-
Notifications
You must be signed in to change notification settings - Fork 38.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use docker log rotation mechanism instead of logrotate #40634
Use docker log rotation mechanism instead of logrotate #40634
Conversation
@dashpole can you do an initial review? |
Sure |
Do we need to do anything for providers other than GCE? |
@dashpole If provider uses salt, it will pick up this change automatically Otherwise this change doesn't influence provider, but its owners can make mirroring changes. As for ability to configure parameters using environment of |
Just to confirm, this only disables logrotate for docker, right? |
This PR changes all OS images in GCE clusters to use docker's native log rotation. Could we instead change only the configuration relevant to GKE (i.e., GCI)? Also ping @dchen1107, who wanted to take a look. |
@mikedanese It needs your approval |
@mikedanese @roberthbailey we need this for 1.6 |
i approve conditional on @dchen1107 giving this an lgtm |
@roberthbailey thanks! |
Sorry for the late response. Thought we already agreed upon the scope (limited to GCI image only) and the solution through an offline discussions. /lgtm and |
[APPROVALNOTIFIER] This PR is APPROVED The following people have approved this PR: Crassirostris, dchen1107 Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
Applying lgtm from Dawn's comment |
@k8s-bot kubemark e2e test this |
@k8s-bot kops aws e2e test this |
@k8s-bot kubemark e2e test this kubernetes/test-infra#2012 |
Automatic merge from submit-queue |
I'm guessing this is probably a rare edge case, but may possibly be hit if the log server being shipped to is down for a while. What happens if the log shipper was restarted before all the old data was shipped and after the symlinks were updated? The shipper would no longer know about the old file and loose data? |
@kfox1111 Yes, that situation is possible, you have to be ready. Moreover, if log shipper for some reason doesn't keep a track of a log file for some time and rotation happens twice, some potion of the logs is lost too. That doesn't depend on the way log files are rotated, or the way logs are written, it still may happen with journald or logrotate. |
@crassirostris is this fix only for GCE based k8s deployments or for bare metal as well ? |
Its only for GCE based deployments |
Due to some objections that I don't remember (@crassirostris can explain) we introduced this change only for GCE using GCI/COS. You can you similar approach in your deployment. |
B/c it would be too disturbing otherwise, with possible long-lasting implications in the setups we don't control and don't test |
Hey @crassirostris, The logging documentation here says:
Are these docs correct? It seems like rotation is not happening on a cluster I setup outside of GCE. I am wondering if those docs are just out of date, or if I am misunderstanding something. |
@alexbrand The documentation is little bit obsolete for the COS image on GCP, otherwise (e.g. debian on GCP or ubuntu on AWS) it's actually true. BUT it only applies to clusters brought up by Sorry for that misunderstanding, I'll patch the documentation. Thanks a lot for pointing that out! |
@crassirostris Got it! That is what I kinda assumed, but wanted to make sure. Cheers! |
This is a solution for #38495.
Instead of rotating logs using logrotate tool, which is configured quite rigidly, this PR makes docker responsible for the rotation and makes it possible to configure docker logging parameters. It solves the following problems:
It's still far from ideal, for example setting logging options per pod, as suggested in #15478 would be much more flexible, but latter approach requires deep changes, including changes in API, which may be in vain because of CRI and long-term vision for logging.
Changes include:
gce
, but for different cloud provider they have to be exported first.configure-helper.sh
scripts for those os ongce
that don't use salt + default values exposed via env variablesThis change may be problematic for kubelet logs functionality with CRI enabled, that will be tackled in the follow-up PR, if confirmed.
CC @piosz @Random-Liu @yujuhong @dashpole @dchen1107 @vishh @kubernetes/sig-node-pr-reviews