removed countdash, added envoy with curl, intentions, nomad alloc exe…

…c -job, added a link to practitioner blog

Vagrantfile

@@ -90,6 +90,11 @@ touch /var/log/vault_audit.log
 vault audit enable file file_path=/var/log/vault_audit.log
 VAULT
 
+$consul = <<CONSUL
+echo "Creating an intention..."
+consul intention create -deny traefik '*'
+CONSUL
+
 Vagrant.configure("2") do |config|
   # Start from this base box
   config.vm.box = "hashicorp/bionic64"
@@ -141,5 +146,8 @@ Vagrant.configure("2") do |config|
     # Expose the traefik service ports to the host
     secondary.vm.network "forwarded_port", guest: 80, host: 8081, auto_correct: true, host_ip: "127.0.0.1"
     secondary.vm.network "forwarded_port", guest: 443, host: 8444, auto_correct: true, host_ip: "127.0.0.1"
+
+    # set up Consul
+    secondary.vm.provision "shell", inline: $consul
   end
 end

config/nomad.hcl

@@ -13,6 +13,10 @@ client {
   enabled           = true
   network_interface = "eth1"
 
+  meta {        # OPTIONAL -- this is envoy with curl
+    "connect.sidecar_image" = "assareh/envoy:v1.18.3"
+  }
+
   host_volume "traefikee-data" {
     path      = "/opt/traefikee"
     read_only = false

readme.md

@@ -82,22 +82,30 @@ Visit http://localhost:8080/whoami from your desktop. Take note of the value `Re
 #### Consul Connect
 
 ```bash
-nomad run jobs/countdash.nomad
-```
+nomad run jobs/whoami-connect.nomad
 
-Visit http://countdash.localhost:8080/ from your desktop. You should see a dashboard showing Connected and displaying an incrementing counter.
+nomad status
 
-*Note*: You'll need to add `countdash.localhost` to the `127.0.0.1` entry in your `/etc/hosts` file in order to properly resolve the app from your browser.
+curl localhost/whoami
+```
+
+Visit http://localhost:8080/whoami from your desktop. What happens?
 
 ```bash
-nomad run jobs/whoami-connect.nomad
+consul intention match whoami
 
-nomad status
+consul intention create traefik whoami
 
 curl localhost/whoami
 ```
 
-Visit http://localhost:8080/whoami from your desktop. Take note of the value `RemoteAddr`. What is it now? What was it before? What's changed and why?
+Now try again. Take note of the value `RemoteAddr`. What is it now? What was it before? What's changed and why?
+
+Use the following command to view the certificate, replacing the port with the mapped port of the proxy sidecar.
+
+```bash
+nomad alloc exec -task connect-proxy-whoami -job whoami curl -kv https://localhost:23628
+```
 
 *Note*: Traefik Connect integration requires the parameter `connectAware` be set to `true` in the consulCatalog provider section of your Traefik configuration.
 
@@ -147,14 +155,8 @@ vault kv put secret/traefikee/plugin token=$(openssl rand -base64 10)
 # run traefikee nomad job
 nomad job run jobs/traefikee.nomad
 
-# get controller alloc ID
-nomad status traefikee
-
-# update with actual ALLOC_ID value
-export CONTROLLER_ALLOC_ID=$ALLOC_ID
-
 # get proxy join token
-nomad alloc exec -i -t -task controllers $CONTROLLER_ALLOC_ID /traefikee tokens --socket local/cluster.sock
+nomad alloc exec -task controllers -job traefikee /traefikee tokens --socket local/cluster.sock
 # export provided TRAEFIKEE_PROXY_TOKEN
 
 # add proxy token to vault
@@ -204,8 +206,7 @@ curl -kv https://localhost/whoami-tls
 
 ### Halt the VMs
 
-Exit any shell sessions that you made to the virtual machine. Use the `vagrant halt` command to stop the
-running VMs.
+Stop running jobs and exit any shell sessions that you made to the virtual machine. Use the `vagrant halt` command to stop the running VMs.
 
 ```shell-session
 $ vagrant halt
@@ -260,3 +261,4 @@ the Vagrantfile.
 - [Introduction to Consul](https://learn.hashicorp.com/tutorials/consul/get-started?in=consul/getting-started)
 - [Introduction to Vault](https://learn.hashicorp.com/tutorials/vault/getting-started-intro?in=vault/getting-started)
 - [Introduction to Nomad](https://learn.hashicorp.com/tutorials/nomad/get-started-intro?in=nomad/get-started)
+- [Using Traefik on Nomad](https://atodorov.me/2021/03/27/using-traefik-on-nomad/)