fix: add log level support & decrease info level verbosity

Author: michaelprice232

.gitignore

@@ -6,3 +6,5 @@ bin
 
 # Release toolkit
 CHANGELOG.partial.md
+
+.idea

CHANGELOG.md

@@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
+### 🐞 Bug fixes
+- Add log level support & decrease info level verbosity @michaelprice232 [#701](https://github.com/newrelic/k8s-metadata-injection/pull/701)
+
 ## v1.41.0 - 2026-02-02
 
 ### 🚀 Enhancements

README.md

@@ -83,8 +83,9 @@ To run the webhook locally with Minikube:
    # Configure shell to use Minikube's Docker daemon
    eval $(minikube docker-env)
 
-   # Build the image
-   make compile build-container DOCKER_IMAGE_TAG=local-dev
+   # Build the image 
+   # Update the GOOS and GOARCH envars based on your system (https://docs.docker.com/build/building/multi-platform/)
+   make compile build-container DOCKER_IMAGE_TAG=local-dev GOOS=linux GOARCH=arm64
    ```
 
 3. **Install the webhook using Helm**:

charts/nri-metadata-injection/README.md

@@ -56,6 +56,8 @@ spec:
           value: {{ .Values.ports.webhook | quote }}
         - name: NEW_RELIC_K8S_METADATA_INJECTION_HEALTH_PORT
           value: {{ .Values.ports.health | quote }}
+        - name: NEW_RELIC_K8S_METADATA_INJECTION_LOG_LEVEL
+          value: {{ .Values.logLevel | quote }}
         ports:
           - containerPort: {{ .Values.ports.webhook }}
             protocol: TCP

charts/nri-metadata-injection/templates/deployment.yaml

@@ -0,0 +1,29 @@
+suite: test log level configuration
+templates:
+  - templates/deployment.yaml
+release:
+  name: release
+  namespace: ns
+tests:
+  - it: should use default log level when not specified
+    set:
+      cluster: test-cluster
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: NEW_RELIC_K8S_METADATA_INJECTION_LOG_LEVEL
+            value: "info"
+    template: templates/deployment.yaml
+
+  - it: should use correct log level when specified
+    set:
+      cluster: test-cluster
+      logLevel: debug
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: NEW_RELIC_K8S_METADATA_INJECTION_LOG_LEVEL
+            value: "debug"
+    template: templates/deployment.yaml

charts/nri-metadata-injection/tests/log_level_test.yaml

@@ -9,6 +9,9 @@ cluster: ""
 # -- The provider that you are deploying your cluster on. Sets config options providers that are known to have constraints.
 provider:
 
+# -- Log level for the app (e.g., debug, info, warn, error)
+logLevel: info
+
 # -- Image for the New Relic Metadata Injector
 # @default -- See `values.yaml`
 image:

charts/nri-metadata-injection/values.yaml

@@ -33,6 +33,7 @@ type specification struct {
 	TLSKeyFile  string        `default:"/etc/tls-key-cert-pair/tls.key" envconfig:"tls_key_file"`  // File containing the x509 private key for TLSCERTFILE.
 	ClusterName string        `default:"cluster" split_words:"true"`                               // The name of the Kubernetes cluster.
 	Timeout     time.Duration `default:"1s"`                                                       // Server timeout for the pod mutation.
+	LogLevel    string        `default:"info" split_words:"true"`                                  // Logger log level.
 }
 
 func main() {
@@ -42,7 +43,7 @@ func main() {
 		log.Fatal(err.Error())
 	}
 
-	logger := setupLogger()
+	logger := setupLogger(s.LogLevel)
 	defer func() { _ = logger.Sync() }()
 
 	pair, err := tls.LoadX509KeyPair(s.TLSCertFile, s.TLSKeyFile)
@@ -144,7 +145,7 @@ func withLoggingMiddleware(logger *zap.SugaredLogger) func(next http.Handler) ht
 			if r.TLS != nil {
 				scheme = "https"
 			}
-			logger.Infof("%s %s://%s%s %s\" from %s", r.Method, scheme, r.Host, r.RequestURI, r.Proto, r.RemoteAddr)
+			logger.Debugf("%s %s://%s%s %s\" from %s", r.Method, scheme, r.Host, r.RequestURI, r.Proto, r.RemoteAddr)
 
 			next.ServeHTTP(w, r)
 		}
@@ -153,13 +154,33 @@ func withLoggingMiddleware(logger *zap.SugaredLogger) func(next http.Handler) ht
 	}
 }
 
-func setupLogger() *zap.SugaredLogger {
+func setupLogger(lvl string) *zap.SugaredLogger {
+	level := strings.ToLower(strings.TrimSpace(lvl))
+	atom := zap.NewAtomicLevel()
+	invalidLevel := false
+	if err := atom.UnmarshalText([]byte(level)); err != nil {
+		atom.SetLevel(zap.InfoLevel)
+		invalidLevel = true
+	}
+
 	config := zap.NewProductionConfig()
-	config.EncoderConfig.EncodeTime = zapcore.ISO8601TimeEncoder // We want human readable timestamps.
+	config.EncoderConfig.EncodeTime = zapcore.ISO8601TimeEncoder // We want human-readable timestamps.
+	config.Level = atom
 
 	zapLogger, err := config.Build()
 	if err != nil {
 		log.Fatalf("can't initialize zap logger: %v", err)
 	}
-	return zapLogger.Sugar()
+
+	logger := zapLogger.Sugar()
+
+	if invalidLevel {
+		logger.Warnw(
+			"invalid log level, defaulting to info",
+			"provided", level,
+			"default", "info",
+		)
+	}
+
+	return logger
 }

cmd/server/main.go

@@ -0,0 +1,86 @@
+package main
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"go.uber.org/zap/zapcore"
+)
+
+func TestSetupLogger(t *testing.T) {
+	t.Parallel()
+
+	cases := []struct {
+		name          string
+		level         string
+		expectedLevel zapcore.Level
+		shouldWarn    bool
+	}{
+		{
+			name:          "debug level",
+			level:         "debug",
+			expectedLevel: zapcore.DebugLevel,
+			shouldWarn:    false,
+		},
+		{
+			name:          "info level",
+			level:         "info",
+			expectedLevel: zapcore.InfoLevel,
+			shouldWarn:    false,
+		},
+		{
+			name:          "warn level",
+			level:         "warn",
+			expectedLevel: zapcore.WarnLevel,
+			shouldWarn:    false,
+		},
+		{
+			name:          "error level",
+			level:         "error",
+			expectedLevel: zapcore.ErrorLevel,
+			shouldWarn:    false,
+		},
+		{
+			name:          "uppercase level",
+			level:         "INFO",
+			expectedLevel: zapcore.InfoLevel,
+			shouldWarn:    false,
+		},
+		{
+			name:          "level with whitespace",
+			level:         "  warn  ",
+			expectedLevel: zapcore.WarnLevel,
+			shouldWarn:    false,
+		},
+		{
+			name:          "invalid level defaults to info",
+			level:         "invalid",
+			expectedLevel: zapcore.InfoLevel,
+			shouldWarn:    true,
+		},
+		{
+			name:          "empty level defaults to info",
+			level:         "",
+			expectedLevel: zapcore.InfoLevel,
+			shouldWarn:    true,
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			t.Parallel()
+
+			logger := setupLogger(c.level)
+			assert.NotNil(t, logger)
+
+			// Verify the logger's level
+			core := logger.Desugar().Core()
+			assert.True(t, core.Enabled(c.expectedLevel))
+
+			// For invalid levels, verify it still works at info level
+			if c.shouldWarn {
+				assert.True(t, core.Enabled(zapcore.InfoLevel))
+			}
+		})
+	}
+}

cmd/server/main_test.go

@@ -50,7 +50,7 @@ func (whsvr *Webhook) getEnvVarsToInject(pod *corev1.Pod, container *corev1.Cont
 		createEnvVarFromString("NEW_RELIC_METADATA_KUBERNETES_CONTAINER_IMAGE_NAME", container.Image),
 	}
 
-	whsvr.Logger.Infow("creating env variables", "cluster_name", whsvr.ClusterName, "container_name", container.Name, "container_image", container.Image)
+	whsvr.Logger.Debugw("creating env variables", "cluster_name", whsvr.ClusterName, "container_name", container.Name, "container_image", container.Image)
 	// Guess the name of the deployment. We check whether the Pod is Owned by a ReplicaSet and confirms with the
 	// naming convention for a Deployment. This can give a false positive if the user uses ReplicaSets directly.
 	if len(pod.OwnerReferences) == 1 && pod.OwnerReferences[0].Kind == "ReplicaSet" {
@@ -156,12 +156,22 @@ func (whsvr *Webhook) mutate(ar *admissionv1.AdmissionReview) ([]byte, error) {
 		return nil, err
 	}
 
-	whsvr.Logger.Infow("received admission review", "kind", req.Kind, "namespace", req.Namespace, "name",
+	willMutate := mutationRequired(ignoredNamespaces, &pod.ObjectMeta)
+	whsvr.Logger.Infow(
+		"admission review received",
+		"operation", req.Operation,
+		"kind", req.Kind.Kind,
+		"namespace", pod.Namespace,
+		"podGenerateName", pod.GenerateName, // final pod name not set until after the admission webhooks have run
+		"uid", req.UID,
+		"mutate", willMutate,
+	)
+
+	whsvr.Logger.Debugw("received admission review", "kind", req.Kind, "namespace", req.Namespace, "name",
 		req.Name, "pod", pod.Name, "UID", req.UID, "operation", req.Operation, "userinfo", req.UserInfo)
 
 	// determine whether to perform mutation
-	if !mutationRequired(ignoredNamespaces, &pod.ObjectMeta) {
-		whsvr.Logger.Infow("skipped mutation", "namespace", pod.Namespace, "pod", pod.Name, "reason", "policy check (special namespaces)")
+	if !willMutate {
 		return nil, nil
 	}
 
@@ -170,7 +180,7 @@ func (whsvr *Webhook) mutate(ar *admissionv1.AdmissionReview) ([]byte, error) {
 		return nil, err
 	}
 
-	whsvr.Logger.Infow("admission response created", "response", string(patchBytes))
+	whsvr.Logger.Debugw("admission response created", "response", string(patchBytes))
 	return patchBytes, nil
 }
 
@@ -259,7 +269,7 @@ func (whsvr *Webhook) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, fmt.Sprintf("could not encode response: %v", err), http.StatusInternalServerError)
 		return
 	}
-	whsvr.Logger.Info("writing response")
+	whsvr.Logger.Debug("writing response")
 	if _, err := w.Write(resp); err != nil {
 		whsvr.Logger.Errorw("can't write response", "err", err)
 		http.Error(w, fmt.Sprintf("could not write response: %v", err), http.StatusInternalServerError)