feat: add logs for admission which aren't allowed

Signed-off-by: David Weber <[email protected]>
Kong · May 25, 2024 · 452af5e · 452af5e
1 parent 9b86378
commit 452af5e
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -142,6 +142,8 @@ Adding a new version? You'll need three changes:
   [#6010](https://github.com/Kong/kubernetes-ingress-controller/pull/6010)
   [#6047](https://github.com/Kong/kubernetes-ingress-controller/pull/6047)
   [#6071](https://github.com/Kong/kubernetes-ingress-controller/pull/6071)
+- Add `INFO` log when admission result is not allowed
+  [#6084](https://github.com/Kong/kubernetes-ingress-controller/issues/6084)
 
 - Add support for Kubernetes Gateway API v1.1:
   - add a flag `--enable-controller-gwapi-grpcroute` to control whether enable or disable GRPCRoute controller.

diff --git a/internal/admission/handler.go b/internal/admission/handler.go
@@ -63,6 +63,18 @@ func (h RequestHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
+
+	if response.Allowed != true {
+		h.Logger.Info(
+			"Object not allowed",
+			"name", review.Request.Name,
+			"kind", review.Request.Kind.Kind,
+			"namespace", review.Request.Namespace,
+			"message", response.Result.Message,
+			"details", response.Result.Details,
+		)
+	}
+
 	review.Response = response
 
 	if err := json.NewEncoder(w).Encode(&review); err != nil {