🚧 WIP NR adv k8s Fall 2022

The former method was invalid and didn't work with e.g. screen.

prepare-local/provisioning.yml

@@ -1,11 +1,10 @@
 ---
 - hosts: nodes
-  sudo: true
+  become: yes
   vars_files:
     - vagrant.yml
 
   tasks:
-
     - name: clean up the home folder
       file:
         path: /home/vagrant/{{ item }}
@@ -24,25 +23,23 @@
 
     - name: installing dependencies
       apt:
-        name: apt-transport-https,ca-certificates,python-pip,tmux
+        name: apt-transport-https,ca-certificates,python3-pip,tmux
         state: present
         update_cache: true
 
     - name: fetching docker repo key
       apt_key:
-        keyserver: hkp://p80.pool.sks-keyservers.net:80
-        id: 58118E89F3A912897C070ADBF76221572C52609D
-
-    - name: adding package repos
-      apt_repository:
-        repo: "{{ item }}"
+        url: https://download.docker.com/linux/ubuntu/gpg
+        state: present
+
+    - name: adding docker repo
+      apt_repository:
+        repo: deb https://download.docker.com/linux/ubuntu focal stable
         state: present
-      with_items:
-        - deb https://apt.dockerproject.org/repo ubuntu-trusty main
 
     - name: installing docker
       apt:
-        name: docker-engine
+        name: docker-ce,docker-ce-cli,containerd.io,docker-compose-plugin
         state: present
         update_cache: true
 
@@ -56,7 +53,7 @@
       lineinfile:
         dest: /etc/default/docker
         line: DOCKER_OPTS="--host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:55555"
-        regexp: '^#?DOCKER_OPTS=.*$'
+        regexp: "^#?DOCKER_OPTS=.*$"
         state: present
       register: docker_opts
 
@@ -66,22 +63,14 @@
         state: restarted
       when: docker_opts is defined and docker_opts.changed
 
-    - name: performing pip autoupgrade
-      pip:
-        name: pip
-        state: latest
-
-    - name: installing virtualenv
-      pip:
-        name: virtualenv
-        state: latest
-
-    - name: Install Docker Compose via PIP
-      pip: name=docker-compose
+    - name: install docker-compose from official github repo
+      get_url:
+        url: https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64
+        dest: /usr/local/bin/docker-compose
+        mode: "u+x,g+x"
 
     - name:
-      file:
-        path="/usr/local/bin/docker-compose"
+      file: path="/usr/local/bin/docker-compose"
         state=file
         mode=0755
         owner=vagrant
@@ -128,5 +117,3 @@
           line: "127.0.0.1 localhost {{ inventory_hostname }}"
         - regexp: '^127\.0\.1\.1'
           line: "127.0.1.1 {{ inventory_hostname }}"
-
-

prepare-local/vagrant.yml

@@ -1,13 +1,12 @@
 ---
 vagrant:
-  default_box: ubuntu/trusty64
+  default_box: ubuntu/focal64
   default_box_check_update: true
   ssh_insert_key: false
   min_memory: 256
   min_cores: 1
 
 instances:
-
   - hostname: node1
     private_ip: 10.10.10.10
     memory: 1512
@@ -37,6 +36,3 @@ instances:
     private_ip: 10.10.10.50
     memory: 512
     cores: 1
-
-
-

prepare-vms/lib/commands.sh

@@ -182,9 +182,23 @@ _cmd_clusterize() {
     pssh "
     if [ -f /etc/iptables/rules.v4 ]; then
         sudo sed -i 's/-A INPUT -j REJECT --reject-with icmp-host-prohibited//' /etc/iptables/rules.v4
+        sudo netfilter-persistent flush
         sudo netfilter-persistent start
     fi"
 
+    # oracle-cloud-agent upgrades pacakges in the background.
+    # This breaks our deployment scripts, because when we invoke apt-get, it complains
+    # that the lock already exists (symptom: random "Exited with error code 100").
+    # Workaround: if we detect oracle-cloud-agent, remove it.
+    # But this agent seems to also take care of installing/upgrading
+    # the unified-monitoring-agent package, so when we stop the snap,
+    # it can leave dpkg in a broken state. We "fix" it with the 2nd command.
+    pssh "
+    if [ -d /snap/oracle-cloud-agent ]; then
+        sudo snap remove oracle-cloud-agent
+        sudo dpkg --remove --force-remove-reinstreq unified-monitoring-agent
+    fi"
+
     # Copy settings and install Python YAML parser
     pssh -I tee /tmp/settings.yaml <tags/$TAG/settings.yaml
     pssh "
@@ -478,12 +492,13 @@ _cmd_kubetools() {
     # Install kube-ps1
     pssh "
     set -e
-    if ! [ -f /etc/profile.d/kube-ps1.sh ]; then
+    if ! [ -f /opt/kube-ps1 ]; then
       cd /tmp
       git clone https://github.com/jonmosco/kube-ps1
-      sudo cp kube-ps1/kube-ps1.sh /etc/profile.d/kube-ps1.sh
+      sudo mv kube-ps1 /opt/kube-ps1
       sudo -u $USER_LOGIN sed -i s/docker-prompt/kube_ps1/ /home/$USER_LOGIN/.bashrc &&
       sudo -u $USER_LOGIN tee -a /home/$USER_LOGIN/.bashrc <<EOF
+. /opt/kube-ps1/kube-ps1.sh
 KUBE_PS1_PREFIX=""
 KUBE_PS1_SUFFIX=""
 KUBE_PS1_SYMBOL_ENABLE="false"

slides/_redirects

@@ -2,7 +2,7 @@
 #/ /kube-halfday.yml.html 200!
 #/ /kube-fullday.yml.html 200!
 #/ /kube-twodays.yml.html 200!
-/ /kube.yml.html 200!
+/ /kube-adv.yml.html 200!
 
 # And this allows to do "git clone https://container.training".
 /info/refs service=git-upload-pack https://github.com/jpetazzo/container.training/info/refs?service=git-upload-pack

slides/containers/Ambassadors.md

@@ -19,7 +19,7 @@ They abstract the connection details for this services, and can help with:
 
 * fail over (how do I know to which instance of a replicated service I should connect?)
 
-* load balancing (how to I spread my requests across multiple instances of a service?)
+* load balancing (how do I spread my requests across multiple instances of a service?)
 
 * authentication (what if my service requires credentials, certificates, or otherwise?)
 

slides/kube-adv.yml

@@ -0,0 +1,84 @@
+title: |
+  Advanced
+  Kubernetes
+
+chat: "[Slack](#FIXME)"
+
+gitrepo: github.com/jpetazzo/container.training
+
+slides: https://2022-09-nr.container.training/
+
+#slidenumberprefix: "#SomeHashTag — "
+
+exclude:
+- self-paced
+
+content:
+- shared/title.md
+- logistics.md
+- k8s/intro.md
+- shared/about-slides.md
+#- shared/chat-room-im.md
+#- shared/chat-room-slack.md
+#- shared/chat-room-zoom-meeting.md
+#- shared/chat-room-zoom-webinar.md
+- shared/toc.md
+- #1
+  - k8s/prereqs-admin.md
+  - k8s/architecture.md
+  - k8s/internal-apis.md
+  - k8s/deploymentslideshow.md
+  - k8s/dmuc.md
+  - k8s/multinode.md
+  - k8s/cni.md
+  - k8s/interco.md
+  - k8s/cni-internals.md
+- #2
+  - k8s/apilb.md
+  - k8s/internal-apis.md
+  - k8s/staticpods.md
+  #- k8s/cluster-upgrade.md
+  - k8s/control-plane-auth.md
+  - k8s/user-cert.md
+  - k8s/csr-api.md
+  - k8s/openid-connect.md
+  - k8s/pod-security-intro.md
+  - k8s/pod-security-policies.md
+  - k8s/pod-security-admission.md
+- #3
+  - k8s/extending-api.md
+  - k8s/crd.md
+  - k8s/operators.md
+  - k8s/sealed-secrets.md
+  - k8s/cert-manager.md
+  - k8s/ingress-tls.md
+  - k8s/ingress-advanced.md
+  #- k8s/eck.md
+- #4
+  - k8s/admission.md
+  - k8s/cainjector.md
+  - k8s/kyverno.md
+  - k8s/aggregation-layer.md
+  - k8s/metrics-server.md
+  - k8s/hpa-v2.md
+- #5
+  - k8s/operators-design.md
+  - k8s/operators-example.md
+  - k8s/owners-and-dependents.md
+  #- k8s/kubebuilder.md
+  - k8s/events.md
+  - k8s/finalizers.md
+  - shared/thankyou.md
+- #6
+  - |
+    # (Extra content)
+  - k8s/kustomize.md
+  - k8s/helm-intro.md
+  - k8s/helm-chart-format.md
+  - k8s/helm-create-basic-chart.md
+  - k8s/helm-create-better-chart.md
+  - k8s/helm-dependencies.md
+  - k8s/helm-values-schema-validation.md
+  - k8s/helm-secrets.md
+  - k8s/ytt.md
+  - k8s/apiserver-deepdive.md

slides/kube.yml

@@ -1,93 +0,0 @@
-title: |
-  Intermediate Kubernetes
-
-chat: "[FIXME](#FIXME)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://2022-08-nasa.container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-content:
-- shared/title.md
-- logistics.md
-- k8s/intro.md
-- shared/about-slides.md
-- shared/chat-room-im.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/prereqs.md
-#- shared/webssh.md
-- shared/connecting.md
-- shared/toc.md
-- # 1
-  #- k8s/versions-k8s.md
-  - shared/sampleapp.md
-  #- shared/composescale.md
-  #- shared/hastyconclusions.md
-  - shared/composedown.md
-  - k8s/concepts-k8s.md
-  - k8s/kubectlget.md
-  - k8s/kubectl-run.md
-  - k8s/kubenet.md
-  - k8s/kubectlexpose.md
-  - k8s/shippingimages.md
-  #- k8s/buildshiprun-selfhosted.md
-  - k8s/buildshiprun-dockerhub.md
-  - exercises/k8sfundamentals-details.md
-  - k8s/ourapponkube.md
-  #- k8s/exercise-wordsmith.md
-- # 2
-  - k8s/labels-annotations.md
-  - k8s/kubectl-logs.md
-  - k8s/logs-cli.md
-  - k8s/namespaces.md
-  - k8s/yamldeploy.md
-  - shared/declarative.md
-  - k8s/declarative.md
-  - k8s/deploymentslideshow.md
-  - k8s/authoring-yaml.md
-  - k8s/setup-overview.md
-  - k8s/setup-devel.md
-  #- k8s/setup-managed.md
-  #- k8s/setup-selfhosted.md
-  - k8s/localkubeconfig.md
-  - k8s/accessinternal.md
-  - k8s/kubectlproxy.md
-  - exercises/localcluster-details.md
-- # 3
-  #- k8s/kubectlscale.md
-  - k8s/scalingdockercoins.md
-  - shared/hastyconclusions.md
-  - k8s/daemonset.md
-  - k8s/rollout.md
-  - k8s/healthchecks.md
-  - k8s/ingress.md
-  #- k8s/healthchecks-more.md
-  - exercises/healthchecks-details.md
-- # 4
-  - k8s/netpol.md
-  - k8s/authn-authz.md
-  - k8s/resource-limits.md
-  - k8s/metrics-server.md
-  - k8s/cluster-sizing.md
-  - k8s/horizontal-pod-autoscaler.md
-  - exercises/netpol-details.md
-  - exercises/rbac-details.md
-- # 5
-  #- k8s/ingress-tls.md
-  - k8s/volumes.md
-  #- k8s/exercise-configmap.md
-  #- k8s/build-with-docker.md
-  #- k8s/build-with-kaniko.md
-  - k8s/configuration.md
-  - k8s/secrets.md
-  - k8s/batch-jobs.md
-  - k8s/dashboard.md
-  - k8s/k9s.md
-  - k8s/tilt.md
-  - shared/thankyou.md

slides/logistics-template.md

@@ -1,25 +1,38 @@
-## Introductions
+## Intros & disclaimers
 
-- Hello! We are:
+- Hello! I'm Jérôme Petazzoni ([@jpetazzo])
 
-   - Jérôme Petazzoni ([@jpetazzo])
+- I have ...
 
-   - Dana Engebretson ([@bigdana])
-   
-   - Amy Bowen ([@s0ulshake])
+  - extensive experience running *containers* in production
+  - limited experience running *Kubernetes* in production
 
-- The training will run for 4 hours, with a 10 minutes break every hour
+  - taught Docker and Kubernetes many times, to large audiences
+  - less frequently taught operators and API internals
+
+  - written a lot of Python code during my career; but much less Go
+
+  - learned way more than I expected just by writing some chapters of this course (!)
+
+---
+
+## Logistics
+
+- The training will from ... to ..., Monday to Friday
+
+- There will be short breaks every hour, and a longer break in the middle
 
 - Feel free to interrupt for questions at any time
 
 - *Especially when you see full screen container pictures!*
 
+  (I will watch them in silence while I wait for your questions)
+
 - Live feedback, questions, help: @@CHAT@@
 
 <!-- -->
 
 [@alexbuisine]: https://twitter.com/alexbuisine
-[@bigdana]: https://twitter.com/bigdana
 [EphemeraSearch]: https://ephemerasearch.com/
 [@jpetazzo]: https://twitter.com/jpetazzo
 [@s0ulshake]: https://twitter.com/s0ulshake

slides/shared/prereqs.md

@@ -1,4 +1,4 @@
-## Pre-requirements
+# Pre-requirements
 
 - Be comfortable with the UNIX command line