diff --git a/roles/ipa/server/files/logrotate_krb5kdc b/roles/ipa/server/files/logrotate_krb5kdc
new file mode 100644
index 0000000000..3d9fd6b27b
--- /dev/null
+++ b/roles/ipa/server/files/logrotate_krb5kdc
@@ -0,0 +1,10 @@
+var/log/krb5kdc.log {
+    missingok
+    notifempty
+    monthly
+    rotate 12
+    compress
+    postrotate
+        systemctl reload krb5kdc.service || true
+    endscript
+}
diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml
index b04a3e2f40..d57d48e9d7 100644
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@@ -613,6 +613,12 @@
   - config
   - krb5
 
+- name: Copy the new krb5 logrotate config
+  ansible.builtin.copy:
+    src: logrotate_krb5kdc
+    dest: /etc/logrotate.d/krb5kdc
+    mode: '0644'
+    backup: yes
 
 - import_tasks: scripts.yml