remove all remaining non-structured logging (logs.V function)

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
2024-12-12 09:04:04 +00:00 · 2024-12-12 09:04:04 +00:00 · 7f7e0c7ced
commit 7f7e0c7ced
parent c62660abc8
9 changed files with 94 additions and 73 deletions
--- a/pkg/api/util/conditions.go
+++ b/pkg/api/util/conditions.go
@ -18,6 +18,7 @@ package util

 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/klog/v2"
 	"k8s.io/utils/clock"

 	cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
@ -82,7 +83,12 @@ func SetIssuerCondition(i cmapi.GenericIssuer, observedGeneration int64, conditi
 		if cond.Status == status {
 			newCondition.LastTransitionTime = cond.LastTransitionTime
 		} else {
-			logf.V(logf.InfoLevel).Infof("Found status change for Issuer %q condition %q: %q -> %q; setting lastTransitionTime to %v", i.GetObjectMeta().Name, conditionType, cond.Status, status, nowTime.Time)
+			logf.Log.V(logf.InfoLevel).Info("Found status change for Issuer condition; setting lastTransitionTime",
+				"issuer", klog.KObj(i),
+				"condition", conditionType,
+				"oldStatus", cond.Status,
+				"status", status,
+				"lastTransitionTime", nowTime.Time)
 		}

 		// Overwrite the existing condition
@ -93,7 +99,10 @@ func SetIssuerCondition(i cmapi.GenericIssuer, observedGeneration int64, conditi
 	// If we've not found an existing condition of this type, we simply insert
 	// the new condition into the slice.
 	i.GetStatus().Conditions = append(i.GetStatus().Conditions, newCondition)
-	logf.V(logf.InfoLevel).Infof("Setting lastTransitionTime for Issuer %q condition %q to %v", i.GetObjectMeta().Name, conditionType, nowTime.Time)
+	logf.Log.V(logf.InfoLevel).Info("Setting lastTransitionTime for Issuer condition",
+		"issuer", klog.KObj(i),
+		"condition", conditionType,
+		"lastTransitionTime", nowTime.Time)
 }

 // CertificateHasCondition will return true if the given Certificate has a
@ -189,7 +198,12 @@ func SetCertificateCondition(crt *cmapi.Certificate, observedGeneration int64, c
 		if cond.Status == status {
 			newCondition.LastTransitionTime = cond.LastTransitionTime
 		} else {
-			logf.V(logf.InfoLevel).Infof("Found status change for Certificate %q condition %q: %q -> %q; setting lastTransitionTime to %v", crt.Name, conditionType, cond.Status, status, nowTime.Time)
+			logf.Log.V(logf.InfoLevel).Info("Found status change for Certificate condition; setting lastTransitionTime",
+				"certificate", klog.KObj(crt),
+				"condition", conditionType,
+				"oldStatus", cond.Status,
+				"status", status,
+				"lastTransitionTime", nowTime.Time)
 		}

 		// Overwrite the existing condition
@ -200,7 +214,10 @@ func SetCertificateCondition(crt *cmapi.Certificate, observedGeneration int64, c
 	// If we've not found an existing condition of this type, we simply insert
 	// the new condition into the slice.
 	crt.Status.Conditions = append(crt.Status.Conditions, newCondition)
-	logf.V(logf.InfoLevel).Infof("Setting lastTransitionTime for Certificate %q condition %q to %v", crt.Name, conditionType, nowTime.Time)
+	logf.Log.V(logf.InfoLevel).Info("Setting lastTransitionTime for Certificate condition",
+		"certificate", klog.KObj(crt),
+		"condition", conditionType,
+		"lastTransitionTime", nowTime.Time)
 }

 // RemoveCertificateCondition will remove any condition with this condition type
@ -249,7 +266,12 @@ func SetCertificateRequestCondition(cr *cmapi.CertificateRequest, conditionType
 		if cond.Status == status {
 			newCondition.LastTransitionTime = cond.LastTransitionTime
 		} else {
-			logf.V(logf.InfoLevel).Infof("Found status change for CertificateRequest %q condition %q: %q -> %q; setting lastTransitionTime to %v", cr.Name, conditionType, cond.Status, status, nowTime.Time)
+			logf.Log.V(logf.InfoLevel).Info("Found status change for CertificateRequest condition; setting lastTransitionTime",
+				"certificateRequest", klog.KObj(cr),
+				"condition", conditionType,
+				"oldStatus", cond.Status,
+				"status", status,
+				"lastTransitionTime", nowTime.Time)
 		}

 		// Overwrite the existing condition
@ -260,7 +282,10 @@ func SetCertificateRequestCondition(cr *cmapi.CertificateRequest, conditionType
 	// If we've not found an existing condition of this type, we simply insert
 	// the new condition into the slice.
 	cr.Status.Conditions = append(cr.Status.Conditions, newCondition)
-	logf.V(logf.InfoLevel).Infof("Setting lastTransitionTime for CertificateRequest %q condition %q to %v", cr.Name, conditionType, nowTime.Time)
+	logf.Log.V(logf.InfoLevel).Info("Setting lastTransitionTime for CertificateRequest condition",
+		"certificateRequest", klog.KObj(cr),
+		"condition", conditionType,
+		"lastTransitionTime", nowTime.Time)
 }

 // CertificateRequestHasCondition will return true if the given
--- a/pkg/controller/acmechallenges/sync.go
+++ b/pkg/controller/acmechallenges/sync.go
@ -149,7 +149,7 @@ func (c *controller) Sync(ctx context.Context, chOriginal *cmacme.Challenge) (er
 	if ch.Status.State == "" {
 		err := c.syncChallengeStatus(ctx, cl, ch)
 		if err != nil {
-			return handleError(ch, err)
+			return handleError(ctx, ch, err)
 		}

 		// if the state has not changed, return an error
@ -172,7 +172,7 @@ func (c *controller) Sync(ctx context.Context, chOriginal *cmacme.Challenge) (er
 		// Find out which identity the ACME server says it will use.
 		dir, err := cl.Discover(ctx)
 		if err != nil {
-			return handleError(ch, err)
+			return handleError(ctx, ch, err)
 		}
 		// TODO(dmo): figure out if missing CAA identity in directory
 		// means no CAA check is performed by ACME server or if any valid
@ -227,7 +227,7 @@ func (c *controller) Sync(ctx context.Context, chOriginal *cmacme.Challenge) (er
 // handleError will handle ACME error types, updating the challenge resource
 // with any new information found whilst inspecting the error response.
 // This may include marking the challenge as expired.
-func handleError(ch *cmacme.Challenge, err error) error {
+func handleError(ctx context.Context, ch *cmacme.Challenge, err error) error {
 	if err == nil {
 		return nil
 	}
@ -237,7 +237,7 @@ func handleError(ch *cmacme.Challenge, err error) error {
 	if acmeErr, ok = err.(*acmeapi.Error); !ok {
 		ch.Status.State = cmacme.Errored
 		ch.Status.Reason = fmt.Sprintf("unexpected non-ACME API error: %v", err)
-		logf.V(logf.ErrorLevel).ErrorS(err, "unexpected non-ACME API error")
+		logf.FromContext(ctx).V(logf.ErrorLevel).Error(err, "unexpected non-ACME API error")
 		return err
 	}

@ -386,7 +386,7 @@ func (c *controller) acceptChallenge(ctx context.Context, cl acmecl.Interface, c
 	if err != nil {
 		log.Error(err, "error accepting challenge")
 		ch.Status.Reason = fmt.Sprintf("Error accepting challenge: %v", err)
-		return handleError(ch, err)
+		return handleError(ctx, ch, err)
 	}

 	log.V(logf.DebugLevel).Info("waiting for authorization for domain")
@ -401,7 +401,7 @@ func (c *controller) acceptChallenge(ctx context.Context, cl acmecl.Interface, c
 	authorization, err := cl.WaitAuthorization(ctxTimeout, ch.Spec.AuthorizationURL)
 	if err != nil {
 		log.Error(err, "error waiting for authorization")
-		return c.handleAuthorizationError(ch, err)
+		return c.handleAuthorizationError(ctxTimeout, ch, err)
 	}

 	ch.Status.State = cmacme.State(authorization.Status)
@ -411,10 +411,10 @@ func (c *controller) acceptChallenge(ctx context.Context, cl acmecl.Interface, c
 	return nil
 }

-func (c *controller) handleAuthorizationError(ch *cmacme.Challenge, err error) error {
+func (c *controller) handleAuthorizationError(ctx context.Context, ch *cmacme.Challenge, err error) error {
 	authErr, ok := err.(*acmeapi.AuthorizationError)
 	if !ok {
-		return handleError(ch, err)
+		return handleError(ctx, ch, err)
 	}

 	// TODO: the AuthorizationError above could technically contain the final
--- a/pkg/controller/certificate-shim/sync.go
+++ b/pkg/controller/certificate-shim/sync.go
@ -99,13 +99,13 @@ func SyncFnFor(
 		}

 		if !hasShimAnnotation(ingLike, autoAnnotations) {
-			logf.V(logf.DebugLevel).Infof("not syncing ingress resource as it does not contain a %q or %q annotation",
-				cmapi.IngressIssuerNameAnnotationKey, cmapi.IngressClusterIssuerNameAnnotationKey)
+			log.V(logf.DebugLevel).Info("not syncing ingress resource",
+				"reason", fmt.Sprintf("it does not contain a %q or %q annotation", cmapi.IngressIssuerNameAnnotationKey, cmapi.IngressClusterIssuerNameAnnotationKey))
 			return nil
 		}

 		if isDeletedInForeground(ingLike) {
-			logf.V(logf.DebugLevel).Infof("not syncing ingress resource as it is being deleted via foreground cascading")
+			log.V(logf.DebugLevel).Info("not syncing ingress resource", "reason", "it is being deleted via foreground cascading")
 			return nil
 		}

--- a/pkg/controller/certificatesigningrequests/util/conditions.go
+++ b/pkg/controller/certificatesigningrequests/util/conditions.go
@ -20,6 +20,7 @@ import (
 	certificatesv1 "k8s.io/api/certificates/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/klog/v2"
 	"k8s.io/utils/clock"

 	logf "github.com/cert-manager/cert-manager/pkg/logs"
@ -69,8 +70,10 @@ func CertificateSigningRequestSetFailed(csr *certificatesv1.CertificateSigningRe
 		LastUpdateTime:     nowTime,
 	})

-	logf.V(logf.InfoLevel).Infof("Setting lastTransitionTime for CertificateSigningRequest %s/%s condition Failed to %v",
-		csr.Namespace, csr.Name, nowTime.Time)
+	logf.Log.V(logf.InfoLevel).Info("Setting lastTransitionTime for CertificateSigningRequest condition",
+		"certificateSigningRequest", klog.KObj(csr),
+		"condition", certificatesv1.CertificateFailed,
+		"lastTransitionTime", nowTime.Time)
 }

 func certificateSigningRequestGetCondition(csr *certificatesv1.CertificateSigningRequest, condType certificatesv1.RequestConditionType) *certificatesv1.CertificateSigningRequestCondition {
--- a/pkg/issuer/acme/dns/akamai/akamai.go
+++ b/pkg/issuer/acme/dns/akamai/akamai.go
@ -97,20 +97,20 @@ func findHostedDomainByFqdn(ctx context.Context, fqdn string, ns []string) (stri

 // Present creates/updates a TXT record to fulfill the dns-01 challenge.
 func (a *DNSProvider) Present(ctx context.Context, domain, fqdn, value string) error {
-	logf.V(logf.DebugLevel).Infof("entering Present. domain: %s, fqdn: %s, value: %s", domain, fqdn, value)
+	logf.FromContext(ctx).V(logf.DebugLevel).Info("entering Present", "domain", domain, "fqdn", fqdn, "value", value)

 	hostedDomain, err := a.findHostedDomainByFqdn(ctx, fqdn, a.dns01Nameservers)
 	if err != nil {
 		return fmt.Errorf("edgedns: failed to determine hosted domain for %q: %w", fqdn, err)
 	}
 	hostedDomain = util.UnFqdn(hostedDomain)
-	logf.V(logf.DebugLevel).Infof("hostedDomain: %s", hostedDomain)
+	logf.FromContext(ctx).V(logf.DebugLevel).Info("calculated hosted domain", "hostedDomain", hostedDomain)

 	recordName, err := makeTxtRecordName(fqdn, hostedDomain)
 	if err != nil {
 		return fmt.Errorf("edgedns: failed to create TXT record name: %w", err)
 	}
-	logf.V(logf.DebugLevel).Infof("recordName: %s", recordName)
+	logf.FromContext(ctx).V(logf.DebugLevel).Info("calculated TXT record name", "recordName", recordName)

 	record, err := a.dnsclient.GetRecord(hostedDomain, recordName, "TXT")
 	if err != nil && !a.isNotFound(err) {
@ -122,7 +122,7 @@ func (a *DNSProvider) Present(ctx context.Context, domain, fqdn, value string) e
 	}

 	if record != nil {
-		logf.V(logf.InfoLevel).Infof("edgedns: TXT record already exists. Updating target")
+		logf.FromContext(ctx).V(logf.InfoLevel).Info("edgedns: TXT record already exists. Updating target")

 		if containsValue(record.Target, value) {
 			// have a record and have entry already
@ -157,20 +157,20 @@ func (a *DNSProvider) Present(ctx context.Context, domain, fqdn, value string) e

 // CleanUp removes/updates the TXT record matching the specified parameters.
 func (a *DNSProvider) CleanUp(ctx context.Context, domain, fqdn, value string) error {
-	logf.V(logf.DebugLevel).Infof("entering CleanUp. domain: %s, fqdn: %s, value: %s", domain, fqdn, value)
+	logf.FromContext(ctx).V(logf.DebugLevel).Info("entering CleanUp", "domain", domain, "fqdn", fqdn, "value", value)

 	hostedDomain, err := a.findHostedDomainByFqdn(ctx, fqdn, a.dns01Nameservers)
 	if err != nil {
 		return fmt.Errorf("edgedns: failed to determine hosted domain for %q: %w", fqdn, err)
 	}
 	hostedDomain = util.UnFqdn(hostedDomain)
-	logf.V(logf.DebugLevel).Infof("hostedDomain: %s", hostedDomain)
+	logf.FromContext(ctx).V(logf.DebugLevel).Info("calculated hosted domain", "hostedDomain", hostedDomain)

 	recordName, err := makeTxtRecordName(fqdn, hostedDomain)
 	if err != nil {
 		return fmt.Errorf("edgedns: failed to create TXT record name: %w", err)
 	}
-	logf.V(logf.DebugLevel).Infof("recordName: %s", recordName)
+	logf.FromContext(ctx).V(logf.DebugLevel).Info("calculated TXT record name", "recordName", recordName)

 	existingRec, err := a.dnsclient.GetRecord(hostedDomain, recordName, "TXT")
 	if err != nil {
@ -203,7 +203,7 @@ func (a *DNSProvider) CleanUp(ctx context.Context, domain, fqdn, value string) e

 	if len(newRData) > 0 {
 		existingRec.Target = newRData
-		logf.V(logf.DebugLevel).Infof("updating Akamai TXT record: %s, data: %s", existingRec.Name, newRData)
+		logf.FromContext(ctx).V(logf.DebugLevel).Info("updating Akamai TXT record", "recordName", existingRec.Name, "data", newRData)
 		err = a.dnsclient.RecordUpdate(existingRec, hostedDomain)
 		if err != nil {
 			return fmt.Errorf("edgedns: TXT record update failed: %w", err)
@ -212,7 +212,7 @@ func (a *DNSProvider) CleanUp(ctx context.Context, domain, fqdn, value string) e
 		return nil
 	}

-	logf.V(logf.DebugLevel).Infof("deleting Akamai TXT record %s", existingRec.Name)
+	logf.FromContext(ctx).V(logf.DebugLevel).Info("deleting Akamai TXT record", "recordName", existingRec.Name)
 	err = a.dnsclient.RecordDelete(existingRec, hostedDomain)
 	if err != nil {
 		return fmt.Errorf("edgedns: TXT record delete failed: %w", err)
--- a/pkg/issuer/acme/dns/rfc2136/rfc2136.go
+++ b/pkg/issuer/acme/dns/rfc2136/rfc2136.go
@ -81,16 +81,18 @@ func NewDNSProviderCredentials(nameserver, tsigAlgorithm, tsigKeyName, tsigSecre
 	}
 	d.tsigAlgorithm = tsigAlgorithm

-	logf.V(logf.DebugLevel).Infof("DNSProvider nameserver:       %s\n", d.nameserver)
-	logf.V(logf.DebugLevel).Infof("            tsigAlgorithm:    %s\n", d.tsigAlgorithm)
-	logf.V(logf.DebugLevel).Infof("            tsigKeyName:      %s\n", d.tsigKeyName)
 	keyLen := len(d.tsigSecret)
 	mask := make([]rune, keyLen/2)
 	for i := range mask {
 		mask[i] = '*'
 	}
 	masked := d.tsigSecret[0:keyLen/4] + string(mask) + d.tsigSecret[keyLen/4*3:keyLen]
-	logf.V(logf.DebugLevel).Infof("            tsigSecret:       %s\n", masked)
+	logf.Log.V(logf.DebugLevel).Info("DNSProvider",
+		"nameserver", d.nameserver,
+		"tsigAlgorithm", d.tsigAlgorithm,
+		"tsigKeyName", d.tsigKeyName,
+		"tsigSecret", masked,
+	)

 	return d, nil
 }
--- a/pkg/issuer/acme/dns/util/wait.go
+++ b/pkg/issuer/acme/dns/util/wait.go
@ -91,7 +91,7 @@ func followCNAMEs(ctx context.Context, fqdn string, nameservers []string, fqdnCh
 		if !ok || cn.Hdr.Name != fqdn {
 			continue
 		}
-		logf.V(logf.DebugLevel).Infof("Updating FQDN: %s with its CNAME: %s", fqdn, cn.Target)
+		logf.FromContext(ctx).V(logf.DebugLevel).Info("Updating FQDN", "fqdn", fqdn, "cname", cn.Target)
 		// Check if we were here before to prevent loops in the chain of CNAME records.
 		for _, fqdnInChain := range fqdnChain {
 			if cn.Target != fqdnInChain {
@ -142,7 +142,7 @@ func checkAuthoritativeNss(ctx context.Context, fqdn, value string, nameservers
 			return false, fmt.Errorf("NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn)
 		}

-		logf.V(logf.DebugLevel).Infof("Looking up TXT records for %q", fqdn)
+		logf.FromContext(ctx).V(logf.DebugLevel).Info("Looking up TXT records", "fqdn", fqdn)
 		var found bool
 		for _, rr := range r.Answer {
 			if txt, ok := rr.(*dns.TXT); ok {
@ -157,7 +157,7 @@ func checkAuthoritativeNss(ctx context.Context, fqdn, value string, nameservers
 			return false, nil
 		}
 	}
-	logf.V(logf.DebugLevel).Infof("Selfchecking using the DNS Lookup method was successful")
+	logf.FromContext(ctx).V(logf.DebugLevel).Info("Selfchecking using the DNS Lookup method was successful")
 	return true, nil
 }

@ -199,7 +199,7 @@ func DNSQuery(ctx context.Context, fqdn string, rtype uint16, nameservers []stri
 			// Try TCP if UDP fails
 			if (in != nil && in.Truncated) ||
 				(err != nil && strings.HasPrefix(err.Error(), "read udp") && strings.HasSuffix(err.Error(), "i/o timeout")) {
-				logf.V(logf.DebugLevel).Infof("UDP dns lookup failed, retrying with TCP: %v", err)
+				logf.FromContext(ctx).V(logf.DebugLevel).Info("UDP dns lookup failed, retrying with TCP", "err", err)
 				// If the TCP request succeeds, the err will reset to nil
 				in, _, err = tcp.ExchangeContext(ctx, m, ns)
 			}
@ -376,7 +376,7 @@ func matchCAA(caas []*dns.CAA, issuerIDs map[string]bool, iswildcard bool) bool
 func lookupNameservers(ctx context.Context, fqdn string, nameservers []string) ([]string, error) {
 	var authoritativeNss []string

-	logf.V(logf.DebugLevel).Infof("Searching fqdn %q using seed nameservers [%s]", fqdn, strings.Join(nameservers, ", "))
+	logf.FromContext(ctx).V(logf.DebugLevel).Info("Searching fqdn", "fqdn", fqdn, "seedNameservers", nameservers)
 	zone, err := FindZoneByFqdn(ctx, fqdn, nameservers)
 	if err != nil {
 		return nil, fmt.Errorf("Could not determine the zone for %q: %v", fqdn, err)
@ -394,7 +394,7 @@ func lookupNameservers(ctx context.Context, fqdn string, nameservers []string) (
 	}

 	if len(authoritativeNss) > 0 {
-		logf.V(logf.DebugLevel).Infof("Returning authoritative nameservers [%s]", strings.Join(authoritativeNss, ", "))
+		logf.FromContext(ctx).V(logf.DebugLevel).Info("Returning authoritative nameservers", "authoritativeNameservers", authoritativeNss)
 		return authoritativeNss, nil
 	}
 	return nil, fmt.Errorf("Could not determine authoritative nameservers for %q", fqdn)
@ -407,7 +407,7 @@ func FindZoneByFqdn(ctx context.Context, fqdn string, nameservers []string) (str
 	// Do we have it cached?
 	if zone, ok := fqdnToZone[fqdn]; ok {
 		fqdnToZoneLock.RUnlock()
-		logf.V(logf.DebugLevel).Infof("Returning cached zone record %q for fqdn %q", zone, fqdn)
+		logf.FromContext(ctx).V(logf.DebugLevel).Info("Returning cached zone record", "zoneRecord", zone, "fqdn", fqdn)
 		return zone, nil
 	}
 	fqdnToZoneLock.RUnlock()
@ -461,7 +461,7 @@ func FindZoneByFqdn(ctx context.Context, fqdn string, nameservers []string) (str

 				zone := soa.Hdr.Name
 				fqdnToZone[fqdn] = zone
-				logf.V(logf.DebugLevel).Infof("Returning discovered zone record %q for fqdn %q", zone, fqdn)
+				logf.FromContext(ctx).V(logf.DebugLevel).Info("Returning discovered zone record", "zoneRecord", zone, "fqdn", fqdn)
 				return zone, nil
 			}
 		}
--- a/pkg/issuer/vault/setup.go
+++ b/pkg/issuer/vault/setup.go
@ -18,6 +18,9 @@ package vault

 import (
 	"context"
+	"fmt"
+
+	"k8s.io/klog/v2"

 	vaultinternal "github.com/cert-manager/cert-manager/internal/vault"
 	apiutil "github.com/cert-manager/cert-manager/pkg/api/util"
@ -32,11 +35,12 @@ const (

 	errorVault = "VaultError"

-	messageVaultClientInitFailed = "Failed to initialize Vault client: "
-	messageVaultConfigRequired   = "Vault config cannot be empty"
-	messageServerAndPathRequired = "Vault server and path are required fields"
-	messageAuthFieldsRequired    = "Vault tokenSecretRef, appRole, clientCertificate, or kubernetes is required"
-	messageMultipleAuthFieldsSet = "Multiple auth methods cannot be set on the same Vault issuer"
+	messageVaultClientInitFailed             = "Failed to initialize Vault client"
+	messageVaultInitializedAndUnsealedFailed = "Failed to verify Vault is initialized and unsealed"
+	messageVaultConfigRequired               = "Vault config cannot be empty"
+	messageServerAndPathRequired             = "Vault server and path are required fields"
+	messageAuthFieldsRequired                = "Vault tokenSecretRef, appRole, clientCertificate, or kubernetes is required"
+	messageMultipleAuthFieldsSet             = "Multiple auth methods cannot be set on the same Vault issuer"

 	messageKubeAuthRoleRequired      = "Vault Kubernetes auth requires a role to be set"
 	messageKubeAuthEitherRequired    = "Vault Kubernetes auth requires either secretRef.name or serviceAccountRef.name to be set"
@ -49,7 +53,7 @@ const (
 // Setup creates a new Vault client and attempts to authenticate with the Vault instance and sets the issuer's conditions to reflect the success of the setup.
 func (v *Vault) Setup(ctx context.Context) error {
 	if v.issuer.GetSpec().Vault == nil {
-		logf.V(logf.WarnLevel).Infof("%s: %s", v.issuer.GetObjectMeta().Name, messageVaultConfigRequired)
+		logf.FromContext(ctx).V(logf.WarnLevel).Info(messageVaultConfigRequired, "issuer", klog.KObj(v.issuer))
 		apiutil.SetIssuerCondition(v.issuer, v.issuer.GetGeneration(), v1.IssuerConditionReady, cmmeta.ConditionFalse, errorVault, messageVaultConfigRequired)
 		return nil
 	}
@ -57,7 +61,7 @@ func (v *Vault) Setup(ctx context.Context) error {
 	// check if Vault server info is specified.
 	if v.issuer.GetSpec().Vault.Server == "" ||
 		v.issuer.GetSpec().Vault.Path == "" {
-		logf.V(logf.WarnLevel).Infof("%s: %s", v.issuer.GetObjectMeta().Name, messageServerAndPathRequired)
+		logf.FromContext(ctx).V(logf.WarnLevel).Info(messageServerAndPathRequired, "issuer", klog.KObj(v.issuer))
 		apiutil.SetIssuerCondition(v.issuer, v.issuer.GetGeneration(), v1.IssuerConditionReady, cmmeta.ConditionFalse, errorVault, messageServerAndPathRequired)
 		return nil
 	}
@ -69,7 +73,7 @@ func (v *Vault) Setup(ctx context.Context) error {

 	// check if at least one auth method is specified.
 	if tokenAuth == nil && appRoleAuth == nil && clientCertificateAuth == nil && kubeAuth == nil {
-		logf.V(logf.WarnLevel).Infof("%s: %s", v.issuer.GetObjectMeta().Name, messageAuthFieldsRequired)
+		logf.FromContext(ctx).V(logf.WarnLevel).Info(messageAuthFieldsRequired, "issuer", klog.KObj(v.issuer))
 		apiutil.SetIssuerCondition(v.issuer, v.issuer.GetGeneration(), v1.IssuerConditionReady, cmmeta.ConditionFalse, errorVault, messageAuthFieldsRequired)
 		return nil
 	}
@ -79,33 +83,33 @@ func (v *Vault) Setup(ctx context.Context) error {
 		(tokenAuth == nil && appRoleAuth != nil && clientCertificateAuth == nil && kubeAuth == nil) ||
 		(tokenAuth == nil && appRoleAuth == nil && clientCertificateAuth != nil && kubeAuth == nil) ||
 		(tokenAuth == nil && appRoleAuth == nil && clientCertificateAuth == nil && kubeAuth != nil)) {
-		logf.V(logf.WarnLevel).Infof("%s: %s", v.issuer.GetObjectMeta().Name, messageMultipleAuthFieldsSet)
+		logf.FromContext(ctx).V(logf.WarnLevel).Info(messageMultipleAuthFieldsSet, "issuer", klog.KObj(v.issuer))
 		apiutil.SetIssuerCondition(v.issuer, v.issuer.GetGeneration(), v1.IssuerConditionReady, cmmeta.ConditionFalse, errorVault, messageMultipleAuthFieldsSet)
 		return nil
 	}

 	// check if all mandatory Vault Token fields are set.
 	if tokenAuth != nil && len(tokenAuth.Name) == 0 {
-		logf.V(logf.WarnLevel).Infof("%s: %s", v.issuer.GetObjectMeta().Name, messageTokenAuthNameRequired)
+		logf.FromContext(ctx).V(logf.WarnLevel).Info(messageTokenAuthNameRequired, "issuer", klog.KObj(v.issuer))
 		apiutil.SetIssuerCondition(v.issuer, v.issuer.GetGeneration(), v1.IssuerConditionReady, cmmeta.ConditionFalse, errorVault, messageTokenAuthNameRequired)
 		return nil
 	}

 	// check if all mandatory Vault appRole fields are set.
 	if appRoleAuth != nil && (len(appRoleAuth.RoleId) == 0 || len(appRoleAuth.SecretRef.Name) == 0) {
-		logf.V(logf.WarnLevel).Infof("%s: %s", v.issuer.GetObjectMeta().Name, messageAppRoleAuthFieldsRequired)
+		logf.FromContext(ctx).V(logf.WarnLevel).Info(messageAppRoleAuthFieldsRequired, "issuer", klog.KObj(v.issuer))
 		apiutil.SetIssuerCondition(v.issuer, v.issuer.GetGeneration(), v1.IssuerConditionReady, cmmeta.ConditionFalse, errorVault, messageAppRoleAuthFieldsRequired)
 		return nil
 	}
 	if appRoleAuth != nil && len(appRoleAuth.SecretRef.Key) == 0 {
-		logf.V(logf.WarnLevel).Infof("%s: %s", v.issuer.GetObjectMeta().Name, messageAppRoleAuthKeyRequired)
+		logf.FromContext(ctx).V(logf.WarnLevel).Info(messageAppRoleAuthKeyRequired, "issuer", klog.KObj(v.issuer))
 		apiutil.SetIssuerCondition(v.issuer, v.issuer.GetGeneration(), v1.IssuerConditionReady, cmmeta.ConditionFalse, errorVault, messageAppRoleAuthKeyRequired)
 		return nil
 	}

 	// When using the Kubernetes auth, giving a role is mandatory.
 	if kubeAuth != nil && len(kubeAuth.Role) == 0 {
-		logf.V(logf.WarnLevel).Infof("%s: %s", v.issuer.GetObjectMeta().Name, messageKubeAuthRoleRequired)
+		logf.FromContext(ctx).V(logf.WarnLevel).Info(messageKubeAuthRoleRequired, "issuer", klog.KObj(v.issuer))
 		apiutil.SetIssuerCondition(v.issuer, v.issuer.GetGeneration(), v1.IssuerConditionReady, cmmeta.ConditionFalse, errorVault, messageKubeAuthRoleRequired)
 		return nil
 	}
@ -113,7 +117,7 @@ func (v *Vault) Setup(ctx context.Context) error {
 	// When using the Kubernetes auth, you must either set secretRef or
 	// serviceAccountRef.
 	if kubeAuth != nil && (kubeAuth.SecretRef.Name == "" && kubeAuth.ServiceAccountRef == nil) {
-		logf.V(logf.WarnLevel).Infof("%s: %s", v.issuer.GetObjectMeta().Name, messageKubeAuthEitherRequired)
+		logf.FromContext(ctx).V(logf.WarnLevel).Info(messageKubeAuthEitherRequired, "issuer", klog.KObj(v.issuer))
 		apiutil.SetIssuerCondition(v.issuer, v.issuer.GetGeneration(), v1.IssuerConditionReady, cmmeta.ConditionFalse, errorVault, messageKubeAuthEitherRequired)
 		return nil
 	}
@ -121,26 +125,25 @@ func (v *Vault) Setup(ctx context.Context) error {
 	// When using the Kubernetes auth, you can't use secretRef and
 	// serviceAccountRef simultaneously.
 	if kubeAuth != nil && (kubeAuth.SecretRef.Name != "" && kubeAuth.ServiceAccountRef != nil) {
-		logf.V(logf.WarnLevel).Infof("%s: %s", v.issuer.GetObjectMeta().Name, messageKubeAuthSingleRequired)
+		logf.FromContext(ctx).V(logf.WarnLevel).Info(messageKubeAuthSingleRequired, "issuer", klog.KObj(v.issuer))
 		apiutil.SetIssuerCondition(v.issuer, v.issuer.GetGeneration(), v1.IssuerConditionReady, cmmeta.ConditionFalse, errorVault, messageKubeAuthSingleRequired)
 		return nil
 	}

 	client, err := vaultinternal.New(ctx, v.resourceNamespace, v.createTokenFn, v.secretsLister, v.issuer)
 	if err != nil {
-		s := messageVaultClientInitFailed + err.Error()
-		logf.V(logf.WarnLevel).Infof("%s: %s", v.issuer.GetObjectMeta().Name, s)
-		apiutil.SetIssuerCondition(v.issuer, v.issuer.GetGeneration(), v1.IssuerConditionReady, cmmeta.ConditionFalse, errorVault, s)
+		logf.FromContext(ctx).V(logf.WarnLevel).Info(messageVaultClientInitFailed, "err", err, "issuer", klog.KObj(v.issuer))
+		apiutil.SetIssuerCondition(v.issuer, v.issuer.GetGeneration(), v1.IssuerConditionReady, cmmeta.ConditionFalse, errorVault, fmt.Sprintf("%s: %s", messageVaultClientInitFailed, err.Error()))
 		return err
 	}

 	if err := client.IsVaultInitializedAndUnsealed(); err != nil {
-		logf.V(logf.WarnLevel).Infof("%s: %s", v.issuer.GetObjectMeta().Name, err.Error())
-		apiutil.SetIssuerCondition(v.issuer, v.issuer.GetGeneration(), v1.IssuerConditionReady, cmmeta.ConditionFalse, errorVault, err.Error())
+		logf.FromContext(ctx).V(logf.WarnLevel).Info(messageVaultInitializedAndUnsealedFailed, "err", err, "issuer", klog.KObj(v.issuer))
+		apiutil.SetIssuerCondition(v.issuer, v.issuer.GetGeneration(), v1.IssuerConditionReady, cmmeta.ConditionFalse, errorVault, fmt.Sprintf("%s: %s", messageVaultInitializedAndUnsealedFailed, err.Error()))
 		return err
 	}

-	logf.Log.V(logf.DebugLevel).Info(messageVaultVerified)
+	logf.FromContext(ctx).V(logf.DebugLevel).Info(messageVaultVerified, "issuer", klog.KObj(v.issuer))
 	apiutil.SetIssuerCondition(v.issuer, v.issuer.GetGeneration(), v1.IssuerConditionReady, cmmeta.ConditionTrue, successVaultVerified, messageVaultVerified)
 	return nil
 }
--- a/pkg/logs/logs.go
+++ b/pkg/logs/logs.go
@ -20,7 +20,6 @@ import (
 	"context"
 	"flag"
 	"fmt"
-	"math"

 	"github.com/go-logr/logr"
 	"github.com/spf13/pflag"
@ -169,17 +168,6 @@ func NewContext(ctx context.Context, l logr.Logger, names ...string) context.Con
 	return logr.NewContext(ctx, l)
 }

-func V(level int) klog.Verbose {
-	switch {
-	case level < math.MinInt32:
-		return klog.V(klog.Level(math.MinInt32))
-	case level > math.MaxInt32:
-		return klog.V(klog.Level(math.MaxInt32))
-	default:
-		return klog.V(klog.Level(level))
-	}
-}
-
 // LogWithFormat is a wrapper for logger that adds Infof method to log messages
 // with the given format and arguments.
 //