Migrate to slog

go.mod

@@ -5,8 +5,7 @@ go 1.21
 require (
 	github.com/coreos/go-systemd/v22 v22.5.0
 	github.com/fatih/color v1.15.0
-	github.com/go-logr/logr v1.2.4
-	github.com/go-logr/zapr v1.2.4
+	github.com/go-logr/logr v1.4.1
 	github.com/golang/mock v1.6.0
 	github.com/google/go-cmp v0.6.0
 	github.com/google/nftables v0.1.1-0.20230115205135-9aa6fdf5a28c

go.sum

@@ -14,7 +14,6 @@ github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kd
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
@@ -52,8 +51,8 @@ github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
-github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
 github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA=
 github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY=
@@ -366,14 +365,10 @@ go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAV
 go.mongodb.org/mongo-driver v1.12.1 h1:nLkghSU8fQNaK7oUmDhQFsnrtcoNy7Z6LVFKsEecqgE=
 go.mongodb.org/mongo-driver v1.12.1/go.mod h1:/rGBTebI3XYboVmgz+Wv3Bcbl3aD0QF9zl6kDDw18rQ=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
-go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
 go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
 go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -390,7 +385,6 @@ golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -487,7 +481,6 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
 golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=

main.go

@@ -4,14 +4,13 @@ import (
 	"context"
 	"flag"
 	"fmt"
+	"log/slog"
 	"os"
 	"time"
 
 	"github.com/metal-stack/v"
 
-	"github.com/go-logr/zapr"
-	"go.uber.org/zap"
-	"go.uber.org/zap/zapcore"
+	"github.com/go-logr/logr"
 
 	corev1 "k8s.io/api/core/v1"
 	apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
@@ -88,73 +87,84 @@ func main() {
 		return
 	}
 
-	l, err := newZapLogger(logLevel)
-	if err != nil {
-		setupLog.Error(err, "unable to parse log level")
-		os.Exit(1)
-	}
-	ctrl.SetLogger(zapr.NewLogger(l.Desugar()))
+	jsonHandler := slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{})
+	l := slog.New(jsonHandler)
 
-	l.Infow("using kubeconfig path", "path", kubeconfigPath)
+	ctrl.SetLogger(logr.FromSlogHandler(jsonHandler))
+
+	l.Info("using kubeconfig path", "path", kubeconfigPath)
 
 	var (
 		ctx        = ctrl.SetupSignalHandler()
 		seedConfig = ctrl.GetConfigOrDie()
 	)
 
+	// FIXME validation and controller start should be refactored into own func which returns error
+	// instead Fatalw or Error and panic here.
+	var err error
 	if firewallName == "" {
 		firewallName, err = os.Hostname()
 		if err != nil {
-			l.Fatalw("unable to default firewall name flag to hostname", "error", err)
+			l.Error("unable to default firewall name flag to hostname", "error", err)
+			panic(err)
 		}
 	}
 
 	if kubeconfigPath == "" {
-		l.Fatalw("kubeconfig path is empty, aborting")
+		l.Error("kubeconfig path is empty, aborting")
+		panic(err)
 	}
 
 	seedClient, err := controllerclient.New(seedConfig, controllerclient.Options{
 		Scheme: scheme,
 	})
 	if err != nil {
-		l.Fatalw("unable to create seed client", "error", err)
+		l.Error("unable to create seed client", "error", err)
+		panic(err)
 	}
 
 	rawKubeconfig, err := os.ReadFile(kubeconfigPath)
 	if err != nil {
-		l.Fatalw("unable to read kubeconfig", "path", kubeconfigPath, "error", err)
+		l.Error("unable to read kubeconfig", "path", kubeconfigPath, "error", err)
+		panic(err)
 	}
 
 	seedNamespace, err := getSeedNamespace(rawKubeconfig)
 	if err != nil {
-		l.Fatalw("unable to find seed namespace from kubeconfig", "error", err)
+		l.Error("unable to find seed namespace from kubeconfig", "error", err)
+		panic(err)
 	}
 
 	fw, err := findResponsibleFirewall(ctx, seedClient, firewallName, seedNamespace)
 	if err != nil {
-		l.Fatalw("unable to find firewall resource to be responsible for", "error", err)
+		l.Error("unable to find firewall resource to be responsible for", "error", err)
+		panic(err)
 	}
 
-	l.Infow("found firewall resource to be responsible for", "firewall-name", firewallName, "namespace", seedNamespace)
+	l.Info("found firewall resource to be responsible for", "firewall-name", firewallName, "namespace", seedNamespace)
 
 	shootAccessHelper := helper.NewShootAccessHelper(seedClient, fw.Status.ShootAccess)
 	if err != nil {
-		l.Fatalw("unable to construct shoot access helper", "error", err)
+		l.Error("unable to construct shoot access helper", "error", err)
+		panic(err)
 	}
 
 	accessTokenUpdater, err := helper.NewShootAccessTokenUpdater(shootAccessHelper, "/etc/firewall-controller")
 	if err != nil {
-		l.Fatalw("unable to create shoot access token updater", "error", err)
+		l.Error("unable to create shoot access token updater", "error", err)
+		panic(err)
 	}
 
 	err = accessTokenUpdater.UpdateContinuously(ctrl.Log.WithName("token-updater"), ctx)
 	if err != nil {
-		l.Fatalw("unable to start token updater", "error", err)
+		l.Error("unable to start token updater", "error", err)
+		panic(err)
 	}
 
 	shootConfig, err := shootAccessHelper.RESTConfig(ctx)
 	if err != nil {
-		l.Fatalw("unable to create shoot config", "error", err)
+		l.Error("unable to create shoot config", "error", err)
+		panic(err)
 	}
 
 	seedMgr, err := ctrl.NewManager(seedConfig, ctrl.Options{
@@ -168,7 +178,8 @@ func main() {
 		LeaderElection:        false, // leader election does not make sense for this controller, it's always single managed by systemd
 	})
 	if err != nil {
-		l.Fatalw("unable to create seed manager", "error", err)
+		l.Error("unable to create seed manager", "error", err)
+		panic(err)
 	}
 
 	shootMgr, err := ctrl.NewManager(shootConfig, ctrl.Options{
@@ -177,12 +188,14 @@ func main() {
 		LeaderElection:     false,
 	})
 	if err != nil {
-		l.Fatalw("unable to create shoot manager", "error", err)
+		l.Error("unable to create shoot manager", "error", err)
+		panic(err)
 	}
 
 	shootClient, err := controllerclient.New(shootConfig, controllerclient.Options{Scheme: scheme})
 	if err != nil {
-		l.Fatalw("unable to create shoot client", "error", err)
+		l.Error("unable to create shoot client", "error", err)
+		panic(err)
 	}
 
 	updater := updater.New(ctrl.Log.WithName("updater"), shootMgr.GetEventRecorderFor("FirewallController"))
@@ -209,7 +222,8 @@ func main() {
 		SeedUpdatedFunc: fwmReconciler.SeedUpdated,
 		TokenUpdater:    accessTokenUpdater,
 	}).SetupWithManager(seedMgr); err != nil {
-		l.Fatalw("unable to create firewall controller", "error", err)
+		l.Error("unable to create firewall controller", "error", err)
+		panic(err)
 	}
 
 	// Droptailer Reconciler
@@ -218,7 +232,8 @@ func main() {
 		Log:         ctrl.Log.WithName("controllers").WithName("Droptailer"),
 		HostsFile:   hostsFile,
 	}).SetupWithManager(shootMgr); err != nil {
-		l.Fatalw("unable to create droptailer controller", "error", err)
+		l.Error("unable to create droptailer controller", "error", err)
+		panic(err)
 	}
 
 	// ClusterwideNetworkPolicy Reconciler
@@ -229,20 +244,23 @@ func main() {
 		FirewallName:  firewallName,
 		SeedNamespace: seedNamespace,
 	}).SetupWithManager(shootMgr); err != nil {
-		l.Fatalw("unable to create clusterwidenetworkpolicy controller", "error", err)
+		l.Error("unable to create clusterwidenetworkpolicy controller", "error", err)
+		panic(err)
 	}
 
 	if err = (&controllers.ClusterwideNetworkPolicyValidationReconciler{
 		ShootClient: shootMgr.GetClient(),
 		Log:         ctrl.Log.WithName("controllers").WithName("ClusterwideNetworkPolicyValidation"),
 		Recorder:    shootMgr.GetEventRecorderFor("FirewallController"),
 	}).SetupWithManager(shootMgr); err != nil {
-		l.Fatalw("unable to create clusterwidenetworkpolicyvalidation controller", "error", err)
+		l.Error("unable to create clusterwidenetworkpolicyvalidation controller", "error", err)
+		panic(err)
 	}
 
 	// FirewallMonitorReconciler
 	if err = (fwmReconciler).SetupWithManager(shootMgr); err != nil {
-		l.Fatalw("unable to create firewall monitor controller", "error", err)
+		l.Error("unable to create firewall monitor controller", "error", err)
+		panic(err)
 	}
 
 	// +kubebuilder:scaffold:builder
@@ -256,46 +274,28 @@ func main() {
 	defer cancel()
 	err = updater.Run(updaterCtx, fw)
 	if err != nil {
-		l.Fatalw("unable to update firewall components", "error", err)
+		l.Error("unable to update firewall components", "error", err)
+		panic(err)
 	}
 
 	go func() {
-		l.Infow("starting shoot controller", "version", v.V)
+		l.Info("starting shoot controller", "version", v.V)
 		if err := shootMgr.Start(ctx); err != nil {
-			l.Fatalw("problem running shoot controller", "error", err)
+			l.Error("problem running shoot controller", "error", err)
 		}
 	}()
 
 	err = sysctl.Tune(l)
 	if err != nil {
-		l.Errorw("unable to tune kernel", "error", err)
+		l.Error("unable to tune kernel", "error", err)
 	}
 
 	if err := seedMgr.Start(ctx); err != nil {
-		l.Errorw("problem running seed controller", "error", err)
+		l.Error("problem running seed controller", "error", err)
 		panic(err)
 	}
 }
 
-func newZapLogger(levelString string) (*zap.SugaredLogger, error) {
-	level, err := zap.ParseAtomicLevel(levelString)
-	if err != nil {
-		return nil, fmt.Errorf("unable to parse log level: %w", err)
-	}
-
-	cfg := zap.NewProductionConfig()
-	cfg.Level = level
-	cfg.EncoderConfig.TimeKey = "timestamp"
-	cfg.EncoderConfig.EncodeTime = zapcore.RFC3339TimeEncoder
-
-	l, err := cfg.Build()
-	if err != nil {
-		return nil, fmt.Errorf("can't initialize zap logger: %w", err)
-	}
-
-	return l.Sugar(), nil
-}
-
 func findResponsibleFirewall(ctx context.Context, seed controllerclient.Client, firewallName, seedNamespace string) (*firewallv2.Firewall, error) {
 	fwList := &firewallv2.FirewallList{}
 	err := seed.List(ctx, fwList, &controllerclient.ListOptions{

pkg/sysctl/sysctl.go

@@ -2,12 +2,11 @@ package sysctl
 
 import (
 	"fmt"
+	"log/slog"
 	"os"
 	"path"
 	"strconv"
 	"strings"
-
-	"go.uber.org/zap"
 )
 
 const (
@@ -31,8 +30,8 @@ type (
 	Module string
 )
 
-func Tune(log *zap.SugaredLogger) error {
-	log.Infow("set sysctl value", "key", nfConntrackMax, "value", nfConntrackMaxSetting)
+func Tune(log *slog.Logger) error {
+	log.Info("set sysctl value", "key", nfConntrackMax, "value", nfConntrackMaxSetting)
 	err := Set(nfConntrackMax, nfConntrackMaxSetting)
 	if err != nil {
 		return fmt.Errorf("unable to set value of %q %w", nfConntrackMax, err)
@@ -43,7 +42,7 @@ func Tune(log *zap.SugaredLogger) error {
 		return fmt.Errorf("unable to get value of %q %w", nfConntrackMax, err)
 	}
 
-	log.Infow("set module value", "key", nfConntrackHashSize, "value", nfConntrackHashSizeSetting)
+	log.Info("set module value", "key", nfConntrackHashSize, "value", nfConntrackHashSizeSetting)
 	err = SetModule(nfConntrackHashSize, nfConntrackHashSizeSetting)
 	if err != nil {
 		return fmt.Errorf("unable to set module parameter %w", err)
@@ -54,7 +53,7 @@ func Tune(log *zap.SugaredLogger) error {
 		return fmt.Errorf("unable to get value of %q %w", nfConntrackMax, err)
 	}
 
-	log.Infow("sysctl and module parameters set", "conntrack max", conntrackMax, "hash size", hashSize)
+	log.Info("sysctl and module parameters set", "conntrack max", conntrackMax, "hash size", hashSize)
 	return nil
 }