Patrick Ohly
Patrick Ohly
Forget `klog.SetOutput`. In order to integrate with Kubernetes, you want to write an implementation of a `logr.Logger` and configure OTel output in https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/component-base/logs/api/v1. For example, [JSON output](https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/component-base/logs/json) is a backend...
Something like that would be a good first step. But for integration into Kubernetes someone needs to think through all of the consequences (how to activate and configure the feature,...
How did you configure `klog`? When using the "modern" https://github.com/kubernetes/klog/tree/main/textlogger, there should be a single write per log entry: https://github.com/kubernetes/klog/blob/75663bb798999a49e3e4c0f2375ed5cca8164194/textlogger/textlogger.go#L138
That textlogger is a `logr.Logger` implementation. I was just trying to figure out what you meant with "klog".
The CEL expressions in the VAP would have to parse the vendor configuration data, then check it. This is not going to work (CEL too limited).
Some relevant documentation: - https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#additional-metadata-in-pod-bound-tokens (provides the correlation with the node, if I am not mistaken)
/assign @carlory
I agree, let's add at least the RBAC rules. I've updated the description with more recent links.
/assign