Make control plane log retention configurable

massdriver-cloud · Oct 30, 2023 · ae82bc3 · ae82bc3
1 parent 5e17966
commit ae82bc3
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -74,6 +74,15 @@ Form input parameters for configuring a bundle for deployment.
 - **`fargate`** *(object)*: AWS Fargate provides on-demand, right-sized compute capacity for running containers on EKS without managing node pools or clusters of EC2 instances.
   - **`enabled`** *(boolean)*: Enables EKS Fargate. Default: `False`.
 - **`k8s_version`** *(string)*: The version of Kubernetes to run. Must be one of: `['1.22', '1.23', '1.24', '1.25', '1.26', '1.27']`. Default: `1.27`.
+- **`monitoring`** *(object)*
+  - **`control_plane_log_retention`** *(integer)*: Duration to retain control plane logs in AWS Cloudwatch (Note: control plane logs do not contain application or container logs).
+    - **One of**
+      - 7 days
+      - 30 days
+      - 90 days
+      - 180 days
+      - 1 year
+      - Never expire
 - **`node_groups`** *(array)*
   - **Items** *(object)*: Definition of a node group.
     - **`advanced_configuration_enabled`** *(boolean)*: Default: `False`.
@@ -120,6 +129,9 @@ Form input parameters for configuring a bundle for deployment.
           "enabled": false
       },
       "k8s_version": "1.27",
+      "monitoring": {
+          "control_plane_log_retention": 7
+      },
       "node_groups": [
           {
               "advanced_configuration_enabled": false,
@@ -136,6 +148,9 @@ Form input parameters for configuring a bundle for deployment.
   {
       "__name": "Development",
       "k8s_version": "1.27",
+      "monitoring": {
+          "control_plane_log_retention": 7
+      },
       "node_groups": [
           {
               "instance_type": "t3.medium",
@@ -151,6 +166,9 @@ Form input parameters for configuring a bundle for deployment.
   {
       "__name": "Production",
       "k8s_version": "1.27",
+      "monitoring": {
+          "control_plane_log_retention": 365
+      },
       "node_groups": [
           {
               "instance_type": "c5.2xlarge",

diff --git a/massdriver.yaml b/massdriver.yaml
@@ -29,24 +29,31 @@ params:
         enable_ingress: true
         route53_hosted_zones: []
         enable_efs_csi: false
+      monitoring:
+        control_plane_log_retention: 7
     - __name: Development
       k8s_version: "1.27"
       node_groups:
         - name_suffix: shared
           instance_type: t3.medium
           min_size: 1
           max_size: 10
+      monitoring:
+        control_plane_log_retention: 7
     - __name: Production
       k8s_version: "1.27"
       node_groups:
         - name_suffix: shared
           instance_type: c5.2xlarge
           min_size: 1
           max_size: 10
+      monitoring:
+        control_plane_log_retention: 365
   required:
     - k8s_version
     - node_groups
     - core_services
+    - monitoring
 
   properties:
     k8s_version:
@@ -80,13 +87,19 @@ params:
                   type: array
                   items:
                     $ref: https://raw.githubusercontent.com/massdriver-cloud/json-schemas/main/k8s/namespace.json
+                    not:
+                      enum:
+                        - kube-system
+                        - md-core-services
+                        - md-observability
                   minItems: 1
                   uniqueItems: true
                   title: Fargate Namespaces
                   description: Namespaces that will run in Fargate
                   default:
                     - default
 
+
       properties:
         enabled:
           type: boolean
@@ -262,6 +275,30 @@ params:
                         pattern: ^arn:aws:elasticfilesystem:[a-z0-9-]*:(?:[0-9]{12})?:file-system\/fs-(?:[a-z0-9]+)?$
                         message:
                           pattern: Must be a valid AWS EFS file system ARN
+    monitoring:
+      type: object
+      title: Monitoring
+      required:
+        - control_plane_log_retention
+      properties:
+        control_plane_log_retention:
+          type: integer
+          title: Control Plane Log Retention
+          description: "Duration to retain control plane logs in AWS Cloudwatch (Note: control plane logs do not contain application or container logs)"
+          oneOf:
+            - title: 7 days
+              const: 7
+            - title: 30 days
+              const: 30
+            - title: 90 days
+              const: 60
+            - title: 180 days
+              const: 180
+            - title: 1 year
+              const: 365
+            - title: Never expire
+              const: 0
+
 
 connections:
   required:
@@ -286,6 +323,7 @@ ui:
     - fargate
     - node_groups
     - core_services
+    - monitoring
     - "*"
   node_groups:
     items:

diff --git a/src/logging.tf b/src/logging.tf
@@ -6,5 +6,5 @@ locals {
 resource "aws_cloudwatch_log_group" "control_plane" {
   name              = local.log_group_name
   kms_key_id        = module.kms.key_arn
-  retention_in_days = 7
+  retention_in_days = try(var.monitoring.control_plane_log_retention, 7)
 }