[Hack Update] 039-AKS updates to challenges 0-2

039-AKSEnterpriseGrade/.wordlist.txt

@@ -31,3 +31,7 @@ autoscaling
 AKV
 IOPS
 png
+podman
+osm
+YADA
+rootful

039-AKSEnterpriseGrade/Coach/Solution-00.md

@@ -56,6 +56,8 @@ Here are some things to be aware of that we have run into when hosting this hack
 
 ### Docker Desktop
 
+Note that Docker has updated their [pricing scheme](https://www.docker.com/pricing/), and Docker Desktop is only free for personal use. The next section covers an alternative (Podman).
+
 Installing [Docker Desktop](https://www.docker.com/products/docker-desktop/) is optional for students. Docker Desktop will install the Docker CLI and container engine on a Windows or Mac workstation.  Students can use Docker Desktop in Challenge 1 to build and run the sample application's container images on their local workstation. They can also use Docker desktop to publish those container images to Azure Container Registry.
 
 The SQL Server container image referenced in Challenge 1 will not run in Docker Desktop on a Mac device with Apple Silicon (ARM).
@@ -66,3 +68,10 @@ If the student does not have administrator privileges on their workstation, or i
 
 Instead, students can test the containers out by running them in Azure Container Instances.  See the [Coach Guide for Challenge 1](Solution-01.md) for more information.
 
+### Podman
+
+[Podman](https://podman.io/) has become a very good alternative to Docker after the pricing and licensing change Docker carried out on August 31st 2021. It offers out-of-the-box integration with WSL, and most Docker commands work exactly the same. For example, `docker ps -a` will turn into `podman ps -a`.
+
+To install Podman on Windows please follow the [Podman Installation Guide for Windows](https://github.com/containers/podman/blob/main/docs/tutorials/podman-for-windows.md).
+
+One difference that users need to be aware of is that the podman container engine can be started either in rootless or rootful mode. The default is rootful, [rootless](https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md) is interesting for users that don't have admin permissions on their systems.

039-AKSEnterpriseGrade/Coach/Solution-01.md

@@ -4,10 +4,11 @@
 
 ## Notes and Guidance
 
-- Participants can build locally and then upload the images (`docker build`, `docker login` and `docker push`), or let ACR Tasks do the build for them (`az acr build`)
-- If students had any issues getting WSL or Docker Desktop running on their local workstations during Challenge 0, you should direct them to use ACR to do the container builds for them.
+- Participants can build locally and then upload the images (`docker build`, `docker login` and `docker push` for Docker, or `podman build`, `podman login` and `podman push` for Podman), or let ACR Tasks do the build for them (`az acr build`)
+- If students had any issues getting WSL or Docker Desktop running on their local workstations during Challenge 0, you should direct them to use ACR to do the container builds for them. An alternative is Podman, although that is probably going to take longer.
 - Students may not be familiar with SQL Server or how to run it as a container, you may need to point them at the documentation in Challenge 1's Learning Resources.
 - Remind the students to check the documentation for each of the components. They will find information there on HOW to run the apps locally or via ACI.
+- If you let participants run the web container with the environment variable `BRANDING=whatthehack` the web page will be WTH-branded.
 
 ## Before you start
 
@@ -21,32 +22,32 @@ Alternatively, if you have cloned the What The Hack repo, you can navigate to th
 
 ### Local Docker (Option 1)
 
-These commands have been tested on Powershell 7 on Windows 10, with Docker configured for Linux containers, and the utilities `jq` and `curl` installed
+These commands have been tested on Powershell 7 on Windows 11, with podman and the utilities `jq` and `curl` installed:
 
-```bash
+```PowerShell
 # Running SQL Server locally
 $sql_password="Microsoft123!Microsoft123!"
-docker run -e "ACCEPT_EULA=Y" -e "SA_PASSWORD=$sql_password" -p 1433:1433 --name sql -d mcr.microsoft.com/mssql/server:latest
-$sql_ip=$(docker inspect sql | jq -r '.[0].NetworkSettings.Networks.bridge.IPAddress')
+podman run -e "ACCEPT_EULA=Y" -e "SA_PASSWORD=$sql_password" -p 1433:1433 --name sql -d mcr.microsoft.com/mssql/server:latest
+$sql_ip=$(podman inspect sql | jq -r '.[0].NetworkSettings.IPAddress')
 Write-Host "SQL Server running with IP address $sql_ip"
 ```
 
-```bash
+```PowerShell
 # Building and running SQL API locally
 cd api
-docker build -t api:1.0 .
-docker run -d -p 8080:8080 -e "SQL_SERVER_FQDN=${sql_ip}" -e "SQL_SERVER_USERNAME=sa" -e "SQL_SERVER_PASSWORD=${sql_password}" --name api api:1.0
-$api_ip=$(docker inspect api | jq -r '.[0].NetworkSettings.Networks.bridge.IPAddress')
+podman build -t api:1.0 .
+podman run -d -p 8080:8080 -e "SQL_SERVER_FQDN=${sql_ip}" -e "SQL_SERVER_USERNAME=sa" -e "SQL_SERVER_PASSWORD=${sql_password}" --name api api:1.0
+$api_ip=$(podman inspect api | jq -r '.[0].NetworkSettings.IPAddress')
 Write-Host "API container running with IP address $api_ip"
 curl "127.0.0.1:8080/api/healthcheck"
 ```
 
 ```bash
 # Run Web frontend
 cd ../web
-docker build -t web:1.0 .
-docker run -d -p 8081:80 -e "API_URL=http://${api_ip}:8080" --name web web:1.0
-$web_ip=$(docker inspect web | jq -r '.[0].NetworkSettings.Networks.bridge.IPAddress')
+podman build -t web:1.0 .
+podman run -d -p 8081:80 -e "API_URL=http://${api_ip}:8080" -e "BRANDING=whatthehack" --name web web:1.0
+$web_ip=$(podman inspect web | jq -r '.[0].NetworkSettings.IPAddress')
 Write-Host "You can point your browser to http://127.0.0.1:8081 to verify the app"
 ```
 
@@ -58,60 +59,70 @@ Note the `Healthcheck: OK` and the SQL version retrieved from the SQL database.
 
 ### ACR & ACI (Option 2)
 
-These commands have been tested on a zsh shell:
+These commands have been tested on a zsh shell in an Ubuntu 20.04 WSL environment:
 
 ```bash
 # Create RG and ACR
-rg=hack$RANDOM
+prefix=$RANDOM
+rg=hack$prefix
 acr_name=$rg
 location=westeurope
-az group create -n "$rg" -l "$location"
-az acr create -n "$acr_name" -g "$rg" --sku Standard
+az group create -n "$rg" -l "$location" -o none
+az acr create -n "$acr_name" -g "$rg" --sku Standard -o none
 ```
 
 ```bash
-# Build images
-cd ./Student/Resources
+# Build images (from the YADA repo cloned to the local machine)
 cd api
 az acr build -r "$acr_name" -t hack/sqlapi:1.0 .
 cd ../web
 az acr build -r "$acr_name" -t hack/web:1.0 .
 az acr repository list -n "$acr_name" -o table
+az acr repository show-tags -n $acr_name --repository hack/sqlapi -o tsv
+az acr repository show-tags -n $acr_name --repository hack/web -o tsv
 cd ../
 ```
 
 ```bash
 # Create SQL DB
-sql_server_name=sqlserver$RANDOM
+sql_server_name=sqlserver$prefix
 sql_db_name=mydb
 sql_username=azure
-sql_password=Microsoft123!
-az sql server create -n "$sql_server_name" -g "$rg" -l "$location" --admin-user "$sql_username" --admin-password "$sql_password"
+sql_password='Microsoft123!'
+echo "Creating Azure SQL Database..."
+az sql server create -n "$sql_server_name" -g "$rg" -l "$location" --admin-user "$sql_username" --admin-password "$sql_password" -o none
 sql_server_fqdn=$(az sql server show -n "$sql_server_name" -g "$rg" -o tsv --query fullyQualifiedDomainName)
-az sql db create -n "$sql_db_name" -s "$sql_server_name" -g "$rg" -e Basic -c 5 --no-wait
+az sql db create -n "$sql_db_name" -s "$sql_server_name" -g "$rg" -e Basic -c 5 -o none --no-wait
 ```
 
 ```bash
 # Create API container
 aci_name=sqlapi
-az acr update -n "$acr_name" --admin-enabled true
+az acr update -n "$acr_name" --admin-enabled true -o none
 acr_usr=$(az acr credential show -n "$acr_name" -g "$rg" --query 'username' -o tsv)
 acr_pwd=$(az acr credential show -n "$acr_name" -g "$rg" --query 'passwords[0].value' -o tsv)
+echo "Creating Azure Container Instance..."
 az container create -n "$aci_name" -g $rg  -e "SQL_SERVER_USERNAME=${sql_username}" "SQL_SERVER_PASSWORD=${sql_password}" "SQL_SERVER_FQDN=${sql_server_fqdn}" \
     --image "${acr_name}.azurecr.io/hack/sqlapi:1.0" --ip-address public --ports 8080 \
-    --registry-username "$acr_usr" --registry-password "$acr_pwd"
+    --registry-username "$acr_usr" --registry-password "$acr_pwd" -o none
+sleep 30   # Give time the container to start
 sqlapi_ip=$(az container show -n "$aci_name" -g "$rg" --query ipAddress.ip -o tsv)
+echo "API container running on IP address $sqlapi_ip. Finding out outbound source IP..."
 sqlapi_source_ip=$(curl -s "http://${sqlapi_ip}:8080/api/ip" | jq -r .my_public_ip)
-az sql server firewall-rule create -g "$rg" -s "$sql_server_name" -n public_sqlapi_aci-source --start-ip-address "$sqlapi_source_ip" --end-ip-address "$sqlapi_source_ip"
+echo "Outbound source IP of API container is $sqlapi_source_ip"
+az sql server firewall-rule create -g "$rg" -s "$sql_server_name" -n public_sqlapi_aci-source  -o none \
+    --start-ip-address "$sqlapi_source_ip" --end-ip-address "$sqlapi_source_ip"
 curl "http://${sqlapi_ip}:8080/api/healthcheck"
 curl "http://${sqlapi_ip}:8080/api/sqlsrcip"
 echo "The output of the previous command should have been ${sqlapi_source_ip}"
 ```
 
 ```bash
 # Create Web container
-az container create -n web -g $rg -e "API_URL=http://${sqlapi_ip}:8080" --image "${acr_name}.azurecr.io/hack/web:1.0" --ip-address public --ports 80 \
-  --registry-username "$acr_usr" --registry-password "$acr_pwd"
+echo "Creating Azure Container Instance..."
+az container create -n web -g $rg -e "API_URL=http://${sqlapi_ip}:8080" "BRANDING=whatthehack" \
+  --image "${acr_name}.azurecr.io/hack/web:1.0" --ip-address public --ports 80 \
+  --registry-username "$acr_usr" --registry-password "$acr_pwd" -o none
 web_ip=$(az container show -n web -g "$rg" --query ipAddress.ip -o tsv)
 echo "Please connect your browser to http://${web_ip} to test the correct deployment"
 ```