diff --git a/slides/containers/Container_Network_Model.md b/slides/containers/Container_Network_Model.md
index fd77c3bd..87cf044f 100644
--- a/slides/containers/Container_Network_Model.md
+++ b/slides/containers/Container_Network_Model.md
@@ -474,7 +474,7 @@ When creating a network, extra options can be provided.
* `--ip-range` (in CIDR notation) indicates the subnet to allocate from.
-* `--aux-address` allows to specify a list of reserved addresses (which won't be allocated to containers).
+* `--aux-address` allows specifying a list of reserved addresses (which won't be allocated to containers).
---
@@ -556,7 +556,7 @@ General idea:
* So far, we have specified which network to use when starting the container.
-* The Docker Engine also allows to connect and disconnect while the container runs.
+* The Docker Engine also allows connecting and disconnecting while the container is running.
* This feature is exposed through the Docker API, and through two Docker CLI commands:
diff --git a/slides/containers/Namespaces_Cgroups.md b/slides/containers/Namespaces_Cgroups.md
index 46d1ac06..09b90561 100644
--- a/slides/containers/Namespaces_Cgroups.md
+++ b/slides/containers/Namespaces_Cgroups.md
@@ -86,13 +86,13 @@ class: extra-details, deep-dive
- the `unshare()` system call.
-- The Linux tool `unshare` allows to do that from a shell.
+- The Linux tool `unshare` allows doing that from a shell.
- A new process can re-use none / all / some of the namespaces of its parent.
- It is possible to "enter" a namespace with the `setns()` system call.
-- The Linux tool `nsenter` allows to do that from a shell.
+- The Linux tool `nsenter` allows doing that from a shell.
---
@@ -138,11 +138,11 @@ class: extra-details, deep-dive
- gethostname / sethostname
-- Allows to set a custom hostname for a container.
+- Allows setting a custom hostname for a container.
- That's (mostly) it!
-- Also allows to set the NIS domain.
+- Also allows setting the NIS domain.
(If you don't know what a NIS domain is, you don't have to worry about it!)
@@ -392,13 +392,13 @@ class: extra-details
- Processes can have their own root fs (à la chroot).
-- Processes can also have "private" mounts. This allows to:
+- Processes can also have "private" mounts. This allows:
- - isolate `/tmp` (per user, per service...)
+ - isolating `/tmp` (per user, per service...)
- - mask `/proc`, `/sys` (for processes that don't need them)
+ - masking `/proc`, `/sys` (for processes that don't need them)
- - mount remote filesystems or sensitive data,
+ - mounting remote filesystems or sensitive data,
but make it visible only for allowed processes
- Mounts can be totally private, or shared.
@@ -570,7 +570,7 @@ Check `man 2 unshare` and `man pid_namespaces` if you want more details.
## User namespace
-- Allows to map UID/GID; e.g.:
+- Allows mapping UID/GID; e.g.:
- UID 0→1999 in container C1 is mapped to UID 10000→11999 on host
- UID 0→1999 in container C2 is mapped to UID 12000→13999 on host
@@ -947,7 +947,7 @@ Killed
(i.e., "this group of process used X seconds of CPU0 and Y seconds of CPU1".)
-- Allows to set relative weights used by the scheduler.
+- Allows setting relative weights used by the scheduler.
---
@@ -1101,9 +1101,9 @@ See `man capabilities` for the full list and details.
- Original seccomp only allows `read()`, `write()`, `exit()`, `sigreturn()`.
-- The seccomp-bpf extension allows to specify custom filters with BPF rules.
+- The seccomp-bpf extension allows specifying custom filters with BPF rules.
-- This allows to filter by syscall, and by parameter.
+- This allows filtering by syscall, and by parameter.
- BPF code can perform arbitrarily complex checks, quickly, and safely.
diff --git a/slides/containers/Resource_Limits.md b/slides/containers/Resource_Limits.md
index c74d2ebe..bb04e9de 100644
--- a/slides/containers/Resource_Limits.md
+++ b/slides/containers/Resource_Limits.md
@@ -72,7 +72,7 @@
- For memory usage, the mechanism is part of the *cgroup* subsystem.
-- This subsystem allows to limit the memory for a process or a group of processes.
+- This subsystem allows limiting the memory for a process or a group of processes.
- A container engine leverages these mechanisms to limit memory for a container.
diff --git a/slides/k8s/architecture.md b/slides/k8s/architecture.md
index 7f941920..da78c3eb 100644
--- a/slides/k8s/architecture.md
+++ b/slides/k8s/architecture.md
@@ -356,9 +356,9 @@ We demonstrated *update* and *watch* semantics.
- we create a Deployment object
- - the Deployment controller notices it, creates a ReplicaSet
+ - the Deployment controller notices it, and creates a ReplicaSet
- - the ReplicaSet controller notices it, creates a Pod
+ - the ReplicaSet controller notices the ReplicaSet, and creates a Pod
---
diff --git a/slides/k8s/cni.md b/slides/k8s/cni.md
index 306c4302..ff5d4557 100644
--- a/slides/k8s/cni.md
+++ b/slides/k8s/cni.md
@@ -26,7 +26,7 @@
The reference plugins are available [here].
-Look into each plugin's directory for its documentation.
+Look in each plugin's directory for its documentation.
[here]: https://github.com/containernetworking/plugins/tree/master/plugins
@@ -98,7 +98,7 @@ class: extra-details
- CNI_NETNS: path to network namespace file
- - CNI_IFNAME: how the network interface should be named
+ - CNI_IFNAME: what the network interface should be named
- The network configuration must be provided to the plugin on stdin
@@ -193,7 +193,7 @@ class: extra-details
- This DaemonSet will start one instance of kube-router on each node
---
-
+
## Logging into the new cluster
.exercise[
@@ -221,7 +221,7 @@ class: extra-details
- It is similar to the one we used with the `kubenet` cluster
- The API server is started with `--allow-privileged`
-
+
(because we will start kube-router in privileged pods)
- The controller manager is started with extra flags too:
@@ -254,7 +254,7 @@ class: extra-details
---
-## The kube-router DaemonSet
+## The kube-router DaemonSet
- In the same directory, there is a `kuberouter.yaml` file
@@ -599,13 +599,13 @@ done
## Updating kube-router configuration
-- We need to add two command-line flags to the kube-router process
+- We need to pass two command-line flags to the kube-router process
.exercise[
- Edit the `kuberouter.yaml` file
-- Add the following flags to the kube-router arguments,:
+- Add the following flags to the kube-router arguments:
```
- "--peer-router-ips=`X.X.X.X`"
- "--peer-router-asns=64512"
diff --git a/slides/k8s/concepts-k8s.md b/slides/k8s/concepts-k8s.md
index 32e241bb..0e27a464 100644
--- a/slides/k8s/concepts-k8s.md
+++ b/slides/k8s/concepts-k8s.md
@@ -177,7 +177,7 @@ class: extra-details
- In that case, there is no "master node"
-*For this reason, it is more accurate to say "control plane" rather than "master".*
+*For this reason, it is more accurate to say "control plane" rather than "master."*
---
diff --git a/slides/k8s/configuration.md b/slides/k8s/configuration.md
index d1e57a6a..47b23ca7 100644
--- a/slides/k8s/configuration.md
+++ b/slides/k8s/configuration.md
@@ -22,7 +22,7 @@
- There are many ways to pass configuration to code running in a container:
- - baking it in a custom image
+ - baking it into a custom image
- command-line arguments
@@ -125,7 +125,7 @@
- We can also use a mechanism called the *downward API*
-- The downward API allows to expose pod or container information
+- The downward API allows exposing pod or container information
- either through special files (we won't show that for now)
@@ -436,7 +436,7 @@ We should see connections served by Google, and others served by IBM.
- We are going to store the port number in a configmap
-- Then we will expose that configmap to a container environment variable
+- Then we will expose that configmap as a container environment variable
---
diff --git a/slides/k8s/dmuc.md b/slides/k8s/dmuc.md
index a00d940c..d70972aa 100644
--- a/slides/k8s/dmuc.md
+++ b/slides/k8s/dmuc.md
@@ -584,7 +584,7 @@ Our pod is still `Pending`. 🤔
Which is normal: it needs to be *scheduled*.
-(i.e., something needs to decide on which node it should go.)
+(i.e., something needs to decide which node it should go on.)
---
@@ -658,7 +658,7 @@ class: extra-details
- This is actually how the scheduler works!
-- It watches pods, takes scheduling decisions, creates Binding objects
+- It watches pods, makes scheduling decisions, and creates Binding objects
---
@@ -686,7 +686,7 @@ We should see the `Welcome to nginx!` page.
## Exposing our Deployment
-- We can now create a Service associated to this Deployment
+- We can now create a Service associated with this Deployment
.exercise[
@@ -711,11 +711,11 @@ This won't work. We need kube-proxy to enable internal communication.
## Starting kube-proxy
-- kube-proxy also needs to connect to API server
+- kube-proxy also needs to connect to the API server
- It can work with the `--master` flag
- (even though that will be deprecated in the future)
+ (although that will be deprecated in the future)
.exercise[
@@ -832,6 +832,6 @@ class: extra-details
- By default, the API server expects to be running directly on the nodes
- (it could be as a bare process, or in a container/pod using host network)
+ (it could be as a bare process, or in a container/pod using the host network)
- ... And it expects to be listening on port 6443 with TLS
diff --git a/slides/k8s/healthchecks.md b/slides/k8s/healthchecks.md
index 2563da68..a72fedbf 100644
--- a/slides/k8s/healthchecks.md
+++ b/slides/k8s/healthchecks.md
@@ -108,7 +108,7 @@
(as opposed to merely started)
-- Containers in a broken state gets killed and restarted
+- Containers in a broken state get killed and restarted
(instead of serving errors or timeouts)
diff --git a/slides/k8s/helm.md b/slides/k8s/helm.md
index 004abb58..5c895daa 100644
--- a/slides/k8s/helm.md
+++ b/slides/k8s/helm.md
@@ -158,7 +158,7 @@ Where do these `--set` options come from?
]
-The chart's metadata includes an URL to the project's home page.
+The chart's metadata includes a URL to the project's home page.
(Sometimes it conveniently points to the documentation for the chart.)
diff --git a/slides/k8s/horizontal-pod-autoscaler.md b/slides/k8s/horizontal-pod-autoscaler.md
index 38e363f6..6e660900 100644
--- a/slides/k8s/horizontal-pod-autoscaler.md
+++ b/slides/k8s/horizontal-pod-autoscaler.md
@@ -34,7 +34,7 @@
`TargetNumOfPods = ceil(sum(CurrentPodsCPUUtilization) / Target)`
-- It scales up/down the related object to this target number of pods
+- It scales the related object up/down to this target number of pods
---
diff --git a/slides/k8s/ingress.md b/slides/k8s/ingress.md
index 3188de96..9ccfdd8c 100644
--- a/slides/k8s/ingress.md
+++ b/slides/k8s/ingress.md
@@ -88,7 +88,7 @@
- the control loop watches over ingress resources, and configures the LB accordingly
-- Step 2: setup DNS
+- Step 2: set up DNS
- associate DNS entries with the load balancer address
@@ -126,7 +126,7 @@
- We could use pods specifying `hostPort: 80`
- ... but with most CNI plugins, this [doesn't work or require additional setup](https://github.com/kubernetes/kubernetes/issues/23920)
+ ... but with most CNI plugins, this [doesn't work or requires additional setup](https://github.com/kubernetes/kubernetes/issues/23920)
- We could use a `NodePort` service
@@ -142,7 +142,7 @@
(sometimes called sandbox or network sandbox)
-- An IP address is associated to the pod
+- An IP address is assigned to the pod
- This IP address is routed/connected to the cluster network
@@ -239,7 +239,7 @@ class: extra-details
- an error condition on the node
- (for instance: "disk full", do not start new pods here!)
+ (for instance: "disk full," do not start new pods here!)
- The `effect` can be:
@@ -501,11 +501,11 @@ spec:
(as long as it has access to the cluster subnet)
-- This allows to use external (hardware, physical machines...) load balancers
+- This allows the use of external (hardware, physical machines...) load balancers
- Annotations can encode special features
- (rate-limiting, A/B testing, session stickiness, etc.)
+ (rate-limiting, A/B testing, session stickiness, etc.)
---
diff --git a/slides/k8s/kubectlget.md b/slides/k8s/kubectlget.md
index 66a1fac1..44566b26 100644
--- a/slides/k8s/kubectlget.md
+++ b/slides/k8s/kubectlget.md
@@ -132,7 +132,7 @@ class: extra-details
- short (e.g. `no`, `svc`, `deploy`)
-- Some resources do not have a short names
+- Some resources do not have a short name
- `Endpoints` only have a plural form
@@ -466,4 +466,4 @@ class: extra-details
- For more details, see [KEP-0009] or the [node controller documentation]
[KEP-0009]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/0009-node-heartbeat.md
-[node controller documentation]: https://kubernetes.io/docs/concepts/architecture/nodes/#node-controller
\ No newline at end of file
+[node controller documentation]: https://kubernetes.io/docs/concepts/architecture/nodes/#node-controller
diff --git a/slides/k8s/kubectlproxy.md b/slides/k8s/kubectlproxy.md
index 749f8c0e..fa7f7505 100644
--- a/slides/k8s/kubectlproxy.md
+++ b/slides/k8s/kubectlproxy.md
@@ -77,9 +77,9 @@ If we wanted to talk to the API, we would need to:
- This is a great tool to learn and experiment with the Kubernetes API
-- ... And for serious usages as well (suitable for one-shot scripts)
+- ... And for serious uses as well (suitable for one-shot scripts)
-- For unattended use, it is better to create a [service account](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/)
+- For unattended use, it's better to create a [service account](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/)
---
diff --git a/slides/k8s/kubenet.md b/slides/k8s/kubenet.md
index 0bb7c624..bc470475 100644
--- a/slides/k8s/kubenet.md
+++ b/slides/k8s/kubenet.md
@@ -54,7 +54,7 @@
(15 are listed in the Kubernetes documentation)
-- Pods have level 3 (IP) connectivity, but *services* are level 4
+- Pods have level 3 (IP) connectivity, but *services* are level 4 (TCP or UDP)
(Services map to a single UDP or TCP port; no port ranges or arbitrary IP packets)
diff --git a/slides/k8s/kustomize.md b/slides/k8s/kustomize.md
index 60641b4a..664f82f3 100644
--- a/slides/k8s/kustomize.md
+++ b/slides/k8s/kustomize.md
@@ -70,7 +70,7 @@
- We need to run `ship init` in a new directory
-- `ship init` requires an URL to a remote repository containing Kubernetes YAML
+- `ship init` requires a URL to a remote repository containing Kubernetes YAML
- It will clone that repository and start a web UI
diff --git a/slides/k8s/localkubeconfig.md b/slides/k8s/localkubeconfig.md
index e95977dc..ff3c84b0 100644
--- a/slides/k8s/localkubeconfig.md
+++ b/slides/k8s/localkubeconfig.md
@@ -75,9 +75,9 @@ Platform:"linux/amd64"}
---
-## Moving away the existing `~/.kube/config`
+## Preserving the existing `~/.kube/config`
-- If you already have a `~/.kube/config` file, move it away
+- If you already have a `~/.kube/config` file, rename it
(we are going to overwrite it in the following slides!)
@@ -192,4 +192,4 @@ class: extra-details
]
-We can now utilize the cluster exactly as we did before, ignoring that it's remote.
+We can now utilize the cluster exactly as we did before, except that it's remote.
diff --git a/slides/k8s/namespaces.md b/slides/k8s/namespaces.md
index 13500990..51bbf774 100644
--- a/slides/k8s/namespaces.md
+++ b/slides/k8s/namespaces.md
@@ -26,7 +26,7 @@
- We cannot have two resources *of the same kind* with the same name
- (but it's OK to have a `rng` service, a `rng` deployment, and a `rng` daemon set)
+ (but it's OK to have an `rng` service, an `rng` deployment, and an `rng` daemon set)
--
diff --git a/slides/k8s/prometheus.md b/slides/k8s/prometheus.md
index b78b1884..68ef6ca1 100644
--- a/slides/k8s/prometheus.md
+++ b/slides/k8s/prometheus.md
@@ -340,7 +340,7 @@ container_cpu_usage_seconds_total
- that it's the total used since the container creation
-- Since it's a "total", it is an increasing quantity
+- Since it's a "total," it is an increasing quantity
(we need to compute the derivative if we want e.g. CPU % over time)
@@ -495,7 +495,7 @@ class: extra-details
## Querying labels
-- What if we want to get metrics for containers belong to pod tagged `worker`?
+- What if we want to get metrics for containers belonging to a pod tagged `worker`?
- The cAdvisor exporter does not give us Kubernetes labels
diff --git a/slides/k8s/resource-limits.md b/slides/k8s/resource-limits.md
index e641fe78..047f29af 100644
--- a/slides/k8s/resource-limits.md
+++ b/slides/k8s/resource-limits.md
@@ -392,7 +392,7 @@ These quotas will apply to the namespace where the ResourceQuota is created.
count/roles.rbac.authorization.k8s.io: 10
```
-(The `count/` syntax allows to limit arbitrary objects, including CRDs.)
+(The `count/` syntax allows limiting arbitrary objects, including CRDs.)
---
diff --git a/slides/k8s/rollout.md b/slides/k8s/rollout.md
index 31331985..958ad5e2 100644
--- a/slides/k8s/rollout.md
+++ b/slides/k8s/rollout.md
@@ -5,9 +5,9 @@
- new pods are created
- old pods are terminated
-
+
- ... all at the same time
-
+
- if something goes wrong, ¯\\\_(ツ)\_/¯
---
@@ -212,7 +212,7 @@ class: extra-details
## Checking the dashboard during the bad rollout
-If you haven't deployed the Kubernetes dashboard earlier, just skip this slide.
+If you didn't deploy the Kubernetes dashboard earlier, just skip this slide.
.exercise[
@@ -255,7 +255,7 @@ Note the `3xxxx` port.
```
-->
-- Cancel the deployment and wait for the dust to settle down:
+- Cancel the deployment and wait for the dust to settle:
```bash
kubectl rollout undo deploy worker
kubectl rollout status deploy worker
diff --git a/slides/k8s/volumes.md b/slides/k8s/volumes.md
index dc7c355a..58b6849a 100644
--- a/slides/k8s/volumes.md
+++ b/slides/k8s/volumes.md
@@ -28,11 +28,11 @@ class: extra-details
but it refers to Docker 1.7, which was released in 2015!)
-- Docker volumes allow to share data between containers running on the same host
+- Docker volumes allow us to share data between containers running on the same host
- Kubernetes volumes allow us to share data between containers in the same pod
-- Both Docker and Kubernetes volumes allow us access to storage systems
+- Both Docker and Kubernetes volumes enable access to storage systems
- Kubernetes volumes are also used to expose configuration and secrets
@@ -60,7 +60,7 @@ class: extra-details
- correspond to concrete volumes (e.g. on a SAN, EBS, etc.)
- - cannot be associated to a Pod directly; but through a Persistent Volume Claim
+ - cannot be associated with a Pod directly; but through a Persistent Volume Claim
- won't be discussed further in this section
diff --git a/slides/shared/connecting.md b/slides/shared/connecting.md
index 11f9568a..2e83d996 100644
--- a/slides/shared/connecting.md
+++ b/slides/shared/connecting.md
@@ -84,14 +84,14 @@ You will need a Docker ID to use Play-With-Docker.
- Unless instructed, **all commands must be run from the first VM, `node1`**
-- We will only checkout/copy the code on `node1`
+- We will only check out/copy the code on `node1`
- During normal operations, we do not need access to the other nodes
- If we had to troubleshoot issues, we would use a combination of:
- SSH (to access system logs, daemon status...)
-
+
- Docker API (to check running containers and container engine status)
---
diff --git a/slides/shared/prereqs.md b/slides/shared/prereqs.md
index 52684b34..9daca01a 100644
--- a/slides/shared/prereqs.md
+++ b/slides/shared/prereqs.md
@@ -90,7 +90,7 @@ class: in-person
## Why don't we run containers locally?
-- Installing that stuff can be hard on some machines
+- Installing this stuff can be hard on some machines
(32 bits CPU or OS... Laptops without administrator access... etc.)
diff --git a/slides/shared/sampleapp.md b/slides/shared/sampleapp.md
index cd9db553..8b001b4c 100644
--- a/slides/shared/sampleapp.md
+++ b/slides/shared/sampleapp.md
@@ -134,7 +134,7 @@ How does each service find out the address of the other ones?
- We do not hard-code IP addresses in the code
-- We do not hard-code FQDN in the code, either
+- We do not hard-code FQDNs in the code, either
- We just connect to a service name, and container-magic does the rest
@@ -173,7 +173,7 @@ class: extra-details
- Compose file version 2+ makes each container reachable through its service name
-- Compose file version 1 did require "links" sections
+- Compose file version 1 required "links" sections to accomplish this
- Network aliases are automatically namespaced