✨ Prepare content for Thoughtworks Infrastructure

prepare-local/provisioning.yml

@@ -1,10 +1,11 @@
 ---
 - hosts: nodes
-  become: yes
+  sudo: true
   vars_files:
     - vagrant.yml
 
   tasks:
+
     - name: clean up the home folder
       file:
         path: /home/vagrant/{{ item }}
@@ -23,23 +24,25 @@
 
     - name: installing dependencies
       apt:
-        name: apt-transport-https,ca-certificates,python3-pip,tmux
+        name: apt-transport-https,ca-certificates,python-pip,tmux
         state: present
         update_cache: true
 
     - name: fetching docker repo key
       apt_key:
-        url: https://download.docker.com/linux/ubuntu/gpg
-        state: present
+        keyserver: hkp://p80.pool.sks-keyservers.net:80
+        id: 58118E89F3A912897C070ADBF76221572C52609D
 
-    - name: adding docker repo
+    - name: adding package repos
       apt_repository:
-        repo: deb https://download.docker.com/linux/ubuntu focal stable
+        repo: "{{ item }}"
         state: present
+      with_items:
+        - deb https://apt.dockerproject.org/repo ubuntu-trusty main
 
     - name: installing docker
       apt:
-        name: docker-ce,docker-ce-cli,containerd.io,docker-compose-plugin
+        name: docker-engine
         state: present
         update_cache: true
 
@@ -53,7 +56,7 @@
       lineinfile:
         dest: /etc/default/docker
         line: DOCKER_OPTS="--host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:55555"
-        regexp: "^#?DOCKER_OPTS=.*$"
+        regexp: '^#?DOCKER_OPTS=.*$'
         state: present
       register: docker_opts
 
@@ -63,14 +66,22 @@
         state: restarted
       when: docker_opts is defined and docker_opts.changed
 
-    - name: install docker-compose from official github repo
-      get_url:
-        url: https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64
-        dest: /usr/local/bin/docker-compose
-        mode: "u+x,g+x"
+    - name: performing pip autoupgrade
+      pip:
+        name: pip
+        state: latest
+
+    - name: installing virtualenv
+      pip:
+        name: virtualenv
+        state: latest
+
+    - name: Install Docker Compose via PIP
+      pip: name=docker-compose
 
     - name:
-      file: path="/usr/local/bin/docker-compose"
+      file:
+        path="/usr/local/bin/docker-compose"
         state=file
         mode=0755
         owner=vagrant
@@ -117,3 +128,5 @@
           line: "127.0.0.1 localhost {{ inventory_hostname }}"
         - regexp: '^127\.0\.1\.1'
           line: "127.0.1.1 {{ inventory_hostname }}"
+
+

prepare-local/vagrant.yml

@@ -1,12 +1,13 @@
 ---
 vagrant:
-  default_box: ubuntu/focal64
+  default_box: ubuntu/trusty64
   default_box_check_update: true
   ssh_insert_key: false
   min_memory: 256
   min_cores: 1
 
 instances:
+
   - hostname: node1
     private_ip: 10.10.10.10
     memory: 1512
@@ -36,3 +37,6 @@ instances:
     private_ip: 10.10.10.50
     memory: 512
     cores: 1
+
+
+

prepare-vms/lib/commands.sh

@@ -182,23 +182,9 @@ _cmd_clusterize() {
     pssh "
     if [ -f /etc/iptables/rules.v4 ]; then
         sudo sed -i 's/-A INPUT -j REJECT --reject-with icmp-host-prohibited//' /etc/iptables/rules.v4
-        sudo netfilter-persistent flush
         sudo netfilter-persistent start
     fi"
 
-    # oracle-cloud-agent upgrades pacakges in the background.
-    # This breaks our deployment scripts, because when we invoke apt-get, it complains
-    # that the lock already exists (symptom: random "Exited with error code 100").
-    # Workaround: if we detect oracle-cloud-agent, remove it.
-    # But this agent seems to also take care of installing/upgrading
-    # the unified-monitoring-agent package, so when we stop the snap,
-    # it can leave dpkg in a broken state. We "fix" it with the 2nd command.
-    pssh "
-    if [ -d /snap/oracle-cloud-agent ]; then
-        sudo snap remove oracle-cloud-agent
-        sudo dpkg --remove --force-remove-reinstreq unified-monitoring-agent
-    fi"
-
     # Copy settings and install Python YAML parser
     pssh -I tee /tmp/settings.yaml <tags/$TAG/settings.yaml
     pssh "
@@ -492,13 +478,12 @@ _cmd_kubetools() {
     # Install kube-ps1
     pssh "
     set -e
-    if ! [ -f /opt/kube-ps1 ]; then
+    if ! [ -f /etc/profile.d/kube-ps1.sh ]; then
       cd /tmp
       git clone https://github.com/jonmosco/kube-ps1
-      sudo mv kube-ps1 /opt/kube-ps1
+      sudo cp kube-ps1/kube-ps1.sh /etc/profile.d/kube-ps1.sh
       sudo -u $USER_LOGIN sed -i s/docker-prompt/kube_ps1/ /home/$USER_LOGIN/.bashrc &&
       sudo -u $USER_LOGIN tee -a /home/$USER_LOGIN/.bashrc <<EOF
-. /opt/kube-ps1/kube-ps1.sh
 KUBE_PS1_PREFIX=""
 KUBE_PS1_SUFFIX=""
 KUBE_PS1_SYMBOL_ENABLE="false"

slides/_redirects

@@ -1,8 +1,7 @@
 # Uncomment and/or edit one of the the following lines if necessary.
 #/ /kube-halfday.yml.html 200!
 #/ /kube-fullday.yml.html 200!
-#/ /kube-twodays.yml.html 200!
-/ /kube-adv.yml.html 200!
+/ /kube.yml.html 200!
 
 # And this allows to do "git clone https://container.training".
 /info/refs service=git-upload-pack https://github.com/jpetazzo/container.training/info/refs?service=git-upload-pack

slides/containers/Ambassadors.md

@@ -19,7 +19,7 @@ They abstract the connection details for this services, and can help with:
 
 * fail over (how do I know to which instance of a replicated service I should connect?)
 
-* load balancing (how do I spread my requests across multiple instances of a service?)
+* load balancing (how to I spread my requests across multiple instances of a service?)
 
 * authentication (what if my service requires credentials, certificates, or otherwise?)
 

slides/k8s/kyverno.md

@@ -554,28 +554,6 @@ Note: the `apiVersion` field appears to be optional.
 
 ---
 
-class: extra-details
-
-## Managing `ownerReferences`
-
-- By default, the generated object and triggering object have independent lifecycles
-
-  (deleting the triggering object doesn't affect the generated object)
-
-- It is possible to associate the generated object with the triggering object
-
-  (so that deleting the triggering object also deletes the generated object)
-
-- This is done by adding the triggering object information to `ownerReferences`
-
-  (in the generated object `metadata`)
-
-- See [Linking resources with ownerReferences][ownerref] for an example
-
-[ownerref]: https://kyverno.io/docs/writing-policies/generate/#linking-resources-with-ownerreferences
-
----
-
 ## Asynchronous creation
 
 - Kyverno creates resources asynchronously

slides/kube-adv.yml

@@ -1,84 +0,0 @@
-title: |
-  Advanced
-  Kubernetes
-
-chat: "[Slack](#FIXME)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://2022-09-nr.container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-content:
-- shared/title.md
-- logistics.md
-- k8s/intro.md
-- shared/about-slides.md
-#- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
-- #1
-  - k8s/prereqs-admin.md
-  - k8s/architecture.md
-  - k8s/internal-apis.md
-  - k8s/deploymentslideshow.md
-  - k8s/dmuc.md
-  - k8s/multinode.md
-  - k8s/cni.md
-  - k8s/interco.md
-  - k8s/cni-internals.md
-- #2
-  - k8s/apilb.md
-  - k8s/internal-apis.md
-  - k8s/staticpods.md
-  #- k8s/cluster-upgrade.md
-  - k8s/control-plane-auth.md
-  - k8s/user-cert.md
-  - k8s/csr-api.md
-  - k8s/openid-connect.md
-  - k8s/pod-security-intro.md
-  - k8s/pod-security-policies.md
-  - k8s/pod-security-admission.md
-- #3
-  - k8s/extending-api.md
-  - k8s/crd.md
-  - k8s/operators.md
-  - k8s/sealed-secrets.md
-  - k8s/cert-manager.md
-  - k8s/ingress-tls.md
-  - k8s/ingress-advanced.md
-  #- k8s/eck.md
-- #4
-  - k8s/admission.md
-  - k8s/cainjector.md
-  - k8s/kyverno.md
-  - k8s/aggregation-layer.md
-  - k8s/metrics-server.md
-  - k8s/hpa-v2.md
-- #5
-  - k8s/operators-design.md
-  - k8s/operators-example.md
-  - k8s/owners-and-dependents.md
-  #- k8s/kubebuilder.md
-  - k8s/events.md
-  - k8s/finalizers.md
-  - shared/thankyou.md
-- #6
-  - |
-    # (Extra content)
-  - k8s/kustomize.md
-  - k8s/helm-intro.md
-  - k8s/helm-chart-format.md
-  - k8s/helm-create-basic-chart.md
-  - k8s/helm-create-better-chart.md
-  - k8s/helm-dependencies.md
-  - k8s/helm-values-schema-validation.md
-  - k8s/helm-secrets.md
-  - k8s/ytt.md
-  - k8s/apiserver-deepdive.md

slides/kube.yml

@@ -0,0 +1,45 @@
+title: |
+  Thoughtworks Infrastructure
+  (Starring: Kubernetes!)
+
+chat: "[thoughtworks-infrastructure Slack](https://skillsmatter.slack.com/archives/C03E90W6Z6U)"
+
+gitrepo: github.com/jpetazzo/container.training
+
+slides: https://2022-08-thoughtworks.container.training/
+
+#slidenumberprefix: "#SomeHashTag — "
+
+exclude:
+- self-paced
+
+content:
+- shared/title.md
+- logistics.md
+- k8s/intro.md
+- shared/about-slides.md
+#- shared/chat-room-im.md
+#- shared/chat-room-zoom.md
+- shared/prereqs.md
+#- shared/webssh.md
+- shared/connecting.md
+- shared/toc.md
+- #1
+  - k8s/demo-apps.md
+  - k8s/netpol.md
+  - k8s/authn-authz.md
+  - exercises/netpol-details.md
+  - exercises/rbac-details.md
+- #2
+  - k8s/rollout.md
+  - k8s/healthchecks.md
+  - k8s/localkubeconfig.md
+  - k8s/accessinternal.md
+  - k8s/kubectlproxy.md
+  - k8s/setup-devel.md
+  - exercises/localcluster-details.md
+  - exercises/healthchecks-details.md
+- #3
+  - |
+    # (Extra material)
+  - k8s/deploymentslideshow.md

slides/logistics-template.md

@@ -1,34 +1,20 @@
-## Intros & disclaimers
+## Introductions
 
 - Hello! I'm Jérôme Petazzoni ([@jpetazzo])
 
-- I have ...
+- We'll have two 2-hour workshops
 
-  - extensive experience running *containers* in production
-  - limited experience running *Kubernetes* in production
+  (August 17th and 24th)
 
-  - taught Docker and Kubernetes many times, to large audiences
-  - less frequently taught operators and API internals
+- We'll do a short 5-minute break in the middle of each workshop
 
-  - written a lot of Python code during my career; but much less Go
+- Feel free to interrupt for questions at any time!
 
-  - learned way more than I expected just by writing some chapters of this course (!)
+- Live feedback, questions, help, useful links:
 
----
+  @@CHAT@@
 
-## Logistics
-
-- The training will from ... to ..., Monday to Friday
-
-- There will be short breaks every hour, and a longer break in the middle
-
-- Feel free to interrupt for questions at any time
-
-- *Especially when you see full screen container pictures!*
-
-  (I will watch them in silence while I wait for your questions)
-
-- Live feedback, questions, help: @@CHAT@@
+- I'll be available on that Slack channel after the workshop, too!
 
 <!-- -->
 
@@ -37,19 +23,3 @@
 [@jpetazzo]: https://twitter.com/jpetazzo
 [@s0ulshake]: https://twitter.com/s0ulshake
 [Quantgene]: https://www.quantgene.com/
-
----
-
-## Exercises
-
-- At the end of each day, there is a series of exercises
-
-- To make the most out of the training, please try the exercises!
-
-  (it will help to practice and memorize the content of the day)
-
-- We recommend to take at least one hour to work on the exercises
-
-  (if you understood the content of the day, it will be much faster)
-
-- Each day will start with a quick review of the exercises of the previous day

slides/shared/prereqs.md

@@ -1,4 +1,4 @@
-# Pre-requirements
+## Pre-requirements
 
 - Be comfortable with the UNIX command line