Exercises
Exercises¶
1. Inventory in NGINX Instance Manager¶
1.1. Scale Out¶
Connect to NMS here
Check that instances are UP:
Instance Manager>InstancesIn Lens, connect to your vK8S
Edit Deployment of NGINX API GW:
Workloads>Deployments>NameSpace: {{ site_ID }}>nginx-apigwNote the
Instance Groupvalue forspec.template.spec.containers[0].env.name = ENV_CONTROLLER_INSTANCE_GROUPScale Out by modifying the value of
spec.replicasto 2 per Site, thenSave & CloseReview POD creation:
Workloads>PODsIn NMS, check that new instances are well automatically discovered:
Instance Manager>InstancesCheck that new instances are well automatically attached the Instance Group name noted before:
Instance Manager>Instance Group
demo

1.2. Scale In¶
In Lens, Scale In by modifying the value of
spec.replicasto 1 per Site, thenSave & CloseIn NMS, check that new instances are well automatically unregistered after 150 seconds
demo

Capture The Flag
1. What is the value of terminationGracePeriodSeconds?
2. Authentication | oAuth OIDC + PKCE¶
Connect to NMS here
Check that instances are UP:
API Connectivity Manager>Infrastructure>Workspaces>sentence{{ site_ID }}>Environment>sentence{{ site_ID }}-non-prod>API Gateway Cluster>Sentence{{ site_ID }}-non-prod>InstancesCheck that oAuth Policy is configured to return the ID token to the client:
Policies>Manage>OpenID Connect Relying Party>...>Edit policy>Select the token to return to client upon loginConnect to
sentence{{ site_ID }}-non-prod.f5dc.devusing your web browserClick on login button on the top right of the page
Use user credential: producer{{ site_ID }}@acme.com / F5-NGINX-lab!
Click on the + button under the adjective of the sentence
A success should appear
demo

Capture The Flag
2.1. What is the parameter name returned by the API GW after login flow? 2.2. What are the cookie name added by the application? 2.3. What are the cookie names added by the API GW?
3. Authentication | Client / Single Page Application / Mobile App¶
3.1 Create an Application Credential¶
Connect to NMS here
Check that APIKey Authentication is enabled on Colors micro-service:
API Connectivity Manager>Services>Workspaces>sentence{{ site_ID }}>API Proxies>colors-non-prod>...>Edit proxy>Policies>APIKey AuthenticationCheck that there is no APIKey registered:
APIKey Authentication>Policies>CredentialsNote the Developer Portal name where colors’s API is published:
API Proxies>colors-non-prod>Edit proxy>Configuration>Developer Portal>Portal Proxy HostnameCheck that the status of the Developer Portal is UP:
API Connectivity Manager>Infrastructure>Workspaces>sentence{{ site_ID }}>Environment>sentence{{ site_ID }}-non-prod>Developer Portal Clusters>Sentence{{ site_ID }}-non-prod-devportal>InstancesClick on the top link in order to be redirected to
sentence{{ site_ID }}-non-prod-devportal.f5dc.devLogin with user credential
producer{{ site_ID }}@acme.com/F5-NGINX-lab!Click on
App Credentials>Create organization>Create credentialACM is reconfiguring API GW, please wait 30s. Click on
APIsand browse available APIs. After 30s, go back to yourApp Credentialin yourOrganization.Click on the arrow of your
App nameand copy yourAPI Key
3.2. Set your Application Credential in the Single Page Application¶
Connect to
sentence{{ site_ID }}-non-prod.f5dc.devusing your web browserClick on login button on the top right of the page
Use user credential:
consumer{{ site_ID }}@acme.com / F5-NGINX-lab!Open Dev Tools in your browser or press
CTRL + SHIFT + ithen open the sheetnetworkClick on the + button under the colors of the sentence
Create a new color name
You will receive a
403HTTP code
On Dev Tools, open the sheet
SourcesIn
script.jsline 245, replacemyApiKeywith your API Key then SAVE (CTRL + s)Open the sheet
networkTest to create a new color
You will receive a
200HTTP code

Capture The Flag
3. What is the name of the API token header in the request?