Merge pull request #96370 from serathius/sanitization

Add --experimental-logging-sanitization flag to control plane components
This commit is contained in:
Kubernetes Prow Robot 2020-11-10 08:08:40 -08:00 committed by GitHub
commit 0ad06e991a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 1 deletions

View File

@ -17,6 +17,7 @@ go_library(
deps = [
"//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library",
"//staging/src/k8s.io/component-base/logs/json:go_default_library",
"//staging/src/k8s.io/component-base/logs/sanitization:go_default_library",
"//vendor/github.com/go-logr/logr:go_default_library",
"//vendor/github.com/spf13/pflag:go_default_library",
"//vendor/k8s.io/klog/v2:go_default_library",

View File

@ -24,6 +24,7 @@ import (
"github.com/go-logr/logr"
"github.com/spf13/pflag"
"k8s.io/component-base/logs/sanitization"
"k8s.io/klog/v2"
)
@ -40,7 +41,8 @@ var supportedLogsFlags = map[string]struct{}{
// Options has klog format parameters
type Options struct {
LogFormat string
LogFormat string
LogSanitization bool
}
// NewOptions return new klog options
@ -88,6 +90,8 @@ func (o *Options) AddFlags(fs *pflag.FlagSet) {
// No new log formats should be added after generation is of flag options
logRegistry.Freeze()
fs.BoolVar(&o.LogSanitization, "experimental-logging-sanitization", false, `[Experimental] When enabled prevents logging of fields that tagged as sensitive (passwords, keys, tokens).
Runtime log sanitization may introduce significant computation overhead and therefore should not be enabled in production.`)
}
// Apply set klog logger from LogFormat type
@ -95,6 +99,9 @@ func (o *Options) Apply() {
// if log format not exists, use nil loggr
loggr, _ := o.Get()
klog.SetLogger(loggr)
if o.LogSanitization {
klog.SetLogFilter(&sanitization.SanitizingFilter{})
}
}
// Get logger with LogFormat field

2
vendor/modules.txt vendored
View File

@ -2207,8 +2207,10 @@ k8s.io/component-base/configz
k8s.io/component-base/featuregate
k8s.io/component-base/featuregate/testing
k8s.io/component-base/logs
k8s.io/component-base/logs/datapol
k8s.io/component-base/logs/json
k8s.io/component-base/logs/logreduction
k8s.io/component-base/logs/sanitization
k8s.io/component-base/metrics
k8s.io/component-base/metrics/legacyregistry
k8s.io/component-base/metrics/prometheus/clientgo