On a Linux host, the hosted apps running on the cluster are not accessible from the host machine (probably due to the network being private).

# Page 482 of the ebook states
The app is running and the NodePort Service means all nodes are listening on
port 30000, including the control plane node. If you browse to any node’s IP address,
you’ll see the APOD app. Your request is directed to the web Pod on the standard
node, and it makes an API call, which could be directed to a Pod on either node.

On Linux host, since the VMs are setup in a private network, they are not accessible via the Node IP address from the host machine. Instead, the NodePort port number has to be forwarded to the VM nodes in the Vagrantfile (vagrant reload kiamol-control command is needed for changes to take effect) and then the app is available via IP address of the Linux Host on that specified port

control.vm.network "forwarded_port", guest: 30000, host: 30000
control.vm.network "forwarded_port", guest: 30001, host: 30001

Then the RNG app would be accessible from the Linux host by going to the address http://127.0.0.1:30001

validation: chart.metadata is required in vweb-2.0.0.tar.gz

chapter 10

In the chapter 13 lab, fluent-bit would not process annotations and run the nginx parser. Turning on "Annotations" in the configuration also did not seem to result in fluent-bit adding annotations to the log data, so it seems like it's failing to pick up the annotations?

I tried bringing everything down and up again multiple times, with no luck.

Running Docker Desktop with Kubernetes enabled.

In chapter 2 the user is instructed to run the following command to create a simple pod:

kubectl run hello-kiamol --image=kiamol/ch-02-hello-kiamol --restart=Never

The pod is created but it fails to load a docker image, here is the output of kubectl describe pod hello-kiamol:

Warning Failed 2s kubelet Failed to pull image "kiamol/ch-02-hello-kiamol": rpc error: code = Unknown desc = Error response from daemon: pull access denied for kiamol/ch-02-hello-kiamol, repository does not exist or may require 'docker login': denied: requested access to the resource is denied

There is no file named "ch-02-hello-kiamol" anywhere in the repo and no further instruction on where to find this file.

Tried creating all the resources a few times, but the web app fails to create a new todo item.
No relevant logs in the DB container.
Logs from the web app container:

{"EventId":13,"LogLevel":"Error","Category":"Microsoft.AspNetCore.Server.Kestrel","Message":"Connection id \u00220HMGBGEAKMCKG\u0022, Request id \u00220HMGBGEAKMCKG:00000008\u0022: An unhandled exception was thrown by the application.","Exception":"Microsoft.EntityFrameworkCore.DbUpdateException: An error occurred while saving the entity changes. See the inner exception for details. ---\u003E System.InvalidCastException: Cannot write DateTime with Kind=Local to PostgreSQL type \u0027timestamp with time zone\u0027, only UTC is supported. Note that it\u0027s not possible to mix DateTimes with different Kinds in an array/range. See the Npgsql.EnableLegacyTimestampBehavior AppContext switch to enable legacy behavior. at Npgsql.Internal.TypeHandlers.DateTimeHandlers.TimestampTzHandler.ValidateAndGetLength(DateTime value, NpgsqlParameter parameter) at Npgsql.Internal.TypeHandlers.DateTimeHandlers.TimestampTzHandler.ValidateObjectAndGetLength(Object value, NpgsqlLengthCache\u0026 lengthCache, NpgsqlParameter parameter) at Npgsql.NpgsqlParameter.ValidateAndGetLength() at Npgsql.NpgsqlParameterCollection.ValidateAndBind(ConnectorTypeMapper typeMapper) at Npgsql.NpgsqlCommand.ExecuteReader(CommandBehavior behavior, Boolean async, CancellationToken cancellationToken) at Npgsql.NpgsqlCommand.ExecuteReader(CommandBehavior behavior, Boolean async, CancellationToken cancellationToken) at Npgsql.NpgsqlCommand.ExecuteDbDataReaderAsync(CommandBehavior behavior, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Update.ReaderModificationCommandBatch.ExecuteAsync(IRelationalConnection connection, CancellationToken cancellationToken) --- End of inner exception stack trace --- at Microsoft.EntityFrameworkCore.Update.ReaderModificationCommandBatch.ExecuteAsync(IRelationalConnection connection, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Update.Internal.BatchExecutor.ExecuteAsync(IEnumerable\u00601 commandBatches, IRelationalConnection connection, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Update.Internal.BatchExecutor.ExecuteAsync(IEnumerable\u00601 commandBatches, IRelationalConnection connection, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Update.Internal.BatchExecutor.ExecuteAsync(IEnumerable\u00601 commandBatches, IRelationalConnection connection, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.StateManager.SaveChangesAsync(IList\u00601 entriesToSave, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.StateManager.SaveChangesAsync(StateManager stateManager, Boolean acceptAllChangesOnSuccess, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Storage.ExecutionStrategy.\u003C\u003Ec__DisplayClass33_0\u00602.\u003C\u003CExecuteAsync\u003Eb__0\u003Ed.MoveNext() --- End of stack trace from previous location --- at Microsoft.EntityFrameworkCore.Storage.ExecutionStrategy.ExecuteImplementationAsync[TState,TResult](Func\u00604 operation, Func\u00604 verifySucceeded, TState state, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Storage.ExecutionStrategy.ExecuteImplementationAsync[TState,TResult](Func\u00604 operation, Func\u00604 verifySucceeded, TState state, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Storage.ExecutionStrategy.ExecuteAsync[TState,TResult](TState state, Func\u00604 operation, Func\u00604 verifySucceeded, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync(Boolean acceptAllChangesOnSuccess, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync(Boolean acceptAllChangesOnSuccess, CancellationToken cancellationToken) at ToDoList.Services.ToDoService.AddToDoAsync(ToDo todo) in /src/Services/ToDoService.cs:line 44 at ToDoList.Pages.NewModel.OnPostAsync() in /src/Pages/New.cshtml.cs:line 52 at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Convert[T](Object taskAsObject) at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Execute(Object receiver, Object[] arguments) at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeHandlerMethodAsync() at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeNextPageFilterAsync() at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Rethrow(PageHandlerExecutedContext context) at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Next(State\u0026 next, Scope\u0026 scope, Object\u0026 state, Boolean\u0026 isCompleted) at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeInnerFilterAsync() at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeNextResourceFilter\u003Eg__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State\u0026 next, Scope\u0026 scope, Object\u0026 state, Boolean\u0026 isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeFilterPipelineAsync\u003Eg__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeAsync\u003Eg__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.\u003CInvokeAsync\u003Eg__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope) at Microsoft.AspNetCore.Routing.EndpointMiddleware.\u003CInvoke\u003Eg__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger) at Microsoft.AspNetCore.Diagnostics.StatusCodePagesMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication\u00601 application)","State":{"Message":"Connection id \u00220HMGBGEAKMCKG\u0022, Request id \u00220HMGBGEAKMCKG:00000008\u0022: An unhandled exception was thrown by the application.","ConnectionId":"0HMGBGEAKMCKG","TraceIdentifier":"0HMGBGEAKMCKG:00000008","{OriginalFormat}":"Connection id \u0022{ConnectionId}\u0022, Request id \u0022{TraceIdentifier}\u0022: An unhandled exception was thrown by the application."}}

I've got an error on the first run, saying 'Error: release bulletin-board failed, and has been uninstalled due to atomic being set: replicasets.apps is forbidden: User "system:serviceaccount:default:jenkins" cannot list resource "replicasets" in API group "apps" in the namespace "kiamol-ch11-test"' at the run step. I fixed it by adding another rule to the cluster role.

- apiGroups: ["apps"]
  resources: ["replicasets"]
  verbs: ["get","list","create","delete"]

The next iteration had finished successfully, but the subsequent one failed again, now with the "Error: UPGRADE FAILED: "bulletin-board" has no deployed releases" message. Unfortunately, I'm not yet proficient enough in Jenkins to debug it.

Ingress controller couldn't get a namespaces resource:

kubectl logs deploy/ingress-lab-controller -n kiamol-ingress-lab
-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:       0.33.0
  Build:         git-589187c35
  Repository:    https://github.com/kubernetes/ingress-nginx
  nginx version: nginx/1.19.0

-------------------------------------------------------------------------------

I1222 06:29:22.057189       6 flags.go:204] Watching for Ingress class: nginx-lab
W1222 06:29:22.057367       6 flags.go:207] Only Ingresses with class "nginx-lab" will be processed by this Ingress controller
W1222 06:29:22.057700       6 flags.go:249] SSL certificate chain completion is disabled (--enable-ssl-chain-completion=false)
W1222 06:29:22.057848       6 client_config.go:552] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
I1222 06:29:22.058112       6 main.go:218] Creating API client for https://10.96.0.1:443
I1222 06:29:22.064097       6 main.go:262] Running in Kubernetes cluster version v1.18 (v1.18.6) - git (clean) commit dff82dc0de47299ab66c83c626e08b245ab19037 - platform linux/amd64
F1222 06:29:22.070498       6 main.go:98] No namespace with name kiamol-ch15-lab found: namespaces "kiamol-ch15-lab" is forbidden: User "system:serviceaccount:kiamol-ingress-lab:ingress-lab" cannot get resource "namespaces" in API group "" in the namespace "kiamol-ch15-lab"

Solved it by adding another Role:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: ingress-lab-ns
  namespace: kiamol-ch15-lab
rules:
  - apiGroups:
      - ''
    resources:
      - namespaces
    verbs:
      - get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: ingress-lab-ns
  namespace: kiamol-ch15-lab
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-lab-ns
subjects:
  - kind: ServiceAccount
    name: ingress-lab
    namespace: kiamol-ingress-lab

An error has changed to
E1222 06:35:01.076934 6 leaderelection.go:356] Failed to update lock: configmaps "ingress-controller-leader-lab-nginx-lab" is forbidden: User "system:serviceaccount:kiamol-ingress-lab:ingress-lab" cannot update resource "configmaps" in API group "" in the namespace "kiamol-ingress-lab":
but lab now works, so I didn't troubleshoot this one.

The web-ping deployments in chapter 10.2 seem to have network problems for me,
I'm getting the following errors in the logs:

Making request number: 3; at 1620818213949
Error: getaddrinfo EAI_AGAIN kiamol.net
     at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:66:26) {
   errno: 'EAI_AGAIN',
   code: 'EAI_AGAIN',
   syscall: 'getaddrinfo',
   hostname: 'kiamol.net'
 }

I also tried to ssh in the Pod and manually ping some websites, which also did not work.

The very first command after cd fails!

# kubectl apply -f prometheus/
namespace/kiamol-ch14-monitoring created
configmap/prometheus-config created
service/prometheus created
deployment.apps/prometheus created
serviceaccount/prometheus created
resource mapping not found for name: "prometheus" namespace: "" from "prometheus/prometheus.yaml": no matches for kind "ClusterRole" in version "rbac.authorization.k8s.io/v1beta1"
ensure CRDs are installed first
resource mapping not found for name: "prometheus" namespace: "" from "prometheus/prometheus.yaml": no matches for kind "ClusterRoleBinding" in version "rbac.authorization.k8s.io/v1beta1"
ensure CRDs are installed first

The kubernetes cluster is a simple single node k3s vanilla setup. kubectl is an alias for k3s kubectl

# k3s --version
k3s version v1.26.3+k3s1 (01ea3ff2)
go version go1.19.7

Possibly a change in the RBAC API?

Hello,
Working in Chapter 4, near the end. 4.16/17. the "test" todo app was not working. a log on the db server said the "todo" database does not exist... (it does). but on the web app portion i get the following error.

looking for any suggestions, none of this is in my wheelhouse!

│ fail: Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery[7]                                                                                                                                                                                                                 │
│       An exception was thrown while deserializing the token.                                                                                                                                                                                                                 │
│       Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.                                                                                                                                                         │
│        ---> System.Security.Cryptography.CryptographicException: The key {8c1ccb1b-6d47-4efe-aa36-4aee9b69db0c} was not found in the key ring. For more information go to http://aka.ms/dataprotectionwarning                                                                │
│          at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)                                                                                   │
│          at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)                                                                                                                                                      │
│          at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)                                                                                                                                                           │
│          --- End of inner exception stack trace ---                                                                                                                                                                                                                          │
│          at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)                                                                                                                                                           │
│          at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)  

Something about the Gatekeeper deployment seems to be broken,
I am getting the following error when following the exercises and deploying the todo-list/production:

Error from server (InternalError): error when creating "todo-list/production/web.yaml": Internal error occurred: 
failed calling webhook "check-ignore-label.gatekeeper.sh": Post "https://gatekeeper-webhook-service.gatekeeper-
system.svc:443/v1/admitlabel?timeout=5s": x509: certificate relies on legacy Common Name field, 
use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0

Hi.

I'm just having the same error on trying to run the app in the containers. Although I titled it Ch06, the same error occurs in different chapters:

# /ch06 folder

k logs -l app=whoami-web

   at Microsoft.Extensions.Configuration.FileConfigurationProvider.<.ctor>b__1_0()
   at Microsoft.Extensions.Primitives.ChangeToken.ChangeTokenRegistration`1..ctor(Func`1 changeTokenProducer, Action`1 changeTokenConsumer, TState state)
   at Microsoft.Extensions.Primitives.ChangeToken.OnChange(Func`1 changeTokenProducer, Action changeTokenConsumer)
   at Microsoft.Extensions.Configuration.FileConfigurationProvider..ctor(FileConfigurationSource source)
   at Microsoft.Extensions.Configuration.Json.JsonConfigurationSource.Build(IConfigurationBuilder builder)
   at Microsoft.Extensions.Configuration.ConfigurationBuilder.Build()

The container image was updated 6 days ago (https://hub.docker.com/r/kiamol/ch02-whoami), so maybe some change has broken the app or maybe is something else.

Any help would be appreciated.

Thank you.

The todo-list application is consistently broken. I remember it working at first in DIAMOL (which I went through immediately before KIAMOL), but now I'm most of the way through KIAMOL and I can't remember the last time I saw it working.

Attempting to add an item to the list just results in a blank page. The logs indicate some ASP.net error about cross-site scripting and encryption.

Hello,
in ch15 the manifests for the ingress object have the deprecated value networking.k8s.io/v1beta1. This makes them failing on kubernetes servers with version 1.18 or newer.

The correct apiVersion is now "apiVersion: networking.k8s.io/v1"

There's the "Gatekeeper doesn't have mutation functionality" statement in the section 16.4. But it seems like that's going to change soon; check out these docs:

• Proposed mutation design
• Release notes for v3.3.0-beta.2

Hi

I've notice that jenkins pipeline failed in ch 11. Please fix this issue and change this:
ch11/insfrastructure/jenkins.yaml:77:

- apiGroups: ["apps"]
  resources: ["deployments", "replicasets"]
  verbs: ["get","list","create","delete"]

Tested on latest K3S, pulled today.

With path filters so push only build chapter images

https://twitter.com/marvinkturner/status/1414281300786155522

Chapter 15 command produces and error on later API versions,

# kubectl apply -f hello-kiamol/ingress/localhost.yaml 
Error from server (BadRequest): error when creating "hello-kiamol/ingress/localhost.yaml": Ingress in version "v1" cannot be handled as a Ingress: strict decoding error: unknown field "spec.rules[0].http.paths[0].backend.serviceName", unknown field "spec.rules[0].http.paths[0].backend.servicePort"

The fix is to upgrade from the v1beta1 API to v1 API , thus,

diff --git a/ch15/hello-kiamol/ingress/localhost.yaml b/ch15/hello-kiamol/ingress/localhost.yaml
index 83e95a1..d2f5732 100644
--- a/ch15/hello-kiamol/ingress/localhost.yaml
+++ b/ch15/hello-kiamol/ingress/localhost.yaml
@@ -1,4 +1,4 @@
-apiVersion: networking.k8s.io/v1beta1 
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: hello-kiamol
@@ -8,7 +8,10 @@ spec:
   rules:
   - http:
       paths:
-      - path: /
-        backend:
-          serviceName: hello-kiamol
-          servicePort: 80
\ No newline at end of file
+        - pathType: Prefix
+          path: /
+          backend:
+            service:
+              name: hello-kiamol
+              port:
+                number: 80

The rest of the examples in the chapter which use "kind: ingress" also suffer from this.

kubectl get pods -l app=jenkins
NAME READY STATUS RESTARTS AGE
jenkins-759b4544db-7nxtv 0/1 ContainerCreating 0 19m

kubectl describe pods -l app=jenkins

...
...

Events:
Type Reason Age From Message

Normal Scheduled 20m default-scheduler Successfully assigned default/jenkins-759b4544db-7nxtv to docker-desktop
Warning FailedMount 13m kubelet Unable to attach or mount volumes: unmounted volumes=[registry-creds], unattached volumes=[kube-api-access-4lsmj registry-creds]: timed out waiting for the condition
Warning FailedMount 110s (x17 over 20m) kubelet MountVolume.SetUp failed for volume "registry-creds" : secret "registry-creds" not found
Warning FailedMount 10s (x8 over 18m) kubelet Unable to attach or mount volumes: unmounted volumes=[registry-creds], unattached volumes=[registry-creds kube-api-access-4lsmj]: timed out waiting for the condition

in kiamol softcover book 2021 , on page 12

1.3.5 Run a single-node Kubernetes clusterin Azure

in stanza starting with az aks create ... --kubernetes-version 1.18.8

has an error that ver 1.18.8 is not available in location eastus

a possible solution was to use the closest k8s version 1.18.14

This section begins by creating a pod with restart=Never flag
$ kubectl run hello-kiamol --image=kiamol/ch02-hello-kiamol --restart=Never

Then we are instructed to manually delete the container in the pod
$ docker container rm -f $(docker container ls -q --filter label=io.kubernetes.container.name=hello-kiamol)

Then the chapter indicates that the pod should automatically re-scale the pod after it is deleted. However, this does not happen

$ kubectl get pod hello-kiamol                                                                                       
NAME           READY   STATUS                   RESTARTS   AGE
hello-kiamol   0/1     ContainerStatusUnknown   1          7m18s

The subsequent exercises in this chapter can't be run because the container is not running. While I'm not certain, I imagine that run the pod with the restart=Never option prevents the container from restarting after deletion, although I'm not 100% certain on this.

Is this an error or due to a change in k8s version? Frankly an issue this early on makes me want to consider using another resource to learn k8s

After creating a service with following code,

apiVersion: v1
kind: Service
metadata:
  name: sleep-2
spec:
  selector:
    app: sleep-2
  ports:
    - port: 80

the command kubectl exec deploy/sleep-1 -- ping -c 1 sleep-2 will throw error like ping: bad address 'sleep-2' command terminated with exit code 1 ,
while the kubectl exec deploy/sleep-1 -- ping -c 2 $(kubectl get pod -l app=sleep-2 --output jsonpath='{.items[0].status.podIP}') works just fine.

The manual of Kubernetes Service is hard to digest for noobie like me, what's the cause?

Issue:

• Ch 13

> kubectl apply -f fluentbit/


namespace/kiamol-ch13-logging created
configmap/fluent-bit-config created
daemonset.apps/fluent-bit created
serviceaccount/fluent-bit created
clusterrole.rbac.authorization.k8s.io/fluent-bit created
error: resource mapping not found for name: "fluent-bit" namespace: "" from "fluentbit/fluentbit.yaml": no matches for kind "ClusterRoleBinding" in version "rbac.authorization.k8s.io/v1beta1"
ensure CRDs are installed first

Description:
Migrate all ClusterRoleBinding instances from v1beta1 to v1 API version to maintain compatibility with Kubernetes updates.

Reference

• https://kubernetes.io/docs/reference/using-api/deprecation-guide/#rbac-resources-v122

As per title, the jenkins container launches with errors. You can reach jenkins in the browser but the expected default job is not there. Attached output from kubectl logs.
jenkins.txt

Todo-list App

When adding a new item , a 500 server error is returned

After activating Debug log level and setting the application in Development mode , the error is as shown bellow.

FIX

The PR #62 fixes the issue, but the ch04 docker image should be re built and pushed.

For book readers

In the mean time the pull request is accepted/merged, you can build and push your own image from ch04 todo-web docker image by adding the 1 line of code bellow to ch04/docker-images/todo-list/src/Startup.cs as shown in the PR. Then, change the todo-web deployment in ch05 accordingly to use your own image.

 public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        AppContext.SetSwitch("Npgsql.EnableLegacyTimestampBehavior", true);

ERROR

An unhandled exception occurred while processing the request.
InvalidCastException: Cannot write DateTime with Kind=Local to PostgreSQL type 'timestamp with time zone', only UTC is supported. Note that it's not possible to mix DateTimes with different Kinds in an array/range. See the Npgsql.EnableLegacyTimestampBehavior AppContext switch to enable legacy behavior.
Npgsql.Internal.TypeHandlers.DateTimeHandlers.TimestampTzHandler.ValidateAndGetLength(DateTime value, NpgsqlParameter parameter)

Deploy the Service from listing 3.2:

kubectl apply -f numbers/api-service.yaml

Check the Service details:

kubectl get svc numbers-api

Forward a port to the web app:

DOESN'T WORK

kubectl port-forward deploy/numbers-web 8080:80

Error from server (NotFound): deployments.apps "numbers-web" not found

The full message when trying helm repo add stable https://kubernetes-charts.storage.googleapis.com:

Error: repo "https://kubernetes-charts.storage.googleapis.com" is no longer available; try "https://charts.helm.sh/stable" instead

Following the suggestion worked.

Hi. I’m using k3d instead of k3s since I’m on Windows and the load balancer somehow it doesn’t work. I do get an external IP as in the example, but if I try to access it from my browser on the 8080 port I get a connection timeout.

kubectl version
Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.0", GitCommit:"cb303e613a121a29364f75cc67d3d580833a7479", GitTreeState:"clean", BuildDate:"2021-04-08T16:31:21Z", GoVersion:"go1.16.1", Compiler:"gc", Platform:"windows/amd64"}

k3d version
k3d version v4.4.2
k3s version v1.20.6-k3s1 (default)

Any idea what the issue could be?

I am going through chapter 3 and the demo below is just not working for me in Linux:

# start up your lab environment--run Docker Desktop if it's not running--
# and switch to this chapter’s directory in your copy of the source code:
cd ch03
 
# create two Deployments, which each run one Pod:
kubectl apply -f sleep/sleep1.yaml -f sleep/sleep2.yaml
 
# wait for the Pod to be ready:
kubectl wait --for=condition=Ready pod -l app=sleep-2
 
# check the IP address of the second Pod:
kubectl get pod -l app=sleep-2 --output jsonpath='{.items[0].status.podIP}'
 
# use that address to ping the second Pod from the first:
kubectl exec deploy/sleep-1 -- ping -c 2 $(kubectl get pod -l app=sleep-2 --output jsonpath='{.items[0].status.podIP}')

In my case, when running the 3rd command I get:

ch03 git:(master) ✗ sudo kubectl get pod -l app=sleep-2 --output jsonpath='{.items[0].status.podIP}'
error: error executing jsonpath "{.items[0].status.podIP}": Error executing template: array index out of bounds: index 0, length 0. Printing more information for debugging the template:
	template was:
		{.items[0].status.podIP}
	object given to jsonpath engine was:
		map[string]interface {}{"apiVersion":"v1", "items":[]interface {}{}, "kind":"List", "metadata":map[string]interface {}{"resourceVersion":"", "selfLink":""}}

It looks like the pods or containers die quickly. Is it something that just works on Windows and Mac? I am running Linux manjaro with k3 and docker version 20.10.5, build 55c4c88966

Hi, I am trying to do exercise 2.4
I did the following
bartoszbinda@MBP-Bartosz dev % docker container ls -q --filter label=io.kubernetes.container.name=hello-kiamol
28e974b049f8
bartoszbinda@MBP-Bartosz dev % docker container rm -f $(docker container ls -q --filter label=io.kubernetes.container.name=hello-kiamol)
28e974b049f8
bartoszbinda@MBP-Bartosz dev % kubectl get pod hello-kiamol
NAME READY STATUS RESTARTS AGE
hello-kiamol 0/1 ContainerStatusUnknown 1 4h17m
bartoszbinda@MBP-Bartosz dev % kubectl get pod hello-kiamol
NAME READY STATUS RESTARTS AGE
hello-kiamol 0/1 ContainerStatusUnknown 1 4h18m
bartoszbinda@MBP-Bartosz dev % docker container ls -q --filter label=io.kubernetes.container.name=hello-kiamol
bartoszbinda@MBP-Bartosz dev % kubectl get pod hello-kiamol
NAME READY STATUS RESTARTS AGE
hello-kiamol 0/1 ContainerStatusUnknown 1 4h18m

as you can see container is in status unknown and replacement was not automatically created as written in a book

I'm replicating the Try It Now exercise after Listing 4.5, and after deploying the service using ch04/todo-listtodo-web.yaml, I can see the web app, but the /config endpoint generates a 404 error. The app logging is working just fine.

I'm using a Linux setup via WSL2 on Windows. Thanks for the excellent book! :)

I'm facing with issue with setting "ReadOnly" for "todo-list" application. I'm not dotnet expert but i check the configuration file and setting "Database__ReadOnly" is set correctly, but when i apply the "todo-web-readonly.yaml" for minikube, application do not switch into "readonly" mode.

Here is output of printenv from inside container

KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_SERVICE_PORT=443
Database__ReadOnly=true
HOSTNAME=todo-web-8f6fc55f8-9xl4l
ASPNETCORE_ENVIRONMENT=Test
TODO_WEB_SERVICE_HOST=10.111.61.140
TODO_WEB_PORT_8081_TCP_ADDR=10.111.61.140
Logging__LogLevel__Default=Error
ASPNETCORE_URLS=http://+:80
PWD=/app
HOME=/root
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
TODO_WEB_PORT_8081_TCP=tcp://10.111.61.140:8081
TODO_WEB_SERVICE_PORT=8081
TERM=xterm
USER=root
ConfigController__Enabled=false
SHLVL=1
KUBERNETES_PORT_443_TCP_PROTO=tcp
DOTNET_RUNNING_IN_CONTAINER=true
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
ConnectionStrings__ToDoDb=Filename=/data/todo-list.db
KUBERNETES_SERVICE_HOST=10.96.0.1
KUBERNETES_PORT=tcp://10.96.0.1:443
KUBERNETES_PORT_443_TCP_PORT=443
TODO_WEB_PORT=tcp://10.111.61.140:8081
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
TODO_WEB_PORT_8081_TCP_PORT=8081
TODO_WEB_PORT_8081_TCP_PROTO=tcp
DATA_DIRECTORY=/data
_=/usr/bin/printenv

The opa/gatekeeper.yaml file requires modifications to work with Kubernetes 1.22 due to API changes (mainly removal of v1beta1 API). I had to make the following changes to get kubectl to apply it:

• Change all occurrences of apiextensions.k8s.io/v1beta1 in apiVersion to apiextensions.k8s.io/v1 (don't touch the v1beta1s within spec.versions, because those refer to versions of custom resources which Gatekeeper will attempt to use itself)
• Add admissionReviewVersions: ["v1"] to both entries for webhook in the ValidatingWebhookConfiguration
• Remove all spec.version fields in CustomResourceDefinition
• All spec.validation fields in CustomResourcDefiniton must be renamed to schema and moved into each entry in spec.versions
• For the constrainttemplates.templates.gatekeeper.sh CustomResourceDefinition, add type: object to schema.openAPIV3Schema for each entry in spec.versions

This gets kubectl to apply the definitions and the controller runs, but applying the requiredLabels.yaml constraint fails claiming parameters is an unknown field, so it seems there are some additional changes to be made somewhere.

Unable to work on Ch 19 examples with auto-scaling due to metrics-server errors when using Vagrant setup from Ch 18.

❯ kubectl get nodes

NAME             STATUS   ROLES    AGE   VERSION
kiamol-control   Ready    master   20h   v1.18.5
kiamol-node      Ready    <none>   20h   v1.18.5
kiamol-node2     Ready    <none>   46m   v1.18.5
kiamol-node3     Ready    <none>   46m   v1.18.5

❯ kubectl top nodes

Error from server (ServiceUnavailable): the server is currently unable to handle the request (get nodes.metrics.k8s.io)

❯ kubectl -n kube-system logs -l k8s-app=metrics-server

Error from server (NotFound): the server could not find the requested resource ( pods/log metrics-server-85cdc4cd44-b8frr)

❯ kubectl -n kube-system get all -l k8s-app=metrics-server

NAME                                  READY   STATUS    RESTARTS   AGE
pod/metrics-server-85cdc4cd44-b8frr   1/1     Running   0          4m51s

NAME                             READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/metrics-server   1/1     1            1           16m

NAME                                        DESIRED   CURRENT   READY   AGE
replicaset.apps/metrics-server-85cdc4cd44   1         1         1       4m51s
replicaset.apps/metrics-server-9cf886767    0         0         0       16m