brentley / appmeshworkshop Goto Github PK

Applying add_time_ms.patch as appears in https://www.appmeshworkshop.com/deployment/updatecrystal/
Results in the "patch does not apply" error

workshop:~/environment $ git apply --stat ecsdemo-crystal/add_time_ms.patch
 code_hash.txt |    2 +-
 src/server.cr |    4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)
workshop:~/environment $ git -C ~/environment/ecsdemo-crystal apply add_time_ms.patch
error: patch failed: src/server.cr:24
error: src/server.cr: patch does not apply

this may be done already

Need to upgrade Helm instructions for v3 - it's mature now and tiller isn't needed anymore, making for a much simpler experience.

Create the baseline infrastructure template to support the workshop.

Deploys the networking infrastructure, IAM resources, and the microservices using ECS and EC2.

ECS: ecsdemo-frontend, ecsdemo-nodejs
EC2: ecsdemo-crystal

Hi,
It seems that in install_appmesh_controller.md, link to content about IRSA points to just appmeshworkshop's index.html. i am not sure this is actually intended but it would more helpful if it connect learners to detailed page about IRSA.

I got an error when deploying the workshop in non-US regions, and I got this error:
An error occurred (ValidationError) when calling the CreateChangeSet operation: Template error: Unable to get mapping for InstanceMap::eu-west-1::AMI

The AMI map includes only US regions, other regions are not in the AMI map, I am trying to play this workshop in France for my customer, it would better if we could enable other regions.

I am trying to add the ami map for DUB, trying to see if there is other issue.

Would like to point out that if STS is not enabled in the region (as you are asking to use a region that we weren't using before) there will be silent failures in EKS to connect to the provisioned EC2 nodes. (errors can be seen if logging is activated in the EKS node).
Just one note of that would sort it.
Thank you

My SSM documment was not parsing properly due to space issues (too many) in the YAML template.

:~/environment $ aws ssm start-session --target $TARGET_EC2

Starting session with SessionId: i-07......

SessionId: i-074.... :
----------ERROR-------
Unable to start shell: failed to start pty since RunAs user ubuntu does not exist

https://www.appmeshworkshop.com/mesh_nodejs/install_helm/

should be moved to

https://www.appmeshworkshop.com/prerequisites/

it does not make sense for the appmeshworkshop attendee to waste time on installing helm with rbac which are really eks related content.

should be part of the same vpc as the ec2 instance -- this may be done already

'xray:GertSamplingStatisticSumaries'

Should be: 'xray:GetSamplingStatisticSummaries'

We should change the retain policy for the repositories, or see if we can completely empty them, and then delete them. I think it is easier to simply change the retain policy, and have a statement in the docs that the repos will exist beyond the lifetime of the workshop.

Failure message:
The repository with name 'appme-cryst-1ohx2vfar9cxh' in registry with id '991225764181' cannot be deleted because it still contains images (Service: AmazonECR; Status Code: 400; Error Code: RepositoryNotEmptyException; Request ID: 450688b7-a9c6-4367-bf73-0d0bce226a34)

The AWS App Mesh Contoller for Kubernetes (https://github.com/aws/aws-app-mesh-controller-for-k8s) plans to GA soon. With that GA, some elements of install and configuration change.

This issue is for tracking updates around install and configuration of the contoller related to GA.

Create cloudformation to build eks cluster... should be part of the same vpc that the ec2 instance builds

Hey there! I noticed some possible problems in some code in this repo. A quick summary of a few of them is below, but let me know if you're interested in seeing a full report or talking about cloud security in general.

severity: serious

filename: ./templates/ci-cd-codepipeline.cfn.yml

line number(s): [204]

resource(s):

IAM role should not allow * resource with PassRole action on its permissions policy

severity: warning

filename: ./templates/ci-cd-codepipeline.cfn.yml

line number(s): [302]

resource(s):

CodeBuild project should specify an EncryptionKey value

severity: warning

filename: ./templates/ci-cd-codepipeline.cfn.yml

line number(s): [204, 240]

resource(s):

IAM role should not allow * resource on its permissions policy

severity: warning

filename: ./templates/ci-cd-codepipeline.cfn.yml

line number(s): [112]

resource(s):

S3 Bucket should have access logging configured

severity: warning

filename: ./templates/ci-cd-codepipeline.cfn.yml

line number(s): [112]

resource(s):

S3 Bucket should have encryption option set

severity: warning

filename: ./templates/amazon-eks-nodegroup-with-spot.yml

line number(s): [339]

resource(s):

Security Groups ingress with an ipProtocol of -1 found

severity: warning

filename: ./templates/amazon-eks-nodegroup-with-spot.yml

line number(s): [339]

resource(s):

Security Groups found ingress with port range instead of just a single port

Hi,

Running the workshop, I face one problem in the Mesh the NodeJS service running on EKS. When executing the command to install the appmesh-controller (https://github.com/brentley/appmeshworkshop/blob/master/content/mesh_nodejs/install_appmesh_controller.md)

helm upgrade -i appmesh-controller eks/appmesh-controller... ,

I receive the following message in the console:

Release "appmesh-controller" does not exist. Installing it now.

Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: [ValidationError(MutatingWebhookConfiguration.webhooks[0]): missing required field "admissionReviewVersions" in io.k8s.api.admissionregistration.v1.MutatingWebhook, ValidationError(MutatingWebhookConfiguration.webhooks[1]): missing required field "admissionReviewVersions" in io.k8s.api.admissionregistration.v1.MutatingWebhook, ValidationError(MutatingWebhookConfiguration.webhooks[2]): missing required field "admissionReviewVersions" in io.k8s.api.admissionregistration.v1.MutatingWebhook, ValidationError(MutatingWebhookConfiguration.webhooks[3]): missing required field "admissionReviewVersions" in io.k8s.api.admissionregistration.v1.MutatingWebhook, ValidationError(MutatingWebhookConfiguration.webhooks[4]): missing required field "admissionReviewVersions" in io.k8s.api.admissionregistration.v1.MutatingWebhook, ValidationError(MutatingWebhookConfiguration.webhooks[5]): missing required field "admissionReviewVersions" in io.k8s.api.admissionregistration.v1.MutatingWebhook, ValidationError(MutatingWebhookConfiguration.webhooks[6]): missing required field "admissionReviewVersions" in io.k8s.api.admissionregistration.v1.MutatingWebhook]

Does anyone knows what could be the issue here?

Thanks in advance!

What is the problem?
The code has typoes
Typoes in https://www.appmeshworkshop.com/appendix/servicediscovery/
line21
Current code :
INSTANCE_IP=$(curl -s $EC2_METADATA/latest/meta-data/local-ipv4);
Expected code:
INSTANCE_IP=$(curl -s $EC2_METADATA/meta-data/local-ipv4);

This is a documentation issue

from:

https://www.appmeshworkshop.com/prerequisites/deploycfn/

brent:/environment $ CFN_TEMPLATE=$(aws cloudformation list-stacks | jq -c '.StackSummaries[].StackName | select( . == "appmesh-workshop" )')
brent:/environment $ echo $CFN_TEMPLATE
"appmesh-workshop" "appmesh-workshop" "appmesh-workshop" "appmesh-workshop" "appmesh-workshop" "appmesh-workshop" "appmesh-workshop" "appmesh-workshop" "appmesh-workshop" "appmesh-workshop" "appmesh-workshop" "appmesh-workshop" "appmesh-workshop" "appmesh-workshop"

The workshop uses eksctl to create Amazon EKS cluster in Run the bootstrap scripts section. The cleanup of the cluster is missing in "Cleanup" chapter, and should be placed before Delete the baseline template section - otherwise CloudFormation fails to delete the baseline stack due to existing EC2 instances in the VPC.

It might be useful to either create a new diagram, or update the existing one specifying the fact that we are using both Fargate and EC2 based containers.

External LB -> Ruby app (EC2) -> Internal LB -> Crystal app (Fargate)

in build-containers scripts, docker build command should be adjusted to find proper Dockerfiles.
docker build -t crystal-service ../ecsdemo-crystal or docker build -t crystal-service ~/environment/ecsdemo-crystal

failed... trying the appmeshworkshop.com

on this step: https://www.appmeshworkshop.com/prerequisites/bootstrapsh/
likely a problem with the fetch_outputs script... there isn't a from_output script and i think something with the syntax is wrong for jq or something... maybe a single quote in a wrong place?

The bug reported in this Issue seem to affect the workshop on this step when trying to describe-task-definition to afterwards register-task-definition failing with the following error message:

Parameter validation failed: Unknown parameter in input: "registeredBy", must be one of: family, taskRoleArn, executionRoleArn, networkMode, containerDefinitions, volumes, placementConstraints, requiresCompatibilities, cpu, memory, tags, pidMode, ipcMode, proxyConfiguration, inferenceAccelerators