AKS Periscope Kustomize Deployment Script

deploy_aks_periscope.sh

#!/usr/bin/env bash

# AKS Periscope Kustomize Deployment Script

# This script will do the following:
# - create a SAS token valid for 60 minutes
# - deploy AKS Periscope into your cluster
# - collect and save logs into the storage account specified

# Set some variables for where you want the logs uploaded to:
SUBSCRIPTION_NAME='<YOUR SUBSCRIPTION NAME>'
STORAGE_ACCOUNT='<YOUR STORAGE ACCOUNT NAME>'
BLOB_CONTAINER_NAME='periscope'
# https://github.com/Azure/aks-periscope/releases
RELEASE_TAG='0.0.11'
# https://mcr.microsoft.com/en-us/product/aks/periscope/tags
IMAGE_TAG='0.0.11'
RUN_ID=$(date -u '+%Y-%m-%dT%H-%M-%SZ')

# Create a SAS for the storage account
SAS_EXPIRY=$(date -u -d "60 minutes" '+%Y-%m-%dT%H:%MZ')
SAS_TOKEN=$(az storage account generate-sas \
    --account-name "$STORAGE_ACCOUNT" \
    --subscription "$SUBSCRIPTION_NAME" \
    --permissions rwdlacup \
    --services b \
    --resource-types sco \
    --expiry "$SAS_EXPIRY" \
    -o tsv)

# Create a 'kustomization' folder to contain the Periscope resources to be deployed
mkdir ./periscope-deploy || echo "folder cannot be created from current path: [$PWD]"

# Create a YAML file to override the default deployment behaviour
cat <<EOF > ./periscope-deploy/kustomization.yaml
resources:
- https://github.com/azure/aks-periscope//deployment/base?ref=${RELEASE_TAG}

images:
- name: periscope-linux
  newName: mcr.microsoft.com/aks/periscope
  newTag: ${IMAGE_TAG}
- name: periscope-windows
  newName: mcr.microsoft.com/aks/periscope-win
  newTag: ${IMAGE_TAG}

secretGenerator:
- name: azureblob-secret
  behavior: replace
  literals:
  - AZURE_BLOB_ACCOUNT_NAME=${STORAGE_ACCOUNT}
  - AZURE_BLOB_CONTAINER_NAME=${BLOB_CONTAINER_NAME}
  - AZURE_BLOB_SAS_KEY=?${SAS_TOKEN}

configMapGenerator:
- name: diagnostic-config
  behavior: merge
  literals:
  - DIAGNOSTIC_RUN_ID=${RUN_ID}

# add toleration to run on system nodes
patches:
- target:
    group: apps
    kind: DaemonSet
    name: aks-periscope
    version: v1
  patch: |-
    - op: add
      path: '/spec/template/spec/tolerations'
      value:
      - key: CriticalAddonsOnly
        operator: Equal
        value: 'true'
        effect: NoSchedule  
EOF

# Deploy
kubectl apply --kustomize ./periscope-deploy

update_aks_periscope.sh

#!/usr/bin/env bash

# AKS Periscope Update Script

# This script will do the following:
# - create a SAS token valid for 60 minutes
# - update the azureblob-secret
# - trigger new log collection
# - collect and save logs into the storage account specified

# Set some variables for where you want the logs uploaded to:
SUBSCRIPTION_NAME='<YOUR SUBSCRIPTION NAME>'
STORAGE_ACCOUNT='<YOUR STORAGE ACCOUNT NAME>'

# Update to start subsequent diagnostic collections
# Update SAS token (if expired)
SAS_EXPIRY=$(date -u -d "60 minutes" '+%Y-%m-%dT%H:%MZ')
SAS_TOKEN=$(az storage account generate-sas \
    --account-name "$STORAGE_ACCOUNT" \
    --subscription "$SUBSCRIPTION_NAME" \
    --permissions rwdlacup \
    --services b \
    --resource-types sco \
    --expiry "$SAS_EXPIRY" \
    -o tsv)

echo "SAS token is: [$SAS_TOKEN]"

# Update secret
kubectl patch secret -n aks-periscope azureblob-secret -p="{\"data\":{\"AZURE_BLOB_SAS_KEY\": \"$(echo -n "?$SAS_TOKEN" | base64 -w 0)\"}}"

# Update DIAGNOSTIC_RUN_ID to trigger new log collection
runId=$(date -u '+%Y-%m-%dT%H-%M-%SZ')
kubectl patch configmap -n aks-periscope diagnostic-config -p="{\"data\":{\"DIAGNOSTIC_RUN_ID\": \"$runId\"}}"