From cc6cbfbe71aff069a7bf39cd27dd6b5ea5c272be Mon Sep 17 00:00:00 2001
From: Ilya Margolin <ilya@ulani.de>
Date: Tue, 7 Jun 2022 18:22:56 +0200
Subject: [PATCH] Allow disabling calico CNI logs with calico_cni_log_file_path
 (#8921)

* Allow disabling calico CNI logs with calico_cni_log_file_path

Calico CNI logs up to 1G if it log a lot with current default settings:
log_file_max_size	100	Max file size in MB log files can reach before they are rotated.
log_file_max_age	30	Max age in days that old log files will be kept on the host before they are removed.
log_file_max_count	10	Max number of rotated log files allowed on the host before they are cleaned up.

See https://projectcalico.docs.tigera.io/reference/cni-plugin/configuration#logging

To save disk space, make the path configurable and allow disabling this log by setting
`calico_cni_log_file_path: false`

* Fix markdown

* Update roles/network_plugin/canal/templates/cni-canal.conflist.j2

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
---
 docs/calico.md                                             | 7 +++++++
 roles/network_plugin/calico/defaults/main.yml              | 3 +++
 .../network_plugin/calico/templates/cni-calico.conflist.j2 | 4 +++-
 roles/network_plugin/canal/defaults/main.yml               | 3 +++
 roles/network_plugin/canal/templates/cni-canal.conflist.j2 | 4 +++-
 5 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/docs/calico.md b/docs/calico.md
index 2d10c04e4..c733c3c0c 100644
--- a/docs/calico.md
+++ b/docs/calico.md
@@ -315,6 +315,13 @@ calico_ipam_host_local: true
 
 Refer to Project Calico section [Using host-local IPAM](https://docs.projectcalico.org/reference/cni-plugin/configuration#using-host-local-ipam) for further information.
 
+### Optional : Disable CNI logging to disk
+
+Calico CNI plugin logs to /var/log/calico/cni/cni.log and to stderr.
+stderr of CNI plugins can be found in the logs of container runtime.
+
+You can disable Calico CNI logging to disk by setting `calico_cni_log_file_path: false`.
+
 ## eBPF Support
 
 Calico supports eBPF for its data plane see [an introduction to the Calico eBPF Dataplane](https://www.projectcalico.org/introducing-the-calico-ebpf-dataplane/) for further information.
diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml
index 92bf788a6..2ba53d362 100644
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -72,6 +72,9 @@ calico_felix_prometheusprocessmetricsenabled: true
 calico_loglevel: info
 calico_node_startup_loglevel: error
 
+# Set log path for calico CNI plugin. Set to false to disable logging to disk.
+calico_cni_log_file_path: /var/log/calico/cni/cni.log
+
 # Enable or disable usage report to 'usage.projectcalico.org'
 calico_usage_reporting: false
 
diff --git a/roles/network_plugin/calico/templates/cni-calico.conflist.j2 b/roles/network_plugin/calico/templates/cni-calico.conflist.j2
index 148224cad..5cdf1ac86 100644
--- a/roles/network_plugin/calico/templates/cni-calico.conflist.j2
+++ b/roles/network_plugin/calico/templates/cni-calico.conflist.j2
@@ -15,7 +15,9 @@
 {% endif %}
       "type": "calico",
       "log_level": "info",
-      "log_file_path": "/var/log/calico/cni/cni.log",
+{% if calico_cni_log_file_path %}
+      "log_file_path": "{{ calico_cni_log_file_path }}",
+{% endif %}
 {% if calico_datastore == "etcd" %}
       "etcd_endpoints": "{{ etcd_access_addresses }}",
       "etcd_cert_file": "{{ calico_cert_dir }}/cert.crt",
diff --git a/roles/network_plugin/canal/defaults/main.yml b/roles/network_plugin/canal/defaults/main.yml
index 84db19ccd..419cc3646 100644
--- a/roles/network_plugin/canal/defaults/main.yml
+++ b/roles/network_plugin/canal/defaults/main.yml
@@ -28,3 +28,6 @@ flannel_cpu_requests: 50m
 kube_etcd_cacert_file: ca.pem
 kube_etcd_cert_file: node-{{ inventory_hostname }}.pem
 kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem
+
+# Set log path for calico CNI plugin. Set to false to disable logging to disk.
+calico_cni_log_file_path: /var/log/calico/cni/cni.log
diff --git a/roles/network_plugin/canal/templates/cni-canal.conflist.j2 b/roles/network_plugin/canal/templates/cni-canal.conflist.j2
index df696e30b..e4b351133 100644
--- a/roles/network_plugin/canal/templates/cni-canal.conflist.j2
+++ b/roles/network_plugin/canal/templates/cni-canal.conflist.j2
@@ -12,7 +12,9 @@
         "etcd_cert_file": "{{ canal_cert_dir }}/cert.crt",
         "etcd_ca_cert_file": "{{ canal_cert_dir }}/ca_cert.crt",
         "log_level": "info",
-        "log_file_path": "/var/log/calico/cni/cni.log",
+{% if calico_cni_log_file_path %}
+        "log_file_path": "{{ calico_cni_log_file_path }}",
+{% endif %}
         "policy": {
           "type": "k8s"
         },
-- 
GitLab