Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make kube-apiserver play nice with logrotate #52865

Closed
2rs2ts opened this issue Sep 21, 2017 · 21 comments
Closed

Make kube-apiserver play nice with logrotate #52865

2rs2ts opened this issue Sep 21, 2017 · 21 comments

Comments

@2rs2ts
Copy link
Contributor

@2rs2ts 2rs2ts commented Sep 21, 2017

/kind feature

We use logrotate at my workplace to handle log rotation and to update rsyslog when file handles change after rotation. The problem is that the apiserver rotates its own audit logs, so when this happens rsyslog loses the file handle. If we could use logrotate instead to rotate the audit logs, then we'd be able to notify rsyslog to update its file handle. But the apiserver does not have an option to turn its own rotation off.

If the apiserver could be configured to not rotate its logs (and maybe to gracefully handle when its own logs get rotated by receiving a SIGHUP) that would go a long way towards making the audit logs fit nicely in our (and probably others') existing log rotation strategies.

Of course you can use the reopenOnTruncate feature in rsyslog >8.16.0 but not everyone has access to that. In my case I was able to upgrade but I'm sure not everyone uses rsyslog >8.16.0. Their logging solution may not handle the way the apiserver rotates its logs.

Environment:

  • Kubernetes version (use kubectl version): 1.7.0
@2rs2ts
Copy link
Contributor Author

@2rs2ts 2rs2ts commented Sep 21, 2017

@kubernetes/sig-api-machinery-feature-requests

@k8s-ci-robot
Copy link
Contributor

@k8s-ci-robot k8s-ci-robot commented Sep 21, 2017

@2rs2ts: Reiterating the mentions to trigger a notification:
@kubernetes/sig-api-machinery-feature-requests

In response to this:

@kubernetes/sig-api-machinery-feature-requests

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@caesarxuchao
Copy link
Member

@caesarxuchao caesarxuchao commented Sep 25, 2017

cc @mml

@r7vme
Copy link

@r7vme r7vme commented Jan 10, 2018

We are using (wanted to use) logrotate for audit log, because native rotation does not support compression. Unfortunately neither default option (when file moved) neither copytruncate are working.

With copyrtuncate i'm getting binary thrash in log file and apiserver just keeps writing to the same file (size just keep growing).

Looks like latest lumberjack.v2 has compression support.

@fejta-bot
Copy link

@fejta-bot fejta-bot commented May 30, 2018

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@nikhita
Copy link
Member

@nikhita nikhita commented Jun 13, 2018

/remove-lifecycle stale

@fejta-bot
Copy link

@fejta-bot fejta-bot commented Sep 11, 2018

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@aauren
Copy link

@aauren aauren commented Sep 12, 2018

/remove-lifecycle stale

@nikhita
Copy link
Member

@nikhita nikhita commented Sep 13, 2018

Removing help-wanted since the directions are not clear enough for a contributor to dive into.
/remove-help

@2rs2ts
Copy link
Contributor Author

@2rs2ts 2rs2ts commented Sep 14, 2018

@nikhita it's been a long time since I filed this but isn't

If the apiserver could be configured to not rotate its logs (and maybe to gracefully handle when its own logs get rotated by receiving a SIGHUP) that would go a long way towards making the audit logs fit nicely in our (and probably others') existing log rotation strategies.

clear enough?

@nikhita
Copy link
Member

@nikhita nikhita commented Sep 14, 2018

@2rs2ts Sorry, I should have added more details.

The intent and the idea behind it is definitely clear. 👍

However, since issues labelled as help wanted are for new contributors, we also require that details about how the change be made be included in the issue. Example: what files should be changed, what part of code to modify, etc.

More details about help-wanted labels here: https://github.com/kubernetes/community/blob/master/contributors/devel/help-wanted.md.

Once these details are added, please feel free to add the label back! Also, thank you for coming back to this issue even if it was filed an year ago! :)

@fejta-bot
Copy link

@fejta-bot fejta-bot commented Dec 13, 2018

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@2rs2ts
Copy link
Contributor Author

@2rs2ts 2rs2ts commented Dec 26, 2018

/remove-lifecycle stale

@fejta-bot
Copy link

@fejta-bot fejta-bot commented Mar 26, 2019

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@aauren
Copy link

@aauren aauren commented Mar 26, 2019

/remove-lifecycle stale

@fejta-bot
Copy link

@fejta-bot fejta-bot commented Jun 24, 2019

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@fejta-bot
Copy link

@fejta-bot fejta-bot commented Jul 24, 2019

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@fejta-bot
Copy link

@fejta-bot fejta-bot commented Aug 23, 2019

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@k8s-ci-robot
Copy link
Contributor

@k8s-ci-robot k8s-ci-robot commented Aug 23, 2019

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@terinjokes
Copy link

@terinjokes terinjokes commented Oct 9, 2019

/reopen

Still no way to disable lumberjack's rotation.

@k8s-ci-robot
Copy link
Contributor

@k8s-ci-robot k8s-ci-robot commented Oct 9, 2019

@terinjokes: You can't reopen an issue/PR unless you authored it or you are a collaborator.

In response to this:

/reopen

Still no way to disable lumberjack's rotation.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
10 participants