Skip to content

Improve operator and auto-discovery log consistency and switch to json logs #3227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Reet00 merged 4 commits into from
Aug 25, 2025
Merged

Improve operator and auto-discovery log consistency and switch to json logs #3227

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0fa1191
Properly align logs from leader election and regular operator logs
J12934 Aug 20, 2025
854d290
Align operator logs to make them less spammy and more useful
J12934 Aug 20, 2025
c384c78
Properly align logs from leader election and regular kubernetes
J12934 Aug 20, 2025
109dca4
Properly align logs in aws auto-discovery to be in line with other go
J12934 Aug 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion auto-discovery/cloud-aws/cmd/service/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"github.com/secureCodeBox/secureCodeBox/auto-discovery/cloud-aws/pkg/aws"
"github.com/secureCodeBox/secureCodeBox/auto-discovery/cloud-aws/pkg/config"
"github.com/secureCodeBox/secureCodeBox/auto-discovery/cloud-aws/pkg/kubernetes"
"k8s.io/klog/v2"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
)
Expand All @@ -22,13 +23,14 @@ func main() {
"Omit this flag to use the default configuration values. "+
"Environment variables override some configuration values from this file.")
opts := zap.Options{
Development: true,
Development: false,
}
opts.BindFlags(flag.CommandLine)
flag.Parse()

log := zap.New(zap.UseFlagOptions(&opts))
ctrl.SetLogger(log)
klog.SetLogger(log)

// Read config from file first, some values may be overridden by env variables
cfg := config.GetConfig(configFile)
Expand Down
7 changes: 5 additions & 2 deletions auto-discovery/kubernetes/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import (
"k8s.io/apimachinery/pkg/runtime"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
"k8s.io/klog/v2"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/metrics/server"

Expand Down Expand Up @@ -45,12 +46,14 @@ func main() {
"Omit this flag to use the default configuration values. "+
"Command-line flags override configuration from this file.")
opts := zap.Options{
Development: true,
Development: false,
}
opts.BindFlags(flag.CommandLine)
flag.Parse()

ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
logger := zap.New(zap.UseFlagOptions(&opts))
ctrl.SetLogger(logger)
klog.SetLogger(logger)

ctrlConfig, err := util.LoadAutoDiscoveryConfig(configFile)
if err != nil {
Expand Down
4 changes: 3 additions & 1 deletion operator/controllers/execution/scans/hook_reconciler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ func (r *ScanReconciler) setHookStatus(scan *executionv1.Scan) error {
hookStatuses = utils.MapClusterHooksToHookStatus(clusterScanCompletionHooks.Items)
}

r.Log.Info("Found ScanCompletionHooks", "ScanCompletionHooks", len(hookStatuses))
r.Log.V(7).Info("Found ScanCompletionHooks", "ScanCompletionHooks", len(hookStatuses))

orderedHookStatus := utils.FromUnorderedList(hookStatuses)
scan.Status.OrderedHookStatuses = orderedHookStatus
Expand Down Expand Up @@ -468,6 +468,8 @@ func (r *ScanReconciler) createJobForHook(hookName string, hookSpec *executionv1
return "", err
}

r.Log.Info("Creating hook job", "job", job.Name, "scanCompletionHook", hookName, "scan", scan.Name, "namespace", scan.Namespace)

if err := r.Create(ctx, job); err != nil {
return "", err
}
Expand Down
5 changes: 2 additions & 3 deletions operator/controllers/execution/scans/parse_reconciler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ package scancontrollers
import (
"context"
"fmt"
"strings"

executionv1 "github.com/secureCodeBox/secureCodeBox/operator/apis/execution/v1"
util "github.com/secureCodeBox/secureCodeBox/operator/utils"
Expand Down Expand Up @@ -53,7 +52,7 @@ func (r *ScanReconciler) startParser(scan *executionv1.Scan) error {

return fmt.Errorf("no ParseDefinition of type '%s' found", parseType)
}
log.Info("Matching ParseDefinition Found", "ParseDefinition", parseType)
log.V(7).Info("Matching ParseDefinition Found", "ParseDefinition", parseType)
parseDefinitionSpec = parseDefinition.Spec
} else if *scan.Spec.ResourceMode == executionv1.ClusterWide {
var clusterParseDefinition executionv1.ClusterParseDefinition
Expand Down Expand Up @@ -243,7 +242,7 @@ func (r *ScanReconciler) startParser(scan *executionv1.Scan) error {
return err
}

log.V(7).Info("Constructed Job object", "job args", strings.Join(job.Spec.Template.Spec.Containers[0].Args, ", "))
log.Info("Creating parse job", "job", job.Name, "parseDefinition", parseType, "scan", scan.Name, "namespace", scan.Namespace)

if err := r.Create(ctx, job); err != nil {
log.Error(err, "unable to create Job for Parser", "job", job)
Expand Down
11 changes: 4 additions & 7 deletions operator/controllers/execution/scans/scan_reconciler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ import (
"fmt"
"os"
"path/filepath"
"strings"
"time"

executionv1 "github.com/secureCodeBox/secureCodeBox/operator/apis/execution/v1"
Expand Down Expand Up @@ -66,7 +65,7 @@ func (r *ScanReconciler) startScan(scan *executionv1.Scan) error {

return fmt.Errorf("no ScanType of type '%s' found", scan.Spec.ScanType)
}
log.Info("Matching ScanType Found", "ScanType", scanType.Name)
log.V(7).Info("Matching ScanType Found", "ScanType", scanType.Name)
scanTypeSpec = scanType.Spec
} else if *scan.Spec.ResourceMode == executionv1.ClusterWide {
var clusterScanType executionv1.ClusterScanType
Expand Down Expand Up @@ -108,8 +107,7 @@ func (r *ScanReconciler) startScan(scan *executionv1.Scan) error {
return err
}

log.V(7).Info("Constructed Job object", "job args", strings.Join(job.Spec.Template.Spec.Containers[0].Args, ", "))

log.Info("Creating scan job", "job", job.Name, "scanType", scan.Spec.ScanType, "scan", scan.Name, "namespace", scan.Namespace)
if err := r.Create(ctx, job); err != nil {
log.Error(err, "unable to create Job for Scan", "job", job)
return err
Expand Down Expand Up @@ -154,7 +152,6 @@ func (r *ScanReconciler) startScan(scan *executionv1.Scan) error {

r.updateScanStatus(ctx, scan)

log.V(7).Info("created Job for Scan", "job", job)
return nil
}

Expand Down Expand Up @@ -308,7 +305,7 @@ func (r *ScanReconciler) constructJobForScan(scan *executionv1.Scan, scanTypeSpe
return nil, fmt.Errorf("unknown seccompProfile for lurker: %s", seccompProfileRaw)
}

r.Log.Info("Using Lurker Image", "seccompProfile", seccompProfileRaw)
r.Log.V(8).Info("Using Lurker Image", "seccompProfile", seccompProfileRaw)
falsePointer := false
truePointer := true

Expand Down Expand Up @@ -366,7 +363,7 @@ func (r *ScanReconciler) constructJobForScan(scan *executionv1.Scan, scanTypeSpe
}

customCACertificate, isConfigured := os.LookupEnv("CUSTOM_CA_CERTIFICATE_EXISTING_CERTIFICATE")
r.Log.Info("Configuring customCACerts for lurker", "customCACertificate", customCACertificate, "isConfigured", isConfigured)
r.Log.V(7).Info("Configuring customCACerts for lurker", "customCACertificate", customCACertificate, "isConfigured", isConfigured)
if customCACertificate != "" {
job.Spec.Template.Spec.Volumes = append(job.Spec.Template.Spec.Volumes, corev1.Volume{
Name: "ca-certificate",
Expand Down
20 changes: 10 additions & 10 deletions operator/controllers/execution/scans/serviceaccount.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ func (r *ScanReconciler) ensureServiceAccountExists(namespace, serviceAccountNam
var serviceAccount corev1.ServiceAccount
err := r.Get(ctx, types.NamespacedName{Name: serviceAccountName, Namespace: namespace}, &serviceAccount)
if apierrors.IsNotFound(err) {
r.Log.Info("Service Account doesn't exist creating now")
r.Log.Info("Creating missing service account", "serviceAccountName", serviceAccountName, "namespace", namespace)
serviceAccount = corev1.ServiceAccount{
ObjectMeta: metav1.ObjectMeta{
Name: serviceAccountName,
Expand All @@ -34,18 +34,18 @@ func (r *ScanReconciler) ensureServiceAccountExists(namespace, serviceAccountNam
}
err := r.Create(ctx, &serviceAccount)
if err != nil {
r.Log.Error(err, "Failed to create ServiceAccount")
r.Log.Error(err, "Failed to create ServiceAccount", "serviceAccountName", serviceAccountName, "namespace", namespace)
return err
}
} else if err != nil {
r.Log.Error(err, "Unexpected error while checking if a ServiceAccount exists")
r.Log.Error(err, "Unexpected error while checking if a ServiceAccount exists", "serviceAccountName", serviceAccountName, "namespace", namespace)
return err
}

var role rbacv1.Role
err = r.Get(ctx, types.NamespacedName{Name: serviceAccountName, Namespace: namespace}, &role)
if apierrors.IsNotFound(err) {
r.Log.Info("Role doesn't exist creating now")
r.Log.Info("Creating missing Role", "roleName", serviceAccountName, "namespace", namespace)
role = rbacv1.Role{
ObjectMeta: metav1.ObjectMeta{
Name: serviceAccountName,
Expand All @@ -58,26 +58,26 @@ func (r *ScanReconciler) ensureServiceAccountExists(namespace, serviceAccountNam
}
err := r.Create(ctx, &role)
if err != nil {
r.Log.Error(err, "Failed to create Role")
r.Log.Error(err, "Failed to create Role", "roleName", serviceAccountName, "namespace", namespace)
return err
}
} else if !reflect.DeepEqual(role.Rules, policyRules) {
r.Log.Info("Role already exists but not in the correct state")
role.Rules = policyRules
err := r.Update(ctx, &role)
if err != nil {
r.Log.Error(err, "Failed to update Role")
r.Log.Error(err, "Failed to update Role", "roleName", serviceAccountName, "namespace", namespace)
return err
}
} else if err != nil {
r.Log.Error(err, "Unexpected error while checking if a Role exists")
r.Log.Error(err, "Unexpected error while checking if a Role exists", "roleName", serviceAccountName, "namespace", namespace)
return err
}

var roleBinding rbacv1.RoleBinding
err = r.Get(ctx, types.NamespacedName{Name: serviceAccountName, Namespace: namespace}, &roleBinding)
if apierrors.IsNotFound(err) {
r.Log.Info("RoleBinding doesn't exist creating now")
r.Log.Info("Creating missing RoleBinding", "roleName", serviceAccountName, "namespace", namespace)
roleBinding = rbacv1.RoleBinding{
ObjectMeta: metav1.ObjectMeta{
Name: serviceAccountName,
Expand All @@ -100,11 +100,11 @@ func (r *ScanReconciler) ensureServiceAccountExists(namespace, serviceAccountNam
}
err := r.Create(ctx, &roleBinding)
if err != nil {
r.Log.Error(err, "Failed to create RoleBinding")
r.Log.Error(err, "Failed to create RoleBinding", "roleName", serviceAccountName, "namespace", namespace)
return err
}
} else if err != nil {
r.Log.Error(err, "Unexpected error while checking if a RoleBinding exists")
r.Log.Error(err, "Unexpected error while checking if a RoleBinding exists", "roleName", serviceAccountName, "namespace", namespace)
return err
}

Expand Down
7 changes: 5 additions & 2 deletions operator/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (
"k8s.io/apimachinery/pkg/runtime"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
"k8s.io/klog/v2"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/healthz"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
Expand Down Expand Up @@ -51,12 +52,14 @@ func main() {
"Enable leader election for controller manager. "+
"Enabling this will ensure there is only one active controller manager.")
opts := zap.Options{
Development: true,
Development: false,
}
opts.BindFlags(flag.CommandLine)
flag.Parse()

ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
logger := zap.New(zap.UseFlagOptions(&opts))
ctrl.SetLogger(logger)
klog.SetLogger(logger)

mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
Scheme: scheme,
Expand Down
Loading