Merge pull request #27409 from adityakali/logrotate.1

Automatic merge from submit-queue

add logrotate service and configuration for GCI

This change mirrors the configuration in cluster/saltbase/salt/logrotate for GCI.

On GCI we use systemd timers (https://www.freedesktop.org/software/systemd/man/systemd.timer.html) and install an hourly timer - kube-logrotate.timer. This will invoke kube-logrotate.service (which calls /usr/sbin/logrotate) once every hour to perform log rotation as per the rotation rules installed under /etc/logrotate.d/.

@kubernetes/goog-image @zmerlynn @dchen1107 @andyzheng0831

cluster/gce/gci/configure-helper.sh

@@ -65,6 +65,41 @@ function ensure-local-ssds() {
   done
 }
 
+# Installs logrotate configuration files
+function setup-logrotate() {
+  mkdir -p /etc/logrotate.d/
+  cat >/etc/logrotate.d/docker-containers <<EOF
+/var/lib/docker/containers/*/*-json.log {
+    rotate 5
+    copytruncate
+    missingok
+    notifempty
+    compress
+    maxsize 10M
+    daily
+    create 0644 root root
+}
+EOF
+
+  # Configuration for k8s services that redirect logs to /var/log/<service>.log
+  # files.
+  local logrotate_files=( "kube-scheduler" "kube-proxy" "kube-apiserver" "kube-controller-manager" "kube-addons" )
+  for file in "${logrotate_files[@]}" ; do
+    cat > /etc/logrotate.d/${file} <<EOF
+/var/log/${file}.log {
+    rotate 5
+    copytruncate
+    missingok
+    notifempty
+    compress
+    maxsize 100M
+    daily
+    create 0644 root root
+}
+EOF
+  done
+}
+
 # Finds the master PD device; returns it in MASTER_PD_DEVICE
 function find-master-pd {
   MASTER_PD_DEVICE=""
@@ -900,6 +935,7 @@ source "${KUBE_HOME}/kube-env"
 config-ip-firewall
 create-dirs
 ensure-local-ssds
+setup-logrotate
 if [[ "${KUBERNETES_MASTER:-}" == "true" ]]; then
   mount-master-pd
   create-master-auth

cluster/gce/gci/master.yaml

@@ -74,6 +74,33 @@ write_files:
       [Install]
       WantedBy=kubernetes.target
 
+  - path: /etc/systemd/system/kube-logrotate.timer
+    permissions: 0644
+    owner: root
+    content: |
+      [Unit]
+      Description=Hourly kube-logrotate invocation
+
+      [Timer]
+      OnCalendar=hourly
+
+      [Install]
+      WantedBy=kubernetes.target
+
+  - path: /etc/systemd/system/kube-logrotate.service
+    permissions: 0644
+    owner: root
+    content: |
+      [Unit]
+      Description=Kubernetes log rotation
+      After=kube-master-configuration.service
+
+      [Service]
+      Type=oneshot
+      ExecStart=-/usr/sbin/logrotate /etc/logrotate.conf
+
+      [Install]
+      WantedBy=kubernetes.target
 
   - path: /etc/systemd/system/kubernetes.target
     permissions: 0644
@@ -88,4 +115,6 @@ runcmd:
  - systemctl enable kube-master-configuration.service
  - systemctl enable kube-docker-monitor.service
  - systemctl enable kubelet-monitor.service
+ - systemctl enable kube-logrotate.timer
+ - systemctl enable kube-logrotate.service
  - systemctl start kubernetes.target

cluster/gce/gci/node.yaml

@@ -74,6 +74,33 @@ write_files:
       [Install]
       WantedBy=kubernetes.target
 
+  - path: /etc/systemd/system/kube-logrotate.timer
+    permissions: 0644
+    owner: root
+    content: |
+      [Unit]
+      Description=Hourly kube-logrotate invocation
+
+      [Timer]
+      OnCalendar=hourly
+
+      [Install]
+      WantedBy=kubernetes.target
+
+  - path: /etc/systemd/system/kube-logrotate.service
+    permissions: 0644
+    owner: root
+    content: |
+      [Unit]
+      Description=Kubernetes log rotation
+      After=kube-node-configuration.service
+
+      [Service]
+      Type=oneshot
+      ExecStart=-/usr/sbin/logrotate /etc/logrotate.conf
+
+      [Install]
+      WantedBy=kubernetes.target
 
   - path: /etc/systemd/system/kubernetes.target
     permissions: 0644
@@ -88,4 +115,6 @@ runcmd:
  - systemctl enable kube-node-configuration.service
  - systemctl enable kube-docker-monitor.service
  - systemctl enable kubelet-monitor.service
+ - systemctl enable kube-logrotate.timer
+ - systemctl enable kube-logrotate.service
  - systemctl start kubernetes.target