Updated NIC and K8s cluster (#80)

* lab2 minor resourcegroup updates

* updated k8s version to 1.32 and nic version to v3.7.2

* azure command updates

* resourcegroup updates

* resourcegroup updates

* zonesync updates

* minor updates

Author: sdutta9

auto-lab.sh

@@ -24,7 +24,10 @@
 NAME="n4a-auto-lab.sh"
 VERSION="1"
 LOG_FILE="n4a-autolab.log" # not used yet, but will be soon
-export MY_LOCATION=centralus # can be changed to your location
+if [ -z "$MY_LOCATION" ]; then
+  export MY_LOCATION=centralus
+fi
+# export MY_LOCATION=centralus # can be changed to your location
 
 # On OS X, you can pull your username.  You can also set it yourself for use in the script:
 # export OWNER=<your name>

functions.sh

@@ -401,7 +401,8 @@ function create_aks_cluster1(){
 export MY_AKS1=n4a-aks1
 export MY_AKS2=n4a-aks2
 export MY_NAME=${MY_NAME:-$(whoami)}
-export K8S_VERSION=1.29
+export K8S_VERSION=1.32
+export NIC_VERSION=v3.7.2
 export MY_SUBNET1=$(az network vnet subnet show -g $MY_RESOURCEGROUP -n aks1-subnet --vnet-name n4a-vnet --only-show-errors --query id -o tsv)
 export MY_SUBNET2=$(az network vnet subnet show -g $MY_RESOURCEGROUP -n aks2-subnet --vnet-name n4a-vnet --only-show-errors --query id -o tsv)
 # This requires that you place your JWT file in the labs/lab3 directory and name it nginx-repo.jwt
@@ -441,12 +442,12 @@ function clone_repo(){
 
 if [ -d kubernetes-ingress/deployments ]; then
   EXISTS=1
-  MESSAGE="Use Existing NGINX Ingress Controller Repo"
+  MESSAGE="Use Existing NGINX Ingress Controller Repo version: $NIC_VERSION"
   LGTH=${#MESSAGE}
 else
-  CLONE=`git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v3.3.2`
-  cd kubernetes-ingress/deployments
-  MESSAGE="Cloning NGINX Ingress Controller Repo"
+  CLONE=`git clone https://github.com/nginx/kubernetes-ingress.git --branch $NIC_VERSION`
+#   cd kubernetes-ingress/deployments
+  MESSAGE="Cloning NGINX Ingress Controller Repo version: $NIC_VERSION"
   LGTH=${#MESSAGE}
 fi
 
@@ -471,11 +472,11 @@ kubectl apply -f kubernetes-ingress/deployments/rbac/rbac.yaml
 kubectl apply -f kubernetes-ingress/examples/shared-examples/default-server-secret/default-server-secret.yaml
 kubectl apply -f kubernetes-ingress/deployments/common/nginx-config.yaml
 kubectl apply -f kubernetes-ingress/deployments/common/ingress-class.yaml
-kubectl apply -f kubernetes-ingress/deployments/common/crds/k8s.nginx.org_virtualservers.yaml
-kubectl apply -f kubernetes-ingress/deployments/common/crds/k8s.nginx.org_virtualserverroutes.yaml
-kubectl apply -f kubernetes-ingress/deployments/common/crds/k8s.nginx.org_transportservers.yaml
-kubectl apply -f kubernetes-ingress/deployments/common/crds/k8s.nginx.org_policies.yaml
-kubectl apply -f kubernetes-ingress/deployments/common/crds/k8s.nginx.org_globalconfigurations.yaml`
+kubectl apply -f kubernetes-ingress/config/crd/bases/k8s.nginx.org_virtualservers.yaml
+kubectl apply -f kubernetes-ingress/config/crd/bases/k8s.nginx.org_virtualserverroutes.yaml
+kubectl apply -f kubernetes-ingress/config/crd/bases/k8s.nginx.org_transportservers.yaml
+kubectl apply -f kubernetes-ingress/config/crd/bases/k8s.nginx.org_policies.yaml
+kubectl apply -f kubernetes-ingress/config/crd/bases/k8s.nginx.org_globalconfigurations.yaml`
 
 if [[ -z "$CREATE_NIC_RESOURCES1" ]]; then
     echo -ne $MESSAGE
@@ -579,11 +580,11 @@ kubectl apply -f kubernetes-ingress/deployments/rbac/rbac.yaml
 kubectl apply -f kubernetes-ingress/examples/shared-examples/default-server-secret/default-server-secret.yaml
 kubectl apply -f kubernetes-ingress/deployments/common/nginx-config.yaml
 kubectl apply -f kubernetes-ingress/deployments/common/ingress-class.yaml
-kubectl apply -f kubernetes-ingress/deployments/common/crds/k8s.nginx.org_virtualservers.yaml
-kubectl apply -f kubernetes-ingress/deployments/common/crds/k8s.nginx.org_virtualserverroutes.yaml
-kubectl apply -f kubernetes-ingress/deployments/common/crds/k8s.nginx.org_transportservers.yaml
-kubectl apply -f kubernetes-ingress/deployments/common/crds/k8s.nginx.org_policies.yaml
-kubectl apply -f kubernetes-ingress/deployments/common/crds/k8s.nginx.org_globalconfigurations.yaml`
+kubectl apply -f kubernetes-ingress/config/crd/bases/k8s.nginx.org_virtualservers.yaml
+kubectl apply -f kubernetes-ingress/config/crd/bases/k8s.nginx.org_virtualserverroutes.yaml
+kubectl apply -f kubernetes-ingress/config/crd/bases/k8s.nginx.org_transportservers.yaml
+kubectl apply -f kubernetes-ingress/config/crd/bases/k8s.nginx.org_policies.yaml
+kubectl apply -f kubernetes-ingress/config/crd/bases/k8s.nginx.org_globalconfigurations.yaml`
 
 if [[ -z "$CREATE_NIC_RESOURCES2" ]]; then
     echo -ne $MESSAGE

labs/lab2/readme.md

@@ -63,7 +63,8 @@ For additional information on the script you can run the same command with `-h`
 
     ```bash
     ## Set environment variables
-    export MY_RESOURCEGROUP=s.dutta-workshop
+    export MY_RESOURCEGROUP=${MY_NAME}-n4a-workshop
+    export MY_ID=`az group show -n $MY_RESOURCEGROUP --query "id" -otsv`
     ```
 
 1. Make sure your Terminal is the `nginx-azure-workshops/labs` directory for all commands during this Workshop.
@@ -85,14 +86,19 @@ For additional information on the script you can run the same command with `-h`
         --assign-identity \
         --generate-ssh-keys \
         --public-ip-sku Standard \
-        --custom-data lab2/init.sh
+        --custom-data lab2/init.sh \
+        --scope $MY_ID \
+        --role Owner \
+        --security-type TrustedLaunch \
+        --enable-secure-boot true \
+        --enable-vtpm true
     ```
 
     ```bash
     ##Sample Output##
     {
       "fqdns": "",
-      "id": "/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/s.dutta-workshop/providers/Microsoft.Compute/virtualMachines/n4a-ubuntuvm",
+      "id": "/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/sh.dutta-n4a-workshop/providers/Microsoft.Compute/virtualMachines/n4a-ubuntuvm",
       "identity": {
         "systemAssignedIdentity": "xxxx-xxxx-xxxx-xxxx-xxxx",
         "userAssignedIdentities": {}
@@ -102,7 +108,7 @@ For additional information on the script you can run the same command with `-h`
       "powerState": "VM running",
       "privateIpAddress": "172.16.2.4",
       "publicIpAddress": "<AZURE_ASSIGNED_PUBLICIP>",
-      "resourceGroup": "s.dutta-workshop",
+      "resourceGroup": "sh.dutta-n4a-workshop",
       "zones": ""
     }
     ```
@@ -473,7 +479,7 @@ Similar to how you deployed an Ubuntu VM, you will now deploy a Windows VM.
 1. In your local machine open terminal and make sure you are logged onto your Azure tenant. Set the following Environment variables:
 
     ```bash
-    export MY_RESOURCEGROUP=s.dutta-workshop
+    export MY_RESOURCEGROUP=${MY_NAME}-n4a-workshop
     export MY_VM_IMAGE=cognosys:iis-on-windows-server-2016:iis-on-windows-server-2016:1.2019.1009
     ```
 
@@ -487,7 +493,8 @@ Similar to how you deployed an Ubuntu VM, you will now deploy a Windows VM.
         --vnet-name n4a-vnet \
         --subnet vm-subnet \
         --admin-username azureuser \
-        --public-ip-sku Standard
+        --public-ip-sku Standard \
+        --security-type Standard
     ```
 
     ```bash
@@ -497,13 +504,13 @@ Similar to how you deployed an Ubuntu VM, you will now deploy a Windows VM.
     Consider upgrading security for your workloads using Azure Trusted Launch VMs. To know more about Trusted Launch, please visit https://aka.ms/TrustedLaunch.
     {
     "fqdns": "",
-    "id": "/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/s.dutta-workshop/providers/Microsoft.Compute/virtualMachines/n4a-windowsvm",
+    "id": "/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/sh.dutta-n4a-workshop/providers/Microsoft.Compute/virtualMachines/n4a-windowsvm",
     "location": "centralus",
     "macAddress": "00-0D-3A-96-C5-F1",
     "powerState": "VM running",
     "privateIpAddress": "172.16.2.5",
     "publicIpAddress": "<AZURE_ASSIGNED_PUBLICIP>",
-    "resourceGroup": "s.dutta-workshop",
+    "resourceGroup": "sh.dutta-n4a-workshop",
     "zones": ""
     }
     ```

labs/lab3/nginx-plus-ingress.yaml

@@ -35,7 +35,7 @@ spec:
 #      - name: nginx-log
 #        emptyDir: {}
       containers:
-      - image: private-registry.nginx.com/nginx-ic/nginx-plus-ingress:3.3.2
+      - image: private-registry.nginx.com/nginx-ic/nginx-plus-ingress:3.7.2
         imagePullPolicy: IfNotPresent
         name: nginx-plus-ingress
         ports:
@@ -94,23 +94,23 @@ spec:
         args:
           - -nginx-plus
           - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
-          - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret
           - -nginx-status-port=9000
           - -nginx-status-allow-cidrs=0.0.0.0/0
-         #- -include-year
+          - -report-ingress-status
+          - -enable-oidc
+          - -external-service=nginx-ingress
+          - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret
          #- -enable-cert-manager
          #- -enable-external-dns
          #- -enable-app-protect
          #- -enable-app-protect-dos
          #- -v=3 # Enables extensive logging. Useful for troubleshooting.
-          - -report-ingress-status
-         #- -external-service=nginx-ingress
           - -enable-prometheus-metrics
-          - -enable-oidc
+          - -enable-latency-metrics
          #- -enable-service-insight
           - -global-configuration=$(POD_NAMESPACE)/nginx-configuration
 #      initContainers:
-#      - image: nginx/nginx-ingress:3.2.1
+#      - image: nginx/nginx-ingress:3.7.2
 #        imagePullPolicy: IfNotPresent
 #        name: init-nginx-ingress
 #        command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc']