✨ Prepare content for Thoughtworks Infrastructure

📃 Update rolling update intro slide
🔒️ Mention bound service account tokens
2026-02-28 00:13:51 +00:00 · 2022-08-17 14:51:57 +02:00 · 2022-08-17 14:49:17 +02:00 · 2022-08-17 14:18:15 +02:00 · 2022-08-17 13:49:15 +02:00 · 2022-08-17 13:48:55 +02:00
48 changed files with 610 additions and 1897 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -6,13 +6,7 @@ prepare-vms/tags
 prepare-vms/infra
 prepare-vms/www

-prepare-tf/.terraform*
-prepare-tf/terraform.*
-prepare-tf/stage2/*.tf
-prepare-tf/stage2/kubeconfig.*
-prepare-tf/stage2/.terraform*
-prepare-tf/stage2/terraform.*
-prepare-tf/stage2/externalips.*
+prepare-tf/tag-*

 slides/*.yml.html
 slides/autopilot/state.yaml
--- a/k8s/pizza-1.yaml
+++ b/k8s/pizza-1.yaml
@@ -0,0 +1,14 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: pizzas.container.training
+spec:
+  group: container.training
+  version: v1alpha1
+  scope: Namespaced
+  names:
+    plural: pizzas
+    singular: pizza
+    kind: Pizza
+    shortNames:
+    - piz
--- a/k8s/pizza-2.yaml
+++ b/k8s/pizza-2.yaml
@@ -0,0 +1,20 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: pizzas.container.training
+spec:
+  group: container.training
+  scope: Namespaced
+  names:
+    plural: pizzas
+    singular: pizza
+    kind: Pizza
+    shortNames:
+    - piz
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
--- a/k8s/pizza-3.yaml
+++ b/k8s/pizza-3.yaml
@@ -0,0 +1,32 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: pizzas.container.training
+spec:
+  group: container.training
+  scope: Namespaced
+  names:
+    plural: pizzas
+    singular: pizza
+    kind: Pizza
+    shortNames:
+    - piz
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        required: [ spec ]
+        properties:
+          spec:
+            type: object
+            required: [ sauce, toppings ]
+            properties:
+              sauce:
+                type: string
+              toppings:
+                type: array
+                items:
+                  type: string
--- a/k8s/pizza-4.yaml
+++ b/k8s/pizza-4.yaml
@@ -0,0 +1,39 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: pizzas.container.training
+spec:
+  group: container.training
+  scope: Namespaced
+  names:
+    plural: pizzas
+    singular: pizza
+    kind: Pizza
+    shortNames:
+    - piz
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        required: [ spec ]
+        properties:
+          spec:
+            type: object
+            required: [ sauce, toppings ]
+            properties:
+              sauce:
+                type: string
+              toppings:
+                type: array
+                items:
+                  type: string
+    additionalPrinterColumns:
+    - jsonPath: .spec.sauce
+      name: Sauce
+      type: string
+    - jsonPath: .spec.toppings
+      name: Toppings
+      type: string
--- a/k8s/pizza-5.yaml
+++ b/k8s/pizza-5.yaml
@@ -0,0 +1,40 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: pizzas.container.training
+spec:
+  group: container.training
+  scope: Namespaced
+  names:
+    plural: pizzas
+    singular: pizza
+    kind: Pizza
+    shortNames:
+    - piz
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        required: [ spec ]
+        properties:
+          spec:
+            type: object
+            required: [ sauce, toppings ]
+            properties:
+              sauce:
+                type: string
+                enum: [ red, white ]
+              toppings:
+                type: array
+                items:
+                  type: string
+    additionalPrinterColumns:
+    - jsonPath: .spec.sauce
+      name: Sauce
+      type: string
+    - jsonPath: .spec.toppings
+      name: Toppings
+      type: string
--- a/k8s/pizzas.yaml
+++ b/k8s/pizzas.yaml
@@ -0,0 +1,45 @@
+---
+apiVersion: container.training/v1alpha1
+kind: Pizza
+metadata:
+  name: margherita
+spec:
+  sauce: red
+  toppings:
+    - mozarella
+    - basil
+---
+apiVersion: container.training/v1alpha1
+kind: Pizza
+metadata:
+  name: quatrostagioni
+spec:
+  sauce: red
+  toppings:
+    - artichoke
+    - basil
+    - mushrooms
+    - prosciutto
+---
+apiVersion: container.training/v1alpha1
+kind: Pizza
+metadata:
+  name: mehl31
+spec:
+  sauce: white
+  toppings:
+    - goatcheese
+    - pear
+    - walnuts
+    - mozzarella
+    - rosemary
+    - honey
+---
+apiVersion: container.training/v1alpha1
+kind: Pizza
+metadata:
+  name: brownie
+spec:
+  sauce: chocolate
+  toppings:
+    - nuts
--- a/netlify.toml
+++ b/netlify.toml
@@ -2,4 +2,3 @@
  base = "slides"
  publish = "slides"
  command = "./build.sh once"
-
--- a/prepare-tf/source/locals.tf
+++ b/prepare-tf/source/locals.tf
@@ -1,6 +1,6 @@
 resource "random_string" "_" {
  length  = 4
-  number  = false
+  numeric = false
  special = false
  upper   = false
 }
--- a/prepare-tf/source/modules/linode/main.tf
+++ b/prepare-tf/source/modules/linode/main.tf
@@ -3,7 +3,7 @@ resource "linode_lke_cluster" "_" {
  tags  = var.common_tags
  # "region" is mandatory, so let's provide a default value if none was given.
  region      = var.location != null ? var.location : "eu-central"
-  k8s_version = var.k8s_version
+  k8s_version = local.k8s_version

  pool {
    type  = local.node_type
--- a/prepare-tf/source/modules/linode/variables.tf
+++ b/prepare-tf/source/modules/linode/variables.tf
@@ -51,7 +51,22 @@ variable "location" {

 # To view supported versions, run:
 # linode-cli lke versions-list --json | jq -r .[].id
+data "external" "k8s_version" {
+  program = [
+    "sh",
+    "-c",
+    <<-EOT
+      linode-cli lke versions-list --json |
+      jq -r '{"latest": [.[].id] | sort [-1]}'
+    EOT
+  ]
+}
+
 variable "k8s_version" {
  type    = string
-  default = "1.22"
+  default = ""
+}
+
+locals {
+  k8s_version = var.k8s_version != "" ? var.k8s_version : data.external.k8s_version.result.latest
 }
--- a/prepare-tf/source/stage2.tmpl
+++ b/prepare-tf/source/stage2.tmpl
@@ -193,7 +193,6 @@ resource "tls_private_key" "cluster_admin_${index}" {
 }

 resource "tls_cert_request" "cluster_admin_${index}" {
-  key_algorithm = tls_private_key.cluster_admin_${index}.algorithm
  private_key_pem = tls_private_key.cluster_admin_${index}.private_key_pem
  subject {
    common_name = "cluster-admin"
--- a/prepare-vms/README.md
+++ b/prepare-vms/README.md
@@ -17,6 +17,7 @@ These tools can help you to create VMs on:
 - [Parallel SSH](https://github.com/lilydjwg/pssh)
  (should be installable with `pip install git+https://github.com/lilydjwg/pssh`;
  on a Mac, try `brew install pssh`)
+- [yq](https://github.com/kislyuk/yq)

 Depending on the infrastructure that you want to use, you also need to install
 the CLI that is specific to that cloud. For OpenStack deployments, you will
--- a/prepare-vms/settings/admin-oldversion.yaml
+++ b/prepare-vms/settings/admin-oldversion.yaml
@@ -16,7 +16,7 @@ user_password: training

 # For a list of old versions, check:
 # https://kubernetes.io/releases/patch-releases/#non-active-branch-history
-kubernetes_version: 1.18.20
+kubernetes_version: 1.20.15

 image:

--- a/slides/1.yml
+++ b/slides/1.yml
@@ -1,68 +0,0 @@
-title: |
-  Docker Intensif
-
-chat: "[Mattermost](https://highfive.container.training/mattermost)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://2022-06-enix.container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- self-paced
-
-content:
- shared/title.md
- logistics.md
- containers/intro.md
- shared/about-slides.md
- shared/chat-room-im.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
- shared/toc.md
- # DAY 1
-  #- containers/Docker_Overview.md
-  #- containers/Docker_History.md
-  - containers/Training_Environment.md
-  #- containers/Installing_Docker.md
-  - containers/First_Containers.md
-  - containers/Background_Containers.md
-  - containers/Initial_Images.md
-  - containers/Building_Images_Interactively.md
-  - containers/Building_Images_With_Dockerfiles.md
-  - containers/Cmd_And_Entrypoint.md
-  - containers/Copying_Files_During_Build.md
-  - containers/Exercise_Dockerfile_Basic.md
- # DAY 2
-  - containers/Container_Networking_Basics.md
-  - containers/Local_Development_Workflow.md
-  - containers/Container_Network_Model.md
-  - containers/Compose_For_Dev_Stacks.md
-  - containers/Exercise_Composefile.md
- # DAY 3
-  - containers/Start_And_Attach.md
-  - containers/Naming_And_Inspecting.md
-  - containers/Labels.md
-  - containers/Getting_Inside.md
-  - containers/Dockerfile_Tips.md
-  - containers/Advanced_Dockerfiles.md
-  - containers/Multi_Stage_Builds.md
-  - containers/Publishing_To_Docker_Hub.md
-  - containers/Exercise_Dockerfile_Advanced.md
- # DAY 4
-  - containers/Buildkit.md
-  - containers/Network_Drivers.md
-  - containers/Namespaces_Cgroups.md
-  #- containers/Copy_On_Write.md
-  - containers/Orchestration_Overview.md
-  #- containers/Docker_Machine.md
-  #- containers/Init_Systems.md
-  #- containers/Application_Configuration.md
-  #- containers/Logging.md
-  #- containers/Containers_From_Scratch.md
-  #- containers/Container_Engines.md
-  #- containers/Pods_Anatomy.md
-  #- containers/Ecosystem.md
-  - shared/thankyou.md
-  #- containers/links.md
--- a/slides/2.yml
+++ b/slides/2.yml
@@ -1,87 +0,0 @@
-title: |
-  Fondamentaux Kubernetes
-
-chat: "[Mattermost](https://highfive.container.training/mattermost)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://2022-06-enix.container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- self-paced
-
-content:
- shared/title.md
- logistics.md
- k8s/intro.md
- shared/about-slides.md
- shared/chat-room-im.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
- shared/prereqs.md
-#- shared/webssh.md
- shared/connecting.md
- exercises/k8sfundamentals-brief.md
- exercises/localcluster-brief.md
- exercises/healthchecks-brief.md
- shared/toc.md
- # 1
-  #- k8s/versions-k8s.md
-  - shared/sampleapp.md
-  #- shared/composescale.md
-  #- shared/hastyconclusions.md
-  - shared/composedown.md
-  - k8s/concepts-k8s.md
-  - k8s/kubectlget.md
-  - k8s/kubectl-run.md
-  - k8s/kubenet.md
-  - k8s/kubectlexpose.md
-  - k8s/shippingimages.md
-  #- k8s/buildshiprun-selfhosted.md
-  - k8s/buildshiprun-dockerhub.md
-  - exercises/k8sfundamentals-details.md
-  - k8s/ourapponkube.md
-  #- k8s/exercise-wordsmith.md
- # 2
-  - k8s/labels-annotations.md
-  - k8s/kubectl-logs.md
-  - k8s/logs-cli.md
-  - k8s/namespaces.md
-  - k8s/yamldeploy.md
-  - shared/declarative.md
-  - k8s/declarative.md
-  - k8s/deploymentslideshow.md
-  - k8s/authoring-yaml.md
-  - k8s/setup-overview.md
-  - k8s/setup-devel.md
-  #- k8s/setup-managed.md
-  #- k8s/setup-selfhosted.md
-  - k8s/localkubeconfig.md
-  - k8s/accessinternal.md
-  - k8s/kubectlproxy.md
-  - exercises/localcluster-details.md
- # 3
-  #- k8s/kubectlscale.md
-  - k8s/scalingdockercoins.md
-  - shared/hastyconclusions.md
-  - k8s/daemonset.md
-  - k8s/rollout.md
-  - k8s/healthchecks.md
-  #- k8s/healthchecks-more.md
-  - k8s/dashboard.md
-  - k8s/k9s.md
-  - k8s/tilt.md
-  - exercises/healthchecks-details.md
- # 4
-  - k8s/ingress.md
-  - k8s/ingress-tls.md
-  - k8s/volumes.md
-  #- k8s/exercise-configmap.md
-  #- k8s/build-with-docker.md
-  #- k8s/build-with-kaniko.md
-  - k8s/configuration.md
-  - k8s/secrets.md
-  - k8s/batch-jobs.md
-  - shared/thankyou.md
--- a/slides/3.yml
+++ b/slides/3.yml
@@ -1,36 +0,0 @@
-title: |
-  Packaging d'applications
-  pour Kubernetes
-
-chat: "[Mattermost](https://highfive.container.training/mattermost)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://2022-06-enix.container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- self-paced
-
-content:
- shared/title.md
-#- logistics.md
- k8s/intro.md
- shared/about-slides.md
- shared/prereqs.md
- shared/webssh.md
- shared/connecting.md
-#- shared/chat-room-im.md
-#- shared/chat-room-zoom.md
- shared/toc.md
-
-  - k8s/kustomize.md
-  - k8s/helm-intro.md
-  - k8s/helm-chart-format.md
-  - k8s/helm-create-basic-chart.md
-  - k8s/helm-create-better-chart.md
-  - k8s/helm-dependencies.md
-  - k8s/helm-values-schema-validation.md
-  - k8s/helm-secrets.md
-  - k8s/ytt.md
--- a/slides/4.yml
+++ b/slides/4.yml
@@ -1,66 +0,0 @@
-title: |
-  Kubernetes Avancé
-
-chat: "[Mattermost](https://highfive.container.training/mattermost)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://2022-06-enix.container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- self-paced
-
-content:
- shared/title.md
- logistics.md
- k8s/intro.md
- shared/about-slides.md
- shared/chat-room-im.md
-#- shared/chat-room-zoom.md
- shared/prereqs.md
- shared/webssh.md
- shared/connecting.md
- shared/toc.md
- exercises/sealed-secrets-brief.md
- exercises/kyverno-ingress-domain-name-brief.md
- #1
-  - k8s/demo-apps.md
-  - k8s/netpol.md
-  - k8s/authn-authz.md
-  - k8s/sealed-secrets.md
-  - k8s/cert-manager.md
-  - k8s/cainjector.md
-  - k8s/ingress-tls.md
-  - exercises/sealed-secrets-details.md
- #2
-  - k8s/extending-api.md
-  - k8s/crd.md
-  - k8s/operators.md
-  - k8s/admission.md
-  - k8s/cainjector.md
-  - k8s/kyverno.md
-  - exercises/kyverno-ingress-domain-name-details.md
- #3
-  - k8s/resource-limits.md
-  - k8s/metrics-server.md
-  - k8s/cluster-sizing.md
-  - k8s/horizontal-pod-autoscaler.md
-  - k8s/apiserver-deepdive.md
-  - k8s/aggregation-layer.md
-  - k8s/hpa-v2.md
- #4
-  - k8s/statefulsets.md
-  - k8s/consul.md
-  - k8s/pv-pvc-sc.md
-  - k8s/volume-claim-templates.md
-  #- k8s/eck.md
-  #- k8s/portworx.md
-  - k8s/openebs.md
-  - k8s/stateful-failover.md
-  - k8s/operators-design.md
-  - k8s/operators-example.md
-  - k8s/owners-and-dependents.md
-  - k8s/events.md
-  - k8s/finalizers.md
--- a/slides/5.yml
+++ b/slides/5.yml
@@ -1,58 +0,0 @@
-title: |
-  Opérer Kubernetes
-
-chat: "[Mattermost](https://highfive.container.training/mattermost)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://2022-06-enix.container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- self-paced
-
-content:
- shared/title.md
- logistics.md
- k8s/intro.md
- shared/about-slides.md
- shared/chat-room-im.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
- shared/toc.md
-# DAY 1
-
-  - k8s/prereqs-admin.md
-  - k8s/architecture.md
-  - k8s/deploymentslideshow.md
-  - k8s/dmuc.md
-
-  - k8s/multinode.md
-  - k8s/cni.md
-  - k8s/interco.md
-
-  - k8s/cni-internals.md
-  - k8s/apilb.md
-  - k8s/internal-apis.md
-  - k8s/staticpods.md
-  - k8s/cluster-upgrade.md
-  - k8s/cluster-backup.md
-  #- k8s/cloud-controller-manager.md
-
-  - k8s/control-plane-auth.md
-  - k8s/user-cert.md
-  - k8s/csr-api.md
-  - k8s/openid-connect.md
-  - k8s/pod-security-intro.md
-  - k8s/pod-security-policies.md
-  - k8s/pod-security-admission.md
-  - shared/thankyou.md
-
-  |
-  # (Extra content)
-  - k8s/apiserver-deepdive.md
-  - k8s/setup-overview.md
-  - k8s/setup-devel.md
-  - k8s/setup-managed.md
-  - k8s/setup-selfhosted.md
--- a/slides/_redirects
+++ b/slides/_redirects
@@ -1,7 +1,7 @@
 # Uncomment and/or edit one of the the following lines if necessary.
 #/ /kube-halfday.yml.html 200!
 #/ /kube-fullday.yml.html 200!
-#/ /kube-twodays.yml.html 200!
+/ /kube.yml.html 200!

 # And this allows to do "git clone https://container.training".
 /info/refs service=git-upload-pack https://github.com/jpetazzo/container.training/info/refs?service=git-upload-pack
@@ -23,5 +23,3 @@

 # Survey form
 /please https://docs.google.com/forms/d/e/1FAIpQLSfIYSgrV7tpfBNm1hOaprjnBHgWKn5n-k5vtNXYJkOX1sRxng/viewform
-
-/ /highfive.html 200!
--- a/slides/exercises/netpol-brief.md
+++ b/slides/exercises/netpol-brief.md
@@ -0,0 +1,7 @@
+## Exercise — Network Policies
+
+- Implement a system with 3 levels of security
+
+  (private pods, public pods, namespace pods)
+
+- Apply it to the DockerCoins demo app
--- a/slides/exercises/netpol-details.md
+++ b/slides/exercises/netpol-details.md
@@ -0,0 +1,63 @@
+# Exercise — Network Policies
+
+We want to to implement a generic network security mechanism.
+
+Instead of creating one policy per service, we want to
+create a fixed number of policies, and use a single label
+to indicate the security level of our pods.
+
+Then, when adding a new service to the stack, instead
+of writing a new network policy for that service, we
+only need to add the right label to the pods of that service.
+
+---
+
+## Specifications
+
+We will use the label `security` to classify our pods.
+
+- If `security=private`:
+
+  *the pod shouldn't accept any traffic*
+
+- If `security=public`:
+
+  *the pod should accept all traffic*
+
+- If `security=namespace`:
+
+  *the pod should only accept connections coming from the same namespace*
+
+If `security` isn't set, assume it's `private`.
+
+---
+
+## Test setup
+
+- Deploy a copy of the DockerCoins app in a new namespace
+
+- Modify the pod templates so that:
+
+  - `webui` has `security=public`
+
+  - `worker` has `security=private`
+
+  - `hasher`, `redis`, `rng` have `security=namespace`
+
+---
+
+## Implement and test policies
+
+- Write the network policies
+
+  (feel free to draw inspiration from the ones we've seen so far)
+
+- Check that:
+
+  - you can connect to the `webui` from outside the cluster
+
+  - the application works correctly (shows 3-4 hashes/second)
+
+  - you cannot connect to the `hasher`, `redis`, `rng` services
+
+  - you cannot connect or even ping the `worker` pods
--- a/slides/exercises/rbac-brief.md
+++ b/slides/exercises/rbac-brief.md
@@ -0,0 +1,9 @@
+## Exercise — RBAC
+
+- Create two namespaces for users `alice` and `bob`
+
+- Give each user full access to their own namespace
+
+- Give each user read-only access to the other's namespace
+
+- Let `alice` view the nodes of the cluster as well
--- a/slides/exercises/rbac-details.md
+++ b/slides/exercises/rbac-details.md
@@ -0,0 +1,97 @@
+# Exercise — RBAC
+
+We want to:
+
+- Create two namespaces for users `alice` and `bob`
+
+- Give each user full access to their own namespace
+
+- Give each user read-only access to the other's namespace
+
+- Let `alice` view the nodes of the cluster as well
+
+---
+
+## Initial setup
+
+- Create two namespaces named `alice` and `bob`
+
+- Check that if we impersonate Alice, we can't access her namespace yet:
+  ```bash
+  kubectl --as alice get pods --namespace alice
+  ```
+
+---
+
+## Access for Alice
+
+- Grant Alice full access to her own namespace
+
+  (you can use a pre-existing Cluster Role)
+
+- Check that Alice can create stuff in her namespace:
+  ```bash
+  kubectl --as alice create deployment hello --image nginx --namespace alice
+  ```
+
+- But that she can't create stuff in Bob's namespace:
+  ```bash
+  kubectl --as alice create deployment hello --image nginx --namespace bob
+  ```
+
+---
+
+## Access for Bob
+
+- Similarly, grant Bob full access to his own namespace
+
+- Check that Bob can create stuff in his namespace:
+  ```bash
+  kubectl --as bob create deployment hello --image nginx --namespace bob
+  ```
+
+- But that he can't create stuff in Alice's namespace:
+  ```bash
+  kubectl --as bob create deployment hello --image nginx --namespace alice
+  ```
+
+---
+
+## Read-only access
+
+- Now, give Alice read-only access to Bob's namespace
+
+- Check that Alice can view Bob's stuff:
+  ```bash
+  kubectl --as alice get pods --namespace bob
+  ```
+
+- But that she can't touch this:
+  ```bash
+  kubectl --as alice delete pods --namespace bob --all
+  ```
+
+- Likewise, give Bob read-only access to Alice's namespace
+
+---
+
+## Nodes
+
+- Give Alice read-only access to the cluster nodes
+
+  (this will require creating a custom Cluster Role)
+
+- Check that Alice can view the nodes:
+  ```bash
+  kubectl --as alice get nodes
+  ```
+
+- But that Bob cannot:
+  ```bash
+  kubectl --as bob get nodes
+  ```
+
+- And that Alice can't update nodes:
+  ```bash
+  kubectl --as alice label nodes --all hello=world
+  ```
--- a/slides/highfive.html
+++ b/slides/highfive.html
@@ -1,111 +0,0 @@
-<?xml version="1.0"?>
-<html>
-  <head>
-    <style>
-      td { 
-        background: #ccc; 
-        padding: 1em;
-      }
-</style>
-  </head>
-  <body>
-    <table>
-      <tr>
-        <td>Mardi 7 juin 2022</td>
-        <td>
-          <a href="1.yml.html">Docker Intensif</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mercredi 8 juin 2022</td>
-        <td>
-          <a href="1.yml.html">Docker Intensif</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Jeudi 9 juin 2022</td>
-        <td>
-          <a href="1.yml.html">Docker Intensif</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Vendredi 10 juin 2022</td>
-        <td>
-          <a href="1.yml.html">Docker Intensif</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Lundi 13 juin 2022</td>
-        <td>
-          <a href="2.yml.html">Fondamentaux Kubernetes</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mardi 14 juin 2022</td>
-        <td>
-          <a href="2.yml.html">Fondamentaux Kubernetes</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mercredi 15 juin 2022</td>
-        <td>
-          <a href="2.yml.html">Fondamentaux Kubernetes</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Jeudi 16 juin 2022</td>
-        <td>
-          <a href="2.yml.html">Fondamentaux Kubernetes</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Lundi 20 juin 2022</td>
-        <td>
-          <a href="4.yml.html">Kubernetes Avancé</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mardi 21 juin 2022</td>
-        <td>
-          <a href="4.yml.html">Kubernetes Avancé</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mercredi 22 juin 2022</td>
-        <td>
-          <a href="4.yml.html">Kubernetes Avancé</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Jeudi 23 juin 2022</td>
-        <td>
-          <a href="4.yml.html">Kubernetes Avancé</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Lundi 27 juin 2022</td>
-        <td>
-          <a href="3.yml.html">Packaging d'applications pour Kubernetes</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mardi 28 juin 2022</td>
-        <td>
-          <a href="3.yml.html">Packaging d'applications pour Kubernetes</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mercredi 29 juin 2022</td>
-        <td>
-          <a href="5.yml.html">Opérer Kubernetes</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Jeudi 30 juin 2022</td>
-        <td>
-          <a href="5.yml.html">Opérer Kubernetes</a>
-        </td>
-      </tr>
-    </table>
-  </body>
-</html>
--- a/slides/intro-fullday.yml
+++ b/slides/intro-fullday.yml
@@ -1,71 +0,0 @@
-title: |
-  Introduction
-  to Containers
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- self-paced
-
-content:
- shared/title.md
- logistics.md
- containers/intro.md
- shared/about-slides.md
- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
- shared/toc.md
-
-  #- containers/Docker_Overview.md
-  #- containers/Docker_History.md
-  - containers/Training_Environment.md
-  #- containers/Installing_Docker.md
-  - containers/First_Containers.md
-  - containers/Background_Containers.md
-  #- containers/Start_And_Attach.md
-  - containers/Naming_And_Inspecting.md
-  #- containers/Labels.md
-  - containers/Getting_Inside.md
-  - containers/Initial_Images.md
-
-  - containers/Building_Images_Interactively.md
-  - containers/Building_Images_With_Dockerfiles.md
-  - containers/Cmd_And_Entrypoint.md
-  - containers/Copying_Files_During_Build.md
-  - containers/Exercise_Dockerfile_Basic.md
-
-  - containers/Container_Networking_Basics.md
-  #- containers/Network_Drivers.md
-  - containers/Local_Development_Workflow.md
-  - containers/Container_Network_Model.md
-  - containers/Compose_For_Dev_Stacks.md
-  - containers/Exercise_Composefile.md
-
-  - containers/Multi_Stage_Builds.md
-  #- containers/Publishing_To_Docker_Hub.md
-  - containers/Dockerfile_Tips.md
-  - containers/Exercise_Dockerfile_Advanced.md
-  #- containers/Docker_Machine.md
-  #- containers/Advanced_Dockerfiles.md
-  #- containers/Buildkit.md
-  #- containers/Init_Systems.md
-  #- containers/Application_Configuration.md
-  #- containers/Logging.md
-  #- containers/Namespaces_Cgroups.md
-  #- containers/Copy_On_Write.md
-  #- containers/Containers_From_Scratch.md
-  #- containers/Container_Engines.md
-  #- containers/Pods_Anatomy.md
-  #- containers/Ecosystem.md
-  #- containers/Orchestration_Overview.md
-  - shared/thankyou.md
-  - containers/links.md
--- a/slides/intro-selfpaced.yml
+++ b/slides/intro-selfpaced.yml
@@ -1,72 +0,0 @@
-title: |
-  Introduction
-  to Containers
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- in-person
-
-content:
- shared/title.md
-# - shared/logistics.md
- containers/intro.md
- shared/about-slides.md
-#- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
- shared/toc.md
- - containers/Docker_Overview.md
-  - containers/Docker_History.md
-  - containers/Training_Environment.md
-  - containers/Installing_Docker.md
-  - containers/First_Containers.md
-  - containers/Background_Containers.md
-  - containers/Start_And_Attach.md
- - containers/Initial_Images.md
-  - containers/Building_Images_Interactively.md
-  - containers/Building_Images_With_Dockerfiles.md
-  - containers/Cmd_And_Entrypoint.md
-  - containers/Copying_Files_During_Build.md
-  - containers/Exercise_Dockerfile_Basic.md
- - containers/Multi_Stage_Builds.md
-  - containers/Publishing_To_Docker_Hub.md
-  - containers/Dockerfile_Tips.md
-  - containers/Exercise_Dockerfile_Advanced.md
- - containers/Naming_And_Inspecting.md
-  - containers/Labels.md
-  - containers/Getting_Inside.md
- - containers/Container_Networking_Basics.md
-  - containers/Network_Drivers.md
-  - containers/Container_Network_Model.md
-  #- containers/Connecting_Containers_With_Links.md
-  - containers/Ambassadors.md
- - containers/Local_Development_Workflow.md
-  - containers/Windows_Containers.md
-  - containers/Working_With_Volumes.md
-  - containers/Compose_For_Dev_Stacks.md
-  - containers/Exercise_Composefile.md
-  - containers/Docker_Machine.md
- - containers/Advanced_Dockerfiles.md
-  - containers/Buildkit.md
-  - containers/Init_Systems.md
-  - containers/Application_Configuration.md
-  - containers/Logging.md
-  - containers/Resource_Limits.md
- - containers/Namespaces_Cgroups.md
-  - containers/Copy_On_Write.md
-  #- containers/Containers_From_Scratch.md
- - containers/Container_Engines.md
-  - containers/Pods_Anatomy.md
-  - containers/Ecosystem.md
-  - containers/Orchestration_Overview.md
-  - shared/thankyou.md
-  - containers/links.md
--- a/slides/intro-twodays.yml
+++ b/slides/intro-twodays.yml
@@ -1,80 +0,0 @@
-title: |
-  Introduction
-  to Containers
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- self-paced
-
-content:
- shared/title.md
- logistics.md
- containers/intro.md
- shared/about-slides.md
- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
- shared/toc.md
- # DAY 1
-  - containers/Docker_Overview.md
-  #- containers/Docker_History.md
-  - containers/Training_Environment.md
-  - containers/First_Containers.md
-  - containers/Background_Containers.md
-  - containers/Initial_Images.md
-
-  - containers/Building_Images_Interactively.md
-  - containers/Building_Images_With_Dockerfiles.md
-  - containers/Cmd_And_Entrypoint.md
-  - containers/Copying_Files_During_Build.md
-  - containers/Exercise_Dockerfile_Basic.md
-
-  - containers/Dockerfile_Tips.md
-  - containers/Multi_Stage_Builds.md
-  - containers/Publishing_To_Docker_Hub.md
-  - containers/Exercise_Dockerfile_Advanced.md
-
-  - containers/Naming_And_Inspecting.md
-  - containers/Labels.md
-  - containers/Start_And_Attach.md
-  - containers/Getting_Inside.md
-  - containers/Resource_Limits.md
- # DAY 2
-  - containers/Container_Networking_Basics.md
-  - containers/Network_Drivers.md
-  - containers/Container_Network_Model.md
-
-  - containers/Local_Development_Workflow.md
-  - containers/Working_With_Volumes.md
-  - containers/Compose_For_Dev_Stacks.md
-  - containers/Exercise_Composefile.md
-
-  - containers/Installing_Docker.md
-  - containers/Container_Engines.md
-  - containers/Init_Systems.md
-  - containers/Advanced_Dockerfiles.md
-  - containers/Buildkit.md
-
-  - containers/Application_Configuration.md
-  - containers/Logging.md
-  - containers/Orchestration_Overview.md
-
-  - shared/thankyou.md
-  - containers/links.md
-#-
-  #- containers/Docker_Machine.md
-  #- containers/Ambassadors.md
-  #- containers/Namespaces_Cgroups.md
-  #- containers/Copy_On_Write.md
-  #- containers/Containers_From_Scratch.md
-  #- containers/Pods_Anatomy.md
-  #- containers/Ecosystem.md
--- a/slides/k8s/authn-authz.md
+++ b/slides/k8s/authn-authz.md
@@ -246,7 +246,7 @@ class: extra-details

  (they don't require hand-editing a file and restarting the API server)

- A service account is associated with a set of secrets
+- A service account can be associated with a set of secrets

  (the kind that you can view with `kubectl get secrets`)

@@ -256,6 +256,28 @@ class: extra-details

 ---

+## Service account tokens evolution
+
+- In Kubernetes 1.21 and above, pods use *bound service account tokens*:
+
+  - these tokens are *bound* to a specific object (e.g. a Pod)
+
+  - they are automatically invalidated when the object is deleted
+
+  - these tokens also expire quickly (e.g. 1 hour) and gets rotated automatically
+
+- In Kubernetes 1.24 and above, unbound tokens aren't created automatically
+
+  - before 1.24, we would see unbound tokens with `kubectl get secrets`
+
+  - with 1.24 and above, these tokens can be created with `kubectl create token`
+
+  - ...or with a Secret with the right [type and annotation][create-token]
+
+[create-token]: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#to-create-additional-api-tokens
+
+---
+
 class: extra-details

 ## Checking our authentication method
@@ -390,6 +412,10 @@ class: extra-details

 It should be named `default-token-XXXXX`.

+When running Kubernetes 1.24 and above, this Secret won't exist.
+<br/>
+Instead, create a token with `kubectl create token default`.
+
 ---

 class: extra-details
--- a/slides/k8s/cluster-upgrade.md
+++ b/slides/k8s/cluster-upgrade.md
@@ -81,7 +81,7 @@

 ## What version are we running anyway?

- When I say, "I'm running Kubernetes 1.18", is that the version of:
+- When I say, "I'm running Kubernetes 1.20", is that the version of:

  - kubectl

@@ -157,15 +157,15 @@

 ## Kubernetes uses semantic versioning

- Kubernetes versions look like MAJOR.MINOR.PATCH; e.g. in 1.18.20:
+- Kubernetes versions look like MAJOR.MINOR.PATCH; e.g. in 1.20.15:

  - MAJOR = 1
-  - MINOR = 18
-  - PATCH = 20
+  - MINOR = 20
+  - PATCH = 15

 - It's always possible to mix and match different PATCH releases

-  (e.g. 1.18.20 and 1.18.15 are compatible)
+  (e.g. 1.20.0 and 1.20.15 are compatible)

 - It is recommended to run the latest PATCH release

@@ -181,9 +181,9 @@

 - All components support a difference of one¹ MINOR version

- This allows live upgrades (since we can mix e.g. 1.18 and 1.19)
+- This allows live upgrades (since we can mix e.g. 1.20 and 1.21)

- It also means that going from 1.18 to 1.20 requires going through 1.19
+- It also means that going from 1.20 to 1.22 requires going through 1.21

 .footnote[¹Except kubelet, which can be up to two MINOR behind API server,
 and kubectl, which can be one MINOR ahead or behind API server.]
@@ -254,7 +254,7 @@ and kubectl, which can be one MINOR ahead or behind API server.]
  sudo vim /etc/kubernetes/manifests/kube-apiserver.yaml
  ```

- Look for the `image:` line, and update it to e.g. `v1.19.0`
+- Look for the `image:` line, and update it to e.g. `v1.24.0`

 ]

@@ -308,11 +308,11 @@ and kubectl, which can be one MINOR ahead or behind API server.]

 ]

-Note 1: kubeadm thinks that our cluster is running 1.19.0.
+Note 1: kubeadm thinks that our cluster is running 1.24.0.
 <br/>It is confused by our manual upgrade of the API server!

-Note 2: kubeadm itself is still version 1.18.20..
-<br/>It doesn't know how to upgrade do 1.19.X.
+Note 2: kubeadm itself is still version 1.20.15..
+<br/>It doesn't know how to upgrade do 1.21.X.

 ---

@@ -335,28 +335,28 @@ Note 2: kubeadm itself is still version 1.18.20..
 ]

 Problem: kubeadm doesn't know know how to handle
-upgrades from version 1.18.
+upgrades from version 1.20.

-This is because we installed version 1.22 (or even later).
+This is because we installed version 1.24 (or even later).

-We need to install kubeadm version 1.19.X.
+We need to install kubeadm version 1.21.X.

 ---

 ## Downgrading kubeadm

- We need to go back to version 1.19.X.
+- We need to go back to version 1.21.X.

 .lab[

 - View available versions for package `kubeadm`:
  ```bash
-  apt show kubeadm -a | grep ^Version | grep 1.19
+  apt show kubeadm -a | grep ^Version | grep 1.21
  ```

 - Downgrade kubeadm:
  ```
-  sudo apt install kubeadm=1.19.8-00
+  sudo apt install kubeadm=1.21.0-00
  ```

 - Check what kubeadm tells us:
@@ -366,7 +366,7 @@ We need to install kubeadm version 1.19.X.

 ]

-kubeadm should now agree to upgrade to 1.19.8.
+kubeadm should now agree to upgrade to 1.21.X.

 ---

@@ -464,9 +464,9 @@ kubeadm should now agree to upgrade to 1.19.8.
  ```bash
    for N in 1 2 3; do
      ssh oldversion$N "
-        sudo apt install kubeadm=1.19.8-00 &&
+        sudo apt install kubeadm=1.21.14-00 &&
        sudo kubeadm upgrade node &&
-        sudo apt install kubelet=1.19.8-00"
+        sudo apt install kubelet=1.21.14-00"
    done
  ```
 ]
@@ -475,7 +475,7 @@ kubeadm should now agree to upgrade to 1.19.8.

 ## Checking what we've done

- All our nodes should now be updated to version 1.19.8
+- All our nodes should now be updated to version 1.21.14

 .lab[

@@ -492,7 +492,7 @@ class: extra-details

 ## Skipping versions

- This example worked because we went from 1.18 to 1.19
+- This example worked because we went from 1.20 to 1.21

 - If you are upgrading from e.g. 1.16, you will have to go through 1.17 first

--- a/slides/k8s/crd.md
+++ b/slides/k8s/crd.md
@@ -14,22 +14,20 @@

 ## Creating a CRD

- We will create a CRD to represent the different species of coffee
+- We will create a CRD to represent different recipes of pizzas

-  (arabica, liberica, and robusta)
+- We will be able to run `kubectl get pizzas` and it will list the recipes

- We will be able to run `kubectl get coffees` and it will list the species
+- Creating/deleting recipes won't do anything else

- Then we can label, edit, etc. the species to attach some information
-
-  (e.g. the taste profile of the coffee, or whatever we want)
+  (because we won't implement a *controller*)

 ---

-## First shot of coffee
+## First slice of pizza

 ```yaml
-@@INCLUDE[k8s/coffee-1.yaml]
+@@INCLUDE[k8s/pizza-1.yaml]
 ```

 ---
@@ -48,9 +46,9 @@

 ---

-## Second shot of coffee
+## Second slice of pizza

- The next slide will show file @@LINK[k8s/coffee-2.yaml]
+- The next slide will show file @@LINK[k8s/pizza-2.yaml]

 - Note the `spec.versions` list

@@ -65,20 +63,20 @@
 ---

 ```yaml
-@@INCLUDE[k8s/coffee-2.yaml]
+@@INCLUDE[k8s/pizza-2.yaml]
 ```

 ---

-## Creating our Coffee CRD
+## Baking some pizza

- Let's create the Custom Resource Definition for our Coffee resource
+- Let's create the Custom Resource Definition for our Pizza resource

 .lab[

 - Load the CRD:
  ```bash
-  kubectl apply -f ~/container.training/k8s/coffee-2.yaml
+  kubectl apply -f ~/container.training/k8s/pizza-2.yaml
  ```

 - Confirm that it shows up:
@@ -95,19 +93,19 @@
 The YAML below defines a resource using the CRD that we just created:

 ```yaml
-kind: Coffee
+kind: Pizza
 apiVersion: container.training/v1alpha1
 metadata:
-  name: arabica
+  name: napolitana
 spec:
-  taste: strong
+  toppings: [ mozzarella ]
 ```

 .lab[

- Try to create a few types of coffee beans:
+- Try to create a few pizza recipes:
  ```bash
-  kubectl apply -f ~/container.training/k8s/coffees.yaml
+  kubectl apply -f ~/container.training/k8s/pizzas.yaml
  ```

 ]
@@ -116,15 +114,39 @@ spec:

 ## Type validation

- Older versions of Kubernetes will accept our coffee beans as is
+- Older versions of Kubernetes will accept our pizza definition as is

 - Newer versions, however, will issue warnings about unknown fields

-  (and if we turn off validation, these fields will simply be dropped)
+  (and if we use `--validate=false`, these fields will simply be dropped)

 - We need to improve our OpenAPI schema

-  (to add e.g. the `spec.taste` field used by our coffee resources)
+  (to add e.g. the `spec.toppings` field used by our pizza resources)
+
+---
+
+## Third slice of pizza
+
+- Let's add a full OpenAPI v3 schema to our Pizza CRD
+
+- We'll require a field `spec.sauce` which will be a string
+
+- And a field `spec.toppings` which will have to be a list of strings
+
+.lab[
+
+- Update our pizza CRD:
+  ```bash
+  kubectl apply -f ~/container.training/k8s/pizza-3.yaml
+  ```
+
+- Load our pizza recipes:
+  ```bash
+  kubectl apply -f ~/container.training/k8s/pizzas.yaml
+  ```
+
+]

 ---

@@ -134,91 +156,48 @@ spec:

 .lab[

- View the coffee beans that we just created:
+- View the pizza recipes that we just created:
  ```bash
-  kubectl get coffees
+  kubectl get pizzas
  ```

 ]

- We'll see in a bit how to improve that
-
---
-
-## What can we do with CRDs?
-
-There are many possibilities!
-
- *Operators* encapsulate complex sets of resources
-
-  (e.g.: a PostgreSQL replicated cluster; an etcd cluster...
-  <br/>
-  see [awesome operators](https://github.com/operator-framework/awesome-operators) and
-  [OperatorHub](https://operatorhub.io/) to find more)
-
- Custom use-cases like [gitkube](https://gitkube.sh/)
-
-  - creates a new custom type, `Remote`, exposing a git+ssh server
-
-  - deploy by pushing YAML or Helm charts to that remote
-
- Replacing built-in types with CRDs
-
-  (see [this lightning talk by Tim Hockin](https://www.youtube.com/watch?v=ji0FWzFwNhA))
-
---
-
-## What's next?
-
- Creating a basic CRD is quick and easy
-
- But there is a lot more that we can (and probably should) do:
-
-  - improve input with *data validation*
-
-  - improve output with *custom columns*
-
- And of course, we probably need a *controller* to go with our CRD!
-
-  (otherwise, we're just using the Kubernetes API as a fancy data store)
+- Let's see how we can improve that display!

 ---

 ## Additional printer columns

- We can specify `additionalPrinterColumns` in the CRD
-
- This is similar to `-o custom-columns`
-
-  (map a column name to a path in the object, e.g. `.spec.taste`)
-
-```yaml
+- We can tell Kubernetes which columns to show:
+  ```yaml
    additionalPrinterColumns:
-    - jsonPath: .spec.taste
-      description: Subjective taste of that kind of coffee bean
-      name: Taste
+    - jsonPath: .spec.sauce
+      name: Sauce
      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-```
+    - jsonPath: .spec.toppings
+      name: Toppings
+      type: string
+  ```
+
+- There is an updated CRD in @@LINK[k8s/pizza-4.yaml]

 ---

 ## Using additional printer columns

- Let's update our CRD using @@LINK[k8s/coffee-3.yaml]
+- Let's update our CRD!

 .lab[

 - Update the CRD:
  ```bash
-  kubectl apply -f ~/container.training/k8s/coffee-3.yaml
+  kubectl apply -f ~/container.training/k8s/pizza-4.yaml
  ```

- Look at our Coffee resources:
+- Look at our Pizza resources:
  ```bash
-  kubectl get coffees
+  kubectl get pizzas
  ```

 ]
@@ -229,50 +208,26 @@ Note: we can update a CRD without having to re-create the corresponding resource

 ---

-## Data validation
+## Better data validation

- CRDs are validated with the OpenAPI v3 schema that we specify
+- Let's change the data schema so that the sauce can only be `red` or `white`

-  (with older versions of the API, when the schema was optional,
-  <br/>
-  no schema = no validation at all)
+- This will be implemented by @@LINK[k8s/pizza-5.yaml]

- Otherwise, we can put anything we want in the `spec`
+.lab[

- More advanced validation can also be done with admission webhooks, e.g.:
+- Update the Pizza CRD:
+  ```bash
+  kubectl apply -f ~/container.training/k8s/pizza-5.yaml
+  ```

-  - consistency between parameters
-
-  - advanced integer filters (e.g. odd number of replicas)
-
-  - things that can change in one direction but not the other
-
---
-
-## OpenAPI v3 schema example
-
-This is what we have in @@LINK[k8s/coffee-3.yaml]:
-
-```yaml
-    schema:
-      openAPIV3Schema:
-        type: object
-        required: [ spec ]
-        properties:
-          spec:
-            type: object
-            properties:
-              taste:
-                description: Subjective taste of that kind of coffee bean
-                type: string
-            required: [ taste ]
-```
+]

 ---

 ## Validation *a posteriori*

- Some of the "coffees" that we defined earlier *do not* pass validation
+- Some of the pizzas that we defined earlier *do not* pass validation

 - How is that possible?

@@ -340,15 +295,23 @@ This is what we have in @@LINK[k8s/coffee-3.yaml]:

 ---

-## What's next?
+## Even better data validation

- Generally, when creating a CRD, we also want to run a *controller*
+- If we need more complex data validation, we can use a validating webhook

-  (otherwise nothing will happen when we create resources of that type)
+- Use cases:

- The controller will typically *watch* our custom resources
+  - validating a "version" field for a database engine

-  (and take action when they are created/updated)
+  - validating that the number of e.g. coordination nodes is even
+
+  - preventing inconsistent or dangerous changes
+    <br/>
+    (e.g. major version downgrades)
+
+  - checking a key or certificate format or validity
+
+  - and much more!

 ---

@@ -390,6 +353,24 @@ This is what we have in @@LINK[k8s/coffee-3.yaml]:

  (unrelated to containers, clusters, etc.)

+---
+
+## What's next?
+
+- Creating a basic CRD is relatively straightforward
+
+- But CRDs generally require a *controller* to do anything useful
+
+- The controller will typically *watch* our custom resources
+
+  (and take action when they are created/updated)
+
+- Most serious use-cases will also require *validation web hooks*
+
+- When our CRD data format evolves, we'll also need *conversion web hooks*
+
+- Doing all that work manually is tedious; use a framework!
+
 ???

 :EN:- Custom Resource Definitions (CRDs)
--- a/slides/k8s/helm-secrets.md
+++ b/slides/k8s/helm-secrets.md
@@ -167,7 +167,7 @@ Let's try one more round of decoding!

 --

-... OK, that was *a lot* of binary data. What sould we do with it?
+... OK, that was *a lot* of binary data. What should we do with it?

 ---

--- a/slides/k8s/resource-limits.md
+++ b/slides/k8s/resource-limits.md
@@ -701,6 +701,10 @@ class: extra-details

  - generates web reports on resource usage

+- [nsinjector](https://github.com/blakelead/nsinjector)
+
+  - controller to automatically populate a Namespace when it is created
+
 ???

 :EN:- Setting compute resource limits
--- a/slides/k8s/rollout.md
+++ b/slides/k8s/rollout.md
@@ -1,14 +1,18 @@
 # Rolling updates

- By default (without rolling updates), when a scaled resource is updated:
+- How should we update a running application?

-  - new pods are created
+- Strategy 1: delete old version, then deploy new version

-  - old pods are terminated
+  (not great, because it obviously provokes downtime!)

-  - ... all at the same time
+- Strategy 2: deploy new version, then delete old version

-  - if something goes wrong, ¯\\\_(ツ)\_/¯
+  (uses a lot of resources; also how do we shift traffic?)
+
+- Strategy 3: replace running pods one at a time
+
+  (sounds interesting; and good news, Kubernetes does it for us!)

 ---

--- a/slides/kadm-fullday.yml
+++ b/slides/kadm-fullday.yml
@@ -1,62 +0,0 @@
-title: |
-  Kubernetes
-  for Admins and Ops
-
-#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-chat: "In person!"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- self-paced
- static-pods-exercise
-
-content:
- shared/title.md
- logistics.md
- k8s/intro.md
- shared/about-slides.md
- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
- shared/toc.md
-
-  - k8s/prereqs-admin.md
-  - k8s/architecture.md
-  #- k8s/internal-apis.md
-  - k8s/deploymentslideshow.md
-  - k8s/dmuc.md
-
-  - k8s/multinode.md
-  - k8s/cni.md
-  - k8s/cni-internals.md
-  - k8s/interco.md
-
-  - k8s/apilb.md
-  #- k8s/setup-overview.md
-  #- k8s/setup-devel.md
-  #- k8s/setup-managed.md
-  #- k8s/setup-selfhosted.md
-  - k8s/cluster-upgrade.md
-  - k8s/cluster-backup.md
-  - k8s/staticpods.md
-
-  #- k8s/cloud-controller-manager.md
-  #- k8s/bootstrap.md  
-  - k8s/control-plane-auth.md
-  - k8s/pod-security-intro.md
-  - k8s/pod-security-policies.md
-  - k8s/pod-security-admission.md
-  - k8s/user-cert.md
-  - k8s/csr-api.md
-  - k8s/openid-connect.md
-
-  #- k8s/lastwords-admin.md
-  - k8s/links.md
-  - shared/thankyou.md
--- a/slides/kadm-twodays.yml
+++ b/slides/kadm-twodays.yml
@@ -1,92 +0,0 @@
-title: |
-  Kubernetes
-  for administrators
-  and operators
-
-#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-chat: "In person!"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- self-paced
-
-content:
- shared/title.md
- logistics.md
- k8s/intro.md
- shared/about-slides.md
- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
- shared/toc.md
-# DAY 1
- - k8s/prereqs-admin.md
-  - k8s/architecture.md
-  - k8s/internal-apis.md
-  - k8s/deploymentslideshow.md
-  - k8s/dmuc.md
- - k8s/multinode.md
-  - k8s/cni.md
-  - k8s/cni-internals.md
-  - k8s/interco.md
- - k8s/apilb.md
-  - k8s/setup-overview.md
-  #- k8s/setup-devel.md
-  - k8s/setup-managed.md
-  - k8s/setup-selfhosted.md
-  - k8s/cluster-upgrade.md
-  - k8s/staticpods.md
- - k8s/cluster-backup.md
-  - k8s/cloud-controller-manager.md
-  - k8s/healthchecks.md
-  - k8s/healthchecks-more.md
-# DAY 2
- - k8s/kubercoins.md
-  - k8s/logs-cli.md
-  - k8s/logs-centralized.md
-  - k8s/authn-authz.md
-  - k8s/user-cert.md
-  - k8s/csr-api.md
- - k8s/openid-connect.md
-  - k8s/control-plane-auth.md
-  ###- k8s/bootstrap.md
-  - k8s/netpol.md
-  - k8s/pod-security-intro.md
-  - k8s/pod-security-policies.md
-  - k8s/pod-security-admission.md
- - k8s/resource-limits.md
-  - k8s/metrics-server.md
-  - k8s/cluster-sizing.md
-  - k8s/horizontal-pod-autoscaler.md
- - k8s/prometheus.md
-  #- k8s/prometheus-stack.md
-  - k8s/extending-api.md
-  - k8s/crd.md
-  - k8s/operators.md
-  - k8s/eck.md
-  ###- k8s/operators-design.md
-  ###- k8s/operators-example.md
-# CONCLUSION
- - k8s/lastwords.md
-  - k8s/links.md
-  - shared/thankyou.md
-  - |
-    # (All content after this slide is bonus material)
-# EXTRA
- - k8s/volumes.md
-  - k8s/configuration.md
-  - k8s/secrets.md
-  - k8s/statefulsets.md
-  - k8s/consul.md
-  - k8s/pv-pvc-sc.md
-  - k8s/volume-claim-templates.md
-  #- k8s/portworx.md
-  - k8s/openebs.md
-  - k8s/stateful-failover.md
--- a/slides/kube-adv.yml
+++ b/slides/kube-adv.yml
@@ -1,89 +0,0 @@
-title: |
-  Advanced
-  Kubernetes
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- self-paced
-
-content:
- shared/title.md
- logistics.md
- k8s/intro.md
- shared/about-slides.md
-#- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
- shared/toc.md
- #1
-  - k8s/prereqs-admin.md
-  - k8s/architecture.md
-  - k8s/internal-apis.md
-  - k8s/deploymentslideshow.md
-  - k8s/dmuc.md
- #2
-  - k8s/multinode.md
-  - k8s/cni.md
-  - k8s/interco.md
- #3
-  - k8s/cni-internals.md
-  - k8s/apilb.md
-  - k8s/control-plane-auth.md
-  - |
-    # (Extra content)
-  - k8s/staticpods.md
-  - k8s/cluster-upgrade.md
- #4
-  - k8s/kustomize.md
-  - k8s/helm-intro.md
-  - k8s/helm-chart-format.md
-  - k8s/helm-create-basic-chart.md
-  - |
-    # (Extra content)
-  - k8s/helm-create-better-chart.md
-  - k8s/helm-dependencies.md
-  - k8s/helm-values-schema-validation.md
-  - k8s/helm-secrets.md
-  - k8s/ytt.md
- #5
-  - k8s/extending-api.md
-  - k8s/operators.md
-  - k8s/sealed-secrets.md
-  - k8s/crd.md
- #6
-  - k8s/ingress-tls.md
-  - k8s/ingress-advanced.md
-  - k8s/cert-manager.md
-  - k8s/cainjector.md
-  - k8s/eck.md
- #7
-  - k8s/admission.md
-  - k8s/kyverno.md
- #8
-  - k8s/aggregation-layer.md
-  - k8s/metrics-server.md
-  - k8s/prometheus.md
-  - k8s/prometheus-stack.md
-  - k8s/hpa-v2.md
- #9
-  - k8s/operators-design.md
-  - k8s/operators-example.md
-  - k8s/kubebuilder.md
-  - k8s/events.md
-  - k8s/finalizers.md
-  - |
-    # (Extra content)
-  - k8s/owners-and-dependents.md
-  - k8s/apiserver-deepdive.md
-  #- k8s/record.md
-  - shared/thankyou.md
-
--- a/slides/kube-fullday.yml
+++ b/slides/kube-fullday.yml
@@ -1,134 +0,0 @@
-title: |
-  Deploying and Scaling Microservices
-  with Kubernetes
-
-#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-chat: "In person!"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- self-paced
-
-content:
- shared/title.md
- logistics.md
- k8s/intro.md
- shared/about-slides.md
- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
- shared/toc.md
-
-  - shared/prereqs.md
-  #- shared/webssh.md
-  - shared/connecting.md
-  #- k8s/versions-k8s.md
-  - shared/sampleapp.md
-  #- shared/composescale.md
-  #- shared/hastyconclusions.md
-  - shared/composedown.md
-  - k8s/concepts-k8s.md
-  - k8s/kubectlget.md
-
-  - k8s/kubectl-run.md
-  #- k8s/batch-jobs.md
-  - shared/declarative.md
-  - k8s/declarative.md
-  - k8s/deploymentslideshow.md
-  - k8s/kubenet.md
-  - k8s/kubectlexpose.md
-  - k8s/shippingimages.md
-  #- k8s/buildshiprun-selfhosted.md
-  - k8s/buildshiprun-dockerhub.md
-  - k8s/ourapponkube.md
-  #- k8s/exercise-wordsmith.md
-
-  - k8s/labels-annotations.md
-  - k8s/kubectl-logs.md
-  - k8s/logs-cli.md
-  - k8s/namespaces.md
-  - k8s/yamldeploy.md
-  - k8s/setup-overview.md
-  - k8s/setup-devel.md
-  #- k8s/setup-managed.md
-  #- k8s/setup-selfhosted.md
-
-  - k8s/dashboard.md
-  - k8s/rollout.md
-  - k8s/healthchecks.md
-  - k8s/ingress.md
-  #- k8s/volumes.md
-  - k8s/configuration.md
-  - k8s/secrets.md
-  - k8s/openebs.md
-  #- k8s/k9s.md
-  #- k8s/tilt.md
-  #- k8s/kubectlscale.md
-  #- k8s/scalingdockercoins.md
-  #- shared/hastyconclusions.md
-  #- k8s/daemonset.md
-  #- k8s/authoring-yaml.md
-  #- k8s/exercise-yaml.md
-  #- k8s/localkubeconfig.md
-  #- k8s/access-eks-cluster.md
-  #- k8s/accessinternal.md
-  #- k8s/kubectlproxy.md
-  #- k8s/healthchecks-more.md
-  #- k8s/record.md
-  #- k8s/ingress-tls.md
-  #- k8s/kustomize.md
-  #- k8s/helm-intro.md
-  #- k8s/helm-chart-format.md
-  #- k8s/helm-create-basic-chart.md
-  #- k8s/helm-create-better-chart.md
-  #- k8s/helm-dependencies.md
-  #- k8s/helm-values-schema-validation.md
-  #- k8s/helm-secrets.md
-  #- k8s/exercise-helm.md
-  #- k8s/ytt.md
-  #- k8s/gitlab.md
-  #- k8s/create-chart.md
-  #- k8s/create-more-charts.md
-  #- k8s/netpol.md
-  #- k8s/authn-authz.md
-  #- k8s/user-cert.md
-  #- k8s/csr-api.md
-  #- k8s/openid-connect.md
-  #- k8s/pod-security-intro.md
-  #- k8s/pod-security-policies.md
-  #- k8s/pod-security-admission.md
-  #- k8s/exercise-configmap.md
-  #- k8s/build-with-docker.md
-  #- k8s/build-with-kaniko.md
-  #- k8s/logs-centralized.md
-  #- k8s/prometheus.md
-  #- k8s/prometheus-stack.md
-  #- k8s/statefulsets.md
-  #- k8s/consul.md
-  #- k8s/pv-pvc-sc.md
-  #- k8s/volume-claim-templates.md
-  #- k8s/portworx.md
-  #- k8s/openebs.md
-  #- k8s/stateful-failover.md
-  #- k8s/extending-api.md
-  #- k8s/crd.md
-  #- k8s/admission.md
-  #- k8s/operators.md
-  #- k8s/operators-design.md
-  #- k8s/operators-example.md
-  #- k8s/staticpods.md
-  #- k8s/finalizers.md
-  #- k8s/owners-and-dependents.md
-  #- k8s/gitworkflows.md
-
-  #- k8s/whatsnext.md
-  - k8s/lastwords.md
-  #- k8s/links.md
-  - shared/thankyou.md
--- a/slides/kube-halfday.yml
+++ b/slides/kube-halfday.yml
@@ -1,89 +0,0 @@
-title: |
-  Kubernetes 101
-
-
-#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/training-20180413-paris)"
-chat: "In person!"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- self-paced
-
-content:
- shared/title.md
-#- logistics.md
-# Bridget-specific; others use logistics.md
- logistics-bridget.md
- k8s/intro.md
- shared/about-slides.md
- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
- shared/toc.md
- - shared/prereqs.md
-  #- shared/webssh.md
-  - shared/connecting.md
-  - k8s/versions-k8s.md
-  - shared/sampleapp.md
-# Bridget doesn't go into as much depth with compose
-  #- shared/composescale.md
-  #- shared/hastyconclusions.md
-  - shared/composedown.md
-  - k8s/concepts-k8s.md
-  - shared/declarative.md
-  - k8s/declarative.md
-  - k8s/kubenet.md
-  - k8s/kubectlget.md
-  - k8s/setup-overview.md
-  #- k8s/setup-devel.md
-  #- k8s/setup-managed.md
-  #- k8s/setup-selfhosted.md
- - k8s/kubectl-run.md
-  #- k8s/batch-jobs.md
-  #- k8s/labels-annotations.md
-  - k8s/kubectl-logs.md
-  - k8s/deploymentslideshow.md
-  - k8s/kubectlexpose.md
-  - k8s/shippingimages.md
-  #- k8s/buildshiprun-selfhosted.md
-  - k8s/buildshiprun-dockerhub.md
-  - k8s/ourapponkube.md
-  #- k8s/localkubeconfig.md
-  #- k8s/access-eks-cluster.md
-  #- k8s/accessinternal.md
-  #- k8s/kubectlproxy.md
- - k8s/dashboard.md
-  #- k8s/k9s.md
-  #- k8s/tilt.md
-  #- k8s/kubectlscale.md
-  - k8s/scalingdockercoins.md
-  - shared/hastyconclusions.md
-  - k8s/daemonset.md
-  - k8s/rollout.md
-  #- k8s/record.md
- - k8s/logs-cli.md
-# Bridget hasn't added EFK yet
-  #- k8s/logs-centralized.md
-  - k8s/namespaces.md
-  - k8s/helm-intro.md
-  #- k8s/helm-chart-format.md
-  - k8s/helm-create-basic-chart.md
-  #- k8s/helm-create-better-chart.md
-  #- k8s/helm-dependencies.md
-  #- k8s/helm-values-schema-validation.md
-  #- k8s/helm-secrets.md
-  #- k8s/kustomize.md
-  #- k8s/ytt.md  
-  #- k8s/netpol.md
-  - k8s/whatsnext.md
-#  - k8s/links.md
-# Bridget-specific
-  - k8s/links-bridget.md
-  - shared/thankyou.md
--- a/slides/kube-selfpaced.yml
+++ b/slides/kube-selfpaced.yml
@@ -1,165 +0,0 @@
-title: |
-  Deploying and Scaling Microservices
-  with Docker and Kubernetes
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- in-person
-
-content:
- shared/title.md
-#- logistics.md
- k8s/intro.md
- shared/about-slides.md
-#- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
- shared/toc.md
-
-  - shared/prereqs.md
-  #- shared/webssh.md
-  - shared/connecting.md
-  - k8s/versions-k8s.md
-  - shared/sampleapp.md
-  #- shared/composescale.md
-  #- shared/hastyconclusions.md
-  - shared/composedown.md
-  - k8s/concepts-k8s.md
-
-  - k8s/kubectlget.md
-  - k8s/kubectl-run.md
-  - k8s/batch-jobs.md
-  - k8s/labels-annotations.md
-  - k8s/kubectl-logs.md
-  - k8s/logs-cli.md
-  - shared/declarative.md
-  - k8s/declarative.md
-  - k8s/deploymentslideshow.md
-
-  - k8s/kubenet.md
-  - k8s/kubectlexpose.md
-  - k8s/shippingimages.md
-  - k8s/buildshiprun-selfhosted.md
-  - k8s/buildshiprun-dockerhub.md
-  - k8s/ourapponkube.md
-  #- k8s/exercise-wordsmith.md
-  - k8s/yamldeploy.md
-
-  - k8s/setup-overview.md
-  - k8s/setup-devel.md
-  - k8s/setup-managed.md
-  - k8s/setup-selfhosted.md
-  - k8s/dashboard.md
-  - k8s/k9s.md
-  - k8s/tilt.md
-  #- k8s/kubectlscale.md
-  - k8s/scalingdockercoins.md
-  - shared/hastyconclusions.md
-  - k8s/daemonset.md
-  - k8s/authoring-yaml.md
-  #- k8s/exercise-yaml.md
-
-  - k8s/rollout.md
-  - k8s/healthchecks.md
-  - k8s/healthchecks-more.md
-  - k8s/record.md
-
-  - k8s/namespaces.md
-  - k8s/localkubeconfig.md
-  #- k8s/access-eks-cluster.md
-  - k8s/accessinternal.md
-  - k8s/kubectlproxy.md
-
-  - k8s/ingress.md
-  - k8s/ingress-advanced.md
-  - k8s/ingress-tls.md
-  - k8s/cert-manager.md
-  - k8s/cainjector.md
-  - k8s/kustomize.md
-  - k8s/helm-intro.md
-  - k8s/helm-chart-format.md
-  - k8s/helm-create-basic-chart.md
-  - k8s/helm-create-better-chart.md
-  - k8s/helm-dependencies.md
-  - k8s/helm-values-schema-validation.md
-  - k8s/helm-secrets.md
-  #- k8s/exercise-helm.md
-  - k8s/gitlab.md
-  - k8s/ytt.md
-
-  - k8s/netpol.md
-  - k8s/authn-authz.md
-  - k8s/pod-security-intro.md
-  - k8s/pod-security-policies.md
-  - k8s/pod-security-admission.md
-  - k8s/user-cert.md
-  - k8s/csr-api.md
-  - k8s/openid-connect.md
-  - k8s/control-plane-auth.md
-
-  - k8s/volumes.md
-  #- k8s/exercise-configmap.md
-  - k8s/build-with-docker.md
-  - k8s/build-with-kaniko.md
-
-  - k8s/configuration.md
-  - k8s/secrets.md
-  - k8s/statefulsets.md
-  - k8s/consul.md
-  - k8s/pv-pvc-sc.md
-  - k8s/volume-claim-templates.md
-  - k8s/portworx.md
-  - k8s/openebs.md
-  - k8s/stateful-failover.md
-
-  - k8s/logs-centralized.md
-  - k8s/prometheus.md
-  - k8s/prometheus-stack.md
-  - k8s/resource-limits.md
-  - k8s/metrics-server.md
-  - k8s/cluster-sizing.md
-  - k8s/cluster-autoscaler.md
-  - k8s/horizontal-pod-autoscaler.md
-  - k8s/hpa-v2.md
-
-  - k8s/extending-api.md
-  - k8s/apiserver-deepdive.md
-  - k8s/crd.md
-  - k8s/aggregation-layer.md
-  - k8s/admission.md
-  - k8s/operators.md
-  - k8s/operators-design.md
-  - k8s/operators-example.md
-  - k8s/kubebuilder.md
-  - k8s/sealed-secrets.md
-  - k8s/kyverno.md
-  - k8s/eck.md
-  - k8s/finalizers.md
-  - k8s/owners-and-dependents.md
-  - k8s/events.md
-
-  - k8s/dmuc.md
-  - k8s/multinode.md
-  - k8s/cni.md
-  - k8s/cni-internals.md
-  - k8s/apilb.md
-  - k8s/staticpods.md
-
-  - k8s/cluster-upgrade.md
-  - k8s/cluster-backup.md
-  - k8s/cloud-controller-manager.md
-  - k8s/gitworkflows.md
-
-  - k8s/lastwords.md
-  - k8s/links.md
-  - shared/thankyou.md
--- a/slides/kube-twodays.yml
+++ b/slides/kube-twodays.yml
@@ -1,133 +0,0 @@
-title: |
-  Deploying and Scaling Microservices
-  with Kubernetes
-
-#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-chat: "In person!"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- self-paced
-
-content:
- shared/title.md
- logistics.md
- k8s/intro.md
- shared/about-slides.md
- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
- shared/toc.md
-
-  - shared/prereqs.md
-  #- shared/webssh.md
-  - shared/connecting.md
-  #- k8s/versions-k8s.md
-  - shared/sampleapp.md
-  #- shared/composescale.md
-  #- shared/hastyconclusions.md
-  - shared/composedown.md
-  - k8s/concepts-k8s.md
-  - k8s/kubectlget.md
-
-  - k8s/kubectl-run.md
-  - k8s/batch-jobs.md
-  - k8s/labels-annotations.md
-  - k8s/kubectl-logs.md
-  - k8s/logs-cli.md
-  - shared/declarative.md
-  - k8s/declarative.md
-  - k8s/deploymentslideshow.md
-  - k8s/kubenet.md
-  - k8s/kubectlexpose.md
-  - k8s/shippingimages.md
-  #- k8s/buildshiprun-selfhosted.md
-  - k8s/buildshiprun-dockerhub.md
-  - k8s/ourapponkube.md
-  #- k8s/exercise-wordsmith.md
-
-  - k8s/yamldeploy.md
-  - k8s/setup-overview.md
-  - k8s/setup-devel.md
-  #- k8s/setup-managed.md
-  #- k8s/setup-selfhosted.md
-  - k8s/dashboard.md
-  - k8s/k9s.md
-  #- k8s/tilt.md
-  #- k8s/kubectlscale.md
-  - k8s/scalingdockercoins.md
-  - shared/hastyconclusions.md
-  - k8s/daemonset.md
-  - k8s/authoring-yaml.md
-  #- k8s/exercise-yaml.md
-
-  - k8s/localkubeconfig.md
-  #- k8s/access-eks-cluster.md
-  - k8s/accessinternal.md
-  #- k8s/kubectlproxy.md
-  - k8s/rollout.md
-  - k8s/healthchecks.md
-  #- k8s/healthchecks-more.md
-  - k8s/record.md
-
-  - k8s/namespaces.md
-  - k8s/ingress.md
-  #- k8s/ingress-advanced.md
-  #- k8s/ingress-tls.md
-  - k8s/kustomize.md
-  - k8s/helm-intro.md
-  - k8s/helm-chart-format.md
-  - k8s/helm-create-basic-chart.md
-  - k8s/helm-create-better-chart.md
-  - k8s/helm-dependencies.md
-  - k8s/helm-values-schema-validation.md
-  - k8s/helm-secrets.md
-  #- k8s/exercise-helm.md
-  #- k8s/ytt.md
-  - k8s/gitlab.md
-
-  - k8s/netpol.md
-  - k8s/authn-authz.md
-  #- k8s/csr-api.md
-  #- k8s/openid-connect.md
-  #- k8s/pod-security-intro.md
-  #- k8s/pod-security-policies.md
-  #- k8s/pod-security-admission.md
-
-  - k8s/volumes.md
-  #- k8s/exercise-configmap.md
-  #- k8s/build-with-docker.md
-  #- k8s/build-with-kaniko.md
-  - k8s/configuration.md
-  - k8s/secrets.md
-  - k8s/logs-centralized.md
-  #- k8s/prometheus.md
-  #- k8s/prometheus-stack.md
-
-  - k8s/statefulsets.md
-  - k8s/consul.md
-  - k8s/pv-pvc-sc.md
-  - k8s/volume-claim-templates.md
-  #- k8s/portworx.md
-  - k8s/openebs.md
-  - k8s/stateful-failover.md
-  #- k8s/extending-api.md
-  #- k8s/admission.md
-  #- k8s/operators.md
-  #- k8s/operators-design.md
-  #- k8s/operators-example.md
-  #- k8s/staticpods.md
-  #- k8s/owners-and-dependents.md
-  #- k8s/gitworkflows.md
-
-  - k8s/whatsnext.md
-  - k8s/lastwords.md
-  - k8s/links.md
-  - shared/thankyou.md
--- a/slides/kube.yml
+++ b/slides/kube.yml
@@ -0,0 +1,45 @@
+title: |
+  Thoughtworks Infrastructure
+  (Starring: Kubernetes!)
+
+chat: "[thoughtworks-infrastructure Slack](https://skillsmatter.slack.com/archives/C03E90W6Z6U)"
+
+gitrepo: github.com/jpetazzo/container.training
+
+slides: https://2022-08-thoughtworks.container.training/
+
+#slidenumberprefix: "#SomeHashTag &mdash; "
+
+exclude:
+- self-paced
+
+content:
+- shared/title.md
+- logistics.md
+- k8s/intro.md
+- shared/about-slides.md
+#- shared/chat-room-im.md
+#- shared/chat-room-zoom.md
+- shared/prereqs.md
+#- shared/webssh.md
+- shared/connecting.md
+- shared/toc.md
+- #1
+  - k8s/demo-apps.md
+  - k8s/netpol.md
+  - k8s/authn-authz.md
+  - exercises/netpol-details.md
+  - exercises/rbac-details.md
+- #2
+  - k8s/rollout.md
+  - k8s/healthchecks.md
+  - k8s/localkubeconfig.md
+  - k8s/accessinternal.md
+  - k8s/kubectlproxy.md
+  - k8s/setup-devel.md
+  - exercises/localcluster-details.md
+  - exercises/healthchecks-details.md
+- #3
+  - |
+    # (Extra material)
+  - k8s/deploymentslideshow.md
--- a/slides/logistics-template.md
+++ b/slides/logistics-template.md
@@ -1,37 +1,25 @@
 ## Introductions

- Hello! 
+- Hello! I'm Jérôme Petazzoni ([@jpetazzo])

- On stage: Jérôme ([@jpetazzo])
+- We'll have two 2-hour workshops

- Backstage: Alexandre, Amy, Antoine, Aurélien (x2), Benji, David, Julien, Kostas, Nicolas, Thibault
+  (August 17th and 24th)

- The training will run from 9:30 to 13:00
+- We'll do a short 5-minute break in the middle of each workshop

- There will be a break at (approximately) 11:00
+- Feel free to interrupt for questions at any time!

- You ~~should~~ must ask questions! Lots of questions!
+- Live feedback, questions, help, useful links:

- Use @@CHAT@@ to ask questions, get help, etc.
+  @@CHAT@@
+
+- I'll be available on that Slack channel after the workshop, too!
+
+<!-- -->

 [@alexbuisine]: https://twitter.com/alexbuisine
 [EphemeraSearch]: https://ephemerasearch.com/
 [@jpetazzo]: https://twitter.com/jpetazzo
 [@s0ulshake]: https://twitter.com/s0ulshake
 [Quantgene]: https://www.quantgene.com/
-
---
-
-## Exercises
-
- At the end of each day, there is a series of exercises
-
- To make the most out of the training, please try the exercises!
-
-  (it will help to practice and memorize the content of the day)
-
- We recommend to take at least one hour to work on the exercises
-
-  (if you understood the content of the day, it will be much faster)
-
- Each day will start with a quick review of the exercises of the previous day
--- a/slides/runtime.txt
+++ b/slides/runtime.txt
@@ -1 +1 @@
-3.7
+3.8
--- a/slides/swarm-fullday.yml
+++ b/slides/swarm-fullday.yml
@@ -1,71 +0,0 @@
-title: |
-  Container Orchestration
-  with Docker and Swarm
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- self-paced
- snap
- btp-auto
- benchmarking
- elk-manual
- prom-manual
-
-content:
- shared/title.md
- logistics.md
- swarm/intro.md
- shared/about-slides.md
- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
- shared/toc.md
- - shared/prereqs.md
-  - shared/connecting.md
-  - swarm/versions.md
-  - shared/sampleapp.md
-  - shared/composescale.md
-  - shared/hastyconclusions.md
-  - shared/composedown.md
-  - swarm/swarmkit.md
-  - shared/declarative.md
-  - swarm/swarmmode.md
-  - swarm/creatingswarm.md
-  #- swarm/machine.md
-  - swarm/morenodes.md
- - swarm/firstservice.md
-  - swarm/ourapponswarm.md
-  - swarm/hostingregistry.md
-  - swarm/testingregistry.md
-  - swarm/btp-manual.md
-  - swarm/swarmready.md
-  - swarm/stacks.md
-  - swarm/cicd.md
-  - swarm/updatingservices.md
-  - swarm/rollingupdates.md
-  - swarm/healthchecks.md
- - swarm/operatingswarm.md
-  - swarm/netshoot.md
-  - swarm/ipsec.md
-  - swarm/swarmtools.md
-  - swarm/security.md
-  - swarm/secrets.md
-  - swarm/encryptionatrest.md
-  - swarm/leastprivilege.md
-  - swarm/apiscope.md
- - swarm/logging.md
-  - swarm/metrics.md
-  - swarm/gui.md
-  - swarm/stateful.md
-  - swarm/extratips.md
-  - shared/thankyou.md
-  - swarm/links.md
--- a/slides/swarm-halfday.yml
+++ b/slides/swarm-halfday.yml
@@ -1,70 +0,0 @@
-title: |
-  Container Orchestration
-  with Docker and Swarm
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- self-paced
- snap
- btp-manual
- benchmarking
- elk-manual
- prom-manual
-
-content:
- shared/title.md
- logistics.md
- swarm/intro.md
- shared/about-slides.md
- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
- shared/toc.md
- - shared/prereqs.md
-  - shared/connecting.md
-  - swarm/versions.md
-  - shared/sampleapp.md
-  - shared/composescale.md
-  - shared/hastyconclusions.md
-  - shared/composedown.md
-  - swarm/swarmkit.md
-  - shared/declarative.md
-  - swarm/swarmmode.md
-  - swarm/creatingswarm.md
-  #- swarm/machine.md
-  - swarm/morenodes.md
- - swarm/firstservice.md
-  - swarm/ourapponswarm.md
-  #- swarm/hostingregistry.md
-  #- swarm/testingregistry.md
-  #- swarm/btp-manual.md
-  #- swarm/swarmready.md
-  - swarm/stacks.md
-  - swarm/cicd.md
-  - swarm/updatingservices.md
-  #- swarm/rollingupdates.md
-  #- swarm/healthchecks.md
- - swarm/operatingswarm.md
-  #- swarm/netshoot.md
-  #- swarm/ipsec.md
-  #- swarm/swarmtools.md
-  - swarm/security.md
-  #- swarm/secrets.md
-  #- swarm/encryptionatrest.md
-  - swarm/leastprivilege.md
-  - swarm/apiscope.md
-  - swarm/logging.md
-  - swarm/metrics.md
-  #- swarm/stateful.md
-  #- swarm/extratips.md
-  - shared/thankyou.md
-  - swarm/links.md
--- a/slides/swarm-selfpaced.yml
+++ b/slides/swarm-selfpaced.yml
@@ -1,79 +0,0 @@
-title: |
-  Container Orchestration
-  with Docker and Swarm
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- in-person
- btp-auto
-
-content:
- shared/title.md
-#- shared/logistics.md
- swarm/intro.md
- shared/about-slides.md
-#- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
- shared/toc.md
- - shared/prereqs.md
-  - shared/connecting.md
-  - swarm/versions.md
-  - |
-    name: part-1
-
-    class: title, self-paced
-
-    Part 1
-  - shared/sampleapp.md
-  - shared/composescale.md
-  - shared/hastyconclusions.md
-  - shared/composedown.md
-  - swarm/swarmkit.md
-  - shared/declarative.md
-  - swarm/swarmmode.md
-  - swarm/creatingswarm.md
-  #- swarm/machine.md
-  - swarm/morenodes.md
- - swarm/firstservice.md
-  - swarm/ourapponswarm.md
-  - swarm/hostingregistry.md
-  - swarm/testingregistry.md
-  - swarm/btp-manual.md
-  - swarm/swarmready.md
-  - swarm/stacks.md
-  - swarm/cicd.md
-  - |
-    name: part-2
-
-    class: title, self-paced
-
-    Part 2
- - swarm/operatingswarm.md
-  - swarm/netshoot.md
-  - swarm/swarmnbt.md
-  - swarm/ipsec.md
-  - swarm/updatingservices.md
-  - swarm/rollingupdates.md
-  - swarm/healthchecks.md
-  - swarm/nodeinfo.md
-  - swarm/swarmtools.md
- - swarm/security.md
-  - swarm/secrets.md
-  - swarm/encryptionatrest.md
-  - swarm/leastprivilege.md
-  - swarm/apiscope.md
-  - swarm/logging.md
-  - swarm/metrics.md
-  - swarm/stateful.md
-  - swarm/extratips.md
-  - shared/thankyou.md
-  - swarm/links.md
--- a/slides/swarm-video.yml
+++ b/slides/swarm-video.yml
@@ -1,74 +0,0 @@
-title: |
-  Container Orchestration
-  with Docker and Swarm
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag &mdash; "
-
-exclude:
- in-person
- btp-auto
-
-content:
- shared/title.md
-#- shared/logistics.md
- swarm/intro.md
- shared/about-slides.md
- shared/toc.md
- - shared/prereqs.md
-  - shared/connecting.md
-  - swarm/versions.md
-  - |
-    name: part-1
-
-    class: title, self-paced
-
-    Part 1
-  - shared/sampleapp.md
-  - shared/composescale.md
-  - shared/hastyconclusions.md
-  - shared/composedown.md
-  - swarm/swarmkit.md
-  - shared/declarative.md
-  - swarm/swarmmode.md
-  - swarm/creatingswarm.md
-  #- swarm/machine.md
-  - swarm/morenodes.md
- - swarm/firstservice.md
-  - swarm/ourapponswarm.md
-  - swarm/hostingregistry.md
-  - swarm/testingregistry.md
-  - swarm/btp-manual.md
-  - swarm/swarmready.md
-  - swarm/stacks.md
-  - |
-    name: part-2
-
-    class: title, self-paced
-
-    Part 2
- - swarm/operatingswarm.md
-  #- swarm/netshoot.md
-  #- swarm/swarmnbt.md
-  - swarm/ipsec.md
-  - swarm/updatingservices.md
-  - swarm/rollingupdates.md
-  #- swarm/healthchecks.md
-  - swarm/nodeinfo.md
-  - swarm/swarmtools.md
- - swarm/security.md
-  - swarm/secrets.md
-  - swarm/encryptionatrest.md
-  - swarm/leastprivilege.md
-  - swarm/apiscope.md
-  #- swarm/logging.md
-  #- swarm/metrics.md
-  - swarm/stateful.md
-  - swarm/extratips.md
-  - shared/thankyou.md
-  - swarm/links.md
Author	SHA1	Message	Date
Jérôme Petazzoni	ea3178327a	✨ Prepare content for Thoughtworks Infrastructure	2022-08-17 14:51:57 +02:00
Jérôme Petazzoni	2724a611a6	📃 Update rolling update intro slide	2022-08-17 14:49:17 +02:00
Jérôme Petazzoni	2ca239ddfc	🔒️ Mention bound service account tokens	2022-08-17 14:18:15 +02:00
Jérôme Petazzoni	e74a158c59	📃 Document dependency on yq	2022-08-17 13:49:15 +02:00
Jérôme Petazzoni	138af3b5d2	♻️ Upgrade build image to Netlify Focal; bump up Python version	2022-08-17 13:48:55 +02:00
Jérôme Petazzoni	ad6d16bade	➕ Add RBAC and NetPol exercises	2022-08-17 13:16:52 +02:00
Jérôme Petazzoni	1aaf9b0bd5	♻️ Update Linode LKE terraform module	2022-07-29 14:37:37 +02:00
Jérôme Petazzoni	ce39f97a28	⏫ Bump up versions for cluster upgrade lab	2022-07-22 11:32:22 +02:00
jonjohnsonjr	162651bdfd	Typo: sould -> should	2022-07-18 19:16:47 +02:00
Jérôme Petazzoni	2958ca3a32	♻️ Update CRD content Rehaul for crd/v1; demonstrate what happens when adding data validation a posteriori.	2022-07-14 10:32:34 +02:00
Jérôme Petazzoni	02a15d94a3	➕ Add nsinjector	2022-07-06 14:28:24 +02:00
@@ -1 +1 @@
 .7
 .8