♻️ Public training March 2022

.gitignore

@@ -6,7 +6,13 @@ prepare-vms/tags
 prepare-vms/infra
 prepare-vms/www
 
-prepare-tf/tag-*
+prepare-tf/.terraform*
+prepare-tf/terraform.*
+prepare-tf/stage2/*.tf
+prepare-tf/stage2/kubeconfig.*
+prepare-tf/stage2/.terraform*
+prepare-tf/stage2/terraform.*
+prepare-tf/stage2/externalips.*
 
 slides/*.yml.html
 slides/autopilot/state.yaml

compose/frr-route-reflector/conf/zebra.conf

@@ -1,3 +1,2 @@
 hostname frr
-ip nht resolve-via-default
 log stdout

compose/frr-route-reflector/docker-compose.yaml

@@ -2,36 +2,30 @@ version: "3"
 
 services:
   bgpd:
-    image: frrouting/frr:v8.2.2
+    image: ajones17/frr:662
     volumes:
     - ./conf:/etc/frr
     - ./run:/var/run/frr
     network_mode: host
-    cap_add:
-    - NET_ADMIN
-    - SYS_ADMIN
-    entrypoint: /usr/lib/frr/bgpd -f /etc/frr/bgpd.conf --log=stdout --log-level=debug --no_kernel --no_zebra
+    entrypoint: /usr/lib/frr/bgpd -f /etc/frr/bgpd.conf --log=stdout --log-level=debug --no_kernel
     restart: always
 
   zebra:
-    image: frrouting/frr:v8.2.2
+    image: ajones17/frr:662
     volumes:
     - ./conf:/etc/frr
     - ./run:/var/run/frr
     network_mode: host
-    cap_add:
-    - NET_ADMIN
-    - SYS_ADMIN
     entrypoint: /usr/lib/frr/zebra -f /etc/frr/zebra.conf --log=stdout --log-level=debug
     restart: always
 
   vtysh:
-    image: frrouting/frr:v8.2.2
+    image: ajones17/frr:662
     volumes:
     - ./conf:/etc/frr
     - ./run:/var/run/frr
     network_mode: host
-    entrypoint: vtysh
+    entrypoint: vtysh -c "show ip bgp"
 
   chmod:
     image: alpine

dockercoins/Tiltfile

@@ -48,25 +48,20 @@ k8s_yaml('../k8s/dockercoins.yaml')
 # The following line lets Tilt run with the default kubeadm cluster-admin context.
 allow_k8s_contexts('kubernetes-admin@kubernetes')
 
-# Note: the whole section below (to set up ngrok tunnels) is disabled,
-# because ngrok now requires to set up an account to serve HTML
-# content. So we can still use ngrok for e.g. webhooks and "raw" APIs,
-# but not to serve web pages like the Tilt UI.
+# This will run an ngrok tunnel to expose Tilt to the outside world.
+# This is intended to be used when Tilt runs on a remote machine.
+local_resource(name='ngrok:tunnel', serve_cmd='ngrok http 10350')
 
-# # This will run an ngrok tunnel to expose Tilt to the outside world.
-# # This is intended to be used when Tilt runs on a remote machine.
-# local_resource(name='ngrok:tunnel', serve_cmd='ngrok http 10350')
-
-# # This will wait until the ngrok tunnel is up, and show its URL to the user.
-# # We send the output to /dev/tty so that it doesn't get intercepted by
-# # Tilt, and gets displayed to the user's terminal instead.
-# # Note: this assumes that the ngrok instance will be running on port 4040.
-# # If you have other ngrok instances running on the machine, this might not work.
-# local_resource(name='ngrok:showurl', cmd='''
-#   while sleep 1; do
-#     TUNNELS=$(curl -fsSL http://localhost:4040/api/tunnels | jq -r .tunnels[].public_url)
-#     [ "$TUNNELS" ] && break
-#   done
-#   printf "\nYou should be able to connect to the Tilt UI with the following URL(s): %s\n" "$TUNNELS" >/dev/tty
-#   '''
-# )
+# This will wait until the ngrok tunnel is up, and show its URL to the user.
+# We send the output to /dev/tty so that it doesn't get intercepted by
+# Tilt, and gets displayed to the user's terminal instead.
+# Note: this assumes that the ngrok instance will be running on port 4040.
+# If you have other ngrok instances running on the machine, this might not work.
+local_resource(name='ngrok:showurl', cmd='''
+  while sleep 1; do
+    TUNNELS=$(curl -fsSL http://localhost:4040/api/tunnels | jq -r .tunnels[].public_url)
+    [ "$TUNNELS" ] && break
+  done
+  printf "\nYou should be able to connect to the Tilt UI with the following URL(s): %s\n" "$TUNNELS" >/dev/tty
+  '''
+)

k8s/affinity-pod.yaml

@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: aff-pod
-spec:
-  terminationGracePeriodSeconds: 30
-  affinity:
-  containers:
-  - name: aff-pod
-    image: alpine
-    command:
-    - sleep
-    args:
-    - "1000"
-    nodeAffinity:
-      requiredDuringSchedulingIgnoredDuringExecution:
-        nodeSelectorTerms:
-        - matchExpressions:
-          - key: cow
-            operator: In
-            values:
-            - elsie

k8s/init-container.yaml

@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: initty
-spec:
-  volumes:
-  - name: preFetched
-    emptyDir: {}
-    
-  containers:
-  - name: main
-    image: main
-    volumeMounts:
-    - name: preFetched
-      mountPath: /usr/share/nginx/html/
-  initContainers:
-  - name: git-cloner
-    image: alpine
-    command: [ "sh", "-c", "apk add git && sleep 5 && git clone https://github.com/octocat/Spoon-Knife /preFetched" ]
-    volumeMounts:
-    - name: preFetched
-      mountPath: /preFetched/

k8s/k8s-nr-kubeconfig.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-clusters:
-- cluster:
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKekNDQWcrZ0F3SUJBZ0lDQm5Vd0RRWUpLb1pJaHZjTkFRRUxCUUF3TXpFVk1CTUdBMVVFQ2hNTVJHbG4KYVhSaGJFOWpaV0Z1TVJvd0dBWURWUVFERXhGck9ITmhZWE1nUTJ4MWMzUmxjaUJEUVRBZUZ3MHlNakE1TVRneQpNekV6TWpGYUZ3MDBNakE1TVRneU16RXpNakZhTURNeEZUQVRCZ05WQkFvVERFUnBaMmwwWVd4UFkyVmhiakVhCk1CZ0dBMVVFQXhNUmF6aHpZV0Z6SUVOc2RYTjBaWElnUTBFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFEYnVlN1MzRS9hdFpvQVJjSUllRFJNMG5vMThvaDNEL3cyV3VWQmNaQWppZXhmNGw4VQpldEZlWDBWQmZFZGJqUndIWTYva2VHdHVzS0dXUzNZdUN5RHd3WFNhMEV5NS9LM0ZLUHhEUkdyUWJSNXJkUWg5CmI4NW1IbXVIcUYvQXJHMWJVV2JYQmFRVVhBdXNtMVpjMnNtOXdWQm0vRlRJSTJDdEpReTViVXVIQnY3N01BNHEKUzV3b1liMXkwUHo0OXNuVldiY3BXZ1FxR080SE9JelFJc2crakxYR0lhWi96L0lneHR2M0ZYaVJVUlVIZWhERwplTTVuRDErY1JuUkorcDlLQU9VMUdOZzQwVENoN3hjaGo3UHNJMDV1Q0xVQWFhYVJ4M0pVRFBpRXgxWjVjOHQwCll6aTBXTVVTUVpkTjlUc3UrNGZZaXAyTFpkZGxXOW1ma0NYREFnTUJBQUdqUlRCRE1BNEdBMVVkRHdFQi93UUUKQXdJQmhqQVNCZ05WSFJNQkFmOEVDREFHQVFIL0FnRUFNQjBHQTFVZERnUVdCQlNpcEo3SHZQTkRZMWcrcDNEdwp0TUEvNThmUmFEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFuYkNYSHUvM3YrbXRlU3N4TXFxUndJd1c0T015CkdRdzE0aERtYkFRcmovYVo0WkFvZUJIdFJSMGYxTFFXQnVIQTBtTFJvSTFSenpBQWw3V2lNMDd6VU1ETlV2enUKR0FCVmtwOEV6b2RneTlNclFkN2VtZkNJRFA3SkhZV1FzL1VxcGVVZW4zcHljQ3dXZFFXY3ZDR0FtTEZZSzI3TApKcnFKV1JXNGErWTVDUkhqVytzTGJpeTNNMTdrOHVWM1pzMktNS0FUaVNXWUZTUzUrSkg5Tk5WdXNKd1lUZVZPCmJOZG5PbS9ub1NLejYrbHUvUm1NK0NsUFdXakdXcUlHdHZyNFl6b0puZk52UDNXL01FQXlzY3Zlck9jcXUxWTAKa1dmRkg2azVlY3NsK2k1RTFkaE02U0JRaFZzV1crMjFlN1plbVJwc1htNkNyYUZqek4vSFlaMEMzdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
-    server: https://8f36cb5d-e565-452a-a09c-81760683c1f9.k8s.ondigitalocean.com
-  name: do-sfo3-k8s-nr
-contexts:
-- context:
-    cluster: do-sfo3-k8s-nr
-    user: do-sfo3-k8s-nr-admin
-  name: do-sfo3-k8s-nr
-current-context: do-sfo3-k8s-nr
-kind: Config
-preferences: {}
-users:
-- name: do-sfo3-k8s-nr-admin
-  user:
-    token: dop_v1_dc6f141491e1e3447a52ec192c3424c0481622f5430cf219fb38458280e1ff88

k8s/multiLine.yaml

@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  labels:
-    run: busybox
-  name: busybox
-spec:
-  terminationGracePeriodSeconds: 0
-  containers:
-  - command:
-    - /bin/sh
-    - -c
-    - |
-      echo "running below scripts"
-      i=0; 
-      while true; 
-      do 
-        echo "$i: $(date)"; 
-        i=$((i+1)); 
-        sleep 1; 
-      done
-    name: busybox
-    image: busybox

k8s/multiLine2.yaml

@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  labels:
-    run: busybox
-  name: busybox
-spec:
-  terminationGracePeriodSeconds: 0
-  containers:
-  - command: ["/bin/sh", "-c"]
-    args:
-    - |
-      echo "running below scripts"
-      i=0; 
-      while true; 
-      do 
-        echo "$i: $(date)"; 
-        i=$((i+1)); 
-        sleep 1; 
-      done
-    name: busybox
-    image: busybox

k8s/nginx-2-with-volume.yaml

@@ -3,13 +3,11 @@ kind: Pod
 metadata:
   name: nginx-with-volume
 spec:
+  volumes:
+  - name: www
   containers:
   - name: nginx
     image: nginx
     volumeMounts:
     - name: www
       mountPath: /usr/share/nginx/html/
-
-  volumes:
-  - name: www
-    emptyDir: {}

k8s/nginx-3-with-git.yaml

@@ -3,9 +3,8 @@ kind: Pod
 metadata:
   name: nginx-with-git
 spec:
-  terminationGracePeriodSeconds: 0
-  restartPolicy: OnFailure
-  
+  volumes:
+  - name: www
   containers:
   - name: nginx
     image: nginx
@@ -18,9 +17,5 @@ spec:
     volumeMounts:
     - name: www
       mountPath: /www/
-
-  volumes:
-  - name: www
-    emptyDir: {}
-
+  restartPolicy: OnFailure
 

k8s/nginx-4-with-init.yaml

@@ -3,8 +3,14 @@ kind: Pod
 metadata:
   name: nginx-with-init
 spec:
-  terminationGracePeriodSeconds: 0
-  
+  volumes:
+  - name: www
+  containers:
+  - name: nginx
+    image: nginx
+    volumeMounts:
+    - name: www
+      mountPath: /usr/share/nginx/html/
   initContainers:
   - name: git
     image: alpine
@@ -12,15 +18,3 @@ spec:
     volumeMounts:
     - name: www
       mountPath: /www/
- 
-  containers:
-  - name: nginx
-    image: nginx
-    volumeMounts:
-    - name: www
-      mountPath: /usr/share/nginx/html/
-
-  volumes:
-  - name: www
-    emptyDir: {}
-

k8s/nginx-5-with-hostpath.yaml

@@ -1,28 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: hostpath-nginx
-spec:
-  terminationGracePeriodSeconds: 30
-  containers:
-  - name: nginx
-    image: nginx
-    volumeMounts:
-    - name: www
-      mountPath: /usr/share/nginx/html/      
-
-  volumes:
-  - name: www
-    hostPath:
-      path: /home/k8s/myFiles
-
-  nodeAffinity:
-    requiredDuringSchedulingIgnoredDuringExecution:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: myData
-          operator: In
-          values:
-          - present
-
-      

k8s/nginx-git.yaml

@@ -1,27 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: nginx-with-git
-spec:
-  terminationGracePeriodSeconds: 0
-  containers:
-  - name: nginx
-    image: nginx
-    volumeMounts:
-    - name: www
-      mountPath: /usr/share/nginx/html/
-  - name: git
-    image: alpine
-    command:
-    - /bin/sh
-    - -c
-    - |
-      apk add git && 
-      git clone https://github.com/octocat/Spoon-Knife /www
-    volumeMounts:
-    - name: www
-      mountPath: /www/
-  volumes:
-  - name: www 
-    emptyDir: {} 
-

k8s/nginx-init.yaml

@@ -1,28 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: nginx-with-git
-spec:
-  terminationGracePeriodSeconds: 0
-  initContainers:
-  - name: git
-    image: alpine
-    command:
-    - /bin/sh
-    - -c
-    - |
-      apk add git && 
-      git clone https://github.com/octocat/Spoon-Knife /www
-    volumeMounts:
-    - name: www
-      mountPath: /www/
-  containers:
-  - name: nginx
-    image: nginx
-    volumeMounts:
-    - name: www
-      mountPath: /usr/share/nginx/html/
-  volumes:
-  - name: www 
-    emptyDir: {} 
-

k8s/nginx.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: my-web
-spec:
-  containers:
-  - name: nginx
-    image: nginx

k8s/ping.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  creationTimestamp: null
-  labels:
-    run: ping
-  name: ping
-spec:
-  terminationGracePeriodSeconds: 0
-  containers:
-  - command:
-    - ping
-    args:
-    - 127.0.0.1
-    image: alpine
-    name: ping
-  dnsPolicy: ClusterFirst
-  restartPolicy: Always
-status: {}

k8s/pizza-1.yaml

@@ -1,14 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: pizzas.container.training
-spec:
-  group: container.training
-  version: v1alpha1
-  scope: Namespaced
-  names:
-    plural: pizzas
-    singular: pizza
-    kind: Pizza
-    shortNames:
-    - piz

k8s/pizza-2.yaml

@@ -1,20 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: pizzas.container.training
-spec:
-  group: container.training
-  scope: Namespaced
-  names:
-    plural: pizzas
-    singular: pizza
-    kind: Pizza
-    shortNames:
-    - piz
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-    schema:
-      openAPIV3Schema:
-        type: object

k8s/pizza-3.yaml

@@ -1,32 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: pizzas.container.training
-spec:
-  group: container.training
-  scope: Namespaced
-  names:
-    plural: pizzas
-    singular: pizza
-    kind: Pizza
-    shortNames:
-    - piz
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-    schema:
-      openAPIV3Schema:
-        type: object
-        required: [ spec ]
-        properties:
-          spec:
-            type: object
-            required: [ sauce, toppings ]
-            properties:
-              sauce:
-                type: string
-              toppings:
-                type: array
-                items:
-                  type: string

k8s/pizza-4.yaml

@@ -1,39 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: pizzas.container.training
-spec:
-  group: container.training
-  scope: Namespaced
-  names:
-    plural: pizzas
-    singular: pizza
-    kind: Pizza
-    shortNames:
-    - piz
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-    schema:
-      openAPIV3Schema:
-        type: object
-        required: [ spec ]
-        properties:
-          spec:
-            type: object
-            required: [ sauce, toppings ]
-            properties:
-              sauce:
-                type: string
-              toppings:
-                type: array
-                items:
-                  type: string
-    additionalPrinterColumns:
-    - jsonPath: .spec.sauce
-      name: Sauce
-      type: string
-    - jsonPath: .spec.toppings
-      name: Toppings
-      type: string

k8s/pizza-5.yaml

@@ -1,40 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: pizzas.container.training
-spec:
-  group: container.training
-  scope: Namespaced
-  names:
-    plural: pizzas
-    singular: pizza
-    kind: Pizza
-    shortNames:
-    - piz
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-    schema:
-      openAPIV3Schema:
-        type: object
-        required: [ spec ]
-        properties:
-          spec:
-            type: object
-            required: [ sauce, toppings ]
-            properties:
-              sauce:
-                type: string
-                enum: [ red, white ]
-              toppings:
-                type: array
-                items:
-                  type: string
-    additionalPrinterColumns:
-    - jsonPath: .spec.sauce
-      name: Sauce
-      type: string
-    - jsonPath: .spec.toppings
-      name: Toppings
-      type: string

k8s/pizzas.yaml

@@ -1,45 +0,0 @@
----
-apiVersion: container.training/v1alpha1
-kind: Pizza
-metadata:
-  name: margherita
-spec:
-  sauce: red
-  toppings:
-    - mozarella
-    - basil
----
-apiVersion: container.training/v1alpha1
-kind: Pizza
-metadata:
-  name: quatrostagioni
-spec:
-  sauce: red
-  toppings:
-    - artichoke
-    - basil
-    - mushrooms
-    - prosciutto
----
-apiVersion: container.training/v1alpha1
-kind: Pizza
-metadata:
-  name: mehl31
-spec:
-  sauce: white
-  toppings:
-    - goatcheese
-    - pear
-    - walnuts
-    - mozzarella
-    - rosemary
-    - honey
----
-apiVersion: container.training/v1alpha1
-kind: Pizza
-metadata:
-  name: brownie
-spec:
-  sauce: chocolate
-  toppings:
-    - nuts

k8s/sampleYaml.yaml

@@ -1,18 +0,0 @@
-name: gerry
-citizenship: US
-height-in-cm: 197
-coder: true
-friends:
-  - Moe
-  - Larry
-  - Curly
-employees:
-  - name: Moe
-    position: dev
-  - name: Larry
-    position: ops
-  - name: Curly
-    position: devOps
-poem: |
-      Mary had a little lamb
-      It was very cute

k8s/sampleYamlAsJson.json

@@ -1,26 +0,0 @@
-{
-  "name": "gerry",
-  "citizenship": "US",
-  "height-in-cm": 197,
-  "coder": true,
-  "friends": [
-    "Moe",
-    "Larry",
-    "Curly"
-  ],
-  "employees": [
-    {
-      "name": "Moe",
-      "position": "dev"
-    },
-    {
-      "name": "Larry",
-      "position": "ops"
-    },
-    {
-      "name": "Curly",
-      "position": "devOps"
-    }
-  ],
-  "poem": "Mary had a little lamb\nIt was very cute\n"
-}

k8s/ytt/1-variables/app.yaml

@@ -1,164 +0,0 @@
-#! Define and use variables.
----
-#@ repository = "dockercoins"
-#@ tag = "v0.1"
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: hasher
-  name: hasher
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: hasher
-  template:
-    metadata:
-      labels:
-        app: hasher
-    spec:
-      containers:
-      - image: #@ "{}/hasher:{}".format(repository, tag)
-        name: hasher
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: hasher
-  name: hasher
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: hasher
-  type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: redis
-  name: redis
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: redis
-  template:
-    metadata:
-      labels:
-        app: redis
-    spec:
-      containers:
-      - image: redis
-        name: redis
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: redis
-  name: redis
-spec:
-  ports:
-  - port: 6379
-    protocol: TCP
-    targetPort: 6379
-  selector:
-    app: redis
-  type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: rng
-  name: rng
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: rng
-  template:
-    metadata:
-      labels:
-        app: rng
-    spec:
-      containers:
-      - image: #@ "{}/rng:{}".format(repository, tag)
-        name: rng
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: rng
-  name: rng
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: rng
-  type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: webui
-  name: webui
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: webui
-  template:
-    metadata:
-      labels:
-        app: webui
-    spec:
-      containers:
-      - image: #@ "{}/webui:{}".format(repository, tag)
-        name: webui
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: webui
-  name: webui
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: webui
-  type: NodePort
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: worker
-  name: worker
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: worker
-  template:
-    metadata:
-      labels:
-        app: worker
-    spec:
-      containers:
-      - image: #@ "{}/worker:{}".format(repository, tag)
-        name: worker

k8s/ytt/2-functions/app.yaml

@@ -1,167 +0,0 @@
-#! Define and use a function to set the deployment image.
----
-#@ repository = "dockercoins"
-#@ tag = "v0.1"
-#@ def image(component):
-#@   return "{}/{}:{}".format(repository, component, tag)
-#@ end
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: hasher
-  name: hasher
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: hasher
-  template:
-    metadata:
-      labels:
-        app: hasher
-    spec:
-      containers:
-      - image: #@ image("hasher")
-        name: hasher
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: hasher
-  name: hasher
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: hasher
-  type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: redis
-  name: redis
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: redis
-  template:
-    metadata:
-      labels:
-        app: redis
-    spec:
-      containers:
-      - image: redis
-        name: redis
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: redis
-  name: redis
-spec:
-  ports:
-  - port: 6379
-    protocol: TCP
-    targetPort: 6379
-  selector:
-    app: redis
-  type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: rng
-  name: rng
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: rng
-  template:
-    metadata:
-      labels:
-        app: rng
-    spec:
-      containers:
-      - image: #@ image("rng")
-        name: rng
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: rng
-  name: rng
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: rng
-  type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: webui
-  name: webui
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: webui
-  template:
-    metadata:
-      labels:
-        app: webui
-    spec:
-      containers:
-      - image: #@ image("webui")
-        name: webui
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: webui
-  name: webui
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: webui
-  type: NodePort
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: worker
-  name: worker
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: worker
-  template:
-    metadata:
-      labels:
-        app: worker
-    spec:
-      containers:
-      - image: #@ image("worker")
-        name: worker

k8s/ytt/3-labels/app.yaml

@@ -1,164 +0,0 @@
-#! Define and use functions, demonstrating how to generate labels.
----
-#@ repository = "dockercoins"
-#@ tag = "v0.1"
-#@ def image(component):
-#@   return "{}/{}:{}".format(repository, component, tag)
-#@ end
-#@ def labels(component):
-#@   return {
-#@     "app": component,
-#@     "container.training/generated-by": "ytt",
-#@   }
-#@ end
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("hasher")
-  name: hasher
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: hasher
-  template:
-    metadata:
-      labels:
-        app: hasher
-    spec:
-      containers:
-      - image: #@ image("hasher")
-        name: hasher
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels: #@ labels("hasher")
-  name: hasher
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: hasher
-  type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("redis")
-  name: redis
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: redis
-  template:
-    metadata:
-      labels:
-        app: redis
-    spec:
-      containers:
-      - image: redis
-        name: redis
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels: #@ labels("redis")
-  name: redis
-spec:
-  ports:
-  - port: 6379
-    protocol: TCP
-    targetPort: 6379
-  selector:
-    app: redis
-  type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("rng")
-  name: rng
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: rng
-  template:
-    metadata:
-      labels:
-        app: rng
-    spec:
-      containers:
-      - image: #@ image("rng")
-        name: rng
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels: #@ labels("rng")
-  name: rng
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: rng
-  type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("webui")
-  name: webui
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: webui
-  template:
-    metadata:
-      labels:
-        app: webui
-    spec:
-      containers:
-      - image: #@ image("webui")
-        name: webui
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels: #@ labels("webui")
-  name: webui
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: webui
-  type: NodePort
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("worker")
-  name: worker
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: worker
-  template:
-    metadata:
-      labels:
-        app: worker
-    spec:
-      containers:
-      - image: #@ image("worker")
-        name: worker

k8s/ytt/4-data/app.yaml

@@ -1,162 +0,0 @@
----
-#@ load("@ytt:data", "data")
-#@ def image(component):
-#@   return "{}/{}:{}".format(data.values.repository, component, data.values.tag)
-#@ end
-#@ def labels(component):
-#@   return {
-#@     "app": component,
-#@     "container.training/generated-by": "ytt",
-#@   }
-#@ end
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("hasher")
-  name: hasher
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: hasher
-  template:
-    metadata:
-      labels:
-        app: hasher
-    spec:
-      containers:
-      - image: #@ image("hasher")
-        name: hasher
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels: #@ labels("hasher")
-  name: hasher
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: hasher
-  type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("redis")
-  name: redis
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: redis
-  template:
-    metadata:
-      labels:
-        app: redis
-    spec:
-      containers:
-      - image: redis
-        name: redis
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels: #@ labels("redis")
-  name: redis
-spec:
-  ports:
-  - port: 6379
-    protocol: TCP
-    targetPort: 6379
-  selector:
-    app: redis
-  type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("rng")
-  name: rng
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: rng
-  template:
-    metadata:
-      labels:
-        app: rng
-    spec:
-      containers:
-      - image: #@ image("rng")
-        name: rng
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels: #@ labels("rng")
-  name: rng
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: rng
-  type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("webui")
-  name: webui
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: webui
-  template:
-    metadata:
-      labels:
-        app: webui
-    spec:
-      containers:
-      - image: #@ image("webui")
-        name: webui
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels: #@ labels("webui")
-  name: webui
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: webui
-  type: NodePort
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("worker")
-  name: worker
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: worker
-  template:
-    metadata:
-      labels:
-        app: worker
-    spec:
-      containers:
-      - image: #@ image("worker")
-        name: worker

k8s/ytt/4-data/schema.yaml

@@ -1,4 +0,0 @@
-#@data/values-schema
----
-repository: dockercoins
-tag: v0.1

k8s/ytt/5-factor/app.yaml

@@ -1,54 +0,0 @@
----
-#@ load("@ytt:data", "data")
----
-#@ def Deployment(component, repository=data.values.repository, tag=data.values.tag):
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: #@ component
-    container.training/generated-by: ytt
-  name: #@ component
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: #@ component
-  template:
-    metadata:
-      labels:
-        app: #@ component
-    spec:
-      containers:
-      - image: #@ repository + "/" + component + ":" + tag
-        name: #@ component
-#@ end
----
-#@ def Service(component, port=80, type="ClusterIP"):
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: #@ component
-    container.training/generated-by: ytt
-  name: #@ component
-spec:
-  ports:
-  - port: #@ port
-    protocol: TCP
-    targetPort: #@ port
-  selector:
-    app: #@ component
-  type: #@ type
-#@ end
----
---- #@ Deployment("hasher")
---- #@ Service("hasher")
---- #@ Deployment("redis", repository="library", tag="latest")
---- #@ Service("redis", port=6379)
---- #@ Deployment("rng")
---- #@ Service("rng")
---- #@ Deployment("webui")
---- #@ Service("webui", type="NodePort")
---- #@ Deployment("worker")
----

k8s/ytt/5-factor/schema.yaml

@@ -1,4 +0,0 @@
-#@data/values-schema
----
-repository: dockercoins
-tag: v0.1

k8s/ytt/6-template/app.yaml

@@ -1,56 +0,0 @@
----
-#@ load("@ytt:data", "data")
-#@ load("@ytt:template", "template")
----
-#@ def component(name, repository=data.values.repository, tag=data.values.tag, port=None, type="ClusterIP"):
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: #@ name
-    container.training/generated-by: ytt
-  name: #@ name
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: #@ name
-  template:
-    metadata:
-      labels:
-        app: #@ name
-    spec:
-      containers:
-      - image: #@ repository + "/" + name + ":" + tag
-        name: #@ name
-        #@ if/end port==80:
-        readinessProbe:
-          httpGet:
-            port: #@ port
-#@ if port != None:
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: #@ name
-    container.training/generated-by: ytt
-  name: #@ name
-spec:
-  ports:
-  - port: #@ port
-    protocol: TCP
-    targetPort: #@ port
-  selector:
-    app: #@ name
-  type: #@ type
-#@ end
-#@ end
----
---- #@ template.replace(component("hasher", port=80))
---- #@ template.replace(component("redis", repository="library", tag="latest", port=6379))
---- #@ template.replace(component("rng", port=80))
---- #@ template.replace(component("webui", port=80, type="NodePort"))
---- #@ template.replace(component("worker"))
----

k8s/ytt/6-template/schema.yaml

@@ -1,4 +0,0 @@
-#@data/values-schema
----
-repository: dockercoins
-tag: v0.1

k8s/ytt/7-morevalues/app.yaml

@@ -1,65 +0,0 @@
----
-#@ load("@ytt:data", "data")
-#@ load("@ytt:template", "template")
----
-#@ def component(name, repository, tag, port=None, type="ClusterIP"):
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: #@ name
-    container.training/generated-by: ytt
-  name: #@ name
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: #@ name
-  template:
-    metadata:
-      labels:
-        app: #@ name
-    spec:
-      containers:
-      - image: #@ repository + "/" + name + ":" + tag
-        name: #@ name
-        #@ if/end port==80:
-        readinessProbe:
-          httpGet:
-            port: #@ port
-#@ if port != None:
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: #@ name
-    container.training/generated-by: ytt
-  name: #@ name
-spec:
-  ports:
-  - port: #@ port
-    protocol: TCP
-    targetPort: #@ port
-  selector:
-    app: #@ name
-  type: #@ type
-#@ end
-#@ end
----
-#@ defaults = {}
-#@ for name in data.values:
-#@   if name.startswith("_"):
-#@     defaults.update(data.values[name])
-#@   end
-#@ end
----
-#@ for name in data.values:
-#@   if not name.startswith("_"):
-#@     values = dict(name=name)
-#@     values.update(defaults)
-#@     values.update(data.values[name])
---- #@ template.replace(component(**values))
-#@   end
-#@ end

k8s/ytt/7-morevalues/schema.yaml

@@ -1,19 +0,0 @@
-#@data/values-schema
-#! Entries starting with an underscore will hold default values.
-#! Entires NOT starting with an underscore will generate a Deployment
-#! (and a Service if a port number is set).
----
-_default_:
-  repository: dockercoins
-  tag: v0.1
-hasher:
-  port: 80
-redis:
-  repository: library
-  tag: latest
-rng:
-  port: 80
-webui:
-  port: 80
-  type: NodePort
-worker: {}

k8s/ytt/8-library/_ytt_lib/component/deployment.yaml

@@ -1,26 +0,0 @@
-#@ load("@ytt:data", "data")
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: #@ data.values.name
-    container.training/generated-by: ytt
-  name: #@ data.values.name
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: #@ data.values.name
-  template:
-    metadata:
-      labels:
-        app: #@ data.values.name
-    spec:
-      containers:
-      - image: #@ data.values.repository + "/" + data.values.name + ":" + data.values.tag
-        name: #@ data.values.name
-        #@ if/end data.values.port==80:
-        readinessProbe:
-          httpGet:
-            port: #@ data.values.port

k8s/ytt/8-library/_ytt_lib/component/schema.yaml

@@ -1,7 +0,0 @@
-#@data/values-schema
----
-name: component
-repository: dockercoins
-tag: v0.1
-port: 0
-type: ClusterIP

k8s/ytt/8-library/_ytt_lib/component/service.yaml

@@ -1,19 +0,0 @@
-#@ load("@ytt:data", "data")
-#@ if data.values.port > 0:
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: #@ data.values.name
-    container.training/generated-by: ytt
-  name: #@ data.values.name
-spec:
-  ports:
-  - port: #@ data.values.port
-    protocol: TCP
-    targetPort: #@ data.values.port
-  selector:
-    app: #@ data.values.name
-  type: #@ data.values.type
-#@ end

k8s/ytt/8-library/app.yaml

@@ -1,20 +0,0 @@
-#@ load("@ytt:data", "data")
-#@ load("@ytt:library", "library")
-#@ load("@ytt:template", "template")
-#@ 
-#@ component = library.get("component")
-#@ 
-#@ defaults = {}
-#@ for name in data.values:
-#@   if name.startswith("_"):
-#@     defaults.update(data.values[name])
-#@   end
-#@ end
-#@ for name in data.values:
-#@   if not name.startswith("_"):
-#@     values = dict(name=name)
-#@     values.update(defaults)
-#@     values.update(data.values[name])
---- #@ template.replace(component.with_data_values(values).eval())
-#@   end
-#@ end

k8s/ytt/8-library/schema.yaml

@@ -1,19 +0,0 @@
-#@data/values-schema
-#! Entries starting with an underscore will hold default values.
-#! Entires NOT starting with an underscore will generate a Deployment
-#! (and a Service if a port number is set).
----
-_default_:
-  repository: dockercoins
-  tag: v0.1
-hasher:
-  port: 80
-redis:
-  repository: library
-  tag: latest
-rng:
-  port: 80
-webui:
-  port: 80
-  type: NodePort
-worker: {}

k8s/ytt/9-overlay/_ytt_lib/component/deployment.yaml

@@ -1,26 +0,0 @@
-#@ load("@ytt:data", "data")
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: #@ data.values.name
-    container.training/generated-by: ytt
-  name: #@ data.values.name
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: #@ data.values.name
-  template:
-    metadata:
-      labels:
-        app: #@ data.values.name
-    spec:
-      containers:
-      - image: #@ data.values.repository + "/" + data.values.name + ":" + data.values.tag
-        name: #@ data.values.name
-        #@ if/end data.values.port==80:
-        readinessProbe:
-          httpGet:
-            port: #@ data.values.port

k8s/ytt/9-overlay/_ytt_lib/component/schema.yaml

@@ -1,7 +0,0 @@
-#@data/values-schema
----
-name: component
-repository: dockercoins
-tag: v0.1
-port: 0
-type: ClusterIP

k8s/ytt/9-overlay/_ytt_lib/component/service.yaml

@@ -1,19 +0,0 @@
-#@ load("@ytt:data", "data")
-#@ if data.values.port > 0:
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: #@ data.values.name
-    container.training/generated-by: ytt
-  name: #@ data.values.name
-spec:
-  ports:
-  - port: #@ data.values.port
-    protocol: TCP
-    targetPort: #@ data.values.port
-  selector:
-    app: #@ data.values.name
-  type: #@ data.values.type
-#@ end

k8s/ytt/9-overlay/app.yaml

@@ -1,20 +0,0 @@
-#@ load("@ytt:data", "data")
-#@ load("@ytt:library", "library")
-#@ load("@ytt:template", "template")
-#@ 
-#@ component = library.get("component")
-#@ 
-#@ defaults = {}
-#@ for name in data.values:
-#@   if name.startswith("_"):
-#@     defaults.update(data.values[name])
-#@   end
-#@ end
-#@ for name in data.values:
-#@   if not name.startswith("_"):
-#@     values = dict(name=name)
-#@     values.update(defaults)
-#@     values.update(data.values[name])
---- #@ template.replace(component.with_data_values(values).eval())
-#@   end
-#@ end

k8s/ytt/9-overlay/rng-healthcheck.yaml

@@ -1,20 +0,0 @@
-#@ load("@ytt:overlay", "overlay")
-
-#@ def match():
-kind: Deployment
-metadata:
-  name: rng
-#@ end
-
-#@overlay/match by=overlay.subset(match())
----
-spec:
-  template:
-    spec:
-      containers:
-      #@overlay/match by="name"
-      - name: rng
-        readinessProbe:
-          httpGet:
-            #@overlay/match missing_ok=True
-            path: /1

k8s/ytt/9-overlay/schema.yaml

@@ -1,19 +0,0 @@
-#@data/values-schema
-#! Entries starting with an underscore will hold default values.
-#! Entires NOT starting with an underscore will generate a Deployment
-#! (and a Service if a port number is set).
----
-_default_:
-  repository: dockercoins
-  tag: v0.1
-hasher:
-  port: 80
-redis:
-  repository: library
-  tag: latest
-rng:
-  port: 80
-webui:
-  port: 80
-  type: NodePort
-worker: {}

k8s/ytt/9-overlay/worker-scaling.yaml

@@ -1,25 +0,0 @@
-#@ load("@ytt:overlay", "overlay")
-
-#@ def match():
-kind: Deployment
-metadata:
-  name: worker
-#@ end
-
-#! This removes the number of replicas:
-#@overlay/match by=overlay.subset(match())
----
-spec:
-  #@overlay/remove
-  replicas:
-
-#! This overrides it:
-#@overlay/match by=overlay.subset(match())
----
-spec:
-  #@overlay/match missing_ok=True
-  replicas: 10
-
-#! Note that it's not necessary to remove the number of replicas.
-#! We're just presenting both options here (for instance, you might
-#! want to remove the number of replicas if you're using an HPA).

prepare-tf/source/locals.tf

@@ -1,6 +1,6 @@
 resource "random_string" "_" {
   length  = 4
-  numeric = false
+  number  = false
   special = false
   upper   = false
 }

prepare-tf/source/modules/digitalocean/variables.tf

@@ -53,5 +53,5 @@ variable "location" {
 # doctl kubernetes options versions -o json | jq -r .[].slug
 variable "k8s_version" {
   type    = string
-  default = "1.22.8-do.1"
+  default = "1.21.5-do.0"
 }

prepare-tf/source/modules/linode/main.tf

@@ -3,7 +3,7 @@ resource "linode_lke_cluster" "_" {
   tags  = var.common_tags
   # "region" is mandatory, so let's provide a default value if none was given.
   region      = var.location != null ? var.location : "eu-central"
-  k8s_version = local.k8s_version
+  k8s_version = var.k8s_version
 
   pool {
     type  = local.node_type

prepare-tf/source/modules/linode/variables.tf

@@ -51,22 +51,7 @@ variable "location" {
 
 # To view supported versions, run:
 # linode-cli lke versions-list --json | jq -r .[].id
-data "external" "k8s_version" {
-  program = [
-    "sh",
-    "-c",
-    <<-EOT
-      linode-cli lke versions-list --json |
-      jq -r '{"latest": [.[].id] | sort [-1]}'
-    EOT
-  ]
-}
-
 variable "k8s_version" {
   type    = string
-  default = ""
-}
-
-locals {
-  k8s_version = var.k8s_version != "" ? var.k8s_version : data.external.k8s_version.result.latest
+  default = "1.21"
 }

prepare-tf/source/modules/scaleway/variables.tf

@@ -56,5 +56,5 @@ variable "location" {
 # scw k8s version list -o json | jq -r .[].name
 variable "k8s_version" {
   type    = string
-  default = "1.23.6"
+  default = "1.22.2"
 }

prepare-tf/source/stage2.tmpl

@@ -145,15 +145,23 @@ resource "helm_release" "metrics_server_${index}" {
   # but only if it's not already installed.
   count = yamldecode(file("./flags.${index}"))["has_metrics_server"] ? 0 : 1
   provider = helm.cluster_${index}
-  repository = "https://kubernetes-sigs.github.io/metrics-server/"
+  repository = "https://charts.bitnami.com/bitnami"
   chart = "metrics-server"
-  version = "3.8.2"
+  version = "5.8.8"
   name = "metrics-server"
   namespace = "metrics-server"
   create_namespace = true
   set {
-    name = "args"
-    value = "{--kubelet-insecure-tls}"
+    name = "apiService.create"
+    value = "true"
+  }
+  set {
+    name = "extraArgs.kubelet-insecure-tls"
+    value = "true"
+  }
+  set {
+    name = "extraArgs.kubelet-preferred-address-types"
+    value = "InternalIP"
   }
 }
 
@@ -193,6 +201,7 @@ resource "tls_private_key" "cluster_admin_${index}" {
 }
 
 resource "tls_cert_request" "cluster_admin_${index}" {
+  key_algorithm = tls_private_key.cluster_admin_${index}.algorithm
   private_key_pem = tls_private_key.cluster_admin_${index}.private_key_pem
   subject {
     common_name = "cluster-admin"

prepare-vms/lib/commands.sh

@@ -239,14 +239,6 @@ _cmd_docker() {
       sudo ln -sfn /mnt/docker /var/lib/docker
     fi
 
-    # containerd 1.6 breaks Weave.
-    # See https://github.com/containerd/containerd/issues/6921
-    sudo tee /etc/apt/preferences.d/containerd <<EOF
-Package: containerd.io
-Pin: version 1.5.*
-Pin-Priority: 1000
-EOF
-
     # This will install the latest Docker.
     sudo apt-get -qy install apt-transport-https ca-certificates curl software-properties-common
     curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
@@ -435,9 +427,6 @@ EOF
     pssh "
     if i_am_first_node; then
 	kubectl apply -f https://raw.githubusercontent.com/jpetazzo/container.training/master/k8s/metrics-server.yaml
-    #helm upgrade --install metrics-server \
-    #     --repo https://kubernetes-sigs.github.io/metrics-server/ metrics-server \
-    #     --namespace kube-system --set args={--kubelet-insecure-tls}
     fi"
 }
 
@@ -606,16 +595,16 @@ EOF
     fi"
 
     ##VERSION## https://github.com/bitnami-labs/sealed-secrets/releases
-    KUBESEAL_VERSION=0.17.4
-    #case $ARCH in
-    #amd64) FILENAME=kubeseal-linux-amd64;;
-    #arm64) FILENAME=kubeseal-arm64;;
-    #*)     FILENAME=nope;;
-    #esac
-    pssh "
+    KUBESEAL_VERSION=v0.16.0
+    case $ARCH in
+    amd64) FILENAME=kubeseal-linux-amd64;;
+    arm64) FILENAME=kubeseal-arm64;;
+    *)     FILENAME=nope;;
+    esac
+    [ "$FILENAME" = "nope" ] || pssh "
     if [ ! -x /usr/local/bin/kubeseal ]; then
-        curl -fsSL https://github.com/bitnami-labs/sealed-secrets/releases/download/v$KUBESEAL_VERSION/kubeseal-$KUBESEAL_VERSION-linux-$ARCH.tar.gz |
-        sudo tar -zxvf- -C /usr/local/bin kubeseal
+        curl -fsSLo kubeseal https://github.com/bitnami-labs/sealed-secrets/releases/download/$KUBESEAL_VERSION/$FILENAME &&
+        sudo install kubeseal /usr/local/bin
         kubeseal --version
     fi"
 }

prepare-vms/lib/infra/linode.sh

@@ -26,24 +26,12 @@ infra_start() {
         info "          Name: $NAME"
         info " Instance type: $LINODE_TYPE"
         ROOT_PASS="$(base64 /dev/urandom | cut -c1-20 | head -n 1)"
-        MAX_TRY=5
-        TRY=1
-        WAIT=1
-        while ! linode-cli linodes create \
+        linode-cli linodes create \
             --type=${LINODE_TYPE} --region=${LINODE_REGION} \
             --image=linode/ubuntu18.04 \
             --authorized_keys="${LINODE_SSHKEY}" \
             --root_pass="${ROOT_PASS}" \
-            --tags=${TAG} --label=${NAME}; do
-              warning "Failed to create VM (attempt $TRY/$MAX_TRY)."
-              if [ $TRY -ge $MAX_TRY ]; then
-                  die "Giving up."
-              fi
-              info "Waiting $WAIT seconds and retrying."
-              sleep $WAIT
-              TRY=$(($TRY+1))
-              WAIT=$(($WAIT*2))
-            done
+            --tags=${TAG} --label=${NAME}
     done
     sep
 

prepare-vms/settings/admin-oldversion.yaml

@@ -16,7 +16,7 @@ user_password: training
 
 # For a list of old versions, check:
 # https://kubernetes.io/releases/patch-releases/#non-active-branch-history
-kubernetes_version: 1.20.15
+kubernetes_version: 1.18.20
 
 image:
 

slides/autopilot/package.json

@@ -3,7 +3,6 @@
   "version": "0.0.1",
   "dependencies": {
     "express": "^4.16.2",
-    "socket.io": "^4.5.1",
-    "socket.io-client": "^4.5.1"
+    "socket.io": "^2.4.0"
   }
 }

slides/b

@@ -1 +0,0 @@
-./markmaker.py kube.yml >out.html

slides/containers/Compose_For_Dev_Stacks.md

@@ -58,7 +58,7 @@ class: pic
 
   - it uses different concepts (Compose services ≠ Kubernetes services)
 
-  - it needs a Docker Engine (although containerd support might be coming)
+  - it needs a Docker Engine (althought containerd support might be coming)
 
 ---
 

slides/containers/Dockerfile_Tips.md

@@ -111,7 +111,7 @@ CMD ["python", "app.py"]
     RUN wget http://.../foo.tar.gz \
      && tar -zxf foo.tar.gz \
      && mv foo/fooctl /usr/local/bin \
-     && rm -rf foo foo.tar.gz
+     && rm -rf foo
   ...
   ```
 

slides/containers/Getting_Inside.md

@@ -100,11 +100,7 @@ _We will give more details about namespaces and cgroups later._
 * But it is easier to use `docker exec`.
 
 ```bash
-$ docker ps -lq       # Get Last Container ID
-17e4e95e2702
-$ docker exec 17
-
-$ docker exec -ti $(docker ps -lq) sh  # bash-fu version
+$ docker exec -ti ticktock sh
 ```
 
 * This creates a new process (running `sh`) _inside_ the container.

slides/containers/High_Level_View.md

@@ -1,20 +0,0 @@
-
-class: title
-
-# High Level Discussion
-
-![image](images/title-understanding-docker-images.png)
-
----
-
-## White Board Topics  
-
-* What is the real problem that containers solve?
-* What are the inputs to a Unix Process?
-* What is the init Process?
-* Userland vs Kernel
-* The Root File System
-* What is an Overlay File System?
-* Wrapping it all up to represent a container image
-* Deploying Container images
-

slides/containers/Local_Development_Workflow.md

@@ -317,11 +317,9 @@ class: extra-details
 ## Trash your servers and burn your code
 
 *(This is the title of a
-[2013 blog post][immutable-deployments]
+[2013 blog post](http://chadfowler.com/2013/06/23/immutable-deployments.html)
 by Chad Fowler, where he explains the concept of immutable infrastructure.)*
 
-[immutable-deployments]: https://web.archive.org/web/20160305073617/http://chadfowler.com/blog/2013/06/23/immutable-deployments/
-
 --
 
 * Let's majorly mess up our container.

slides/containers/Macro_View.md

@@ -1,318 +0,0 @@
-
-
-class: title
-
-# A Macroscopic View
-
----
-
-## Macroscopic Items
-
-* The business case for containers
-
-* The problem containers are solving
-
-* What applications need
-
-* What is the OS doing provides?
-
----
-
-## What do CIOs worry about?
-
-Who are the CIO's customers?
-
-* Business Units: Need Computers to Run Applications
-  * Peak Capacity
-
-* CFO: Demanding Budget Justifications
-  * Spend Less
-
----
-
-## History of Solutions
-
-For Each Business Application Buy a Machine
-
-* Buy a machine for each application
-
-  * Big enough for Peak Load (CPU, Memory, Disk)
-  
-The Age of VMs
-
-* Buy bigger machines and chop them up into logical machines
-
-  * Distribute your applications as VMs theses machines
-
-* Observe what and when the application load  actually is
-
-  * Possibly rebalance be to inform possibly moving
-
-But Maintaining Machines (Bare Metal or VM) is hard (Patches, Packages, Drivers, etc)
-
----
-
-## What Developers and Ops worry about
-
-* Getting Software deployed
-
-* Mysterious reasons why deployed application doesn't work
-
-    * Developer to Ops:
-
-        * "Hey it works on my development machine..."
-        
-        * "I don't know why it isn't working for ***you***"
-
-        * "Everything ***looks*** the same"
-
-        * "I have no idea what could be different"  
-
----
-
-## The History of Software Deployment
-
-Software Deployment is just a reproducible way to install files:
-
-* Cards
-
-* Tapes
-
-* Floppy Disks
-
-* Zip/Tar Files
-
-* Installation "Files" (rpm/deb/msi)
-
-* VM Images
-
----
-
-## What is the Problem Containers are Solving?
-
-It depends on who you are:
-
-  * For the CIO: Better resource utilization
-
-  * For Ops: Software Distribution
-  
-  * For the Developer & Ops: Reproducible Environment
-
-<BR><BR>
-
-Ummm, but what exactly are containers....
-
-  * Wait a few more slides...
-
----
-
-## Macroscopic view: Applications and the OS
-
-Applications:
-
-* What are the inputs/outputs to a program?
-
-The OS:
-
-* What does the OS provide?
-
----
-
-## What are the inputs/outputs to a program?
-
-Explicitly:
-* Command Line Arguments
-* Environment Variables
-* Standard In
-* Standard Out/Err
-
-Implicitly (via the File System):
-
-* Configuration Files
-* Other Installed Applications
-* Any other files
-
-Also Implicitly
-
-* Memory
-* Network
-
-    
----
-
-
-## What does the OS provide?
-
-* OS Kernel
-    * Kernel loded at boot time
-        * Sets up disk drives, network cards, other hardware, etc
-        * Manages all hardware, processes, memory, etc
-    * Kernel Space
-        * Low level innards of Kernel (fluid internal API)
-        * No direct access by applications of most Kernel functionality
-
-
-* User Space (userland) Processes
-    * Code running outside the Kernel
-    * Very stable shim library access from User Space to Kernel Space (Think "fopen")
-
-* The "init" Process
-    * User Space Process run after Kernel has booted
-    * Always PID 1
-
----
-
-## OS Processes
-
-* Created when an application is launched
-    *  Each has a unique Process ID (PID)
-
-* Provides it its own logical 'view' of all implicit inputs/output when launching app
-    * File System ( root directory, / )
-    * Memory
-    * Network Adaptors
-    * Other running processes
-
----
-
-## What do we mean by "The OS"
-
-Different Linux's
-
-* Ubuntu / Debian; Centos / RHEL; Raspberry Pi; etc
-
-What do they have in common?
-
-* They all have a kernel that provides access to Userland (ie fopen)
-
-* They typically have all the commands (bash, sh, ls, grep, ...)
-
-What may be different?
-
-* May use different versions of the Kernel (4.18, 5.4, ...)
-    * Internally different, but providing same Userland API
-
-* Many other bundled commands, packages and package management tools
-    * Namely what makes it 'Debian' vs 'Centos'
-
----
-
-## What might a 'Minimal' Linux be?
-
-You could actually just have:
-
-* A Linux Kernel
-
-* An application (for simplicity a statically linked C program)
-
-* The kernel configured to run that application as its 'init' process
-
-Would you ever do this?
-
-* Why not? 
-
-    * It certainly would be very secure
-    
----
-
-## So Finally... What are Containers?
-
-Containers just a Linux process that 'thinks' it is it's own machine
-
-* With its own 'view' of things like:
-    * File System ( root directory, / ), Memory, Network Adaptors, Other running processes
-
-* Leverages our understanding that a (logical) Linux Machine is 
-    * A kernel
-    * A bunch of files ( Maybe a few Environment Variables )
-
-Since it is a process running on a host machine
-
-* It uses the kernel of the host machine
-* And of course you need some tools to create the running container process
-
----
-
-## Container Runtimes and Container Images
-
-The Linux kernel actually has no concept of a container.
-
-* There have been many 'container' technologies
-
-* See [A Brief History of containers: From the 1970's till now](https://blog.aquasec.com/a-brief-history-of-containers-from-1970s-chroot-to-docker-2016)
-
-* Over the years more capabilities have been added to the kernel to make it easier
-
-<BR>
-A 'Container technology' is:
-
-* A Container Image Format of the unit of software deployment
-    * A bundle of all the files and miscellaneous configuration 
-
-* A Container Runtime Engine
-    * Software that takes a Container Image and creates a running container
-
----
-
-## The Container Runtime War is now Over
-
-The Cloud Native Computing Foundation (CNCF) has standardized containers
-
-* A standard container image format
-
-* A standard for building and configuring container runtimes
-
-* A standard REST API for loading/downloading container image to a registries 
-
-There primary Container Runtimes are:
-
-* containerd: using the 'docker' Command Line Interface (or Kubernetes)
-
-* CRI-O: using the 'podman' Command Line Interface (or Kubernetes/OpenShift)
-
-* Others exists, for example Singularity which has a history in HPC
-
----
-
-## Linux Namespaces Makes Containers Possible
-
-- Provide processes with their own isolated view of the system.
-
-    - Namespaces limit what you can see (and therefore, what you can use).
-
-- These namespaces are available in modern kernels:
-
-  - pid: processes
-  - net: network
-  - mnt: root file system (ie chroot)
-  - uts: hostname
-  - ipc
-  - user: UID/GID mapping
-  - time: time
-  - cgroup: Resource Monitoring and Limiting
-
-- Each process belongs to one namespace of each type.
-
----
-
-## Namespaces are always active
-
-- Namespaces exist even when you don't use containers.
-
-- This is a bit similar to the UID field in UNIX processes:
-
-  - all processes have the UID field, even if no user exists on the system
-
-  - the field always has a value / the value is always defined
-    <br/>
-    (i.e. any process running on the system has some UID)
-
-  - the value of the UID field is used when checking permissions
-    <br/>
-    (the UID field determines which resources the process can access)
-
-- You can replace "UID field" with "namespace" above and it still works!
-
-- In other words: even when you don't use containers,
-  <br/>there is one namespace of each type, containing all the processes on the system.
-

slides/containers/Training_Environment_And_Tmux.md

@@ -1,224 +0,0 @@
-
-class: title
-
-# Our training environment
-
-![SSH terminal](images/title-our-training-environment.jpg)
-
-
----
-
-class: in-person
-
-## Connecting to your Virtual Machine
-
-You need an SSH client.
-
-* On OS X, Linux, and other UNIX systems, just use `ssh`:
-
-```bash
-$ ssh <login>@<ip-address>
-```
-
-* On Windows, if you don't have an SSH client, you can download:
-
-  * Putty (www.putty.org)
-
-  * Git BASH (https://git-for-windows.github.io/)
-
-  * MobaXterm (https://mobaxterm.mobatek.net/)
-  
----
-
-class: in-person
-
-## Connecting to our lab environment
-
-.lab[
-
-- Log into your VM with your SSH client:
-  ```bash
-  ssh `user`@`A.B.C.D`
-  ```
-
-  (Replace `user` and `A.B.C.D` with the user and IP address provided to you)
-
-
-]
-
-You should see a prompt looking like this:
-```
-[A.B.C.D] (...) user@node1 ~
-$
-```
-If anything goes wrong — ask for help!
-
----
-## Our Docker VM
-
-About the Lab VM
-
-- The VM is created just before the training.
-
-- It will stay up during the whole training.
-
-- It will be destroyed shortly after the training.
-
-- It comes pre-loaded with Docker and some other useful tools.
-
----
-
-## Why don't we run Docker locally?
-
-- I can log into your VMs to help you with labs
-
-- Installing docker is out of the scope of this class (lots of online docs)
-
-    - It's better to spend time learning containers than fiddling with the installer!
-
----
-class: in-person
-
-## `tailhist`
-
-- The shell history of the instructor is available online in real time
-
-- Note the IP address of the instructor's virtual machine (A.B.C.D)
-
-- Open http://A.B.C.D:1088 in your browser and you should see the history
-
-- The history is updated in real time  (using a WebSocket connection)
-
-- It should be green when the WebSocket is connected
-
-  (if it turns red, reloading the page should fix it)
-
-- If you want to play with it on your lab machine, tailhist is installed
-
-    - sudo apt install firewalld
-    - sudo firewall-cmd --add-port=1088/tcp
----
-
-## Checking your Virtual Machine
-
-Once logged in, make sure that you can run a basic Docker command:
-
-.small[
-```bash
-$ docker version
-Client:
- Version:       18.03.0-ce
- API version:   1.37
- Go version:    go1.9.4
- Git commit:    0520e24
- Built:         Wed Mar 21 23:10:06 2018
- OS/Arch:       linux/amd64
- Experimental:  false
- Orchestrator:  swarm
-
-Server:
- Engine:
-  Version:      18.03.0-ce
-  API version:  1.37 (minimum version 1.12)
-  Go version:   go1.9.4
-  Git commit:   0520e24
-  Built:        Wed Mar 21 23:08:35 2018
-  OS/Arch:      linux/amd64
-  Experimental: false
-```
-]
-
-If this doesn't work, raise your hand so that an instructor can assist you!
-
-???
-
-:EN:Container concepts
-:FR:Premier contact avec les conteneurs
-
-:EN:- What's a container engine?
-:FR:- Qu'est-ce qu'un *container engine* ?
-
-
----
-
-## Doing or re-doing the workshop on your own?
-
-- Use something like
-  [Play-With-Docker](http://play-with-docker.com/) or
-  [Play-With-Kubernetes](https://training.play-with-kubernetes.com/)
-
-  Zero setup effort; but environment are short-lived and
-  might have limited resources
-
-- Create your own cluster (local or cloud VMs)
-
-  Small setup effort; small cost; flexible environments
-
-- Create a bunch of clusters for you and your friends
-    ([instructions](https://@@GITREPO@@/tree/master/prepare-vms))
-
-  Bigger setup effort; ideal for group training
-
----
-
-class: self-paced
-
-## Get your own Docker nodes
-
-- If you already have some Docker nodes: great!
-
-- If not: let's get some thanks to Play-With-Docker
-
-.lab[
-
-- Go to http://www.play-with-docker.com/
-
-- Log in
-
-- Create your first node
-
-<!-- ```open http://www.play-with-docker.com/``` -->
-
-]
-
-You will need a Docker ID to use Play-With-Docker.
-
-(Creating a Docker ID is free.)
-
----
-
-## Terminals
-
-Once in a while, the instructions will say:
-<br/>"Open a new terminal."
-
-There are multiple ways to do this:
-
-- create a new window or tab on your machine, and SSH into the VM;
-
-- use screen or tmux on the VM and open a new window from there.
-
-You are welcome to use the method that you feel the most comfortable with.
-
----
-
-## Tmux cheat sheet
-
-[Tmux](https://en.wikipedia.org/wiki/Tmux) is a terminal multiplexer like `screen`.
-
-*You don't have to use it or even know about it to follow along.
-<br/>
-But some of us like to use it to switch between terminals.
-<br/>
-It has been preinstalled on your workshop nodes.*
-
-- Ctrl-b c → creates a new window
-- Ctrl-b n → go to next window
-- Ctrl-b p → go to previous window
-- Ctrl-b " → split window top/bottom
-- Ctrl-b % → split window left/right
-- Ctrl-b Alt-1 → rearrange windows in columns
-- Ctrl-b Alt-2 → rearrange windows in rows
-- Ctrl-b arrows → navigate to other windows
-- Ctrl-b d → detach session
-- tmux attach → re-attach to session

slides/containers/Understanding_Images.md

@@ -1,27 +0,0 @@
-
-
-```bash
-$ docker run -it debian
-root@ef22f9437171:/# apt-get update
-
-root@ef22f9437171:/# apt-get install skopeo
-
-root@ef22f9437171:/# apt-get wget curl jq
-
-root@ef22f9437171:/# skopeo login docker.io -u containertraining -p testaccount
-
-$ docker commit $(docker ps -lq) skop
-```
-
-```bash
-root@0ab665194c4f:~# skopeo copy docker://docker.io/containertraining/test-image-0 dir:/root/test-image-0
-root@0ab665194c4f:~# cd /root/test-image-0
-root@0ab665194c4f:~# jq <manifest.json .layers[].digest
-```
-
-
-Stuff in Exploring-images
-    image-test-0/1/2 + jpg
-
-
-

slides/containers/exploring-images/Dockerfile.test-image-0

@@ -1,20 +0,0 @@
-FROM busybox
-
-ADD verifyImageFiles.sh /
-
-WORKDIR /play
-
-RUN echo "== LAYER 0 ==" && \
-    echo "A is for Aardvark" >A && \
-    echo "B is for Beetle" >B && \
-    mkdir C/ && \
-    echo "A is for Cowboy Allan" >C/CA && \
-    mkdir -p C/CB && \
-    echo "A is for Cowboy Buffalo Alex" >C/CB/CBA && \
-    echo "B is for Cowboy Buffalo Bill" >C/CB/CBB && \
-    echo "Z is for Cowboy Zeke" >> C/CZ && \
-    mkdir D/ && \
-    echo "A is for Detective Alisha" >D/DA && \
-    echo "B is for Detective Betty" >D/DB && \
-    echo "E is for Elephant" >E && \
-    find . >../state.layer-0

slides/containers/exploring-images/Dockerfile.test-image-1

@@ -1,17 +0,0 @@
-FROM test-image-0
-
-WORKDIR /play
-   
-RUN echo "== LAYER 1 ==  Change File B, Create File C/CC, Add Dir C/CD, Remove File E, Create Dir F, Add File G, Create Empty Dir H" && \
-    echo "B is for Butterfly" >B && \
-    echo "C is for Cowboy Chuck">C/CC && \
-    mkdir -p C/CD && \
-    echo "A is for Cowboy Dandy Austin" >C/CD/CDA && \
-    rm E && \
-    mkdir F && \
-    echo "A is for Ferret Albert" >F/FA  && \
-    echo "G is for Gorilla" >G && \
-    mkdir H && \
-    find . >../state.layer-1 
-
-

slides/containers/exploring-images/Dockerfile.test-image-2

@@ -1,18 +0,0 @@
-FROM test-image-1
-
-WORKDIR /play
-
-RUN echo "== LAYER 2 ==  Remove File C/CA, Remove Dir G, Remove Dir D / Replace with new Dir D, Remove Dir C/CB, Remove Dir C/CB, Remove Dir F, Add File G, Remove Dir H / Create File H" && \
-    rm C/CA  && \
-    rm -rf C/CB && \
-    echo "Z is for Cowboy Zoe" >> CZ && \
-    rm -rf D && \
-    mkdir -p D && \
-    echo "A is for Duplicitous Albatros" >D/DA && \
-    rm -rf F && \
-    rm G && \
-    echo "G is for Geccos" >G && \
-    rmdir H \
-    echo "H is for Human" >H && \
-    find . >../state.layer-2
-

slides/containers/exploring-images/testplan.sh

@@ -1,87 +0,0 @@
-clear
-
-baseDir=$(pwd)
-
-rm -rf /tmp/exploringImags
-
-mkdir -p /tmp/exploringImags
-
-cd /tmp/exploringImags
-
-
-echo "== LAYER 0 =="
-
-echo "A is for Aardvark" >A
-echo "B is for Beetle" >B
-
-mkdir C/
-echo "A is for Cowboy Allan" >C/CA
-
-mkdir -p C/CB
-echo "A is for Cowboy Buffalo Alex" >C/CB/CBA
-echo "B is for Cowboy Buffalo Bill" >C/CB/CBB
-
-echo "Z is for Cowboy Zeke" >C/CZ
-
-mkdir D/
-echo "A is for Detective Alisha" >D/DA
-echo "B is for Detective Betty" >D/DB
-
-echo "E is for Elephant" >E
-
-find . >../state.layer-0
-tree | grep -v directories | tee ../tree.layer-0
-
-$baseDir/verifyImageFiles.sh 0 $(pwd)
-
-
-echo "== LAYER 1 ==  Change File B, Create File C/CC, Add Dir C/CD, Remove File E, Create Dir F, Add File G, Create Empty Dir H"
-
-echo "B is for Butterfly" >B
-
-echo "C is for Cowboy Chuck">C/CC
-
-mkdir -p C/CD
-echo "A is for Cowboy Dandy Austin" >C/CD/CDA
-
-rm E
-
-mkdir F
-echo "A is for Ferret Albert" >F/FA 
-
-echo "G is for Gorilla" >G
-
-mkdir H
-
-find . >../state.layer-1
-tree | grep -v directories | tee ../tree.layer-1
-
-$baseDir/verifyImageFiles.sh 1 $(pwd)
-
-
-echo "== LAYER 2 ==  Remove File C/CA, Remove Dir G, Remove Dir D Replace with new Dir D, Remove Dir C/CB, Remove Dir C/CB, Add File H/HA, Add File, Create Dir I"
-
-rm C/CA 
-
-rm -rf C/CB
-
-echo "Z is for Cowboy Zoe" >C/CZ
-
-rm -rf D
-mkdir -p D
-echo "A is for Duplicitous Albatros" >D/DA
-
-rm -rf F
-
-rm -rf G
-echo "G is for Geccos" >G
-
-rmdir H
-echo "H is for Human" >H
-
-
-find . >../state.layer-2
-tree | grep -v directories | tee ../tree.layer-2
-
-$baseDir/verifyImageFiles.sh 2 $(pwd)
-

slides/containers/exploring-images/verifyImageFiles.sh

@@ -1,88 +0,0 @@
-
-fileContentsCompare() {
-    layer=$1
-    text=$2
-    file=$(pwd)/$3
-
-    if [ -f "$file" ]; then
-
-        fileContents=$(cat $file)
-
-        if [ "$fileContents" != "$text" ]; then
-            echo In Layer $layer Unexpected contents in file: $file
-            echo -- Contents: $fileContents
-            echo -- Expected: $text
-        fi
-    else 
-        echo Missing File $file in Layer $layer
-    fi
-}
-
-checkLayer() {
-    layer=$1
-
-    find . >/tmp/state
-
-
-    if [[ $(diff /tmp/state $targetDir/../state.layer-$layer) ]]; then
-      echo Directory Structure mismatch in layer: $layer 
-      diff /tmp/state $targetDir/../state.layer-$layer
-    fi
-
-    case $layer in
-        0)
-            fileContentsCompare $layer "A is for Aardvark" A
-            fileContentsCompare $layer "B is for Beetle" B
-            fileContentsCompare $layer "A is for Cowboy Allan" C/CA
-            fileContentsCompare $layer "A is for Cowboy Buffalo Alex" C/CB/CBA
-            fileContentsCompare $layer "B is for Cowboy Buffalo Bill" C/CB/CBB
-            fileContentsCompare $layer "Z is for Cowboy Zeke"  C/CZ
-            fileContentsCompare $layer "A is for Detective Alisha" D/DA
-            fileContentsCompare $layer "B is for Detective Betty" D/DB
-            fileContentsCompare $layer "E is for Elephant" E
-            ;;
-
-        # echo "== LAYER 1 ==  Change File B, Create File C/CC, Add Dir C/CD, Remove File E, Create Dir F, Add File G, Create Empty Dir H"
-        1)
-            fileContentsCompare $layer "A is for Aardvark" A
-            fileContentsCompare $layer "B is for Butterfly" B                       ## CHANGED FILE B
-            fileContentsCompare $layer "A is for Cowboy Allan" C/CA
-            fileContentsCompare $layer "A is for Cowboy Buffalo Alex" C/CB/CBA
-            fileContentsCompare $layer "B is for Cowboy Buffalo Bill" C/CB/CBB
-            fileContentsCompare $layer "C is for Cowboy Chuck" C/CC                 ## ADDED FILE C/CC
-            fileContentsCompare $layer "A is for Cowboy Dandy Austin" C/CD/CDA      ## ADDED DIR C/CD, ADDED FILE C/CD/CDA
-            fileContentsCompare $layer "Z is for Cowboy Zeke"  C/CZ
-            fileContentsCompare $layer "A is for Detective Alisha" D/DA
-            fileContentsCompare $layer "B is for Detective Betty" D/DB
-                                                                                    ## REMOVED FILE E
-            fileContentsCompare $layer "A is for Ferret Albert" F/FA                ## ADDED DIR F, ADDED FILE F/A
-            fileContentsCompare $layer "G is for Gorilla" G                         ## ADDED G
-                                                                                    ## CREATED EMPTY DIR H
-            ;;
-
-        # echo "== LAYER 2 ==  Remove File C/CA, Remove Dir C/CB, Remove Dir C/CB, Remove Dir D Replace with new Dir D, Delete and Recreatee File G, Add File H/HA Create Dir I"
-        2)  
-            fileContentsCompare $layer "A is for Aardvark" A
-            fileContentsCompare $layer "B is for Butterfly" B
-                                                                                    ## REMOVED FILE C/CA
-                                                                                    ## REMOVED DIR C/CB
-            fileContentsCompare $layer "C is for Cowboy Chuck" C/CC
-            fileContentsCompare $layer "A is for Cowboy Dandy Austin" C/CD/CDA
-            fileContentsCompare $layer "Z is for Cowboy Zoe"  C/CZ                     ## CHANGED FILE C/CZ
-                                                                                    ## REMOVE DIR D
-            fileContentsCompare $layer "A is for Duplicitous Albatros" D/DA         ## RECREATE DIR D, ADD FILE D/DA
-            fileContentsCompare $layer "G is for Geccos" G                          ## DELETED FILE G, ADDED FILE G (Implicit CHANGED)
-            fileContentsCompare $layer "H is for Human"  H                          ## ADDED FILE H
-            ;;
-
-    esac 
-}
-
-
-
-layer=$1
-targetDir=$2
-
-echo VERIFYING LAYER $layer
-
-checkLayer $layer

slides/containers/intro.md

@@ -13,7 +13,7 @@
 - ... Or be comfortable spending some time reading the Docker
  [documentation](https://docs.docker.com/) ...
 
-- ... And looking for answers in the [Docker forums](https://forums.docker.com),
+- ... And looking for answers in the [Docker forums](forums.docker.com),
   [StackOverflow](http://stackoverflow.com/questions/tagged/docker),
   and other outlets
 

slides/containers/software-deployment.md

@@ -1,120 +0,0 @@
-# Container Based Software Deployment
-
----
-
-class: pic
-
-
-![dummmy](containers/software-deployment/slide-1.jpg)	
-
----
-
-class: pic
-
-
-![dummmy](containers/software-deployment/slide-2.jpg)	
-
----
-
-class: pic
-
-
-![dummmy](containers/software-deployment/slide-3.jpg)	
-
----
-
-class: pic
-
-
-![dummmy](containers/software-deployment/slide-4.jpg)	
-
----
-
-class: pic
-
-
-![dummmy](containers/software-deployment/slide-5.jpg)	
-
----
-
-class: pic
-
-
-![dummmy](containers/software-deployment/slide-6.jpg)
-
----
-
-class: pic
-
-
-![dummmy](containers/software-deployment/slide-7.jpg)
-
----
-
-class: pic
-
-
-![dummmy](containers/software-deployment/slide-8.jpg)
-
----
-
-class: pic
-
-
-![dummmy](containers/software-deployment/slide-9.jpg)
-
----
-
-class: pic
-
-
-![dummmy](containers/software-deployment/slide-10.jpg)
-
----
-
-class: pic
-
-
-![dummmy](containers/software-deployment/slide-11.jpg)
-
----
-
-class: pic
-
-
-![dummmy](containers/software-deployment/slide-12.jpg)
-
----
-
-class: pic
-
-
-![dummmy](containers/software-deployment/slide-13.jpg)
-
----
-
-class: pic
-
-
-![dummmy](containers/software-deployment/slide-14.jpg)
-
----
-
-class: pic
-
-
-![dummmy](containers/software-deployment/slide-15.jpg)
-
----
-
-class: pic
-
-
-![dummmy](containers/software-deployment/slide-16.jpg)
-
----
-
-class: pic
-
-
-![dummmy](containers/software-deployment/slide-17.jpg)

slides/intro-fullday.yml

@@ -1,71 +0,0 @@
-title: |
-  Introduction
-  to Containers
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-content:
-- shared/title.md
-- logistics.md
-- containers/intro.md
-- shared/about-slides.md
-- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
--
-  #- containers/Docker_Overview.md
-  #- containers/Docker_History.md
-  - containers/Training_Environment.md
-  #- containers/Installing_Docker.md
-  - containers/First_Containers.md
-  - containers/Background_Containers.md
-  #- containers/Start_And_Attach.md
-  - containers/Naming_And_Inspecting.md
-  #- containers/Labels.md
-  - containers/Getting_Inside.md
-  - containers/Initial_Images.md
--
-  - containers/Building_Images_Interactively.md
-  - containers/Building_Images_With_Dockerfiles.md
-  - containers/Cmd_And_Entrypoint.md
-  - containers/Copying_Files_During_Build.md
-  - containers/Exercise_Dockerfile_Basic.md
--
-  - containers/Container_Networking_Basics.md
-  #- containers/Network_Drivers.md
-  - containers/Local_Development_Workflow.md
-  - containers/Container_Network_Model.md
-  - containers/Compose_For_Dev_Stacks.md
-  - containers/Exercise_Composefile.md
--
-  - containers/Multi_Stage_Builds.md
-  #- containers/Publishing_To_Docker_Hub.md
-  - containers/Dockerfile_Tips.md
-  - containers/Exercise_Dockerfile_Advanced.md
-  #- containers/Docker_Machine.md
-  #- containers/Advanced_Dockerfiles.md
-  #- containers/Buildkit.md
-  #- containers/Init_Systems.md
-  #- containers/Application_Configuration.md
-  #- containers/Logging.md
-  #- containers/Namespaces_Cgroups.md
-  #- containers/Copy_On_Write.md
-  #- containers/Containers_From_Scratch.md
-  #- containers/Container_Engines.md
-  #- containers/Pods_Anatomy.md
-  #- containers/Ecosystem.md
-  #- containers/Orchestration_Overview.md
-  - shared/thankyou.md
-  - containers/links.md

slides/intro-selfpaced.yml

@@ -1,72 +0,0 @@
-title: |
-  Introduction
-  to Containers
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- in-person
-
-content:
-- shared/title.md
-# - shared/logistics.md
-- containers/intro.md
-- shared/about-slides.md
-#- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
-- - containers/Docker_Overview.md
-  - containers/Docker_History.md
-  - containers/Training_Environment.md
-  - containers/Installing_Docker.md
-  - containers/First_Containers.md
-  - containers/Background_Containers.md
-  - containers/Start_And_Attach.md
-- - containers/Initial_Images.md
-  - containers/Building_Images_Interactively.md
-  - containers/Building_Images_With_Dockerfiles.md
-  - containers/Cmd_And_Entrypoint.md
-  - containers/Copying_Files_During_Build.md
-  - containers/Exercise_Dockerfile_Basic.md
-- - containers/Multi_Stage_Builds.md
-  - containers/Publishing_To_Docker_Hub.md
-  - containers/Dockerfile_Tips.md
-  - containers/Exercise_Dockerfile_Advanced.md
-- - containers/Naming_And_Inspecting.md
-  - containers/Labels.md
-  - containers/Getting_Inside.md
-- - containers/Container_Networking_Basics.md
-  - containers/Network_Drivers.md
-  - containers/Container_Network_Model.md
-  #- containers/Connecting_Containers_With_Links.md
-  - containers/Ambassadors.md
-- - containers/Local_Development_Workflow.md
-  - containers/Windows_Containers.md
-  - containers/Working_With_Volumes.md
-  - containers/Compose_For_Dev_Stacks.md
-  - containers/Exercise_Composefile.md
-  - containers/Docker_Machine.md
-- - containers/Advanced_Dockerfiles.md
-  - containers/Buildkit.md
-  - containers/Init_Systems.md
-  - containers/Application_Configuration.md
-  - containers/Logging.md
-  - containers/Resource_Limits.md
-- - containers/Namespaces_Cgroups.md
-  - containers/Copy_On_Write.md
-  #- containers/Containers_From_Scratch.md
-- - containers/Container_Engines.md
-  - containers/Pods_Anatomy.md
-  - containers/Ecosystem.md
-  - containers/Orchestration_Overview.md
-  - shared/thankyou.md
-  - containers/links.md

slides/intro-twodays.yml

@@ -1,80 +0,0 @@
-title: |
-  Introduction
-  to Containers
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-content:
-- shared/title.md
-- logistics.md
-- containers/intro.md
-- shared/about-slides.md
-- shared/chat-room-im.md
-#- shared/chat-room-slack.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
-- # DAY 1
-  - containers/Docker_Overview.md
-  #- containers/Docker_History.md
-  - containers/Training_Environment.md
-  - containers/First_Containers.md
-  - containers/Background_Containers.md
-  - containers/Initial_Images.md
--
-  - containers/Building_Images_Interactively.md
-  - containers/Building_Images_With_Dockerfiles.md
-  - containers/Cmd_And_Entrypoint.md
-  - containers/Copying_Files_During_Build.md
-  - containers/Exercise_Dockerfile_Basic.md
--
-  - containers/Dockerfile_Tips.md
-  - containers/Multi_Stage_Builds.md
-  - containers/Publishing_To_Docker_Hub.md
-  - containers/Exercise_Dockerfile_Advanced.md
--
-  - containers/Naming_And_Inspecting.md
-  - containers/Labels.md
-  - containers/Start_And_Attach.md
-  - containers/Getting_Inside.md
-  - containers/Resource_Limits.md
-- # DAY 2
-  - containers/Container_Networking_Basics.md
-  - containers/Network_Drivers.md
-  - containers/Container_Network_Model.md
--
-  - containers/Local_Development_Workflow.md
-  - containers/Working_With_Volumes.md
-  - containers/Compose_For_Dev_Stacks.md
-  - containers/Exercise_Composefile.md
--
-  - containers/Installing_Docker.md
-  - containers/Container_Engines.md
-  - containers/Init_Systems.md
-  - containers/Advanced_Dockerfiles.md
-  - containers/Buildkit.md
--
-  - containers/Application_Configuration.md
-  - containers/Logging.md
-  - containers/Orchestration_Overview.md
--
-  - shared/thankyou.md
-  - containers/links.md
-#-
-  #- containers/Docker_Machine.md
-  #- containers/Ambassadors.md
-  #- containers/Namespaces_Cgroups.md
-  #- containers/Copy_On_Write.md
-  #- containers/Containers_From_Scratch.md
-  #- containers/Pods_Anatomy.md
-  #- containers/Ecosystem.md

slides/k8s/alias-and-references.md

@@ -1,46 +0,0 @@
-
-
-# External References && kubectl Aliases
-
-Class Slides:    https://2022-09-nr1.container.training/
-    
-Kubectl Cheat Sheet:    https://kubernetes.io/docs/reference/kubectl/cheatsheet/
-
-Kubernetes API Object and kubectl Explorers
-
--   https://github.com/GerrySeidman/Kubernetes-Explorer
-
-Gerry Kubernetes Storage Converence Talks
-
--   Vault '20:     https://www.usenix.org/conference/vault20/presentation/seidman
-- Data and Dev '21:  https://www.youtube.com/watch?v=k_8rWPwJ_38
-
-Gerry Seidman’s Info
-
-- gerry.seidman@ardanlabs.com
-- https://www.linkedin.com/in/gerryseidman/
-
-
----
-
-## Kubectl Aliases
-
-```bash
-alias k='kubectl'
-alias kg='kubectl get'
-alias kl='kubectl logs'
-alias ka='kubectl apply -f'
-alias kd='kubectl delete'
-alias kdf='kubectl delete -f'
-alias kb='kubectl describe'
-alias kex='kubectl explain'
-alias kx='kubectl expose'
-alias kr='kubectl run'
-alias ke='kubectl edit'
-```     
-Note the below is only because of a quirk in how the lab VMs were installed:
-```bash
-echo 'kubectl exec -it $1 -- /bin/sh'  >kx
-chmod +x kx
-sudo mv kx /usr/local/bin/kx
-```

slides/k8s/authn-authz.md

@@ -168,7 +168,7 @@ class: extra-details
 
   (`O=system:nodes`, `CN=system:node:name-of-the-node`)
 
-- The Kubernetes API can act as a CA
+- The Kubernetse API can act as a CA
 
   (by wrapping an X509 CSR into a CertificateSigningRequest resource)
 

slides/k8s/cainjector.md

@@ -1,60 +0,0 @@
-## CA injector - overview
-
-- The Kubernetes API server can invoke various webhooks:
-
-  - conversion webhooks (registered in CustomResourceDefinitions)
-
-  - mutation webhooks (registered in MutatingWebhookConfigurations)
-
-  - validation webhooks (registered in ValidatingWebhookConfiguration)
-
-- These webhooks must be served over TLS
-
-- These webhooks must use valid TLS certificates
-
----
-
-## Webhook certificates
-
-- Option 1: certificate issued by a global CA
-
-  - doesn't work with internal services
-    <br/>
-    (their CN must be `<servicename>.<namespace>.svc`)
-
-- Option 2: certificate issued by private CA + CA certificate in system store
-
-  - requires access to API server certificates tore
-
-  - generally not doable on managed Kubernetes clusters
-
-- Option 3: certificate issued by private CA + CA certificate in `caBundle`
-
-  - pass the CA certificate in `caBundle` field
-    <br/>
-    (in CRD or webhook manifests)
-
-  - can be managed automatically by cert-manager
-
----
-
-## CA injector - details
-
-- Add annotation to *injectable* resource
-  (CustomResouceDefinition, MutatingWebhookConfiguration, ValidatingWebhookConfiguration)
-
-- Annotation refers to the thing holding the certificate:
-
-  - `cert-manager.io/inject-ca-from: <namespace>/<certificate>`
-
-  - `cert-manager.io/inject-ca-from-secret: <namespace>/<secret>`
-
-  - `cert-manager.io/inject-apiserver-ca: true` (use API server CA)
-
-- When injecting from a Secret, the Secret must have a special annotation:
-
-  `cert-manager.io/allow-direct-injection: "true"`
-
-- See [cert-manager documentation][docs] for details
-
-[docs]: https://cert-manager.io/docs/concepts/ca-injector/

slides/k8s/cluster-upgrade.md

@@ -81,7 +81,7 @@
 
 ## What version are we running anyway?
 
-- When I say, "I'm running Kubernetes 1.20", is that the version of:
+- When I say, "I'm running Kubernetes 1.18", is that the version of:
 
   - kubectl
 
@@ -157,15 +157,15 @@
 
 ## Kubernetes uses semantic versioning
 
-- Kubernetes versions look like MAJOR.MINOR.PATCH; e.g. in 1.20.15:
+- Kubernetes versions look like MAJOR.MINOR.PATCH; e.g. in 1.18.20:
 
   - MAJOR = 1
-  - MINOR = 20
-  - PATCH = 15
+  - MINOR = 18
+  - PATCH = 20
 
 - It's always possible to mix and match different PATCH releases
 
-  (e.g. 1.20.0 and 1.20.15 are compatible)
+  (e.g. 1.18.20 and 1.18.15 are compatible)
 
 - It is recommended to run the latest PATCH release
 
@@ -181,9 +181,9 @@
 
 - All components support a difference of one¹ MINOR version
 
-- This allows live upgrades (since we can mix e.g. 1.20 and 1.21)
+- This allows live upgrades (since we can mix e.g. 1.18 and 1.19)
 
-- It also means that going from 1.20 to 1.22 requires going through 1.21
+- It also means that going from 1.18 to 1.20 requires going through 1.19
 
 .footnote[¹Except kubelet, which can be up to two MINOR behind API server,
 and kubectl, which can be one MINOR ahead or behind API server.]
@@ -254,7 +254,7 @@ and kubectl, which can be one MINOR ahead or behind API server.]
   sudo vim /etc/kubernetes/manifests/kube-apiserver.yaml
   ```
 
-- Look for the `image:` line, and update it to e.g. `v1.24.0`
+- Look for the `image:` line, and update it to e.g. `v1.19.0`
 
 ]
 
@@ -308,11 +308,11 @@ and kubectl, which can be one MINOR ahead or behind API server.]
 
 ]
 
-Note 1: kubeadm thinks that our cluster is running 1.24.0.
+Note 1: kubeadm thinks that our cluster is running 1.19.0.
 <br/>It is confused by our manual upgrade of the API server!
 
-Note 2: kubeadm itself is still version 1.20.15..
-<br/>It doesn't know how to upgrade do 1.21.X.
+Note 2: kubeadm itself is still version 1.18.20..
+<br/>It doesn't know how to upgrade do 1.19.X.
 
 ---
 
@@ -335,28 +335,28 @@ Note 2: kubeadm itself is still version 1.20.15..
 ]
 
 Problem: kubeadm doesn't know know how to handle
-upgrades from version 1.20.
+upgrades from version 1.18.
 
-This is because we installed version 1.24 (or even later).
+This is because we installed version 1.22 (or even later).
 
-We need to install kubeadm version 1.21.X.
+We need to install kubeadm version 1.19.X.
 
 ---
 
 ## Downgrading kubeadm
 
-- We need to go back to version 1.21.X.
+- We need to go back to version 1.19.X.
 
 .lab[
 
 - View available versions for package `kubeadm`:
   ```bash
-  apt show kubeadm -a | grep ^Version | grep 1.21
+  apt show kubeadm -a | grep ^Version | grep 1.19
   ```
 
 - Downgrade kubeadm:
   ```
-  sudo apt install kubeadm=1.21.0-00
+  sudo apt install kubeadm=1.19.8-00
   ```
 
 - Check what kubeadm tells us:
@@ -366,7 +366,7 @@ We need to install kubeadm version 1.21.X.
 
 ]
 
-kubeadm should now agree to upgrade to 1.21.X.
+kubeadm should now agree to upgrade to 1.19.8.
 
 ---
 
@@ -464,9 +464,9 @@ kubeadm should now agree to upgrade to 1.21.X.
   ```bash
     for N in 1 2 3; do
       ssh oldversion$N "
-        sudo apt install kubeadm=1.21.14-00 &&
+        sudo apt install kubeadm=1.19.8-00 &&
         sudo kubeadm upgrade node &&
-        sudo apt install kubelet=1.21.14-00"
+        sudo apt install kubelet=1.19.8-00"
     done
   ```
 ]
@@ -475,7 +475,7 @@ kubeadm should now agree to upgrade to 1.21.X.
 
 ## Checking what we've done
 
-- All our nodes should now be updated to version 1.21.14
+- All our nodes should now be updated to version 1.19.8
 
 .lab[
 
@@ -492,7 +492,7 @@ class: extra-details
 
 ## Skipping versions
 
-- This example worked because we went from 1.20 to 1.21
+- This example worked because we went from 1.18 to 1.19
 
 - If you are upgrading from e.g. 1.16, you will have to go through 1.17 first