Skip to main content
Version: 1.13


The Go SDK integrates with the onelog project, almost out of the box.

The project has chosen this library as:

  • It works with WebAssembly binaries. Other popular logging solutions can't compile to target WebAssembly.
  • It provides good performance.
  • It supports structured logging.

Initialize logger

You need to initialize a logger structure. By performing this initialization in a global variable, you can log from the two main policy entry points: validate and validate_settings.

In the main package, main.go there is initialization for the logger:

var (
logWriter = kubewarden.KubewardenLogWriter{}
logger = onelog.New(
onelog.ALL, // shortcut for onelog.DEBUG|onelog.INFO|onelog.WARN|onelog.ERROR|onelog.FATAL

Consuming the logger

Now, you can use the logger object to log from wherever required your policy:

func validate(payload []byte) ([]byte, error) {
// ...
logger.Info("validating request")
// ...

You can add structured logging:

func validate(payload []byte) ([]byte, error) {
// ...
logger.WarnWithFields("logging something important", func(e onelog.Entry) {
e.String("one_field", "a value")
e.String("another_field", "another value")
// ...

You can refer to the onelog documentation for more information.

Policy logging goes to the policy evaluator (for example, kwctl or policy-server), and they log on behalf of the policy. They use mechanisms that are interoperable with other components that enable distributed tracing such as Jaeger.