logger and it's fields can be customized by setting Webhook.LogConstructor.

This is very similar to how controllers are passing a reconciliation logger to reconcilers and allows for greater harmonization across the entire codebase, i.e. using contextual loggers everywhere instead of manually passing around half-cooked loggers.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Aug 10, 2022
@k8s-ci-robot
Copy link
Contributor

Hi @timebertt. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Aug 10, 2022
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 26, 2022
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 29, 2022
@timebertt
Copy link
Contributor Author

Resolved the merge conflict.
@alvaroaleman could you kindly have a look?

sbueringer
sbueringer reviewed Sep 7, 2022
View reviewed changes
pkg/webhook/admission/webhook.go
return Errored(http.StatusInternalServerError, errUnableToEncodeResponse)
}

return resp
}

// getLogger constructs a logger from the injected log and LogConstructor.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should implement this the same way as we did for the controller:

	if options.LogConstructor == nil {
		log := mgr.GetLogger().WithValues(
			"controller", name,
		)
		options.LogConstructor = func(req *reconcile.Request) logr.Logger {
			log := log
			if req != nil {
				log = log.WithValues(
					"object", klog.KRef(req.Namespace, req.Name),
					"namespace", req.Namespace, "name", req.Name,
				)
			}
			return log
		}
	}

The delta is roughly:

  • LogConstructor would have this signature: LogConstructor func(req *Request) logr.Logger
  • The default log constructor would then use the base logger directly
  • namespace & name are also added as top-level k/v pairs in addition to the nested values below object

e.g.:

// getLogger constructs a logger from the injected log and LogConstructor.
func (wh *Webhook) getLogger(req *Request) logr.Logger {
	if wh.LogConstructor == nil {
		if req != nil {
			return wh.log.WithValues("object", klog.KRef(req.Namespace, req.Name),
				"namespace", req.Namespace, "name", req.Name,
				"resource", req.Resource, "user", req.UserInfo.Username,
			)
		}
		return wh.log
	}
	return wh.LogConstructor(req)
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LogConstructor would have this signature: LogConstructor func(req *Request) logr.Logger

I added the base logr.Logger param to the LogConstructor to allow using the logger injected by the webhook server which includes the webhook path:

controller-runtime/pkg/webhook/server.go

Line 165 in 869888c

if _, err := inject.LoggerInto(baseHookLog.WithValues("webhook", path), hook); err != nil {

This is different from controllers, which use the manager's logger directly (which doesn't carry any additional information about the controller):

controller-runtime/pkg/controller/controller.go

Line 110 in 598978c

log := mgr.GetLogger().WithValues(

With this, one can add additional fields via a custom LogConstructor without adding the webhook field again.
If one wants to ignore the fields of the base logger, one can simply use any other logger.

I get that this is different from the controller loggers. If harmonization is more important here than preserving the injected fields, I will apply your suggestion. :)
@sbueringer WDYT?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Thank you very much!!

@sbueringer
Copy link
Member

sbueringer commented Sep 7, 2022
edited
Loading

In general I like the idea to make the webhook logs consistent with the controller logs. This will also allow cross-referencing between controller and webhook logs.

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Sep 7, 2022
@sbueringer
Copy link
Member

cc @fabriziopandini (just fyi that there is work in this area)

@timebertt
Copy link
Contributor Author

@sbueringer I have pushed two more commits addressing parts of your suggestions. PTAL :)
/label tide/merge-method-squash

@k8s-ci-robot k8s-ci-robot added the tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. label Nov 17, 2022
@sbueringer sbueringer mentioned this pull request Jan 19, 2023
Merged
@sbueringer
Copy link
Member

Thank you!!

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 20, 2023
@vincepri
Copy link
Member

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: timebertt, vincepri

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 20, 2023
@vincepri
Copy link
Member

/retest

@k8s-ci-robot k8s-ci-robot merged commit d4a1690 into kubernetes-sigs:master Jan 20, 2023
@timebertt timebertt deleted the webhook-logger branch January 23, 2023 06:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sbueringer sbueringer sbueringer left review comments

@pwittrock pwittrock Awaiting requested review from pwittrock

@varshaprasad96 varshaprasad96 Awaiting requested review from varshaprasad96

Assignees

@sbueringer sbueringer

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@timebertt @k8s-ci-robot @sbueringer @vincepri