Merge branch 'f5devcentral:main' into main

workflow-guides/smcn/genai-appconnect-waf/README.rst

@@ -5,8 +5,7 @@ Connecting and securing distributed Generative AI applications with F5 XC AppCon
 Overview
 #########
 
-This demo guide provides step-by-step walkthrough for connecting a distributed GenAI application (LLM hosted in AWS EKS and front-end GenAI application hosted in GCP's GKE) with F5's XC AppConnect and securing it with XC WAF, using XC console along with terraform scripts to automate the deployment. For more information on different WAAP deployment modes, refer to the devcentral article: `
-Deploy WAF on any Edge with F5 Distributed Cloud <https://community.f5.com/t5/technical-articles/deploy-waf-anywhere-with-f5-distributed-cloud/ta-p/313079>`__.
+This demo guide provides step-by-step walkthrough for connecting a distributed GenAI application (LLM hosted in AWS EKS and front-end GenAI application hosted in GCP's GKE) with F5's XC AppConnect and securing it with XC WAF, using XC console along with terraform scripts to automate the deployment. For more information on different WAAP deployment modes, refer to the devcentral article: `Deploy WAF on any Edge with F5 Distributed Cloud <https://community.f5.com/t5/technical-articles/deploy-waf-anywhere-with-f5-distributed-cloud/ta-p/313079>`__.
 
 Setup Diagram
 #############
@@ -16,9 +15,13 @@ Setup Diagram
 Workflow Instructions
 ######################
 
-`F5 Distributed Cloud Console Workflow <./xc-console-demo-guide.rst>`__
+`F5 Distributed Cloud Console Workflow without NGINX Ingress Controller <./xc-console-demo-guide.rst>`__
 
-`F5 Distributed Cloud Console Automation Workflow <./automation-workflow.rst>`__
+`F5 Distributed Cloud Console Workflow (hybrid use case with NGINX Ingress Controller) <https://github.com/f5devcentral/f5-hybrid-security-architectures/blob/main/workflow-guides/smcn/hybrid-genai-appconnect-waf/xc-console-demo-guide.rst>`__
+
+`F5 Distributed Cloud Console Automation Workflow without NGINX Ingress Controller <./automation-workflow.rst>`__
+
+`F5 Distributed Cloud Console Automation Workflow (hybrid use case with NGINX Ingress Controller) <https://github.com/f5devcentral/f5-hybrid-security-architectures/blob/main/workflow-guides/smcn/hybrid-genai-appconnect-waf/automation-demo-guide.rst>`__
 
 
 Additional Related Resources

workflow-guides/smcn/genai-appconnect-waf/automation-workflow.rst

@@ -1,6 +1,8 @@
 Getting Started With Terraform Automation of connecting and securing distributed Generative AI applications with F5 XC AppConnect and XC WAF
 ############################################################################################################################################
 
+NOTE: THIS AUTOMATION IS NOT A HYBRID USE CASE AS IT'S NOT DEPLOYING NGINX INGRESS CONTROLLER. IF YOU ARE LOOKING FOR HYBRID USE CASE CHECK THIS `LINK <https://github.com/f5devcentral/f5-hybrid-security-architectures/blob/main/workflow-guides/smcn/hybrid-genai-appconnect-waf/automation-demo-guide.rst>`__
+
 Prerequisites
 --------------
 

workflow-guides/smcn/genai-appconnect-waf/xc-console-demo-guide.rst

@@ -1,6 +1,9 @@
 Manual step by step process to connect and secure distributed Generative AI applications with F5 XC AppConnect and XC WAF
 ============================================================================================================================
 
+NOTE: THIS IS NOT A HYBRID USE CASE AS IT'S NOT DEPLOYING NGINX INGRESS CONTROLLER. IF YOU ARE LOOKING FOR HYBRID USE CASE F5 CONSOLE DEMO GUIDE, CHECK THIS `LINK <https://github.com/f5devcentral/f5-hybrid-security-architectures/blob/main/workflow-guides/smcn/hybrid-genai-appconnect-waf/xc-console-demo-guide.rst>`__
+
+
 Prerequisites
 **************
 - F5 Distributed Cloud Console SaaS account
@@ -24,7 +27,7 @@ To deploy an AppStack mk8s cluster on an AWS CE Site, steps are categorized as m
 5. Using Kubectl, deploy the GenAI front-end application on the GKE cluster
 6. Deploy the Distributed Cloud GCP site Customer Edge workload on the GKE cluster
 7. Publish the LLM service from EKS as a local service in GKE
-8. Advertise externally the GenAI application
+8. Advertise externally the GenAI application without ``NGINX ingress controller``
 9. Test the GenAI application for sensitive information disclosure
 10. Enable DataGuard on the HTTP LoadBalancer
 11. Retest the GenAI application for sensitive information disclosure

workflow-guides/smcn/genai-appconnect-waf/xc-console-demo-hybrid.rst

@@ -1,6 +1,8 @@
 Manual step by step process to connect and secure distributed Generative AI applications with F5 XC AppConnect and XC WAF
 ============================================================================================================================
 
+NOTE: JUST FOR REFERENCE WE HAVE KEPT THIS FILE. THIS IS A HYBRID USE CASE WHICH USES NGINX INGRESS CONTROLLER AND F5 XC. IF YOU ARE LOOKING FOR HYBRID USE CASE AUTOMATION, CHECK THIS `LINK <https://github.com/f5devcentral/f5-hybrid-security-architectures/blob/main/workflow-guides/smcn/hybrid-genai-appconnect-waf/automation-demo-guide.rst>`__
+
 Prerequisites
 **************
 - F5 Distributed Cloud Console SaaS account
@@ -24,7 +26,7 @@ To deploy an AppStack mk8s cluster on an AWS CE Site, steps are categorized as m
 5. Using Kubectl, deploy the GenAI front-end application on the GKE cluster
 6. Deploy the Distributed Cloud GCP site Customer Edge workload on the GKE cluster
 7. Publish the LLM service from EKS as a local service in GKE
-8. Advertise externally the GenAI application
+8. Advertise externally the GenAI application using ``NGINX Ingress Controller``
 9. Test the GenAI application for sensitive information disclosure
 10. Enable DataGuard on the HTTP LoadBalancer
 11. Retest the GenAI application for sensitive information disclosure

workflow-guides/smcn/genai-inference-at-the-edge/README.rst

@@ -5,8 +5,7 @@ Deploying and securing Generative AI applications at the Edge with F5 XC AppStac
 Overview
 #########
 
-This demo guide provides step-by-step walkthrough for deploying GenAI applications at the Edge (customer on-prem, public or private cloud) and securing them with XC WAF, using XC console along with terraform scripts to automate the deployment. For more information on different WAAP deployment modes, refer to the devcentral article: `
-Deploy WAF on any Edge with F5 Distributed Cloud <https://community.f5.com/t5/technical-articles/deploy-waf-anywhere-with-f5-distributed-cloud/ta-p/313079>`__.
+This demo guide provides step-by-step walkthrough for deploying GenAI applications at the Edge (customer on-prem, public or private cloud) and securing them with XC WAF, using XC console along with terraform scripts to automate the deployment. For more information on different WAAP deployment modes, refer to the devcentral article: `Deploy WAF on any Edge with F5 Distributed Cloud <https://community.f5.com/t5/technical-articles/deploy-waf-anywhere-with-f5-distributed-cloud/ta-p/313079>`__.
 
 **Note:** Even though the scenario here focuses on XC WAF, customers can enable any security services in the same setup, such as API Security, Bot Defense, DoS/DDOS and Fraud, as per their needs.
 

workflow-guides/smcn/genai-inference-at-the-edge/automation-user-guide.rst

@@ -120,19 +120,23 @@ Check the rest of the values in variables.tf and update if need any changes.
 
 **STEP 6:** To validate the test infra, follow below steps
        a. Navigate to ``Select the Distributed Apps`` Service, next select ``system`` workspace and in overview section download global kubeconfig file
-       b. You can use this config file to connect to managed k8s and deploy your application using your app related yaml files (for demo we have kept 2 manifest files in this folder)
+       b. You can use this config file to connect to managed k8s and deploy your application using your app related yaml files. ``(NOTE: for demo we have kept 2 manifest files in this folder which you can download and run kubectl apply -f <file-name> just like shown below)``
 
         .. image:: assets/app-deploy.JPG
 
        c. Once deployed make sure all pods/services are running and online (Please note GenAI app pods deployment will take around 20 mins)
 
         .. image:: assets/pods-online.JPG
 
-       d. Open the load balancer domain in a browser and validate your AI application works as expected (Please check manual guide for this app verification). NOTE: Sometimes if app is not accessible, navigate to ``Multi Cloud App Connect`` menu and then to your GenAI origin pool configurations. Under k8s service, change network type to other and save it. Once again check the app accessibility (this is a issue with k8s service discovery timing which is being tracked and under prioritisation).
+       d. Open the F5 XC load balancer domain in a browser along with a valid URL and validate your AI application works as expected. Make sure response is returned and status code is 200 OK (If you have used demo app manifest files from this folder, you can check validation steps in this `manual guide <./xc-console-demo-guide.rst#deployment-verification>`__ for testing app functionality). 
 
         .. image:: assets/postman.JPG
 
+       e. ``If app is not accessible, as shown in below image navigate to Multi Cloud App Connect menu and then to Manage section, next from loadbalancers drop-down select origin pools and open your GenAI origin pool configurations in edit mode. Under k8s service, change network type to outside and apply the configuration. Once again open postman and rerun above step to check the app accessibility (Ideally app should be deployed first and then origin pool but here in this automation since we created origin pool before app deployment, there is a bug with k8s service discovery timing which is being tracked and under prioritisation).``
 
-**Note:** If you want to destroy the entire setup, checkout a branch with name ``destroy-genai-appstack`` and push the repo code to it which will trigger destroy workflow and will remove all created resources.
+        .. image:: assets/op-edit.jpg
+
+
+       f. Once deployment and validations are complete, if you want to destroy the entire setup, checkout a branch with name ``destroy-genai-appstack`` and push the repo code to it which will trigger destroy workflow and will remove all created resources.
 
 .. image:: assets/destroy_pipeline.JPG

workflow-guides/smcn/genai-inference-at-the-edge/xc-console-demo-guide.rst

@@ -15,7 +15,7 @@ Deployment Steps
 To deploy an AppStack mk8s cluster on an AWS CE Site, steps are categorized as mentioned below.
 
 1. Create mk8s cluster
-2. Create AWS VPC Site and attach the mk8s cluster
+2. Create AWS Appstack VPC Site and attach the mk8s cluster
 3. Deploy the App to mk8s cluster
 4. Configure Origin Pool and HTTPS LB 
 
@@ -101,9 +101,11 @@ To verify the deployment we shall follow the below steps to make sure users can
 .. figure:: assets/langserve-api.png
 Fig: LangServe API
 
-1. Open the Postman/curl
-2. Enter the domain name of the HTTPS Load Balancer in the URL field. Next add your endpoint to the domain name. For ex ``/ask-a-doc/stream``
-3. Generate a POST request to your application by providing valid body as below and validate response is returned
+
+Validation Steps:
+       1. Open the Postman/curl
+       2. Enter the domain name of the HTTPS Load Balancer in the URL field. Next add your endpoint to the domain name. For ex ``/ask-a-doc/stream``
+       3. Generate a POST request to your application by providing valid body as below and validate response is returned
 
 .. figure:: assets/curl.JPG
 .. figure:: assets/postman.JPG