Merge (#17)

Author: chrisakker

ca-notes/LabOutline.md

@@ -1,11 +1,11 @@
 # Nginx for Azure Workshop Outline / Summary
 
-## Lab 0 - Prequesites - Subscription / Resources
+## Lab 0 - Prerequisites - Subscription / Resources
 ## Lab 1 - Azure VNet/Subnet / Network Security Group / Nginx for Azure Overview
-## Lab 2 - UbuntuVM/Docker / Windows VM / Cafe Demo Deployment 
+## Lab 2 - Ubuntu VM / Docker / Windows VM / Cafe Demo Docker Deployment 
 ## Lab 3 - AKS / Nginx Plus Ingress Deployment / NIC Dashboard
-## Lab 4 - Cafe Demo / Redis Deployment
-## Lab 5 - Nginx for Azure Load Balancing / Reverse Proxy
+## Lab 4 - Cafe Demo / Redis AKS Deployment
+## Lab 5 - Nginx for Azure Load Balancing / Blue/Green/Canary
 ## Lab 6 - Azure Key Vault / TLS Essentials
 ## Lab 7 - Azure Monitoring / Logging Analytics
 ## Lab 8 - Nginx Garage or Azure Petshop
@@ -18,11 +18,11 @@
 
 ## Introduction
 
-This NGINXpert Workshop will explore the Nginx for Azure Service, available and running in Microsoft's Azure Cloud.  As a Cloud Architect, Platform or DevOps Engineer, you will create different Azure Resources and Services, and use Nginx for Azure to load balance, route, terminate TLS, split, cache, rate limit, and use other Nginx functions to manage traffic to these Azure resources.  The Workshop is led by Instructors that will show you how to do these things, and explain the technical and business merits of these solutions with Nginx for Azure.  As you follow along, the Hands On Lab Exercises will show you how to configure Nginx, and integrate with different Azure Services like Azure Key Vault, Azure Monitoring, Azure Logging / Analytics / Grafana.  A variety of different systems and applications are used as examples, including VMs, Docker containers, Kubernetes Clusters, Nginx Ingress Controllers.
+This NGINXpert Workshop will explore the Nginx for Azure Service, available and running in Microsoft's Azure Cloud.  As a Cloud Architect, Platform or DevOps Engineer, you will create different Azure Resources and Services, and use Nginx for Azure to load balance, route, terminate TLS, split, cache, rate limit, and use other Nginx functions to manage traffic to these Azure resources.  The Workshop is led by Instructors that will show you how to do these things, and explain the technical and business merits of these solutions using Nginx for Azure.  As you follow along, the Hands On Lab Exercises will show you how to configure Nginx, and integrate with different Azure Services like Azure Key Vault, Azure Monitoring, Azure Logging / Analytics / Grafana.  A variety of different systems and applications are used as examples, including VMs, Docker containers, Kubernetes Clusters, Nginx Ingress Controllers.
 
-This is an Intermediate, 200 Level Workshop.  Students will require existing skills with Nginx, Azure CLI/Portal, Docker, Linux, and various networking tools.  You will also need a Subscription to Azure for the Hands On Labs, with Owner level access to create and configure various Azure Services.
+*This is an Intermediate, 200 Level Workshop*, Workshop #3 in the **NGINXpert Series**.  Students will require existing skills with Nginx, Azure CLI/Portal, Docker, Linux, and various networking tools.  You will also need a Subscription to Azure for the Hands On Labs, with Owner level access to create and configure various Azure Services.
 
-NGINXpert Workshops are also available for Nginx Basics and Nginx Ingress Controller, which are highly recommended as Prerequisites for this Workshop.  You can find those on Github as well.
+NGINXpert Workshops are also available for Nginx Basics (Workshop #1) and Nginx Ingress Controller (Workshop #2), which are required as Prerequisites for this Workshop.  You can find these Workshops on Github, and there are also Nginx classes available from Nginx University. Microsoft has many great Tutorials and examples on Azure Learning, to get you prepared for this Workshop. You can find those at Microsoft Learn.
 
 ### Lab 0 - Prequesites - Subscription / Resources
 
@@ -104,19 +104,17 @@ Configure Nginx for Azure for Redis applications.
 
 <br/>
 
-### Lab 5 - Nginx Load Balancing / Reverse Proxy
+### Lab 5 - Nginx for Azure Load Balancing / Blue/Green
 
 - Overview
-In this lab, you will configure Nginx for Azure to Load Balance various workloads running in Azure.  After successful configuration and adding Nginx Best Practice parameters, you will Load Test these applications, and test multiple load balancing and request routing parameters to suit different use cases.
+In this lab, you will configure Nginx for Azure to Load Balance various workloads running in Azure.  After successful configuration and adding Nginx Best Practice parameters, you will Load Test these applications, and test multiple load balancing features for different use cases.  You will explore, configure, and test the HTTP Split Clients feature in detail.
 
 - Learning Objectives
 Configure Nginx for Azure, to Load Balance traffic to both AKS Clusters / Nginx Ingress Controllers.
+Profile Redis Leader performance with Redis Benchmark.
+Load test various web applications.
+Configure Nginx for Azure, to Load Balance Nginx Ingress Controllers as a Kubernetes Headless Service.
 Configure HTTP Split Clients, Blue/Green traffic Splitting - route traffic to verious backend systems using 0-100% Ratios.
-Load test the Legacy and Modern web applications.
-Run an HTTP Load Test on Cafe.
-Configure Nginx for Azure, to Load Balance Nginx Ingress Controllers as a Headless Service with ClusterIPs.
-Run a Redis Benchmark test on Redis Leader.
-Configure Nginx for Azure, to Load Balance Nginx Ingress Controllers as a Headless Service with ClusterIPs.
 
 <br/>
 
@@ -166,9 +164,12 @@ In this lab, you will deploy an image rich application, and use Nginx Caching to
 
 - Learning Objectives
 Deploy JuiceShop in AKS cluster.
+Deploy Mygarage on Ubuntu VM.
 Expose JuiceShop with Nginx Ingress Controller.
 Configure Nginx for Azure for load balancing JuiceShop.
+Configure Nginx for Azure for load balancing Mygarage.
 Add Nginx Caching to improve delivery of images.
+Explore, configure, and test HTTP Request Limits
 
 <br/>
 

ca-notes/aks/juiceshop/juiceshop-vs.yaml

@@ -13,7 +13,13 @@ spec:
   - name: juiceshop
     service: juiceshop-svc
     port: 80
-    slow-start: 5s
+    sessionCookie:
+      enable: true
+      name: srv_id
+      path: /
+      expires: 1m
+      domain: .nginxazure.build
+    #slow-start: 5s
     healthCheck:
       enable: true
       port: 3000

ca-notes/n4a-configs/includes/rate_limits.conf

@@ -1,3 +1,8 @@
+# Nginx 4 Azure - Mar 2024
+# Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024
+#
+# Define HTTP Request Limit Zones
+#
 limit_req_zone $binary_remote_addr zone=limitone:10m rate=1r/s;
 limit_req_zone $binary_remote_addr zone=limit10:10m rate=10r/s;
 limit_req_zone $binary_remote_addr zone=limit100:10m rate=100r/s;

ca-notes/n4a-configs/includes/split-clients.conf

@@ -1,21 +1,22 @@
 # Nginx 4 Azure to AKS1/2 NICs and/or UbuntuVMs for Upstreams
 # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024
 # HTTP Split Clients Configuration for AKS Cluster1/Cluster2 or UbuntuVM ratios
+# HTTP to NIC Headless, ClusterIP, no NodePort
 #
 split_clients $request_id $upstream {
 
    # Uncomment the percent wanted for AKS Cluster #1, #2, or UbuntuVM
    #0.1% aks1_ingress;
    #1.0% aks1_ingress;
    #5.0% aks1_ingress;
-   30% aks1_ingress; 
-   #50% aks1_ingress;
+   #30% aks1_ingress; 
+   50% aks1_ingress;
    #80% aks1_ingress;
    #95% aks1_ingress;
    #99% aks1_ingress;
-   #* aks1_ingress;
-   30% aks2_ingress;
-   * cafe_nginx;          # Ubuntu VM containers
-   #* aks1_nic_direct;    # Direct to NIC pods - headless/no nodeport
+   * aks2_ingress;
+   #30% aks2_ingress;
+   #30% cafe_nginx;          # Ubuntu VM containers
+   #* aks1_nic_headless;    # Direct to NIC pods - headless/no nodeport
 
 }

ca-notes/n4a-configs/stream/redis-leader.conf renamed to ca-notes/n4a-configs/stream/redis.example.com.conf

@@ -0,0 +1,28 @@
+# Nginx 4 Azure - Default - Updated Nginx.conf
+# Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024
+#
+user nginx;
+worker_processes auto;
+worker_rlimit_nofile 8192;
+pid /run/nginx/nginx.pid;
+
+events {
+    worker_connections 4000;
+}
+
+error_log /var/log/nginx/error.log error;
+
+http {
+    access_log off;
+    server_tokens "";
+    server {
+        listen 80 default_server;
+        server_name localhost;
+        location / {
+            # Points to a directory with a basic html index file with
+            # a "Welcome to NGINX as a Service for Azure!" page
+            root /var/www;
+            index index.html;
+        }
+    }
+}

labs/lab2/nginx.conf

@@ -42,6 +42,8 @@ By the end of the lab you will be able to:
 
 ## Deploy UbuntuVM with Azure CLI
 
+<< TODO - check variables >>
+
 After logging onto your Azure tenant, set the following Environment variables needed for this lab:
 
 ```bash
@@ -53,22 +55,6 @@ export MY_VM_IMAGE="Canonical:0001-com-ubuntu-server-jammy:server-22_04-lts-gen2
 
 ```
 
-To see a list of UbuntuVMs available to you, try:
-
-```bash
-az vm image list --location $MY_LOCATION --publisher Canonical --output table
-
-```
-
-```bash
-#Sample output
-You are viewing an offline list of images, use --all to retrieve an up-to-date list
-Architecture    Offer                         Publisher    Sku             Urn                                                           UrnAlias    Version
---------------  ----------------------------  -----------  --------------  ------------------------------------------------------------  ----------  ---------
-x64             0001-com-ubuntu-server-jammy  Canonical    22_04-lts-gen2  Canonical:0001-com-ubuntu-server-jammy:22_04-lts-gen2:latest  Ubuntu2204  latest
-
-```
-
 Create the Ubuntu VM:
 
 ```bash
@@ -262,7 +248,15 @@ Leave your SSH Terminal running, you will use it in the next Exercise.
 
 You will now use Docker Compose to create and deploy three Nginx `ingress-demo` containers.  These will be your first group of `backends` that will be used for load balancing with Nginx for Azure.
 
-On the Ubuntu VM, create a new folder in the `/home/azureuser` directory, call it `cafe`.
+1. Inspect the `lab2/docker-compose.yml` file.  Notice you are pulling the `nginxinc/ingress-demo` image, and starting three containers.  The three containers are configured as follows:
+
+Container Name | Name:port
+:-------------:|:------------:
+docker-web1 | ubuntuvm:81
+docker-web2 | ubuntuvm:82
+docker-web3 | ubuntuvm:83
+
+1. On the Ubuntu VM, create a new folder in the `/home/azureuser` directory, call it `cafe`.
 
 ```bash
 azureuser@ubuntuvm: cd $HOME
@@ -272,15 +266,6 @@ azureuser@ubuntuvm: sudo vi docker-compose.yml
 
 ```
 
-Inspect the `lab2/docker-compose.yml` file.  Notice you are pulling the `nginxinc/ingress-demo` image, and starting three containers.  The three containers are configured as follows:
-
-Container Name | Name:port
-:-------------:|:------------:
-docker-web1 | ubuntuvm:81
-docker-web2 | ubuntuvm:82
-docker-web3 | ubuntuvm:83
-
-
 Copy the contents from the `lab2/docker-compose.yml` file, into the same filename on the Ubuntu VM.  Save the file and exit VI.
 
 Start up the three Nginx demo containers.  This tells Docker to read the compose file and start the three containers:
@@ -297,7 +282,7 @@ sudo docker ps -a
 
 ```
 
-It should look similar to this.  Notice that each container is listening on a unique TCP port on the Docker host - Ports 81, 82, and 83 for web1, web2 and web3, respectively.
+It should look similar to this.  Notice that each container is listening on a unique TCP port on the Docker host - Ports 81, 82, and 83 for docker-web1, docker-web2 and docker-web3, respectively.
 
 ```bash
 #Sample output
@@ -337,7 +322,7 @@ tcp6       0      0 :::4431                 :::*                    LISTEN
 
 ```
 
-Yes, looks like ports 81, 82, and 83 are Listening.  Note:  If you used a different VM, you may need some host Firewall rules to allow traffic to the containers.
+Yes, looks like ports 81, 82, and 83 are Listening.  Note:  If you used a different VM, you may need to update the VM Host Firewall rules to allow traffic to the containers.
 
 Test all three containers with curl:
 
@@ -510,7 +495,9 @@ Try the coffee and tea URLs, at http://cafe.example.com/coffee and /tea.
 
 You should see a 200 OK Response.  Did you see the `X-Proxy-Pass` header - set to the Upstream block name.  
 
-Did you notice the `Server` header?  This is the Nginx Server Token. Optional - Change the Server token to your name, and Submit your configuration.  The server_tokens directive is found in the `nginx.conf` file.  Change it from `N4A-$nginx_version`, to `N4A-$nginx_version-myname`, and click Submit.
+Did you notice the `Server` header?  This is the Nginx Server Token. 
+
+**Optional** - Change the Server token to your name, and Submit your configuration.  The server_tokens directive is found in the `nginx.conf` file.  Change it from `N4A-$nginx_version`, to `N4A-$nginx_version-myname`, and click Submit.
 
 Try the curl again.  See the change ?  Set it back if you like, the Server token is usually hidden for Security reasons, but you can use it as a quick identity tool temporarily.  (Which server did I hit?)
 
@@ -539,6 +526,8 @@ Congratulations!!  You have just completed launching a simple web application wi
 
 <br/>
 
+ << TODO - check and fix >>
+
 ## Deploy Windows VM with Azure CLI
 
 After logging onto your Azure tenant, set the following Environment variables needed for this lab:

labs/lab2/readme.md

@@ -15,7 +15,7 @@ spec:
   - name: tea
     service: tea-svc
     port: 80
-    slow-start: 20s
+    #slow-start: 20s
     healthCheck:
       enable: true
       path: /tea
@@ -28,7 +28,7 @@ spec:
   - name: coffee
     service: coffee-svc
     port: 80
-    slow-start: 20s
+    #slow-start: 20s
     healthCheck:
       enable: true
       path: /coffee