Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More useful audit error logs #111706

Merged
merged 1 commit into from Oct 20, 2022
Merged

More useful audit error logs #111706

merged 1 commit into from Oct 20, 2022

Conversation

tallclair
Copy link
Member

@tallclair tallclair commented Aug 4, 2022
edited

What type of PR is this?

/kind bug

What this PR does / why we need it:

  1. Include the auditID with audit error logs in the kube-apiserver logs, so errors can be correlated with the request. (As an asside, I think we should do this for all apiserver log lines in the request serving path, but that's outside the scope of this PR)
  2. Attempt to log the actual request / response object rather than it's reflected type when encoding fails.

While debugging a kube-apiserver, I came across a lot of log lines like this:

Auditing failed of  request: encoding failed: request to convert CR to an invalid group/version: v1

Note the double space after the first of. This is logged from

kubernetes/staging/src/k8s.io/apiserver/pkg/audit/request.go

Line 169 in eefcf6a

klog.Warningf("Auditing failed of %v request: %v", reflect.TypeOf(obj).Name(), err)

But reflect.TypeOf(obj).Name() is returning the empty string (from the docs: "Name returns the type's name within its package for a defined type. For other (non-defined) types it returns the empty string.")

Note to reviewers:

The underlying issue generating these log lines was fixed by #110110

Does this PR introduce a user-facing change?

NONE

/sig api-machinery

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. kind/bug Categorizes issue or PR as related to a bug. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Aug 4, 2022
@k8s-ci-robot k8s-ci-robot added area/apiserver sig/auth Categorizes an issue or PR as relevant to SIG Auth. labels Aug 4, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: tallclair

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 4, 2022
@fedebongio
Copy link
Contributor

/assign @deads2k

@fedebongio
Copy link
Contributor

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Aug 9, 2022
@enj enj added this to Needs Triage in SIG Auth Old Sep 12, 2022
@pacoxu
Copy link
Member

pacoxu commented Oct 20, 2022
edited

/sig instrumentation
/lgtm
The log looks better now.

@k8s-ci-robot k8s-ci-robot added the sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. label Oct 20, 2022
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 20, 2022
@k8s-ci-robot k8s-ci-robot merged commit fc4344a into kubernetes:master Oct 20, 2022
SIG Auth Old automation moved this from Needs Triage to Closed / Done Oct 20, 2022
@k8s-ci-robot k8s-ci-robot added this to the v1.26 milestone Oct 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hzxuzhonghu hzxuzhonghu Awaiting requested review from hzxuzhonghu

@lavalamp lavalamp Awaiting requested review from lavalamp

Assignees

@pacoxu pacoxu

@deads2k deads2k

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. release-note-none Denotes a PR that doesn't merit a release note. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Auth
Archived in project
SIG Auth Old
Closed / Done
Milestone
v1.26
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@tallclair @k8s-ci-robot @fedebongio @pacoxu @deads2k