mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-10-31 13:50:01 +00:00
migrate to structured logging
Signed-off-by: SataQiu <shidaqiu2018@gmail.com>
This commit is contained in:
SataQiu
@@ -61,7 +61,7 @@ func LoadClientConfig(kubeconfigPath, bootstrapPath, certDir string) (certConfig
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, fmt.Errorf("unable to load kubeconfig: %v", err)
|
return nil, nil, fmt.Errorf("unable to load kubeconfig: %v", err)
|
||||||
}
|
}
|
||||||
klog.V(2).Infof("No bootstrapping requested, will use kubeconfig")
|
klog.V(2).InfoS("No bootstrapping requested, will use kubeconfig")
|
||||||
return clientConfig, restclient.CopyConfig(clientConfig), nil
|
return clientConfig, restclient.CopyConfig(clientConfig), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -81,7 +81,7 @@ func LoadClientConfig(kubeconfigPath, bootstrapPath, certDir string) (certConfig
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, fmt.Errorf("unable to load kubeconfig: %v", err)
|
return nil, nil, fmt.Errorf("unable to load kubeconfig: %v", err)
|
||||||
}
|
}
|
||||||
klog.V(2).Infof("Current kubeconfig file contents are still valid, no bootstrap necessary")
|
klog.V(2).InfoS("Current kubeconfig file contents are still valid, no bootstrap necessary")
|
||||||
return clientConfig, restclient.CopyConfig(clientConfig), nil
|
return clientConfig, restclient.CopyConfig(clientConfig), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -97,7 +97,7 @@ func LoadClientConfig(kubeconfigPath, bootstrapPath, certDir string) (certConfig
|
|||||||
if err := writeKubeconfigFromBootstrapping(clientConfig, kubeconfigPath, pemPath); err != nil {
|
if err := writeKubeconfigFromBootstrapping(clientConfig, kubeconfigPath, pemPath); err != nil {
|
||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
}
|
}
|
||||||
klog.V(2).Infof("Use the bootstrap credentials to request a cert, and set kubeconfig to point to the certificate dir")
|
klog.V(2).InfoS("Use the bootstrap credentials to request a cert, and set kubeconfig to point to the certificate dir")
|
||||||
return bootstrapClientConfig, clientConfig, nil
|
return bootstrapClientConfig, clientConfig, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -112,11 +112,11 @@ func LoadClientCert(ctx context.Context, kubeconfigPath, bootstrapPath, certDir
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if ok {
|
if ok {
|
||||||
klog.V(2).Infof("Kubeconfig %s exists and is valid, skipping bootstrap", kubeconfigPath)
|
klog.V(2).InfoS("Kubeconfig exists and is valid, skipping bootstrap", "path", kubeconfigPath)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
klog.V(2).Info("Using bootstrap kubeconfig to generate TLS client cert, key and kubeconfig file")
|
klog.V(2).InfoS("Using bootstrap kubeconfig to generate TLS client cert, key and kubeconfig file")
|
||||||
|
|
||||||
bootstrapClientConfig, err := loadRESTClientConfig(bootstrapPath)
|
bootstrapClientConfig, err := loadRESTClientConfig(bootstrapPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -147,7 +147,7 @@ func LoadClientCert(ctx context.Context, kubeconfigPath, bootstrapPath, certDir
|
|||||||
// managed by the store.
|
// managed by the store.
|
||||||
privKeyPath := filepath.Join(certDir, tmpPrivateKeyFile)
|
privKeyPath := filepath.Join(certDir, tmpPrivateKeyFile)
|
||||||
if !verifyKeyData(keyData) {
|
if !verifyKeyData(keyData) {
|
||||||
klog.V(2).Infof("No valid private key and/or certificate found, reusing existing private key or creating a new one")
|
klog.V(2).InfoS("No valid private key and/or certificate found, reusing existing private key or creating a new one")
|
||||||
// Note: always call LoadOrGenerateKeyFile so that private key is
|
// Note: always call LoadOrGenerateKeyFile so that private key is
|
||||||
// reused on next startup if CSR request fails.
|
// reused on next startup if CSR request fails.
|
||||||
keyData, _, err = keyutil.LoadOrGenerateKeyFile(privKeyPath)
|
keyData, _, err = keyutil.LoadOrGenerateKeyFile(privKeyPath)
|
||||||
@@ -157,7 +157,7 @@ func LoadClientCert(ctx context.Context, kubeconfigPath, bootstrapPath, certDir
|
|||||||
}
|
}
|
||||||
|
|
||||||
if err := waitForServer(ctx, *bootstrapClientConfig, 1*time.Minute); err != nil {
|
if err := waitForServer(ctx, *bootstrapClientConfig, 1*time.Minute); err != nil {
|
||||||
klog.Warningf("Error waiting for apiserver to come up: %v", err)
|
klog.InfoS("Error waiting for apiserver to come up", "err", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
certData, err := requestNodeCertificate(ctx, bootstrapClient, keyData, nodeName)
|
certData, err := requestNodeCertificate(ctx, bootstrapClient, keyData, nodeName)
|
||||||
@@ -168,7 +168,7 @@ func LoadClientCert(ctx context.Context, kubeconfigPath, bootstrapPath, certDir
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if err := os.Remove(privKeyPath); err != nil && !os.IsNotExist(err) {
|
if err := os.Remove(privKeyPath); err != nil && !os.IsNotExist(err) {
|
||||||
klog.V(2).Infof("failed cleaning up private key file %q: %v", privKeyPath, err)
|
klog.V(2).InfoS("Failed cleaning up private key file", "path", privKeyPath, "err", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return writeKubeconfigFromBootstrapping(bootstrapClientConfig, kubeconfigPath, store.CurrentPath())
|
return writeKubeconfigFromBootstrapping(bootstrapClientConfig, kubeconfigPath, store.CurrentPath())
|
||||||
@@ -292,7 +292,7 @@ func waitForServer(ctx context.Context, cfg restclient.Config, deadline time.Dur
|
|||||||
var connected bool
|
var connected bool
|
||||||
wait.JitterUntil(func() {
|
wait.JitterUntil(func() {
|
||||||
if _, err := cli.Get().AbsPath("/healthz").Do(ctx).Raw(); err != nil {
|
if _, err := cli.Get().AbsPath("/healthz").Do(ctx).Raw(); err != nil {
|
||||||
klog.Infof("Failed to connect to apiserver: %v", err)
|
klog.InfoS("Failed to connect to apiserver", "err", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
cancel()
|
cancel()
|
||||||
@@ -352,7 +352,7 @@ func requestNodeCertificate(ctx context.Context, client clientset.Interface, pri
|
|||||||
ctx, cancel := context.WithTimeout(ctx, 3600*time.Second)
|
ctx, cancel := context.WithTimeout(ctx, 3600*time.Second)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
klog.V(2).Infof("Waiting for client certificate to be issued")
|
klog.V(2).InfoS("Waiting for client certificate to be issued")
|
||||||
return csr.WaitForCertificate(ctx, client, reqName, reqUID)
|
return csr.WaitForCertificate(ctx, client, reqName, reqUID)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -21,6 +21,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"os"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"k8s.io/klog/v2"
|
"k8s.io/klog/v2"
|
||||||
@@ -105,18 +106,20 @@ func addCertRotation(stopCh <-chan struct{}, period time.Duration, clientConfig
|
|||||||
// the certificate has been deleted from disk or is otherwise corrupt
|
// the certificate has been deleted from disk or is otherwise corrupt
|
||||||
if now.After(lastCertAvailable.Add(exitAfter)) {
|
if now.After(lastCertAvailable.Add(exitAfter)) {
|
||||||
if clientCertificateManager.ServerHealthy() {
|
if clientCertificateManager.ServerHealthy() {
|
||||||
klog.Fatalf("It has been %s since a valid client cert was found and the server is responsive, exiting.", exitAfter)
|
klog.ErrorS(nil, "No valid client certificate is found and the server is responsive, exiting.", "lastCertificateAvailabilityTime", lastCertAvailable, "shutdownThreshold", exitAfter)
|
||||||
|
os.Exit(1)
|
||||||
} else {
|
} else {
|
||||||
klog.Errorf("It has been %s since a valid client cert was found, but the server is not responsive. A restart may be necessary to retrieve new initial credentials.", exitAfter)
|
klog.ErrorS(nil, "No valid client certificate is found but the server is not responsive. A restart may be necessary to retrieve new initial credentials.", "lastCertificateAvailabilityTime", lastCertAvailable, "shutdownThreshold", exitAfter)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// the certificate is expired
|
// the certificate is expired
|
||||||
if now.After(curr.Leaf.NotAfter) {
|
if now.After(curr.Leaf.NotAfter) {
|
||||||
if clientCertificateManager.ServerHealthy() {
|
if clientCertificateManager.ServerHealthy() {
|
||||||
klog.Fatalf("The currently active client certificate has expired and the server is responsive, exiting.")
|
klog.ErrorS(nil, "The currently active client certificate has expired and the server is responsive, exiting.")
|
||||||
|
os.Exit(1)
|
||||||
} else {
|
} else {
|
||||||
klog.Errorf("The currently active client certificate has expired, but the server is not responsive. A restart may be necessary to retrieve new initial credentials.")
|
klog.ErrorS(nil, "The currently active client certificate has expired, but the server is not responsive. A restart may be necessary to retrieve new initial credentials.")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
lastCertAvailable = now
|
lastCertAvailable = now
|
||||||
@@ -129,7 +132,7 @@ func addCertRotation(stopCh <-chan struct{}, period time.Duration, clientConfig
|
|||||||
}
|
}
|
||||||
lastCert = curr
|
lastCert = curr
|
||||||
|
|
||||||
klog.Infof("certificate rotation detected, shutting down client connections to start using new credentials")
|
klog.InfoS("Certificate rotation detected, shutting down client connections to start using new credentials")
|
||||||
// The cert has been rotated. Close all existing connections to force the client
|
// The cert has been rotated. Close all existing connections to force the client
|
||||||
// to reperform its TLS handshake with new cert.
|
// to reperform its TLS handshake with new cert.
|
||||||
//
|
//
|
||||||
|
|||||||
Reference in New Issue
Block a user