diff --git a/openshift-kube-apiserver/admission/customresourcevalidation/node/validate_node_config.go b/openshift-kube-apiserver/admission/customresourcevalidation/node/validate_node_config.go
index db9200f1b594d..e8eb9f671b41f 100644
--- a/openshift-kube-apiserver/admission/customresourcevalidation/node/validate_node_config.go
+++ b/openshift-kube-apiserver/admission/customresourcevalidation/node/validate_node_config.go
@@ -21,6 +21,7 @@ import (
 	"k8s.io/client-go/informers"
 	corev1listers "k8s.io/client-go/listers/core/v1"
 	"k8s.io/component-base/featuregate"
+	"k8s.io/klog/v2"
 	"k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation"
 )
 
@@ -146,6 +147,10 @@ func (c *configNodeV1) validateMinimumKubeletVersion(obj *configv1.Node) *field.
 		return field.InternalError(fieldPath, fmt.Errorf("caches not synchronized, cannot validate minimumKubeletVersion"))
 	}
 
+	if c.nodeLister() == nil {
+		klog.Infof("XXXXXXX node lister nil")
+	}
+
 	nodes, err := c.nodeLister().List(labels.Everything())
 	if err != nil {
 		return field.Forbidden(fieldPath, fmt.Sprintf("Getting nodes to compare minimum version %v", err.Error()))
@@ -189,12 +194,15 @@ func (c *validateCustomResourceWithNodeLister) SetExternalKubeInformerFactory(ku
 	nodeInformer := kubeInformers.Core().V1().Nodes()
 	c.nodeLister = nodeInformer.Lister()
 	c.SetReadyFunc(nodeInformer.Informer().HasSynced)
+	klog.Infof("XXXXXXX initialized")
 }
 
 func (c *validateCustomResourceWithNodeLister) ValidateInitialization() error {
 	if c.nodeLister == nil {
+		klog.Infof("XXXXXXX node lister nil")
 		return fmt.Errorf("%s needs a nodes", PluginName)
 	}
+	klog.Infof("XXXXXXX node lister not nil")
 
 	return nil
 }
diff --git a/openshift-kube-apiserver/authorization/minimumkubeletversion/minimum_kubelet_version.go b/openshift-kube-apiserver/authorization/minimumkubeletversion/minimum_kubelet_version.go
index bf1c38d1dc736..8b1f6a91b6e80 100644
--- a/openshift-kube-apiserver/authorization/minimumkubeletversion/minimum_kubelet_version.go
+++ b/openshift-kube-apiserver/authorization/minimumkubeletversion/minimum_kubelet_version.go
@@ -13,6 +13,7 @@ import (
 	v1listers "k8s.io/client-go/listers/core/v1"
 	cache "k8s.io/client-go/tools/cache"
 	"k8s.io/component-base/featuregate"
+	"k8s.io/klog/v2"
 	api "k8s.io/kubernetes/pkg/apis/core"
 	"k8s.io/kubernetes/pkg/auth/nodeidentifier"
 )
@@ -47,16 +48,19 @@ func NewMinimumKubeletVersion(minVersion *semver.Version,
 
 func (m *minimumKubeletVersionAuth) Authorize(ctx context.Context, attrs authorizer.Attributes) (authorizer.Decision, string, error) {
 	if m.minVersion == nil {
+		klog.Infof("XXXXXXXX min version nil")
 		return authorizer.DecisionNoOpinion, "", nil
 	}
 
 	nodeName, isNode := m.nodeIdentifier.NodeIdentity(attrs.GetUser())
 	if !isNode {
 		// ignore requests from non-nodes
+		klog.Infof("XXXXXXXX not a node %v", attrs.GetUser())
 		return authorizer.DecisionNoOpinion, "", nil
 	}
 
 	if len(nodeName) == 0 {
+		klog.Infof("XXXXXXXX empty node name %v", attrs.GetUser())
 		return authorizer.DecisionNoOpinion, fmt.Sprintf("unknown node for user %q", attrs.GetUser().GetName()), nil
 	}
 
@@ -67,26 +71,32 @@ func (m *minimumKubeletVersionAuth) Authorize(ctx context.Context, attrs authori
 		switch requestResource {
 		case api.Resource("nodes"):
 			if v := attrs.GetVerb(); v == "get" || v == "update" {
+				klog.Infof("XXXXXXXX node get or update")
 				return authorizer.DecisionNoOpinion, "", nil
 			}
 		// TODO(haircommander): do we need other flavors of access reviews here?
 		case api.Resource("subjectaccessreviews"):
+			klog.Infof("XXXXXXXX SAR")
 			return authorizer.DecisionNoOpinion, "", nil
 		}
 	}
 
 	if !m.hasNodeInformerSyncedFn() {
+		klog.Infof("XXXXXXXX not synced")
 		return authorizer.DecisionNoOpinion, fmt.Sprintf("node informer not synced, cannot check if node %s is new enough", nodeName), nil
 	}
 
 	node, err := m.nodeLister.Get(nodeName)
 	if err != nil {
+		klog.Infof("XXXXXXXX failed to get node %s", nodeName)
 		return authorizer.DecisionNoOpinion, fmt.Sprintf("failed to get node %s: %v", nodeName, err), nil
 	}
 
 	if err := nodelib.IsNodeTooOld(node, m.minVersion); err != nil {
+		klog.Infof("XXXXXXXX node too old %s", nodeName)
 		return authorizer.DecisionDeny, err.Error(), nil
 	}
 
+	klog.Infof("XXXXXXXX OK")
 	return authorizer.DecisionNoOpinion, "", nil
 }