From 444d26806c7a84629e91785f57a56c990f43e30b Mon Sep 17 00:00:00 2001 From: UnicornChance Date: Tue, 2 Jul 2024 10:52:24 -0600 Subject: [PATCH 1/9] initial creation of child logging --- package.json | 5 ++-- src/pepr/config.ts | 8 +++--- src/pepr/istio/index.ts | 18 ++++++++----- src/pepr/logger.ts | 14 ++++++++++ .../controllers/exemptions/exemption-store.ts | 15 ++++++----- .../operator/controllers/istio/injection.ts | 8 ++++-- .../controllers/istio/istio-resources.ts | 18 ++++++++----- .../controllers/keycloak/client-sync.ts | 26 +++++++++++-------- .../controllers/monitoring/service-monitor.ts | 14 ++++++---- .../controllers/network/generators/kubeAPI.ts | 18 ++++++++----- .../operator/controllers/network/policies.ts | 10 ++++--- src/pepr/operator/crd/register.ts | 14 ++++++---- src/pepr/operator/reconcilers/index.ts | 24 ++++++++++------- .../reconcilers/package-reconciler.ts | 16 ++++++++---- src/pepr/policies/exemptions/index.ts | 10 ++++--- src/pepr/policies/index.ts | 10 ++++--- src/pepr/policies/storage.ts | 2 +- src/pepr/prometheus/index.ts | 10 ++++--- 18 files changed, 157 insertions(+), 83 deletions(-) create mode 100644 src/pepr/logger.ts diff --git a/package.json b/package.json index 78f01ecf7..7d3190794 100644 --- a/package.json +++ b/package.json @@ -16,7 +16,7 @@ "name": "UDS Core", "uuid": "uds-core", "onError": "reject", - "logLevel": "debug", + "logLevel": "info", "alwaysIgnore": { "namespaces": [ "uds-dev-stack", @@ -27,7 +27,8 @@ "env": { "UDS_DOMAIN": "###ZARF_VAR_DOMAIN###", "UDS_ALLOW_ALL_NS_EXEMPTIONS": "###ZARF_VAR_ALLOW_ALL_NS_EXEMPTIONS###", - "UDS_SINGLE_TEST": "###ZARF_VAR_UDS_SINGLE_TEST###" + "UDS_SINGLE_TEST": "###ZARF_VAR_UDS_SINGLE_TEST###", + "UDS_LOG_LEVEL": "###ZARF_VAR_UDS_LOG_LEVEL###" } }, "scripts": { diff --git a/src/pepr/config.ts b/src/pepr/config.ts index 0a923b741..a5848a467 100644 --- a/src/pepr/config.ts +++ b/src/pepr/config.ts @@ -1,4 +1,4 @@ -import { Log } from "pepr"; +import { childLog } from "./logger"; let domain = process.env.UDS_DOMAIN; @@ -16,10 +16,12 @@ export const UDSConfig = { allowAllNSExemptions: process.env.UDS_ALLOW_ALL_NS_EXEMPTIONS === "true", }; -Log.info(UDSConfig, "Loaded UDS Config"); +// configure subproject logger +const log = childLog("UDS Config"); +log.info(UDSConfig, "Loaded UDS Config"); if (UDSConfig.isSingleTest) { - Log.warn( + log.warn( "Running in single test mode, this will change the behavior of the operator and should only be used for UDS Core development testing.", ); } diff --git a/src/pepr/istio/index.ts b/src/pepr/istio/index.ts index 3cbd0423a..a122e6988 100644 --- a/src/pepr/istio/index.ts +++ b/src/pepr/istio/index.ts @@ -1,5 +1,9 @@ import { Exec, KubeConfig } from "@kubernetes/client-node"; -import { Capability, Log, a } from "pepr"; +import { Capability, a } from "pepr"; +import { childLog } from "../logger"; + +// configure subproject logger +const log = childLog("istio"); export const istio = new Capability({ name: "istio", @@ -20,13 +24,13 @@ When(a.Pod) .WithLabel("batch.kubernetes.io/job-name") .WithLabel("service.istio.io/canonical-name") .Watch(async pod => { - Log.info( + log.info( pod, `Processing Pod ${pod.metadata?.namespace}/${pod.metadata?.name} for istio job termination`, ); if (!pod.metadata?.name || !pod.metadata.namespace) { - Log.error(pod, `Invalid Pod definition`); + log.error(pod, `Invalid Pod definition`); return; } @@ -42,7 +46,7 @@ When(a.Pod) if (pod.status?.phase == "Running") { // Check all container statuses if (!pod.status.containerStatuses) { - Log.error(pod, `Invalid container status in Pod`); + log.error(pod, `Invalid container status in Pod`); return; } const shouldTerminate = pod.status.containerStatuses @@ -55,7 +59,7 @@ When(a.Pod) // Mark the pod as seen inProgress.add(key); - Log.info(`Attempting to terminate sidecar for ${key}`); + log.info(`Attempting to terminate sidecar for ${key}`); try { const kc = new KubeConfig(); kc.loadFromDefault(); @@ -72,9 +76,9 @@ When(a.Pod) true, ); - Log.info(`Terminated sidecar for ${key}`); + log.info(`Terminated sidecar for ${key}`); } catch (err) { - Log.error({ err }, `Failed to terminate the sidecar for ${key}`); + log.error({ err }, `Failed to terminate the sidecar for ${key}`); // Remove the pod from the seen list inProgress.delete(key); diff --git a/src/pepr/logger.ts b/src/pepr/logger.ts new file mode 100644 index 000000000..28f1b7ee4 --- /dev/null +++ b/src/pepr/logger.ts @@ -0,0 +1,14 @@ +import { Log } from "pepr"; + +export function childLog(subproject: string) { + const childLog = Log.child({ subproject: subproject }); + + // We need to handle `npx pepr <>` commands that will not template the env vars + let logLevel = process.env.UDS_LOG_LEVEL; + if (!logLevel || logLevel === "###ZARF_VAR_LOG_LEVEL###") { + logLevel = "debug"; + } + childLog.level = logLevel; + + return childLog; +} diff --git a/src/pepr/operator/controllers/exemptions/exemption-store.ts b/src/pepr/operator/controllers/exemptions/exemption-store.ts index 3cb024de8..82eedfa34 100644 --- a/src/pepr/operator/controllers/exemptions/exemption-store.ts +++ b/src/pepr/operator/controllers/exemptions/exemption-store.ts @@ -1,7 +1,10 @@ -import { Log } from "pepr"; +import { childLog } from "../../../logger"; import { StoredMatcher } from "../../../policies"; import { Matcher, Policy, UDSExemption } from "../../crd"; +// configure subproject logger +const log = childLog("operator.controllers.exemptions"); + export type PolicyOwnerMap = Map; export type PolicyMap = Map; let policyExemptionMap: PolicyMap; @@ -34,7 +37,7 @@ function addMatcher(matcher: Matcher, p: Policy, owner: string = ""): void { } // Iterate through each exemption block of CR and add matchers to PolicyMap -function add(exemption: UDSExemption, log: boolean = true) { +function add(exemption: UDSExemption, logger: boolean = true) { // Remove any existing exemption for this owner, in case of WatchPhase.Modified remove(exemption); const owner = exemption.metadata?.uid || ""; @@ -45,8 +48,8 @@ function add(exemption: UDSExemption, log: boolean = true) { for (const p of policies) { // Append the matcher to the list of stored matchers for this policy addMatcher(e.matcher, p, owner); - if (log) { - Log.debug(`Added exemption to ${p}: ${JSON.stringify(e.matcher)}`); + if (logger) { + log.debug(`Added exemption to ${p}: ${JSON.stringify(e.matcher)}`); } } } @@ -68,9 +71,9 @@ function remove(exemption: UDSExemption) { } } policyOwnerMap.delete(owner); - Log.debug(`Removed all policy exemptions for ${owner}`); + log.debug(`Removed all policy exemptions for ${owner}`); } else { - Log.debug(`No existing exemption for owner ${owner}`); + log.debug(`No existing exemption for owner ${owner}`); } } diff --git a/src/pepr/operator/controllers/istio/injection.ts b/src/pepr/operator/controllers/istio/injection.ts index 36102cff3..52c2fd7db 100644 --- a/src/pepr/operator/controllers/istio/injection.ts +++ b/src/pepr/operator/controllers/istio/injection.ts @@ -1,7 +1,11 @@ -import { K8s, Log, kind } from "pepr"; +import { K8s, kind } from "pepr"; +import { childLog } from "../../../logger"; import { UDSPackage } from "../../crd"; +// configure subproject logger +const log = childLog("operator.controllers.istio"); + const injectionLabel = "istio-injection"; const injectionAnnotation = "uds.dev/original-istio-injection"; @@ -143,7 +147,7 @@ async function killPods(ns: string, enableInjection: boolean) { } for (const pod of group) { - Log.info(`Deleting pod ${ns}/${pod.metadata?.name} to enable the istio sidecar`); + log.info(`Deleting pod ${ns}/${pod.metadata?.name} to enable the istio sidecar`); await K8s(kind.Pod).Delete(pod); } } diff --git a/src/pepr/operator/controllers/istio/istio-resources.ts b/src/pepr/operator/controllers/istio/istio-resources.ts index 84406067a..d84d2501a 100644 --- a/src/pepr/operator/controllers/istio/istio-resources.ts +++ b/src/pepr/operator/controllers/istio/istio-resources.ts @@ -1,9 +1,13 @@ -import { K8s, Log } from "pepr"; +import { K8s } from "pepr"; -import { IstioVirtualService, IstioServiceEntry, UDSPackage } from "../../crd"; +import { childLog } from "../../../logger"; +import { IstioServiceEntry, IstioVirtualService, UDSPackage } from "../../crd"; import { getOwnerRef } from "../utils"; -import { generateVirtualService } from "./virtual-service"; import { generateServiceEntry } from "./service-entry"; +import { generateVirtualService } from "./virtual-service"; + +// configure subproject logger +const log = childLog("operator.controllers.istio"); /** * Creates a VirtualService and ServiceEntry for each exposed service in the package @@ -30,7 +34,7 @@ export async function istioResources(pkg: UDSPackage, namespace: string) { // Generate a VirtualService for this `expose` entry const vsPayload = generateVirtualService(expose, namespace, pkgName, generation, ownerRefs); - Log.debug(vsPayload, `Applying VirtualService ${vsPayload.metadata?.name}`); + log.debug(vsPayload, `Applying VirtualService ${vsPayload.metadata?.name}`); // Apply the VirtualService and force overwrite any existing policy await K8s(IstioVirtualService).Apply(vsPayload, { force: true }); @@ -45,7 +49,7 @@ export async function istioResources(pkg: UDSPackage, namespace: string) { continue; } - Log.debug(sePayload, `Applying ServiceEntry ${sePayload.metadata?.name}`); + log.debug(sePayload, `Applying ServiceEntry ${sePayload.metadata?.name}`); // Apply the ServiceEntry and force overwrite any existing policy await K8s(IstioServiceEntry).Apply(sePayload, { force: true }); @@ -66,7 +70,7 @@ export async function istioResources(pkg: UDSPackage, namespace: string) { // Delete any orphaned VirtualServices for (const vs of orphanedVS) { - Log.debug(vs, `Deleting orphaned VirtualService ${vs.metadata!.name}`); + log.debug(vs, `Deleting orphaned VirtualService ${vs.metadata!.name}`); await K8s(IstioVirtualService).Delete(vs); } @@ -83,7 +87,7 @@ export async function istioResources(pkg: UDSPackage, namespace: string) { // Delete any orphaned ServiceEntries for (const se of orphanedSE) { - Log.debug(se, `Deleting orphaned ServiceEntry ${se.metadata!.name}`); + log.debug(se, `Deleting orphaned ServiceEntry ${se.metadata!.name}`); await K8s(IstioServiceEntry).Delete(se); } diff --git a/src/pepr/operator/controllers/keycloak/client-sync.ts b/src/pepr/operator/controllers/keycloak/client-sync.ts index 63430fbd4..17ab37d91 100644 --- a/src/pepr/operator/controllers/keycloak/client-sync.ts +++ b/src/pepr/operator/controllers/keycloak/client-sync.ts @@ -1,6 +1,7 @@ -import { K8s, Log, fetch, kind } from "pepr"; +import { fetch, K8s, kind } from "pepr"; import { UDSConfig } from "../../../config"; +import { childLog } from "../../../logger"; import { Store } from "../../common"; import { Sso, UDSPackage } from "../../crd"; import { getOwnerRef } from "../utils"; @@ -27,6 +28,9 @@ const x509CertRegex = new RegExp( /<[^>]*:X509Certificate[^>]*>((.|[\n\r])*)<\/[^>]*:X509Certificate>/, ); +// configure subproject logger +const log = childLog("operator.controller.keycloak"); + /** * Create or update the Keycloak clients for the package * @@ -67,7 +71,7 @@ export async function purgeSSOClients(pkg: UDSPackage, refs: string[] = []) { Store.removeItem(ref); await apiCall({ clientId }, "DELETE", token); } else { - Log.warn(pkg.metadata, `Failed to remove client ${clientId}, token not found`); + log.warn(pkg.metadata, `Failed to remove client ${clientId}, token not found`); } } } @@ -77,7 +81,7 @@ async function syncClient( pkg: UDSPackage, isRetry = false, ) { - Log.debug(pkg.metadata, `Processing client request: ${clientReq.clientId}`); + log.debug(pkg.metadata, `Processing client request: ${clientReq.clientId}`); try { // Not including the CR data in the ref because Keycloak client IDs must be unique already @@ -90,10 +94,10 @@ async function syncClient( // If an existing client is found, update it if (token && !isRetry) { - Log.debug(pkg.metadata, `Found existing token for ${clientReq.clientId}`); + log.debug(pkg.metadata, `Found existing token for ${clientReq.clientId}`); client = await apiCall(clientReq, "PUT", token); } else { - Log.debug(pkg.metadata, `Creating new client for ${clientReq.clientId}`); + log.debug(pkg.metadata, `Creating new client for ${clientReq.clientId}`); client = await apiCall(clientReq); } @@ -131,15 +135,15 @@ async function syncClient( const msg = `Failed to process client request '${clientReq.clientId}' for ` + `${pkg.metadata?.namespace}/${pkg.metadata?.name}. This can occur if a client already exists with the same ID that Pepr isn't tracking.`; - Log.error({ err }, msg); + log.error({ err }, msg); if (isRetry) { - Log.error(`${msg}, retry failed, aborting`); + log.error(`${msg}, retry failed, aborting`); throw new Error(`${msg}. RETRY FAILED, aborting: ${JSON.stringify(err)}`); } // Retry the request - Log.warn(`${msg}, retrying`); + log.warn(pkg.metadata, `Failed to process client request: ${clientReq.clientId}, retrying`); return syncClient(clientReq, pkg, true); } } @@ -162,7 +166,7 @@ export function handleClientGroups(clientReq: Sso) { async function apiCall(sso: Partial, method = "POST", authToken = "") { // Handle single test mode if (UDSConfig.isSingleTest) { - Log.warn(`Generating fake client for '${sso.clientId}' in single test mode`); + log.warn(`Generating fake client for '${sso.clientId}' in single test mode`); return { ...sso, secret: sso.secret || "fake-secret", @@ -203,14 +207,14 @@ async function apiCall(sso: Partial, method = "POST", authToken = "") { export function generateSecretData(client: Client, secretTemplate?: { [key: string]: string }) { if (secretTemplate) { - Log.debug(`Using secret template for client: ${client.clientId}`); + log.debug(`Using secret template for client: ${client.clientId}`); // Iterate over the secret template entry and process each value return templateData(secretTemplate, client); } const stringMap: Record = {}; - Log.debug(`Using client data for secret: ${client.clientId}`); + log.debug(`Using client data for secret: ${client.clientId}`); // iterate over the client object and convert all values to strings for (const [key, value] of Object.entries(client)) { diff --git a/src/pepr/operator/controllers/monitoring/service-monitor.ts b/src/pepr/operator/controllers/monitoring/service-monitor.ts index ff2ba0713..f2f35693d 100644 --- a/src/pepr/operator/controllers/monitoring/service-monitor.ts +++ b/src/pepr/operator/controllers/monitoring/service-monitor.ts @@ -1,9 +1,13 @@ -import { K8s, Log } from "pepr"; +import { K8s } from "pepr"; import { V1OwnerReference } from "@kubernetes/client-node"; -import { Prometheus, UDSPackage, Monitor } from "../../crd"; +import { childLog } from "../../../logger"; +import { Monitor, Prometheus, UDSPackage } from "../../crd"; import { getOwnerRef, sanitizeResourceName } from "../utils"; +// configure subproject logger +const log = childLog("operator.controllers.monitoring"); + /** * Generate a service monitor for a service * @@ -15,7 +19,7 @@ export async function serviceMonitor(pkg: UDSPackage, namespace: string) { const generation = (pkg.metadata?.generation ?? 0).toString(); const ownerRefs = getOwnerRef(pkg); - Log.debug(`Reconciling ServiceMonitors for ${pkgName}`); + log.debug(`Reconciling ServiceMonitors for ${pkgName}`); // Get the list of monitored services const monitorList = pkg.spec?.monitor ?? []; @@ -27,7 +31,7 @@ export async function serviceMonitor(pkg: UDSPackage, namespace: string) { for (const monitor of monitorList) { const payload = generateServiceMonitor(monitor, namespace, pkgName, generation, ownerRefs); - Log.debug(payload, `Applying ServiceMonitor ${payload.metadata?.name}`); + log.debug(payload, `Applying ServiceMonitor ${payload.metadata?.name}`); // Apply the ServiceMonitor and force overwrite any existing policy await K8s(Prometheus.ServiceMonitor).Apply(payload, { force: true }); @@ -48,7 +52,7 @@ export async function serviceMonitor(pkg: UDSPackage, namespace: string) { // Delete any orphaned ServiceMonitors for (const sm of orphanedSM) { - Log.debug(sm, `Deleting orphaned ServiceMonitor ${sm.metadata!.name}`); + log.debug(sm, `Deleting orphaned ServiceMonitor ${sm.metadata!.name}`); await K8s(Prometheus.ServiceMonitor).Delete(sm); } } catch (err) { diff --git a/src/pepr/operator/controllers/network/generators/kubeAPI.ts b/src/pepr/operator/controllers/network/generators/kubeAPI.ts index 8451ffa2c..6cdae2880 100644 --- a/src/pepr/operator/controllers/network/generators/kubeAPI.ts +++ b/src/pepr/operator/controllers/network/generators/kubeAPI.ts @@ -1,9 +1,13 @@ import { V1NetworkPolicyPeer } from "@kubernetes/client-node"; -import { K8s, kind, Log, R } from "pepr"; +import { K8s, kind, R } from "pepr"; +import { childLog } from "../../../../logger"; import { RemoteGenerated } from "../../../crd"; import { anywhere } from "./anywhere"; +// configure subproject logger +const log = childLog("operator.controllers.network.generators"); + // This is an in-memory cache of the API server CIDR let apiServerPeers: V1NetworkPolicyPeer[]; @@ -27,7 +31,7 @@ export function kubeAPI() { } // Otherwise, log a warning and default to 0.0.0.0/0 until the EndpointSlice is updated - Log.warn("Unable to get API server CIDR, defaulting to 0.0.0.0/0"); + log.warn("Unable to get API server CIDR, defaulting to 0.0.0.0/0"); return [anywhere]; } @@ -37,14 +41,14 @@ export function kubeAPI() { */ export async function updateAPIServerCIDRFromEndpointSlice(slice: kind.EndpointSlice) { try { - Log.debug( + log.debug( "Processing watch for endpointslices, getting k8s service for updating API server CIDR", ); const svc = await K8s(kind.Service).InNamespace("default").Get("kubernetes"); await updateAPIServerCIDR(slice, svc); } catch (err) { const msg = "Failed to update network policies from endpoint slice watch"; - Log.error({ err }, msg); + log.error({ err }, msg); } } @@ -54,14 +58,14 @@ export async function updateAPIServerCIDRFromEndpointSlice(slice: kind.EndpointS */ export async function updateAPIServerCIDRFromService(svc: kind.Service) { try { - Log.debug( + log.debug( "Processing watch for api service, getting endpoint slices for updating API server CIDR", ); const slice = await K8s(kind.EndpointSlice).InNamespace("default").Get("kubernetes"); await updateAPIServerCIDR(slice, svc); } catch (err) { const msg = "Failed to update network policies from api service watch"; - Log.error({ err }, msg); + log.error({ err }, msg); } } @@ -105,7 +109,7 @@ export async function updateAPIServerCIDR(slice: kind.EndpointSlice, svc: kind.S // in case another EndpointSlice is updated before this one netPol.spec!.egress![0].to = apiServerPeers; - Log.debug(`Updating ${netPol.metadata!.namespace}/${netPol.metadata!.name}`); + log.debug(`Updating ${netPol.metadata!.namespace}/${netPol.metadata!.name}`); await K8s(kind.NetworkPolicy).Apply(netPol); } } diff --git a/src/pepr/operator/controllers/network/policies.ts b/src/pepr/operator/controllers/network/policies.ts index bbd042cd0..a59de795e 100644 --- a/src/pepr/operator/controllers/network/policies.ts +++ b/src/pepr/operator/controllers/network/policies.ts @@ -1,5 +1,6 @@ -import { K8s, Log, kind } from "pepr"; +import { K8s, kind } from "pepr"; +import { childLog } from "../../../logger"; import { Allow, Direction, Gateway, UDSPackage } from "../../crd"; import { getOwnerRef, sanitizeResourceName } from "../utils"; import { allowEgressDNS } from "./defaults/allow-egress-dns"; @@ -8,6 +9,9 @@ import { allowIngressSidecarMonitoring } from "./defaults/allow-ingress-sidecar- import { defaultDenyAll } from "./defaults/default-deny-all"; import { generate } from "./generate"; +// configure subproject logger +const log = childLog("operator.controllers.network"); + export async function networkPolicies(pkg: UDSPackage, namespace: string) { const customPolicies = pkg.spec?.network?.allow ?? []; const pkgName = pkg.metadata!.name!; @@ -15,7 +19,7 @@ export async function networkPolicies(pkg: UDSPackage, namespace: string) { // Get the current generation of the package const generation = (pkg.metadata?.generation ?? 0).toString(); - Log.debug(pkg.metadata, `Generating NetworkPolicies for generation ${generation}`); + log.debug(pkg.metadata, `Generating NetworkPolicies for generation ${generation}`); // Create default policies const policies = [ @@ -124,7 +128,7 @@ export async function networkPolicies(pkg: UDSPackage, namespace: string) { // Delete any orphaned policies for (const netPol of orphanedNetPol) { - Log.debug(netPol, `Deleting orphaned NetworkPolicy ${netPol.metadata!.name}`); + log.debug(netPol, `Deleting orphaned NetworkPolicy ${netPol.metadata!.name}`); await K8s(kind.NetworkPolicy).Delete(netPol); } diff --git a/src/pepr/operator/crd/register.ts b/src/pepr/operator/crd/register.ts index 92782bfe6..ff0c56c48 100644 --- a/src/pepr/operator/crd/register.ts +++ b/src/pepr/operator/crd/register.ts @@ -1,8 +1,12 @@ -import { K8s, Log, kind } from "pepr"; +import { K8s, kind } from "pepr"; +import { childLog } from "../../logger"; import { v1alpha1 as exemption } from "./sources/exemption/v1alpha1"; import { v1alpha1 as pkg } from "./sources/package/v1alpha1"; +// configure subproject logger +const log = childLog("operator.crd"); + export async function registerCRDs() { // Register the Package CRD if we're in watch or dev mode if (process.env.PEPR_WATCH_MODE === "true" || process.env.PEPR_MODE === "dev") { @@ -29,10 +33,10 @@ export async function registerCRDs() { { force: true }, ) .then(() => { - Log.info("Package CRD registered"); + log.info("Package CRD registered"); }) .catch(err => { - Log.error({ err }, "Failed to register Package CRD"); + log.error({ err }, "Failed to register Package CRD"); // Sad times, let's exit process.exit(1); @@ -64,10 +68,10 @@ export async function registerCRDs() { { force: true }, ) .then(() => { - Log.info("Exemption CRD registered"); + log.info("Exemption CRD registered"); }) .catch(err => { - Log.error({ err }, "Failed to register Exemption CRD"); + log.error({ err }, "Failed to register Exemption CRD"); // Sad times, let's exit process.exit(1); diff --git a/src/pepr/operator/reconcilers/index.ts b/src/pepr/operator/reconcilers/index.ts index 4d07a3d27..b2c0cf373 100644 --- a/src/pepr/operator/reconcilers/index.ts +++ b/src/pepr/operator/reconcilers/index.ts @@ -1,10 +1,14 @@ -import { K8s, Log, kind } from "pepr"; +import { K8s, kind } from "pepr"; +import { childLog } from "../../logger"; import { Phase, PkgStatus, UDSPackage } from "../crd"; import { Status } from "../crd/generated/package-v1alpha1"; export const uidSeen = new Set(); +// configure subproject logger +const log = childLog("operator.reconcilers"); + /** * Checks if the CRD is pending or the current generation has been processed * @@ -18,17 +22,17 @@ export function shouldSkip(cr: UDSPackage) { // First check if the CR has been seen before and return false if it has not // This ensures that all CRs are processed at least once by this version of pepr-core if (!uidSeen.has(cr.metadata!.uid!)) { - Log.debug(cr, `Should skip? No, first time processed during this pod's lifetime`); + log.trace(cr, `Should skip? No, first time processed during this pod's lifetime`); return false; } // This is the second time the CR has been seen, so check if it is pending or the current generation if (isPending || isCurrentGeneration) { - Log.debug(cr, `Should skip? Yes, pending or current generation and not first time seen`); + log.trace(cr, `Should skip? Yes, pending or current generation and not first time seen`); return true; } - Log.debug(cr, `Should skip? No, not pending or current generation and not first time seen`); + log.trace(cr, `Should skip? No, not pending or current generation and not first time seen`); return false; } @@ -40,7 +44,7 @@ export function shouldSkip(cr: UDSPackage) { * @param status The new status */ export async function updateStatus(cr: UDSPackage, status: PkgStatus) { - Log.debug(cr.metadata, `Updating status to ${status.phase}`); + log.debug(cr.metadata, `Updating status to ${status.phase}`); // Update the status of the CRD await K8s(UDSPackage).PatchStatus({ @@ -60,7 +64,7 @@ export async function updateStatus(cr: UDSPackage, status: PkgStatus) { * @param type The type of event to write */ export async function writeEvent(cr: UDSPackage, event: Partial) { - Log.debug(cr.metadata, `Writing event: ${event.message}`); + log.debug(cr.metadata, `Writing event: ${event.message}`); await K8s(kind.CoreEvent).Create({ type: "Warning", @@ -97,7 +101,7 @@ export async function handleFailure(err: { status: number; message: string }, cr // todo: identify exact 404 we are targetting, possibly in `updateStatus` if (err.status === 404) { - Log.warn({ err }, `Package metadata seems to have been deleted`); + log.warn({ err }, `Package metadata seems to have been deleted`); return; } @@ -105,13 +109,13 @@ export async function handleFailure(err: { status: number; message: string }, cr if (retryAttempt < 5) { const currRetry = retryAttempt + 1; - Log.error({ err }, `Reconciliation attempt ${currRetry} failed for ${identifier}, retrying...`); + log.error({ err }, `Reconciliation attempt ${currRetry} failed for ${identifier}, retrying...`); status = { retryAttempt: currRetry, }; } else { - Log.error({ err }, `Error configuring ${identifier}, maxed out retries`); + log.error({ err }, `Error configuring ${identifier}, maxed out retries`); status = { phase: Phase.Failed, @@ -125,7 +129,7 @@ export async function handleFailure(err: { status: number; message: string }, cr // Update the status of the package with the error updateStatus(cr, status).catch(finalErr => { // If the status update fails, write log the error and and try to write an event - Log.error({ err: finalErr }, `Error updating status for ${identifier} failed`); + log.error({ err: finalErr }, `Error updating status for ${identifier} failed`); void writeEvent(cr, { message: finalErr.message }); }); } diff --git a/src/pepr/operator/reconcilers/package-reconciler.ts b/src/pepr/operator/reconcilers/package-reconciler.ts index db636c2d5..bb49a2f81 100644 --- a/src/pepr/operator/reconcilers/package-reconciler.ts +++ b/src/pepr/operator/reconcilers/package-reconciler.ts @@ -1,7 +1,6 @@ -import { Log } from "pepr"; - import { handleFailure, shouldSkip, uidSeen, updateStatus } from "."; import { UDSConfig } from "../../config"; +import { childLog } from "../../logger"; import { enableInjection } from "../controllers/istio/injection"; import { istioResources } from "../controllers/istio/istio-resources"; import { keycloak } from "../controllers/keycloak/client-sync"; @@ -10,6 +9,9 @@ import { networkPolicies } from "../controllers/network/policies"; import { Phase, UDSPackage } from "../crd"; import { migrate } from "../crd/migrate"; +// configure subproject logger +const log = childLog("operator.reconcilers"); + /** * The reconciler is called from the queue and is responsible for reconciling the state of the package * with the cluster. This includes creating the namespace, network policies and virtual services. @@ -20,10 +22,14 @@ export async function packageReconciler(pkg: UDSPackage) { const metadata = pkg.metadata!; const { namespace, name } = metadata; - Log.info(pkg, `Processing Package ${namespace}/${name}`); + log.info( + `Processing Package ${namespace}/${name}, status.phase: ${pkg.status?.phase}, observedGeneration: ${pkg.status?.observedGeneration}, retryAttempt: ${pkg.status?.retryAttempt}`, + ); if (shouldSkip(pkg)) { - Log.info(pkg, `Skipping Package ${namespace}/${name}`); + log.info( + `Skipping Package ${namespace}/${name}, status.phase: ${pkg.status?.phase}, observedGeneration: ${pkg.status?.observedGeneration}, retryAttempt: ${pkg.status?.retryAttempt}`, + ); return; } @@ -49,7 +55,7 @@ export async function packageReconciler(pkg: UDSPackage) { // Create the ServiceMonitor for each monitored service monitors = await serviceMonitor(pkg, namespace!); } else { - Log.warn(`Running in single test mode, skipping ${name} ServiceMonitors.`); + log.warn(`Running in single test mode, skipping ${name} ServiceMonitors.`); } // Configure SSO diff --git a/src/pepr/policies/exemptions/index.ts b/src/pepr/policies/exemptions/index.ts index 8eb2ca73c..d44b961ca 100644 --- a/src/pepr/policies/exemptions/index.ts +++ b/src/pepr/policies/exemptions/index.ts @@ -1,8 +1,12 @@ import { KubernetesObject } from "kubernetes-fluent-client"; -import { Log, PeprMutateRequest, PeprValidateRequest } from "pepr"; +import { PeprMutateRequest, PeprValidateRequest } from "pepr"; +import { childLog } from "../../logger"; import { ExemptionStore } from "../../operator/controllers/exemptions/exemption-store"; import { Policy } from "../../operator/crd"; +// configure subproject logger +const log = childLog("policies.exemptions"); + /** * Check a resource against an exemption list for use by the validation action. * @@ -20,7 +24,7 @@ export function isExempt( if (exemptList.length != 0) { // Debug log to provide current exemptions for policy - Log.debug( + log.debug( `Checking ${resourceName} against ${policy} exemptions: ${JSON.stringify(exemptList)}`, ); for (const exempt of exemptList) { @@ -35,7 +39,7 @@ export function isExempt( } // If we get here, the request is exempt - Log.info(`${resourceName} is exempt from ${policy}`); + log.info(`${resourceName} is exempt from ${policy}`); return true; } } diff --git a/src/pepr/policies/index.ts b/src/pepr/policies/index.ts index 0b8d5a1b8..4048cbdbe 100644 --- a/src/pepr/policies/index.ts +++ b/src/pepr/policies/index.ts @@ -1,5 +1,6 @@ // Various validation actions for Kubernetes resources from Big Bang -import { K8s, Log } from "pepr"; +import { K8s } from "pepr"; +import { childLog } from "../logger"; import { ExemptionStore } from "../operator/controllers/exemptions/exemption-store"; import { processExemptions } from "../operator/controllers/exemptions/exemptions"; import { Matcher, Policy, UDSExemption } from "../operator/crd"; @@ -7,6 +8,9 @@ import "./networking"; import "./security"; import "./storage"; +// configure subproject logger +const log = childLog("policies"); + export { policies } from "./common"; export type StoredMatcher = Matcher & { owner: string }; @@ -18,13 +22,13 @@ export async function startExemptionWatch() { // only run in admission controller or dev mode if (process.env.PEPR_WATCH_MODE === "false" || process.env.PEPR_MODE === "dev") { const watcher = K8s(UDSExemption).Watch(async (exemption, phase) => { - Log.debug(`Processing exemption ${exemption.metadata?.name}, watch phase: ${phase}`); + log.debug(`Processing exemption ${exemption.metadata?.name}, watch phase: ${phase}`); processExemptions(exemption, phase); }); // This will run until the process is terminated or the watch is aborted - Log.debug("Starting exemption watch..."); + log.debug("Starting exemption watch..."); await watcher.start(); } } diff --git a/src/pepr/policies/storage.ts b/src/pepr/policies/storage.ts index 858b6daa5..a7559666d 100644 --- a/src/pepr/policies/storage.ts +++ b/src/pepr/policies/storage.ts @@ -1,7 +1,7 @@ import { a } from "pepr"; -import { When, containers, volumes } from "./common"; import { Policy } from "../operator/crd"; +import { When, containers, volumes } from "./common"; import { isExempt, markExemption } from "./exemptions"; /** diff --git a/src/pepr/prometheus/index.ts b/src/pepr/prometheus/index.ts index bc471cac4..9a9fe7aaf 100644 --- a/src/pepr/prometheus/index.ts +++ b/src/pepr/prometheus/index.ts @@ -1,6 +1,10 @@ -import { Capability, K8s, kind, Log } from "pepr"; +import { Capability, K8s, kind } from "pepr"; +import { childLog } from "../logger"; import { Prometheus } from "../operator/crd"; +// configure subproject logger +const log = childLog("prometheus"); + export const prometheus = new Capability({ name: "prometheus", description: "UDS Core Capability for the Prometheus stack.", @@ -25,7 +29,7 @@ When(Prometheus.ServiceMonitor) return; } - Log.info(`Patching service monitor ${sm.Raw.metadata?.name} for mTLS metrics`); + log.info(`Patching service monitor ${sm.Raw.metadata?.name} for mTLS metrics`); const tlsConfig = { caFile: "/etc/prom-certs/root-cert.pem", certFile: "/etc/prom-certs/cert-chain.pem", @@ -39,7 +43,7 @@ When(Prometheus.ServiceMonitor) }); sm.Raw.spec.endpoints = endpoints; } else { - Log.info(`No mutations needed for service monitor ${sm.Raw.metadata?.name}`); + log.info(`No mutations needed for service monitor ${sm.Raw.metadata?.name}`); } }); From a4a2c1f34bee96c7d70f784dfe8a38803e72f1d0 Mon Sep 17 00:00:00 2001 From: UnicornChance Date: Wed, 3 Jul 2024 08:49:58 -0600 Subject: [PATCH 2/9] fix: naming and tests --- src/pepr/logger.ts | 5 +++-- src/pepr/operator/reconcilers/index.spec.ts | 2 ++ .../reconcilers/package-reconciler.spec.ts | 22 ++++++++++++++++++- 3 files changed, 26 insertions(+), 3 deletions(-) diff --git a/src/pepr/logger.ts b/src/pepr/logger.ts index 28f1b7ee4..2f7ebce58 100644 --- a/src/pepr/logger.ts +++ b/src/pepr/logger.ts @@ -3,11 +3,12 @@ import { Log } from "pepr"; export function childLog(subproject: string) { const childLog = Log.child({ subproject: subproject }); - // We need to handle `npx pepr <>` commands that will not template the env vars + // Handle commands that do not template the env vars let logLevel = process.env.UDS_LOG_LEVEL; - if (!logLevel || logLevel === "###ZARF_VAR_LOG_LEVEL###") { + if (!logLevel || logLevel === "###ZARF_VAR_UDS_LOG_LEVEL###") { logLevel = "debug"; } + childLog.level = logLevel; return childLog; diff --git a/src/pepr/operator/reconcilers/index.spec.ts b/src/pepr/operator/reconcilers/index.spec.ts index ce408c04e..3ca4b19d4 100644 --- a/src/pepr/operator/reconcilers/index.spec.ts +++ b/src/pepr/operator/reconcilers/index.spec.ts @@ -12,6 +12,8 @@ jest.mock("pepr", () => ({ debug: jest.fn(), warn: jest.fn(), error: jest.fn(), + trace: jest.fn(), + child: jest.fn().mockReturnThis(), }, kind: { CoreEvent: "CoreEvent", diff --git a/src/pepr/operator/reconcilers/package-reconciler.spec.ts b/src/pepr/operator/reconcilers/package-reconciler.spec.ts index cc01a098e..1a0c8d6da 100644 --- a/src/pepr/operator/reconcilers/package-reconciler.spec.ts +++ b/src/pepr/operator/reconcilers/package-reconciler.spec.ts @@ -5,12 +5,32 @@ import { Phase, UDSPackage } from "../crd"; import { packageReconciler } from "./package-reconciler"; jest.mock("kubernetes-fluent-client"); -jest.mock("pepr"); jest.mock("../../config"); jest.mock("../controllers/istio/injection"); jest.mock("../controllers/istio/virtual-service"); jest.mock("../controllers/network/policies"); +jest.mock("pepr", () => ({ + K8s: jest.fn(), + Log: { + info: jest.fn(), + debug: jest.fn(), + warn: jest.fn(), + error: jest.fn(), + trace: jest.fn(), + child: jest.fn().mockReturnThis(), + }, + kind: { + CoreEvent: "CoreEvent", + }, + Capability: jest.fn().mockImplementation((options: any) => { + return { + name: "uds-core-operator", + description: "The UDS Operator is responsible for managing the lifecycle of UDS resources", + }; + }), +})); + describe("reconciler", () => { let mockPackage: UDSPackage; From 44fa79f2d45719052ffddbf5c53788b827a189a8 Mon Sep 17 00:00:00 2001 From: UnicornChance Date: Wed, 3 Jul 2024 08:53:17 -0600 Subject: [PATCH 3/9] fix: lint --- src/pepr/operator/reconcilers/package-reconciler.spec.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pepr/operator/reconcilers/package-reconciler.spec.ts b/src/pepr/operator/reconcilers/package-reconciler.spec.ts index 1a0c8d6da..69c336f25 100644 --- a/src/pepr/operator/reconcilers/package-reconciler.spec.ts +++ b/src/pepr/operator/reconcilers/package-reconciler.spec.ts @@ -23,7 +23,7 @@ jest.mock("pepr", () => ({ kind: { CoreEvent: "CoreEvent", }, - Capability: jest.fn().mockImplementation((options: any) => { + Capability: jest.fn().mockImplementation(() => { return { name: "uds-core-operator", description: "The UDS Operator is responsible for managing the lifecycle of UDS resources", From 7a78f8c1962a8feed9a763d909ea2c7e19bbf87b Mon Sep 17 00:00:00 2001 From: UnicornChance Date: Wed, 3 Jul 2024 12:19:21 -0600 Subject: [PATCH 4/9] chore: update naming --- src/pepr/config.ts | 4 ++-- src/pepr/istio/index.ts | 4 ++-- src/pepr/logger.ts | 8 ++++---- .../operator/controllers/exemptions/exemption-store.ts | 4 ++-- src/pepr/operator/controllers/istio/injection.ts | 4 ++-- src/pepr/operator/controllers/istio/istio-resources.ts | 4 ++-- src/pepr/operator/controllers/keycloak/client-sync.ts | 4 ++-- .../operator/controllers/monitoring/service-monitor.ts | 4 ++-- .../operator/controllers/network/generators/kubeAPI.ts | 4 ++-- src/pepr/operator/controllers/network/policies.ts | 4 ++-- src/pepr/operator/crd/register.ts | 4 ++-- src/pepr/operator/reconcilers/index.ts | 4 ++-- src/pepr/operator/reconcilers/package-reconciler.ts | 4 ++-- src/pepr/policies/exemptions/index.ts | 4 ++-- src/pepr/policies/index.ts | 4 ++-- src/pepr/prometheus/index.ts | 4 ++-- 16 files changed, 34 insertions(+), 34 deletions(-) diff --git a/src/pepr/config.ts b/src/pepr/config.ts index a5848a467..2afd9bd57 100644 --- a/src/pepr/config.ts +++ b/src/pepr/config.ts @@ -1,4 +1,4 @@ -import { childLog } from "./logger"; +import { setupLogger } from "./logger"; let domain = process.env.UDS_DOMAIN; @@ -17,7 +17,7 @@ export const UDSConfig = { }; // configure subproject logger -const log = childLog("UDS Config"); +const log = setupLogger("config"); log.info(UDSConfig, "Loaded UDS Config"); if (UDSConfig.isSingleTest) { diff --git a/src/pepr/istio/index.ts b/src/pepr/istio/index.ts index a122e6988..d46bc821c 100644 --- a/src/pepr/istio/index.ts +++ b/src/pepr/istio/index.ts @@ -1,9 +1,9 @@ import { Exec, KubeConfig } from "@kubernetes/client-node"; import { Capability, a } from "pepr"; -import { childLog } from "../logger"; +import { setupLogger } from "../logger"; // configure subproject logger -const log = childLog("istio"); +const log = setupLogger("istio"); export const istio = new Capability({ name: "istio", diff --git a/src/pepr/logger.ts b/src/pepr/logger.ts index 2f7ebce58..dc8287a4d 100644 --- a/src/pepr/logger.ts +++ b/src/pepr/logger.ts @@ -1,7 +1,7 @@ import { Log } from "pepr"; -export function childLog(subproject: string) { - const childLog = Log.child({ subproject: subproject }); +export function setupLogger(component: string) { + const setupLogger = Log.child({ component: component }); // Handle commands that do not template the env vars let logLevel = process.env.UDS_LOG_LEVEL; @@ -9,7 +9,7 @@ export function childLog(subproject: string) { logLevel = "debug"; } - childLog.level = logLevel; + setupLogger.level = logLevel; - return childLog; + return setupLogger; } diff --git a/src/pepr/operator/controllers/exemptions/exemption-store.ts b/src/pepr/operator/controllers/exemptions/exemption-store.ts index 82eedfa34..ebad8f7ef 100644 --- a/src/pepr/operator/controllers/exemptions/exemption-store.ts +++ b/src/pepr/operator/controllers/exemptions/exemption-store.ts @@ -1,9 +1,9 @@ -import { childLog } from "../../../logger"; +import { setupLogger } from "../../../logger"; import { StoredMatcher } from "../../../policies"; import { Matcher, Policy, UDSExemption } from "../../crd"; // configure subproject logger -const log = childLog("operator.controllers.exemptions"); +const log = setupLogger("operator.exemptions"); export type PolicyOwnerMap = Map; export type PolicyMap = Map; diff --git a/src/pepr/operator/controllers/istio/injection.ts b/src/pepr/operator/controllers/istio/injection.ts index 52c2fd7db..e3e60c794 100644 --- a/src/pepr/operator/controllers/istio/injection.ts +++ b/src/pepr/operator/controllers/istio/injection.ts @@ -1,10 +1,10 @@ import { K8s, kind } from "pepr"; -import { childLog } from "../../../logger"; +import { setupLogger } from "../../../logger"; import { UDSPackage } from "../../crd"; // configure subproject logger -const log = childLog("operator.controllers.istio"); +const log = setupLogger("operator.istio"); const injectionLabel = "istio-injection"; const injectionAnnotation = "uds.dev/original-istio-injection"; diff --git a/src/pepr/operator/controllers/istio/istio-resources.ts b/src/pepr/operator/controllers/istio/istio-resources.ts index d84d2501a..d253279a9 100644 --- a/src/pepr/operator/controllers/istio/istio-resources.ts +++ b/src/pepr/operator/controllers/istio/istio-resources.ts @@ -1,13 +1,13 @@ import { K8s } from "pepr"; -import { childLog } from "../../../logger"; +import { setupLogger } from "../../../logger"; import { IstioServiceEntry, IstioVirtualService, UDSPackage } from "../../crd"; import { getOwnerRef } from "../utils"; import { generateServiceEntry } from "./service-entry"; import { generateVirtualService } from "./virtual-service"; // configure subproject logger -const log = childLog("operator.controllers.istio"); +const log = setupLogger("operator.istio"); /** * Creates a VirtualService and ServiceEntry for each exposed service in the package diff --git a/src/pepr/operator/controllers/keycloak/client-sync.ts b/src/pepr/operator/controllers/keycloak/client-sync.ts index 17ab37d91..b4ff038a3 100644 --- a/src/pepr/operator/controllers/keycloak/client-sync.ts +++ b/src/pepr/operator/controllers/keycloak/client-sync.ts @@ -1,7 +1,7 @@ import { fetch, K8s, kind } from "pepr"; import { UDSConfig } from "../../../config"; -import { childLog } from "../../../logger"; +import { setupLogger } from "../../../logger"; import { Store } from "../../common"; import { Sso, UDSPackage } from "../../crd"; import { getOwnerRef } from "../utils"; @@ -29,7 +29,7 @@ const x509CertRegex = new RegExp( ); // configure subproject logger -const log = childLog("operator.controller.keycloak"); +const log = setupLogger("operator.keycloak"); /** * Create or update the Keycloak clients for the package diff --git a/src/pepr/operator/controllers/monitoring/service-monitor.ts b/src/pepr/operator/controllers/monitoring/service-monitor.ts index f2f35693d..335ef5219 100644 --- a/src/pepr/operator/controllers/monitoring/service-monitor.ts +++ b/src/pepr/operator/controllers/monitoring/service-monitor.ts @@ -1,12 +1,12 @@ import { K8s } from "pepr"; import { V1OwnerReference } from "@kubernetes/client-node"; -import { childLog } from "../../../logger"; +import { setupLogger } from "../../../logger"; import { Monitor, Prometheus, UDSPackage } from "../../crd"; import { getOwnerRef, sanitizeResourceName } from "../utils"; // configure subproject logger -const log = childLog("operator.controllers.monitoring"); +const log = setupLogger("operator.monitoring"); /** * Generate a service monitor for a service diff --git a/src/pepr/operator/controllers/network/generators/kubeAPI.ts b/src/pepr/operator/controllers/network/generators/kubeAPI.ts index 6cdae2880..2170e6b0d 100644 --- a/src/pepr/operator/controllers/network/generators/kubeAPI.ts +++ b/src/pepr/operator/controllers/network/generators/kubeAPI.ts @@ -1,12 +1,12 @@ import { V1NetworkPolicyPeer } from "@kubernetes/client-node"; import { K8s, kind, R } from "pepr"; -import { childLog } from "../../../../logger"; +import { setupLogger } from "../../../../logger"; import { RemoteGenerated } from "../../../crd"; import { anywhere } from "./anywhere"; // configure subproject logger -const log = childLog("operator.controllers.network.generators"); +const log = setupLogger("operator.generators"); // This is an in-memory cache of the API server CIDR let apiServerPeers: V1NetworkPolicyPeer[]; diff --git a/src/pepr/operator/controllers/network/policies.ts b/src/pepr/operator/controllers/network/policies.ts index a59de795e..97a1a8743 100644 --- a/src/pepr/operator/controllers/network/policies.ts +++ b/src/pepr/operator/controllers/network/policies.ts @@ -1,6 +1,6 @@ import { K8s, kind } from "pepr"; -import { childLog } from "../../../logger"; +import { setupLogger } from "../../../logger"; import { Allow, Direction, Gateway, UDSPackage } from "../../crd"; import { getOwnerRef, sanitizeResourceName } from "../utils"; import { allowEgressDNS } from "./defaults/allow-egress-dns"; @@ -10,7 +10,7 @@ import { defaultDenyAll } from "./defaults/default-deny-all"; import { generate } from "./generate"; // configure subproject logger -const log = childLog("operator.controllers.network"); +const log = setupLogger("operator.network"); export async function networkPolicies(pkg: UDSPackage, namespace: string) { const customPolicies = pkg.spec?.network?.allow ?? []; diff --git a/src/pepr/operator/crd/register.ts b/src/pepr/operator/crd/register.ts index ff0c56c48..6fd412ec8 100644 --- a/src/pepr/operator/crd/register.ts +++ b/src/pepr/operator/crd/register.ts @@ -1,11 +1,11 @@ import { K8s, kind } from "pepr"; -import { childLog } from "../../logger"; +import { setupLogger } from "../../logger"; import { v1alpha1 as exemption } from "./sources/exemption/v1alpha1"; import { v1alpha1 as pkg } from "./sources/package/v1alpha1"; // configure subproject logger -const log = childLog("operator.crd"); +const log = setupLogger("operator.crd"); export async function registerCRDs() { // Register the Package CRD if we're in watch or dev mode diff --git a/src/pepr/operator/reconcilers/index.ts b/src/pepr/operator/reconcilers/index.ts index b2c0cf373..e826e1e0c 100644 --- a/src/pepr/operator/reconcilers/index.ts +++ b/src/pepr/operator/reconcilers/index.ts @@ -1,13 +1,13 @@ import { K8s, kind } from "pepr"; -import { childLog } from "../../logger"; +import { setupLogger } from "../../logger"; import { Phase, PkgStatus, UDSPackage } from "../crd"; import { Status } from "../crd/generated/package-v1alpha1"; export const uidSeen = new Set(); // configure subproject logger -const log = childLog("operator.reconcilers"); +const log = setupLogger("operator.reconcilers"); /** * Checks if the CRD is pending or the current generation has been processed diff --git a/src/pepr/operator/reconcilers/package-reconciler.ts b/src/pepr/operator/reconcilers/package-reconciler.ts index bb49a2f81..74acc06c1 100644 --- a/src/pepr/operator/reconcilers/package-reconciler.ts +++ b/src/pepr/operator/reconcilers/package-reconciler.ts @@ -1,6 +1,6 @@ import { handleFailure, shouldSkip, uidSeen, updateStatus } from "."; import { UDSConfig } from "../../config"; -import { childLog } from "../../logger"; +import { setupLogger } from "../../logger"; import { enableInjection } from "../controllers/istio/injection"; import { istioResources } from "../controllers/istio/istio-resources"; import { keycloak } from "../controllers/keycloak/client-sync"; @@ -10,7 +10,7 @@ import { Phase, UDSPackage } from "../crd"; import { migrate } from "../crd/migrate"; // configure subproject logger -const log = childLog("operator.reconcilers"); +const log = setupLogger("operator.reconcilers"); /** * The reconciler is called from the queue and is responsible for reconciling the state of the package diff --git a/src/pepr/policies/exemptions/index.ts b/src/pepr/policies/exemptions/index.ts index d44b961ca..c2456241d 100644 --- a/src/pepr/policies/exemptions/index.ts +++ b/src/pepr/policies/exemptions/index.ts @@ -1,11 +1,11 @@ import { KubernetesObject } from "kubernetes-fluent-client"; import { PeprMutateRequest, PeprValidateRequest } from "pepr"; -import { childLog } from "../../logger"; +import { setupLogger } from "../../logger"; import { ExemptionStore } from "../../operator/controllers/exemptions/exemption-store"; import { Policy } from "../../operator/crd"; // configure subproject logger -const log = childLog("policies.exemptions"); +const log = setupLogger("policies.exemptions"); /** * Check a resource against an exemption list for use by the validation action. diff --git a/src/pepr/policies/index.ts b/src/pepr/policies/index.ts index 4048cbdbe..210592281 100644 --- a/src/pepr/policies/index.ts +++ b/src/pepr/policies/index.ts @@ -1,6 +1,6 @@ // Various validation actions for Kubernetes resources from Big Bang import { K8s } from "pepr"; -import { childLog } from "../logger"; +import { setupLogger } from "../logger"; import { ExemptionStore } from "../operator/controllers/exemptions/exemption-store"; import { processExemptions } from "../operator/controllers/exemptions/exemptions"; import { Matcher, Policy, UDSExemption } from "../operator/crd"; @@ -9,7 +9,7 @@ import "./security"; import "./storage"; // configure subproject logger -const log = childLog("policies"); +const log = setupLogger("policies"); export { policies } from "./common"; diff --git a/src/pepr/prometheus/index.ts b/src/pepr/prometheus/index.ts index 9a9fe7aaf..90635ac0f 100644 --- a/src/pepr/prometheus/index.ts +++ b/src/pepr/prometheus/index.ts @@ -1,9 +1,9 @@ import { Capability, K8s, kind } from "pepr"; -import { childLog } from "../logger"; +import { setupLogger } from "../logger"; import { Prometheus } from "../operator/crd"; // configure subproject logger -const log = childLog("prometheus"); +const log = setupLogger("prometheus"); export const prometheus = new Capability({ name: "prometheus", From baf8153f13072cc0da2c2cfe672d6896d98f45d2 Mon Sep 17 00:00:00 2001 From: UnicornChance Date: Wed, 3 Jul 2024 14:22:06 -0600 Subject: [PATCH 5/9] fix: cleanup rebase issues --- src/pepr/operator/controllers/keycloak/client-sync.ts | 8 ++++---- src/pepr/operator/reconcilers/index.ts | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/pepr/operator/controllers/keycloak/client-sync.ts b/src/pepr/operator/controllers/keycloak/client-sync.ts index 0284dab3f..8a1998468 100644 --- a/src/pepr/operator/controllers/keycloak/client-sync.ts +++ b/src/pepr/operator/controllers/keycloak/client-sync.ts @@ -87,7 +87,7 @@ async function syncClient( isRetry = false, ) { log.debug(pkg.metadata, `Processing client request: ${clientReq.clientId}`); - + // Not including the CR data in the ref because Keycloak client IDs must be unique already const name = `sso-client-${clientReq.clientId}`; let client: Client; @@ -112,12 +112,12 @@ async function syncClient( // Throw the error if this is the retry or was an initial client creation attempt if (isRetry || !token) { - Log.error(`${msg}, retry failed.`); + log.error(`${msg}, retry failed.`); // Throw the original error captured from the first attempt throw new Error(msg); } else { // Retry the request without the token in case we have a bad token stored - Log.error(msg); + log.error(msg); try { return await syncClient(clientReq, pkg, true); @@ -126,7 +126,7 @@ async function syncClient( const retryMsg = `Retry of Keycloak request failed for client '${clientReq.clientId}', package ` + `${pkg.metadata?.namespace}/${pkg.metadata?.name}. Error: ${retryErr.message}`; - Log.error(retryMsg); + log.error(retryMsg); // Throw the error from the original attempt since our retry without token failed throw new Error(msg); } diff --git a/src/pepr/operator/reconcilers/index.ts b/src/pepr/operator/reconcilers/index.ts index e3026e2e5..c85672299 100644 --- a/src/pepr/operator/reconcilers/index.ts +++ b/src/pepr/operator/reconcilers/index.ts @@ -29,7 +29,7 @@ export function shouldSkip(cr: UDSPackage) { // If the CR is retrying, it should not be skipped if (isRetrying) { - Log.debug(cr, `Should skip? No, retrying`); + log.debug(cr, `Should skip? No, retrying`); return false; } From e8046e905fcf3059b88a56c3e22f8adb350e09d3 Mon Sep 17 00:00:00 2001 From: UnicornChance Date: Mon, 8 Jul 2024 12:17:17 -0600 Subject: [PATCH 6/9] fix: cut down metadata info in log --- src/pepr/operator/reconcilers/index.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/pepr/operator/reconcilers/index.ts b/src/pepr/operator/reconcilers/index.ts index c85672299..ef8315c81 100644 --- a/src/pepr/operator/reconcilers/index.ts +++ b/src/pepr/operator/reconcilers/index.ts @@ -51,7 +51,7 @@ export function shouldSkip(cr: UDSPackage) { * @param status The new status */ export async function updateStatus(cr: UDSPackage, status: PkgStatus) { - log.debug(cr.metadata, `Updating status to ${status.phase}`); + log.debug(`Updating ${cr.metadata?.name}/${cr.metadata?.namespace} status to ${status.phase}`); // Update the status of the CRD await K8s(UDSPackage).PatchStatus({ @@ -74,7 +74,7 @@ export async function updateStatus(cr: UDSPackage, status: PkgStatus) { * @param type The type of event to write */ export async function writeEvent(cr: UDSPackage, event: Partial) { - log.debug(cr.metadata, `Writing event: ${event.message}`); + log.debug(`Writing ${cr.metadata?.name}/${cr.metadata?.namespace} event: ${event.message}`); await K8s(kind.CoreEvent).Create({ type: "Warning", From 07843a6e07ae457616e1cd3f3c286c17b91120ec Mon Sep 17 00:00:00 2001 From: UnicornChance Date: Mon, 8 Jul 2024 15:14:13 -0600 Subject: [PATCH 7/9] fix: switch to using enums for component names --- src/pepr/config.ts | 4 ++-- src/pepr/istio/index.ts | 4 ++-- src/pepr/logger.ts | 20 +++++++++++++++++-- .../controllers/exemptions/exemption-store.ts | 4 ++-- .../operator/controllers/istio/injection.ts | 4 ++-- .../controllers/istio/istio-resources.ts | 4 ++-- .../controllers/keycloak/client-sync.ts | 4 ++-- .../controllers/monitoring/service-monitor.ts | 4 ++-- .../controllers/network/generators/kubeAPI.ts | 4 ++-- .../operator/controllers/network/policies.ts | 4 ++-- src/pepr/operator/crd/register.ts | 4 ++-- src/pepr/operator/reconcilers/index.ts | 4 ++-- .../reconcilers/package-reconciler.ts | 4 ++-- src/pepr/policies/exemptions/index.ts | 4 ++-- src/pepr/policies/index.ts | 4 ++-- src/pepr/prometheus/index.ts | 4 ++-- 16 files changed, 48 insertions(+), 32 deletions(-) diff --git a/src/pepr/config.ts b/src/pepr/config.ts index 2afd9bd57..4946ae793 100644 --- a/src/pepr/config.ts +++ b/src/pepr/config.ts @@ -1,4 +1,4 @@ -import { setupLogger } from "./logger"; +import { Component, setupLogger } from "./logger"; let domain = process.env.UDS_DOMAIN; @@ -17,7 +17,7 @@ export const UDSConfig = { }; // configure subproject logger -const log = setupLogger("config"); +const log = setupLogger(Component.CONFIG); log.info(UDSConfig, "Loaded UDS Config"); if (UDSConfig.isSingleTest) { diff --git a/src/pepr/istio/index.ts b/src/pepr/istio/index.ts index d46bc821c..3d4312bc0 100644 --- a/src/pepr/istio/index.ts +++ b/src/pepr/istio/index.ts @@ -1,9 +1,9 @@ import { Exec, KubeConfig } from "@kubernetes/client-node"; import { Capability, a } from "pepr"; -import { setupLogger } from "../logger"; +import { Component, setupLogger } from "../logger"; // configure subproject logger -const log = setupLogger("istio"); +const log = setupLogger(Component.ISTIO); export const istio = new Capability({ name: "istio", diff --git a/src/pepr/logger.ts b/src/pepr/logger.ts index dc8287a4d..c300f3e90 100644 --- a/src/pepr/logger.ts +++ b/src/pepr/logger.ts @@ -1,7 +1,23 @@ import { Log } from "pepr"; -export function setupLogger(component: string) { - const setupLogger = Log.child({ component: component }); +export enum Component { + CONFIG = "config", + ISTIO = "istio", + OPERATOR_EXEMPTIONS = "operator.exemptions", + OPERATOR_ISTIO = "operator.istio", + OPERATOR_KEYCLOAK = "operator.keycloak", + OPERATOR_MONITORING = "operator.monitoring", + OPERATOR_NETWORK = "operator.network", + OPERATOR_GENERATORS = "operator.generators", + OPERATOR_CRD = "operator.crd", + OPERATOR_RECONCILERS = "operator.reconcilers", + POLICIES = "policies", + POLICIES_EXEMPTIONS = "policies.exemptions", + PROMETHEUS = "prometheus", +} + +export function setupLogger(component: Component) { + const setupLogger = Log.child({ component }); // Handle commands that do not template the env vars let logLevel = process.env.UDS_LOG_LEVEL; diff --git a/src/pepr/operator/controllers/exemptions/exemption-store.ts b/src/pepr/operator/controllers/exemptions/exemption-store.ts index ebad8f7ef..00b6d5e5d 100644 --- a/src/pepr/operator/controllers/exemptions/exemption-store.ts +++ b/src/pepr/operator/controllers/exemptions/exemption-store.ts @@ -1,9 +1,9 @@ -import { setupLogger } from "../../../logger"; +import { Component, setupLogger } from "../../../logger"; import { StoredMatcher } from "../../../policies"; import { Matcher, Policy, UDSExemption } from "../../crd"; // configure subproject logger -const log = setupLogger("operator.exemptions"); +const log = setupLogger(Component.OPERATOR_EXEMPTIONS); export type PolicyOwnerMap = Map; export type PolicyMap = Map; diff --git a/src/pepr/operator/controllers/istio/injection.ts b/src/pepr/operator/controllers/istio/injection.ts index e3e60c794..fa13077f1 100644 --- a/src/pepr/operator/controllers/istio/injection.ts +++ b/src/pepr/operator/controllers/istio/injection.ts @@ -1,10 +1,10 @@ import { K8s, kind } from "pepr"; -import { setupLogger } from "../../../logger"; +import { Component, setupLogger } from "../../../logger"; import { UDSPackage } from "../../crd"; // configure subproject logger -const log = setupLogger("operator.istio"); +const log = setupLogger(Component.OPERATOR_ISTIO); const injectionLabel = "istio-injection"; const injectionAnnotation = "uds.dev/original-istio-injection"; diff --git a/src/pepr/operator/controllers/istio/istio-resources.ts b/src/pepr/operator/controllers/istio/istio-resources.ts index d253279a9..63e2ca95b 100644 --- a/src/pepr/operator/controllers/istio/istio-resources.ts +++ b/src/pepr/operator/controllers/istio/istio-resources.ts @@ -1,13 +1,13 @@ import { K8s } from "pepr"; -import { setupLogger } from "../../../logger"; +import { Component, setupLogger } from "../../../logger"; import { IstioServiceEntry, IstioVirtualService, UDSPackage } from "../../crd"; import { getOwnerRef } from "../utils"; import { generateServiceEntry } from "./service-entry"; import { generateVirtualService } from "./virtual-service"; // configure subproject logger -const log = setupLogger("operator.istio"); +const log = setupLogger(Component.OPERATOR_ISTIO); /** * Creates a VirtualService and ServiceEntry for each exposed service in the package diff --git a/src/pepr/operator/controllers/keycloak/client-sync.ts b/src/pepr/operator/controllers/keycloak/client-sync.ts index 8a1998468..bc2d2bd66 100644 --- a/src/pepr/operator/controllers/keycloak/client-sync.ts +++ b/src/pepr/operator/controllers/keycloak/client-sync.ts @@ -1,7 +1,7 @@ import { fetch, K8s, kind } from "pepr"; import { UDSConfig } from "../../../config"; -import { setupLogger } from "../../../logger"; +import { Component, setupLogger } from "../../../logger"; import { Store } from "../../common"; import { Sso, UDSPackage } from "../../crd"; import { getOwnerRef } from "../utils"; @@ -34,7 +34,7 @@ const x509CertRegex = new RegExp( ); // configure subproject logger -const log = setupLogger("operator.keycloak"); +const log = setupLogger(Component.OPERATOR_KEYCLOAK); /** * Create or update the Keycloak clients for the package diff --git a/src/pepr/operator/controllers/monitoring/service-monitor.ts b/src/pepr/operator/controllers/monitoring/service-monitor.ts index 335ef5219..be1ddf9ac 100644 --- a/src/pepr/operator/controllers/monitoring/service-monitor.ts +++ b/src/pepr/operator/controllers/monitoring/service-monitor.ts @@ -1,12 +1,12 @@ import { K8s } from "pepr"; import { V1OwnerReference } from "@kubernetes/client-node"; -import { setupLogger } from "../../../logger"; +import { Component, setupLogger } from "../../../logger"; import { Monitor, Prometheus, UDSPackage } from "../../crd"; import { getOwnerRef, sanitizeResourceName } from "../utils"; // configure subproject logger -const log = setupLogger("operator.monitoring"); +const log = setupLogger(Component.OPERATOR_MONITORING); /** * Generate a service monitor for a service diff --git a/src/pepr/operator/controllers/network/generators/kubeAPI.ts b/src/pepr/operator/controllers/network/generators/kubeAPI.ts index 2170e6b0d..550d90f92 100644 --- a/src/pepr/operator/controllers/network/generators/kubeAPI.ts +++ b/src/pepr/operator/controllers/network/generators/kubeAPI.ts @@ -1,12 +1,12 @@ import { V1NetworkPolicyPeer } from "@kubernetes/client-node"; import { K8s, kind, R } from "pepr"; -import { setupLogger } from "../../../../logger"; +import { Component, setupLogger } from "../../../../logger"; import { RemoteGenerated } from "../../../crd"; import { anywhere } from "./anywhere"; // configure subproject logger -const log = setupLogger("operator.generators"); +const log = setupLogger(Component.OPERATOR_GENERATORS); // This is an in-memory cache of the API server CIDR let apiServerPeers: V1NetworkPolicyPeer[]; diff --git a/src/pepr/operator/controllers/network/policies.ts b/src/pepr/operator/controllers/network/policies.ts index 97a1a8743..f12c775b6 100644 --- a/src/pepr/operator/controllers/network/policies.ts +++ b/src/pepr/operator/controllers/network/policies.ts @@ -1,6 +1,6 @@ import { K8s, kind } from "pepr"; -import { setupLogger } from "../../../logger"; +import { Component, setupLogger } from "../../../logger"; import { Allow, Direction, Gateway, UDSPackage } from "../../crd"; import { getOwnerRef, sanitizeResourceName } from "../utils"; import { allowEgressDNS } from "./defaults/allow-egress-dns"; @@ -10,7 +10,7 @@ import { defaultDenyAll } from "./defaults/default-deny-all"; import { generate } from "./generate"; // configure subproject logger -const log = setupLogger("operator.network"); +const log = setupLogger(Component.OPERATOR_NETWORK); export async function networkPolicies(pkg: UDSPackage, namespace: string) { const customPolicies = pkg.spec?.network?.allow ?? []; diff --git a/src/pepr/operator/crd/register.ts b/src/pepr/operator/crd/register.ts index 6fd412ec8..9c2812930 100644 --- a/src/pepr/operator/crd/register.ts +++ b/src/pepr/operator/crd/register.ts @@ -1,11 +1,11 @@ import { K8s, kind } from "pepr"; -import { setupLogger } from "../../logger"; +import { Component, setupLogger } from "../../logger"; import { v1alpha1 as exemption } from "./sources/exemption/v1alpha1"; import { v1alpha1 as pkg } from "./sources/package/v1alpha1"; // configure subproject logger -const log = setupLogger("operator.crd"); +const log = setupLogger(Component.OPERATOR_CRD); export async function registerCRDs() { // Register the Package CRD if we're in watch or dev mode diff --git a/src/pepr/operator/reconcilers/index.ts b/src/pepr/operator/reconcilers/index.ts index ef8315c81..c9a173fb2 100644 --- a/src/pepr/operator/reconcilers/index.ts +++ b/src/pepr/operator/reconcilers/index.ts @@ -1,13 +1,13 @@ import { K8s, kind } from "pepr"; -import { setupLogger } from "../../logger"; +import { Component, setupLogger } from "../../logger"; import { Phase, PkgStatus, UDSPackage } from "../crd"; import { Status } from "../crd/generated/package-v1alpha1"; export const uidSeen = new Set(); // configure subproject logger -const log = setupLogger("operator.reconcilers"); +const log = setupLogger(Component.OPERATOR_RECONCILERS); /** * Checks if the CRD is pending or the current generation has been processed diff --git a/src/pepr/operator/reconcilers/package-reconciler.ts b/src/pepr/operator/reconcilers/package-reconciler.ts index 4e880ef53..e4062b294 100644 --- a/src/pepr/operator/reconcilers/package-reconciler.ts +++ b/src/pepr/operator/reconcilers/package-reconciler.ts @@ -1,6 +1,6 @@ import { handleFailure, shouldSkip, updateStatus } from "."; import { UDSConfig } from "../../config"; -import { setupLogger } from "../../logger"; +import { Component, setupLogger } from "../../logger"; import { enableInjection } from "../controllers/istio/injection"; import { istioResources } from "../controllers/istio/istio-resources"; import { keycloak } from "../controllers/keycloak/client-sync"; @@ -10,7 +10,7 @@ import { Phase, UDSPackage } from "../crd"; import { migrate } from "../crd/migrate"; // configure subproject logger -const log = setupLogger("operator.reconcilers"); +const log = setupLogger(Component.OPERATOR_RECONCILERS); /** * The reconciler is called from the queue and is responsible for reconciling the state of the package diff --git a/src/pepr/policies/exemptions/index.ts b/src/pepr/policies/exemptions/index.ts index c2456241d..db2e11c68 100644 --- a/src/pepr/policies/exemptions/index.ts +++ b/src/pepr/policies/exemptions/index.ts @@ -1,11 +1,11 @@ import { KubernetesObject } from "kubernetes-fluent-client"; import { PeprMutateRequest, PeprValidateRequest } from "pepr"; -import { setupLogger } from "../../logger"; +import { Component, setupLogger } from "../../logger"; import { ExemptionStore } from "../../operator/controllers/exemptions/exemption-store"; import { Policy } from "../../operator/crd"; // configure subproject logger -const log = setupLogger("policies.exemptions"); +const log = setupLogger(Component.POLICIES_EXEMPTIONS); /** * Check a resource against an exemption list for use by the validation action. diff --git a/src/pepr/policies/index.ts b/src/pepr/policies/index.ts index 210592281..f63d6f75c 100644 --- a/src/pepr/policies/index.ts +++ b/src/pepr/policies/index.ts @@ -1,6 +1,6 @@ // Various validation actions for Kubernetes resources from Big Bang import { K8s } from "pepr"; -import { setupLogger } from "../logger"; +import { Component, setupLogger } from "../logger"; import { ExemptionStore } from "../operator/controllers/exemptions/exemption-store"; import { processExemptions } from "../operator/controllers/exemptions/exemptions"; import { Matcher, Policy, UDSExemption } from "../operator/crd"; @@ -9,7 +9,7 @@ import "./security"; import "./storage"; // configure subproject logger -const log = setupLogger("policies"); +const log = setupLogger(Component.POLICIES); export { policies } from "./common"; diff --git a/src/pepr/prometheus/index.ts b/src/pepr/prometheus/index.ts index 90635ac0f..cc8e022d4 100644 --- a/src/pepr/prometheus/index.ts +++ b/src/pepr/prometheus/index.ts @@ -1,9 +1,9 @@ import { Capability, K8s, kind } from "pepr"; -import { setupLogger } from "../logger"; +import { Component, setupLogger } from "../logger"; import { Prometheus } from "../operator/crd"; // configure subproject logger -const log = setupLogger("prometheus"); +const log = setupLogger(Component.PROMETHEUS); export const prometheus = new Capability({ name: "prometheus", From e64b47006bf48ae08a2d1a603376c8c11e10a1c9 Mon Sep 17 00:00:00 2001 From: UnicornChance Date: Mon, 8 Jul 2024 15:54:30 -0600 Subject: [PATCH 8/9] fix: drop pod info log --- src/pepr/istio/index.ts | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/pepr/istio/index.ts b/src/pepr/istio/index.ts index 3d4312bc0..77b3350e0 100644 --- a/src/pepr/istio/index.ts +++ b/src/pepr/istio/index.ts @@ -24,10 +24,6 @@ When(a.Pod) .WithLabel("batch.kubernetes.io/job-name") .WithLabel("service.istio.io/canonical-name") .Watch(async pod => { - log.info( - pod, - `Processing Pod ${pod.metadata?.namespace}/${pod.metadata?.name} for istio job termination`, - ); if (!pod.metadata?.name || !pod.metadata.namespace) { log.error(pod, `Invalid Pod definition`); From cb7074c618a6443bd89f6c54dbbf2fccb472bcef Mon Sep 17 00:00:00 2001 From: UnicornChance Date: Mon, 8 Jul 2024 15:56:47 -0600 Subject: [PATCH 9/9] fix: lint --- src/pepr/istio/index.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/pepr/istio/index.ts b/src/pepr/istio/index.ts index 77b3350e0..9ca4b9252 100644 --- a/src/pepr/istio/index.ts +++ b/src/pepr/istio/index.ts @@ -24,7 +24,6 @@ When(a.Pod) .WithLabel("batch.kubernetes.io/job-name") .WithLabel("service.istio.io/canonical-name") .Watch(async pod => { - if (!pod.metadata?.name || !pod.metadata.namespace) { log.error(pod, `Invalid Pod definition`); return;