Skip to content

Improve operator and auto-discovery log consistency and switch to json logs#3227

Merged
Reet00 merged 4 commits intosecureCodeBox:mainfrom
J12934:fix/operator-logs
Aug 25, 2025
Merged

Improve operator and auto-discovery log consistency and switch to json logs#3227
Reet00 merged 4 commits intosecureCodeBox:mainfrom
J12934:fix/operator-logs

Conversation

@J12934
Copy link
Member

@J12934 J12934 commented Aug 20, 2025

Description

The operator and k8s auto-discovery have included leader election logs in a conflicting format on startup for a while.

e.g.

2025-08-20T19:19:40Z    INFO    setup    starting manager
2025-08-20T19:19:40Z    INFO    telemetry    The Operator sends anonymous telemetry data, to give the team an overview how much the secureCodeBox is used. Find out more at https://www.securecodebox.io/docs/telemetry
2025-08-20T19:19:40Z    INFO    controller-runtime.metrics    Starting metrics server
2025-08-20T19:19:40Z    INFO    controller-runtime.metrics    Serving metrics server    {"bindAddress": ":8080", "secure": false}
2025-08-20T19:19:40Z    INFO    starting server    {"name": "health probe", "addr": "[::]:8081"}
I0820 19:19:40.876943       1 leaderelection.go:257] attempting to acquire leader lease securecodebox-system/e341d981.securecodebox.io...
I0820 19:19:40.883811       1 leaderelection.go:271] successfully acquired lease securecodebox-system/e341d981.securecodebox.io
2025-08-20T19:19:40Z    DEBUG    events    securecodebox-controller-manager-7d8754bfcf-qr6m5_db325392-af97-40fd-8b92-da13500277cd became leader    {"type": "Normal", "object": {"kind":"Lease","namespace":"securecodebox-system","name":"e341d981.securecodebox.io","uid":"0241acbd-f105-47e4-8625-c03da2de1daa","apiVersi
2025-08-20T19:19:40Z    INFO    Starting EventSource    {"controller": "scan", "controllerGroup": "execution.securecodebox.io", "controllerKind": "Scan", "source": "kind source: *v1.Job"}
2025-08-20T19:19:40Z    INFO    Starting EventSource    {"controller": "scan", "controllerGroup": "execution.securecodebox.io", "controllerKind": "Scan", "source": "kind source: *v1.Scan"}
2025-08-20T19:19:40Z    INFO    Starting EventSource    {"controller": "scantype", "controllerGroup": "execution.securecodebox.io", "controllerKind": "ScanType", "source": "kind source: *v1.ScanType"}
2025-08-20T19:19:40Z    INFO    Starting Controller    {"controller": "scan", "controllerGroup": "execution.securecodebox.io", "controllerKind": "Scan"}
2025-08-20T19:19:40Z    INFO    Starting workers    {"controller": "scan", "controllerGroup": "execution.securecodebox.io", "controllerKind": "Scan", "worker count": 1}
2025-08-20T19:19:40Z    INFO    Starting EventSource    {"controller": "scheduledscan", "controllerGroup": "execution.securecodebox.io", "controllerKind": "ScheduledScan", "source": "kind source: *v1.Scan"}
2025-08-20T19:19:40Z    INFO    Starting EventSource    {"controller": "scheduledscan", "controllerGroup": "execution.securecodebox.io", "controllerKind": "ScheduledScan", "source": "kind source: *v1.ScheduledScan"}
2025-08-20T19:19:40Z    INFO    Starting Controller    {"controller": "scantype", "controllerGroup": "execution.securecodebox.io", "controllerKind": "ScanType"}
2025-08-20T19:19:40Z    INFO    Starting workers    {"controller": "scantype", "controllerGroup": "execution.securecodebox.io", "controllerKind": "ScanType", "worker count": 1}
2025-08-20T19:19:40Z    INFO    Starting Controller    {"controller": "scheduledscan", "controllerGroup": "execution.securecodebox.io", "controllerKind": "ScheduledScan"}
2025-08-20T19:19:40Z    INFO    Starting workers    {"controller": "scheduledscan", "controllerGroup": "execution.securecodebox.io", "controllerKind": "ScheduledScan", "worker count": 1}

In addtion a lot of logs of the operator are more on the debug side, and don't have log levels set.
This sets log verbosity levels for those or adds additional context (names, namespaces) e.g. when serviceaccount, roles, rolebindings or jobs are created.

Example of this spam:

2025-08-20T19:20:05Z    INFO    controllers.execution.Scan    Matching ScanType Found    {"scan_init": "integration-tests/nmap-localhost-5dqvw", "ScanType": "nmap"}
2025-08-20T19:20:05Z    INFO    controllers.execution.Scan    Service Account doesn't exist creating now
2025-08-20T19:20:05Z    INFO    controllers.execution.Scan    Role doesn't exist creating now
2025-08-20T19:20:05Z    INFO    controllers.execution.Scan    RoleBinding doesn't exist creating now
2025-08-20T19:20:05Z    INFO    controllers.execution.Scan    Using Lurker Image    {"seccompProfile": "RuntimeDefault"}
2025-08-20T19:20:05Z    INFO    controllers.execution.Scan    Configuring customCACerts for lurker    {"customCACertificate": "", "isConfigured": false}
2025-08-20T19:20:10Z    INFO    controllers.execution.Scan    Matching ParseDefinition Found    {"scan_parse": "integration-tests/nmap-localhost-5dqvw", "ParseDefinition": "nmap-xml"}
2025-08-20T19:20:10Z    INFO    controllers.execution.Scan    Service Account doesn't exist creating now
2025-08-20T19:20:10Z    INFO    controllers.execution.Scan    Role doesn't exist creating now
2025-08-20T19:20:10Z    INFO    controllers.execution.Scan    RoleBinding doesn't exist creating now
2025-08-20T19:20:15Z    INFO    controllers.execution.Scan    Found ScanCompletionHooks    {"ScanCompletionHooks": 0}
2025-08-20T19:20:17Z    INFO    controllers.execution.Scan    Matching ScanType Found    {"scan_init": "integration-tests/nmap-localhost-f8rm5", "ScanType": "nmap"}
2025-08-20T19:20:17Z    INFO    controllers.execution.Scan    Using Lurker Image    {"seccompProfile": "RuntimeDefault"}
2025-08-20T19:20:17Z    INFO    controllers.execution.Scan    Configuring customCACerts for lurker    {"customCACertificate": "", "isConfigured": false}

Afterwards:

{"level":"info","ts":"2025-08-20T19:37:39Z","logger":"controllers.execution.Scan","msg":"Creating missing service account","serviceAccountName":"lurker","namespace":"integration-tests"}
{"level":"info","ts":"2025-08-20T19:37:39Z","logger":"controllers.execution.Scan","msg":"Creating missing Role","roleName":"lurker","namespace":"integration-tests"}
{"level":"info","ts":"2025-08-20T19:37:39Z","logger":"controllers.execution.Scan","msg":"Creating missing RoleBinding","roleName":"lurker","namespace":"integration-tests"}
{"level":"info","ts":"2025-08-20T19:37:39Z","logger":"controllers.execution.Scan","msg":"Creating scan job","scan_init":"integration-tests/nmap-localhost-b6k9h","job":"","scanType":"nmap","scan":"nmap-localhost-b6k9h","namespace":"integration-tests"}
{"level":"info","ts":"2025-08-20T19:37:44Z","logger":"controllers.execution.Scan","msg":"Creating missing service account","serviceAccountName":"parser","namespace":"integration-tests"}
{"level":"info","ts":"2025-08-20T19:37:44Z","logger":"controllers.execution.Scan","msg":"Creating missing Role","roleName":"parser","namespace":"integration-tests"}
{"level":"info","ts":"2025-08-20T19:37:44Z","logger":"controllers.execution.Scan","msg":"Creating missing RoleBinding","roleName":"parser","namespace":"integration-tests"}
{"level":"info","ts":"2025-08-20T19:37:44Z","logger":"controllers.execution.Scan","msg":"Creating parse job","scan_parse":"integration-tests/nmap-localhost-b6k9h","job":"","parseDefinition":"nmap-xml","scan":"nmap-localhost-b6k9h","namespace":"integration-tests"}

Checklist

  • Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests.
  • Make sure that all your commits are signed-off and that you are added to the Contributors file.
  • Make sure that all CI finish successfully.
  • Optional (but appreciated): Make sure that all commits are Verified.

J12934 added 4 commits August 20, 2025 21:04
@J12934
Properly align logs from leader election and regular operator logs
0fa1191 
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@owasp.org>
@J12934
Align operator logs to make them less spammy and more useful
854d290 
Moved less helpful logs to higher verbosity levels and added (more
helpful) logs for more interesting events, like job creation for scans,
parsers and hooks

Signed-off-by: Jannik Hollenbach <jannik.hollenbach@owasp.org>
@J12934
Properly align logs from leader election and regular kubernetes
c384c78 
auto-discovery logs

Signed-off-by: Jannik Hollenbach <jannik.hollenbach@owasp.org>
@J12934
Properly align logs in aws auto-discovery to be in line with other go
109dca4 
projects

Signed-off-by: Jannik Hollenbach <jannik.hollenbach@owasp.org>
@J12934 J12934 self-assigned this Aug 20, 2025
@netlify
Copy link

netlify bot commented Aug 20, 2025
edited
Loading

Deploy Preview for docs-securecodebox canceled.

Name Link
🔨 Latest commit 109dca4
🔍 Latest deploy log https://app.netlify.com/projects/docs-securecodebox/deploys/68a624c134cba100085c6ff4

@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 20, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@J12934 J12934 moved this from Triage to To Review in secureCodeBox Aug 22, 2025
Reet00
Reet00 approved these changes Aug 25, 2025
View reviewed changes
Copy link
Contributor

@Reet00 Reet00 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@github-project-automation github-project-automation bot moved this from To Review to Reviewer Approved in secureCodeBox Aug 25, 2025
@Reet00 Reet00 merged commit bca0f31 into secureCodeBox:main Aug 25, 2025
50 checks passed
@github-project-automation github-project-automation bot moved this from Reviewer Approved to Done in secureCodeBox Aug 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Reet00 Reet00 Reet00 approved these changes

Assignees

@J12934 J12934

Labels

maintenance

Projects

secureCodeBox
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@J12934 @Reet00