dnsmasq-nanny: honor -stderrthreshold flag via klog v2.140.0

[pierluigilenoci]

Summary

klog v2 defaults -logtostderr=true, which silently overrides -stderrthreshold. This makes it impossible to filter log output by severity level using the -stderrthreshold flag in dnsmasq-nanny.

klog v2.140.0 (kubernetes/klog#432) introduced the legacy_stderr_threshold_behavior feature flag that fixes this long-standing behavior (upstream issue: kubernetes/klog#212).

Changes

• Bump k8s.io/klog/v2 from v2.130.1 to v2.140.0
• cmd/dnsmasq-nanny/main.go: After klog.InitFlags(nil), set legacy_stderr_threshold_behavior=false and stderrthreshold=INFO so that -stderrthreshold is honored even when -logtostderr=true (the default)

Why

Without this fix, passing -stderrthreshold=WARNING (or any other severity) to dnsmasq-nanny has no effect because klog's legacy behavior copies all log output to stderr regardless of the threshold. The new klog flag restores the expected semantics: only messages at or above the configured severity threshold are written to stderr.

Testing

• go build ./cmd/dnsmasq-nanny/... succeeds
• go build ./cmd/kube-dns/... succeeds
• go build ./cmd/sidecar/... succeeds
• (node-cache has a pre-existing build failure on non-Linux due to iptables dependency — unrelated to this change)

[k8s-ci-robot]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: pierluigilenoci
Once this PR has been reviewed and has the lgtm label, please assign mrhohn for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[pierluigilenoci]

Hi — friendly follow-up. Would you be able to review this PR when you get a chance? Thank you!

[DamianSawicki]

This repository is planned to be archived (#759 (comment), kubernetes/kubernetes#137556). Consider migrating away from dnsmasq-nanny or arguing against archiving.

[DamianSawicki]

It seems cmd/dnsmasq-nanny/main.go has not used stderrthreshold before, and it's only proposed in the present PR. I suppose the behavior without these two new flags was to log everything.

• In order not to change this existing behavior, stderrthreshold should probably default to WARNING.
• In order to allow the user to adjust filtering to their preferences, stderrthreshold should be configurable and not hardcoded.

[pierluigilenoci]

Thanks for the review @DamianSawicki, and for the context on the archival plans (#759, kubernetes/kubernetes#137556) — much appreciated.

I've addressed the technical feedback:

• Changed the default stderrthreshold from INFO to WARNING to better preserve the existing log volume going to stderr (less noisy than logging everything at INFO).
• The threshold remains user-configurable via the standard -stderrthreshold klog flag (the flag.Set call only sets the initial default; flag.Parse will honor any value passed on the command line).

Re: archival — happy to defer to your judgement on whether this PR is still worth landing given the deprecation timeline. If you'd prefer to close it, no objection on my side. Otherwise, I'm available if any further changes are needed.

[pierluigilenoci]

Thanks for the review and context, @DamianSawicki. Given that the repo is heading toward archival (#759, kubernetes/kubernetes#137556) and dnsmasq-nanny usage should be migrated away from, it makes no sense to land this fix here. Closing this out. Best of luck with the migration work!