The Brewz Access Method is returning a 404 not found.

k describe pod nginx-plus-ingress-nginx-ingress-755dccf9b5-wctkt -n nginx-ingress
Name:         nginx-plus-ingress-nginx-ingress-755dccf9b5-wctkt
Namespace:    nginx-ingress
Priority:     0
Node:         k3s/10.1.1.5
Start Time:   Wed, 06 Jul 2022 21:15:20 -0500
Labels:       app=nginx-plus-ingress-nginx-ingress
              pod-template-hash=755dccf9b5
Annotations:  prometheus.io/port: 9113
              prometheus.io/scheme: http
              prometheus.io/scrape: true
Status:       Running
IP:           10.42.0.13
IPs:
  IP:           10.42.0.13
Controlled By:  ReplicaSet/nginx-plus-ingress-nginx-ingress-755dccf9b5
Containers:
  nginx-plus-ingress-nginx-ingress:
    Container ID:  containerd://aadd973ed77bc866aba5d492d7193267d75c0a97298e5064239b346e520d498e
    Image:         ghcr.io/codygreen/nginx-plus-ingress:2.2.2-SNAPSHOT-a88b7fe
    Image ID:      ghcr.io/codygreen/nginx-plus-ingress@sha256:af2db8b7fa32a2b021ea6e2a453bca4c05f6a1897dd1c3c82fbee42d9a49c0b8
    Ports:         80/TCP, 443/TCP, 9113/TCP, 8081/TCP
    Host Ports:    0/TCP, 0/TCP, 0/TCP, 0/TCP
    Args:
      -nginx-plus=true
      -nginx-reload-timeout=60000
      -enable-app-protect=true
      -enable-app-protect-dos=true
      -app-protect-dos-debug=false
      -app-protect-dos-max-daemons=0
      -app-protect-dos-max-workers=0
      -app-protect-dos-memory=0
      -nginx-configmaps=$(POD_NAMESPACE)/nginx-plus-ingress-nginx-ingress
      -default-server-tls-secret=$(POD_NAMESPACE)/nginx-plus-ingress-nginx-ingress-default-server-tls
      -ingress-class=nginx
      -health-status=false
      -health-status-uri=/nginx-health
      -nginx-debug=false
      -v=1
      -nginx-status=true
      -nginx-status-port=9000
      -nginx-status-allow-cidrs=0.0.0.0/0
      -report-ingress-status
      -external-service=nginx-plus-ingress-nginx-ingress
      -enable-leader-election=true
      -leader-election-lock-name=nginx-plus-ingress-nginx-ingress-leader-election
      -enable-prometheus-metrics=true
      -prometheus-metrics-listen-port=9113
      -prometheus-tls-secret=
      -enable-custom-resources=true
      -enable-snippets=true
      -enable-tls-passthrough=false
      -enable-preview-policies=false
      -enable-cert-manager=false
      -enable-oidc=false
      -ready-status=true
      -ready-status-port=8081
      -enable-latency-metrics=false
    State:          Running
      Started:      Wed, 06 Jul 2022 21:15:35 -0500
    Ready:          True
    Restart Count:  0
    Readiness:      http-get http://:readiness-port/nginx-ready delay=0s timeout=1s period=1s #success=1 #failure=3
    Environment:
      POD_NAMESPACE:  nginx-ingress (v1:metadata.namespace)
      POD_NAME:       nginx-plus-ingress-nginx-ingress-755dccf9b5-wctkt (v1:metadata.name)
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-t7rvl (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  kube-api-access-t7rvl:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:                      <none>

When the user adds the splits statements with two new actions, we should also tell them to delete the existing action for the /api/recommendations path.

demonstrate a canary deployment using NGINX Plus Ingress Controller. Show how we can go farther than we did on Day 1 due to our limitations of NIC OSS.

Will help resolve YAML formatting issues earlier

The recommendations-v2 upstream YAML is indented one to many times:

Rate limiting seems to be stepping in much earlier than the configured setting. Is it aggregating counts from all the /location blocks, or just the location block it is applied to?

when you update the helm template and commit the changes, the metadata in Argo CD changes but the underlying deployments are not being updated.

ab is used to test API rate-limiting, we need to either:

• tell user to install on their laptop
• add to K3s server and tell the user to use the web shell to execute the ab command

In step 3 of the documentation, the step for editing the virtual-server.yaml file says that the routes section of the file "should look like this"

     - path: /
       matches:
         - conditions:
           - cookie: "app_version"
             value: "dark"
           action:
             pass: spa-dark

I believe it should say that we are updating one part of the routes section, and that the yaml block for the path of / should look like this:

    - path: /
      action:
        pass: spa
      matches:
        - conditions:
          - cookie: "app_version"
            value: "dark"
          action:
            pass: spa-dark

thanks!

Before the command described in the NGINX Dashboard section can be executed, the ssh shell must have elevated permissions.

The following should be added to the documentation

sudo su -

...to be usable. Need to change it to a much longer value such as an hour.

users need to understand that they have to export the KUBECONFIG variable in their shell.

In Fork Infrastructure Repository section, the GitHub CLI command shows a clone example not a fork example

User reported that the cUrl commands in the WAF lab require the -k option to bypass authentication of the UDF proxy.

This may be isolated to a specific scenario. Monitor and see if others are running into it.

Instructions for generating the local kubeconfig don't specify where you should save your kubeconfig file.

It's likely someone will accidentally commit their kubeconfig file if they put it in the directory of the repo and then commit all changes.

• can we remind people to NOT commit their kubeconfig file? Probably best to put that note along where the instructions tell you to commit your changes.
• also, could we get an example of exporting the KUBECONFIG env var? Might help folks based on class questions today.

thanks!!

The following command fails because the cert is installed in the default namespace:

It is "Demo Brews" now. Rename to Brewz

In addition to the options for Docker CLI and Podman, consider including Rancher Desktop as well.

Remove the redirect configuration for the virtual server:

Change the lab so the student deploys NGINX-Ingress, Grafana, and Prometheus via Argo CD using manifests that drive Helm deployments.

We also need Argo CD to update the deployment once a modification to the underlying helm chart is committed in the student's repo.

Build on PR #52 failed with the following error:
Liquid Exception: Liquid syntax error (line 54): Unknown tag 'endraw' in ingress/install_nic_helm.md

This may be causing issue #58

https://github.com/f5devcentral/modern_app_jumpstart_workshop/runs/7273333484?check_suite_focus=true

GitHub pages (Liquid) is still not rendering <GITHUB_USER> element correctly. The behavior is not consistent across pages though:

... to reflect the actual configuration based on all previous exercises in the labs. There are a number of resources missing.

...to include the expected VirtualServer's YAML state built up from all prior exercises.

Create a Day-3 lab that extends upon the metrics demonstrated in Day-1 but with the additional metrics that NGINX Plus provides. Utilize the NGINX Ingress Controller's Grafana dashboard.

At the end of NGINX Dashboard, the Dashboard access method referenced is missing from the access menu in UDF.

Update the lab prerequisites and requirements on:

Extract OpenAPI Spec from the existing application and build a base NAP configuration to protect the Brewz application.

Errors from syslog:

Jul 2 15:29:02 k3s udf-setup.sh[818]: The connection to the server 10.1.1.5:6443 was refused - did you specify the right host or port?
Jul 2 15:29:02 k3s udf-setup.sh[751]: waiting for kube api to be up...
Jul 2 15:29:12 k3s udf-setup.sh[1217]: No resources found in default namespace.
Jul 2 15:29:13 k3s udf-setup.sh[1311]: Error from server (NotFound): serviceaccounts "udf-sa" not found
Jul 2 15:40:48 k3s udf-setup.sh[8047]: fatal: not a git repository (or any of the parent directories): .git
Jul 2 15:40:48 k3s udf-setup.sh[8049]: fatal: not a git repository (or any of the parent directories): .git
Jul 2 15:40:48 k3s udf-setup.sh[8056]: Failed to print the table: Broken pipe
Jul 2 15:40:50 k3s udf-setup.sh[8074]: No resources found in default namespace.

Update the build commands so it works on Mac M1

Rate-limit lab links to the Grafana lab but it needs to link to the A/B test lab.

The image has the information, but add a link to the repo they can clock

This step only clones the repo locally, they need to run additional commands to push this clone to their own github organization (personal account).

Super small thing, but for the rest of the lab we are using the *.yml convention

We should have the student revert the commit versus editing the file:

                         node.kubernetes.io/unreachable:NoExecute op=Exists for 300s

Events:
Type Reason Age From Message

Normal Scheduled 14m default-scheduler Successfully assigned nginx-ingress/nginx-plus-ingress-nginx-ingress-cb8f8d56f-f4bxp to k3s
Normal Pulling 14m kubelet Pulling image "ghcr.io/aknot242/nginx-plus-ingress:2.3.0-SNAPSHOT-979db22"
Normal Pulled 14m kubelet Successfully pulled image "ghcr.io/aknot242/nginx-plus-ingress:2.3.0-SNAPSHOT-979db22" in 15.826648273s
Normal Created 14m kubelet Created container nginx-plus-ingress-nginx-ingress
Normal Started 14m kubelet Started container nginx-plus-ingress-nginx-ingress
Warning Unhealthy 14m (x2 over 14m) kubelet Readiness probe failed: Get "http://10.42.0.13:8081/nginx-ready": dial tcp 10.42.0.13:8081: connect: connection refused

We're missing:

• Install Prometheus
• install Grafana
• Canary
  

  modern_app_jumpstart_workshop/docs/ingress/README.md

  Line 23 in 32d08a4

  ## Steps

Update the lab to instruct the user to check the updated virtual-server.yml file with the health checks back into their repo so Argo CD will push out the changes.

When setting the TAG variable, markdown is not presenting the full command:

Should the document provide a link back to the scenarios list?

Include a link to the UDF blueprint to use in the documentation so that a user can start from the blueprint or the documentation.

...when viewing product details:

May be an Axios call that is trying to inject parameters. Does not happen locally.

https://f5devcentral.github.io/modern_app_jumpstart_workshop/ingress/install_nic.html

The final step in the Update Helm values and Argo CD application manifest includes multiple actions and may result in errors if someone skims it. (I did).

In place of

• Save the file. Stage both changed files, and commit them to your local infra repository. Push the changes to your remote infra repository.

Please consider

• Save the file.
• Stage both changed files, and commit them to your local infra repository.
• Push the changes to your remote infra repository.

The prerequisites section points to the wrong location for requesting a trial NGINX Plus license.

In the rate limit scenarion, the yaml shown for how the virtual-server.yaml should look is missing /inventory and /recommendations routes. This may be that the content is prematurely showing the decoupling from the next exercise.

The virtual server was already listening on 443 with the default cert.

Add a new check via the UDF Shell that detects that our TLS certificate is now being used:

The current screenshot has the wrong name: