Limit scope of logs writable by ipamd container

Reduce the logs exposed to ipamd container to just
`/var/log/aws-routed-eni/` rather than all of `/var/log`

Also correct documented log file defaults:

- `AWS_VPC_K8S_PLUGIN_LOG_FILE` defaults to
`/var/log/aws-routed-eni/plugin.log` in scripts/entrypoint.sh#L44

- `AWS_VPC_K8S_CNI_LOG_FILE` defaults to
`/host/var/log/aws-routed-eni/ipamd.log` in utils/logger/config.go#L47

README.md

@@ -87,7 +87,7 @@ configuration, ipamd always try to keep one extra ENI.
 When number of pods running on the node exceeds the number of addresses on a single ENI, the CNI backend start allocating
 a new ENI and start using following allocation scheme:
 
-For example, a m4.4xlarge node can have up to 8 ENIs, and each ENI can have up to 30 IP addresses. See 
+For example, a m4.4xlarge node can have up to 8 ENIs, and each ENI can have up to 30 IP addresses. See
 [Elastic Network Interfaces documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html) for details.
 
 * If the number of current running Pods is between 0 and 29, ipamd will allocate one more eni. And Warm-Pool size is 2 eni * (30 -1) = 58
@@ -245,7 +245,7 @@ until `WARM_IP_TARGET` free IP addresses are available.
 EC2 API and that might cause throttling of the requests. It is strongly suggested to set `MINIMUM_IP_TARGET` when using `WARM_IP_TARGET`.
 
 If both `WARM_IP_TARGET` and `MINIMUM_IP_TARGET` are set, `ipamd` will attempt to meet both constraints.
-This environment variable overrides `WARM_ENI_TARGET` behavior. For a detailed explanation, see 
+This environment variable overrides `WARM_ENI_TARGET` behavior. For a detailed explanation, see
 [`WARM_ENI_TARGET`, `WARM_IP_TARGET` and `MINIMUM_IP_TARGET`](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/docs/eni-and-ip-target.md).
 
 
@@ -301,7 +301,7 @@ Specifies the loglevel for `ipamd`.
 
 Type: String
 
-Default: Unset
+Default: `/host/var/log/aws-routed-eni/ipamd.log`
 
 Valid Values: `stdout` or a file path
 
@@ -313,7 +313,7 @@ Specifies where to write the logging output of `ipamd`. Either to stdout or to o
 
 Type: String
 
-Default: Unset
+Default: `/var/log/aws-routed-eni/plugin.log`
 
 Valid Values: `stdout` or a file path
 

config/master/aws-k8s-cni-cn.yaml

@@ -109,6 +109,8 @@
           "value": "9001"
         - "name": "AWS_VPC_K8S_CNI_LOGLEVEL"
           "value": "DEBUG"
+        - "name": "AWS_VPC_K8S_CNI_LOG_FILE"
+          "value": "/var/log/aws-routed-eni/ipamd.log"
         - "name": "AWS_VPC_K8S_CNI_VETHPREFIX"
           "value": "eni"
         - "name": "MY_NODE_NAME"
@@ -143,7 +145,7 @@
           "name": "cni-bin-dir"
         - "mountPath": "/host/etc/cni/net.d"
           "name": "cni-net-dir"
-        - "mountPath": "/host/var/log"
+        - "mountPath": "/var/log/aws-routed-eni"
           "name": "log-dir"
         - "mountPath": "/var/run/docker.sock"
           "name": "dockersock"
@@ -162,7 +164,8 @@
           "path": "/etc/cni/net.d"
         "name": "cni-net-dir"
       - "hostPath":
-          "path": "/var/log"
+          "path": "/var/log/aws-routed-eni"
+          "type": "DirectoryOrCreate"
         "name": "log-dir"
       - "hostPath":
           "path": "/var/run/docker.sock"

config/master/aws-k8s-cni-us-gov-east-1.yaml

@@ -109,6 +109,8 @@
           "value": "9001"
         - "name": "AWS_VPC_K8S_CNI_LOGLEVEL"
           "value": "DEBUG"
+        - "name": "AWS_VPC_K8S_CNI_LOG_FILE"
+          "value": "/var/log/aws-routed-eni/ipamd.log"
         - "name": "AWS_VPC_K8S_CNI_VETHPREFIX"
           "value": "eni"
         - "name": "MY_NODE_NAME"
@@ -143,7 +145,7 @@
           "name": "cni-bin-dir"
         - "mountPath": "/host/etc/cni/net.d"
           "name": "cni-net-dir"
-        - "mountPath": "/host/var/log"
+        - "mountPath": "/var/log/aws-routed-eni"
           "name": "log-dir"
         - "mountPath": "/var/run/docker.sock"
           "name": "dockersock"
@@ -162,7 +164,8 @@
           "path": "/etc/cni/net.d"
         "name": "cni-net-dir"
       - "hostPath":
-          "path": "/var/log"
+          "path": "/var/log/aws-routed-eni"
+          "type": "DirectoryOrCreate"
         "name": "log-dir"
       - "hostPath":
           "path": "/var/run/docker.sock"

config/master/aws-k8s-cni-us-gov-west-1.yaml

@@ -109,6 +109,8 @@
           "value": "9001"
         - "name": "AWS_VPC_K8S_CNI_LOGLEVEL"
           "value": "DEBUG"
+        - "name": "AWS_VPC_K8S_CNI_LOG_FILE"
+          "value": "/var/log/aws-routed-eni/ipamd.log"
         - "name": "AWS_VPC_K8S_CNI_VETHPREFIX"
           "value": "eni"
         - "name": "MY_NODE_NAME"
@@ -143,7 +145,7 @@
           "name": "cni-bin-dir"
         - "mountPath": "/host/etc/cni/net.d"
           "name": "cni-net-dir"
-        - "mountPath": "/host/var/log"
+        - "mountPath": "/var/log/aws-routed-eni"
           "name": "log-dir"
         - "mountPath": "/var/run/docker.sock"
           "name": "dockersock"
@@ -162,7 +164,8 @@
           "path": "/etc/cni/net.d"
         "name": "cni-net-dir"
       - "hostPath":
-          "path": "/var/log"
+          "path": "/var/log/aws-routed-eni"
+          "type": "DirectoryOrCreate"
         "name": "log-dir"
       - "hostPath":
           "path": "/var/run/docker.sock"

config/master/aws-k8s-cni.yaml

@@ -109,6 +109,8 @@
           "value": "9001"
         - "name": "AWS_VPC_K8S_CNI_LOGLEVEL"
           "value": "DEBUG"
+        - "name": "AWS_VPC_K8S_CNI_LOG_FILE"
+          "value": "/var/log/aws-routed-eni/ipamd.log"
         - "name": "AWS_VPC_K8S_CNI_VETHPREFIX"
           "value": "eni"
         - "name": "MY_NODE_NAME"
@@ -143,7 +145,7 @@
           "name": "cni-bin-dir"
         - "mountPath": "/host/etc/cni/net.d"
           "name": "cni-net-dir"
-        - "mountPath": "/host/var/log"
+        - "mountPath": "/var/log/aws-routed-eni"
           "name": "log-dir"
         - "mountPath": "/var/run/docker.sock"
           "name": "dockersock"
@@ -162,7 +164,8 @@
           "path": "/etc/cni/net.d"
         "name": "cni-net-dir"
       - "hostPath":
-          "path": "/var/log"
+          "path": "/var/log/aws-routed-eni"
+          "type": "DirectoryOrCreate"
         "name": "log-dir"
       - "hostPath":
           "path": "/var/run/docker.sock"

config/master/manifests.jsonnet

@@ -153,6 +153,7 @@ local awsnode = {
               livenessProbe: self.readinessProbe,
               env_:: {
                 AWS_VPC_K8S_CNI_LOGLEVEL: "DEBUG",
+                AWS_VPC_K8S_CNI_LOG_FILE: "/var/log/aws-routed-eni/ipamd.log",
                 AWS_VPC_K8S_CNI_VETHPREFIX: "eni",
                 AWS_VPC_ENI_MTU: "9001",
                 MY_NODE_NAME: {
@@ -172,7 +173,7 @@ local awsnode = {
               volumeMounts: [
                 {mountPath: "/host/opt/cni/bin", name: "cni-bin-dir"},
                 {mountPath: "/host/etc/cni/net.d", name: "cni-net-dir"},
-                {mountPath: "/host/var/log", name: "log-dir"},
+                {mountPath: "/var/log/aws-routed-eni", name: "log-dir"},
                 {mountPath: "/var/run/docker.sock", name: "dockersock"},
                 {mountPath: "/var/run/dockershim.sock", name: "dockershim"},
               ],
@@ -182,7 +183,12 @@ local awsnode = {
           volumes: [
             {name: "cni-bin-dir", hostPath: {path: "/opt/cni/bin"}},
             {name: "cni-net-dir", hostPath: {path: "/etc/cni/net.d"}},
-            {name: "log-dir", hostPath: {path: "/var/log"}},
+            {name: "log-dir",
+              hostPath: {
+                path: "/var/log/aws-routed-eni",
+                type: "DirectoryOrCreate",
+              },
+            },
             {name: "dockersock", hostPath: {path: "/var/run/docker.sock"}},
             {name: "dockershim", hostPath: {path: "/var/run/dockershim.sock"}},
           ],