ability to configure log rotation for kubelet (replicatedhq#2177)

* ability to configure log rotation for kubelet

kurl_util/cmd/bashmerge/main.go

@@ -8,6 +8,7 @@ import (
 	"log"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 
 	"github.com/pkg/errors"
@@ -108,6 +109,20 @@ func parseBashFlags(installer *kurlv1beta1.Installer, bashFlags string) error {
 				installer.Spec.Kubernetes = &kurlv1beta1.Kubernetes{}
 			}
 			installer.Spec.Kubernetes.HACluster = true
+		case "container-log-max-size":
+			if installer.Spec.Kubernetes == nil {
+				installer.Spec.Kubernetes = &kurlv1beta1.Kubernetes{}
+			}
+			installer.Spec.Kubernetes.ContainerLogMaxSize = split[1]
+		case "container-log-max-files":
+			if installer.Spec.Kubernetes == nil {
+				installer.Spec.Kubernetes = &kurlv1beta1.Kubernetes{}
+			}
+			m, err := strconv.Atoi(split[1])
+			if err != nil {
+				return errors.Wrap(err, "invalid container-log-max-files value. must be an integer.")
+			}
+			installer.Spec.Kubernetes.ContainerLogMaxFiles = m
 		case "kubeadm-token":
 			if installer.Spec.Kubernetes == nil {
 				installer.Spec.Kubernetes = &kurlv1beta1.Kubernetes{}

kurl_util/cmd/yamltobash/main.go

@@ -205,6 +205,8 @@ func convertToBash(kurlValues map[string]interface{}, fieldsSet map[string]bool)
 		"Kubernetes.CertKey":                     "CERT_KEY",
 		"Kubernetes.ControlPlane":                "MASTER",
 		"Kubernetes.HACluster":                   "HA_CLUSTER",
+		"Kubernetes.ContainerLogMaxSize":         "CONTAINER_LOG_MAX_SIZE",
+		"Kubernetes.ContainerLogMaxFiles":        "CONTAINER_LOG_MAX_FILES",
 		"Kubernetes.KubeadmToken":                "KUBEADM_TOKEN",
 		"Kubernetes.KubeadmTokenCAHash":          "KUBEADM_TOKEN_CA_HASH",
 		"Kubernetes.LoadBalancerAddress":         "LOAD_BALANCER_ADDRESS",

kurlkinds/config/crds/v1beta1/cluster.kurl.sh_installers.yaml

@@ -256,6 +256,11 @@ spec:
                     type: string
                   certKey:
                     type: string
+                  containerLogMaxFiles:
+                    format: int32
+                    type: integer
+                  containerLogMaxSize:
+                    type: string
                   controlPlane:
                     type: boolean
                   kubeadmToken:

kurlkinds/pkg/apis/cluster/v1beta1/installer_types.go

@@ -97,6 +97,8 @@ type Kubernetes struct {
 	CertKey                  string `json:"certKey,omitempty" yaml:"certKey,omitempty"`
 	ControlPlane             bool   `json:"controlPlane,omitempty" yaml:"controlPlane,omitempty"`
 	HACluster                bool   `json:"HACluster,omitempty" yaml:"HACluster,omitempty"`
+	ContainerLogMaxSize      string `json:"containerLogMaxSize,omitempty" yaml:"containerLogMaxSize,omitempty"`
+	ContainerLogMaxFiles     int    `json:"containerLogMaxFiles,omitempty" yaml:"containerLogMaxFiles,omitempty"`
 	KubeadmToken             string `json:"kubeadmToken,omitempty" yaml:"kubeadmToken,omitempty"`
 	KubeadmTokenCAHash       string `json:"kubeadmTokenCAHash,omitempty" yaml:"kubeadmTokenCAHash,omitempty"`
 	LoadBalancerAddress      string `json:"loadBalancerAddress,omitempty" yaml:"loadBalancerAddress,omitempty"`

scripts/common/utilbinaries.sh

@@ -95,6 +95,10 @@ function get_patch_yaml() {
                 ;;
             ignore-remote-upgrade-prompt)
                 ;;
+            container-log-max-size)
+                ;;
+            container-log-max-files)
+                ;;
             kubeadm-token)
                 ;;
             kubeadm-token-ca-hash)

scripts/install.sh

@@ -119,17 +119,24 @@ apiVersion: kubelet.config.k8s.io/v1beta1
 kind: KubeletConfiguration
 shutdownGracePeriod: 30s
 shutdownGracePeriodCriticalPods: 10s
----
 EOF
     else
         cat << EOF >> $KUBEADM_CONF_FILE
 apiVersion: kubelet.config.k8s.io/v1beta1
 kind: KubeletConfiguration
 cgroupDriver: systemd
----
 EOF
     fi
 
+    # conditional kubelet configuration fields
+    if [ -n "$CONTAINER_LOG_MAX_SIZE" ]; then
+        echo "containerLogMaxSize: $CONTAINER_LOG_MAX_SIZE" >> $KUBEADM_CONF_FILE
+    fi
+    if [ -n "$CONTAINER_LOG_MAX_FILES" ]; then
+        echo "containerLogMaxFiles: $CONTAINER_LOG_MAX_FILES" >> $KUBEADM_CONF_FILE
+    fi
+    echo "---" >> $KUBEADM_CONF_FILE
+
     # When no_proxy changes kubeadm init rewrites the static manifests and fails because the api is
     # restarting. Trigger the restart ahead of time and wait for it to be healthy.
     if [ -f "/etc/kubernetes/manifests/kube-apiserver.yaml" ] && [ -n "$no_proxy" ] && ! cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep -q "$no_proxy"; then

web/src/installers/index.ts

@@ -24,6 +24,8 @@ export interface KubernetesConfig {
   HACluster?: boolean;
   masterAddress?: string;
   loadBalancerAddress?: string;
+  containerLogMaxSize?: string;
+  containerLogMaxFiles?: number;
   bootstrapToken?: string;
   bootstrapTokenTTL?: string;
   kubeadmTokenCAHash?: string;
@@ -42,6 +44,8 @@ export const kubernetesConfigSchema = {
     HACluster: { type: "boolean", flag: "ha", description: "Create the cluster as a high availability cluster (note that this needs a valid load balancer address and additional nodes to be a truly HA cluster)" },
     masterAddress: { type: "string", flag: "kuberenetes-master-address", description: "The address of the internal Kubernetes API server, used during join scripts (read-only)" },
     loadBalancerAddress: { type: "string", flag: "load-balancer-address", description: "Used for High Availability installs, indicates the address of the external load balancer" },
+    containerLogMaxSize: { type: "string", flag: "container-log-max-size", description: "A quantity defining the maximum size of the container log file before it is rotated. For example: \"5Mi\" or \"256Ki\". This does not work with Docker. For Docker, check out https://docs.docker.com/config/containers/logging/json-file." },
+    containerLogMaxFiles: { type: "number", flag: "container-log-max-files", description: "Specifies the maximum number of container log files that can be present for a container. This does not work with Docker. For Docker, check out https://docs.docker.com/config/containers/logging/json-file." },
     bootstrapToken: { type: "string", flag: "bootstrap-token", description: "A secret needed for new nodes to join an existing cluster" },
     bootstrapTokenTTL: { type: "string", flag: "bootstrap-token-ttl", description: "How long the bootstrap token is valid for" },
     kubeadmTokenCAHash: { type: "string", flag: "kubeadm-token-ca-hash", description: "Generated during the install script, used for nodes joining (read-only)" },

web/src/test/controllers/installers.ts

@@ -15,6 +15,8 @@ spec:
     HACluster: false
     masterAddress: 192.168.1.1
     loadBalancerAddress: 10.128.10.1
+    containerLogMaxSize: 256Ki
+    containerLogMaxFiles: 4
     bootstrapToken: token
     bootstrapTokenTTL: 10min
     kubeadmTokenCAHash: hash
@@ -829,8 +831,7 @@ spec:
     describe("every option", () => {
       it(`=> service-cidr-range=/12 ...`, () => {
         const i = Installer.parse(everyOption);
-
-          expect(i.flags()).to.equal(`service-cidr-range=/12 service-cidr=100.1.1.1/12 ha=0 kuberenetes-master-address=192.168.1.1 load-balancer-address=10.128.10.1 bootstrap-token=token bootstrap-token-ttl=10min kubeadm-token-ca-hash=hash control-plane=0 cert-key=key bypass-storagedriver-warnings=0 hard-fail-on-loopback=0 no-ce-on-ee=0 docker-registry-ip=192.168.0.1 additional-no-proxy=129.168.0.2 no-docker=0 pod-cidr=39.1.2.3 pod-cidr-range=/12 disable-weave-encryption=0 storage-class-name=default ceph-replica-count=1 rook-block-storage-enabled=1 rook-block-device-filter=sd[a-z] rook-bypass-upgrade-warning=1 rook-hostpath-requires-privileged=1 openebs-namespace=openebs openebs-localpv-enabled=1 openebs-localpv-storage-class-name=default openebs-cstor-enabled=1 openebs-cstor-storage-class-name=cstor minio-namespace=minio minio-hostpath=/sentry contour-tls-minimum-protocol-version=1.3 contour-http-port=3080 contour-https-port=3443 registry-publish-port=20 fluentd-full-efk-stack=0 kotsadm-application-slug=sentry kotsadm-ui-bind-port=8800 kotsadm-hostname=1.1.1.1 kotsadm-application-namespaces=kots velero-namespace=velero velero-disable-cli=0 velero-disable-restic=0 velero-local-bucket=local velero-restic-requires-privileged=0 ekco-node-unreachable-toleration-duration=10m ekco-min-ready-master-node-count=3 ekco-min-ready-worker-node-count=1 ekco-should-disable-reboot-service=0 ekco-rook-should-use-all-nodes=0 airgap=0 hostname-check=2.2.2.2 ignore-remote-load-images-prompt=0 ignore-remote-upgrade-prompt=0 no-proxy=0 preflight-ignore=1 preflight-ignore-warnings=1 private-address=10.38.1.1 http-proxy=1.1.1.1 public-address=101.38.1.1 bypass-firewalld-warning=0 hard-fail-on-firewalld=0 helmfile-spec=${helmfileSpec} longhorn-ui-bind-port=30880 longhorn-ui-replica-count=0`);
+        expect(i.flags()).to.equal(`service-cidr-range=/12 service-cidr=100.1.1.1/12 ha=0 kuberenetes-master-address=192.168.1.1 load-balancer-address=10.128.10.1 container-log-max-size=256Ki container-log-max-files=4 bootstrap-token=token bootstrap-token-ttl=10min kubeadm-token-ca-hash=hash control-plane=0 cert-key=key bypass-storagedriver-warnings=0 hard-fail-on-loopback=0 no-ce-on-ee=0 docker-registry-ip=192.168.0.1 additional-no-proxy=129.168.0.2 no-docker=0 pod-cidr=39.1.2.3 pod-cidr-range=/12 disable-weave-encryption=0 storage-class-name=default ceph-replica-count=1 rook-block-storage-enabled=1 rook-block-device-filter=sd[a-z] rook-bypass-upgrade-warning=1 rook-hostpath-requires-privileged=1 openebs-namespace=openebs openebs-localpv-enabled=1 openebs-localpv-storage-class-name=default openebs-cstor-enabled=1 openebs-cstor-storage-class-name=cstor minio-namespace=minio minio-hostpath=/sentry contour-tls-minimum-protocol-version=1.3 contour-http-port=3080 contour-https-port=3443 registry-publish-port=20 fluentd-full-efk-stack=0 kotsadm-application-slug=sentry kotsadm-ui-bind-port=8800 kotsadm-hostname=1.1.1.1 kotsadm-application-namespaces=kots velero-namespace=velero velero-disable-cli=0 velero-disable-restic=0 velero-local-bucket=local velero-restic-requires-privileged=0 ekco-node-unreachable-toleration-duration=10m ekco-min-ready-master-node-count=3 ekco-min-ready-worker-node-count=1 ekco-should-disable-reboot-service=0 ekco-rook-should-use-all-nodes=0 airgap=0 hostname-check=2.2.2.2 ignore-remote-load-images-prompt=0 ignore-remote-upgrade-prompt=0 no-proxy=0 preflight-ignore=1 preflight-ignore-warnings=1 private-address=10.38.1.1 http-proxy=1.1.1.1 public-address=101.38.1.1 bypass-firewalld-warning=0 hard-fail-on-firewalld=0 helmfile-spec=${helmfileSpec} longhorn-ui-bind-port=30880 longhorn-ui-replica-count=0`);
       });
     });
   });