Chapter 6 "Setting up Azure Application Gateway as Kubernetes ingress" refers on page 157 to setup-appgw.sh but is missing

$helm upgrade --install aso ....... --create-namespace -f values.yaml
showing the below error

Description:
I am currently using a sample Azure Kubernetes Service (AKS) cluster against which I am executing chaos tests, using Gremlin. During a voluntary node shutdown using Gremlin, I noticed that the shut down User Pod Node Pool VM does not get back to Ready state with AKS's Node Auto Repair feature. It continues to remain in the NotReady state. I have reported this issue at AKS's GitHub Repository -> Azure/AKS#2406.

A summary description of the incident can be checked out from the issue.

Appreciate your feedback on the matter and guidance if I have missed anything.

In this cluster, I observed that the Pod wso2is-pattern-1-identity-server-statefulset-1 which resided in the above NotReady Worker Node, got evicted after around 5 minutes (which I believe is based on the Pod Toleration node.kubernetes.io/unreachable:NoExecute op=Exists for 300s and as described in Hands-on Kubernetes on Azure).
But this remains in the Terminating state continuously and never completes termination. Hence, the StatefulSet which controls this Pod does not schedule a replacement, in another Worker Node.

Why doesn't the aforementioned StatefulSet controlled Pod complete its termination?

Note:
Please see the discussion on Kubernetes SIG #sig-node for a detailed discussion.

Suggested Assignees:
@NillsF

With the retirement of Google Cloud Registry, images used in the book examples are no longer available. Any idea where they've moved to? For example, gcr.io/google-samples/gb-frontend:v4

In Chapter 6, p. 166, f., "Installing cert-manager" says to execute the command:

kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml

That command appears to execute successfully. However, the next command (p. 168, "Installing the certificate issuer")

kubectl create -f certificate-issuer.yaml

fails with the following error

Error from server (InternalError): error when creating "certificate-issuer.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": x509: certificate signed by unknown authority

This may be due to cert-manager v1.2.0 not being compatible with the current version of Kubernetes running on the nodes. According to https://cert-manager.io/docs/installation/supported-releases/ , cert-manager v1.2.0 is compatible with Kubernetes 1.16 through 1.20

Checking the version of Kubernetes running on the nodes, it is v1.22.11.

$ kubectl get nodes
NAME                                STATUS   ROLES   AGE     VERSION
aks-agentpool-14350620-vmss000000   Ready    agent   2d20h   v1.22.11
aks-agentpool-14350620-vmss000001   Ready    agent   45h     v1.22.11

What appears to have worked for me is to delete the old version of cert-manager using

kubectl delete -f https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml

and then apply the latest version

kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.18.2/cert-manager.yaml

After that the command to create the certificate issuer ran successfully.

Executing p.158, step 3 to create the application gateway responds with an InvalidTemplateDeployment error as shown. The priority for the request routing rule cannot be empty. From the referenced API version, it looks like this may have changed in August 2021. Any assistance would be greatly appreciated.

stuart@Azure:~$ az network application-gateway create -n agic -l westus3 \
>     -g agic --sku Standard_v2 --public-ip-address agic-pip \
>     --vnet-name agic-vnet --subnet agic-subnet
{"error":{"code":"InvalidTemplateDeployment",
"message":"The template deployment 'ag_deploy_VsNtwh6IUWzN8UbB2wPTvM67DoeLuGcn' 
is not valid according to the validation procedure.
The tracking id is '8cfff752-c54f-4f41-9e59-2354a5b90c30'. See inner errors for details.",
"details":[{"code":"ApplicationGatewayRequestRoutingRulePriorityCannotBeEmpty",
"message":"Priority for the request routing rule /subscriptions/25dd85f8-aced-40be-9907-eb81d62d0989/resourceGroups/agic/providers/Microsoft.Network/applicationGateways/agic/requestRoutingRules/rule1 cannot be empty. 
All request routing rules should have a priority defined starting from api-version 2021-08-01","details":[]}]}}

I tried to install both certificate issuer for staging and prod. None of them worked.
CertificateIssuer is waiting: Waiting on certificate issuance from order default/frontend-prod-tls-2dbj6-4175188900: "pending"

Certificate stack in: Issuing certificate as Secret does not exist