Skip to content

Commit afb9849

Browse files
haircommanderhaircommander
committed
WIP: debug
Signed-off-by: Peter Hunt <[email protected]>
1 parent 4dada5e commit afb9849

File tree

1 file changed

+10
-0
lines changed

1 file changed

+10
-0
lines changed

openshift-kube-apiserver/authorization/minimumkubeletversion/minimum_kubelet_version.go

+10
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ import (
1515
v1listers "k8s.io/client-go/listers/core/v1"
1616
cache "k8s.io/client-go/tools/cache"
1717
"k8s.io/component-base/featuregate"
18+
"k8s.io/klog/v2"
1819
api "k8s.io/kubernetes/pkg/apis/core"
1920
"k8s.io/kubernetes/pkg/auth/nodeidentifier"
2021
)
@@ -47,6 +48,7 @@ func NewMinimumKubeletVersion(minVersion *semver.Version,
4748

4849
func (m *minimumKubeletVersionAuth) Authorize(ctx context.Context, attrs authorizer.Attributes) (authorizer.Decision, string, error) {
4950
if m.minVersion == nil {
51+
klog.Infof("XXXXXXXX not enabled %v", attrs.GetUser())
5052
return authorizer.DecisionNoOpinion, "", nil
5153
}
5254

@@ -57,34 +59,42 @@ func (m *minimumKubeletVersionAuth) Authorize(ctx context.Context, attrs authori
5759
switch requestResource {
5860
case api.Resource("nodes"):
5961
if v := attrs.GetVerb(); v == "get" || v == "update" {
62+
klog.Infof("XXXXXXXX nodes %v", attrs.GetUser())
6063
return authorizer.DecisionNoOpinion, "", nil
6164
}
6265
case authorizationv1.Resource("subjectaccessreviews"):
66+
klog.Infof("XXXXXXXX SAR %v", attrs.GetUser())
6367
return authorizer.DecisionNoOpinion, "", nil
6468
}
6569
}
6670

6771
nodeName, isNode := m.nodeIdentifier.NodeIdentity(attrs.GetUser())
6872
if !isNode {
73+
klog.Infof("XXXXXXXX not a node %v", attrs.GetUser())
6974
// ignore requests from non-nodes
7075
return authorizer.DecisionNoOpinion, "", nil
7176
}
7277

7378
if !m.hasNodeInformerSyncedFn() {
79+
klog.Infof("XXXXXXXX not synced %v", attrs.GetUser())
7480
return authorizer.DecisionDeny, "", fmt.Errorf("node informer not synced, cannot check if node %s is new enough", nodeName)
7581
}
7682

7783
node, err := m.nodeLister.Get(nodeName)
7884
if err != nil {
85+
klog.Infof("XXXXXXXX failed to get %v", attrs.GetUser())
7986
return authorizer.DecisionDeny, "", err
8087
}
8188

8289
if err := nodelib.IsNodeTooOld(node, m.minVersion); err != nil {
8390
if errors.Is(err, nodelib.ErrKubeletOutdated) {
91+
klog.Infof("XXXXXXXX outdated %v", attrs.GetUser())
8492
return authorizer.DecisionDeny, err.Error(), nil
8593
}
94+
klog.Infof("XXXXXXXX other err %v", attrs.GetUser())
8695
return authorizer.DecisionDeny, "", err
8796
}
8897

98+
klog.Infof("XXXXXXXX success %v", attrs.GetUser())
8999
return authorizer.DecisionNoOpinion, "", nil
90100
}

0 commit comments

Comments
 (0)