From 7893b49bcd410d09398f5e7d8c906a03a95e83eb Mon Sep 17 00:00:00 2001 From: David Weber Date: Sat, 25 May 2024 15:20:05 +0200 Subject: [PATCH] feat: add logs for admission which aren't allowed Signed-off-by: David Weber --- CHANGELOG.md | 2 ++ internal/admission/handler.go | 11 +++++++++++ 2 files changed, 13 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa4f1c29f1..2968b89615 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -142,6 +142,8 @@ Adding a new version? You'll need three changes: [#6010](https://github.com/Kong/kubernetes-ingress-controller/pull/6010) [#6047](https://github.com/Kong/kubernetes-ingress-controller/pull/6047) [#6071](https://github.com/Kong/kubernetes-ingress-controller/pull/6071) +- Add `INFO` log when admission result is not allowed + [#6084](https://github.com/Kong/kubernetes-ingress-controller/issues/6084) - Add support for Kubernetes Gateway API v1.1: - add a flag `--enable-controller-gwapi-grpcroute` to control whether enable or disable GRPCRoute controller. diff --git a/internal/admission/handler.go b/internal/admission/handler.go index 0b3fd95dbd..4970a9f783 100644 --- a/internal/admission/handler.go +++ b/internal/admission/handler.go @@ -63,6 +63,17 @@ func (h RequestHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { http.Error(w, err.Error(), http.StatusInternalServerError) return } + + if response.Allowed != true { + h.Logger.Info( + "Object admission request not allowed", + "name", review.Request.Name, + "kind", review.Request.Kind.Kind, + "namespace", review.Request.Namespace, + "message", response.Result.Message, + ) + } + review.Response = response if err := json.NewEncoder(w).Encode(&review); err != nil {