Home

Table of Contents

Azure

• Verify the deployment
• Troubleshooting
  • Uninstall profisee and reinstall
  • Connect to container and look at log
  • Check sql connection from container
  • Check connection to fileshare
  • Copying files to/from container
  • "Edit" a value (logging) in web.config
  • Upgrade from one version to another via Azure portal
  • Upgrade from one version to another via uninstall/reinstall
  • Upgrade from one version to another
  • Replace license via uninstall/reinstall
  • Replace license via Azure portal
  • Scale to more than one container
  • Uninstall nginx and reinstall
  • Add cluster ip address to sql
  • Add FileShare volume to container
  • If your SQL password has changed, then you need to update it in kubernetes
  • View container config manager logs "live" in kubernetes
  • Certificate issues with Let's Encrypt
  • Enable Keyvault key rotation
  • Post and Pre Init Scripts
• Troubleshooting with Lens
  • Install Lens (Kubernetes IDE)
  • Enable metrics
  • Add AKS cluster to Lens
  • Connect to pod (container)
  • Replace license with Lens

Verify:

1. Open up cloud shell

   Launch Cloud Shell from the top navigation of the Azure portal.

   

2. Configure kubectl

   az aks get-credentials --resource-group MyResourceGroup --name MyAKSCluster --overwrite-existing
   

3. The initial deploy will have to download the container which takes about 10 minutes. Verify its finished downloading the container:

   kubectl --namespace profisee describe pod profisee-0 #check status and wait for "Pulling" to finish
   

4. Container can be accessed with the following command:

   kubectl --namespace profisee exec -it profisee-0 powershell
   

5. System logs can be accessed with the following command:

   #Configuration log
   Get-Content C:\Profisee\Configuration\LogFiles\SystemLog.log
   #Authentication service log
   Get-Content C:\Profisee\Services\Auth\LogFiles\SystemLog.log
   #WebPortal Log
   Get-Content C:\Profisee\WebPortal\LogFiles\SystemLog.log
   #Gateway log
   Get-Content C:\Profisee\Web\LogFiles\SystemLog.log
   

6. Goto Profisee Platform web portal

   • http(s)://app.company.com/profisee

Troubleshooting:

Uninstall profisee and reinstall

helm --namespace profisee repo add profisee https://profisee.github.io/kubernetes
    helm --namespace profisee uninstall profiseeplatform
    #get settings.yaml from the secret its stored in
    kubectl --namespace profisee get secret profisee-settings -o jsonpath="{.data.Settings\.yaml}" | base64 --decode > Settings.yaml
    #note the name is now just called profiseeplatform without the release name in it like 2020r1
    helm --namespace profisee install profiseeplatform profisee/profisee-platform --values Settings.yaml
    #when installing after uninstalling you get an error that something still exists, run this before the install statement
    helm --namespace profisee template profiseeplatform profisee/profisee-platform | kubectl delete -f - 

Connect to container and look at log

kubectl --namespace profisee exec -it profisee-0 powershell
Get-Content C:\Profisee\Configuration\LogFiles\SystemLog.log

Check sql connection from container

$connectionString = 'Data Source={0};database={1};User ID={2};Password={3}' -f $env:ProfiseeSqlServer,$env:ProfiseeSqlDatabase,$env:ProfiseeSqlUserName,$env:ProfiseeSqlPassword
$sqlConnection = New-Object System.Data.SqlClient.SqlConnection $connectionString
$sqlConnection.Open()
$sqlConnection.Close()

Check connection to fileshare

#map drive to X
$pass=$env:ProfiseeAttachmentRepositoryUserPassword|ConvertTo-SecureString -AsPlainText -Force
$azureCredential = New-Object System.Management.Automation.PsCredential($env:ProfiseeAttachmentRepositoryUserName,$pass)
New-PSDrive -Name "X" -PSProvider "FileSystem" -Root $env:ProfiseeAttachmentRepositoryLocation -Credential $azureCredential -Persist;
#remove mapped drive
Remove-PSDrive X

Copying files to/from container

#copy file to container
kubectl --namespace profisee cp appsettings.json profisee-0:profisee/services/auth/appsettings.json

#copy file from container
kubectl --namespace profisee cp profisee-0:profisee/services/auth/appsettings.json appsettings.json

"Edit" a value (logging) in web.config

((Get-Content -path C:\profisee\services\auth\appsettings.json -Raw) -replace 'Warning','Debug') | Set-Content -Path C:\profisee\services\auth\appsettings.json

Upgrade from one version to another via Azure portal

Goto the kubernetes cluster
Click on Workloads (preview) on left under Kubernetes resources
Click Stateful sets
Click on profisee
Click on YAML on left
Replace the value for image: to use the new release
	Not the image names have changed going forward.  They are always profiseeplatform:releasename.version.
	Example
		Old - 'profisee.azurecr.io/profisee2020r1:0'
		New - 'profisee.azurecr.io/profiseeplatform:2020r1.0'
		Old - 'profisee.azurecr.io/profisee2020r1:1'
		New - 'profisee.azurecr.io/profiseeplatform:2020r1.1'
		New - 'profisee.azurecr.io/profiseeplatform:2020r2.0'
		New - 'profisee.azurecr.io/profiseeplatform:2021r1.0'
Click Review + Save
Check confirm
Save

Upgrade from one version to another via uninstall/reinstall

helm --namespace profisee repo add profisee https://profisee.github.io/kubernetes
helm --namespace profisee uninstall profiseeplatform2020r1
#get settings.yaml from the secret its stored in
kubectl --namespace profisee get secret profisee-settings -o jsonpath="{.data.Settings\.yaml}" | base64 --decode > Settings.yaml
#note the name is now just called profiseeplatform without the release name in it like 2021r1 and image.tag will vary based on the minor release, starting with 0
    #note that by default it installs in the profisee namespace which must exist before.  to create the namespace, run kubectl create namepace profisee
helm --namespace profisee  install profiseeplatform profisee/profisee-platform --values Settings.yaml --set image.repository=profiseeplatform --set image.tag=2021r1.0

Upgrade from one version to another

Create a file named UpdateProfisee.yaml (any name is fine as long as use that file name in the patch statement) that has this content:

spec:
  template:
    spec:
      containers:
      - name: profisee
	image: profisee.azurecr.io/profisee2020r2:preview

Upload to cloud shell drive

Launch Cloud Shell from the top navigation of the Azure portal.
Click upload/download, then upload and chose the file you just created 	

Connect to aks cluster

az aks get-credentials --resource-group MyResourceGroup --name MyAKSCluster --overwrite-existing

Patch it

kubectl --namespace profisee patch statefulset profisee --patch $(Get-Content UpdateProfisee.yaml -Raw)

Replace license via uninstall/reinstall

helm --namespace profisee repo add profisee https://profisee.github.io/kubernetes
helm --namespace profisee uninstall profiseeplatform2020r1
#get settings.yaml from the secret its stored in
kubectl --namespace profisee get secret profisee-settings -o jsonpath="{.data.Settings\.yaml}" | base64 --decode > Settings.yaml
helm --namespace profisee install profiseeplatform profisee/profisee-platform --values Settings.yaml --set licenseFileData=PastedBase64LicenseString

Replace license via Azure portal

Goto the kubernetes cluster
Click on Configuration (preview) on left under Kubernetes resources
Click Secrets
Click on profisee-license
Click on YAML on left
Replace the value under profisee.plic: >- with the new license string.  Be sure to keep the 4 spaces at the begining of the line
Click Review + Save
Check confirm
Save
Then you need to delete the pod
Click on Workloads (preview) on left under Kubernetes resources
Click on Pods
Check the checkbox for Profisee-0
Click Delete on Top
Confirm

Scale to more than one container

#this will add another pod (container) to have two servers that are completely load balanced
kubectl --namespace profisee scale sts profisee --replicas=2

Uninstall nginx and reinstall

#uninstall nginx
helm --namespace profisee uninstall nginx
#install nginx
helm --namespace profisee repo add stable https://charts.helm.sh/stable;
#get profisee nginx settings
curl -fsSL -o nginxSettings.yaml https://raw.githubusercontent.com/profisee/kubernetes/master/Azure-ARM/nginxSettings.yaml;
#NO Let's Encrypt
helm --namespace profisee install nginx stable/nginx-ingress --values nginxSettings.yaml --set controller.service.loadBalancerIP=$publicInIP;
#With Lets Encrypt
$DNSHOSTNAME="myUniqueHostnameInTheRegion"
helm --namespace profisee install nginx stable/nginx-ingress --values nginxSettings.yaml --set controller.service.loadBalancerIP=$publicInIP --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-dns-label-name"=$DNSHOSTNAME

Add cluster ip address to sql

#If you are having odd sql connection issues from the container(s), try adding the outbound ip to the sql firewall
#from in the container run this to get the outbound ip of the cluster
Invoke-RestMethod http://ipinfo.io/json | Select -exp ip
"goto sql server firewall and add it

Add FileShare volume to container

#This can happen if using g an old deployment of 2020r1 before the fileshare was added (before 9/14/2020)
#set these variables
STORAGEACCOUNTNAME="MyStorageAccountName"
FILEREPOPASSWORD="MyStorageAccountAccessKey"
STORAGEACCOUNTFILESHARENAME="files"

#run this for azure cloud shell
curl -fsSL -o StatefullSet_AddAzureFileVolume.yaml "https://raw.githubusercontent.com/profiseedev/kubernetes/master/Azure-ARM/StatefullSet_AddAzureFileVolume.yaml";
STORAGEACCOUNTNAME="$(echo -n "$STORAGEACCOUNTNAME" | base64)"
FILEREPOPASSWORD="$(echo -n "$FILEREPOPASSWORD" | base64 | tr -d '\n')" #The last tr is needed because base64 inserts line breaks after every 76th character
sed -i -e 's/$STORAGEACCOUNTNAME/'"$STORAGEACCOUNTNAME"'/g' StatefullSet_AddAzureFileVolume.yaml
sed -i -e 's/$STORAGEACCOUNTKEY/'"$FILEREPOPASSWORD"'/g' StatefullSet_AddAzureFileVolume.yaml
sed -i -e 's/$STORAGEACCOUNTFILESHARENAME/'"$STORAGEACCOUNTFILESHARENAME"'/g' StatefullSet_AddAzureFileVolume.yaml
kubectl --namespace profisee apply -f StatefullSet_AddAzureFileVolume.yaml

If your SQL password has changed, then you need to update it in kubernetees

Secrets are base64 encoded, so you first need to get the base64 version of the password.
	$OrigString="MyPassword"
	$B64String =[Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($OrigString)) 
	write-host $B64String 
Goto the kubernetes cluster
Click on Configuration (preview) on left under Kubernetes resources
Click Secrets
Click on profisee-secrets
Click on YAML on left
Find ProfiseeSqlPassword and replace it with the base64 version of hte password.
Click Review + Save
Check confirm
Save

View container config manager logs "live" in kubernetes

Starting with 2020R2, the configuration manager log (startup) is now streamed to kubernetes
you can view it by running this, the -f is "follow" and will stream it as it goes (tail)
kubectl --namespace profisee logs profisee-0 -f

Certificate issues with Let's Encrypt

#look at the certificate
kubectl --namespace profisee get certificate
#if Ready is false, then get details
kubectl --namespace profisee describe certificate
#if error, look at the request
kubectl --namespace profisee describe certificaterequest

troubleshooting certificates

troubleshooting acme

    #if the certificxate got issued properly but its still in a false state, delete the certificate and a new one will be issued
    kubectl --namespace profisee delete certificate profisee-tls-ingress

Enable Keyvault key rotation

If you enable keyvault integration when deploying the profisee platofrm with the ARM template and you want to enable key rotation, this is how:

Uninstall CSI driver

helm uninstall --namespace profisee csi-secrets-store-provider-azure

reinstall the driver with the rotate flag

helm install --namespace profisee csi-secrets-store-provider-azure csi-secrets-store-provider-azure/csi-secrets-store-provider-azure --set enableSecretRotation=true

Post and Pre Init Scripts

The latest version of the deployment support post and pre init scripts in the settings.yaml. The setting names are preInitScriptData and postInitScriptData. The scripts must be base64 encoded PowerShell script.

The Pre init script fires before the container startup logic runs. if you need something changed before the container startup logic runs, then put script in here. eg change log levels.

The post init script fires after the container staup logic has run. At this point the pod is fully configured and is running. if you need something changed after the container startup logic runs, then put script in here. eg change oidc information.

Troubleshooting with Lens

Install Lens (Kubernetes IDE)

Main website https://k8slens.dev

Install the latest https://github.com/lensapp/lens/releases/latest

Enable metrics

Lens uses promethius https://prometheus.io/ for metrics

To enable it right cick on node name in left bar and click settings

Scroll down to metrics and click install

Add AKS cluster to Lens

Go to Azure portal, open cloud shell

Run this to "configure" kubectl
az aks get-credentials --resource-group MyResourceGroup --name MyAKSCluster --overwrite-existing

Get contents of kube.config
run kubectl config view --minify --raw
copy all the out put of that command (select with mouse, right click copy)

Go to Lens
Click big plus (+) to add a cluster
Click paste as text
Goto select contect dropdown and choose the cluster
Click outside the dropdown area
Click "Add Cluster(s)"
Wait for it to connect and now Lens is connected to that aks cluster.

Connect to pod (container)

In Lens, choose workloads, then pods
Click on pod - profisee-(x)
Click on the "Pod Shell" left icon in top blue nav bar.  This will "connect" you to the container
Now in the terminal window (bottom), you are "connected" to the pod (container)

Replace license with Lens

In Lens, choose workloads, then Configuration, then secrets
Click on profisee-files
Paste your new license string supplied byb Profisee Support in textbox under profisee.plic
Click save.
Your license has been updated.
You have to detroy the pod and have it recreate itself for it to take affect.