Log a missing namespace only when first noticed

If we log a warning every time a whitelisted is missing, there may be an awful lot of repeated warnings. Instead, keep track of which namespaces have been seen to be missing (resetting when they are seen again), and log only when the namespace was not known to be missing.
fluxcd · Aug 23, 2018 · 2302abf · 2302abf
1 parent 8600d06
commit 2302abf
Showing 1 changed file with 18 additions and 11 deletions.
diff --git a/cluster/kubernetes/kubernetes.go b/cluster/kubernetes/kubernetes.go
@@ -96,12 +96,14 @@ func isAddon(obj k8sObject) bool {
 // Cluster is a handle to a Kubernetes API server.
 // (Typically, this code is deployed into the same cluster.)
 type Cluster struct {
-	client      extendedClient
-	applier     Applier
-	version     string // string response for the version command.
-	logger      log.Logger
-	sshKeyRing  ssh.KeyRing
-	nsWhitelist []string
+	client     extendedClient
+	applier    Applier
+	version    string // string response for the version command.
+	logger     log.Logger
+	sshKeyRing ssh.KeyRing
+
+	nsWhitelist       []string
+	nsWhitelistLogged map[string]bool // to keep track of whether we've logged a problem with seeing a whitelisted ns
 
 	mu sync.Mutex
 }
@@ -119,10 +121,11 @@ func NewCluster(clientset k8sclient.Interface,
 			clientset,
 			fluxHelmClientset,
 		},
-		applier:     applier,
-		logger:      logger,
-		sshKeyRing:  sshKeyRing,
-		nsWhitelist: nsWhitelist,
+		applier:           applier,
+		logger:            logger,
+		sshKeyRing:        sshKeyRing,
+		nsWhitelist:       nsWhitelist,
+		nsWhitelistLogged: map[string]bool{},
 	}
 
 	return c
@@ -316,9 +319,13 @@ func (c *Cluster) getAllowedNamespaces() ([]apiv1.Namespace, error) {
 			ns, err := c.client.CoreV1().Namespaces().Get(name, meta_v1.GetOptions{})
 			switch {
 			case err == nil:
+				c.nsWhitelistLogged[name] = false // reset, so if the namespace goes away we'll log it again
 				nsList = append(nsList, *ns)
 			case apierrors.IsUnauthorized(err) || apierrors.IsForbidden(err) || apierrors.IsNotFound(err):
-				c.logger.Log("warning", "whitelisted namespace unauthorized, forbidden, or not found", "namespace", name)
+				if !c.nsWhitelistLogged[name] {
+					c.logger.Log("warning", "whitelisted namespace inaccessible", "namespace", name, "err", err)
+					c.nsWhitelistLogged[name] = true
+				}
 			default:
 				return nil, err
 			}