The following procedure shows how to configure log rotation and syslog running in a sidecar container.
Creating the Log Directory and Configuring Log Rotation
- Create the log directory on all the nodes, including the master, and change its owner to whatever user has ID 1000.
mkdir /var/log/nsx-ujo chown localadmin:localadmin /var/log/nsx-ujo
- Configure log rotation on all the nodes for the /var/log/nsx-ujo directory.
cat <<EOF > /etc/logrotate.d/nsx-ujo /var/log/nsx-ujo/*.log { copytruncate daily size 100M rotate 4 delaycompress compress notifempty missingok } EOF
Creating the NCP Replication Controller
- Create the ncp.ini file for NCP.
cat <<EOF > /tmp/ncp.ini [DEFAULT] log_dir = /var/log/nsx-ujo [coe] cluster = k8s-cl1 [k8s] apiserver_host_ip = 10.114.209.77 apiserver_host_port = 6443 ca_file = /var/run/secrets/kubernetes.io/serviceaccount/ca.crt client_token_file = /var/run/secrets/kubernetes.io/serviceaccount/token insecure = True ingress_mode = nat [nsx_v3] nsx_api_user = admin nsx_api_password = Password1! nsx_api_managers = 10.114.209.68 insecure = True subnet_prefix = 29 [nsx_node_agent] [nsx_kube_proxy] ovs_uplink_port = ens192 EOF
- Create the config map from the ini file.
kubectl create configmap nsx-ncp-config-with-logging --from-file=/tmp/ncp.ini
- Create the NCP rsyslog config.
cat <<EOF > /tmp/nsx-ncp-rsyslog.conf # yaml template for NCP ReplicationController # Correct kubernetes API and NSX API parameters, and NCP Docker image # must be specified. apiVersion: v1 kind: ConfigMap metadata: name: rsyslog-config labels: version: v1 data: ncp.conf: | module(load="imfile") ruleset(name="remote") { action(type="omfwd" Protocol="tcp" Target="nsx.licf.vmware.com" Port="514") stop } input(type="imfile" File="/var/log/nsx-ujo/ncp.log" Tag="ncp" Ruleset="remote") EOF - Create the config map from the above.
kubectl create -f /tmp/nsx-ncp-rsyslog.conf
- Create the NCP replication controller with the rsyslog sidecar.
cat <<EOF > /tmp/ncp-rc-with-logging.yml # Replication Controller yaml for NCP apiVersion: v1 kind: ReplicationController metadata: # VMware NSX Container Plugin name: nsx-ncp labels: tier: nsx-networking component: nsx-ncp version: v1 spec: # Active-Active/Active-Standby is not supported in current release. # so replica *must be* 1. replicas: 1 template: metadata: labels: tier: nsx-networking component: nsx-ncp version: v1 spec: # NCP shares the host management network. hostNetwork: true nodeSelector: kubernetes.io/hostname: k8s-master tolerations: - key: "node-role.kubernetes.io/master" operator: "Exists" effect: "NoSchedule" containers: - name: nsx-ncp # Docker image for NCP image: nsx-ujo-docker-local.artifactory.eng.vmware.com/nsx-ncp:ob-6236425 imagePullPolicy: IfNotPresent readinessProbe: exec: command: - cat - /tmp/ncp_ready initialDelaySeconds: 5 periodSeconds: 5 failureThreshold: 5 securityContext: capabilities: add: - NET_ADMIN - SYS_ADMIN - SYS_PTRACE - DAC_READ_SEARCH volumeMounts: - name: config-volume # NCP expects ncp.ini is present in /etc/nsx-ujo mountPath: /etc/nsx-ujo - name: log-volume mountPath: /var/log/nsx-ujo - name: rsyslog image: jumanjiman/rsyslog imagePullPolicy: IfNotPresent volumeMounts: - name: rsyslog-config-volume mountPath: /etc/rsyslog.d readOnly: true - name: log-volume mountPath: /var/log/nsx-ujo volumes: - name: config-volume # ConfigMap nsx-ncp-config is expected to supply ncp.ini configMap: name: nsx-ncp-config-with-logging - name: rsyslog-config-volume configMap: name: rsyslog-config - name: log-volume hostPath: path: /var/log/nsx-ujo/ EOF - Create NCP with the above specification.
kubectl apply -f /tmp/ncp-rc-with-logging.yml
Creating the NSX Node Agent Daemon Set
- Create the rsyslog configuration for the node agents.
cat <<EOF > /tmp/nsx-node-agent-rsyslog.conf # yaml template for NCP ReplicationController # Correct kubernetes API and NSX API parameters, and NCP Docker image # must be specified. apiVersion: v1 kind: ConfigMap metadata: name: rsyslog-config-node-agent labels: version: v1 data: ncp.conf: | module(load="imfile") ruleset(name="remote") { action(type="omfwd" Protocol="tcp" Target="nsx.licf.vmware.com" Port="514") stop } input(type="imfile" File="/var/log/nsx-ujo/nsx_kube_proxy.log" Tag="nsx_kube_proxy" Ruleset="remote") input(type="imfile" File="/var/log/nsx-ujo/nsx_node_agent.log" Tag="nsx_node_agent" Ruleset="remote") EOF - Create the configmap from the above.
kubectl create -f /tmp/nsx-node-agent-rsyslog.conf
- Create the DaemonSet with the configmap sidecar.
cat <<EOF > /tmp/nsx-node-agent-rsyslog.yml # nsx-node-agent DaemonSet apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: nsx-node-agent labels: tier: nsx-networking component: nsx-node-agent version: v1 spec: template: metadata: annotations: container.apparmor.security.beta.kubernetes.io/nsx-node-agent: localhost/node-agent-apparmor labels: tier: nsx-networking component: nsx-node-agent version: v1 spec: hostNetwork: true tolerations: - key: "node-role.kubernetes.io/master" operator: "Exists" effect: "NoSchedule" containers: - name: nsx-node-agent # Docker image for NCP image: nsx-ujo-docker-local.artifactory.eng.vmware.com/nsx-ncp:ob-6236425 imagePullPolicy: IfNotPresent # override NCP image entrypoint command: ["nsx_node_agent"] livenessProbe: exec: command: - /bin/sh - -c - ps aux | grep [n]sx_node_agent initialDelaySeconds: 5 periodSeconds: 5 securityContext: capabilities: add: - NET_ADMIN - SYS_ADMIN - SYS_PTRACE - DAC_READ_SEARCH volumeMounts: # ncp.ini - name: config-volume mountPath: /etc/nsx-ujo # mount openvswitch dir - name: openvswitch mountPath: /var/run/openvswitch # mount CNI socket path - name: cni-sock mountPath: /var/run/nsx-ujo # mount container namespace - name: netns mountPath: /var/run/netns # mount host proc - name: proc mountPath: /host/proc readOnly: true - name: log-volume mountPath: /var/log/nsx-ujo - name: nsx-kube-proxy # Docker image for NCP image: nsx-ujo-docker-local.artifactory.eng.vmware.com/nsx-ncp:ob-6236425 imagePullPolicy: IfNotPresent # override NCP image entrypoint command: ["nsx_kube_proxy"] livenessProbe: exec: command: - /bin/sh - -c - ps aux | grep [n]sx_kube_proxy initialDelaySeconds: 5 periodSeconds: 5 securityContext: capabilities: add: - NET_ADMIN - SYS_ADMIN - SYS_PTRACE - DAC_READ_SEARCH volumeMounts: # ncp.ini - name: config-volume mountPath: /etc/nsx-ujo # mount openvswitch dir - name: openvswitch mountPath: /var/run/openvswitch - name: log-volume mountPath: /var/log/nsx-ujo - name: rsyslog image: jumanjiman/rsyslog imagePullPolicy: IfNotPresent volumeMounts: - name: rsyslog-config-volume mountPath: /etc/rsyslog.d readOnly: true - name: log-volume mountPath: /var/log/nsx-ujo volumes: - name: config-volume configMap: name: nsx-ncp-config-with-logging - name: cni-sock hostPath: path: /var/run/nsx-ujo - name: netns hostPath: path: /var/run/netns - name: proc hostPath: path: /proc - name: openvswitch hostPath: path: /var/run/openvswitch - name: rsyslog-config-volume configMap: name: rsyslog-config-node-agent - name: log-volume hostPath: path: /var/log/nsx-ujo/ EOF - Create the DaemonSet.
kubectl apply -f /tmp/nsx-node-agent-rsyslog.yml
