[RFC] Contextual logging in the apiserver POC #114198
Conversation
tallclair
added
the
do-not-merge/hold
|
@tallclair: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
size/S
|
Please note that we're already in Test Freeze for the Fast forwards are scheduled to happen every 6 hours, whereas the most recent run was: Tue Nov 29 21:40:19 UTC 2022. |
k8s-ci-robot
added
area/logging
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: tallclair The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
sig/auth
|
@tallclair: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
| @@ -49,6 +49,10 @@ func withAuditInit(handler http.Handler, newAuditIDFunc func() string) http.Hand | |||
| // Note: we save the user specified value of the Audit-ID header as is, no truncation is performed. | |||
| audit.WithAuditID(ctx, types.UID(auditID)) | |||
|
|
|||
| logger := klog.FromContext(ctx).WithValues("auditID", auditID) | |||
| ctx = klog.NewContext(ctx, logger) | |||
| r = r.WithContext(ctx) | |||
There was a problem hiding this comment.
I am working on making this step unnecessary in go-logr/logr#158
The exact solution is still unknown, but it should become faster than modifying the logger and adding it to the context.
Do you have benchmarks that could be run to measure the performance impact of these changes?
|
We reviewed this one in the SIG meeting yesterday, if you need help assigning to someone let me know. |
k8s-ci-robot
added
triage/accepted
| logger.Error(nil, fmt.Sprintf("Dropping mismatched audit annotation %q", keysAndValues[len(keysAndValues)-1])) | ||
|
|
||
| // Option 3: Rewrite as structured logs | ||
| logger.Error(nil, "Dropping mismatched audit annotation", "annotation", keysAndValues[len(keysAndValues)-1]) |
There was a problem hiding this comment.
With my structured logging WG lead hat on I have to vote for option 3 😁
The resulting messages will be different, but still have the same information. If you stay consistent, then searching for key/value pairs becomes easier, even when using the text output format.
When using JSON, the overhead for writing log entries is lower because zap is more optimized than klog.
|
/cc |
k8s-ci-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
do-not-merge/work-in-progress
|
@tallclair @pohly @fedebongio what are the next steps here? |
|
Go is currently about to add slog as structured and not-quite-yet contextual logging API. I am in discussion with Let's wait how that turns out before coming back to this PR. |
|
Yeah, sorry for the lack of updates. I decided that there was enough in flux in the contextual logging space that it didn't make sense to try and get this into v1.27. Hopefully someone can pick it up in v1.28 (I'll be on 👶 leave), or I can follow up in v1.29 |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale This needs to be picked up at some point, but still seems relevant, so let's keep it open. |
k8s-ci-robot
removed
the
lifecycle/stale
|
This work-in-progress PR needs a rebase. please rebase if this PR is still needed for the upcoming release. |
|
The relationship with slog has been clarified. It doesn't support contextual logging, so nothing changes in Kubernetes: we continue to use logr as main API, with the ability to write to a I tried promoting contextual logging to beta but that raised concerns about potential performance impacts when enabled by default, so in the end a decision about beta got postponed. It would be good to pick up this PR again for 1.30 and reach some conclusion whether you want contextual logging to be enabled by default. One proposal on Slack was to make it an opt-in feature, so users wouldn't get it unless they change command line flags or configs of each component where they want it. |
@pohly LMK if there's a better place to comment on this, but I do not think making it optional is a good idea. The value of the contextual logger is making it easier to plumb through context to the logging sites. If contextual logging is optional, you either end up with logs missing key context, or you have to plumb that context through manually which defeats the purpose. Am I missing something? |
|
@tallclair: I agree with you. A better place to comment on promotion to beta (with or without a new config option) would be in kubernetes/enhancements#4219. |
dims
added
the
lifecycle/rotten
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
|
@k8s-triage-robot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This PR is illustrating how the apiserver can make use of a contextual logger (KEP 3077).
In particular, attaching an
auditIDto log messages will ensure that apiserver logs in the request path always have sufficient context to tie them to a specific request. See previous discussion from SIG api-machinery - Nov. 16.This PR contains 3 commits:
auditIDmight be the only valid use case at the top level).auditIDfrom above.Plumbing a context through to everywhere a log is recorded is out of scope.
/cc @lavalamp @deads2k @pohly @enj
/sig api-machinery
/area apiserver logging