fix the password cannot contain # and $

2017-12-12 16:56:15 +08:00 · 2017-12-12 16:56:15 +08:00 · 05f952a7cf
--- a/ARM-template/components/storageAccount.json
+++ b/ARM-template/components/storageAccount.json
@ -7,9 +7,6 @@
            "defaultValue": "Standard_LRS",
            "allowedValues": [
                "Standard_LRS",
-                "Standard_GRS",
-                "Standard_RAGRS",
-                "Standard_ZRS",
                "Premium_LRS"
            ],
            "metadata": {
--- a/README.md
+++ b/README.md
@ -12,9 +12,10 @@ This repository contains tools and helm charts to help deploy the [ELK stack](ht
 * Login to your [Azure portal](https://portal.azure.com).

 ## Instructions
-1. Follow [Create Azure Service Principal using Azure portal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) to create an Azure Service Principal and add give access to your subscription.
+1. <a href='create-sp'/>Follow [Create Azure Service Principal using Azure portal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) to create an Azure Service Principal and assign `Contributor` role access to your subscription.

-    Set the `Sign-on URL` to [http://\<dns-prefix>control.\<resource-location>.cloudapp.azure.com](#). This URL will be used your Kubernetes dashboard host name. The `dns-prefix` should be global unique, note it and it will be used later. The `<resource-location>` is the region where you will deploy your ELK.
+    * Set the `Sign-on URL` to [http://\<dns-prefix>control.\<resource-location>.cloudapp.azure.com](#). This URL will be used your Kubernetes dashboard host name. The `dns-prefix` should be global unique, note it and it will be used later. The `<resource-location>` is the region where you will deploy your ELK.
+    * Assign application a contributor role to your subscription. The subsciption is the one where you will deploy the ELK.

    > Note: not all **VM sizes** and **ACS** are supported across all regions. You can check it at [Azure products available by region](https://azure.microsoft.com/en-us/regions/services/)

@ -39,16 +40,21 @@ This repository contains tools and helm charts to help deploy the [ELK stack](ht
   * `Dns prefix` - The DNS name prefix of your Kubernetes controller. It should be the same as the `dns prefix` you specific in your Azure Service Principal.

   * `Registry url`- If using public registry e.g. Docker Hub. The solution will automatically create an Azure Container Registry to host image if it is empty.
-   * `Event hub namespace` - e.g. "myeventhub". If using log stash, keep it `undefined`.
-   * `Event hub key name` - event hub `SETTINGS` find `Shared access policies` e.g. "RootManageSharedAccessKey".  If use log stash, keep it `undefined`.
-   * `Event hub key value` - SAS policy key value.  If using log stash, keep it `undefined`.
-   * `List of event hubs` - event hub `ENTITIES` find `Event Hubs` list the event hubs from which you'd pull events e.g. "insights-logs-networksecuritygroupevent,insights-logs-networksecuritygrouprulecounter".  If using log stash, keep it `undefined`.
+   * `Event hub namespace` - e.g. "myeventhub".
+   * `Event hub key name` - event hub `SETTINGS` find `Shared access policies` e.g. "RootManageSharedAccessKey".
+   * `Event hub key value` - SAS policy key value.
+   * `List of event hubs` - event hub `ENTITIES` find `Event Hubs` list the event hubs from which you'd pull events e.g. "insights-logs-networksecuritygroupevent,insights-logs-networksecuritygrouprulecounter".
   * `Event hub partition count` - partition count of event hubs (all listed event hubs must have the same partition count).
   * `Thread wait interval(s)` - logstash event hub plugin thread wait interval in seconds.
+  
+    > If the logstash get logs from log shipper instead of Azure Event hub, keep the Event hub namespace/key name/key value as `undefined`.
+   
+    > The Event hub namespace, key name, key value and event hubs can format the event hub's connection string: `Endpoint=sb://<namespace>.servicebus.windows.net/;SharedAccessKeyName=<key-name>;SharedAccessKey=<key-value>;EntityPath=<eventhub-name>`. The key should be grant access with `listen`.
+
   * `Data node storage account sku` - storage account sku used by Elasticsearch data node.
   * `Authentication Mode` - authentication mode for accessing Kubernetes dashboard.
      * `Basic Authentication` mode uses `Controller Username` and `Controller Password`.
-      * `Azure Active Directory` mode uses Azure AD service principal for authentication. You need to provide your service principal information:
+      * `Azure Active Directory` mode uses Azure AD service principal for authentication. You need to provide your service principal information which you get at [Step 1](#create-sp):

        * `Azure AD client ID` - [Application ID](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#get-application-id-and-authentication-key)
        * `Azure AD client secret` - [Your generated key](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#get-application-id-and-authentication-key)
@ -62,10 +68,13 @@ This repository contains tools and helm charts to help deploy the [ELK stack](ht
 1. In `Security Settings` panel, provide the following:
     * `SSH public key` - ssh public key for controller node to talk to Kubernetes cluster
     * `Base64 encoded SSH private key` - base64 encoded ssh private key
+
+      > You can generate the SSH public key/private key pair using [js-keygen](https://microsoft.github.io/elk-acs-kubernetes/)
+
     * `Service principal client ID` - Application ID
     * `Service principal client secret` - Your generated key

-     > You can generate the SSH public key/private key pair using [js-keygen](https://microsoft.github.io/elk-acs-kubernetes/)
+      > The `Sercive principal client ID` and `Service principal client secret` are used to create and manage the kubernetes, they can be the client id and secret you get from [Step 1](#create-sp). Ensure the Service principal used here has contributor access to your subscription and in the same tenant with your subscription.

 1. Click OK in Summary panel and create the solution.

@ -78,14 +87,26 @@ After the deployment succeeds, you can find the Kubernetes dashboard and kibana/

  The namespace is `elk-cluster-ns`.

-* Find kibana/elasticsearch/logstash endpoints at `Discovery and Load Balancing` -> `Services` on your Kubernetes dashboard.
+* Find kibana/logstash endpoints at `Discovery and Load Balancing` -> `Services` on your Kubernetes dashboard.

-* To view events from event hubs, go to kibana portal -> `Management` -> `Configure an index pattern` -> input `wad` in `Index name or pattern` textbox -> click Create.
+  > kibana dashboard's credential is the same as controller you specific in Basic Setting.
+
+* To manage the Kubernetes, you can use `kubectl` on controllervm. You can use SSH login to the controllervm, the username/password is specific in Basic Setting.

 ## Troubleshooting
 * For resource deployment failure, you can find more information from Azure Portal.
 * For solution template failure, you can extract logs by ssh to `controllervm`. Deployment log is at `/tmp/output.log`.

+## Related
+
+* [Access kubernetes using web UI (dashboard)](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/)
+* [Manage Kubernetes using kubectl](https://kubernetes.io/docs/reference/kubectl/overview/)
+* [Scale agent nodes in a Container Service cluster](https://docs.microsoft.com/en-us/azure/container-service/dcos-swarm/container-service-scale)
+* [Communication between Kubernetes master and node](https://kubernetes.io/docs/concepts/architecture/master-node-communication/)
+* [Ship log to logstash using log shipper filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html)
+* [Azure Event Hubs](https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-features)
+
+
 ## License
  This project is under MIT license.

--- a/helm-charts/config.yaml
+++ b/helm-charts/config.yaml
@ -22,7 +22,7 @@ kibana:
  replicaCount: 1
  env:
    USERNAME: ${USERNAME}
-    PASSWORD: ${PASSWORD}
+    PASSWORD: '${PASSWORD}'

 logstash:
  image: