resolved merge conflicts

.github/workflows/deploy-genai-appstack.yml

@@ -0,0 +1,86 @@
+name: "Deploy Gen AI on F5 XC Appstack and Managed k8s"
+
+on:
+  push:
+    branches:
+      - deploy-genai-appstack
+  pull_request:
+
+jobs:
+  terraform_xc:
+    name: "Deploy F5XC Appstack and Managed k8s"
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./workflow-guides/smcn/genai-inference-at-the-edge/terraform
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+      - name: Setup Terraform Backend
+        id: backend
+        run: |
+          cat > backend.tf << EOF
+          terraform { 
+            cloud {
+              organization = "${{ secrets.TF_CLOUD_ORGANIZATION }}"
+              workspaces {
+                name = "${{ secrets.TF_CLOUD_WORKSPACE_APPSTACK }}"
+              }
+            }
+          }
+          EOF
+          echo "${{secrets.P12}}" | base64 -d > api.p12
+          #cat api.p12
+
+      - name: Terraform Init
+        id: init
+        run: terraform init
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
+
+      - name: Terraform Plan
+        id: plan
+        if: github.event_name == 'pull_request'
+        run: terraform plan -no-color -input=false
+        continue-on-error: true
+
+      - uses: actions/github-script@v6
+        if: github.event_name == 'pull_request'
+        env:
+          PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const output = `#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+            #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+            #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+            <details><summary>Show Plan</summary>
+            \`\`\`\n
+            ${process.env.PLAN}
+            \`\`\`
+            </details>
+            *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })
+      - name: Terraform Plan Status
+        if: steps.plan.outcome == 'failure'
+        run: exit 1
+
+      - name: Terraform Apply
+        if: github.ref == 'refs/heads/deploy-genai-appstack' && github.event_name == 'push'
+        run: terraform apply -auto-approve -input=false
+        env:
+          TF_VAR_aws_access_key: ${{ secrets.aws_access_key }}
+          TF_VAR_aws_secret_key: ${{ secrets.aws_secret_key }}

.github/workflows/destroy-genai-appstack.yaml

@@ -0,0 +1,85 @@
+name: "Destroy Gen AI on F5 XC Appstack and Managed k8s"
+
+on:
+  push:
+    branches:
+      - destroy-genai-appstack
+  pull_request:
+
+jobs:
+  terraform_xc:
+    name: "Destroy F5XC Appstack and Managed k8s"
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./workflow-guides/smcn/genai-inference-at-the-edge/terraform
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+      - name: Setup Terraform Backend
+        id: backend
+        run: |
+          cat > backend.tf << EOF
+          terraform { 
+            cloud {
+              organization = "${{ secrets.TF_CLOUD_ORGANIZATION }}"
+              workspaces {
+                name = "${{ secrets.TF_CLOUD_WORKSPACE_APPSTACK }}"
+              }
+            }
+          }
+          EOF
+          echo "${{secrets.P12}}" | base64 -d > api.p12
+
+      - name: Terraform Init
+        id: init
+        run: terraform init
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
+
+      - name: Terraform Plan
+        id: plan
+        if: github.event_name == 'pull_request'
+        run: terraform plan -no-color -input=false
+        continue-on-error: true
+
+      - uses: actions/github-script@v6
+        if: github.event_name == 'pull_request'
+        env:
+          PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const output = `#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+            #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+            #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+            <details><summary>Show Plan</summary>
+            \`\`\`\n
+            ${process.env.PLAN}
+            \`\`\`
+            </details>
+            *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })
+      - name: Terraform Plan Status
+        if: steps.plan.outcome == 'failure'
+        run: exit 1
+
+      - name: Terraform Destroy
+        if: github.ref == 'refs/heads/destroy-genai-appstack' && github.event_name == 'push'
+        run: terraform destroy -auto-approve -input=false
+        env:
+          TF_VAR_aws_access_key: ${{ secrets.aws_access_key }}
+          TF_VAR_aws_secret_key: ${{ secrets.aws_secret_key }}

aws/eks-cluster/ce-deployment/variables.tf

@@ -5,7 +5,7 @@ variable "tf_cloud_organization" {
 }
 
 variable "aws_waf_ce" {
-  description = "Infra"
+  description = "Infra workspace name in terraform cloud."
   type        = string
   default     = "aws-infra"
 }

aws/eks-cluster/variables.tf

@@ -90,7 +90,7 @@ variable "aws_secret_key" {
 }
 
 variable "aws_waf_ce" {
-  description = "Infra"
+  description = "Infra workspace name in terraform cloud."
   type        = string
   default     = ""
 }

azure/azure-vm/azure_vm.tf

@@ -73,6 +73,7 @@ resource "azurerm_public_ip" "puip" {
   name                = "waf-public-ip"
   location            = local.azure_region
   resource_group_name = local.resource_group_name
+  sku                 = "Basic"
   allocation_method   = "Dynamic"
 }
 

shared/booksinfo/data.tf

@@ -1,6 +1,10 @@
 data "tfe_outputs" "infra" {
   organization = var.tf_cloud_organization
+<<<<<<< HEAD
   workspace = "aws-infra"
+=======
+  workspace = "${coalesce(var.aws_waf_ce, "infra")}"
+>>>>>>> 7759e1229d807d2da94cb1cc2c18127d452be360
 }
 data "tfe_outputs" "eks" {
   organization = var.tf_cloud_organization
@@ -9,4 +13,4 @@ data "tfe_outputs" "eks" {
 
 data "aws_eks_cluster_auth" "auth" {
   name = data.tfe_outputs.eks.values.cluster_name
-}
+}

shared/booksinfo/variables.tf

@@ -7,4 +7,10 @@ variable "tf_cloud_organization" {
 variable "ssh_key" {
   type        = string
   description = "Only present for warning handling with TF cloud variable set"
-}
+}
+
+variable "aws_waf_ce" {
+  description = "Infra workspace name in terraform cloud."
+  type        = string
+  default     = ""
+}

workflow-guides/smcn/genai-appconnect-waf/README.rst

@@ -5,8 +5,7 @@ Connecting and securing distributed Generative AI applications with F5 XC AppCon
 Overview
 #########
 
-This demo guide provides step-by-step walkthrough for connecting a distributed GenAI application (LLM hosted in AWS EKS and front-end GenAI application hosted in GCP's GKE) with F5's XC AppConnect and securing it with XC WAF, using XC console along with terraform scripts to automate the deployment. For more information on different WAAP deployment modes, refer to the devcentral article: `
-Deploy WAF on any Edge with F5 Distributed Cloud <https://community.f5.com/t5/technical-articles/deploy-waf-anywhere-with-f5-distributed-cloud/ta-p/313079>`__.
+This demo guide provides step-by-step walkthrough for connecting a distributed GenAI application (LLM hosted in AWS EKS and front-end GenAI application hosted in GCP's GKE) with F5's XC AppConnect and securing it with XC WAF, using XC console along with terraform scripts to automate the deployment. For more information on different WAAP deployment modes, refer to the devcentral article: `Deploy WAF on any Edge with F5 Distributed Cloud <https://community.f5.com/t5/technical-articles/deploy-waf-anywhere-with-f5-distributed-cloud/ta-p/313079>`__.
 
 Setup Diagram
 #############
@@ -16,9 +15,13 @@ Setup Diagram
 Workflow Instructions
 ######################
 
-`F5 Distributed Cloud Console Workflow <./xc-console-demo-guide.rst>`__
+`F5 Distributed Cloud Console Workflow without NGINX Ingress Controller <./xc-console-demo-guide.rst>`__
 
-`F5 Distributed Cloud Console Automation Workflow <./automation-workflow.rst>`__
+`F5 Distributed Cloud Console Workflow (hybrid use case with NGINX Ingress Controller) <https://github.com/f5devcentral/f5-hybrid-security-architectures/blob/main/workflow-guides/smcn/hybrid-genai-appconnect-waf/xc-console-demo-guide.rst>`__
+
+`F5 Distributed Cloud Console Automation Workflow without NGINX Ingress Controller <./automation-workflow.rst>`__
+
+`F5 Distributed Cloud Console Automation Workflow (hybrid use case with NGINX Ingress Controller) <https://github.com/f5devcentral/f5-hybrid-security-architectures/blob/main/workflow-guides/smcn/hybrid-genai-appconnect-waf/automation-demo-guide.rst>`__
 
 
 Additional Related Resources

workflow-guides/smcn/genai-appconnect-waf/automation-workflow.rst

@@ -1,6 +1,8 @@
 Getting Started With Terraform Automation of connecting and securing distributed Generative AI applications with F5 XC AppConnect and XC WAF
 ############################################################################################################################################
 
+NOTE: THIS AUTOMATION IS NOT A HYBRID USE CASE AS IT'S NOT DEPLOYING NGINX INGRESS CONTROLLER. IF YOU ARE LOOKING FOR HYBRID USE CASE CHECK THIS `LINK <https://github.com/f5devcentral/f5-hybrid-security-architectures/blob/main/workflow-guides/smcn/hybrid-genai-appconnect-waf/automation-demo-guide.rst>`__
+
 Prerequisites
 --------------
 

workflow-guides/smcn/genai-appconnect-waf/xc-console-demo-guide.rst

@@ -1,6 +1,9 @@
 Manual step by step process to connect and secure distributed Generative AI applications with F5 XC AppConnect and XC WAF
 ============================================================================================================================
 
+NOTE: THIS IS NOT A HYBRID USE CASE AS IT'S NOT DEPLOYING NGINX INGRESS CONTROLLER. IF YOU ARE LOOKING FOR HYBRID USE CASE F5 CONSOLE DEMO GUIDE, CHECK THIS `LINK <https://github.com/f5devcentral/f5-hybrid-security-architectures/blob/main/workflow-guides/smcn/hybrid-genai-appconnect-waf/xc-console-demo-guide.rst>`__
+
+
 Prerequisites
 **************
 - F5 Distributed Cloud Console SaaS account
@@ -24,7 +27,7 @@ To deploy an AppStack mk8s cluster on an AWS CE Site, steps are categorized as m
 5. Using Kubectl, deploy the GenAI front-end application on the GKE cluster
 6. Deploy the Distributed Cloud GCP site Customer Edge workload on the GKE cluster
 7. Publish the LLM service from EKS as a local service in GKE
-8. Advertise externally the GenAI application
+8. Advertise externally the GenAI application without ``NGINX ingress controller``
 9. Test the GenAI application for sensitive information disclosure
 10. Enable DataGuard on the HTTP LoadBalancer
 11. Retest the GenAI application for sensitive information disclosure

workflow-guides/smcn/genai-appconnect-waf/xc-console-demo-hybrid.rst

@@ -1,6 +1,8 @@
 Manual step by step process to connect and secure distributed Generative AI applications with F5 XC AppConnect and XC WAF
 ============================================================================================================================
 
+NOTE: JUST FOR REFERENCE WE HAVE KEPT THIS FILE. THIS IS A HYBRID USE CASE WHICH USES NGINX INGRESS CONTROLLER AND F5 XC. IF YOU ARE LOOKING FOR HYBRID USE CASE AUTOMATION, CHECK THIS `LINK <https://github.com/f5devcentral/f5-hybrid-security-architectures/blob/main/workflow-guides/smcn/hybrid-genai-appconnect-waf/automation-demo-guide.rst>`__
+
 Prerequisites
 **************
 - F5 Distributed Cloud Console SaaS account
@@ -24,7 +26,7 @@ To deploy an AppStack mk8s cluster on an AWS CE Site, steps are categorized as m
 5. Using Kubectl, deploy the GenAI front-end application on the GKE cluster
 6. Deploy the Distributed Cloud GCP site Customer Edge workload on the GKE cluster
 7. Publish the LLM service from EKS as a local service in GKE
-8. Advertise externally the GenAI application
+8. Advertise externally the GenAI application using ``NGINX Ingress Controller``
 9. Test the GenAI application for sensitive information disclosure
 10. Enable DataGuard on the HTTP LoadBalancer
 11. Retest the GenAI application for sensitive information disclosure

workflow-guides/smcn/genai-inference-at-the-edge/README.rst

@@ -5,8 +5,7 @@ Deploying and securing Generative AI applications at the Edge with F5 XC AppStac
 Overview
 #########
 
-This demo guide provides step-by-step walkthrough for deploying GenAI applications at the Edge (customer on-prem, public or private cloud) and securing them with XC WAF, using XC console along with terraform scripts to automate the deployment. For more information on different WAAP deployment modes, refer to the devcentral article: `
-Deploy WAF on any Edge with F5 Distributed Cloud <https://community.f5.com/t5/technical-articles/deploy-waf-anywhere-with-f5-distributed-cloud/ta-p/313079>`__.
+This demo guide provides step-by-step walkthrough for deploying GenAI applications at the Edge (customer on-prem, public or private cloud) and securing them with XC WAF, using XC console along with terraform scripts to automate the deployment. For more information on different WAAP deployment modes, refer to the devcentral article: `Deploy WAF on any Edge with F5 Distributed Cloud <https://community.f5.com/t5/technical-articles/deploy-waf-anywhere-with-f5-distributed-cloud/ta-p/313079>`__.
 
 **Note:** Even though the scenario here focuses on XC WAF, customers can enable any security services in the same setup, such as API Security, Bot Defense, DoS/DDOS and Fraud, as per their needs.
 
@@ -20,7 +19,7 @@ Workflow Instructions
 
 `F5 Distributed Cloud Console Workflow <./xc-console-demo-guide.rst>`__
 
-***Coming soon*** `F5 Distributed Cloud Automation Workflow`
+`F5 Distributed Cloud Automation Workflow <./automation-user-guide.rst>`__
 
 
 Additional Related Resources