Lab 5 - we need to move this out of the course of get started

[linsun]

So I chatted with Jake Kitchener on this as I don't know how to complete some of the steps in lab 5.

https://github.com/IBM/container-service-getting-started-wt/tree/master/Lab%205#2-configure-the-calico-cli

we are asking users to enter etcd url
i don’t even know what that is, for calico config. Jake confirmed that this is documented but not trivial. It is for advanced operator functionality for network admins or security focal only. I'd vote us to remove this section of our k8s get started course.

[jkomg]

It looks like we paste the command into the text, are you saying that it's dangerous for the user to do?

kubectl get cm -n kube-system calico-config -o yaml | grep "etcd_endpoints:" | awk '{ print $2 }

I'm fine with pulling it out if that's what we want to do, though. Just this section on the Calico CLI? Is this a breaking change?

[linsun]

Ok I missed that because that is described in the step below (step 4)... it would be logic to be in step 3 as that is where etcd_Url is first referred.

Anyway, I did run through the lab now mostly... I have to say this is very complicated. The lab didn't explain clearly why someone would do the steps it ask users to do.

Some issues I hit... my vote remains the same, this really doesn't belong to the get started course, could be an advanced admin course:

1. need to ask user to run the export cmd after bx cs cluster-config <cluster_name> --admin

2. should be 'sudo mkdir -p /etc/calico/`

3. 8. Examine the existing network policies. this is missing steps.

4. you should see those objects show up in the Calico API using calicoctl. what exactly is the calicoctl cmd? calicoctl isn't straightforward as kubectl... help is awful...

5. this cmd doesn't work for me:

$ calicoctl get profile k8s_ns.advanced-policy-demo -o yaml

• apiVersion: v1
  kind: profile
  metadata:
  name: k8s_ns.advanced-policy-demo
  spec:
  egress:
  • action: allow
    destination: {}
    source: {}
    ingress:
  • action: allow
    destination: {}
    source: {}

6. my wget failed with different error, could be related to the above issue:

$ kubectl run --namespace=advanced-policy-demo access --rm -ti --image busybox /bin/sh
If you don't see a command prompt, try pressing enter.
/ # wget -q --timeout=5 nginx -O -
wget: bad address 'nginx'
/ # ping nginx

7. this failed
   $ calicoctl apply -f networkpol.yaml
   Failed to execute command: Unknown resource type (NetworkPolicy) and/or version (extensions/v1beta1)

Overall, I feel I'm following the cmds but not knowing what benefit I will gain by doing these steps.