From 463e94bec616ac882f681195537c483dad727f5a Mon Sep 17 00:00:00 2001 From: Arnaud Tincelin Date: Sat, 7 Aug 2021 13:08:48 +0200 Subject: [PATCH] Fix: remove hardcoded path to kubeconfig file --- .github/workflows/ci-pipeline.yaml | 1 + .../kustomization_storage_account.yaml | 21 +++++--- docs/kustomize.md | 50 ------------------- pkg/collector/networkoutbound_collector.go | 15 +----- pkg/exporter/azureblob_exporter.go | 21 +++----- pkg/utils/helper.go | 23 --------- 6 files changed, 23 insertions(+), 108 deletions(-) delete mode 100644 docs/kustomize.md diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index abc97ec2..c3add35c 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -109,6 +109,7 @@ jobs: run: | (cd ./deployment && kustomize edit set image aksrepos.azurecr.io/staging/aks-periscope=localhost:5000/periscope:foo) kubectl apply -f <(kustomize build ./deployment) + kubectl -n aks-periscope describe ds aks-periscope kubectl -n aks-periscope wait po --all --for condition=ready --timeout=60s - name: Go tests run: go test -v -race -coverprofile=coverage.out -covermode=atomic ./... diff --git a/deployment/examples/kustomization_storage_account.yaml b/deployment/examples/kustomization_storage_account.yaml index fe9516f8..fc836750 100644 --- a/deployment/examples/kustomization_storage_account.yaml +++ b/deployment/examples/kustomization_storage_account.yaml @@ -1,14 +1,21 @@ +# This is an example file to use an Azure Storage Account to export data +# 3 values are required: +# - AZURE_BLOB_SAS_KEY +# - AZURE_BLOB_ACCOUNT_NAME +# - AZURE_BLOB_CONTAINER_NAME: name of the container where the data will be exported apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: aks-periscope + resources: -- https://github.com/Azure/aks-periscope/blob/master/deployment/kustomization.yaml +- https://github.com/Azure/aks-periscope/deployment// secretGenerator: - name: azureblob-secret literals: - - AZURE_BLOB_SAS_KEY= - + - AZURE_BLOB_SAS_KEY= + patches: - target: group: apps @@ -17,10 +24,12 @@ patches: version: v1 patch: |- - op: add - path: '/spec/template/spec/containers/0/env/-' + path: '/spec/template/spec/containers/0/env' value: - name: AZURE_BLOB_ACCOUNT_NAME - value: + - name: AZURE_BLOB_ACCOUNT_NAME + value: + - name: AZURE_BLOB_CONTAINER_NAME + value: - target: group: apps kind: DaemonSet diff --git a/docs/kustomize.md b/docs/kustomize.md deleted file mode 100644 index d2d6f157..00000000 --- a/docs/kustomize.md +++ /dev/null @@ -1,50 +0,0 @@ -# Deploy with Kustomize - -To store the logs an Azure Blob Service account is required. - -Patch the DeamonSet to add the `AZURE_BLOB_ACCOUNT_NAME` env var: - -```yaml -patches: -- target: - group: apps - kind: DaemonSet - name: aks-periscope - version: v1 - patch: |- - - op: add - path: '/spec/template/spec/containers/0/env/-' - value: - name: AZURE_BLOB_ACCOUNT_NAME - value: your_account_name -``` - -## Connect to the Storage Account using a SAS key - -Create the following secret to connect to the Storage Account using a SAS Key: - -```yaml -secretGenerator: -- name: azureblob-secret - literals: - - AZURE_BLOB_SAS_KEY=your_sas_key_base_64_encoded - -patches: -- target: - group: apps - kind: DaemonSet - name: aks-periscope - version: v1 - patch: |- - - op: add - path: '/spec/template/spec/containers/0/envFrom/-' - value: | - secretRef: - name: azureblob-secret -``` - -## Apply - -```sh -kubectl apply -f <(kustomize build) -``` diff --git a/pkg/collector/networkoutbound_collector.go b/pkg/collector/networkoutbound_collector.go index 218b5692..d761008c 100644 --- a/pkg/collector/networkoutbound_collector.go +++ b/pkg/collector/networkoutbound_collector.go @@ -5,8 +5,6 @@ import ( "fmt" "net" "time" - - "github.com/Azure/aks-periscope/pkg/utils" ) type networkOutboundType struct { @@ -39,11 +37,6 @@ func (collector *NetworkOutboundCollector) GetName() string { // Collect implements the interface method func (collector *NetworkOutboundCollector) Collect() error { - APIServerFQDN, err := utils.GetAPIServerFQDN() - if err != nil { - return err - } - outboundTypes := []networkOutboundType{} outboundTypes = append(outboundTypes, networkOutboundType{ @@ -57,12 +50,6 @@ func (collector *NetworkOutboundCollector) Collect() error { URL: "kubernetes.default.svc.cluster.local:443", }, ) - outboundTypes = append(outboundTypes, - networkOutboundType{ - Type: "AKS Tunnel", - URL: APIServerFQDN + ":443", - }, - ) outboundTypes = append(outboundTypes, networkOutboundType{ Type: "Azure Container Registry", @@ -78,7 +65,7 @@ func (collector *NetworkOutboundCollector) Collect() error { for _, outboundType := range outboundTypes { timeout := time.Duration(5 * time.Second) - _, err = net.DialTimeout("tcp", outboundType.URL, timeout) + _, err := net.DialTimeout("tcp", outboundType.URL, timeout) status := "Connected" if err != nil { diff --git a/pkg/exporter/azureblob_exporter.go b/pkg/exporter/azureblob_exporter.go index 28c00936..6e87a896 100644 --- a/pkg/exporter/azureblob_exporter.go +++ b/pkg/exporter/azureblob_exporter.go @@ -15,10 +15,6 @@ import ( "github.com/Azure/azure-storage-blob-go/azblob" ) -const ( - maxContainerNameLength = 63 -) - // AzureBlobExporter defines an Azure Blob Exporter type AzureBlobExporter struct { hostname string @@ -33,23 +29,18 @@ func NewAzureBlobExporter(creationTime, hostname string) *AzureBlobExporter { } func createContainerURL() (azblob.ContainerURL, error) { - APIServerFQDN, err := utils.GetAPIServerFQDN() - if err != nil { - return azblob.ContainerURL{}, err - } + accountName := os.Getenv("AZURE_BLOB_ACCOUNT_NAME") + sasKey := os.Getenv("AZURE_BLOB_SAS_KEY") + containerName := os.Getenv("AZURE_BLOB_CONTAINER_NAME") - containerName := strings.Replace(APIServerFQDN, ".", "-", -1) - containerLen := strings.Index(containerName, "-hcp-") - if containerLen == -1 { - containerLen = maxContainerNameLength + if accountName == "" || sasKey == "" || containerName == "" { + log.Print("Storage Account information were not provided. Export to Azure Storage Account will be skiped.") + return azblob.ContainerURL{}, nil } - containerName = strings.TrimRight(containerName[:containerLen], "-") ctx := context.Background() pipeline := azblob.NewPipeline(azblob.NewAnonymousCredential(), azblob.PipelineOptions{}) - accountName := os.Getenv("AZURE_BLOB_ACCOUNT_NAME") - sasKey := os.Getenv("AZURE_BLOB_SAS_KEY") ses := utils.GetStorageEndpointSuffix() url, err := url.Parse(fmt.Sprintf("https://%s.blob.%s/%s%s", accountName, ses, containerName, sasKey)) diff --git a/pkg/utils/helper.go b/pkg/utils/helper.go index 44286813..cf8c04ed 100644 --- a/pkg/utils/helper.go +++ b/pkg/utils/helper.go @@ -3,7 +3,6 @@ package utils import ( "bytes" "encoding/json" - "errors" "fmt" "io/ioutil" "log" @@ -132,28 +131,6 @@ func GetHostName() (string, error) { return hostName.HostName, nil } -// GetAPIServerFQDN gets the API Server FQDN from the kubeconfig file -func GetAPIServerFQDN() (string, error) { - output, err := RunCommandOnHost("cat", "/var/lib/kubelet/kubeconfig") - - if err != nil { - return "", fmt.Errorf("Can't open kubeconfig file: %+v", err) - } - - lines := strings.Split(output, "\n") - for _, line := range lines { - index := strings.Index(line, "server: ") - if index >= 0 { - fqdn := line[index+len("server: "):] - fqdn = strings.Replace(fqdn, "https://", "", -1) - fqdn = strings.Replace(fqdn, ":443", "", -1) - return fqdn, nil - } - } - - return "", errors.New("Could not find server definitions in kubeconfig") -} - // RunCommandOnHost runs a command on host system func RunCommandOnHost(command string, arg ...string) (string, error) { args := []string{"--target", "1", "--mount", "--uts", "--ipc", "--net", "--pid"}