🔥 Prepare Reblaze August content

Ingress v1beta1 is no longer served in Kubernetes 1.22, so we need
a version of Traefik that uses Ingress v1. Traefik supports Ingress
v1 in Traefik v2.5 and above. Right now (August 2021) the traefik
image is v2.4, so let's pin the image version to v2.5 (which is
currently in rc) so that the Ingress labs work correctly with
Kubernetes 1.22.

k8s/coffee-1.yaml

@@ -1,3 +1,6 @@
+# Note: apiextensions.k8s.io/v1beta1 is deprecated, and won't be served
+# in Kubernetes 1.22 and later versions. This YAML manifest is here just
+# for reference, but it's not intended to be used in modern trainings.
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:

k8s/coffee-2.yaml

@@ -8,6 +8,9 @@ spec:
   - name: v1alpha1
     served: true
     storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
   scope: Namespaced
   names:
     plural: coffees

k8s/traefik-v2.yaml

@@ -29,7 +29,7 @@ spec:
       serviceAccountName: traefik-ingress-controller
       terminationGracePeriodSeconds: 60
       containers:
-      - image: traefik
+      - image: traefik:v2.5
         name: traefik-ingress-lb
         ports:
         - name: http

prepare-vms/infra/example.openstack-tf

@@ -8,3 +8,4 @@ export TF_VAR_domain="Default"
 export TF_VAR_password="..."
 export TF_VAR_auth_url="https://api.r1.nxs.enix.io/v3"
 export TF_VAR_flavor="GP1.S"
+export TF_VAR_image="Ubuntu 18.04"

prepare-vms/lib/commands.sh

@@ -205,7 +205,7 @@ _cmd_kube() {
     KUBEVERSION=$2
     if [ "$KUBEVERSION" ]; then
         EXTRA_APTGET="=$KUBEVERSION-00"
-        EXTRA_KUBEADM="--kubernetes-version=v$KUBEVERSION"
+        EXTRA_KUBEADM="kubernetesVersion: v$KUBEVERSION"
     else
         EXTRA_APTGET=""
         EXTRA_KUBEADM=""
@@ -235,7 +235,24 @@ _cmd_kube() {
     pssh --timeout 200 "
     if i_am_first_node && [ ! -f /etc/kubernetes/admin.conf ]; then
         kubeadm token generate > /tmp/token &&
-	sudo kubeadm init $EXTRA_KUBEADM --token \$(cat /tmp/token) --apiserver-cert-extra-sans \$(cat /tmp/ipv4) --ignore-preflight-errors=NumCPU
+        cat >/tmp/kubeadm-config.yaml <<EOF
+kind: InitConfiguration
+apiVersion: kubeadm.k8s.io/v1beta2
+bootstrapTokens:
+- token: \$(cat /tmp/token)
+---
+kind: KubeletConfiguration
+apiVersion: kubelet.config.k8s.io/v1beta1
+cgroupDriver: cgroupfs
+---
+kind: ClusterConfiguration
+apiVersion: kubeadm.k8s.io/v1beta2
+apiServer:
+  certSANs:
+  - \$(cat /tmp/ipv4)
+$EXTRA_KUBEADM
+EOF
+	sudo kubeadm init --config=/tmp/kubeadm-config.yaml --ignore-preflight-errors=NumCPU
     fi"
 
     # Put kubeconfig in ubuntu's and docker's accounts
@@ -728,15 +745,15 @@ _cmd_tmux() {
     ssh $SSHOPTS -t -L /tmp/tmux-$UID/default:/tmp/tmux-1001/default docker@$IP tmux new-session -As 0
 }
 
-_cmd helmprom "Install Helm and Prometheus"
+_cmd helmprom "Install Prometheus with Helm"
 _cmd_helmprom() {
     TAG=$1
     need_tag
     pssh "
     if i_am_first_node; then
-        sudo -u docker -H helm repo add prometheus-community https://prometheus-community.github.io/helm-charts/
-        sudo -u docker -H helm install prometheus prometheus-community/prometheus \
-            --namespace kube-system \
+        sudo -u docker -H helm upgrade --install prometheus prometheus \
+            --repo https://prometheus-community.github.io/helm-charts/ \
+            --namespace prometheus --create-namespace \
             --set server.service.type=NodePort \
             --set server.service.nodePort=30090 \
             --set server.persistentVolume.enabled=false \

prepare-vms/terraform/machines.tf

@@ -1,7 +1,7 @@
 resource "openstack_compute_instance_v2" "machine" {
   count           = "${var.count}" 
   name            = "${format("%s-%04d", "${var.prefix}", count.index+1)}"
-  image_name      = "Ubuntu 18.04.4 20200324"
+  image_name      = "${var.image}"
   flavor_name     = "${var.flavor}"
   security_groups = ["${openstack_networking_secgroup_v2.full_access.name}"]
   key_pair        = "${openstack_compute_keypair_v2.ssh_deploy_key.name}"
@@ -30,3 +30,5 @@ output "ip_addresses" {
 }
 
 variable "flavor" {}
+
+variable "image" {}

prepare-vms/terraform/vars.tf

@@ -5,4 +5,3 @@ variable "prefix" {
 variable "count" {
   type = "string"
 }
-

slides/2.yml

@@ -1,103 +0,0 @@
-title: |
-  Fondamentaux Kubernetes
-
-chat: "[Slack](https://scaleway.slack.com/archives/C024GSPUGG1)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://2021-06-scaleway.container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-content:
-- shared/title.md
-- logistics.md
-- k8s/intro.md
-- shared/about-slides.md
-- shared/chat-room-im.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/prereqs.md
-#- shared/webssh.md
-- shared/connecting.md
-- shared/toc.md
-- # 1
-  #- k8s/versions-k8s.md
-  - shared/sampleapp.md
-  #- shared/composescale.md
-  #- shared/hastyconclusions.md
-  - shared/composedown.md
-  - k8s/concepts-k8s.md
-  - k8s/kubectlget.md
-- # 2
-  - k8s/kubectl-run.md
-  - shared/declarative.md
-  - k8s/declarative.md
-  - k8s/deploymentslideshow.md
-  - k8s/kubenet.md
-  - k8s/kubectlexpose.md
-  - k8s/shippingimages.md
-  #- k8s/buildshiprun-selfhosted.md
-  - k8s/buildshiprun-dockerhub.md
-  - k8s/ourapponkube.md
-  #- k8s/exercise-wordsmith.md
-- # 3
-  - k8s/labels-annotations.md
-  - k8s/kubectl-logs.md
-  - k8s/logs-cli.md
-  - k8s/namespaces.md
-  - k8s/yamldeploy.md
-  #- k8s/kubectlscale.md
-  - k8s/scalingdockercoins.md
-  - shared/hastyconclusions.md
-- # 4
-  - k8s/daemonset.md
-  - k8s/rollout.md
-  - k8s/healthchecks.md
-  - k8s/healthchecks-more.md
-- # 5
-  - k8s/localkubeconfig.md
-  - k8s/accessinternal.md
-  - k8s/kubectlproxy.md
-  - k8s/dashboard.md
-  - k8s/k9s.md
-  - k8s/tilt.md
-- # 6
-  - k8s/setup-overview.md
-  - k8s/setup-devel.md
-  - k8s/setup-managed.md
-  - k8s/setup-selfhosted.md
-- # 7
-  - k8s/ingress.md
-  - k8s/ingress-tls.md
-- # 8
-  - k8s/volumes.md
-  #- k8s/exercise-configmap.md
-  #- k8s/build-with-docker.md
-  #- k8s/build-with-kaniko.md
-  - k8s/configuration.md
-  - k8s/secrets.md
-  - k8s/batch-jobs.md
-  #- k8s/logs-centralized.md
-  #- k8s/prometheus.md
-  #- k8s/statefulsets.md
-  #- k8s/local-persistent-volumes.md
-  #- k8s/portworx.md
-  #- k8s/extending-api.md
-  #- k8s/operators.md
-  #- k8s/operators-design.md
-  #- k8s/staticpods.md
-  #- k8s/owners-and-dependents.md
-  #- k8s/gitworkflows.md
-  #- k8s/whatsnext.md
-  #- k8s/lastwords.md
-  - shared/thankyou.md
-  - k8s/links.md
-#-
-#  - |
-#    # (Bonus)
-#  - k8s/record.md
-#  - k8s/dryrun.md

slides/4.yml

@@ -1,52 +0,0 @@
-title: |
-  Kubernetes Avancé
-
-chat: "[Slack](https://scaleway.slack.com/archives/C024GSPUGG1)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://2021-06-scaleway.container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-content:
-- shared/title.md
-- logistics.md
-- k8s/intro.md
-- shared/about-slides.md
-- shared/chat-room-im.md
-#- shared/chat-room-zoom.md
-- shared/prereqs.md
-- shared/webssh.md
-- shared/connecting.md
-- shared/toc.md
-- #1
-  - k8s/netpol.md
-  - k8s/authn-authz.md
-- #2
-  - k8s/extending-api.md
-  - k8s/operators.md
-  - k8s/sealed-secrets.md
-  - k8s/crd.md
-  - k8s/exercise-sealed-secrets.md
-- #3
-  - k8s/resource-limits.md
-  - k8s/metrics-server.md
-  - k8s/cluster-sizing.md
-  - k8s/horizontal-pod-autoscaler.md
-- #4
-  - k8s/aggregation-layer.md
-  - k8s/prometheus.md
-  - k8s/hpa-v2.md
-- #5
-  - k8s/admission.md
-  - k8s/kyverno.md
-- #6
-  - k8s/statefulsets.md
-  - k8s/local-persistent-volumes.md
-  - k8s/eck.md
-  #- k8s/portworx.md
-  - k8s/openebs.md

slides/_redirects

@@ -2,6 +2,7 @@
 #/ /kube-halfday.yml.html 200!
 #/ /kube-fullday.yml.html 200!
 #/ /kube-twodays.yml.html 200!
+/ /kube.yml.html 200!
 
 # And this allows to do "git clone https://container.training".
 /info/refs service=git-upload-pack https://github.com/jpetazzo/container.training/info/refs?service=git-upload-pack
@@ -21,5 +22,3 @@
 
 # Survey form
 /please https://docs.google.com/forms/d/e/1FAIpQLSfIYSgrV7tpfBNm1hOaprjnBHgWKn5n-k5vtNXYJkOX1sRxng/viewform
-
-/ /highfive.html 200!

slides/autopilot/package-lock.json

@@ -321,9 +321,9 @@
       }
     },
     "node_modules/forwarded": {
-      "version": "0.1.2",
-      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.1.2.tgz",
-      "integrity": "sha1-mMI9qxF1ZXuMBXPozszZGw/xjIQ=",
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
+      "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==",
       "engines": {
         "node": ">= 0.6"
       }
@@ -431,19 +431,19 @@
       }
     },
     "node_modules/mime-db": {
-      "version": "1.47.0",
-      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.47.0.tgz",
-      "integrity": "sha512-QBmA/G2y+IfeS4oktet3qRZ+P5kPhCKRXxXnQEudYqUaEioAU1/Lq2us3D/t1Jfo4hE9REQPrbB7K5sOczJVIw==",
+      "version": "1.48.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.48.0.tgz",
+      "integrity": "sha512-FM3QwxV+TnZYQ2aRqhlKBMHxk10lTbMt3bBkMAp54ddrNeVSfcQYOOKuGuy3Ddrm38I04If834fOUSq1yzslJQ==",
       "engines": {
         "node": ">= 0.6"
       }
     },
     "node_modules/mime-types": {
-      "version": "2.1.30",
-      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.30.tgz",
-      "integrity": "sha512-crmjA4bLtR8m9qLpHvgxSChT+XoSlZi8J4n/aIdn3z92e/U47Z0V/yl+Wh9W046GgFVAmoNR/fmdbZYcSSIUeg==",
+      "version": "2.1.31",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.31.tgz",
+      "integrity": "sha512-XGZnNzm3QvgKxa8dpzyhFTHmpP3l5YNusmne07VUOXxou9CqUqYa/HBy124RqtVh/O2pECas/MOcsDgpilPOPg==",
       "dependencies": {
-        "mime-db": "1.47.0"
+        "mime-db": "1.48.0"
       },
       "engines": {
         "node": ">= 0.6"
@@ -497,11 +497,11 @@
       "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="
     },
     "node_modules/proxy-addr": {
-      "version": "2.0.6",
-      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.6.tgz",
-      "integrity": "sha512-dh/frvCBVmSsDYzw6n926jv974gddhkFPfiN8hPOi30Wax25QZyZEGveluCgliBnqmuM+UJmBErbAUFIoDbjOw==",
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
+      "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
       "dependencies": {
-        "forwarded": "~0.1.2",
+        "forwarded": "0.2.0",
         "ipaddr.js": "1.9.1"
       },
       "engines": {
@@ -750,9 +750,9 @@
       }
     },
     "node_modules/ws": {
-      "version": "7.4.5",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.5.tgz",
-      "integrity": "sha512-xzyu3hFvomRfXKH8vOFMU3OguG6oOvhXMo3xsGy3xWExqaM2dxBbVxuD99O7m3ZUFMvvscsZDqxfgMaRr/Nr1g==",
+      "version": "7.4.6",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.6.tgz",
+      "integrity": "sha512-YmhHDO4MzaDLB+M9ym/mDA5z0naX8j7SIlT8f8z+I0VtzsRbekxEutHSme7NPS2qE8StCYQNUnfWdXta/Yu85A==",
       "engines": {
         "node": ">=8.3.0"
       },
@@ -770,9 +770,9 @@
       }
     },
     "node_modules/xmlhttprequest-ssl": {
-      "version": "1.6.2",
-      "resolved": "https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.6.2.tgz",
-      "integrity": "sha512-tYOaldF/0BLfKuoA39QMwD4j2m8lq4DIncqj1yuNELX4vz9+z/ieG/vwmctjJce+boFHXstqhWnHSxc4W8f4qg==",
+      "version": "1.6.3",
+      "resolved": "https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.6.3.tgz",
+      "integrity": "sha512-3XfeQE/wNkvrIktn2Kf0869fC0BN6UpydVasGIeSm2B1Llihf7/0UfZM+eCkOw3P7bP4+qPgqhm7ZoxuJtFU0Q==",
       "engines": {
         "node": ">=0.4.0"
       }
@@ -1051,9 +1051,9 @@
       }
     },
     "forwarded": {
-      "version": "0.1.2",
-      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.1.2.tgz",
-      "integrity": "sha1-mMI9qxF1ZXuMBXPozszZGw/xjIQ="
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
+      "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow=="
     },
     "fresh": {
       "version": "0.5.2",
@@ -1134,16 +1134,16 @@
       "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg=="
     },
     "mime-db": {
-      "version": "1.47.0",
-      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.47.0.tgz",
-      "integrity": "sha512-QBmA/G2y+IfeS4oktet3qRZ+P5kPhCKRXxXnQEudYqUaEioAU1/Lq2us3D/t1Jfo4hE9REQPrbB7K5sOczJVIw=="
+      "version": "1.48.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.48.0.tgz",
+      "integrity": "sha512-FM3QwxV+TnZYQ2aRqhlKBMHxk10lTbMt3bBkMAp54ddrNeVSfcQYOOKuGuy3Ddrm38I04If834fOUSq1yzslJQ=="
     },
     "mime-types": {
-      "version": "2.1.30",
-      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.30.tgz",
-      "integrity": "sha512-crmjA4bLtR8m9qLpHvgxSChT+XoSlZi8J4n/aIdn3z92e/U47Z0V/yl+Wh9W046GgFVAmoNR/fmdbZYcSSIUeg==",
+      "version": "2.1.31",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.31.tgz",
+      "integrity": "sha512-XGZnNzm3QvgKxa8dpzyhFTHmpP3l5YNusmne07VUOXxou9CqUqYa/HBy124RqtVh/O2pECas/MOcsDgpilPOPg==",
       "requires": {
-        "mime-db": "1.47.0"
+        "mime-db": "1.48.0"
       }
     },
     "ms": {
@@ -1185,11 +1185,11 @@
       "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="
     },
     "proxy-addr": {
-      "version": "2.0.6",
-      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.6.tgz",
-      "integrity": "sha512-dh/frvCBVmSsDYzw6n926jv974gddhkFPfiN8hPOi30Wax25QZyZEGveluCgliBnqmuM+UJmBErbAUFIoDbjOw==",
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
+      "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
       "requires": {
-        "forwarded": "~0.1.2",
+        "forwarded": "0.2.0",
         "ipaddr.js": "1.9.1"
       }
     },
@@ -1408,15 +1408,15 @@
       "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
     },
     "ws": {
-      "version": "7.4.5",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.5.tgz",
-      "integrity": "sha512-xzyu3hFvomRfXKH8vOFMU3OguG6oOvhXMo3xsGy3xWExqaM2dxBbVxuD99O7m3ZUFMvvscsZDqxfgMaRr/Nr1g==",
+      "version": "7.4.6",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.6.tgz",
+      "integrity": "sha512-YmhHDO4MzaDLB+M9ym/mDA5z0naX8j7SIlT8f8z+I0VtzsRbekxEutHSme7NPS2qE8StCYQNUnfWdXta/Yu85A==",
       "requires": {}
     },
     "xmlhttprequest-ssl": {
-      "version": "1.6.2",
-      "resolved": "https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.6.2.tgz",
-      "integrity": "sha512-tYOaldF/0BLfKuoA39QMwD4j2m8lq4DIncqj1yuNELX4vz9+z/ieG/vwmctjJce+boFHXstqhWnHSxc4W8f4qg=="
+      "version": "1.6.3",
+      "resolved": "https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.6.3.tgz",
+      "integrity": "sha512-3XfeQE/wNkvrIktn2Kf0869fC0BN6UpydVasGIeSm2B1Llihf7/0UfZM+eCkOw3P7bP4+qPgqhm7ZoxuJtFU0Q=="
     },
     "yeast": {
       "version": "0.1.2",

slides/containers/Working_With_Volumes.md

@@ -159,6 +159,24 @@ Volumes are not anchored to a specific path.
 
 ---
 
+## Populating volumes
+
+* When an empty volume is mounted on a non-empty directory, the directory is copied to the volume.
+
+* This makes it easy to "promote" a normal directory to a volume.
+
+* Non-empty volumes are always mounted as-is.
+
+Let's populate the webapps volume with the webapps.dist directory from the Tomcat image.
+
+````bash
+$ docker run -v webapps:/usr/local/tomcat/webapps.dist tomcat true
+```
+
+Note: running `true` will cause the container to exit successfully once the `webapps.dist` directory has been copied to the `webapps` volume, instead of starting tomcat.
+
+---
+
 ## Using our named volumes
 
 * Volumes are used with the `-v` option.

slides/exercises.md

@@ -0,0 +1,85 @@
+## Exercises
+
+- At the end of each day, we'll suggest a few more in-depth exercises
+
+- Try to complete them (either at the end of the day, or later, if you can!)
+
+- The exercises should be very quick for someone who already knows Kubernetes
+
+- But they can be more challenging if they concern parts that you haven't used yet!
+
+---
+
+## Day 1
+
+- Deploy a local Kubernetes cluster if you don't already have one
+
+  (you can use Docker Desktop, KinD, minikube... whatever you like)
+
+- Deploy dockercoins on that cluster
+
+  (feel free to use the YAML file for convenience)
+
+- Connect to the web UI in your browser
+
+  (you can expose the port, or use port-forward, or anything you like)
+
+- Scale up dockercoins
+
+---
+
+## Day 2
+
+- Add the Kubernetes dashboard to your local cluster
+
+- Make sure that dockercoins is deployed in a specific namespace
+
+- Use the dashboard to view that namespace in read-only mode
+
+  (hint: you'll need a service account, rolebinding, and token)
+
+- Tweak permissions so that you can scale deployments in that namespace
+
+- Add an ingress controller to your local cluster
+
+- Configure an ingress resource to access the web UI with `dockercoins.localdev.me`
+
+  (`\*.localdev.me` resolves to 127.0.0.1)
+
+---
+
+## Day 3
+
+- Create a Helm chart to deploy a generic microservice
+
+  (using `helm create` to get a generic chart and tweaking that chart)
+
+- Deploy dockercoins by instanciating that chart multiple times
+
+  (one time per service, so 5 times total)
+
+- Create a "meta" Helm chart to install the 5 components of dockercoins
+
+  (using chart dependencies and aliases)
+
+- Bonus: use Bitnami's redis chart for the dockercoins redis component
+
+---
+
+## Day 4
+
+- Deploy a Kubernetes cluster with multiple nodes
+
+  (you can use something like KinD, k3d, or even a managed k8s)
+
+- If the cluster doesn't already have a storage class, add one
+
+  (for instance, by using OpenEBS)
+
+- Deploy the Consul or the PostgreSQL example
+
+- Destroy a node and:
+
+  - verify the failover behavior (for Consul)
+
+  - trigger the failover behavior (for PostgreSQL)

slides/highfive.html

@@ -1,55 +0,0 @@
-<?xml version="1.0"?>
-<html>
-  <head>
-    <style>
-      td { 
-        background: #ccc; 
-        padding: 1em;
-      }
-</style>
-  </head>
-  <body>
-    <table>
-        <td>Mardi 8 juin 2021</td>
-        <td>
-          <a href="2.yml.html">Fondamentaux Kubernetes</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mercredi 9 juin 2021</td>
-        <td>
-          <a href="2.yml.html">Fondamentaux Kubernetes</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Jeudi 10 juin 2021</td>
-        <td>
-          <a href="2.yml.html">Fondamentaux Kubernetes</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Vendredi 11 juin 2021</td>
-        <td>
-          <a href="2.yml.html">Fondamentaux Kubernetes</a>
-        </td>
-      </tr>
-        <td>Mercredi 23 juin 2021</td>
-        <td>
-          <a href="4.yml.html">Kubernetes Avancé</a>
-        </td>
-      </tr>
-      </tr>
-        <td>Jeudi 24 juin 2021</td>
-        <td>
-          <a href="4.yml.html">Kubernetes Avancé</a>
-        </td>
-      </tr>
-      </tr>
-        <td>Vendredi 25 juin 2021</td>
-        <td>
-          <a href="4.yml.html">Kubernetes Avancé</a>
-        </td>
-      </tr>
-    </table>
-  </body>
-</html>

slides/images/control-planes/stacked-control-plane.svg

@@ -1,21 +1,20 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <svg
-   xmlns:osb="http://www.openswatchbook.org/uri/2009/osb"
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
    width="1600"
    height="900"
    viewBox="0 0 1600 900"
    version="1.1"
    id="svg696"
    sodipodi:docname="stacked-control-plane.svg"
-   inkscape:version="1.0.2 (e86c870879, 2021-01-15)"
-   enable-background="new">
+   inkscape:version="1.1 (c4e8f9ed74, 2021-05-24)"
+   enable-background="new"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:dc="http://purl.org/dc/elements/1.1/">
   <metadata
      id="metadata700">
     <rdf:RDF>
@@ -37,20 +36,21 @@
      guidetolerance="10"
      inkscape:pageopacity="0"
      inkscape:pageshadow="2"
-     inkscape:window-width="1916"
-     inkscape:window-height="1032"
+     inkscape:window-width="1920"
+     inkscape:window-height="1080"
      id="namedview698"
      showgrid="false"
      inkscape:zoom="0.64"
-     inkscape:cx="846.21952"
-     inkscape:cy="490.81599"
+     inkscape:cx="846.09375"
+     inkscape:cy="491.40625"
      inkscape:window-x="0"
-     inkscape:window-y="18"
+     inkscape:window-y="0"
      inkscape:window-maximized="0"
-     inkscape:current-layer="g11538"
+     inkscape:current-layer="svg696"
      units="px"
      inkscape:snap-object-midpoints="true"
-     inkscape:document-rotation="0" />
+     inkscape:document-rotation="0"
+     inkscape:pagecheckerboard="0" />
   <title
      id="title304">how-does-k8s-work</title>
   <style
@@ -814,7 +814,7 @@
     </marker>
     <linearGradient
        id="linearGradient15544"
-       osb:paint="solid">
+       inkscape:swatch="solid">
       <stop
          style="stop-color:#f7fe9a;stop-opacity:1;"
          offset="0"
@@ -877,10 +877,10 @@
          id="path6539" />
     </marker>
     <filter
-       x="-0.039000001"
-       y="-0.096999995"
-       width="1.077"
-       height="1.181"
+       x="-0.032283688"
+       y="-0.071219566"
+       width="1.0645674"
+       height="1.1697002"
        filterUnits="objectBoundingBox"
        id="filter-1">
       <feOffset
@@ -911,10 +911,10 @@
       </feMerge>
     </filter>
     <filter
-       x="-0.039000001"
-       y="-0.096999995"
-       width="1.077"
-       height="1.181"
+       x="-0.011010454"
+       y="-0.013426012"
+       width="1.0220209"
+       height="1.0324462"
        filterUnits="objectBoundingBox"
        id="filter-1-3">
       <feOffset
@@ -945,10 +945,10 @@
       </feMerge>
     </filter>
     <filter
-       x="-0.039000001"
-       y="-0.096999995"
-       width="1.077"
-       height="1.181"
+       x="-0.042581573"
+       y="-0.041728245"
+       width="1.0851631"
+       height="1.1008433"
        filterUnits="objectBoundingBox"
        id="filter-1-2">
       <feOffset
@@ -1046,6 +1046,40 @@
            id="feMergeNode8244" />
       </feMerge>
     </filter>
+    <filter
+       x="-0.023476223"
+       y="-0.071219566"
+       width="1.0469524"
+       height="1.1617986"
+       filterUnits="objectBoundingBox"
+       id="filter-1-36">
+      <feOffset
+         dx="0"
+         dy="2"
+         in="SourceAlpha"
+         result="shadowOffsetOuter1"
+         id="feOffset308-7" />
+      <feGaussianBlur
+         stdDeviation="2"
+         in="shadowOffsetOuter1"
+         result="shadowBlurOuter1"
+         id="feGaussianBlur310-5" />
+      <feColorMatrix
+         values="0 0 0 0 0   0 0 0 0 0   0 0 0 0 0  0 0 0 0.5 0"
+         type="matrix"
+         in="shadowBlurOuter1"
+         result="shadowMatrixOuter1"
+         id="feColorMatrix312-3" />
+      <feMerge
+         id="feMerge318-5">
+        <feMergeNode
+           in="shadowMatrixOuter1"
+           id="feMergeNode314-6" />
+        <feMergeNode
+           in="SourceGraphic"
+           id="feMergeNode316-2" />
+      </feMerge>
+    </filter>
   </defs>
   <text
      id="text3581"
@@ -2042,6 +2076,60 @@
        d="m 82.16849,58.067121 a 0.82746421,0.82746421 0 0 0 0.842647,-0.827464 V 55.888385 A 0.82746421,0.82746421 0 0 0 82.183672,55.06092 H 77.955254 V 51.098202 A 0.92615261,0.92615261 0 0 0 77.036693,50.179641 H 73.081566 V 45.973997 A 0.82746421,0.82746421 0 0 0 72.254102,45.146533 H 70.90283 a 0.82746421,0.82746421 0 0 0 -0.797098,0.827464 v 4.228418 h -4.478935 v -4.228418 a 0.82746421,0.82746421 0 0 0 -0.835056,-0.827464 h -1.336089 a 0.82746421,0.82746421 0 0 0 -0.827464,0.827464 v 4.228418 h -4.448569 v -4.228418 a 0.82746421,0.82746421 0 0 0 -0.827464,-0.827464 h -1.351272 a 0.82746421,0.82746421 0 0 0 -0.827464,0.827464 v 4.228418 h -3.947536 a 0.92615261,0.92615261 0 0 0 -0.926153,0.895787 v 3.939944 h -4.213235 a 0.82746421,0.82746421 0 0 0 -0.827464,0.827464 v 1.351272 a 0.82746421,0.82746421 0 0 0 0.827464,0.827464 h 4.213235 v 4.440978 h -4.213235 a 0.82746421,0.82746421 0 0 0 -0.827464,0.827464 v 1.374046 a 0.82746421,0.82746421 0 0 0 0.827464,0.835056 h 4.213235 v 4.448566 h -4.213235 a 0.82746421,0.82746421 0 0 0 -0.827464,0.827464 v 1.351272 a 0.82746421,0.82746421 0 0 0 0.827464,0.827464 h 4.213235 v 3.932354 a 0.92615261,0.92615261 0 0 0 0.918561,0.918561 h 3.955128 v 4.228419 a 0.82746421,0.82746421 0 0 0 0.827464,0.827464 h 1.351272 a 0.82746421,0.82746421 0 0 0 0.827464,-0.827464 v -4.228419 h 4.448569 v 4.228419 a 0.82746421,0.82746421 0 0 0 0.827464,0.827464 h 1.336089 a 0.82746421,0.82746421 0 0 0 0.827464,-0.827464 v -4.228419 h 4.486527 v 4.228419 a 0.82746421,0.82746421 0 0 0 0.827464,0.827464 h 1.351272 a 0.82746421,0.82746421 0 0 0 0.827464,-0.827464 v -4.228419 h 3.955127 a 0.92615261,0.92615261 0 0 0 0.888195,-0.918561 v -3.939945 h 4.213236 a 0.82746421,0.82746421 0 0 0 0.842647,-0.827464 V 70.790329 A 0.82746421,0.82746421 0 0 0 82.183672,69.962865 H 77.955254 V 65.52189 h 4.213236 a 0.82746421,0.82746421 0 0 0 0.842647,-0.835056 v -1.34368 A 0.82746421,0.82746421 0 0 0 82.16849,62.485324 H 77.955254 V 58.067121 Z M 74.842774,74.76823 H 53.404619 V 53.299712 h 21.438155 z"
        inkscape:connector-curvature="0" />
   </g>
+  <g
+     id="g3633"
+     inkscape:label="pod-template"
+     transform="matrix(0.6040599,0,0,0.6040599,973.44266,521.02252)">
+    <rect
+       transform="matrix(0.40490214,0,0,0.40490214,626.119,463.75335)"
+       style="display:inline;vector-effect:none;fill:#808080;fill-opacity:1;fill-rule:evenodd;stroke:#020202;stroke-width:5.11522;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;paint-order:normal;filter:url(#filter-1-36)"
+       id="rect3619"
+       width="313.40689"
+       height="103.30883"
+       x="428.58087"
+       y="-2.5194976"
+       ry="5.617908"
+       inkscape:label="pod-rectangle" />
+    <g
+       id="g3627"
+       inkscape:label="pod-box"
+       style="display:inline;fill:#808080;fill-rule:evenodd;stroke:none;stroke-width:1"
+       transform="translate(-343.49049,269.47902)">
+      <path
+         id="path3621"
+         d="m 1065.6051,188.949 38.7689,-11.2425 38.7688,11.2425 -38.7688,11.24254 z"
+         inkscape:connector-curvature="0"
+         style="fill:#808080;fill-rule:evenodd;stroke:#000000;stroke-width:2.74114;stroke-linecap:square;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         inkscape:export-xdpi="376.57999"
+         inkscape:export-ydpi="376.57999" />
+      <path
+         id="path3623"
+         d="m 1065.6051,193.25418 v 41.2523 l 36.1218,20.00898 0.1788,-50.46488 z"
+         inkscape:connector-curvature="0"
+         style="fill:#808080;fill-rule:evenodd;stroke:#000000;stroke-width:2.74114;stroke-linecap:square;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         inkscape:export-xdpi="376.57999"
+         inkscape:export-ydpi="376.57999" />
+      <path
+         id="path3625"
+         d="m 1143.1428,193.25418 v 41.2523 l -36.1217,20.00898 -0.1788,-50.46488 z"
+         inkscape:connector-curvature="0"
+         style="fill:#808080;fill-rule:evenodd;stroke:#000000;stroke-width:2.741;stroke-linecap:square;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+         inkscape:export-xdpi="376.57999"
+         inkscape:export-ydpi="376.57999" />
+    </g>
+    <text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:23.0917px;line-height:1.25;font-family:'Droid Serif';-inkscape-font-specification:'Droid Serif, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-feature-settings:normal;text-align:center;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:middle;display:inline;fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:0.590154"
+       x="863.76526"
+       y="492.69156"
+       id="text3631"
+       inkscape:label="pod-label"><tspan
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:23.0917px;font-family:'Droid Serif';-inkscape-font-specification:'Droid Serif, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-feature-settings:normal;text-align:center;writing-mode:lr-tb;text-anchor:middle;stroke-width:0.590154"
+         sodipodi:role="line"
+         id="tspan3629"
+         x="863.76526"
+         y="492.69156">scheduler</tspan></text>
+  </g>
   <g
      id="g11538"
      transform="matrix(0.94136549,0,0,0.94136549,106.56043,286.48052)">

slides/intro-fullday.yml

@@ -1,70 +0,0 @@
-title: |
-  Introduction
-  to Containers
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-content:
-- shared/title.md
-- logistics.md
-- containers/intro.md
-- shared/about-slides.md
-- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
--
-  #- containers/Docker_Overview.md
-  #- containers/Docker_History.md
-  - containers/Training_Environment.md
-  #- containers/Installing_Docker.md
-  - containers/First_Containers.md
-  - containers/Background_Containers.md
-  #- containers/Start_And_Attach.md
-  - containers/Naming_And_Inspecting.md
-  #- containers/Labels.md
-  - containers/Getting_Inside.md
-  - containers/Initial_Images.md
--
-  - containers/Building_Images_Interactively.md
-  - containers/Building_Images_With_Dockerfiles.md
-  - containers/Cmd_And_Entrypoint.md
-  - containers/Copying_Files_During_Build.md
-  - containers/Exercise_Dockerfile_Basic.md
--
-  - containers/Container_Networking_Basics.md
-  #- containers/Network_Drivers.md
-  - containers/Local_Development_Workflow.md
-  - containers/Container_Network_Model.md
-  - containers/Compose_For_Dev_Stacks.md
-  - containers/Exercise_Composefile.md
--
-  - containers/Multi_Stage_Builds.md
-  #- containers/Publishing_To_Docker_Hub.md
-  - containers/Dockerfile_Tips.md
-  - containers/Exercise_Dockerfile_Advanced.md
-  #- containers/Docker_Machine.md
-  #- containers/Advanced_Dockerfiles.md
-  #- containers/Init_Systems.md
-  #- containers/Application_Configuration.md
-  #- containers/Logging.md
-  #- containers/Namespaces_Cgroups.md
-  #- containers/Copy_On_Write.md
-  #- containers/Containers_From_Scratch.md
-  #- containers/Container_Engines.md
-  #- containers/Pods_Anatomy.md
-  #- containers/Ecosystem.md
-  #- containers/Orchestration_Overview.md
-  - shared/thankyou.md
-  - containers/links.md

slides/intro-selfpaced.yml

@@ -1,71 +0,0 @@
-title: |
-  Introduction
-  to Containers
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- in-person
-
-content:
-- shared/title.md
-# - shared/logistics.md
-- containers/intro.md
-- shared/about-slides.md
-#- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
-- - containers/Docker_Overview.md
-  - containers/Docker_History.md
-  - containers/Training_Environment.md
-  - containers/Installing_Docker.md
-  - containers/First_Containers.md
-  - containers/Background_Containers.md
-  - containers/Start_And_Attach.md
-- - containers/Initial_Images.md
-  - containers/Building_Images_Interactively.md
-  - containers/Building_Images_With_Dockerfiles.md
-  - containers/Cmd_And_Entrypoint.md
-  - containers/Copying_Files_During_Build.md
-  - containers/Exercise_Dockerfile_Basic.md
-- - containers/Multi_Stage_Builds.md
-  - containers/Publishing_To_Docker_Hub.md
-  - containers/Dockerfile_Tips.md
-  - containers/Exercise_Dockerfile_Advanced.md
-- - containers/Naming_And_Inspecting.md
-  - containers/Labels.md
-  - containers/Getting_Inside.md
-- - containers/Container_Networking_Basics.md
-  - containers/Network_Drivers.md
-  - containers/Container_Network_Model.md
-  #- containers/Connecting_Containers_With_Links.md
-  - containers/Ambassadors.md
-- - containers/Local_Development_Workflow.md
-  - containers/Windows_Containers.md
-  - containers/Working_With_Volumes.md
-  - containers/Compose_For_Dev_Stacks.md
-  - containers/Exercise_Composefile.md
-  - containers/Docker_Machine.md
-- - containers/Advanced_Dockerfiles.md
-  - containers/Init_Systems.md
-  - containers/Application_Configuration.md
-  - containers/Logging.md
-  - containers/Resource_Limits.md
-- - containers/Namespaces_Cgroups.md
-  - containers/Copy_On_Write.md
-  #- containers/Containers_From_Scratch.md
-- - containers/Container_Engines.md
-  - containers/Pods_Anatomy.md
-  - containers/Ecosystem.md
-  - containers/Orchestration_Overview.md
-  - shared/thankyou.md
-  - containers/links.md

slides/intro-twodays.yml

@@ -1,79 +0,0 @@
-title: |
-  Introduction
-  to Containers
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-content:
-- shared/title.md
-- logistics.md
-- containers/intro.md
-- shared/about-slides.md
-- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
-- # DAY 1
-  - containers/Docker_Overview.md
-  #- containers/Docker_History.md
-  - containers/Training_Environment.md
-  - containers/First_Containers.md
-  - containers/Background_Containers.md
-  - containers/Initial_Images.md
--
-  - containers/Building_Images_Interactively.md
-  - containers/Building_Images_With_Dockerfiles.md
-  - containers/Cmd_And_Entrypoint.md
-  - containers/Copying_Files_During_Build.md
-  - containers/Exercise_Dockerfile_Basic.md
--
-  - containers/Dockerfile_Tips.md
-  - containers/Multi_Stage_Builds.md
-  - containers/Publishing_To_Docker_Hub.md
-  - containers/Exercise_Dockerfile_Advanced.md
--
-  - containers/Naming_And_Inspecting.md
-  - containers/Labels.md
-  - containers/Start_And_Attach.md
-  - containers/Getting_Inside.md
-  - containers/Resource_Limits.md
-- # DAY 2
-  - containers/Container_Networking_Basics.md
-  - containers/Network_Drivers.md
-  - containers/Container_Network_Model.md
--
-  - containers/Local_Development_Workflow.md
-  - containers/Working_With_Volumes.md
-  - containers/Compose_For_Dev_Stacks.md
-  - containers/Exercise_Composefile.md
--
-  - containers/Installing_Docker.md
-  - containers/Container_Engines.md
-  - containers/Init_Systems.md
-  - containers/Advanced_Dockerfiles.md
--
-  - containers/Application_Configuration.md
-  - containers/Logging.md
-  - containers/Orchestration_Overview.md
--
-  - shared/thankyou.md
-  - containers/links.md
-#-
-  #- containers/Docker_Machine.md
-  #- containers/Ambassadors.md
-  #- containers/Namespaces_Cgroups.md
-  #- containers/Copy_On_Write.md
-  #- containers/Containers_From_Scratch.md
-  #- containers/Pods_Anatomy.md
-  #- containers/Ecosystem.md

slides/k8s/authn-authz.md

@@ -621,18 +621,48 @@ It's important to note a couple of details in these flags...
 
 ---
 
-## Testing directly with `kubectl`
+## `kubectl auth` and other CLI tools
+
+- The `kubectl auth can-i` command can tell us:
+
+  - if we can perform an action
+
+  - if someone else can perform an action
+
+  - what actions we can perform
+
+- There are also other very useful tools to work with RBAC
+
+- Let's do a quick review!
+
+---
+
+## `kubectl auth can-i dothis onthat`
+
+- These commands will give us a `yes`/`no` answer:
 
-- We can also check for permission with `kubectl auth can-i`:
   ```bash
   kubectl auth can-i list nodes
   kubectl auth can-i create pods
   kubectl auth can-i get pod/name-of-pod
   kubectl auth can-i get /url-fragment-of-api-request/
   kubectl auth can-i '*' services
+  kubectl auth can-i get coffee
+  kubectl auth can-i drink coffee
   ```
 
-- And we can check permissions on behalf of other users:
+- The RBAC system is flexible
+
+- We can check permissions on resources that don't exist yet (e.g. CRDs)
+
+- We can check permissions for arbitrary actions
+
+---
+
+## `kubectl auth can-i ... --as someoneelse`
+
+- We can check permissions on behalf of other users
+
   ```bash
   kubectl auth can-i list nodes \
           --as some-user
@@ -640,6 +670,56 @@ It's important to note a couple of details in these flags...
           --as system:serviceaccount:<namespace>:<name-of-service-account>
   ```
 
+- We can also use `--as-group` to check permissions for members of a group
+
+- `--as` and `--as-group` leverage the *impersonation API*
+
+- These flags can be used with many other `kubectl` commands
+
+  (not just `auth can-i`)
+
+---
+
+## `kubectl auth can-i --list`
+
+- We can list the actions that are available to us:
+
+  ````bash
+  kubectl auth can-i --list
+  ```
+
+- ... Or to someone else (with `--as SomeOtherUser`)
+
+- This is very useful to check users or service accounts for overly broad permissions
+
+  (or when looking for ways to exploit a security vulnerability!)
+
+- To learn more about Kubernetes attacks and threat models around RBAC:
+
+  📽️ [Hacking into Kubernetes Security for Beginners](https://www.youtube.com/watch?v=mLsCm9GVIQg)
+  by [Ellen Körbes](https://twitter.com/ellenkorbes)
+  and [Tabitha Sable](https://twitter.com/TabbySable)
+
+---
+
+class: extra-details
+
+## Other useful tools
+
+- For auditing purposes, sometimes we want to know who can perform which actions
+
+- There are a few tools to help us with that, available as `kubectl` plugins:
+
+  - `kubectl who-can` / [kubectl-who-can](https://github.com/aquasecurity/kubectl-who-can) by Aqua Security
+
+  - `kubectl access-matrix` / [Rakkess (Review Access)](https://github.com/corneliusweig/rakkess) by Cornelius Weig
+
+  - `kubectl rbac-lookup` / [RBAC Lookup](https://github.com/FairwindsOps/rbac-lookup) by FairwindsOps
+
+- `kubectl` plugins can be installed and managed with `krew`
+
+- They can also be installed and executed as standalone programs
+
 ---
 
 class: extra-details
@@ -681,9 +761,38 @@ class: extra-details
 
 - This ClusterRole permissions will be added to `admin`/`edit`/`view` respectively
 
-- This is particulary useful when using CustomResourceDefinitions
+---
 
-  (since Kubernetes cannot guess which resources are sensitive and which ones aren't)
+class: extra-details
+
+## When should we use aggregation?
+
+- By default, CRDs aren't included in `view` / `edit` / etc.
+
+  (Kubernetes cannot guess which one are security sensitive and which ones are not)
+
+- If we edit `view` / `edit` / etc directly, our edits will conflict
+
+  (imagine if we have two CRDs and they both provide a custom `view` ClusterRole)
+
+- Using aggregated roles lets us enrich the default roles without touching them
+
+---
+
+class: extra-details
+
+## How aggregation works
+
+- The corresponding roles will have `aggregationRules` like this:
+
+   ```yaml
+    aggregationRule:
+      clusterRoleSelectors:
+      - matchLabels:
+          rbac.authorization.k8s.io/aggregate-to-view: "true"
+   ```
+
+- We can define our own custom roles with their own aggregation rules
 
 ---
 
@@ -727,26 +836,6 @@ class: extra-details
   kubectl describe clusterrole cluster-admin
   ```
 
----
-
-class: extra-details
-
-## Figuring out who can do what
-
-- For auditing purposes, sometimes we want to know who can perform which actions
-
-- There are a few tools to help us with that, available as `kubectl` plugins:
-
-  - `kubectl who-can` / [kubectl-who-can](https://github.com/aquasecurity/kubectl-who-can) by Aqua Security
-
-  - `kubectl access-matrix` / [Rakkess (Review Access)](https://github.com/corneliusweig/rakkess) by Cornelius Weig
-
-  - `kubectl rbac-lookup` / [RBAC Lookup](https://github.com/FairwindsOps/rbac-lookup) by FairwindsOps
-
-- `kubectl` plugins can be installed and managed with `krew`
-
-- They can also be installed and executed as standalone programs
-
 ???
 
 :EN:- Authentication and authorization in Kubernetes

slides/k8s/crd.md

@@ -12,9 +12,21 @@
 
 ---
 
-## A very simple CRD
+## Creating a CRD
 
-The file @@LINK[k8s/coffee-1.yaml] describes a very simple CRD representing different kinds of coffee:
+- We will create a CRD to represent the different species of coffee
+
+  (arabica, liberica, and robusta)
+
+- We will be able to run `kubectl get coffees` and it will list the species
+
+- Then we can label, edit, etc. the species to attach some information
+
+  (e.g. the taste profile of the coffee, or whatever we want)
+
+---
+
+## First shot of coffee
 
 ```yaml
 @@INCLUDE[k8s/coffee-1.yaml]
@@ -22,7 +34,43 @@ The file @@LINK[k8s/coffee-1.yaml] describes a very simple CRD representing diff
 
 ---
 
-## Creating a CRD
+## The joys of API deprecation
+
+- Unfortunately, the CRD manifest on the previous slide is deprecated!
+
+- It is using `apiextensions.k8s.io/v1beta1`, which is dropped in Kubernetes 1.22
+
+- We need to use `apiextensions.k8s.io/v1`, which is a little bit more complex
+
+  (a few optional things become mandatory, see [this guide](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#customresourcedefinition-v122) for details)
+
+- `apiextensions.k8s.io/v1beta1` is available since Kubernetes 1.16
+
+---
+
+## Second shot of coffee
+
+- The next slide will show file @@LINK[k8s/coffee-2.yaml]
+
+- Note the `spec.versions` list
+
+  - we need exactly one version with `storage: true`
+
+  - we can have multiple versions with `served: true`
+
+- `spec.versions[].schema.openAPI3Schema` is required
+
+  (and must be a valid OpenAPI schema; here it's a trivial one)
+
+---
+
+```yaml
+@@INCLUDE[k8s/coffee-2.yaml]
+```
+
+---
+
+## Creating our Coffee CRD
 
 - Let's create the Custom Resource Definition for our Coffee resource
 
@@ -30,7 +78,7 @@ The file @@LINK[k8s/coffee-1.yaml] describes a very simple CRD representing diff
 
 - Load the CRD:
   ```bash
-  kubectl apply -f ~/container.training/k8s/coffee-1.yaml
+  kubectl apply -f ~/container.training/k8s/coffee-2.yaml
   ```
 
 - Confirm that it shows up:
@@ -169,13 +217,13 @@ Note: we can update a CRD without having to re-create the corresponding resource
 
 ## Data validation
 
-- By default, CRDs are not *validated*
+- CRDs are validated with the OpenAPI v3 schema that we specify
 
-  (we can put anything we want in the `spec`)
+  (with older versions of the API, when the schema was optional,
+  <br/>
+  no schema = no validation at all)
 
-- When creating a CRD, we can pass an OpenAPI v3 schema
-
-  (which will then be used to validate resources)
+- Otherwise, we can put anything we want in the `spec`
 
 - More advanced validation can also be done with admission webhooks, e.g.:
 

slides/k8s/helm-intro.md

@@ -22,7 +22,7 @@
 
 - We can create resources with one-line commands
 
-  (`kubectl run`, `kubectl createa deployment`, `kubectl expose`...)
+  (`kubectl run`, `kubectl create deployment`, `kubectl expose`...)
 
 - We can also create resources by loading YAML files
 

slides/k8s/hpa-v2.md

@@ -152,11 +152,9 @@ class: extra-details
 
 - If it's not installed yet on the cluster, install Prometheus:
   ```bash
-    helm repo add prometheus-community
-         https://prometheus-community.github.io/helm-charts
-    helm upgrade prometheus prometheus-community/prometheus \
-         --install \
-         --namespace kube-system \
+    helm upgrade --install prometheus prometheus \
+         --repo https://prometheus-community.github.io/helm-charts \
+         --namespace prometheus --create-namespace \
          --set server.service.type=NodePort \
          --set server.service.nodePort=30090 \
          --set server.persistentVolume.enabled=false \
@@ -475,10 +473,11 @@ no custom metrics API (custom.metrics.k8s.io) registered
 
 - Install the Prometheus adapter:
   ```bash
-    helm upgrade prometheus-adapter prometheus-community/prometheus-adapter \
-         --install --namespace=kube-system \
-         --set prometheus.url=http://prometheus-server.kube-system.svc \
-         --set prometheus.port=80
+    helm upgrade --install prometheus-adapter prometheus-adapter \
+      --repo https://prometheus-community.github.io/helm-charts \
+      --namespace=prometheus-adapter --create-namespace \
+      --set prometheus.url=http://prometheus-server.prometheus.svc \
+      --set prometheus.port=80
   ```
 
 ]

slides/k8s/prometheus.md

@@ -218,27 +218,7 @@ We need to:
 
 ---
 
-## Step 2: add the `prometheus-community` repo
-
-- This will add the repository containing the chart for Prometheus
-
-- This command is idempotent
-
-  (it won't break anything if the repository was already added)
-
-.exercise[
-
-- Add the repository:
-  ```bash
-    helm repo add prometheus-community \
-         https://prometheus-community.github.io/helm-charts
-  ```
-
-]
-
----
-
-## Step 3: install Prometheus
+## Step 2: install Prometheus
 
 - The following command, just like the previous ones, is idempotent
 
@@ -248,9 +228,9 @@ We need to:
 
 - Install Prometheus on our cluster:
   ```bash
-    helm upgrade prometheus prometheus-community/prometheus \
-        --install \
-        --namespace kube-system \
+    helm upgrade prometheus --install prometheus \
+        --repo https://prometheus-community.github.io/helm-charts \
+        --namespace prometheus --create-namespace \
         --set server.service.type=NodePort \
         --set server.service.nodePort=30090 \
         --set server.persistentVolume.enabled=false \
@@ -267,24 +247,37 @@ class: extra-details
 
 ## Explaining all the Helm flags
 
-- `helm upgrade prometheus` → upgrade the release named `prometheus` ...
+- `helm upgrade prometheus` → upgrade the release named `prometheus`
   <br/>
   (a "release" is an instance of an app deployed with Helm)
 
-- `prometheus-community/...` → of a chart located in the `prometheus-community` repo ...
+- `--install` → if it doesn't exist, install it (instead of upgrading)
 
-- `.../prometheus` → in that repo, get the chart named `prometheus` ...
+- `prometheus` → use the chart named `prometheus`
 
-- `--install` → if the app doesn't exist, create it ...
+- `--repo ...` → the chart is located on the following repository
 
-- `--namespace kube-system` → put it in that specific namespace ...
+- `--namespace prometheus` → put it in that specific namespace
 
-- ... and set the following *values* when rendering the chart's templates:
+- `--create-namespace` → create the namespace if it doesn't exist
 
-  - `server.service.type=NodePort` → expose the Prometheus server with a NodePort
-  - `server.service.nodePort=30090` → set the specific NodePort number to use
-  - `server.persistentVolume.enabled=false` → do not use a PersistentVolumeClaim
-  - `alertmanager.enabled=false` → disable the alert manager entirely
+- `--set ...` → here are some *values* to be used when rendering the chart's templates
+
+---
+
+class: extra-details
+
+## Values for the Prometheus chart
+
+Helm *values* are parameters to customize our installation.
+
+- `server.service.type=NodePort` → expose the Prometheus server with a NodePort
+
+- `server.service.nodePort=30090` → set the specific NodePort number to use
+
+- `server.persistentVolume.enabled=false` → do not use a PersistentVolumeClaim
+
+- `alertmanager.enabled=false` → disable the alert manager entirely
 
 ---
 
@@ -301,6 +294,9 @@ class: extra-details
 
 - With your browser, connect to that port
 
+
+- It should be 30090 if we just installed Prometheus with the Helm chart!
+
 ]
 
 ---
@@ -316,7 +312,7 @@ class: extra-details
     sum by (instance) (
       irate(
         container_cpu_usage_seconds_total{
-          pod_name=~"worker.*"
+          pod=~"worker.*"
           }[5m]
       )
     )
@@ -371,7 +367,7 @@ container_cpu_usage_seconds_total
 
 This query will show us only metrics for worker containers:
 ```
-container_cpu_usage_seconds_total{pod_name=~"worker.*"}
+container_cpu_usage_seconds_total{pod=~"worker.*"}
 ```
 
 - The `=~` operator allows regex matching
@@ -388,7 +384,7 @@ container_cpu_usage_seconds_total{pod_name=~"worker.*"}
 
 This query will show us CPU usage % instead of total seconds used:
 ```
-100*irate(container_cpu_usage_seconds_total{pod_name=~"worker.*"}[5m])
+100*irate(container_cpu_usage_seconds_total{pod=~"worker.*"}[5m])
 ```
 
 - The [`irate`](https://prometheus.io/docs/prometheus/latest/querying/functions/#irate) operator computes the "per-second instant rate of increase"
@@ -408,7 +404,7 @@ This query will show us CPU usage % instead of total seconds used:
 This query sums the CPU usage per node:
 ```
 sum by (instance) (
-  irate(container_cpu_usage_seconds_total{pod_name=~"worker.*"}[5m])
+  irate(container_cpu_usage_seconds_total{pod=~"worker.*"}[5m])
 )
 ```
 
@@ -530,15 +526,17 @@ class: extra-details
 
 ---
 
-## Unfortunately ...
+class: extra-details
 
-- The cAdvisor exporter uses tag `pod_name` for the name of a pod
+## What if the tags don't match?
+
+- Older versions of cAdvisor exporter used tag `pod_name` for the name of a pod
 
 - The Kubernetes service endpoints exporter uses tag `pod` instead
 
 - See [this blog post](https://www.robustperception.io/exposing-the-software-version-to-prometheus) or [this other one](https://www.weave.works/blog/aggregating-pod-resource-cpu-memory-usage-arbitrary-labels-prometheus/) to see how to perform "joins"
 
-- Alas, Prometheus cannot "join" time series with different labels
+- Note that Prometheus cannot "join" time series with different labels
 
   (see [Prometheus issue #2204](https://github.com/prometheus/prometheus/issues/2204) for the rationale)
 

slides/k8s/setup-overview.md

@@ -20,27 +20,43 @@
 
 - Then it's a good idea to have a development cluster!
 
-- Development clusters only need one node
+- Instead of shipping containers images, we can test them on Kubernetes
 
-- This simplifies their setup a lot:
+- Extremely useful when authoring or testing Kubernetes-specific objects
+
+  (ConfigMaps, Secrets, StatefulSets, Jobs, RBAC, etc.)
+
+- Extremely convenient to quickly test/check what a particular thing looks like
+
+  (e.g. what are the fields a Deployment spec?)
+
+---
+
+## One-node clusters
+
+- It's perfectly fine to work with a cluster that has only one node
+
+- It simplifies a lot of things:
 
   - pod networking doesn't even need CNI plugins, overlay networks, etc.
 
-  - they can be fully contained (no pun intended) in an easy-to-ship VM image
+  - these clusters can be fully contained (no pun intended) in an easy-to-ship VM or container image
 
   - some of the security aspects may be simplified (different threat model)
 
+  - images can be built directly on the node (we don't need to ship them with a registry)
+
 - Examples: Docker Desktop, k3d, KinD, MicroK8s, Minikube
 
   (some of these also support clusters with multiple nodes)
 
 ---
 
-## Managed clusters
+## Managed clusters ("Turnkey Solutions")
 
 - Many cloud providers and hosting providers offer "managed Kubernetes"
 
-- The deployment and maintenance of the cluster is entirely managed by the provider
+- The deployment and maintenance of the *control plane* is entirely managed by the provider
 
   (ideally, clusters can be spun up automatically through an API, CLI, or web interface)
 
@@ -56,17 +72,19 @@
 
 ---
 
-## Managed clusters details
+## Node management
 
-- Pricing models differ from one provider to another
+- Most "Turnkey Solutions" offer fully managed control planes
 
-  - nodes are generally charged at their usual price
+  (including control plane upgrades, sometimes done automatically)
 
-  - control plane may be free or incur a small nominal fee
+- However, with most providers, we still need to take care of *nodes*
 
-- Beyond pricing, there are *huge* differences in features between providers
+  (provisioning, upgrading, scaling the nodes)
 
-- The "major" providers are not always the best ones!
+- Example with Amazon EKS ["managed node groups"](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html):
+
+  *...when bugs or issues are reported [...] you're responsible for deploying these patched AMI versions to your managed node groups.*
 
 ---
 
@@ -90,6 +108,22 @@
 
 ---
 
+## Choosing a provider
+
+- Pricing models differ from one provider to another
+
+  - nodes are generally charged at their usual price
+
+  - control plane may be free or incur a small nominal fee
+
+- Beyond pricing, there are *huge* differences in features between providers
+
+- The "major" providers are not always the best ones!
+
+- See [this page](https://kubernetes.io/docs/setup/production-environment/turnkey-solutions/) for a list of available providers
+
+---
+
 ## Kubernetes distributions and installers
 
 - If you want to run Kubernetes yourselves, there are many options
@@ -102,9 +136,9 @@
 
   (like Puppet, Terraform ...)
 
-- A good starting point to explore these options is this [guide](https://v1-16.docs.kubernetes.io/docs/setup/#production-environment)
+- There are too many options to list them all
 
-  (it defines categories like "managed", "turnkey" ...)
+  (check [this page](https://kubernetes.io/partners/#conformance) for an overview!)
 
 ---
 

slides/kadm-fullday.yml

@@ -1,60 +0,0 @@
-title: |
-  Kubernetes
-  for Admins and Ops
-
-#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-chat: "In person!"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-- static-pods-exercise
-
-content:
-- shared/title.md
-- logistics.md
-- k8s/intro.md
-- shared/about-slides.md
-- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
--
-  - k8s/prereqs-admin.md
-  - k8s/architecture.md
-  #- k8s/internal-apis.md
-  - k8s/deploymentslideshow.md
-  - k8s/dmuc.md
--
-  - k8s/multinode.md
-  - k8s/cni.md
-  - k8s/cni-internals.md
-  - k8s/interco.md
--
-  - k8s/apilb.md
-  #- k8s/setup-overview.md
-  #- k8s/setup-devel.md
-  #- k8s/setup-managed.md
-  #- k8s/setup-selfhosted.md
-  - k8s/cluster-upgrade.md
-  - k8s/cluster-backup.md
-  - k8s/staticpods.md
--
-  #- k8s/cloud-controller-manager.md
-  #- k8s/bootstrap.md  
-  - k8s/control-plane-auth.md
-  - k8s/podsecuritypolicy.md
-  - k8s/user-cert.md
-  - k8s/csr-api.md
-  - k8s/openid-connect.md
--
-  #- k8s/lastwords-admin.md
-  - k8s/links.md
-  - shared/thankyou.md

slides/kadm-twodays.yml

@@ -1,85 +0,0 @@
-title: |
-  Kubernetes
-  for administrators
-  and operators
-
-#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-chat: "In person!"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-content:
-- shared/title.md
-- logistics.md
-- k8s/intro.md
-- shared/about-slides.md
-- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
-# DAY 1
-- - k8s/prereqs-admin.md
-  - k8s/architecture.md
-  - k8s/internal-apis.md
-  - k8s/deploymentslideshow.md
-  - k8s/dmuc.md
-- - k8s/multinode.md
-  - k8s/cni.md
-  - k8s/cni-internals.md
-  - k8s/interco.md
-- - k8s/apilb.md
-  - k8s/setup-overview.md
-  #- k8s/setup-devel.md
-  - k8s/setup-managed.md
-  - k8s/setup-selfhosted.md
-  - k8s/cluster-upgrade.md
-  - k8s/staticpods.md
-- - k8s/cluster-backup.md
-  - k8s/cloud-controller-manager.md
-  - k8s/healthchecks.md
-  - k8s/healthchecks-more.md
-# DAY 2
-- - k8s/kubercoins.md
-  - k8s/logs-cli.md
-  - k8s/logs-centralized.md
-  - k8s/authn-authz.md
-  - k8s/user-cert.md
-  - k8s/csr-api.md
-- - k8s/openid-connect.md
-  - k8s/control-plane-auth.md
-  ###- k8s/bootstrap.md
-  - k8s/netpol.md
-  - k8s/podsecuritypolicy.md
-- - k8s/resource-limits.md
-  - k8s/metrics-server.md
-  - k8s/cluster-sizing.md
-  - k8s/horizontal-pod-autoscaler.md
-- - k8s/prometheus.md
-  #- k8s/prometheus-stack.md
-  - k8s/extending-api.md
-  - k8s/crd.md
-  - k8s/operators.md
-  - k8s/eck.md
-  ###- k8s/operators-design.md
-# CONCLUSION
-- - k8s/lastwords.md
-  - k8s/links.md
-  - shared/thankyou.md
-  - |
-    # (All content after this slide is bonus material)
-# EXTRA
-- - k8s/volumes.md
-  - k8s/configuration.md
-  - k8s/secrets.md
-  - k8s/statefulsets.md
-  - k8s/local-persistent-volumes.md
-  - k8s/portworx.md

slides/kube-adv.yml

@@ -1,86 +0,0 @@
-title: |
-  Advanced
-  Kubernetes
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-content:
-- shared/title.md
-- logistics.md
-- k8s/intro.md
-- shared/about-slides.md
-#- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
-- #1
-  - k8s/prereqs-admin.md
-  - k8s/architecture.md
-  - k8s/internal-apis.md
-  - k8s/deploymentslideshow.md
-  - k8s/dmuc.md
-- #2
-  - k8s/multinode.md
-  - k8s/cni.md
-  - k8s/interco.md
-- #3
-  - k8s/cni-internals.md
-  - k8s/apilb.md
-  - k8s/control-plane-auth.md
-  - |
-    # (Extra content)
-  - k8s/staticpods.md
-  - k8s/cluster-upgrade.md
-- #4
-  - k8s/kustomize.md
-  - k8s/helm-intro.md
-  - k8s/helm-chart-format.md
-  - k8s/helm-create-basic-chart.md
-  - |
-    # (Extra content)
-  - k8s/helm-create-better-chart.md
-  - k8s/helm-dependencies.md
-  - k8s/helm-values-schema-validation.md
-  - k8s/helm-secrets.md
-- #5
-  - k8s/extending-api.md
-  - k8s/operators.md
-  - k8s/sealed-secrets.md
-  - k8s/crd.md
-  #- k8s/exercise-sealed-secrets.md
-- #6
-  - k8s/ingress-tls.md
-  - k8s/cert-manager.md
-  - k8s/eck.md
-- #7
-  - k8s/admission.md
-  - k8s/kyverno.md
-- #8
-  - k8s/aggregation-layer.md
-  - k8s/metrics-server.md
-  - k8s/prometheus.md
-  - k8s/prometheus-stack.md
-  - k8s/hpa-v2.md
-- #9
-  - k8s/operators-design.md
-  - k8s/kubebuilder.md
-  - k8s/events.md
-  - k8s/finalizers.md
-  - |
-    # (Extra content)
-  - k8s/owners-and-dependents.md
-  - k8s/apiserver-deepdive.md
-  #- k8s/record.md
-  - shared/thankyou.md
-

slides/kube-fullday.yml

@@ -1,126 +0,0 @@
-title: |
-  Deploying and Scaling Microservices
-  with Kubernetes
-
-#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-chat: "In person!"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-content:
-- shared/title.md
-- logistics.md
-- k8s/intro.md
-- shared/about-slides.md
-- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
--
-  - shared/prereqs.md
-  #- shared/webssh.md
-  - shared/connecting.md
-  #- k8s/versions-k8s.md
-  - shared/sampleapp.md
-  #- shared/composescale.md
-  #- shared/hastyconclusions.md
-  - shared/composedown.md
-  - k8s/concepts-k8s.md
-  - k8s/kubectlget.md
--
-  - k8s/kubectl-run.md
-  #- k8s/batch-jobs.md
-  - shared/declarative.md
-  - k8s/declarative.md
-  - k8s/deploymentslideshow.md
-  - k8s/kubenet.md
-  - k8s/kubectlexpose.md
-  - k8s/shippingimages.md
-  #- k8s/buildshiprun-selfhosted.md
-  - k8s/buildshiprun-dockerhub.md
-  - k8s/ourapponkube.md
-  #- k8s/exercise-wordsmith.md
--
-  - k8s/labels-annotations.md
-  - k8s/kubectl-logs.md
-  - k8s/logs-cli.md
-  - k8s/namespaces.md
-  - k8s/yamldeploy.md
-  - k8s/setup-overview.md
-  - k8s/setup-devel.md
-  #- k8s/setup-managed.md
-  #- k8s/setup-selfhosted.md
--
-  - k8s/dashboard.md
-  - k8s/rollout.md
-  - k8s/healthchecks.md
-  - k8s/ingress.md
-  #- k8s/volumes.md
-  - k8s/configuration.md
-  - k8s/secrets.md
-  - k8s/openebs.md
-  #- k8s/k9s.md
-  #- k8s/tilt.md
-  #- k8s/kubectlscale.md
-  #- k8s/scalingdockercoins.md
-  #- shared/hastyconclusions.md
-  #- k8s/daemonset.md
-  #- k8s/authoring-yaml.md
-  #- k8s/exercise-yaml.md
-  #- k8s/localkubeconfig.md
-  #- k8s/access-eks-cluster.md
-  #- k8s/accessinternal.md
-  #- k8s/kubectlproxy.md
-  #- k8s/healthchecks-more.md
-  #- k8s/record.md
-  #- k8s/ingress-tls.md
-  #- k8s/kustomize.md
-  #- k8s/helm-intro.md
-  #- k8s/helm-chart-format.md
-  #- k8s/helm-create-basic-chart.md
-  #- k8s/helm-create-better-chart.md
-  #- k8s/helm-dependencies.md
-  #- k8s/helm-values-schema-validation.md
-  #- k8s/helm-secrets.md
-  #- k8s/exercise-helm.md
-  #- k8s/gitlab.md
-  #- k8s/create-chart.md
-  #- k8s/create-more-charts.md
-  #- k8s/netpol.md
-  #- k8s/authn-authz.md
-  #- k8s/user-cert.md
-  #- k8s/csr-api.md
-  #- k8s/openid-connect.md
-  #- k8s/podsecuritypolicy.md
-  #- k8s/exercise-configmap.md
-  #- k8s/build-with-docker.md
-  #- k8s/build-with-kaniko.md
-  #- k8s/logs-centralized.md
-  #- k8s/prometheus.md
-  #- k8s/prometheus-stack.md
-  #- k8s/statefulsets.md
-  #- k8s/local-persistent-volumes.md
-  #- k8s/portworx.md
-  #- k8s/extending-api.md
-  #- k8s/crd.md
-  #- k8s/admission.md
-  #- k8s/operators.md
-  #- k8s/operators-design.md
-  #- k8s/staticpods.md
-  #- k8s/finalizers.md
-  #- k8s/owners-and-dependents.md
-  #- k8s/gitworkflows.md
--
-  #- k8s/whatsnext.md
-  - k8s/lastwords.md
-  #- k8s/links.md
-  - shared/thankyou.md

slides/kube-halfday.yml

@@ -1,88 +0,0 @@
-title: |
-  Kubernetes 101
-
-
-#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/training-20180413-paris)"
-chat: "In person!"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-content:
-- shared/title.md
-#- logistics.md
-# Bridget-specific; others use logistics.md
-- logistics-bridget.md
-- k8s/intro.md
-- shared/about-slides.md
-- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
-- - shared/prereqs.md
-  #- shared/webssh.md
-  - shared/connecting.md
-  - k8s/versions-k8s.md
-  - shared/sampleapp.md
-# Bridget doesn't go into as much depth with compose
-  #- shared/composescale.md
-  #- shared/hastyconclusions.md
-  - shared/composedown.md
-  - k8s/concepts-k8s.md
-  - shared/declarative.md
-  - k8s/declarative.md
-  - k8s/kubenet.md
-  - k8s/kubectlget.md
-  - k8s/setup-overview.md
-  #- k8s/setup-devel.md
-  #- k8s/setup-managed.md
-  #- k8s/setup-selfhosted.md
-- - k8s/kubectl-run.md
-  #- k8s/batch-jobs.md
-  #- k8s/labels-annotations.md
-  - k8s/kubectl-logs.md
-  - k8s/deploymentslideshow.md
-  - k8s/kubectlexpose.md
-  - k8s/shippingimages.md
-  #- k8s/buildshiprun-selfhosted.md
-  - k8s/buildshiprun-dockerhub.md
-  - k8s/ourapponkube.md
-  #- k8s/localkubeconfig.md
-  #- k8s/access-eks-cluster.md
-  #- k8s/accessinternal.md
-  #- k8s/kubectlproxy.md
-- - k8s/dashboard.md
-  #- k8s/k9s.md
-  #- k8s/tilt.md
-  #- k8s/kubectlscale.md
-  - k8s/scalingdockercoins.md
-  - shared/hastyconclusions.md
-  - k8s/daemonset.md
-  - k8s/rollout.md
-  #- k8s/record.md
-- - k8s/logs-cli.md
-# Bridget hasn't added EFK yet
-  #- k8s/logs-centralized.md
-  - k8s/namespaces.md
-  - k8s/helm-intro.md
-  #- k8s/helm-chart-format.md
-  - k8s/helm-create-basic-chart.md
-  #- k8s/helm-create-better-chart.md
-  #- k8s/helm-dependencies.md
-  #- k8s/helm-values-schema-validation.md
-  #- k8s/helm-secrets.md
-  #- k8s/kustomize.md
-  #- k8s/netpol.md
-  - k8s/whatsnext.md
-#  - k8s/links.md
-# Bridget-specific
-  - k8s/links-bridget.md
-  - shared/thankyou.md

slides/kube-selfpaced.yml

@@ -1,156 +0,0 @@
-title: |
-  Deploying and Scaling Microservices
-  with Docker and Kubernetes
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- in-person
-
-content:
-- shared/title.md
-#- logistics.md
-- k8s/intro.md
-- shared/about-slides.md
-#- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
--
-  - shared/prereqs.md
-  #- shared/webssh.md
-  - shared/connecting.md
-  - k8s/versions-k8s.md
-  - shared/sampleapp.md
-  #- shared/composescale.md
-  #- shared/hastyconclusions.md
-  - shared/composedown.md
-  - k8s/concepts-k8s.md
--
-  - k8s/kubectlget.md
-  - k8s/kubectl-run.md
-  - k8s/batch-jobs.md
-  - k8s/labels-annotations.md
-  - k8s/kubectl-logs.md
-  - k8s/logs-cli.md
-  - shared/declarative.md
-  - k8s/declarative.md
-  - k8s/deploymentslideshow.md
--
-  - k8s/kubenet.md
-  - k8s/kubectlexpose.md
-  - k8s/shippingimages.md
-  - k8s/buildshiprun-selfhosted.md
-  - k8s/buildshiprun-dockerhub.md
-  - k8s/ourapponkube.md
-  #- k8s/exercise-wordsmith.md
-  - k8s/yamldeploy.md
--
-  - k8s/setup-overview.md
-  - k8s/setup-devel.md
-  - k8s/setup-managed.md
-  - k8s/setup-selfhosted.md
-  - k8s/dashboard.md
-  - k8s/k9s.md
-  - k8s/tilt.md
-  #- k8s/kubectlscale.md
-  - k8s/scalingdockercoins.md
-  - shared/hastyconclusions.md
-  - k8s/daemonset.md
-  - k8s/authoring-yaml.md
-  #- k8s/exercise-yaml.md
--
-  - k8s/rollout.md
-  - k8s/healthchecks.md
-  - k8s/healthchecks-more.md
-  - k8s/record.md
--
-  - k8s/namespaces.md
-  - k8s/localkubeconfig.md
-  #- k8s/access-eks-cluster.md
-  - k8s/accessinternal.md
-  - k8s/kubectlproxy.md
--
-  - k8s/ingress.md
-  - k8s/ingress-tls.md
-  - k8s/cert-manager.md
-  - k8s/kustomize.md
-  - k8s/helm-intro.md
-  - k8s/helm-chart-format.md
-  - k8s/helm-create-basic-chart.md
-  - k8s/helm-create-better-chart.md
-  - k8s/helm-dependencies.md
-  - k8s/helm-values-schema-validation.md
-  - k8s/helm-secrets.md
-  #- k8s/exercise-helm.md
-  - k8s/gitlab.md
--
-  - k8s/netpol.md
-  - k8s/authn-authz.md
-  - k8s/podsecuritypolicy.md
-  - k8s/user-cert.md
-  - k8s/csr-api.md
-  - k8s/openid-connect.md
-  - k8s/control-plane-auth.md
--
-  - k8s/volumes.md
-  #- k8s/exercise-configmap.md
-  - k8s/build-with-docker.md
-  - k8s/build-with-kaniko.md
--
-  - k8s/configuration.md
-  - k8s/secrets.md
-  - k8s/statefulsets.md
-  - k8s/local-persistent-volumes.md
-  - k8s/portworx.md
-  - k8s/openebs.md
--
-  - k8s/logs-centralized.md
-  - k8s/prometheus.md
-  - k8s/prometheus-stack.md
-  - k8s/resource-limits.md
-  - k8s/metrics-server.md
-  - k8s/cluster-sizing.md
-  - k8s/horizontal-pod-autoscaler.md
-  - k8s/hpa-v2.md
--
-  - k8s/extending-api.md
-  - k8s/apiserver-deepdive.md
-  - k8s/crd.md
-  - k8s/aggregation-layer.md
-  - k8s/admission.md
-  - k8s/operators.md
-  - k8s/operators-design.md
-  - k8s/kubebuilder.md
-  - k8s/sealed-secrets.md
-  #- k8s/exercise-sealed-secrets.md
-  - k8s/kyverno.md
-  - k8s/eck.md
-  - k8s/finalizers.md
-  - k8s/owners-and-dependents.md
-  - k8s/events.md
--
-  - k8s/dmuc.md
-  - k8s/multinode.md
-  - k8s/cni.md
-  - k8s/cni-internals.md
-  - k8s/apilb.md
-  - k8s/staticpods.md
--
-  - k8s/cluster-upgrade.md
-  - k8s/cluster-backup.md
-  - k8s/cloud-controller-manager.md
-  - k8s/gitworkflows.md
--
-  - k8s/lastwords.md
-  - k8s/links.md
-  - shared/thankyou.md

slides/kube.yml

@@ -1,14 +1,14 @@
 title: |
-  Deploying and Scaling Microservices
-  with Kubernetes
+  Kubernetes
+  (Intermediate)
 
 #chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
 #chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-chat: "In person!"
+chat: Slack
 
 gitrepo: github.com/jpetazzo/container.training
 
-slides: http://container.training/
+slides: https://2021-08-reblaze.container.training/
 
 #slidenumberprefix: "#SomeHashTag — "
 
@@ -25,61 +25,39 @@ content:
 #- shared/chat-room-zoom-meeting.md
 #- shared/chat-room-zoom-webinar.md
 - shared/toc.md
--
-  - shared/prereqs.md
-  #- shared/webssh.md
-  - shared/connecting.md
-  #- k8s/versions-k8s.md
-  - shared/sampleapp.md
-  #- shared/composescale.md
-  #- shared/hastyconclusions.md
-  - shared/composedown.md
-  - k8s/concepts-k8s.md
-  - k8s/kubectlget.md
--
-  - k8s/kubectl-run.md
-  - k8s/batch-jobs.md
-  - k8s/labels-annotations.md
-  - k8s/kubectl-logs.md
-  - k8s/logs-cli.md
-  - shared/declarative.md
-  - k8s/declarative.md
-  - k8s/deploymentslideshow.md
-  - k8s/kubenet.md
-  - k8s/kubectlexpose.md
-  - k8s/shippingimages.md
-  #- k8s/buildshiprun-selfhosted.md
-  - k8s/buildshiprun-dockerhub.md
-  - k8s/ourapponkube.md
-  #- k8s/exercise-wordsmith.md
--
+- shared/connecting.md
+- exercises.md
+- # DAY 1
   - k8s/yamldeploy.md
+  - k8s/authoring-yaml.md
+  - k8s/namespaces.md
+  - k8s/scalingdockercoins.md
+  - shared/hastyconclusions.md
+  - k8s/daemonset.md
+  - k8s/rollout.md
+  - k8s/healthchecks.md
+  #- k8s/healthchecks-more.md
+  #- k8s/record.md
+  #- k8s/exercise-yaml.md
+  - k8s/localkubeconfig.md
+  - k8s/accessinternal.md
+  #- k8s/kubectlproxy.md
   - k8s/setup-overview.md
   - k8s/setup-devel.md
   #- k8s/setup-managed.md
   #- k8s/setup-selfhosted.md
-  - k8s/dashboard.md
   - k8s/k9s.md
-  #- k8s/tilt.md
   #- k8s/kubectlscale.md
-  - k8s/scalingdockercoins.md
-  - shared/hastyconclusions.md
-  - k8s/daemonset.md
-  - k8s/authoring-yaml.md
-  #- k8s/exercise-yaml.md
--
-  - k8s/localkubeconfig.md
-  #- k8s/access-eks-cluster.md
-  - k8s/accessinternal.md
-  #- k8s/kubectlproxy.md
-  - k8s/rollout.md
-  - k8s/healthchecks.md
-  #- k8s/healthchecks-more.md
-  - k8s/record.md
--
-  - k8s/namespaces.md
+- # DAY 2
   - k8s/ingress.md
+  - k8s/authn-authz.md
+  - k8s/dashboard.md
+  - k8s/netpol.md
   #- k8s/ingress-tls.md
+  - k8s/volumes.md
+  - k8s/configuration.md
+  - k8s/secrets.md
+- # DAY 3
   - k8s/kustomize.md
   - k8s/helm-intro.md
   - k8s/helm-chart-format.md
@@ -89,28 +67,16 @@ content:
   - k8s/helm-values-schema-validation.md
   - k8s/helm-secrets.md
   #- k8s/exercise-helm.md
-  - k8s/gitlab.md
--
-  - k8s/netpol.md
-  - k8s/authn-authz.md
-  #- k8s/csr-api.md
-  #- k8s/openid-connect.md
-  #- k8s/podsecuritypolicy.md
--
-  - k8s/volumes.md
-  #- k8s/exercise-configmap.md
-  #- k8s/build-with-docker.md
-  #- k8s/build-with-kaniko.md
-  - k8s/configuration.md
-  - k8s/secrets.md
+  #- k8s/gitlab.md
+- # DAY 4
+  - k8s/tilt.md
+  - k8s/batch-jobs.md
   - k8s/logs-centralized.md
-  #- k8s/prometheus.md
-  #- k8s/prometheus-stack.md
--
+  - k8s/prometheus.md
+  - k8s/prometheus-stack.md
   - k8s/statefulsets.md
   - k8s/local-persistent-volumes.md
-  - k8s/portworx.md
-  #- k8s/openebs.md
+  - k8s/openebs.md
   #- k8s/extending-api.md
   #- k8s/admission.md
   #- k8s/operators.md
@@ -118,8 +84,7 @@ content:
   #- k8s/staticpods.md
   #- k8s/owners-and-dependents.md
   #- k8s/gitworkflows.md
--
-  - k8s/whatsnext.md
-  - k8s/lastwords.md
-  - k8s/links.md
   - shared/thankyou.md
+  #- k8s/csr-api.md
+  #- k8s/openid-connect.md
+  #- k8s/podsecuritypolicy.md

slides/logistics-template.md

@@ -1,17 +1,17 @@
 ## Intros
 
-- Hello! 
+- Hello! I'm Jérôme Petazzoni ([@jpetazzo](https://twitter.com/jpetazzo))
 
-- I'm Jérôme ([@jpetazzo](https://twitter.com/jpetazzo))
+- The training will run from 10h00 to 16h00 (Israel time)
 
-- The training will run from 9:30 to 13:00
+  *Sunday, Monday, Wednesday, Thursday (not Tuesday!)*
 
-- There will be a break at (approximately) 11:00
+- There will be a lunch break between 13h00 and 14h00
+
+  (And coffee breaks!)
 
 - Feel free to interrupt for questions at any time
 
 - *Especially when you see full screen container pictures!*
 
-- At the end of every half-day, there will be a mini-homework
-
-  (optional, but recommended)
+- Live feedback, questions, help: @@CHAT@@

slides/shared/connecting.md

@@ -34,6 +34,23 @@ If anything goes wrong — ask for help!
 
 ---
 
+## Cloning the container.training repository
+
+- We will use many YAML files and other assets during the training
+
+- All these files are stored in a public git repository
+
+.exercise[
+
+- Clone the repository:
+  ```bash
+  git clone https://container.training/
+  ```
+
+]
+
+---
+
 class: in-person
 
 ## `tailhist`

slides/shared/prereqs.md

@@ -1,4 +1,4 @@
-## Pre-requirements
+# Pre-requirements
 
 - Be comfortable with the UNIX command line
 

slides/swarm-fullday.yml

@@ -1,71 +0,0 @@
-title: |
-  Container Orchestration
-  with Docker and Swarm
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-- snap
-- btp-auto
-- benchmarking
-- elk-manual
-- prom-manual
-
-content:
-- shared/title.md
-- logistics.md
-- swarm/intro.md
-- shared/about-slides.md
-- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
-- - shared/prereqs.md
-  - shared/connecting.md
-  - swarm/versions.md
-  - shared/sampleapp.md
-  - shared/composescale.md
-  - shared/hastyconclusions.md
-  - shared/composedown.md
-  - swarm/swarmkit.md
-  - shared/declarative.md
-  - swarm/swarmmode.md
-  - swarm/creatingswarm.md
-  #- swarm/machine.md
-  - swarm/morenodes.md
-- - swarm/firstservice.md
-  - swarm/ourapponswarm.md
-  - swarm/hostingregistry.md
-  - swarm/testingregistry.md
-  - swarm/btp-manual.md
-  - swarm/swarmready.md
-  - swarm/stacks.md
-  - swarm/cicd.md
-  - swarm/updatingservices.md
-  - swarm/rollingupdates.md
-  - swarm/healthchecks.md
-- - swarm/operatingswarm.md
-  - swarm/netshoot.md
-  - swarm/ipsec.md
-  - swarm/swarmtools.md
-  - swarm/security.md
-  - swarm/secrets.md
-  - swarm/encryptionatrest.md
-  - swarm/leastprivilege.md
-  - swarm/apiscope.md
-- - swarm/logging.md
-  - swarm/metrics.md
-  - swarm/gui.md
-  - swarm/stateful.md
-  - swarm/extratips.md
-  - shared/thankyou.md
-  - swarm/links.md

slides/swarm-halfday.yml

@@ -1,70 +0,0 @@
-title: |
-  Container Orchestration
-  with Docker and Swarm
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-- snap
-- btp-manual
-- benchmarking
-- elk-manual
-- prom-manual
-
-content:
-- shared/title.md
-- logistics.md
-- swarm/intro.md
-- shared/about-slides.md
-- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
-- - shared/prereqs.md
-  - shared/connecting.md
-  - swarm/versions.md
-  - shared/sampleapp.md
-  - shared/composescale.md
-  - shared/hastyconclusions.md
-  - shared/composedown.md
-  - swarm/swarmkit.md
-  - shared/declarative.md
-  - swarm/swarmmode.md
-  - swarm/creatingswarm.md
-  #- swarm/machine.md
-  - swarm/morenodes.md
-- - swarm/firstservice.md
-  - swarm/ourapponswarm.md
-  #- swarm/hostingregistry.md
-  #- swarm/testingregistry.md
-  #- swarm/btp-manual.md
-  #- swarm/swarmready.md
-  - swarm/stacks.md
-  - swarm/cicd.md
-  - swarm/updatingservices.md
-  #- swarm/rollingupdates.md
-  #- swarm/healthchecks.md
-- - swarm/operatingswarm.md
-  #- swarm/netshoot.md
-  #- swarm/ipsec.md
-  #- swarm/swarmtools.md
-  - swarm/security.md
-  #- swarm/secrets.md
-  #- swarm/encryptionatrest.md
-  - swarm/leastprivilege.md
-  - swarm/apiscope.md
-  - swarm/logging.md
-  - swarm/metrics.md
-  #- swarm/stateful.md
-  #- swarm/extratips.md
-  - shared/thankyou.md
-  - swarm/links.md

slides/swarm-selfpaced.yml

@@ -1,79 +0,0 @@
-title: |
-  Container Orchestration
-  with Docker and Swarm
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- in-person
-- btp-auto
-
-content:
-- shared/title.md
-#- shared/logistics.md
-- swarm/intro.md
-- shared/about-slides.md
-#- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
-- - shared/prereqs.md
-  - shared/connecting.md
-  - swarm/versions.md
-  - |
-    name: part-1
-
-    class: title, self-paced
-
-    Part 1
-  - shared/sampleapp.md
-  - shared/composescale.md
-  - shared/hastyconclusions.md
-  - shared/composedown.md
-  - swarm/swarmkit.md
-  - shared/declarative.md
-  - swarm/swarmmode.md
-  - swarm/creatingswarm.md
-  #- swarm/machine.md
-  - swarm/morenodes.md
-- - swarm/firstservice.md
-  - swarm/ourapponswarm.md
-  - swarm/hostingregistry.md
-  - swarm/testingregistry.md
-  - swarm/btp-manual.md
-  - swarm/swarmready.md
-  - swarm/stacks.md
-  - swarm/cicd.md
-  - |
-    name: part-2
-
-    class: title, self-paced
-
-    Part 2
-- - swarm/operatingswarm.md
-  - swarm/netshoot.md
-  - swarm/swarmnbt.md
-  - swarm/ipsec.md
-  - swarm/updatingservices.md
-  - swarm/rollingupdates.md
-  - swarm/healthchecks.md
-  - swarm/nodeinfo.md
-  - swarm/swarmtools.md
-- - swarm/security.md
-  - swarm/secrets.md
-  - swarm/encryptionatrest.md
-  - swarm/leastprivilege.md
-  - swarm/apiscope.md
-  - swarm/logging.md
-  - swarm/metrics.md
-  - swarm/stateful.md
-  - swarm/extratips.md
-  - shared/thankyou.md
-  - swarm/links.md

slides/swarm-video.yml

@@ -1,74 +0,0 @@
-title: |
-  Container Orchestration
-  with Docker and Swarm
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- in-person
-- btp-auto
-
-content:
-- shared/title.md
-#- shared/logistics.md
-- swarm/intro.md
-- shared/about-slides.md
-- shared/toc.md
-- - shared/prereqs.md
-  - shared/connecting.md
-  - swarm/versions.md
-  - |
-    name: part-1
-
-    class: title, self-paced
-
-    Part 1
-  - shared/sampleapp.md
-  - shared/composescale.md
-  - shared/hastyconclusions.md
-  - shared/composedown.md
-  - swarm/swarmkit.md
-  - shared/declarative.md
-  - swarm/swarmmode.md
-  - swarm/creatingswarm.md
-  #- swarm/machine.md
-  - swarm/morenodes.md
-- - swarm/firstservice.md
-  - swarm/ourapponswarm.md
-  - swarm/hostingregistry.md
-  - swarm/testingregistry.md
-  - swarm/btp-manual.md
-  - swarm/swarmready.md
-  - swarm/stacks.md
-  - |
-    name: part-2
-
-    class: title, self-paced
-
-    Part 2
-- - swarm/operatingswarm.md
-  #- swarm/netshoot.md
-  #- swarm/swarmnbt.md
-  - swarm/ipsec.md
-  - swarm/updatingservices.md
-  - swarm/rollingupdates.md
-  #- swarm/healthchecks.md
-  - swarm/nodeinfo.md
-  - swarm/swarmtools.md
-- - swarm/security.md
-  - swarm/secrets.md
-  - swarm/encryptionatrest.md
-  - swarm/leastprivilege.md
-  - swarm/apiscope.md
-  #- swarm/logging.md
-  #- swarm/metrics.md
-  - swarm/stateful.md
-  - swarm/extratips.md
-  - shared/thankyou.md
-  - swarm/links.md

slides/swarm/btp-manual.md

@@ -14,7 +14,7 @@
     export TAG=v0.1
     for SERVICE in hasher rng webui worker; do
       docker build -t $REGISTRY/$SERVICE:$TAG ./$SERVICE
-      docker push $REGISTRY/$SERVICE
+      docker push $REGISTRY/$SERVICE:$TAG
     done
   ```