add log.level and log.encoding to all components (#3558)

* add log.level and log.encoding to all components

Signed-off-by: Aviv Guiser <avivguiser@gmail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>

deploy/charts/external-secrets/README.md

@@ -49,6 +49,7 @@ The command removes all the Kubernetes components associated with the chart and
 | certController.image.repository | string | `"ghcr.io/external-secrets/external-secrets"` |  |
 | certController.image.tag | string | `""` |  |
 | certController.imagePullSecrets | list | `[]` |  |
+| certController.log | object | `{"level":"info","timeEncoding":"epoch"}` | Specifices Log Params to the Webhook |
 | certController.metrics.listen.port | int | `8080` |  |
 | certController.metrics.service.annotations | object | `{}` | Additional service annotations |
 | certController.metrics.service.enabled | bool | `false` | Enable if you use another monitoring tool than Prometheus to scrape the metrics |
@@ -114,6 +115,7 @@ The command removes all the Kubernetes components associated with the chart and
 | imagePullSecrets | list | `[]` |  |
 | installCRDs | bool | `true` | If set, install and upgrade CRDs through helm chart. |
 | leaderElect | bool | `false` | If true, external-secrets will perform leader election between instances to ensure no more than one instance of external-secrets operates at a time. |
+| log | object | `{"level":"info","timeEncoding":"epoch"}` | Specifices Log Params to the Webhook |
 | metrics.listen.port | int | `8080` |  |
 | metrics.service.annotations | object | `{}` | Additional service annotations |
 | metrics.service.enabled | bool | `false` | Enable if you use another monitoring tool than Prometheus to scrape the metrics |
@@ -185,6 +187,7 @@ The command removes all the Kubernetes components associated with the chart and
 | webhook.image.repository | string | `"ghcr.io/external-secrets/external-secrets"` |  |
 | webhook.image.tag | string | `""` | The image tag to use. The default is the chart appVersion. |
 | webhook.imagePullSecrets | list | `[]` |  |
+| webhook.log | object | `{"level":"info","timeEncoding":"epoch"}` | Specifices Log Params to the Webhook |
 | webhook.lookaheadInterval | string | `""` | Specifices the lookaheadInterval for certificate validity |
 | webhook.metrics.listen.port | int | `8080` |  |
 | webhook.metrics.service.annotations | object | `{}` | Additional service annotations |

deploy/charts/external-secrets/templates/cert-controller-deployment.yaml

@@ -60,6 +60,8 @@ spec:
           - --secret-namespace={{ template "external-secrets.namespace" . }}
           - --metrics-addr=:{{ .Values.certController.metrics.listen.port }}
           - --healthz-addr={{ .Values.certController.readinessProbe.address }}:{{ .Values.certController.readinessProbe.port }}
+          - --loglevel={{ .Values.certController.log.level }}
+          - --zap-time-encoding={{ .Values.certController.log.timeEncoding }}
           {{ if not .Values.crds.createClusterSecretStore -}}
           - --crd-names=externalsecrets.external-secrets.io
           - --crd-names=secretstores.external-secrets.io

deploy/charts/external-secrets/templates/deployment.yaml

@@ -91,6 +91,8 @@ spec:
           {{- end }}
           {{- end }}
           - --metrics-addr=:{{ .Values.metrics.listen.port }}
+          - --loglevel={{ .Values.log.level }}
+          - --zap-time-encoding={{ .Values.log.timeEncoding }}
           ports:
             - containerPort: {{ .Values.metrics.listen.port }}
               protocol: TCP

deploy/charts/external-secrets/templates/webhook-deployment.yaml

@@ -59,6 +59,8 @@ spec:
           - --check-interval={{ .Values.webhook.certCheckInterval }}
           - --metrics-addr=:{{ .Values.webhook.metrics.listen.port }}
           - --healthz-addr={{ .Values.webhook.readinessProbe.address }}:{{ .Values.webhook.readinessProbe.port }}
+          - --loglevel={{ .Values.webhook.log.level }}
+          - --zap-time-encoding={{ .Values.webhook.log.timeEncoding }}
           {{- if .Values.webhook.lookaheadInterval }}
           - --lookahead-interval={{ .Values.webhook.lookaheadInterval }}
           {{- end }}

deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap

@@ -38,6 +38,8 @@ should match snapshot of default values:
                 - --secret-namespace=NAMESPACE
                 - --metrics-addr=:8080
                 - --healthz-addr=:8081
+                - --loglevel=info
+                - --zap-time-encoding=epoch
               image: ghcr.io/external-secrets/external-secrets:v0.9.19
               imagePullPolicy: IfNotPresent
               name: cert-controller

deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap

@@ -32,6 +32,8 @@ should match snapshot of default values:
             - args:
                 - --concurrent=1
                 - --metrics-addr=:8080
+                - --loglevel=info
+                - --zap-time-encoding=epoch
               image: ghcr.io/external-secrets/external-secrets:v0.9.19
               imagePullPolicy: IfNotPresent
               name: external-secrets

deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap

@@ -2588,6 +2588,9 @@ should match snapshot of default values:
                                     - serviceAccountRef
                                   type: object
                               type: object
+                            location:
+                              description: Location optionally defines a location for a secret
+                              type: string
                             projectID:
                               description: ProjectID project where secret is located
                               type: string

deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap

@@ -37,6 +37,8 @@ should match snapshot of default values:
                 - --check-interval=5m
                 - --metrics-addr=:8080
                 - --healthz-addr=:8081
+                - --loglevel=info
+                - --zap-time-encoding=epoch
               image: ghcr.io/external-secrets/external-secrets:v0.9.19
               imagePullPolicy: IfNotPresent
               name: webhook

deploy/charts/external-secrets/values.yaml

@@ -85,7 +85,10 @@ createOperator: true
 # -- Specifies the number of concurrent ExternalSecret Reconciles external-secret executes at
 # a time.
 concurrent: 1
-
+# -- Specifices Log Params to the Webhook
+log:
+  level: info
+  timeEncoding: epoch
 service:
   # -- Set the ip family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services)
   ipFamilyPolicy: ""
@@ -240,7 +243,10 @@ webhook:
   # -- Specifices the lookaheadInterval for certificate validity
   lookaheadInterval: ""
   replicaCount: 1
-
+  # -- Specifices Log Params to the Webhook
+  log:
+    level: info
+    timeEncoding: epoch
   # -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy)
   revisionHistoryLimit: 10
 
@@ -400,7 +406,10 @@ certController:
   create: true
   requeueInterval: "5m"
   replicaCount: 1
-
+  # -- Specifices Log Params to the Webhook
+  log:
+    level: info
+    timeEncoding: epoch
   # -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy)
   revisionHistoryLimit: 10
 

docs/api/controller-options.md

@@ -28,6 +28,7 @@ The core controller is invoked without a subcommand and can be configured with t
 | `--experimental-enable-aws-session-cache`     | boolean  | false                         | Enable experimental AWS session cache. External secret will reuse the AWS session without creating a new one on each request.                                      |
 | `--help`                                      |          |                               | help for external-secrets                                                                                                                                          |
 | `--loglevel`                                  | string   | info                          | loglevel to use, one of: debug, info, warn, error, dpanic, panic, fatal                                                                                            |
+| `--zap-time-encoding`                                  | string   | epoch                          | loglevel to use, one of: epoch, millis, nano, iso8601, rfc3339, rfc3339nano                                                                                            |
 | `--metrics-addr`                              | string   | :8080                         | The address the metric endpoint binds to.                                                                                                                          |
 | `--namespace`                                 | string   | -                             | watch external secrets scoped in the provided namespace only. ClusterSecretStore can be used but only work if it doesn't reference resources from other namespaces |
 | `--store-requeue-interval`                    | duration | 5m0s                          | Default Time duration between reconciling (Cluster)SecretStores                                                                                                    |
@@ -41,6 +42,7 @@ The core controller is invoked without a subcommand and can be configured with t
 | `--healthz-addr`           | string   | :8081                    | The address the health endpoint binds to.                                                                             |
 | `--help`                   |          |                          | help for certcontroller                                                                                               |
 | `--loglevel`               | string   | info                     | loglevel to use, one of: debug, info, warn, error, dpanic, panic, fatal                                               |
+| `--zap-time-encoding`                                  | string   | epoch                          | time encoding to use, one of: epoch, millis, nano, iso8601, rfc3339, rfc3339nano                                                                                            |
 | `--metrics-addr`           | string   | :8080                    | The address the metric endpoint binds to.                                                                             |
 | `--secret-name`            | string   | external-secrets-webhook | Secret to store certs for webhook                                                                                     |
 | `--secret-namespace`       | string   | default                  | namespace of the secret to store certs                                                                                |
@@ -57,6 +59,7 @@ The core controller is invoked without a subcommand and can be configured with t
 | `--healthz-addr`       | string   | :8081                                 | The address the health endpoint binds to.                                                                                                                                                                                                                                                                                                                                                                                |
 | `--help`               |          |                                       | help for webhook                                                                                                                                                                                                                                                                                                                                                                                                         |
 | `--loglevel`           | string   | info                                  | loglevel to use, one of: debug, info, warn, error, dpanic, panic, fatal                                                                                                                                                                                                                                                                                                                                                  |
+| `--zap-time-encoding`                                  | string   | epoch                          | time encoding to use, one of: epoch, millis, nano, iso8601, rfc3339, rfc3339nano                                                                                            |
 | `--lookahead-interval` | duration | 2160h0m0s (90d)                       | certificate check interval                                                                                                                                                                                                                                                                                                                                                                                               |
 | `--metrics-addr`       | string   | :8080                                 | The address the metric endpoint binds to.                                                                                                                                                                                                                                                                                                                                                                                |
 | `--port`               | number   | 10250                                 | Port number that the webhook server will serve.                                                                                                                                                                                                                                                                                                                                                                          |