Results / Findings Workshop Review 2023-06-10

[wombelix]

Hi everyon,

@marshkkm asked me to do a second Review for the Workshop, please find below my comments and findings. There are still some blocker why it can't be approved yet. But Nothing too serious in my opinion which couldn't be fixed begin of the week, so that the Workshop can be approved and published before the upcoming Event.

I can offer to do a final review, with approval if the below points are addressed, on Wednesday 14th June between 09:00 AM and 12:00 PM CEST, so effectively before most of you start to work, if that helps.

Findings - non blocking

https://studio.us-east-1.prod.workshops.aws/preview/be7b2281-57e8-44d0-a40e-1b7ea0d88f2a/builds/9bb8d6d6-1676-4d2d-b9b4-9df5bc3d518b/en-US https://studio.us-east-1.prod.workshops.aws/preview/be7b2281-57e8-44d0-a40e-1b7ea0d88f2a/builds/9bb8d6d6-1676-4d2d-b9b4-9df5bc3d518b/en-US/10-introduction

• [x] nitpick, I suggest you provide link to a resource about quota increase and also mention that a VPC will be deployed by the stack, so this is a quota which also need to be verified upfront.

https://studio.us-east-1.prod.workshops.aws/preview/be7b2281-57e8-44d0-a40e-1b7ea0d88f2a/builds/9bb8d6d6-1676-4d2d-b9b4-9df5bc3d518b/en-US/10-introduction/13-documentation https://studio.us-east-1.prod.workshops.aws/preview/be7b2281-57e8-44d0-a40e-1b7ea0d88f2a/builds/9bb8d6d6-1676-4d2d-b9b4-9df5bc3d518b/en-US/20-exploring-the-cluster/22-rancher-applications#deploying-rancher-neuvector

• [x] The product name is SUSE NeuVector, not Rancher NeuVector

https://studio.us-east-1.prod.workshops.aws/preview/be7b2281-57e8-44d0-a40e-1b7ea0d88f2a/builds/9bb8d6d6-1676-4d2d-b9b4-9df5bc3d518b/en-US/20-exploring-the-cluster/22-rancher-applications#deploying-rancher-neuvector

• [x] Please highlight in Step 6 that the default password admin NEED to be changed right away (maybe warning box or something)

Do all images have accurate, descriptive alternate text?

• [x] No, still need to be done

Findings - blocking

Deploying the CloudFormation Stack in my Isengard Account failed:

2023-06-10 11:41:21 UTC+0200    rancher-manager-stack   
ROLLBACK_IN_PROGRESS
The following resource(s) failed to create: [EKSCloud9Env]. Rollback requested by user.
2023-06-10 11:41:19 UTC+0200    EKSCloud9Env    
CREATE_FAILED
Cannot create the AWS Cloud9 environment. There was a problem connecting to the environment.

• [x] Tried it twice, same result, seem to run into an timeout, Cloud9 Instance created but always says in "Connecting" state.

Security Group attached to Cloud9:

    "InstanceSecurityGroup": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "Security group for AWS Cloud9 environment aws-cloud9-AWS-RGS-Workshop-d75595fb34c74519a440017621cca419",
        "VpcId": "vpc-076c6d178985a3058"
,        "SecurityGroupIngress": [
          {
            "FromPort": 22,
            "ToPort": 22,
            "IpProtocol": "tcp",
            "CidrIp": "35.172.155.192/27"
          },
          {
            "FromPort": 22,
            "ToPort": 22,
            "IpProtocol": "tcp",
            "CidrIp": "35.172.155.96/27"
          }
        ]
        ,"Tags": [
          {
            "Key": "Name",
            "Value": "aws-cloud9-AWS-RGS-Workshop-d75595fb34c74519a440017621cca419"
          }
        ]
      }
    }

• [x] I wonder about the two (harcoded?) public IPs in the attached security group, leftover from development?

Does the workshop reference/link to the clean-up steps in the introduction or setup chapters? Does the workshop reference/link to the clean-up steps in the introduction or setup chapters, so that this is obvious even for customers who do not complete the workshop?

• [x] Please ensure to add a reference to the last page of the workshop with the clean up instroductions, there are available but need to be mentioned earlier as wlel.

If the workshop references larger bundles of AWS-owned content (for example Lambda source code, sample data sets, etc.), are these stored somewhere central like an Event Engine S3 bucket, or an AWS-owned Github Organization (AWS-Samples etc, see Open Source below)?

• [x] Don't forget that the related GitHub repository need to be changed to public when the Workshop will be published to allow non AWS Event attendees to access the CloudFormation template

https://studio.us-east-1.prod.workshops.aws/preview/be7b2281-57e8-44d0-a40e-1b7ea0d88f2a/builds/9bb8d6d6-1676-4d2d-b9b4-9df5bc3d518b/en-US/20-exploring-the-cluster/23-kubernetes-applications#step-4:

• [x] Both links to the fleet configs are not working, error 404

https://studio.us-east-1.prod.workshops.aws/preview/be7b2281-57e8-44d0-a40e-1b7ea0d88f2a/builds/9bb8d6d6-1676-4d2d-b9b4-9df5bc3d518b/en-US/20-exploring-the-cluster/23-kubernetes-applications#deploying-kubernetes-applications

• [x] Step 5 and Step 6 are empty

https://studio.us-east-1.prod.workshops.aws/preview/be7b2281-57e8-44d0-a40e-1b7ea0d88f2a/builds/9bb8d6d6-1676-4d2d-b9b4-9df5bc3d518b/en-US/30-creating-a-cluster/31-creating-eks-cluster#step-2:-set-up-your-cloud9-environment

• [x] The link to S3 throws access denied, not sure if that link would work from inside Cloud9, couldn't tested it because of the above errors deploying the Stack.

https://studio.us-east-1.prod.workshops.aws/preview/be7b2281-57e8-44d0-a40e-1b7ea0d88f2a/builds/9bb8d6d6-1676-4d2d-b9b4-9df5bc3d518b/en-US/50-additional-integrations#step-2:-create-the-amazon-memorydb-for-redis-cluster

• [x] The link to S3 throws access denied, not sure if that link would work from inside Cloud9, couldn't tested it because of the above errors deploying the Stack.

Could you complete all the steps in the workshop without error?

• [x] Wasn't able to deploy the Stack and follow along the steps outlined in the workshop

[marshkkm]

@wombelix We're tackling some of these now...

I have a question about the hardcoded IPs in the SG for the cloud9 instance. Thats not present in either one of the templates

For workshop studio: static/rke2-eks-cluster-workshop.yaml

For personal account: static/rke2-eks-cluster.yaml

[wombelix]

I have a question about the hardcoded IPs in the SG for the cloud9 instance. Thats not present in either one of the templates

Yep you are right, it's indeed not hardcoded and seem to get somehow generated down the line. Was just thinking earlier if that could have something to do with the connection timeout to the Cloud9 instance, but it can probably be ignored.

[wombelix]

Because you asked me about the region, I tried us-east-1 and it looks like that other regions would not even work because of missing AMI mappings:

Template error: Unable to get mapping for AWSRegionArch2AMI::us-west-2::HVM64
Template error: Unable to get mapping for AWSRegionArch2AMI::us-west-1::HVM64
Template error: Unable to get mapping for AWSRegionArch2AMI::us-east-2::HVM64

Which opens another Review point:

If the workshop runs only in specific regions, are these clearly listed?

• [x] CloudFormation template does only seem to work in us-east-1, which I didn't see mention yet in the course.

[wombelix]

I have a question about the hardcoded IPs in the SG for the cloud9 instance. Thats not present in either one of the templates

Yep you are right, it's indeed not hardcoded and seem to get somehow generated down the line. Was just thinking earlier if that could have something to do with the connection timeout to the Cloud9 instance, but it can probably be ignored.

"Miracle" solved, those two ranges are the default ones based on the region where cloud9 is deployed, see https://docs.aws.amazon.com/cloud9/latest/user-guide/ip-ranges.html

[zackbradys]

Merged two pull requests (#34 and #35) to address 5 tasks. Currently working on two additional merges to address 4 tasks.

[zackbradys]

Checked off the last task due to the fact we figured out the reason for stack failing to deploy. For now, workshop states and users are only able to deploy in us-east-1.

[marshkkm]

S3 links are using the assetURL directive, a part of the workshop environment. If you're doing this outside of the environment, those won't work.

If you try to preview the workshop, those asset urls are dynamically generated and only work for a certain amount of time before being regened. The workshop studio team is currently working on a way to change this

[zackbradys]

Hey Dominik, all images do have accurate alt text, but the task in this issue only gave the option to check off "no". I want to have all the tasks complete so I checked it off.

[zackbradys]

Hey @wombelix, since this repository is not public yet, here is replacement link so you are able to test the Kubernetes Applications Step 4 Section. Once the repository is public, it will work since the yamls and code are the exact same.

For Fleet Step: https://raw.githubusercontent.com/zackbradys/rancher-customer-demos/main/static/fleet/fleet-local.yaml

[wombelix]

@zackbradys thanks mate, I thought it's a real 404, because aren't they linked to this repo where I have access? But anyway, I trust you that this is solved as soon it went public so let's remove it from the list and also close this Task now as completed. I do a Review now and if necessary, create a new issue.

[zackbradys]

It is inside of this repo, but the link doesn't include to token required to access a raw on github when the repository is private. Today, we tested and verified with the outside link and once the repo is public, it will work. We also added the instructions that were missing during your review.

Appreciate the understanding and looking forward to your review this evening!