😈 Demonware advanced Kubernetes custom content

Seems to help with AT&T fiber router.
(Actually it takes a longer delay to make a difference,
like 10 seconds, but this patch makes the delay configurable.)

.gitignore

@@ -2,11 +2,14 @@
 *.swp
 *~
 
-prepare-vms/tags
-prepare-vms/infra
-prepare-vms/www
-
-prepare-tf/tag-*
+**/terraform.tfstate
+**/terraform.tfstate.backup
+prepare-labs/terraform/lab-environments
+prepare-labs/terraform/many-kubernetes/one-kubernetes-config/config.tf
+prepare-labs/terraform/many-kubernetes/one-kubernetes-module/*.tf
+prepare-labs/terraform/tags
+prepare-labs/terraform/virtual-machines/openstack/*.tfvars
+prepare-labs/www
 
 slides/*.yml.html
 slides/autopilot/state.yaml
@@ -26,3 +29,4 @@ node_modules
 Thumbs.db
 ehthumbs.db
 ehthumbs_vista.db
+

k8s/dashboard-insecure.yaml

@@ -17,8 +17,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 ---
@@ -30,8 +30,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-certs
   namespace: kubernetes-dashboard
 type: Opaque
@@ -43,8 +43,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-csrf
   namespace: kubernetes-dashboard
 type: Opaque
@@ -56,8 +56,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-key-holder
   namespace: kubernetes-dashboard
 type: Opaque
@@ -71,8 +71,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-settings
   namespace: kubernetes-dashboard
 ---
@@ -84,8 +84,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-metrics
 rules:
 - apiGroups:
@@ -106,8 +106,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-metrics
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -126,8 +126,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 rules:
@@ -182,8 +182,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 roleRef:
@@ -204,8 +204,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
     kubernetes.io/cluster-service: "true"
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
@@ -229,8 +229,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 spec:
@@ -253,8 +253,8 @@ spec:
         app.kubernetes.io/instance: kubernetes-dashboard
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: kubernetes-dashboard
-        app.kubernetes.io/version: 2.6.1
-        helm.sh/chart: kubernetes-dashboard-5.10.0
+        app.kubernetes.io/version: 2.7.0
+        helm.sh/chart: kubernetes-dashboard-6.0.0
     spec:
       containers:
       - args:
@@ -262,7 +262,7 @@ spec:
         - --sidecar-host=http://127.0.0.1:8000
         - --enable-skip-login
         - --enable-insecure-login
-        image: kubernetesui/dashboard:v2.6.1
+        image: kubernetesui/dashboard:v2.7.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:

k8s/dashboard-recommended.yaml

@@ -17,8 +17,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 ---
@@ -30,8 +30,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-certs
   namespace: kubernetes-dashboard
 type: Opaque
@@ -43,8 +43,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-csrf
   namespace: kubernetes-dashboard
 type: Opaque
@@ -56,8 +56,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-key-holder
   namespace: kubernetes-dashboard
 type: Opaque
@@ -71,8 +71,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-settings
   namespace: kubernetes-dashboard
 ---
@@ -84,8 +84,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-metrics
 rules:
 - apiGroups:
@@ -106,8 +106,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-metrics
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -126,8 +126,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 rules:
@@ -182,8 +182,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 roleRef:
@@ -204,8 +204,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
     kubernetes.io/cluster-service: "true"
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
@@ -229,8 +229,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 spec:
@@ -253,15 +253,15 @@ spec:
         app.kubernetes.io/instance: kubernetes-dashboard
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: kubernetes-dashboard
-        app.kubernetes.io/version: 2.6.1
-        helm.sh/chart: kubernetes-dashboard-5.10.0
+        app.kubernetes.io/version: 2.7.0
+        helm.sh/chart: kubernetes-dashboard-6.0.0
     spec:
       containers:
       - args:
         - --namespace=kubernetes-dashboard
         - --auto-generate-certificates
         - --sidecar-host=http://127.0.0.1:8000
-        image: kubernetesui/dashboard:v2.6.1
+        image: kubernetesui/dashboard:v2.7.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:

k8s/dashboard-with-token.yaml

@@ -17,8 +17,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 ---
@@ -30,8 +30,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-certs
   namespace: kubernetes-dashboard
 type: Opaque
@@ -43,8 +43,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-csrf
   namespace: kubernetes-dashboard
 type: Opaque
@@ -56,8 +56,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-key-holder
   namespace: kubernetes-dashboard
 type: Opaque
@@ -71,8 +71,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-settings
   namespace: kubernetes-dashboard
 ---
@@ -84,8 +84,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-metrics
 rules:
 - apiGroups:
@@ -106,8 +106,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard-metrics
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -126,8 +126,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 rules:
@@ -182,8 +182,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 roleRef:
@@ -204,8 +204,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
     kubernetes.io/cluster-service: "true"
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
@@ -229,8 +229,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.6.1
-    helm.sh/chart: kubernetes-dashboard-5.10.0
+    app.kubernetes.io/version: 2.7.0
+    helm.sh/chart: kubernetes-dashboard-6.0.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 spec:
@@ -253,15 +253,15 @@ spec:
         app.kubernetes.io/instance: kubernetes-dashboard
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: kubernetes-dashboard
-        app.kubernetes.io/version: 2.6.1
-        helm.sh/chart: kubernetes-dashboard-5.10.0
+        app.kubernetes.io/version: 2.7.0
+        helm.sh/chart: kubernetes-dashboard-6.0.0
     spec:
       containers:
       - args:
         - --namespace=kubernetes-dashboard
         - --auto-generate-certificates
         - --sidecar-host=http://127.0.0.1:8000
-        image: kubernetesui/dashboard:v2.6.1
+        image: kubernetesui/dashboard:v2.7.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
@@ -344,3 +344,12 @@ metadata:
   creationTimestamp: null
   name: cluster-admin
   namespace: kubernetes-dashboard
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/service-account-token
+metadata:
+  name: cluster-admin-token
+  namespace: kubernetes-dashboard
+  annotations:
+    kubernetes.io/service-account.name: cluster-admin

k8s/hpa-v2-pa-httplat.yaml

@@ -1,5 +1,5 @@
 kind: HorizontalPodAutoscaler
-apiVersion: autoscaling/v2beta2
+apiVersion: autoscaling/v2
 metadata:
   name: rng
 spec:

k8s/kyverno-pod-color-2.yaml

@@ -15,10 +15,10 @@ spec:
     - key: "{{ request.operation }}"
       operator: Equals
       value: UPDATE
-    - key: "{{ request.oldObject.metadata.labels.color }}"
+    - key: "{{ request.oldObject.metadata.labels.color || '' }}"
       operator: NotEquals
       value: ""
-    - key: "{{ request.object.metadata.labels.color }}"
+    - key: "{{ request.object.metadata.labels.color || '' }}"
       operator: NotEquals
       value: ""
     validate:

k8s/kyverno-pod-color-3.yaml

@@ -15,10 +15,10 @@ spec:
     - key: "{{ request.operation }}"
       operator: Equals
       value: UPDATE
-    - key: "{{ request.oldObject.metadata.labels.color }}"
+    - key: "{{ request.oldObject.metadata.labels.color || '' }}"
       operator: NotEquals
       value: ""
-    - key: "{{ request.object.metadata.labels.color }}"
+    - key: "{{ request.object.metadata.labels.color || '' }}"
       operator: Equals
       value: ""
     validate:

k8s/pod-disruption-budget.yaml

@@ -0,0 +1,13 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: my-pdb
+spec:
+  #minAvailable: 2
+  #minAvailable: 90%
+  maxUnavailable: 1
+  #maxUnavailable: 10%
+  selector:
+    matchLabels:
+      app: my-app
+

k8s/traefik-v2.yaml

@@ -1,36 +1,44 @@
 ---
 apiVersion: v1
+kind: Namespace
+metadata:
+  name: traefik
+---
+apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: traefik-ingress-controller
-  namespace: kube-system
+  name: traefik
+  namespace: traefik
 ---
 kind: DaemonSet
 apiVersion: apps/v1
 metadata:
-  name: traefik-ingress-controller
-  namespace: kube-system
+  name: traefik
+  namespace: traefik
   labels:
-    k8s-app: traefik-ingress-lb
+    app: traefik
 spec:
   selector:
     matchLabels:
-      k8s-app: traefik-ingress-lb
+      app: traefik
   template:
     metadata:
       labels:
-        k8s-app: traefik-ingress-lb
-        name: traefik-ingress-lb
+        app: traefik
+        name: traefik
     spec:
       tolerations:
       - effect: NoSchedule
         operator: Exists
-      hostNetwork: true
-      serviceAccountName: traefik-ingress-controller
+      # If, for some reason, our CNI plugin doesn't support hostPort,
+      # we can enable hostNetwork instead. That should work everywhere
+      # but it doesn't provide the same isolation.
+      #hostNetwork: true
+      serviceAccountName: traefik
       terminationGracePeriodSeconds: 60
       containers:
-      - image: traefik:v2.5
-        name: traefik-ingress-lb
+      - image: traefik:v2.10
+        name: traefik
         ports:
         - name: http
           containerPort: 80
@@ -61,7 +69,7 @@ spec:
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: traefik-ingress-controller
+  name: traefik
 rules:
   - apiGroups:
       - ""
@@ -73,14 +81,6 @@ rules:
       - get
       - list
       - watch
-  - apiGroups:
-      - extensions
-    resources:
-      - ingresses
-    verbs:
-      - get
-      - list
-      - watch
   - apiGroups:
       - networking.k8s.io
     resources:
@@ -94,15 +94,15 @@ rules:
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: traefik-ingress-controller
+  name: traefik
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: traefik-ingress-controller
+  name: traefik
 subjects:
 - kind: ServiceAccount
-  name: traefik-ingress-controller
-  namespace: kube-system
+  name: traefik
+  namespace: traefik
 ---
 kind: IngressClass
 apiVersion: networking.k8s.io/v1

k8s/update-dashboard-yaml.sh

@@ -70,4 +70,15 @@ add_namespace() {
   kubectl create serviceaccount -n kubernetes-dashboard cluster-admin \
           -o yaml --dry-run=client \
           # 
+  echo ---
+  cat <<EOF
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/service-account-token
+metadata:
+  name: cluster-admin-token
+  namespace: kubernetes-dashboard
+  annotations:
+    kubernetes.io/service-account.name: cluster-admin
+EOF
 ) > dashboard-with-token.yaml

prepare-labs/README.md

@@ -0,0 +1,222 @@
+# Tools to create lab environments
+
+This directory contains tools to create lab environments for Docker and Kubernetes courses and workshops.
+
+It also contains Terraform configurations that can be used stand-alone to create simple Kubernetes clusters.
+
+Assuming that you have installed all the necessary dependencies, and placed cloud provider access tokens in the right locations, you could do, for instance:
+
+```bash
+# For a Docker course with 50 students,
+# create 50 VMs on Digital Ocean.
+./labctl create --students 50 --settings settings/docker.env --provider digitalocean
+
+# For a Kubernetes training with 20 students,
+# create 20 clusters of 4 VMs each using kubeadm,
+# on a private Openstack cluster.
+./labctl create --students 20 --settings settings/kubernetes.env --provider openstack/enix
+
+# For a Kubernetes workshop with 80 students,
+# create 80 clusters with 2 VMs each,
+# using Scaleway Kapsule (managed Kubernetes).
+./labctl create --students 20 --settings settings/mk8s.env --provider scaleway --mode mk8s
+```
+
+Interested? Read on!
+
+## Software requirements
+
+For Docker labs and Kubernetes labs based on kubeadm:
+
+- [Parallel SSH](https://github.com/lilydjwg/pssh)
+  (should be installable with `pip install git+https://github.com/lilydjwg/pssh`;
+  on a Mac, try `brew install pssh`)
+
+For all labs:
+
+- Terraform
+
+If you want to generate printable cards:
+
+- [pyyaml](https://pypi.python.org/pypi/PyYAML)
+- [jinja2](https://pypi.python.org/pypi/Jinja2)
+
+These require Python 3. If you are on a Mac, see below for specific instructions on setting up
+Python 3 to be the default Python on a Mac. In particular, if you installed `mosh`, Homebrew
+may have changed your default Python to Python 2.
+
+You will also need an account with the cloud provider(s) that you want to use to deploy the lab environments.
+
+## Cloud provider account(s) and credentials
+
+These scripts create VMs or Kubernetes cluster on cloud providers, so you will need cloud provider account(s) and credentials.
+
+Generally, we try to use the credentials stored in the configuration file used by the cloud providers CLI tools.
+
+This means, for instance, that for Linode, if you install `linode-cli` and configure it properly, it will place your credentials in `~/.config/linode-cli`, and our Terraform configurations will try to read that file and use the credentials in it.
+
+You don't **have to** install the CLI tools of the cloud provider(s) that you want to use; but we recommend that you do.
+
+If you want to provide your cloud credentials through other means, you will have to adjust the Terraform configuration files in `terraform/provider-config` accordingly.
+
+Here is where we look for credentials for each provider:
+
+- AWS: Terraform defaults; see [AWS provider documentation][creds-aws] (for instance, you can use the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables, or AWS config and profile files)
+- Azure: Terraform defaults; see [AzureRM provider documentation][creds-azure] (typically, you can authenticate with the `az` CLI and Terraform will pick it up automatically)
+- Civo: CLI configuration file (`~/.civo.json`)
+- Digital Ocean: CLI configuration file (`~/.config/doctl/config.yaml`)
+- Exoscale: CLI configuration file (`~/.config/exoscale/exoscale.toml`)
+- Google Cloud: FIXME, note that the project name is currently hard-coded to `prepare-tf`
+- Hetzner: CLI configuration file (`~/.config/hcloud/cli.toml`)
+- Linode: CLI configuration file (`~/.config/linode-cli`)
+- OpenStack: you will need to write a tfvars file (check [that exemple](terraform/virtual-machines/openstack/tfvars.example))
+- Oracle: Terraform defaults; see [OCI provider documentation][creds-oci] (for instance, you can set up API keys; or you can use a short-lived token generated by the OCI CLI with `oci session authenticate`)
+- OVH: Terraform defaults; see [OVH provider documentation][creds-ovh] (this typically involves setting up 5 `OVH_...` environment variables)
+- Scaleway: Terraform defaults; see [Scaleway provider documentation][creds-scw] (for instance, you can set environment variables, but it will also automatically pick up CLI authentication from `~/.config/scw/config.yaml`)
+
+[creds-aws]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration
+[creds-azure]: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#authenticating-to-azure
+[creds-oci]: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformproviderconfiguration.htm#authentication
+[creds-ovh]: https://registry.terraform.io/providers/ovh/ovh/latest/docs#provider-configuration
+[creds-scw]: https://registry.terraform.io/providers/scaleway/scaleway/latest/docs#authentication
+
+## General Workflow
+
+- fork/clone repo
+- make sure your cloud credentials have been configured properly
+- run `./labctl create ...` to create lab environments
+- run `./labctl destroy ...` when you don't need the environments anymore
+
+## Customizing things
+
+You can edit the `settings/*.env` files, for instance to change the size of the clusters, the login or password used for the students...
+
+Note that these files are sourced before executing any operation on a specific set of lab environments, which means that you can set Terraform variables by adding lines like the following one in the `*.env` files:
+
+```bash
+export TF_VAR_node_size=GP1.L
+export TF_VAR_location=eu-north
+```
+
+## `./labctl` Usage
+
+If you run `./labctl` without arguments, it will show a list of available commands.
+
+### Summary of What `./labctl` Does For You
+
+The script will create a Terraform configuration using a provider-specific template.
+
+There are two modes: `pssh` and `mk8s`.
+
+In `pssh` mode, students connect directly to the virtual machines using SSH.
+
+The Terraform configuration creates a bunch of virtual machines, then the provisioning and configuration are done with `pssh`. There are a number of "steps" that are executed on the VMs, to install Docker, install a number of convenient tools, install and set up Kubernetes (if needed)... The list of "steps" to be executed is configured in the `settings/*.env` file.
+
+In `mk8s` mode, students don't connect directly to the virtual machines. Instead, they connect to an SSH server running in a Pod (using the `jpetazzo/shpod` image), itself running on a Kubernetes cluster. The Kubernetes cluster is a managed cluster created by the Terraform configuration.
+
+## `terraform` directory structure and principles
+
+Legend:
+- `📁` directory
+- `📄` file
+- `📄📄📄` multiple files
+- `🌍` Terraform configuration that can be used "as-is"
+
+```
+📁terraform
+├── 📁list-locations
+│   └── 📄📄📄 helper scripts
+│              (to list available locations for each provider)
+├── 📁many-kubernetes
+│   └── 📄📄📄 Terraform configuration template 
+│              (used in mk8s mode)
+├── 📁one-kubernetes
+│   │ (contains Terraform configurations that can spawn
+│   │  a single Kubernetes cluster on a given provider)
+│   ├── 📁🌍aws
+│   ├── 📁🌍civo
+│   ├── 📄common.tf
+│   ├── 📁🌍digitalocean
+│   └── ...
+├── 📁providers
+│   ├── 📁aws
+│   │   ├── 📄config.tf
+│   │   └── 📄variables.tf
+│   ├── 📁azure
+│   │   ├── 📄config.tf
+│   │   └── 📄variables.tf
+│   ├── 📁civo
+│   │   ├── 📄config.tf
+│   │   └── 📄variables.tf
+│   ├── 📁digitalocean
+│   │   ├── 📄config.tf
+│   │   └── 📄variables.tf
+│   └── ...
+├── 📁tags
+│   │ (contains Terraform configurations + other files 
+│   │  for a specific set of VMs or K8S clusters; these
+│   │  are created by labctl)
+│   ├── 📁2023-03-27-10-04-79-jp
+│   ├── 📁2023-03-27-10-07-41-jp
+│   ├── 📁2023-03-27-10-16-418-jp
+│   └── ...
+└── 📁virtual-machines
+    │ (contains Terraform configurations that can spawn
+    │  a bunch of virtual machines on a given provider)
+    ├── 📁🌍aws
+    ├── 📁🌍azure
+    ├── 📄common.tf
+    ├── 📁🌍digitalocean
+    └── ...
+```
+
+The directory structure can feel a bit overwhelming at first, but it's built with specific goals in mind.
+
+**Consistent input/output between providers.** The per-provider configurations in `one-kubernetes` all take the same input variables, and provide the same output variables. Same thing for the per-provider configurations in `virtual-machines`.
+
+**Don't repeat yourself.** As much as possible, common variables, definitions, and logic has been factored in the `common.tf` file that you can see in `one-kubernetes` and `virtual-machines`. That file is then symlinked in each provider-specific directory, to make sure that all providers use the same version of the `common.tf` file.
+
+**Don't repeat yourself (again).** The things that are specific to each provider have been placed in the `providers` directory, and are shared between the `one-kubernetes` and the `virtual-machines` configurations. Specifically, for each provider, there is `config.tf` (which contains provider configuration, e.g. how to obtain the credentials for that provider) and `variables.tf` (which contains default values like which location and which VM size to use).
+
+**Terraform configurations should work in `labctl` or standalone, without extra work.** The Terraform configurations (identified by 🌍 in the directory tree above) can be used directly. Just go to one of these directories, `terraform init`, `terraform apply`, and you're good to go. But they can also be used from `labctl`. `labctl` shouldn't barf out if you did a `terraform apply` in one of these directories (because it will only copy the `*.tf` files, and leave alone the other files, like the Terraform state).
+
+The latter means that it should be easy to tweak these configurations, or create a new one, without having to use `labctl` to test it. It also means that if you want to use these configurations but don't care about `labctl`, you absolutely can!
+
+## Miscellaneous info
+
+### Making sure Python3 is the default (Mac only)
+
+Check the `/usr/local/bin/python` symlink. It should be pointing to
+`/usr/local/Cellar/python/3`-something. If it isn't, follow these
+instructions.
+
+1) Verify that Python 3 is installed.
+
+```
+ls -la /usr/local/Cellar/Python
+```
+
+You should see one or more versions of Python 3. If you don't,
+install it with `brew install python`.
+
+2) Verify that `python` points to Python3.
+ 
+```
+ls -la /usr/local/bin/python
+```
+
+If this points to `/usr/local/Cellar/python@2`, then we'll need to change it.
+
+```
+rm /usr/local/bin/python
+ln -s /usr/local/Cellar/Python/xxxx /usr/local/bin/python
+# where xxxx is the most recent Python 3 version you saw above
+```
+
+### AWS specific notes
+
+Initial assumptions are you're using a root account. If you'd like to use a IAM user, it will need the right permissions. For `pssh` mode, that includes at least `AmazonEC2FullAccess` and `IAMReadOnlyAccess`.
+
+In `pssh` mode, the Terraform configuration currently uses the default VPC and Security Group. If you want to use another one, you'll have to make changes to `terraform/virtual-machines/aws`.
+
+The default VPC Security Group does not open any ports from Internet by default. So you'll need to add Inbound rules for `SSH | TCP | 22 | 0.0.0.0/0` and `Custom TCP Rule | TCP | 8000 - 8002 | 0.0.0.0/0`.

prepare-labs/cleanup.sh

@@ -0,0 +1,33 @@
+#!/bin/sh
+
+case "$1-$2" in
+linode-lb)
+  linode-cli nodebalancers list --json | 
+    jq '.[] | select(.label | startswith("ccm-")) | .id' | 
+    xargs -n1 -P10 linode-cli nodebalancers delete
+  ;;
+linode-pvc)
+  linode-cli volumes list --json | 
+    jq '.[] | select(.label | startswith("pvc")) | .id' | 
+    xargs -n1 -P10 linode-cli volumes delete
+  ;;
+digitalocean-lb)
+  doctl compute load-balancer list --output json | 
+    jq .[].id |
+    xargs -n1 -P10 doctl compute load-balancer delete --force
+  ;;
+digitalocean-pvc)
+  doctl compute volume list --output json |
+    jq '.[] | select(.name | startswith("pvc-")) | .id' | 
+    xargs -n1 -P10 doctl compute volume delete --force
+  ;;
+scaleway-pvc)
+  scw instance volume list --output json |
+    jq '.[] | select(.name | contains("_pvc-")) | .id' |
+    xargs -n1 -P10 scw instance volume delete
+  ;;
+*)
+  echo "Unknown combination of provider ('$1') and resource ('$2')."
+  ;;
+esac
+

prepare-labs/dns-cloudflare.sh

@@ -0,0 +1,59 @@
+#!/bin/sh
+#set -eu
+
+if ! command -v http >/dev/null; then
+  echo "Could not find the 'http' command line tool."
+  echo "Please install it (the package name might be 'httpie')."
+  exit 1
+fi
+
+. ~/creds/creds.cloudflare.dns
+
+cloudflare() {
+  case "$1" in
+  GET|POST|DELETE)
+    METHOD="$1"
+    shift
+    ;;
+  *)
+    METHOD=""
+    ;;
+  esac
+  URI=$1
+  shift
+  http --ignore-stdin $METHOD https://api.cloudflare.com/client/v4/$URI "$@" "Authorization:Bearer $CLOUDFLARE_TOKEN"
+}
+
+_list_zones() {
+  cloudflare zones | jq -r .result[].name
+}
+
+_get_zone_id() {
+  cloudflare zones?name=$1 | jq -r .result[0].id
+}
+
+_populate_zone() {
+  ZONE_ID=$(_get_zone_id $1)
+  shift
+  for IPADDR in $*; do
+    cloudflare zones/$ZONE_ID/dns_records "name=*" "type=A" "content=$IPADDR"
+    cloudflare zones/$ZONE_ID/dns_records "name=\@" "type=A" "content=$IPADDR"
+  done
+}
+
+_clear_zone() {
+  ZONE_ID=$(_get_zone_id $1)
+  for RECORD_ID in $(
+    cloudflare zones/$ZONE_ID/dns_records  | jq -r .result[].id
+  ); do
+    cloudflare DELETE zones/$ZONE_ID/dns_records/$RECORD_ID
+  done
+}
+
+_add_zone() {
+  cloudflare zones "name=$1"
+}
+
+echo "This script is still work in progress."
+echo "You can source it and then use its individual functions."
+

prepare-labs/dns-gandi.py

@@ -2,16 +2,16 @@
 """
 There are two ways to use this script:
 
-1. Pass a file name and a tag name as a single argument.
-It will load a list of domains from the given file (one per line),
-and assign them to the clusters corresponding to that tag.
-There should be more domains than clusters.
-Example: ./map-dns.py domains.txt 2020-08-15-jp
-
-2. Pass a domain as the 1st argument, and IP addresses then.
+1. Pass a domain as the 1st argument, and IP addresses then.
 It will configure the domain with the listed IP addresses.
 Example: ./map-dns.py open-duck.site 1.2.3.4 2.3.4.5 3.4.5.6
 
+2. Pass two files names as argument, in which case the first
+file should contain a list of domains, and the second a list of
+groups of IP addresses, with one group per line.
+There should be more domains than groups of addresses.
+Example: ./map-dns.py domains.txt tags/2020-08-15-jp/clusters.txt
+
 In both cases, the domains should be configured to use GANDI LiveDNS.
 """
 import os
@@ -30,18 +30,9 @@ domain_or_domain_file = sys.argv[1]
 if os.path.isfile(domain_or_domain_file):
   domains = open(domain_or_domain_file).read().split()
   domains = [ d for d in domains if not d.startswith('#') ]
-  ips_file_or_tag = sys.argv[2]
-  if os.path.isfile(ips_file_or_tag):
-    lines = open(ips_file_or_tag).read().split('\n')
-    clusters = [line.split() for line in lines]
-  else:
-    ips = open(f"tags/{ips_file_or_tag}/ips.txt").read().split()
-    settings_file = f"tags/{tag}/settings.yaml"
-    clustersize = yaml.safe_load(open(settings_file))["clustersize"]
-    clusters = []
-    while ips:
-      clusters.append(ips[:clustersize])
-      ips = ips[clustersize:]
+  clusters_file = sys.argv[2]
+  lines = open(clusters_file).read().split('\n')
+  clusters = [line.split() for line in lines]
 else:
   domains = [domain_or_domain_file]
   clusters = [sys.argv[2:]]

prepare-labs/dns-netlify.sh

@@ -12,13 +12,31 @@
   echo "$0 del <recordid>"
   echo ""
   echo "Example to create a A record for eu.container.training:"
-  echo "$0 add eu 185.145.250.0"
+  echo "$0 add eu A 185.145.250.0"
   echo ""
   exit 1
 }
 
-NETLIFY_USERID=$(jq .userId < ~/.config/netlify/config.json)
-NETLIFY_TOKEN=$(jq -r .users[$NETLIFY_USERID].auth.token < ~/.config/netlify/config.json)
+NETLIFY_CONFIG_FILE=~/.config/netlify/config.json
+if ! [ "$DOMAIN" ]; then
+  DOMAIN=container.training
+fi
+
+if ! [ -f "$NETLIFY_CONFIG_FILE" ]; then
+  echo "Could not find Netlify configuration file ($NETLIFY_CONFIG_FILE)."
+  echo "Try to run the following command, and try again:"
+  echo "npx netlify-cli login"
+  exit 1
+fi
+
+if ! command -v http >/dev/null; then
+  echo "Could not find the 'http' command line tool."
+  echo "Please install it (the package name might be 'httpie')."
+  exit 1
+fi
+
+NETLIFY_USERID=$(jq .userId < "$NETLIFY_CONFIG_FILE")
+NETLIFY_TOKEN=$(jq -r .users[$NETLIFY_USERID].auth.token < "$NETLIFY_CONFIG_FILE")
 
 netlify() {
   URI=$1
@@ -27,31 +45,33 @@ netlify() {
 }
 
 ZONE_ID=$(netlify dns_zones |
-          jq -r '.[] | select ( .name == "container.training" ) | .id')
+          jq -r '.[] | select ( .name == "'$DOMAIN'" ) | .id')
 
 _list() {
   netlify dns_zones/$ZONE_ID/dns_records |
-    jq -r '.[] | select(.type=="A") | [.hostname, .type, .value, .id] | @tsv'
+    jq -r '.[] | select(.type=="A" or .type=="AAAA") | [.hostname, .type, .value, .id] | @tsv' |
+    sort |
+    column --table
 }
 
 _add() {
-  NAME=$1.container.training
-  ADDR=$2
-
+  NAME=$1.$DOMAIN
+  TYPE=$2
+  VALUE=$3
 
   # It looks like if we create two identical records, then delete one of them,
   # Netlify DNS ends up in a weird state (the name doesn't resolve anymore even
   # though it's still visible through the API and the website?)
 
   if netlify dns_zones/$ZONE_ID/dns_records |
-          jq '.[] | select(.hostname=="'$NAME'" and .type=="A" and .value=="'$ADDR'")' |
+          jq '.[] | select(.hostname=="'$NAME'" and .type=="'$TYPE'" and .value=="'$VALUE'")' |
           grep .
   then
     echo "It looks like that record already exists. Refusing to create it."
     exit 1
   fi
 
-  netlify dns_zones/$ZONE_ID/dns_records type=A hostname=$NAME value=$ADDR ttl=300
+  netlify dns_zones/$ZONE_ID/dns_records type=$TYPE hostname=$NAME value=$VALUE ttl=300
 
   netlify dns_zones/$ZONE_ID/dns_records |
           jq '.[] | select(.hostname=="'$NAME'")'
@@ -70,7 +90,7 @@ case "$1" in
     _list
     ;;
   add)
-    _add $2 $3
+    _add $2 $3 $4
     ;;
   del)
     _del $2

prepare-labs/konk.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+
+# deploy big cluster
+#TF_VAR_node_size=g6-standard-6 \
+#TF_VAR_nodes_per_cluster=5 \
+#TF_VAR_location=eu-west \
+
+TF_VAR_node_size=PRO2-XS \
+TF_VAR_nodes_per_cluster=5 \
+TF_VAR_location=fr-par-2 \
+./labctl create --mode mk8s --settings settings/mk8s.env --provider scaleway --tag konk
+
+# set kubeconfig file
+cp tags/konk/stage2/kubeconfig.101 ~/kubeconfig
+
+# set external_ip labels
+kubectl get nodes -o=jsonpath='{range .items[*]}{.metadata.name} {.status.addresses[?(@.type=="ExternalIP")].address}{"\n"}{end}' |
+while read node address; do
+  kubectl label node $node external_ip=$address
+done
+
+# vcluster all the things
+./labctl create --settings settings/mk8s.env --provider vcluster --mode mk8s --students 50

prepare-labs/labctl

@@ -21,10 +21,13 @@ DEPENDENCIES="
     man
     pssh
     ssh
-    wkhtmltopdf
     yq
     "
 
+UNUSED_DEPENDENCIES="
+    wkhtmltopdf
+"
+
 # Check for missing dependencies, and issue a warning if necessary.
 missing=0
 for dependency in $DEPENDENCIES; do

prepare-labs/lib/cli.sh

@@ -50,20 +50,6 @@ sep() {
     fi
 }
 
-need_infra() {
-    if [ -z "$1" ]; then
-        die "Please specify infrastructure file. (e.g.: infra/aws)"
-    fi
-    if [ "$1" = "--infra" ]; then
-        die "The infrastructure file should be passed directly to this command. Remove '--infra' and try again."
-    fi
-    if [ ! -f "$1" ]; then
-        die "Infrastructure file $1 doesn't exist."
-    fi
-    . "$1"
-    . "lib/infra/$INFRACLASS.sh"
-}
-
 need_tag() {
     if [ -z "$TAG" ]; then
         die "Please specify a tag. To see available tags, run: $0 tags"
@@ -71,25 +57,12 @@ need_tag() {
     if [ ! -d "tags/$TAG" ]; then
         die "Tag $TAG not found (directory tags/$TAG does not exist)."
     fi
-    for FILE in settings.yaml ips.txt infra.sh; do
+    for FILE in settings.env ips.txt; do
         if [ ! -f "tags/$TAG/$FILE" ]; then
           warning "File tags/$TAG/$FILE not found."
         fi
     done
-    . "tags/$TAG/infra.sh"
-    . "lib/infra/$INFRACLASS.sh"
-}
-
-need_settings() {
-    if [ -z "$1" ]; then
-        die "Please specify a settings file. (e.g.: settings/kube101.yaml)"
-    fi
-    if [ ! -f "$1" ]; then
-        die "Settings file $1 doesn't exist."
+    if [ -f "tags/$TAG/settings.env" ]; then
+        . tags/$TAG/settings.env
     fi
 }
-
-need_login_password() {
-    USER_LOGIN=$(yq -r .user_login < tags/$TAG/settings.yaml)
-    USER_PASSWORD=$(yq -r .user_password < tags/$TAG/settings.yaml)
-}

prepare-labs/lib/containerd-config.toml

@@ -0,0 +1,7 @@
+version = 2
+[plugins."io.containerd.grpc.v1.cri".containerd]
+default_runtime_name = "runc"
+[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+runtime_type = "io.containerd.runc.v2"
+[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+SystemdCgroup = true

prepare-labs/lib/pssh.sh

@@ -16,18 +16,18 @@ pssh() {
     }
 
     echo "[parallel-ssh] $@"
-    export PSSH=$(which pssh || which parallel-ssh)
 
-    case "$INFRACLASS" in
-        hetzner) LOGIN=root ;;
-        linode)  LOGIN=root ;;
-        *)       LOGIN=ubuntu ;;
-    esac
+    # There are some routers that really struggle with the number of TCP
+    # connections that we open when deploying large fleets of clusters.
+    # We're adding a 1 second delay here, but this can be cranked up if
+    # necessary - or down to zero, too.
+    sleep ${PSSH_DELAY_PRE-1}
 
-    $PSSH -h $HOSTFILE -l $LOGIN \
-        --par 100 \
+    $(which pssh || which parallel-ssh) -h $HOSTFILE -l ubuntu \
+        --par ${PSSH_PARALLEL_CONNECTIONS-100} \
         --timeout 300 \
         -O LogLevel=ERROR \
+        -O IdentityFile=tags/$TAG/id_rsa \
         -O UserKnownHostsFile=/dev/null \
         -O StrictHostKeyChecking=no \
         -O ForwardAgent=yes \

prepare-labs/settings/admin-kubenet.env

@@ -0,0 +1,21 @@
+CLUSTERSIZE=3
+
+CLUSTERPREFIX=kubenet
+CLUSTERNUMBER=100
+
+USER_LOGIN=k8s
+USER_PASSWORD=training
+
+STEPS="
+  wait
+  standardize
+  clusterize
+  tools
+  docker
+  createuser
+  webssh
+  tailhist
+  kubebins
+  kubetools
+  ips
+"

prepare-labs/settings/admin-kuberouter.env

@@ -0,0 +1,21 @@
+CLUSTERSIZE=3
+
+CLUSTERPREFIX=kuberouter
+CLUSTERNUMBER=200
+
+USER_LOGIN=k8s
+USER_PASSWORD=training
+
+STEPS="
+  wait
+  standardize
+  clusterize
+  tools
+  docker
+  createuser
+  webssh
+  tailhist
+  kubebins
+  kubetools
+  ips
+"

prepare-labs/settings/admin-monokube.env

@@ -0,0 +1,26 @@
+CLUSTERSIZE=1
+
+CLUSTERPREFIX=monokube
+
+# We're sticking to this in the first DMUC lab,
+# because it still works with Docker, and doesn't
+# require a ServiceAccount signing key.
+KUBEVERSION=1.19.11
+
+USER_LOGIN=k8s
+USER_PASSWORD=training
+
+STEPS="
+  wait
+  standardize
+  clusterize
+  tools
+  docker
+  disabledocker
+  createuser
+  webssh
+  tailhist
+  kubebins
+  kubetools
+  ips
+"

prepare-labs/settings/admin-oldversion.env

@@ -0,0 +1,25 @@
+CLUSTERSIZE=3
+
+CLUSTERPREFIX=oldversion
+
+USER_LOGIN=k8s
+USER_PASSWORD=training
+
+# For a list of old versions, check:
+# https://kubernetes.io/releases/patch-releases/#non-active-branch-history
+KUBEVERSION=1.24.14
+
+STEPS="
+  wait
+  standardize
+  clusterize
+  tools
+  docker
+  createuser
+  webssh
+  tailhist
+  kubepkgs
+  kubeadm
+  kubetools
+  kubetest
+"

prepare-labs/settings/admin-polykube.env

@@ -0,0 +1,20 @@
+CLUSTERSIZE=3
+
+CLUSTERPREFIX=polykube
+
+USER_LOGIN=k8s
+USER_PASSWORD=training
+
+STEPS="
+  wait
+  standardize
+  clusterize
+  tools
+  kubepkgs
+  kubebins
+  createuser
+  webssh
+  tailhist
+  kubetools
+  ips
+"

prepare-labs/settings/admin-test.env

@@ -0,0 +1,21 @@
+CLUSTERSIZE=3
+
+CLUSTERPREFIX=test
+
+USER_LOGIN=k8s
+USER_PASSWORD=training
+
+STEPS="
+  wait
+  standardize
+  clusterize
+  tools
+  docker
+  createuser
+  webssh
+  tailhist
+  kubepkgs
+  kubeadm
+  kubetools
+  kubetest
+"

prepare-labs/settings/docker.env

@@ -0,0 +1,19 @@
+CLUSTERSIZE=1
+
+CLUSTERPREFIX=moby
+
+USER_LOGIN=docker
+USER_PASSWORD=training
+
+STEPS="
+  wait
+  standardize
+  clusterize
+  tools
+  docker
+  createuser
+  webssh
+  tailhist
+  cards
+  ips
+"

prepare-labs/settings/kubernetes.env

@@ -0,0 +1,21 @@
+CLUSTERSIZE=4
+
+CLUSTERPREFIX=node
+
+USER_LOGIN=k8s
+USER_PASSWORD=training
+
+STEPS="
+  wait
+  standardize
+  clusterize
+  tools
+  docker
+  createuser
+  webssh
+  tailhist
+  kubepkgs
+  kubeadm
+  kubetools
+  kubetest
+"

prepare-labs/settings/largekube.env

@@ -0,0 +1,22 @@
+CLUSTERSIZE=10
+export TF_VAR_node_size=GP1.M
+
+CLUSTERPREFIX=node
+
+USER_LOGIN=k8s
+USER_PASSWORD=training
+
+STEPS="
+  wait
+  standardize
+  clusterize
+  tools
+  docker
+  createuser
+  webssh
+  tailhist
+  kubepkgs
+  kubeadm
+  kubetools
+  kubetest
+"

prepare-labs/settings/mk8s.env

@@ -0,0 +1,6 @@
+CLUSTERSIZE=2
+
+USER_LOGIN=k8s
+USER_PASSWORD=
+
+STEPS="stage2"

prepare-labs/settings/portal.env

@@ -0,0 +1,19 @@
+#export TF_VAR_node_size=GP2.4
+#export TF_VAR_node_size=g6-standard-6
+
+CLUSTERSIZE=1
+
+CLUSTERPREFIX=CHANGEME
+
+USER_LOGIN=portal
+USER_PASSWORD=CHANGEME
+
+STEPS="
+  wait
+  standardize
+  clusterize
+  tools
+  docker
+  createuser
+  ips
+"

prepare-labs/setup-admin-clusters.sh

@@ -0,0 +1,40 @@
+#!/bin/sh
+set -e
+
+PREFIX=$(date +%Y-%m-%d-%H-%M)
+PROVIDER=openstack/enix # aws also works
+STUDENTS=2
+#export TF_VAR_location=eu-north-1
+export TF_VAR_node_size=S
+
+SETTINGS=admin-monokube
+TAG=$PREFIX-$SETTINGS
+./labctl create \
+	--tag $TAG \
+	--provider $PROVIDER \
+	--settings settings/$SETTINGS.env \
+	--students $STUDENTS
+
+SETTINGS=admin-polykube
+TAG=$PREFIX-$SETTINGS
+./labctl create \
+	--tag $TAG \
+	--provider $PROVIDER \
+	--settings settings/$SETTINGS.env \
+	--students $STUDENTS
+
+SETTINGS=admin-oldversion
+TAG=$PREFIX-$SETTINGS
+./labctl create \
+	--tag $TAG \
+	--provider $PROVIDER \
+	--settings settings/$SETTINGS.env \
+	--students $STUDENTS
+
+SETTINGS=admin-test
+TAG=$PREFIX-$SETTINGS
+./labctl create \
+	--tag $TAG \
+	--provider $PROVIDER \
+	--settings settings/$SETTINGS.env \
+	--students $STUDENTS

prepare-labs/tags

@@ -0,0 +1 @@
+terraform/tags

prepare-labs/terraform/list-locations/azure

@@ -0,0 +1,4 @@
+#!/bin/sh
+az account list-locations -o table \
+  --query "sort_by([?metadata.regionType == 'Physical'], &regionalDisplayName)[]
+          .{ displayName: displayName, regionalDisplayName: regionalDisplayName }"

prepare-labs/terraform/list-locations/civo

@@ -0,0 +1,2 @@
+#!/bin/sh
+civo region ls

prepare-labs/terraform/list-locations/digitalocean

@@ -0,0 +1,2 @@
+#!/bin/sh
+doctl compute region list

prepare-labs/terraform/list-locations/exoscale

@@ -0,0 +1,2 @@
+#!/bin/sh
+exo zone

prepare-labs/terraform/list-locations/googlecloud

@@ -0,0 +1,2 @@
+#!/bin/sh
+gcloud compute zones list

prepare-labs/terraform/list-locations/linode

@@ -0,0 +1,2 @@
+#!/bin/sh
+linode-cli regions list

prepare-labs/terraform/list-locations/oraclecloud

@@ -0,0 +1,2 @@
+#!/bin/sh
+oci iam region list

prepare-labs/terraform/list-locations/scaleway

@@ -0,0 +1,6 @@
+#!/bin/sh
+echo "# Note that this is hard-coded in $0.
+# I don't know if there is a way to list regions through the Scaleway API.
+fr-par
+nl-ams
+pl-waw"

prepare-labs/terraform/many-kubernetes/locals.tf

@@ -8,8 +8,10 @@ resource "random_string" "_" {
 resource "time_static" "_" {}
 
 locals {
-  timestamp = formatdate("YYYY-MM-DD-hh-mm", time_static._.rfc3339)
-  tag       = random_string._.result
+  min_nodes_per_pool = var.nodes_per_cluster
+  max_nodes_per_pool = var.nodes_per_cluster * 2
+  timestamp          = formatdate("YYYY-MM-DD-hh-mm", time_static._.rfc3339)
+  tag                = random_string._.result
   # Common tags to be assigned to all resources
   common_tags = [
     "created-by-terraform",

prepare-labs/terraform/many-kubernetes/main.tf

@@ -1,10 +1,9 @@
 module "clusters" {
-  source             = "./modules/PROVIDER"
+  source             = "./one-kubernetes-module"
   for_each           = local.clusters
   cluster_name       = each.value.cluster_name
-  min_nodes_per_pool = var.min_nodes_per_pool
-  max_nodes_per_pool = var.max_nodes_per_pool
-  enable_arm_pool    = var.enable_arm_pool
+  min_nodes_per_pool = local.min_nodes_per_pool
+  max_nodes_per_pool = local.max_nodes_per_pool
   node_size          = var.node_size
   common_tags        = local.common_tags
   location           = each.value.location
@@ -62,9 +61,11 @@ resource "null_resource" "wait_for_nodes" {
       KUBECONFIG = local_file.kubeconfig[each.key].filename
     }
     command = <<-EOT
-      set -e
-      kubectl get nodes --watch | grep --silent --line-buffered .
-      kubectl wait node --for=condition=Ready --all --timeout=10m
+      while sleep 1; do
+        kubectl get nodes -o name | grep --silent . &&
+        kubectl wait node --for=condition=Ready --all --timeout=10m &&
+        break
+      done
       EOT
   }
 }

prepare-labs/terraform/many-kubernetes/one-kubernetes-config.tf

@@ -0,0 +1 @@
+one-kubernetes-config/config.tf

prepare-labs/terraform/many-kubernetes/one-kubernetes-config/README.md

@@ -0,0 +1,3 @@
+This directory should contain a config.tf file, even if it's empty.
+(Because if the file doesn't exist, then the Terraform configuration
+in the parent directory will fail.)

prepare-labs/terraform/many-kubernetes/one-kubernetes-module/README.md

@@ -0,0 +1,8 @@
+This directory should contain a copy of one of the "one-kubernetes" modules.
+For instance, when located in this directory, you can do:
+
+cp ../../one-kubernetes/linode/* .
+
+Then, move the config.tf file to ../one-kubernetes-config:
+
+mv config.tf ../one-kubernetes-config

prepare-labs/terraform/many-kubernetes/one-kubernetes-provider.tf

@@ -0,0 +1 @@
+one-kubernetes-module/provider.tf

prepare-labs/terraform/many-kubernetes/providers.tf

@@ -0,0 +1,3 @@
+terraform {
+  required_version = ">= 1.4"
+}

prepare-labs/terraform/many-kubernetes/stage2.tmpl

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = "2.7.1"
+      version = "2.16.1"
     }
   }
 }
@@ -90,7 +90,6 @@ resource "kubernetes_service" "shpod_${index}" {
       name = "ssh"
       port = 22
       target_port = 22
-      node_port = 32222
     }
     type = "NodePort"
   }
@@ -222,7 +221,10 @@ output "ip_addresses_of_nodes" {
   value = join("\n", [
   %{ for index, cluster in clusters ~}
     join("\t", concat(
-      [ random_string.shpod_${index}.result, "ssh -l k8s -p 32222" ],
+      [
+        random_string.shpod_${index}.result,
+        "ssh -l k8s -p $${kubernetes_service.shpod_${index}.spec[0].port[0].node_port}"
+      ],
       split(" ", file("./externalips.${index}"))
     )),
   %{ endfor ~}

prepare-labs/terraform/many-kubernetes/variables.tf

@@ -0,0 +1,28 @@
+variable "tag" {
+  type = string
+}
+
+variable "how_many_clusters" {
+  type    = number
+  default = 2
+}
+
+variable "nodes_per_cluster" {
+  type    = number
+  default = 2
+}
+
+variable "node_size" {
+  type    = string
+  default = "M"
+}
+
+variable "location" {
+  type = string
+  default = null
+}
+
+# TODO: perhaps handle if it's space-separated instead of newline?
+locals {
+  locations = var.location == null ? [null] : split("\n", var.location)
+}

prepare-labs/terraform/one-kubernetes/aws/common.tf

@@ -0,0 +1 @@
+../common.tf

prepare-labs/terraform/one-kubernetes/aws/config.tf

@@ -0,0 +1 @@
+../../providers/aws/config.tf

prepare-labs/terraform/one-kubernetes/aws/main.tf

@@ -0,0 +1,87 @@
+# Taken from:
+# https://github.com/hashicorp/learn-terraform-provision-eks-cluster/blob/main/main.tf
+
+data "aws_availability_zones" "available" {}
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "3.19.0"
+
+  name = var.cluster_name
+
+  cidr = "10.0.0.0/16"
+  azs  = slice(data.aws_availability_zones.available.names, 0, 3)
+
+  private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+  public_subnets  = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
+
+  enable_nat_gateway   = true
+  single_nat_gateway   = true
+  enable_dns_hostnames = true
+
+  public_subnet_tags = {
+    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
+    "kubernetes.io/role/elb"                    = 1
+  }
+
+  private_subnet_tags = {
+    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
+    "kubernetes.io/role/internal-elb"           = 1
+  }
+}
+
+module "eks" {
+  source  = "terraform-aws-modules/eks/aws"
+  version = "19.5.1"
+
+  cluster_name    = var.cluster_name
+  cluster_version = "1.24"
+
+  vpc_id                         = module.vpc.vpc_id
+  subnet_ids                     = module.vpc.private_subnets
+  cluster_endpoint_public_access = true
+
+  eks_managed_node_group_defaults = {
+    ami_type = "AL2_x86_64"
+
+  }
+
+  eks_managed_node_groups = {
+    one = {
+      name = "node-group-one"
+
+      instance_types = [local.node_size]
+
+      min_size     = var.min_nodes_per_pool
+      max_size     = var.max_nodes_per_pool
+      desired_size = var.min_nodes_per_pool
+    }
+  }
+}
+
+# https://aws.amazon.com/blogs/containers/amazon-ebs-csi-driver-is-now-generally-available-in-amazon-eks-add-ons/ 
+data "aws_iam_policy" "ebs_csi_policy" {
+  arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
+}
+
+module "irsa-ebs-csi" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
+  version = "4.7.0"
+
+  create_role                   = true
+  role_name                     = "AmazonEKSTFEBSCSIRole-${module.eks.cluster_name}"
+  provider_url                  = module.eks.oidc_provider
+  role_policy_arns              = [data.aws_iam_policy.ebs_csi_policy.arn]
+  oidc_fully_qualified_subjects = ["system:serviceaccount:kube-system:ebs-csi-controller-sa"]
+}
+
+resource "aws_eks_addon" "ebs-csi" {
+  cluster_name             = module.eks.cluster_name
+  addon_name               = "aws-ebs-csi-driver"
+  addon_version            = "v1.5.2-eksbuild.1"
+  service_account_role_arn = module.irsa-ebs-csi.iam_role_arn
+  tags = {
+    "eks_addon" = "ebs-csi"
+    "terraform" = "true"
+  }
+}

prepare-labs/terraform/one-kubernetes/aws/outputs.tf

@@ -0,0 +1,44 @@
+output "cluster_id" {
+  value = module.eks.cluster_arn
+}
+
+output "has_metrics_server" {
+  value = false
+}
+
+output "kubeconfig" {
+  sensitive = true
+  value = yamlencode({
+    apiVersion = "v1"
+    kind       = "Config"
+    clusters = [{
+      name = var.cluster_name
+      cluster = {
+        certificate-authority-data = module.eks.cluster_certificate_authority_data
+        server                     = module.eks.cluster_endpoint
+      }
+    }]
+    contexts = [{
+      name = var.cluster_name
+      context = {
+        cluster = var.cluster_name
+        user    = var.cluster_name
+      }
+    }]
+    users = [{
+      name = var.cluster_name
+      user = {
+        exec = {
+          apiVersion = "client.authentication.k8s.io/v1beta1"
+          command    = "aws"
+          args       = ["eks", "get-token", "--cluster-name", var.cluster_name]
+        }
+      }
+    }]
+    current-context = var.cluster_name
+  })
+}
+
+data "aws_eks_cluster_auth" "_" {
+  name = module.eks.cluster_name
+}

prepare-labs/terraform/one-kubernetes/aws/provider.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.47.0"
+    }
+  }
+}

prepare-labs/terraform/one-kubernetes/aws/variables.tf

@@ -0,0 +1 @@
+../../providers/aws/variables.tf

prepare-labs/terraform/one-kubernetes/azure/common.tf

@@ -0,0 +1 @@
+../common.tf

prepare-labs/terraform/one-kubernetes/azure/config.tf

@@ -0,0 +1 @@
+../../providers/azure/config.tf

prepare-labs/terraform/one-kubernetes/azure/main.tf

@@ -0,0 +1,22 @@
+resource "azurerm_resource_group" "_" {
+  name     = var.cluster_name
+  location = var.location
+}
+
+resource "azurerm_kubernetes_cluster" "_" {
+  name       = var.cluster_name
+  location   = var.location
+  dns_prefix = var.cluster_name
+  identity {
+    type = "SystemAssigned"
+  }
+  resource_group_name = azurerm_resource_group._.name
+  default_node_pool {
+    name                = "x86"
+    node_count          = var.min_nodes_per_pool
+    min_count           = var.min_nodes_per_pool
+    max_count           = var.max_nodes_per_pool
+    vm_size             = local.node_size
+    enable_auto_scaling = true
+  }
+}

prepare-labs/terraform/one-kubernetes/azure/outputs.tf

@@ -0,0 +1,12 @@
+output "cluster_id" {
+  value = azurerm_kubernetes_cluster._.id
+}
+
+output "has_metrics_server" {
+  value = true
+}
+
+output "kubeconfig" {
+  value     = azurerm_kubernetes_cluster._.kube_config_raw
+  sensitive = true
+}

prepare-labs/terraform/one-kubernetes/azure/provider.tf

@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source = "hashicorp/azurerm"
+    }
+  }
+}

prepare-labs/terraform/one-kubernetes/azure/variables.tf

@@ -0,0 +1 @@
+../../providers/azure/variables.tf

prepare-labs/terraform/one-kubernetes/civo/common.tf

@@ -0,0 +1 @@
+../common.tf

prepare-labs/terraform/one-kubernetes/civo/config.tf

@@ -0,0 +1 @@
+../../providers/civo/config.tf

prepare-labs/terraform/one-kubernetes/civo/main.tf

@@ -0,0 +1,17 @@
+# As of March 2023, the default type ("k3s") only supports up
+# to Kubernetes 1.23, which belongs to a museum.
+# So let's use Talos, which supports up to 1.25.
+
+resource "civo_kubernetes_cluster" "_" {
+  name         = var.cluster_name
+  firewall_id  = civo_firewall._.id
+  cluster_type = "talos"
+  pools {
+    size       = local.node_size
+    node_count = var.min_nodes_per_pool
+  }
+}
+
+resource "civo_firewall" "_" {
+  name = var.cluster_name
+}

prepare-labs/terraform/one-kubernetes/civo/outputs.tf

@@ -0,0 +1,12 @@
+output "cluster_id" {
+  value = civo_kubernetes_cluster._.id
+}
+
+output "has_metrics_server" {
+  value = false
+}
+
+output "kubeconfig" {
+  value     = civo_kubernetes_cluster._.kubeconfig
+  sensitive = true
+}

prepare-labs/terraform/one-kubernetes/civo/provider.tf

@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    civo = {
+      source = "civo/civo"
+    }
+  }
+}

prepare-labs/terraform/one-kubernetes/civo/variables.tf

@@ -0,0 +1 @@
+../../providers/civo/variables.tf

prepare-labs/terraform/one-kubernetes/common.tf

@@ -0,0 +1,28 @@
+variable "cluster_name" {
+  type    = string
+  default = "deployed-with-terraform"
+}
+
+variable "common_tags" {
+  type    = list(string)
+  default = []
+}
+
+variable "node_size" {
+  type    = string
+  default = "M"
+}
+
+variable "min_nodes_per_pool" {
+  type    = number
+  default = 2
+}
+
+variable "max_nodes_per_pool" {
+  type    = number
+  default = 4
+}
+
+locals {
+  node_size = lookup(var.node_sizes, var.node_size, var.node_size)
+}

prepare-labs/terraform/one-kubernetes/digitalocean/common.tf

@@ -0,0 +1 @@
+../common.tf

prepare-labs/terraform/one-kubernetes/digitalocean/config.tf

@@ -0,0 +1 @@
+../../providers/digitalocean/config.tf

prepare-labs/terraform/one-kubernetes/digitalocean/main.tf

@@ -3,15 +3,18 @@ resource "digitalocean_kubernetes_cluster" "_" {
   tags = var.common_tags
   # Region is mandatory, so let's provide a default value.
   region  = var.location != null ? var.location : "nyc1"
-  version = var.k8s_version
+  version = data.digitalocean_kubernetes_versions._.latest_version
 
   node_pool {
     name       = "x86"
     tags       = var.common_tags
-    size       = local.node_type
-    auto_scale = true
+    size       = local.node_size
+    auto_scale = var.max_nodes_per_pool > var.min_nodes_per_pool
     min_nodes  = var.min_nodes_per_pool
     max_nodes  = max(var.min_nodes_per_pool, var.max_nodes_per_pool)
   }
 
 }
+
+data "digitalocean_kubernetes_versions" "_" {
+}

prepare-labs/terraform/one-kubernetes/digitalocean/outputs.tf

@@ -1,7 +1,3 @@
-output "kubeconfig" {
-  value = digitalocean_kubernetes_cluster._.kube_config.0.raw_config
-}
-
 output "cluster_id" {
   value = digitalocean_kubernetes_cluster._.id
 }
@@ -9,3 +5,8 @@ output "cluster_id" {
 output "has_metrics_server" {
   value = false
 }
+
+output "kubeconfig" {
+  value     = digitalocean_kubernetes_cluster._.kube_config.0.raw_config
+  sensitive = true
+}

prepare-labs/terraform/one-kubernetes/digitalocean/variables.tf

@@ -0,0 +1 @@
+../../providers/digitalocean/variables.tf

prepare-labs/terraform/one-kubernetes/exoscale/common.tf

@@ -0,0 +1 @@
+../common.tf

prepare-labs/terraform/one-kubernetes/exoscale/config.tf

@@ -0,0 +1 @@
+../../providers/exoscale/config.tf

prepare-labs/terraform/one-kubernetes/exoscale/main.tf

@@ -0,0 +1,20 @@
+resource "exoscale_sks_cluster" "_" {
+  zone          = var.location
+  name          = var.cluster_name
+  service_level = "starter"
+}
+
+resource "exoscale_sks_nodepool" "_" {
+  cluster_id    = exoscale_sks_cluster._.id
+  zone          = exoscale_sks_cluster._.zone
+  name          = var.cluster_name
+  instance_type = local.node_size
+  size          = var.min_nodes_per_pool
+}
+
+resource "exoscale_sks_kubeconfig" "_" {
+  cluster_id = exoscale_sks_cluster._.id
+  zone       = exoscale_sks_cluster._.zone
+  user       = "kubernetes-admin"
+  groups     = ["system:masters"]
+}

prepare-labs/terraform/one-kubernetes/exoscale/outputs.tf

@@ -0,0 +1,12 @@
+output "cluster_id" {
+  value = exoscale_sks_cluster._.id
+}
+
+output "has_metrics_server" {
+  value = true
+}
+
+output "kubeconfig" {
+  value     = exoscale_sks_kubeconfig._.kubeconfig
+  sensitive = true
+}

prepare-labs/terraform/one-kubernetes/exoscale/provider.tf

@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    exoscale = {
+      source = "exoscale/exoscale"
+    }
+  }
+}

prepare-labs/terraform/one-kubernetes/exoscale/variables.tf

@@ -0,0 +1 @@
+../../providers/exoscale/variables.tf

prepare-labs/terraform/one-kubernetes/googlecloud/common.tf

@@ -0,0 +1 @@
+../common.tf

prepare-labs/terraform/one-kubernetes/googlecloud/config.tf

@@ -0,0 +1 @@
+../../providers/googlecloud/config.tf

prepare-labs/terraform/one-kubernetes/googlecloud/locals.tf

@@ -0,0 +1,12 @@
+locals {
+  location = var.location != null ? var.location : "europe-north1-a"
+  region   = replace(local.location, "/-[a-z]$/", "")
+  # Unfortunately, the following line doesn't work
+  # (that attribute just returns an empty string)
+  # so we have to hard-code the project name.
+  #project = data.google_client_config._.project
+  project = "prepare-tf"
+}
+
+data "google_client_config" "_" {}
+

prepare-labs/terraform/one-kubernetes/googlecloud/main.tf

@@ -1,8 +1,8 @@
 resource "google_container_cluster" "_" {
-  name               = var.cluster_name
-  project            = local.project
-  location           = local.location
-  min_master_version = var.k8s_version
+  name     = var.cluster_name
+  project  = local.project
+  location = local.location
+  #min_master_version = var.k8s_version
 
   # To deploy private clusters, uncomment the section below,
   # and uncomment the block in network.tf.
@@ -43,12 +43,12 @@ resource "google_container_cluster" "_" {
     name = "x86"
     node_config {
       tags         = var.common_tags
-      machine_type = local.node_type
+      machine_type = local.node_size
     }
     initial_node_count = var.min_nodes_per_pool
     autoscaling {
       min_node_count = var.min_nodes_per_pool
-      max_node_count = max(var.min_nodes_per_pool, var.max_nodes_per_pool)
+      max_node_count = var.max_nodes_per_pool
     }
   }
 
@@ -62,4 +62,3 @@ resource "google_container_cluster" "_" {
     }
   }
 }
-

prepare-labs/terraform/one-kubernetes/googlecloud/outputs.tf

@@ -1,7 +1,14 @@
-data "google_client_config" "_" {}
+output "cluster_id" {
+  value = google_container_cluster._.id
+}
+
+output "has_metrics_server" {
+  value = true
+}
 
 output "kubeconfig" {
-  value = <<-EOT
+  sensitive = true
+  value     = <<-EOT
     apiVersion: v1
     kind: Config
     current-context: ${google_container_cluster._.name}
@@ -25,11 +32,3 @@ output "kubeconfig" {
         token: ${data.google_client_config._.access_token}
     EOT
 }
-
-output "cluster_id" {
-  value = google_container_cluster._.id
-}
-
-output "has_metrics_server" {
-  value = true
-}

prepare-labs/terraform/one-kubernetes/googlecloud/variables.tf

@@ -0,0 +1 @@
+../../providers/googlecloud/variables.tf