diff --git a/cmd/secrets-store-csi-driver/main.go b/cmd/secrets-store-csi-driver/main.go index 2e46ce094..d7d63ac24 100644 --- a/cmd/secrets-store-csi-driver/main.go +++ b/cmd/secrets-store-csi-driver/main.go @@ -85,6 +85,17 @@ func main() { func mainErr() error { klog.InitFlags(nil) + // Opt into the new klog behavior where -stderrthreshold is honored even + // when -logtostderr=true (see kubernetes/klog#212, kubernetes/klog#432). + // Set stderrthreshold=INFO to preserve backward-compatible behavior + // (all logs still appear on stderr by default). Users can now override + // -stderrthreshold to WARNING or ERROR to reduce stderr noise. + if err := flag.Set("legacy_stderr_threshold_behavior", "false"); err != nil { + klog.ErrorS(err, "failed to set legacy_stderr_threshold_behavior flag") + } + if err := flag.Set("stderrthreshold", "INFO"); err != nil { + klog.ErrorS(err, "failed to set stderrthreshold flag") + } flag.Parse() diff --git a/go.mod b/go.mod index 89ab92883..e0bf399f1 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( k8s.io/api v0.30.1 k8s.io/apimachinery v0.30.1 k8s.io/client-go v0.30.1 - k8s.io/klog/v2 v2.120.1 + k8s.io/klog/v2 v2.140.0 k8s.io/mount-utils v0.26.4 monis.app/mlog v0.0.2 sigs.k8s.io/controller-runtime v0.18.7 diff --git a/go.sum b/go.sum index 3da42f86e..2da24f0a9 100644 --- a/go.sum +++ b/go.sum @@ -815,8 +815,8 @@ k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= -k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= -k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc= +k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= diff --git a/manifest_staging/charts/secrets-store-csi-driver/README.md b/manifest_staging/charts/secrets-store-csi-driver/README.md index eb33ab519..c7e542071 100644 --- a/manifest_staging/charts/secrets-store-csi-driver/README.md +++ b/manifest_staging/charts/secrets-store-csi-driver/README.md @@ -104,6 +104,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p | `windows.updateStrategy` | Configure a custom update strategy for the daemonset on windows nodes | `RollingUpdate with 1 maxUnavailable` | | `logVerbosity` | Log level. Uses V logs (klog) | `0` | | `logFormatJSON` | Use JSON logging format | `false` | +| `stderrThreshold` | Minimum severity for klog messages written to stderr (INFO, WARNING, ERROR, FATAL). Requires klog v2.140.0+ with -legacy_stderr_threshold_behavior=false set by the driver | `INFO` | | `livenessProbe.port` | Liveness probe port | `9808` | | `livenessProbe.logLevel` | Liveness probe container logging verbosity level | `2` | | `maxCallRecvMsgSize` | Maximum size in bytes of gRPC response from plugins | `4194304` | diff --git a/manifest_staging/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml b/manifest_staging/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml index 194a9a04b..15062ab0f 100644 --- a/manifest_staging/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml +++ b/manifest_staging/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml @@ -71,6 +71,9 @@ spec: {{- if .Values.logFormatJSON }} - --log-format-json={{ .Values.logFormatJSON }} {{- end }} + {{- if .Values.stderrThreshold }} + - "-stderrthreshold={{ .Values.stderrThreshold }}" + {{- end }} - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" - "--provider-volume={{ .Values.windows.providersDir }}" diff --git a/manifest_staging/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml b/manifest_staging/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml index 0cf30642d..be63eb426 100644 --- a/manifest_staging/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml +++ b/manifest_staging/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml @@ -71,6 +71,9 @@ spec: {{- if .Values.logFormatJSON }} - --log-format-json={{ .Values.logFormatJSON }} {{- end }} + {{- if .Values.stderrThreshold }} + - "-stderrthreshold={{ .Values.stderrThreshold }}" + {{- end }} - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" - "--provider-volume={{ .Values.linux.providersDir }}" diff --git a/manifest_staging/charts/secrets-store-csi-driver/values.yaml b/manifest_staging/charts/secrets-store-csi-driver/values.yaml index 31433e006..60de1040e 100644 --- a/manifest_staging/charts/secrets-store-csi-driver/values.yaml +++ b/manifest_staging/charts/secrets-store-csi-driver/values.yaml @@ -202,6 +202,12 @@ logVerbosity: 0 # logging format JSON logFormatJSON: false +# stderrthreshold controls the minimum severity of log messages written to +# stderr when -logtostderr=true (the default). Requires klog v2.140.0+ with +# -legacy_stderr_threshold_behavior=false which is set by the driver. +# Valid values: INFO, WARNING, ERROR, FATAL (default: INFO). +# stderrThreshold: "" + livenessProbe: port: 9808 logLevel: 2 diff --git a/test/e2eprovider/go.mod b/test/e2eprovider/go.mod index 3d078700f..c4f2371ca 100644 --- a/test/e2eprovider/go.mod +++ b/test/e2eprovider/go.mod @@ -7,7 +7,7 @@ replace sigs.k8s.io/secrets-store-csi-driver => ../.. require ( github.com/google/go-cmp v0.7.0 google.golang.org/grpc v1.79.3 - k8s.io/klog/v2 v2.130.1 + k8s.io/klog/v2 v2.140.0 monis.app/mlog v0.0.4 sigs.k8s.io/secrets-store-csi-driver v0.0.0-00010101000000-000000000000 sigs.k8s.io/yaml v1.6.0 diff --git a/test/e2eprovider/go.sum b/test/e2eprovider/go.sum index da0834f44..8c1bedf2f 100644 --- a/test/e2eprovider/go.sum +++ b/test/e2eprovider/go.sum @@ -144,8 +144,8 @@ k8s.io/apimachinery v0.34.1 h1:dTlxFls/eikpJxmAC7MVE8oOeP1zryV7iRyIjB0gky4= k8s.io/apimachinery v0.34.1/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= k8s.io/component-base v0.34.1 h1:v7xFgG+ONhytZNFpIz5/kecwD+sUhVE6HU7qQUiRM4A= k8s.io/component-base v0.34.1/go.mod h1:mknCpLlTSKHzAQJJnnHVKqjxR7gBeHRv0rPXA7gdtQ0= -k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= -k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc= +k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0= k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= monis.app/mlog v0.0.4 h1:YEzh5sguG4ApywaRWnBU+mGP6SA4WxOqiJ36u+KtoeE=