Friday

k8s/affinity-pod.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: aff-pod
+spec:
+  terminationGracePeriodSeconds: 30
+  affinity:
+  containers:
+  - name: aff-pod
+    image: alpine
+    command:
+    - sleep
+    args:
+    - "1000"
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: cow
+            operator: In
+            values:
+            - elsie

k8s/dashboard-insecure.yaml

@@ -17,8 +17,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 ---
@@ -30,8 +30,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-certs
   namespace: kubernetes-dashboard
 type: Opaque
@@ -43,8 +43,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-csrf
   namespace: kubernetes-dashboard
 type: Opaque
@@ -56,8 +56,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-key-holder
   namespace: kubernetes-dashboard
 type: Opaque
@@ -71,8 +71,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-settings
   namespace: kubernetes-dashboard
 ---
@@ -84,8 +84,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-metrics
 rules:
 - apiGroups:
@@ -106,8 +106,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-metrics
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -126,8 +126,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 rules:
@@ -182,8 +182,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 roleRef:
@@ -204,8 +204,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
     kubernetes.io/cluster-service: "true"
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
@@ -229,8 +229,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 spec:
@@ -253,8 +253,8 @@ spec:
         app.kubernetes.io/instance: kubernetes-dashboard
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: kubernetes-dashboard
-        app.kubernetes.io/version: 2.7.0
-        helm.sh/chart: kubernetes-dashboard-6.0.0
+        app.kubernetes.io/version: 2.5.0
+        helm.sh/chart: kubernetes-dashboard-5.2.0
     spec:
       containers:
       - args:
@@ -262,7 +262,7 @@ spec:
         - --sidecar-host=http://127.0.0.1:8000
         - --enable-skip-login
         - --enable-insecure-login
-        image: kubernetesui/dashboard:v2.7.0
+        image: kubernetesui/dashboard:v2.5.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
@@ -293,7 +293,7 @@ spec:
           name: kubernetes-dashboard-certs
         - mountPath: /tmp
           name: tmp-volume
-      - image: kubernetesui/metrics-scraper:v1.0.8
+      - image: kubernetesui/metrics-scraper:v1.0.7
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:

k8s/dashboard-recommended.yaml

@@ -17,8 +17,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 ---
@@ -30,8 +30,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-certs
   namespace: kubernetes-dashboard
 type: Opaque
@@ -43,8 +43,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-csrf
   namespace: kubernetes-dashboard
 type: Opaque
@@ -56,8 +56,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-key-holder
   namespace: kubernetes-dashboard
 type: Opaque
@@ -71,8 +71,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-settings
   namespace: kubernetes-dashboard
 ---
@@ -84,8 +84,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-metrics
 rules:
 - apiGroups:
@@ -106,8 +106,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-metrics
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -126,8 +126,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 rules:
@@ -182,8 +182,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 roleRef:
@@ -204,8 +204,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
     kubernetes.io/cluster-service: "true"
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
@@ -229,8 +229,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 spec:
@@ -253,15 +253,15 @@ spec:
         app.kubernetes.io/instance: kubernetes-dashboard
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: kubernetes-dashboard
-        app.kubernetes.io/version: 2.7.0
-        helm.sh/chart: kubernetes-dashboard-6.0.0
+        app.kubernetes.io/version: 2.5.0
+        helm.sh/chart: kubernetes-dashboard-5.2.0
     spec:
       containers:
       - args:
         - --namespace=kubernetes-dashboard
         - --auto-generate-certificates
         - --sidecar-host=http://127.0.0.1:8000
-        image: kubernetesui/dashboard:v2.7.0
+        image: kubernetesui/dashboard:v2.5.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
@@ -292,7 +292,7 @@ spec:
           name: kubernetes-dashboard-certs
         - mountPath: /tmp
           name: tmp-volume
-      - image: kubernetesui/metrics-scraper:v1.0.8
+      - image: kubernetesui/metrics-scraper:v1.0.7
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:

k8s/dashboard-with-token.yaml

@@ -17,8 +17,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 ---
@@ -30,8 +30,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-certs
   namespace: kubernetes-dashboard
 type: Opaque
@@ -43,8 +43,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-csrf
   namespace: kubernetes-dashboard
 type: Opaque
@@ -56,8 +56,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-key-holder
   namespace: kubernetes-dashboard
 type: Opaque
@@ -71,8 +71,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-settings
   namespace: kubernetes-dashboard
 ---
@@ -84,8 +84,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-metrics
 rules:
 - apiGroups:
@@ -106,8 +106,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard-metrics
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -126,8 +126,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 rules:
@@ -182,8 +182,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 roleRef:
@@ -204,8 +204,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
     kubernetes.io/cluster-service: "true"
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
@@ -229,8 +229,8 @@ metadata:
     app.kubernetes.io/instance: kubernetes-dashboard
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    app.kubernetes.io/version: 2.5.0
+    helm.sh/chart: kubernetes-dashboard-5.2.0
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
 spec:
@@ -253,15 +253,15 @@ spec:
         app.kubernetes.io/instance: kubernetes-dashboard
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: kubernetes-dashboard
-        app.kubernetes.io/version: 2.7.0
-        helm.sh/chart: kubernetes-dashboard-6.0.0
+        app.kubernetes.io/version: 2.5.0
+        helm.sh/chart: kubernetes-dashboard-5.2.0
     spec:
       containers:
       - args:
         - --namespace=kubernetes-dashboard
         - --auto-generate-certificates
         - --sidecar-host=http://127.0.0.1:8000
-        image: kubernetesui/dashboard:v2.7.0
+        image: kubernetesui/dashboard:v2.5.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
@@ -292,7 +292,7 @@ spec:
           name: kubernetes-dashboard-certs
         - mountPath: /tmp
           name: tmp-volume
-      - image: kubernetesui/metrics-scraper:v1.0.8
+      - image: kubernetesui/metrics-scraper:v1.0.7
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
@@ -344,12 +344,3 @@ metadata:
   creationTimestamp: null
   name: cluster-admin
   namespace: kubernetes-dashboard
----
-apiVersion: v1
-kind: Secret
-type: kubernetes.io/service-account-token
-metadata:
-  name: cluster-admin-token
-  namespace: kubernetes-dashboard
-  annotations:
-    kubernetes.io/service-account.name: cluster-admin

k8s/hpa-v2-pa-httplat.yaml

@@ -1,5 +1,5 @@
 kind: HorizontalPodAutoscaler
-apiVersion: autoscaling/v2
+apiVersion: autoscaling/v2beta2
 metadata:
   name: rng
 spec:

k8s/init-container.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: initty
+spec:
+  volumes:
+  - name: preFetched
+    emptyDir: {}
+    
+  containers:
+  - name: main
+    image: main
+    volumeMounts:
+    - name: preFetched
+      mountPath: /usr/share/nginx/html/
+  initContainers:
+  - name: git-cloner
+    image: alpine
+    command: [ "sh", "-c", "apk add git && sleep 5 && git clone https://github.com/octocat/Spoon-Knife /preFetched" ]
+    volumeMounts:
+    - name: preFetched
+      mountPath: /preFetched/

k8s/k8s-nr-kubeconfig.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKekNDQWcrZ0F3SUJBZ0lDQm5Vd0RRWUpLb1pJaHZjTkFRRUxCUUF3TXpFVk1CTUdBMVVFQ2hNTVJHbG4KYVhSaGJFOWpaV0Z1TVJvd0dBWURWUVFERXhGck9ITmhZWE1nUTJ4MWMzUmxjaUJEUVRBZUZ3MHlNakE1TVRneQpNekV6TWpGYUZ3MDBNakE1TVRneU16RXpNakZhTURNeEZUQVRCZ05WQkFvVERFUnBaMmwwWVd4UFkyVmhiakVhCk1CZ0dBMVVFQXhNUmF6aHpZV0Z6SUVOc2RYTjBaWElnUTBFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFEYnVlN1MzRS9hdFpvQVJjSUllRFJNMG5vMThvaDNEL3cyV3VWQmNaQWppZXhmNGw4VQpldEZlWDBWQmZFZGJqUndIWTYva2VHdHVzS0dXUzNZdUN5RHd3WFNhMEV5NS9LM0ZLUHhEUkdyUWJSNXJkUWg5CmI4NW1IbXVIcUYvQXJHMWJVV2JYQmFRVVhBdXNtMVpjMnNtOXdWQm0vRlRJSTJDdEpReTViVXVIQnY3N01BNHEKUzV3b1liMXkwUHo0OXNuVldiY3BXZ1FxR080SE9JelFJc2crakxYR0lhWi96L0lneHR2M0ZYaVJVUlVIZWhERwplTTVuRDErY1JuUkorcDlLQU9VMUdOZzQwVENoN3hjaGo3UHNJMDV1Q0xVQWFhYVJ4M0pVRFBpRXgxWjVjOHQwCll6aTBXTVVTUVpkTjlUc3UrNGZZaXAyTFpkZGxXOW1ma0NYREFnTUJBQUdqUlRCRE1BNEdBMVVkRHdFQi93UUUKQXdJQmhqQVNCZ05WSFJNQkFmOEVDREFHQVFIL0FnRUFNQjBHQTFVZERnUVdCQlNpcEo3SHZQTkRZMWcrcDNEdwp0TUEvNThmUmFEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFuYkNYSHUvM3YrbXRlU3N4TXFxUndJd1c0T015CkdRdzE0aERtYkFRcmovYVo0WkFvZUJIdFJSMGYxTFFXQnVIQTBtTFJvSTFSenpBQWw3V2lNMDd6VU1ETlV2enUKR0FCVmtwOEV6b2RneTlNclFkN2VtZkNJRFA3SkhZV1FzL1VxcGVVZW4zcHljQ3dXZFFXY3ZDR0FtTEZZSzI3TApKcnFKV1JXNGErWTVDUkhqVytzTGJpeTNNMTdrOHVWM1pzMktNS0FUaVNXWUZTUzUrSkg5Tk5WdXNKd1lUZVZPCmJOZG5PbS9ub1NLejYrbHUvUm1NK0NsUFdXakdXcUlHdHZyNFl6b0puZk52UDNXL01FQXlzY3Zlck9jcXUxWTAKa1dmRkg2azVlY3NsK2k1RTFkaE02U0JRaFZzV1crMjFlN1plbVJwc1htNkNyYUZqek4vSFlaMEMzdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+    server: https://8f36cb5d-e565-452a-a09c-81760683c1f9.k8s.ondigitalocean.com
+  name: do-sfo3-k8s-nr
+contexts:
+- context:
+    cluster: do-sfo3-k8s-nr
+    user: do-sfo3-k8s-nr-admin
+  name: do-sfo3-k8s-nr
+current-context: do-sfo3-k8s-nr
+kind: Config
+preferences: {}
+users:
+- name: do-sfo3-k8s-nr-admin
+  user:
+    token: dop_v1_dc6f141491e1e3447a52ec192c3424c0481622f5430cf219fb38458280e1ff88

k8s/kyverno-pod-color-2.yaml

@@ -15,10 +15,10 @@ spec:
     - key: "{{ request.operation }}"
       operator: Equals
       value: UPDATE
-    - key: "{{ request.oldObject.metadata.labels.color || '' }}"
+    - key: "{{ request.oldObject.metadata.labels.color }}"
       operator: NotEquals
       value: ""
-    - key: "{{ request.object.metadata.labels.color || '' }}"
+    - key: "{{ request.object.metadata.labels.color }}"
       operator: NotEquals
       value: ""
     validate:

k8s/kyverno-pod-color-3.yaml

@@ -15,10 +15,10 @@ spec:
     - key: "{{ request.operation }}"
       operator: Equals
       value: UPDATE
-    - key: "{{ request.oldObject.metadata.labels.color || '' }}"
+    - key: "{{ request.oldObject.metadata.labels.color }}"
       operator: NotEquals
       value: ""
-    - key: "{{ request.object.metadata.labels.color || '' }}"
+    - key: "{{ request.object.metadata.labels.color }}"
       operator: Equals
       value: ""
     validate:

k8s/multiLine.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    run: busybox
+  name: busybox
+spec:
+  terminationGracePeriodSeconds: 0
+  containers:
+  - command:
+    - /bin/sh
+    - -c
+    - |
+      echo "running below scripts"
+      i=0; 
+      while true; 
+      do 
+        echo "$i: $(date)"; 
+        i=$((i+1)); 
+        sleep 1; 
+      done
+    name: busybox
+    image: busybox

k8s/multiLine2.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    run: busybox
+  name: busybox
+spec:
+  terminationGracePeriodSeconds: 0
+  containers:
+  - command: ["/bin/sh", "-c"]
+    args:
+    - |
+      echo "running below scripts"
+      i=0; 
+      while true; 
+      do 
+        echo "$i: $(date)"; 
+        i=$((i+1)); 
+        sleep 1; 
+      done
+    name: busybox
+    image: busybox

k8s/nginx-2-with-volume.yaml

@@ -3,11 +3,13 @@ kind: Pod
 metadata:
   name: nginx-with-volume
 spec:
-  volumes:
-  - name: www
   containers:
   - name: nginx
     image: nginx
     volumeMounts:
     - name: www
       mountPath: /usr/share/nginx/html/
+
+  volumes:
+  - name: www
+    emptyDir: {}

k8s/nginx-3-with-git.yaml

@@ -3,8 +3,9 @@ kind: Pod
 metadata:
   name: nginx-with-git
 spec:
-  volumes:
-  - name: www
+  terminationGracePeriodSeconds: 0
+  restartPolicy: OnFailure
+  
   containers:
   - name: nginx
     image: nginx
@@ -17,5 +18,9 @@ spec:
     volumeMounts:
     - name: www
       mountPath: /www/
-  restartPolicy: OnFailure
+
+  volumes:
+  - name: www
+    emptyDir: {}
+
 

k8s/nginx-4-with-init.yaml

@@ -3,14 +3,8 @@ kind: Pod
 metadata:
   name: nginx-with-init
 spec:
-  volumes:
-  - name: www
-  containers:
-  - name: nginx
-    image: nginx
-    volumeMounts:
-    - name: www
-      mountPath: /usr/share/nginx/html/
+  terminationGracePeriodSeconds: 0
+  
   initContainers:
   - name: git
     image: alpine
@@ -18,3 +12,15 @@ spec:
     volumeMounts:
     - name: www
       mountPath: /www/
+ 
+  containers:
+  - name: nginx
+    image: nginx
+    volumeMounts:
+    - name: www
+      mountPath: /usr/share/nginx/html/
+
+  volumes:
+  - name: www
+    emptyDir: {}
+

k8s/nginx-5-with-hostpath.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: hostpath-nginx
+spec:
+  terminationGracePeriodSeconds: 30
+  containers:
+  - name: nginx
+    image: nginx
+    volumeMounts:
+    - name: www
+      mountPath: /usr/share/nginx/html/      
+
+  volumes:
+  - name: www
+    hostPath:
+      path: /home/k8s/myFiles
+
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: myData
+          operator: In
+          values:
+          - present
+
+      

k8s/nginx-git.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx-with-git
+spec:
+  terminationGracePeriodSeconds: 0
+  containers:
+  - name: nginx
+    image: nginx
+    volumeMounts:
+    - name: www
+      mountPath: /usr/share/nginx/html/
+  - name: git
+    image: alpine
+    command:
+    - /bin/sh
+    - -c
+    - |
+      apk add git && 
+      git clone https://github.com/octocat/Spoon-Knife /www
+    volumeMounts:
+    - name: www
+      mountPath: /www/
+  volumes:
+  - name: www 
+    emptyDir: {} 
+

k8s/nginx-init.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx-with-git
+spec:
+  terminationGracePeriodSeconds: 0
+  initContainers:
+  - name: git
+    image: alpine
+    command:
+    - /bin/sh
+    - -c
+    - |
+      apk add git && 
+      git clone https://github.com/octocat/Spoon-Knife /www
+    volumeMounts:
+    - name: www
+      mountPath: /www/
+  containers:
+  - name: nginx
+    image: nginx
+    volumeMounts:
+    - name: www
+      mountPath: /usr/share/nginx/html/
+  volumes:
+  - name: www 
+    emptyDir: {} 
+

k8s/nginx.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-web
+spec:
+  containers:
+  - name: nginx
+    image: nginx

k8s/ping.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  creationTimestamp: null
+  labels:
+    run: ping
+  name: ping
+spec:
+  terminationGracePeriodSeconds: 0
+  containers:
+  - command:
+    - ping
+    args:
+    - 127.0.0.1
+    image: alpine
+    name: ping
+  dnsPolicy: ClusterFirst
+  restartPolicy: Always
+status: {}

k8s/sampleYaml.yaml

@@ -0,0 +1,18 @@
+name: gerry
+citizenship: US
+height-in-cm: 197
+coder: true
+friends:
+  - Moe
+  - Larry
+  - Curly
+employees:
+  - name: Moe
+    position: dev
+  - name: Larry
+    position: ops
+  - name: Curly
+    position: devOps
+poem: |
+      Mary had a little lamb
+      It was very cute

k8s/sampleYamlAsJson.json

@@ -0,0 +1,26 @@
+{
+  "name": "gerry",
+  "citizenship": "US",
+  "height-in-cm": 197,
+  "coder": true,
+  "friends": [
+    "Moe",
+    "Larry",
+    "Curly"
+  ],
+  "employees": [
+    {
+      "name": "Moe",
+      "position": "dev"
+    },
+    {
+      "name": "Larry",
+      "position": "ops"
+    },
+    {
+      "name": "Curly",
+      "position": "devOps"
+    }
+  ],
+  "poem": "Mary had a little lamb\nIt was very cute\n"
+}

k8s/update-dashboard-yaml.sh

@@ -70,15 +70,4 @@ add_namespace() {
   kubectl create serviceaccount -n kubernetes-dashboard cluster-admin \
           -o yaml --dry-run=client \
           # 
-  echo ---
-  cat <<EOF
-apiVersion: v1
-kind: Secret
-type: kubernetes.io/service-account-token
-metadata:
-  name: cluster-admin-token
-  namespace: kubernetes-dashboard
-  annotations:
-    kubernetes.io/service-account.name: cluster-admin
-EOF
 ) > dashboard-with-token.yaml

netlify.toml

@@ -2,3 +2,4 @@
   base = "slides"
   publish = "slides"
   command = "./build.sh once"
+

prepare-local/provisioning.yml

@@ -1,10 +1,11 @@
 ---
 - hosts: nodes
-  become: yes
+  sudo: true
   vars_files:
     - vagrant.yml
 
   tasks:
+
     - name: clean up the home folder
       file:
         path: /home/vagrant/{{ item }}
@@ -23,23 +24,25 @@
 
     - name: installing dependencies
       apt:
-        name: apt-transport-https,ca-certificates,python3-pip,tmux
+        name: apt-transport-https,ca-certificates,python-pip,tmux
         state: present
         update_cache: true
 
     - name: fetching docker repo key
       apt_key:
-        url: https://download.docker.com/linux/ubuntu/gpg
-        state: present
+        keyserver: hkp://p80.pool.sks-keyservers.net:80
+        id: 58118E89F3A912897C070ADBF76221572C52609D
 
-    - name: adding docker repo
+    - name: adding package repos
       apt_repository:
-        repo: deb https://download.docker.com/linux/ubuntu focal stable
+        repo: "{{ item }}"
         state: present
+      with_items:
+        - deb https://apt.dockerproject.org/repo ubuntu-trusty main
 
     - name: installing docker
       apt:
-        name: docker-ce,docker-ce-cli,containerd.io,docker-compose-plugin
+        name: docker-engine
         state: present
         update_cache: true
 
@@ -53,7 +56,7 @@
       lineinfile:
         dest: /etc/default/docker
         line: DOCKER_OPTS="--host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:55555"
-        regexp: "^#?DOCKER_OPTS=.*$"
+        regexp: '^#?DOCKER_OPTS=.*$'
         state: present
       register: docker_opts
 
@@ -63,14 +66,22 @@
         state: restarted
       when: docker_opts is defined and docker_opts.changed
 
-    - name: install docker-compose from official github repo
-      get_url:
-        url: https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64
-        dest: /usr/local/bin/docker-compose
-        mode: "u+x,g+x"
+    - name: performing pip autoupgrade
+      pip:
+        name: pip
+        state: latest
+
+    - name: installing virtualenv
+      pip:
+        name: virtualenv
+        state: latest
+
+    - name: Install Docker Compose via PIP
+      pip: name=docker-compose
 
     - name:
-      file: path="/usr/local/bin/docker-compose"
+      file:
+        path="/usr/local/bin/docker-compose"
         state=file
         mode=0755
         owner=vagrant
@@ -117,3 +128,5 @@
           line: "127.0.0.1 localhost {{ inventory_hostname }}"
         - regexp: '^127\.0\.1\.1'
           line: "127.0.1.1 {{ inventory_hostname }}"
+
+

prepare-local/vagrant.yml

@@ -1,12 +1,13 @@
 ---
 vagrant:
-  default_box: ubuntu/focal64
+  default_box: ubuntu/trusty64
   default_box_check_update: true
   ssh_insert_key: false
   min_memory: 256
   min_cores: 1
 
 instances:
+
   - hostname: node1
     private_ip: 10.10.10.10
     memory: 1512
@@ -36,3 +37,6 @@ instances:
     private_ip: 10.10.10.50
     memory: 512
     cores: 1
+
+
+

prepare-tf/README.md

@@ -34,15 +34,28 @@ to that directory, then create the clusters using that configuration.
 
 - Scaleway: run `scw init`
 
-2. Run!
+2. Optional: set number of clusters, cluster size, and region.
+
+By default, 1 cluster will be configured, with 2 nodes, and auto-scaling up to 5 nodes.
+
+If you want, you can override these parameters, with the following variables.
 
 ```bash
-./run.sh <providername> <location> [number of clusters] [min nodes] [max nodes]
+export TF_VAR_how_many_clusters=5
+export TF_VAR_min_nodes_per_pool=2
+export TF_VAR_max_nodes_per_pool=4
+export TF_VAR_location=xxx
 ```
 
-If you don't specify a provider name, it will list available providers.
+The `location` variable is optional. Each provider should have a default value.
+The value of the `location` variable is provider-specific. Examples:
 
-If you don't specify a location, it will list locations available for this provider.
+| Provider      | Example value     | How to see possible values
+|---------------|-------------------|---------------------------
+| Digital Ocean | `ams3`            | `doctl compute region list`
+| Google Cloud  | `europe-north1-a` | `gcloud  compute zones list`
+| Linode        | `eu-central`      | `linode-cli regions list`
+| Oracle Cloud  | `eu-stockholm-1`  | `oci iam region list`
 
 You can also specify multiple locations, and then they will be
 used in round-robin fashion.
@@ -53,15 +66,22 @@ my requests to increase that quota were denied) you can do the
 following:
 
 ```bash
-LOCATIONS=$(gcloud compute zones list --format=json | jq -r .[].name | grep ^europe)
-./run.sh googlecloud "$LOCATIONS"
+export TF_VAR_location=$(gcloud compute zones list --format=json | jq -r .[].name | grep ^europe)
 ```
 
 Then when you apply, clusters will be created across all available
 zones in Europe. (When I write this, there are 20+ zones in Europe,
 so even with my quota, I can create 40 clusters.)
 
-3. Shutting down
+3. Run!
+
+```bash
+./run.sh <providername>
+```
+
+(If you don't specify a provider name, it will list available providers.)
+
+4. Shutting down
 
 Go to the directory that was created by the previous step (`tag-YYYY-MM...`)
 and run `terraform destroy`.
@@ -92,7 +112,7 @@ terraform init
 
 See steps above, and add the following extra steps:
 
-- Digital Ocean:
+- Digital Coean:
   ```bash
   export DIGITALOCEAN_ACCESS_TOKEN=$(grep ^access-token ~/.config/doctl/config.yaml | cut -d: -f2 | tr -d " ")
   ```
@@ -140,30 +160,3 @@ terraform destroy
 ```bash
 rm stage2/terraform.tfstate*
 ```
-
-10. Clean up leftovers.
-
-Some providers don't clean up properly the resources created by the CCM.
-For instance, when you create a Kubernetes `Service` of type
-`LoadBalancer`, it generally provisions a cloud load balancer.
-On Linode (and possibly other providers, too!) these cloud load balancers
-aren't deleted when the cluster gets deleted, and they keep incurring
-charges. You should check for those, to make sure that you don't
-get charged for resources that you don't use anymore. As I write this
-paragraph, there is:
-
-- `linode-delete-ccm-loadbalancers.sh` to delete the Linode
-  nodebalancers; but be careful: it deletes **all** the nodebalancers
-  whose name starts with `ccm-`, which means that if you still have
-  Kubernetes clusters, their load balancers will be deleted as well!
-
-- `linode-delete-pvc-volumes.sh` to delete Linode persistent disks
-  that have been created to satisfy Persistent Volume Claims
-  (these need to be removed manually because the default Storage Class
-  on Linode has a RETAIN policy). Again, be careful, this will wipe
-  out any volume whose label starts with `pvc`. (I don't know if it
-  will remove volumes that are still attached.)
-
-Eventually, I hope to add more scripts for other providers, and make
-them more selective and more robust, but for now, that's better than
-nothing.

prepare-tf/linode-delete-ccm-loadbalancers.sh

@@ -1,4 +0,0 @@
-#!/bin/sh
-linode-cli nodebalancers list --json | 
-  jq '.[] | select(.label | startswith("ccm-")) | .id' | 
-  xargs -n1 -P10 linode-cli nodebalancers delete

prepare-tf/linode-delete-pvc-volumes.sh

@@ -1,4 +0,0 @@
-#!/bin/sh
-linode-cli volumes list --json | 
-  jq '.[] | select(.label | startswith("pvc")) | .id' | 
-  xargs -n1 -P10 linode-cli volumes delete

prepare-tf/run.sh

@@ -3,37 +3,11 @@ set -e
 
 TIME=$(which time)
 
-if [ -f ~/.config/doctl/config.yaml ]; then
-  export DIGITALOCEAN_ACCESS_TOKEN=$(grep ^access-token ~/.config/doctl/config.yaml | cut -d: -f2 | tr -d " ")
-fi
-
-if [ -f ~/.config/linode-cli ]; then
-  export LINODE_TOKEN=$(grep ^token ~/.config/linode-cli | cut -d= -f2 | tr -d " ")
-fi
-
-[ "$1" ] || {
-  echo "Syntax:"
-  echo ""
-  echo "$0 <provider> <region> [how-many-clusters] [min-nodes] [max-nodes]"
-  echo ""
+PROVIDER=$1
+[ "$PROVIDER" ] || {
+  echo "Please specify a provider as first argument, or 'ALL' for parallel mode."
   echo "Available providers:"
   ls -1 source/modules
-  echo ""
-  echo "Leave the region empty to show available regions for this provider."
-  echo "You can also specify ALL as a provider to simultaneously provision"
-  echo "many clusters on *each* provider for benchmarking purposes."
-  echo ""
-  exit 1
-}
-
-PROVIDER="$1"
-export TF_VAR_location="$2"
-export TF_VAR_how_many_clusters="${3-1}"
-export TF_VAR_min_nodes_per_pool="${4-2}"
-export TF_VAR_max_nodes_per_pool="${5-4}"
-
-[ "$TF_VAR_location" ] || {
-  "./source/modules/$PROVIDER/list_locations.sh"
   exit 1
 }
 

prepare-tf/source/main.tf

@@ -62,11 +62,9 @@ resource "null_resource" "wait_for_nodes" {
       KUBECONFIG = local_file.kubeconfig[each.key].filename
     }
     command = <<-EOT
-      while sleep 1; do
-        kubectl get nodes --watch | grep --silent --line-buffered . &&
-        kubectl wait node --for=condition=Ready --all --timeout=10m &&
-        break
-      done
+      set -e
+      kubectl get nodes --watch | grep --silent --line-buffered .
+      kubectl wait node --for=condition=Ready --all --timeout=10m
       EOT
   }
 }

prepare-tf/source/modules/digitalocean/list_locations.sh

@@ -1,2 +0,0 @@
-#!/bin/sh
-doctl compute region list

prepare-tf/source/modules/googlecloud/list_locations.sh

@@ -1,2 +0,0 @@
-#!/bin/sh
-gcloud compute zones list

prepare-tf/source/modules/linode/list_locations.sh

@@ -1,2 +0,0 @@
-#!/bin/sh
-linode-cli regions list

prepare-tf/source/modules/oraclecloud/list_locations.sh

@@ -1,2 +0,0 @@
-#!/bin/sh
-oci iam region list

prepare-tf/source/modules/scaleway/list_locations.sh

@@ -1,6 +0,0 @@
-#!/bin/sh
-echo "# Note that this is hard-coded in $0.
-# I don't know if there is a way to list regions through the Scaleway API.
-fr-par
-nl-ams
-pl-waw"

prepare-tf/source/modules/scaleway/variables.tf

@@ -56,5 +56,5 @@ variable "location" {
 # scw k8s version list -o json | jq -r .[].name
 variable "k8s_version" {
   type    = string
-  default = "1.24.7"
+  default = "1.23.6"
 }

prepare-tf/source/stage2.tmpl

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = "2.16.1"
+      version = "2.7.1"
     }
   }
 }

prepare-vms/README.md

@@ -17,7 +17,6 @@ These tools can help you to create VMs on:
 - [Parallel SSH](https://github.com/lilydjwg/pssh)
   (should be installable with `pip install git+https://github.com/lilydjwg/pssh`;
   on a Mac, try `brew install pssh`)
-- [yq](https://github.com/kislyuk/yq)
 
 Depending on the infrastructure that you want to use, you also need to install
 the CLI that is specific to that cloud. For OpenStack deployments, you will

prepare-vms/infra/scaleway

@@ -1,3 +1,3 @@
 INFRACLASS=scaleway
 #SCW_INSTANCE_TYPE=DEV1-L
-SCW_ZONE=fr-par-2
+#SCW_ZONE=fr-par-2

prepare-vms/lib/commands.sh

@@ -131,8 +131,6 @@ set nowrap
 SQRL
 
     pssh -I "sudo -u $USER_LOGIN tee /home/$USER_LOGIN/.tmux.conf" <<SQRL
-set -g status-style bg=yellow,bold
-
 bind h select-pane -L
 bind j select-pane -D
 bind k select-pane -U
@@ -159,9 +157,6 @@ _cmd_clusterize() {
     TAG=$1
     need_tag
 
-    # Disable unattended upgrades so that they don't mess up with the subsequent steps
-    pssh sudo rm -f /etc/apt/apt.conf.d/50unattended-upgrades
-
     # Special case for scaleway since it doesn't come with sudo
     if [ "$INFRACLASS" = "scaleway" ]; then
         pssh -l root "
@@ -187,23 +182,9 @@ _cmd_clusterize() {
     pssh "
     if [ -f /etc/iptables/rules.v4 ]; then
         sudo sed -i 's/-A INPUT -j REJECT --reject-with icmp-host-prohibited//' /etc/iptables/rules.v4
-        sudo netfilter-persistent flush
         sudo netfilter-persistent start
     fi"
 
-    # oracle-cloud-agent upgrades pacakges in the background.
-    # This breaks our deployment scripts, because when we invoke apt-get, it complains
-    # that the lock already exists (symptom: random "Exited with error code 100").
-    # Workaround: if we detect oracle-cloud-agent, remove it.
-    # But this agent seems to also take care of installing/upgrading
-    # the unified-monitoring-agent package, so when we stop the snap,
-    # it can leave dpkg in a broken state. We "fix" it with the 2nd command.
-    pssh "
-    if [ -d /snap/oracle-cloud-agent ]; then
-        sudo snap remove oracle-cloud-agent
-        sudo dpkg --remove --force-remove-reinstreq unified-monitoring-agent
-    fi"
-
     # Copy settings and install Python YAML parser
     pssh -I tee /tmp/settings.yaml <tags/$TAG/settings.yaml
     pssh "
@@ -258,6 +239,14 @@ _cmd_docker() {
       sudo ln -sfn /mnt/docker /var/lib/docker
     fi
 
+    # containerd 1.6 breaks Weave.
+    # See https://github.com/containerd/containerd/issues/6921
+    sudo tee /etc/apt/preferences.d/containerd <<EOF
+Package: containerd.io
+Pin: version 1.5.*
+Pin-Priority: 1000
+EOF
+
     # This will install the latest Docker.
     sudo apt-get -qy install apt-transport-https ca-certificates curl software-properties-common
     curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
@@ -267,21 +256,19 @@ _cmd_docker() {
 
     # Add registry mirror configuration.
     if ! [ -f /etc/docker/daemon.json ]; then
-        sudo mkdir -p /etc/docker
         echo '{\"registry-mirrors\": [\"https://mirror.gcr.io\"]}' | sudo tee /etc/docker/daemon.json
         sudo systemctl restart docker
     fi
     "
 
     ##VERSION## https://github.com/docker/compose/releases
-    COMPOSE_VERSION=v2.11.1
-    COMPOSE_PLATFORM='linux-$(uname -m)'
-    
-    # Just in case you need Compose 1.X, you can use the following lines.
-    # (But it will probably only work for x86_64 machines.)
-    #COMPOSE_VERSION=1.29.2
-    #COMPOSE_PLATFORM='Linux-$(uname -m)'
-
+    if [ "$ARCHITECTURE" ]; then
+        COMPOSE_VERSION=v2.2.3
+        COMPOSE_PLATFORM='linux-$(uname -m)'
+    else
+        COMPOSE_VERSION=1.29.2
+        COMPOSE_PLATFORM='Linux-$(uname -m)'
+    fi
     pssh "
     set -e
     ### Install docker-compose.
@@ -359,8 +346,7 @@ EOF"
     pssh --timeout 200 "
     sudo apt-get update -q &&
     sudo apt-get install -qy kubelet kubeadm kubectl &&
-    sudo apt-mark hold kubelet kubeadm kubectl &&
-    kubeadm completion bash | sudo tee /etc/bash_completion.d/kubeadm &&
+    sudo apt-mark hold kubelet kubeadm kubectl
     kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl &&
     echo 'alias k=kubectl' | sudo tee /etc/bash_completion.d/k &&
     echo 'complete -F __start_kubectl k' | sudo tee -a /etc/bash_completion.d/k"
@@ -433,9 +419,8 @@ EOF
     # Install weave as the pod network
     pssh "
     if i_am_first_node; then
-        #kubever=\$(kubectl version | base64 | tr -d '\n') &&
-        #kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version=\$kubever
-        kubectl apply -f https://github.com/weaveworks/weave/releases/download/v2.8.1/weave-daemonset-k8s-1.11.yaml
+        kubever=\$(kubectl version | base64 | tr -d '\n') &&
+        kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version=\$kubever
     fi"
 
     # Join the other nodes to the cluster
@@ -493,13 +478,12 @@ _cmd_kubetools() {
     # Install kube-ps1
     pssh "
     set -e
-    if ! [ -d /opt/kube-ps1 ]; then
+    if ! [ -f /etc/profile.d/kube-ps1.sh ]; then
       cd /tmp
       git clone https://github.com/jonmosco/kube-ps1
-      sudo mv kube-ps1 /opt/kube-ps1
+      sudo cp kube-ps1/kube-ps1.sh /etc/profile.d/kube-ps1.sh
       sudo -u $USER_LOGIN sed -i s/docker-prompt/kube_ps1/ /home/$USER_LOGIN/.bashrc &&
       sudo -u $USER_LOGIN tee -a /home/$USER_LOGIN/.bashrc <<EOF
-. /opt/kube-ps1/kube-ps1.sh
 KUBE_PS1_PREFIX=""
 KUBE_PS1_SUFFIX=""
 KUBE_PS1_SYMBOL_ENABLE="false"
@@ -510,13 +494,13 @@ EOF
 
     # Install stern
     ##VERSION## https://github.com/stern/stern/releases
-    STERN_VERSION=1.22.0
+    STERN_VERSION=1.20.1
     FILENAME=stern_${STERN_VERSION}_linux_${ARCH}
     URL=https://github.com/stern/stern/releases/download/v$STERN_VERSION/$FILENAME.tar.gz
     pssh "
     if [ ! -x /usr/local/bin/stern ]; then
         curl -fsSL $URL |
-        sudo tar -C /usr/local/bin -zx stern
+        sudo tar -C /usr/local/bin -zx --strip-components=1 $FILENAME/stern
         sudo chmod +x /usr/local/bin/stern
         stern --completion bash | sudo tee /etc/bash_completion.d/stern
         stern --version
@@ -532,7 +516,7 @@ EOF
 
     # Install kustomize
     ##VERSION## https://github.com/kubernetes-sigs/kustomize/releases
-    KUSTOMIZE_VERSION=v4.5.7
+    KUSTOMIZE_VERSION=v4.4.0
     URL=https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_${ARCH}.tar.gz
     pssh "
     if [ ! -x /usr/local/bin/kustomize ]; then
@@ -551,7 +535,7 @@ EOF
     if [ ! -x /usr/local/bin/ship ]; then
         ##VERSION##
         curl -fsSL https://github.com/replicatedhq/ship/releases/download/v0.51.3/ship_0.51.3_linux_$ARCH.tar.gz |
-            sudo tar -C /usr/local/bin -zx ship
+             sudo tar -C /usr/local/bin -zx ship
     fi"
 
     # Install the AWS IAM authenticator
@@ -559,8 +543,8 @@ EOF
     if [ ! -x /usr/local/bin/aws-iam-authenticator ]; then
         ##VERSION##
         sudo curl -fsSLo /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.12.7/2019-03-27/bin/linux/$ARCH/aws-iam-authenticator
-	      sudo chmod +x /usr/local/bin/aws-iam-authenticator
-        aws-iam-authenticator version
+	sudo chmod +x /usr/local/bin/aws-iam-authenticator
+    aws-iam-authenticator version
     fi"
 
     # Install the krew package manager
@@ -577,7 +561,7 @@ EOF
     # Install k9s
     pssh "
     if [ ! -x /usr/local/bin/k9s ]; then
-        FILENAME=k9s_Linux_$ARCH.tar.gz &&
+        FILENAME=k9s_Linux_$HERP_DERP_ARCH.tar.gz &&
         curl -fsSL https://github.com/derailed/k9s/releases/latest/download/\$FILENAME |
         sudo tar -zxvf- -C /usr/local/bin k9s
         k9s version
@@ -602,7 +586,6 @@ EOF
         FILENAME=tilt.\$TILT_VERSION.linux.$TILT_ARCH.tar.gz
         curl -fsSL https://github.com/tilt-dev/tilt/releases/download/v\$TILT_VERSION/\$FILENAME |
         sudo tar -zxvf- -C /usr/local/bin tilt
-        tilt completion bash | sudo tee /etc/bash_completion.d/tilt
         tilt version
     fi"
 
@@ -611,7 +594,6 @@ EOF
     if [ ! -x /usr/local/bin/skaffold ]; then
         curl -fsSLo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-$ARCH &&
         sudo install skaffold /usr/local/bin/
-        skaffold completion bash | sudo tee /etc/bash_completion.d/skaffold
         skaffold version
     fi"
 
@@ -620,28 +602,9 @@ EOF
     if [ ! -x /usr/local/bin/kompose ]; then
         curl -fsSLo kompose https://github.com/kubernetes/kompose/releases/latest/download/kompose-linux-$ARCH &&
         sudo install kompose /usr/local/bin
-        kompose completion bash | sudo tee /etc/bash_completion.d/kompose
         kompose version
     fi"
 
-    # Install KinD
-    pssh "
-    if [ ! -x /usr/local/bin/kind ]; then
-        curl -fsSLo kind https://github.com/kubernetes-sigs/kind/releases/latest/download/kind-linux-$ARCH &&
-        sudo install kind /usr/local/bin
-        kind completion bash | sudo tee /etc/bash_completion.d/kind
-        kind version
-    fi"
-
-    # Install YTT
-    pssh "
-    if [ ! -x /usr/local/bin/ytt ]; then
-        curl -fsSLo ytt https://github.com/vmware-tanzu/carvel-ytt/releases/latest/download/ytt-linux-$ARCH &&
-        sudo install ytt /usr/local/bin
-        ytt completion bash | sudo tee /etc/bash_completion.d/ytt
-        ytt version
-    fi"
-
     ##VERSION## https://github.com/bitnami-labs/sealed-secrets/releases
     KUBESEAL_VERSION=0.17.4
     #case $ARCH in

prepare-vms/map-dns.py

@@ -36,7 +36,7 @@ if os.path.isfile(domain_or_domain_file):
     clusters = [line.split() for line in lines]
   else:
     ips = open(f"tags/{ips_file_or_tag}/ips.txt").read().split()
-    settings_file = f"tags/{ips_file_or_tag}/settings.yaml"
+    settings_file = f"tags/{tag}/settings.yaml"
     clustersize = yaml.safe_load(open(settings_file))["clustersize"]
     clusters = []
     while ips:

prepare-vms/netlify-dns.sh

@@ -17,17 +17,8 @@
   exit 1
 }
 
-NETLIFY_CONFIG_FILE=~/.config/netlify/config.json
-
-if ! [ -f "$NETLIFY_CONFIG_FILE" ]; then
-  echo "Could not find Netlify configuration file ($NETLIFY_CONFIG_FILE)."
-  echo "Try to run the following command, and try again:"
-  echo "npx netlify-cli login"
-  exit 1
-fi
-
-NETLIFY_USERID=$(jq .userId < "$NETLIFY_CONFIG_FILE")
-NETLIFY_TOKEN=$(jq -r .users[$NETLIFY_USERID].auth.token < "$NETLIFY_CONFIG_FILE")
+NETLIFY_USERID=$(jq .userId < ~/.config/netlify/config.json)
+NETLIFY_TOKEN=$(jq -r .users[$NETLIFY_USERID].auth.token < ~/.config/netlify/config.json)
 
 netlify() {
   URI=$1

prepare-vms/terraform/azure/main.tf

@@ -1,71 +0,0 @@
-resource "azurerm_resource_group" "_" {
-  name          = var.prefix
-  location = var.location
-}
-
-resource "azurerm_public_ip" "_" {
-  count               = var.how_many_nodes
-  name                = format("%s-%04d", var.prefix, count.index + 1)
-  location            = azurerm_resource_group._.location
-  resource_group_name = azurerm_resource_group._.name
-  allocation_method = "Dynamic"
-}
-
-resource "azurerm_network_interface" "_" {
-  count               = var.how_many_nodes
-  name                = format("%s-%04d", var.prefix, count.index + 1)
-  location            = azurerm_resource_group._.location
-  resource_group_name = azurerm_resource_group._.name
-
-  ip_configuration {
-    name                          = "internal"
-    subnet_id                     = azurerm_subnet._.id
-    private_ip_address_allocation = "Dynamic"
-    public_ip_address_id = azurerm_public_ip._[count.index].id
-  }
-}
-
-resource "azurerm_linux_virtual_machine" "_" {
-  count               = var.how_many_nodes
-  name                = format("%s-%04d", var.prefix, count.index + 1)
-  resource_group_name = azurerm_resource_group._.name
-  location            = azurerm_resource_group._.location
-  size                = var.size
-  admin_username      = "ubuntu"
-  network_interface_ids = [
-    azurerm_network_interface._[count.index].id,
-  ]
-
-  admin_ssh_key {
-    username   = "ubuntu"
-    public_key = local.authorized_keys
-  }
-
-  os_disk {
-    caching              = "ReadWrite"
-    storage_account_type = "Standard_LRS"
-  }
-
-  source_image_reference {
-    publisher = "Canonical"
-    offer     = "UbuntuServer"
-    sku       = "18.04-LTS" # FIXME
-    version   = "latest"
-  }
-}
-
-# The public IP address only gets allocated when the address actually gets
-# attached to the virtual machine. So we need to do this extra indrection
-# to retrieve the IP addresses. Otherwise the IP addresses show up as blank.
-# See: https://github.com/hashicorp/terraform-provider-azurerm/issues/310#issuecomment-335479735
-
-data "azurerm_public_ip" "_" {
-  count               = var.how_many_nodes
-  name                = format("%s-%04d", var.prefix, count.index + 1)
-  resource_group_name = azurerm_resource_group._.name
-  depends_on = [azurerm_linux_virtual_machine._]
-}
-
-output "ip_addresses" {
-  value = join("", formatlist("%s\n", data.azurerm_public_ip._.*.ip_address))
-}

prepare-vms/terraform/azure/network.tf

@@ -1,13 +0,0 @@
-resource "azurerm_virtual_network" "_" {
-  name                = "tf-vnet"
-  address_space       = ["10.10.0.0/16"]
-  location            = azurerm_resource_group._.location
-  resource_group_name = azurerm_resource_group._.name
-}
-
-resource "azurerm_subnet" "_" {
-  name                 = "tf-subnet"
-  resource_group_name  = azurerm_resource_group._.name
-  virtual_network_name = azurerm_virtual_network._.name
-  address_prefixes     = ["10.10.0.0/20"]
-}

prepare-vms/terraform/azure/provider.tf

@@ -1,13 +0,0 @@
-terraform {
-  required_version = ">= 1"
-  required_providers {
-    azurerm = {
-      source  = "hashicorp/azurerm"
-      version = "=3.33.0"
-    }
-  }
-}
-
-provider "azurerm" {
-  features {}
-}

prepare-vms/terraform/azure/variables.tf

@@ -1,32 +0,0 @@
-variable "prefix" {
-  type    = string
-  default = "provisioned-with-terraform"
-}
-
-variable "how_many_nodes" {
-  type    = number
-  default = 2
-}
-
-locals {
-  authorized_keys = file("~/.ssh/id_rsa.pub")
-}
-
-/*
-Available sizes:
-"Standard_D11_v2" # CPU=2 RAM=14
-"Standard_F4s_v2" # CPU=4 RAM=8
-"Standard_D1_v2"  # CPU=1 RAM=3.5
-"Standard_B1ms"   # CPU=1 RAM=2
-"Standard_B2s"    # CPU=2 RAM=4
-*/
-
-variable "size" {
-  type    = string
-  default = "Standard_F4s_v2"
-}
-
-variable "location" {
-  type    = string
-  default = "South Africa North"
-}

slides/1.yml

@@ -1,68 +0,0 @@
-title: |
-  Docker Intensif
-
-chat: "[Mattermost](https://highfive.container.training/mattermost)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://2023-01-enix.container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-content:
-- shared/title.md
-- logistics.md
-- containers/intro.md
-- shared/about-slides.md
-- shared/chat-room-im.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
-- # DAY 1
-  #- containers/Docker_Overview.md
-  #- containers/Docker_History.md
-  - containers/Training_Environment.md
-  #- containers/Installing_Docker.md
-  - containers/First_Containers.md
-  - containers/Background_Containers.md
-  - containers/Initial_Images.md
-  - containers/Building_Images_Interactively.md
-  - containers/Building_Images_With_Dockerfiles.md
-  - containers/Cmd_And_Entrypoint.md
-  - containers/Copying_Files_During_Build.md
-  - containers/Exercise_Dockerfile_Basic.md
-- # DAY 2
-  - containers/Container_Networking_Basics.md
-  - containers/Local_Development_Workflow.md
-  - containers/Container_Network_Model.md
-  - containers/Compose_For_Dev_Stacks.md
-  - containers/Exercise_Composefile.md
-- # DAY 3
-  - containers/Start_And_Attach.md
-  - containers/Naming_And_Inspecting.md
-  - containers/Labels.md
-  - containers/Getting_Inside.md
-  - containers/Dockerfile_Tips.md
-  - containers/Advanced_Dockerfiles.md
-  - containers/Multi_Stage_Builds.md
-  - containers/Publishing_To_Docker_Hub.md
-  - containers/Exercise_Dockerfile_Advanced.md
-- # DAY 4
-  - containers/Buildkit.md
-  - containers/Network_Drivers.md
-  - containers/Namespaces_Cgroups.md
-  #- containers/Copy_On_Write.md
-  - containers/Orchestration_Overview.md
-  #- containers/Docker_Machine.md
-  #- containers/Init_Systems.md
-  #- containers/Application_Configuration.md
-  #- containers/Logging.md
-  #- containers/Containers_From_Scratch.md
-  #- containers/Container_Engines.md
-  #- containers/Pods_Anatomy.md
-  #- containers/Ecosystem.md
-  - shared/thankyou.md
-  #- containers/links.md

slides/3.yml

@@ -1,42 +0,0 @@
-title: |
-  Packaging d'applications
-  pour Kubernetes
-
-chat: "[Mattermost](https://highfive.container.training/mattermost)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://2023-01-enix.container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-content:
-- shared/title.md
-- logistics.md
-- k8s/intro.md
-- shared/about-slides.md
-- shared/prereqs.md
-- shared/webssh.md
-- shared/connecting.md
-#- shared/chat-room-im.md
-#- shared/chat-room-zoom.md
-- shared/toc.md
--
-  - k8s/demo-apps.md
-  - k8s/kustomize.md
-  - k8s/helm-intro.md
-  - k8s/helm-chart-format.md
-  - k8s/helm-create-basic-chart.md
-  - exercises/helm-generic-chart-details.md
--
-  - k8s/helm-create-better-chart.md
-  - k8s/helm-dependencies.md
-  - k8s/helm-values-schema-validation.md
-  - k8s/helm-secrets.md
-  - exercises/helm-umbrella-chart-details.md
--
-  - k8s/ytt.md
-  - shared/thankyou.md

slides/4.yml

@@ -1,69 +0,0 @@
-title: |
-  Kubernetes Avancé
-
-chat: "[Mattermost](https://highfive.container.training/mattermost)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://2023-01-enix.container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-content:
-- shared/title.md
-- logistics.md
-- k8s/intro.md
-- shared/about-slides.md
-- shared/chat-room-im.md
-#- shared/chat-room-zoom.md
-- shared/prereqs.md
-- shared/webssh.md
-- shared/connecting.md
-- shared/toc.md
-- exercises/netpol-brief.md
-- exercises/sealed-secrets-brief.md
-- exercises/kyverno-ingress-domain-name-brief.md
-- #1
-  - k8s/demo-apps.md
-  - k8s/netpol.md
-  - k8s/authn-authz.md
-  - k8s/sealed-secrets.md
-  - k8s/cert-manager.md
-  - k8s/cainjector.md
-  - k8s/ingress-tls.md
-  - exercises/netpol-details.md
-  - exercises/sealed-secrets-details.md
-- #2
-  - k8s/extending-api.md
-  - k8s/crd.md
-  - k8s/operators.md
-  - k8s/admission.md
-  - k8s/cainjector.md
-  - k8s/kyverno.md
-  - exercises/kyverno-ingress-domain-name-details.md
-- #3
-  - k8s/resource-limits.md
-  - k8s/metrics-server.md
-  - k8s/cluster-sizing.md
-  - k8s/horizontal-pod-autoscaler.md
-  - k8s/apiserver-deepdive.md
-  - k8s/aggregation-layer.md
-  - k8s/hpa-v2.md
-- #4
-  - k8s/statefulsets.md
-  - k8s/consul.md
-  - k8s/pv-pvc-sc.md
-  - k8s/volume-claim-templates.md
-  #- k8s/eck.md
-  #- k8s/portworx.md
-  - k8s/openebs.md
-  - k8s/stateful-failover.md
-  - k8s/operators-design.md
-  - k8s/operators-example.md
-  - k8s/owners-and-dependents.md
-  - k8s/events.md
-  - k8s/finalizers.md
-  - shared/thankyou.md

slides/5.yml

@@ -1,58 +0,0 @@
-title: |
-  Opérer Kubernetes
-
-chat: "[Mattermost](https://highfive.container.training/mattermost)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://2023-01-enix.container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-content:
-- shared/title.md
-- logistics.md
-- k8s/intro.md
-- shared/about-slides.md
-- shared/chat-room-im.md
-#- shared/chat-room-zoom-meeting.md
-#- shared/chat-room-zoom-webinar.md
-- shared/toc.md
-# DAY 1
--
-  - k8s/prereqs-admin.md
-  - k8s/architecture.md
-  - k8s/deploymentslideshow.md
-  - k8s/dmuc.md
--
-  - k8s/multinode.md
-  - k8s/cni.md
-  - k8s/interco.md
--
-  - k8s/cni-internals.md
-  - k8s/apilb.md
-  - k8s/internal-apis.md
-  - k8s/staticpods.md
-  - k8s/cluster-upgrade.md
-  - k8s/cluster-backup.md
-  #- k8s/cloud-controller-manager.md
--
-  - k8s/control-plane-auth.md
-  - k8s/user-cert.md
-  - k8s/csr-api.md
-  - k8s/openid-connect.md
-  - k8s/pod-security-intro.md
-  - k8s/pod-security-policies.md
-  - k8s/pod-security-admission.md
-  - shared/thankyou.md
-#-
-#  |
-#  # (Extra content)
-#  - k8s/apiserver-deepdive.md
-#  - k8s/setup-overview.md
-#  - k8s/setup-devel.md
-#  - k8s/setup-managed.md
-#  - k8s/setup-selfhosted.md

slides/_redirects

@@ -2,6 +2,7 @@
 #/ /kube-halfday.yml.html 200!
 #/ /kube-fullday.yml.html 200!
 #/ /kube-twodays.yml.html 200!
+/ /kube.yml.html 200!
 
 # And this allows to do "git clone https://container.training".
 /info/refs service=git-upload-pack https://github.com/jpetazzo/container.training/info/refs?service=git-upload-pack
@@ -23,5 +24,3 @@
 
 # Survey form
 /please https://docs.google.com/forms/d/e/1FAIpQLSfIYSgrV7tpfBNm1hOaprjnBHgWKn5n-k5vtNXYJkOX1sRxng/viewform
-
-/ /highfive.html 200!

slides/autopilot/package-lock.json

@@ -194,9 +194,9 @@
       }
     },
     "node_modules/engine.io": {
-      "version": "6.2.1",
-      "resolved": "https://registry.npmjs.org/engine.io/-/engine.io-6.2.1.tgz",
-      "integrity": "sha512-ECceEFcAaNRybd3lsGQKas3ZlMVjN3cyWwMP25D2i0zWfyiytVbTpRPa34qrr+FHddtpBVOmq4H/DCv1O0lZRA==",
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/engine.io/-/engine.io-6.2.0.tgz",
+      "integrity": "sha512-4KzwW3F3bk+KlzSOY57fj/Jx6LyRQ1nbcyIadehl+AnXjKT7gDO0ORdRi/84ixvMKTym6ZKuxvbzN62HDDU1Lg==",
       "dependencies": {
         "@types/cookie": "^0.4.1",
         "@types/cors": "^2.8.12",
@@ -742,9 +742,9 @@
       "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
     },
     "node_modules/socket.io-client/node_modules/socket.io-parser": {
-      "version": "4.2.1",
-      "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.1.tgz",
-      "integrity": "sha512-V4GrkLy+HeF1F/en3SpUaM+7XxYXpuMUWLGde1kSSh5nQMN4hLrbPIkD+otwh6q9R6NOQBN4AMaOZ2zVjui82g==",
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.0.tgz",
+      "integrity": "sha512-tLfmEwcEwnlQTxFB7jibL/q2+q8dlVQzj4JdRLJ/W/G1+Fu9VSxCx1Lo+n1HvXxKnM//dUuD0xgiA7tQf57Vng==",
       "dependencies": {
         "@socket.io/component-emitter": "~3.1.0",
         "debug": "~4.3.1"
@@ -754,9 +754,9 @@
       }
     },
     "node_modules/socket.io-parser": {
-      "version": "4.0.5",
-      "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.0.5.tgz",
-      "integrity": "sha512-sNjbT9dX63nqUFIOv95tTVm6elyIU4RvB1m8dOeZt+IgWwcWklFDOdmGcfo3zSiRsnR/3pJkjY5lfoGqEe4Eig==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.0.4.tgz",
+      "integrity": "sha512-t+b0SS+IxG7Rxzda2EVvyBZbvFPBCjJoyHuE0P//7OAsN23GItzDRdWa6ALxZI/8R5ygK7jAR6t028/z+7295g==",
       "dependencies": {
         "@types/component-emitter": "^1.2.10",
         "component-emitter": "~1.3.0",
@@ -1033,9 +1033,9 @@
       "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w=="
     },
     "engine.io": {
-      "version": "6.2.1",
-      "resolved": "https://registry.npmjs.org/engine.io/-/engine.io-6.2.1.tgz",
-      "integrity": "sha512-ECceEFcAaNRybd3lsGQKas3ZlMVjN3cyWwMP25D2i0zWfyiytVbTpRPa34qrr+FHddtpBVOmq4H/DCv1O0lZRA==",
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/engine.io/-/engine.io-6.2.0.tgz",
+      "integrity": "sha512-4KzwW3F3bk+KlzSOY57fj/Jx6LyRQ1nbcyIadehl+AnXjKT7gDO0ORdRi/84ixvMKTym6ZKuxvbzN62HDDU1Lg==",
       "requires": {
         "@types/cookie": "^0.4.1",
         "@types/cors": "^2.8.12",
@@ -1456,9 +1456,9 @@
           "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
         },
         "socket.io-parser": {
-          "version": "4.2.1",
-          "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.1.tgz",
-          "integrity": "sha512-V4GrkLy+HeF1F/en3SpUaM+7XxYXpuMUWLGde1kSSh5nQMN4hLrbPIkD+otwh6q9R6NOQBN4AMaOZ2zVjui82g==",
+          "version": "4.2.0",
+          "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.0.tgz",
+          "integrity": "sha512-tLfmEwcEwnlQTxFB7jibL/q2+q8dlVQzj4JdRLJ/W/G1+Fu9VSxCx1Lo+n1HvXxKnM//dUuD0xgiA7tQf57Vng==",
           "requires": {
             "@socket.io/component-emitter": "~3.1.0",
             "debug": "~4.3.1"
@@ -1467,9 +1467,9 @@
       }
     },
     "socket.io-parser": {
-      "version": "4.0.5",
-      "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.0.5.tgz",
-      "integrity": "sha512-sNjbT9dX63nqUFIOv95tTVm6elyIU4RvB1m8dOeZt+IgWwcWklFDOdmGcfo3zSiRsnR/3pJkjY5lfoGqEe4Eig==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.0.4.tgz",
+      "integrity": "sha512-t+b0SS+IxG7Rxzda2EVvyBZbvFPBCjJoyHuE0P//7OAsN23GItzDRdWa6ALxZI/8R5ygK7jAR6t028/z+7295g==",
       "requires": {
         "@types/component-emitter": "^1.2.10",
         "component-emitter": "~1.3.0",

slides/b

@@ -0,0 +1 @@
+./markmaker.py kube.yml >out.html

slides/containers/Ambassadors.md

@@ -19,7 +19,7 @@ They abstract the connection details for this services, and can help with:
 
 * fail over (how do I know to which instance of a replicated service I should connect?)
 
-* load balancing (how do I spread my requests across multiple instances of a service?)
+* load balancing (how to I spread my requests across multiple instances of a service?)
 
 * authentication (what if my service requires credentials, certificates, or otherwise?)
 

slides/containers/Container_Networking_Basics.md

@@ -35,7 +35,7 @@ At the end of this section, you will be able to:
 
 ---
 
-## Running an NGINX server
+## Runing an NGINX server
 
 ```bash
 $ docker run -d -P nginx

slides/containers/Getting_Inside.md

@@ -100,7 +100,11 @@ _We will give more details about namespaces and cgroups later._
 * But it is easier to use `docker exec`.
 
 ```bash
-$ docker exec -ti ticktock sh
+$ docker ps -lq       # Get Last Container ID
+17e4e95e2702
+$ docker exec 17
+
+$ docker exec -ti $(docker ps -lq) sh  # bash-fu version
 ```
 
 * This creates a new process (running `sh`) _inside_ the container.

slides/containers/High_Level_View.md

@@ -0,0 +1,20 @@
+
+class: title
+
+# High Level Discussion
+
+![image](images/title-understanding-docker-images.png)
+
+---
+
+## White Board Topics  
+
+* What is the real problem that containers solve?
+* What are the inputs to a Unix Process?
+* What is the init Process?
+* Userland vs Kernel
+* The Root File System
+* What is an Overlay File System?
+* Wrapping it all up to represent a container image
+* Deploying Container images
+

slides/containers/Macro_View.md

@@ -0,0 +1,318 @@
+
+
+class: title
+
+# A Macroscopic View
+
+---
+
+## Macroscopic Items
+
+* The business case for containers
+
+* The problem containers are solving
+
+* What applications need
+
+* What is the OS doing provides?
+
+---
+
+## What do CIOs worry about?
+
+Who are the CIO's customers?
+
+* Business Units: Need Computers to Run Applications
+  * Peak Capacity
+
+* CFO: Demanding Budget Justifications
+  * Spend Less
+
+---
+
+## History of Solutions
+
+For Each Business Application Buy a Machine
+
+* Buy a machine for each application
+
+  * Big enough for Peak Load (CPU, Memory, Disk)
+  
+The Age of VMs
+
+* Buy bigger machines and chop them up into logical machines
+
+  * Distribute your applications as VMs theses machines
+
+* Observe what and when the application load  actually is
+
+  * Possibly rebalance be to inform possibly moving
+
+But Maintaining Machines (Bare Metal or VM) is hard (Patches, Packages, Drivers, etc)
+
+---
+
+## What Developers and Ops worry about
+
+* Getting Software deployed
+
+* Mysterious reasons why deployed application doesn't work
+
+    * Developer to Ops:
+
+        * "Hey it works on my development machine..."
+        
+        * "I don't know why it isn't working for ***you***"
+
+        * "Everything ***looks*** the same"
+
+        * "I have no idea what could be different"  
+
+---
+
+## The History of Software Deployment
+
+Software Deployment is just a reproducible way to install files:
+
+* Cards
+
+* Tapes
+
+* Floppy Disks
+
+* Zip/Tar Files
+
+* Installation "Files" (rpm/deb/msi)
+
+* VM Images
+
+---
+
+## What is the Problem Containers are Solving?
+
+It depends on who you are:
+
+  * For the CIO: Better resource utilization
+
+  * For Ops: Software Distribution
+  
+  * For the Developer & Ops: Reproducible Environment
+
+<BR><BR>
+
+Ummm, but what exactly are containers....
+
+  * Wait a few more slides...
+
+---
+
+## Macroscopic view: Applications and the OS
+
+Applications:
+
+* What are the inputs/outputs to a program?
+
+The OS:
+
+* What does the OS provide?
+
+---
+
+## What are the inputs/outputs to a program?
+
+Explicitly:
+* Command Line Arguments
+* Environment Variables
+* Standard In
+* Standard Out/Err
+
+Implicitly (via the File System):
+
+* Configuration Files
+* Other Installed Applications
+* Any other files
+
+Also Implicitly
+
+* Memory
+* Network
+
+    
+---
+
+
+## What does the OS provide?
+
+* OS Kernel
+    * Kernel loded at boot time
+        * Sets up disk drives, network cards, other hardware, etc
+        * Manages all hardware, processes, memory, etc
+    * Kernel Space
+        * Low level innards of Kernel (fluid internal API)
+        * No direct access by applications of most Kernel functionality
+
+
+* User Space (userland) Processes
+    * Code running outside the Kernel
+    * Very stable shim library access from User Space to Kernel Space (Think "fopen")
+
+* The "init" Process
+    * User Space Process run after Kernel has booted
+    * Always PID 1
+
+---
+
+## OS Processes
+
+* Created when an application is launched
+    *  Each has a unique Process ID (PID)
+
+* Provides it its own logical 'view' of all implicit inputs/output when launching app
+    * File System ( root directory, / )
+    * Memory
+    * Network Adaptors
+    * Other running processes
+
+---
+
+## What do we mean by "The OS"
+
+Different Linux's
+
+* Ubuntu / Debian; Centos / RHEL; Raspberry Pi; etc
+
+What do they have in common?
+
+* They all have a kernel that provides access to Userland (ie fopen)
+
+* They typically have all the commands (bash, sh, ls, grep, ...)
+
+What may be different?
+
+* May use different versions of the Kernel (4.18, 5.4, ...)
+    * Internally different, but providing same Userland API
+
+* Many other bundled commands, packages and package management tools
+    * Namely what makes it 'Debian' vs 'Centos'
+
+---
+
+## What might a 'Minimal' Linux be?
+
+You could actually just have:
+
+* A Linux Kernel
+
+* An application (for simplicity a statically linked C program)
+
+* The kernel configured to run that application as its 'init' process
+
+Would you ever do this?
+
+* Why not? 
+
+    * It certainly would be very secure
+    
+---
+
+## So Finally... What are Containers?
+
+Containers just a Linux process that 'thinks' it is it's own machine
+
+* With its own 'view' of things like:
+    * File System ( root directory, / ), Memory, Network Adaptors, Other running processes
+
+* Leverages our understanding that a (logical) Linux Machine is 
+    * A kernel
+    * A bunch of files ( Maybe a few Environment Variables )
+
+Since it is a process running on a host machine
+
+* It uses the kernel of the host machine
+* And of course you need some tools to create the running container process
+
+---
+
+## Container Runtimes and Container Images
+
+The Linux kernel actually has no concept of a container.
+
+* There have been many 'container' technologies
+
+* See [A Brief History of containers: From the 1970's till now](https://blog.aquasec.com/a-brief-history-of-containers-from-1970s-chroot-to-docker-2016)
+
+* Over the years more capabilities have been added to the kernel to make it easier
+
+<BR>
+A 'Container technology' is:
+
+* A Container Image Format of the unit of software deployment
+    * A bundle of all the files and miscellaneous configuration 
+
+* A Container Runtime Engine
+    * Software that takes a Container Image and creates a running container
+
+---
+
+## The Container Runtime War is now Over
+
+The Cloud Native Computing Foundation (CNCF) has standardized containers
+
+* A standard container image format
+
+* A standard for building and configuring container runtimes
+
+* A standard REST API for loading/downloading container image to a registries 
+
+There primary Container Runtimes are:
+
+* containerd: using the 'docker' Command Line Interface (or Kubernetes)
+
+* CRI-O: using the 'podman' Command Line Interface (or Kubernetes/OpenShift)
+
+* Others exists, for example Singularity which has a history in HPC
+
+---
+
+## Linux Namespaces Makes Containers Possible
+
+- Provide processes with their own isolated view of the system.
+
+    - Namespaces limit what you can see (and therefore, what you can use).
+
+- These namespaces are available in modern kernels:
+
+  - pid: processes
+  - net: network
+  - mnt: root file system (ie chroot)
+  - uts: hostname
+  - ipc
+  - user: UID/GID mapping
+  - time: time
+  - cgroup: Resource Monitoring and Limiting
+
+- Each process belongs to one namespace of each type.
+
+---
+
+## Namespaces are always active
+
+- Namespaces exist even when you don't use containers.
+
+- This is a bit similar to the UID field in UNIX processes:
+
+  - all processes have the UID field, even if no user exists on the system
+
+  - the field always has a value / the value is always defined
+    <br/>
+    (i.e. any process running on the system has some UID)
+
+  - the value of the UID field is used when checking permissions
+    <br/>
+    (the UID field determines which resources the process can access)
+
+- You can replace "UID field" with "namespace" above and it still works!
+
+- In other words: even when you don't use containers,
+  <br/>there is one namespace of each type, containing all the processes on the system.
+

slides/containers/Training_Environment_And_Tmux.md

@@ -0,0 +1,224 @@
+
+class: title
+
+# Our training environment
+
+![SSH terminal](images/title-our-training-environment.jpg)
+
+
+---
+
+class: in-person
+
+## Connecting to your Virtual Machine
+
+You need an SSH client.
+
+* On OS X, Linux, and other UNIX systems, just use `ssh`:
+
+```bash
+$ ssh <login>@<ip-address>
+```
+
+* On Windows, if you don't have an SSH client, you can download:
+
+  * Putty (www.putty.org)
+
+  * Git BASH (https://git-for-windows.github.io/)
+
+  * MobaXterm (https://mobaxterm.mobatek.net/)
+  
+---
+
+class: in-person
+
+## Connecting to our lab environment
+
+.lab[
+
+- Log into your VM with your SSH client:
+  ```bash
+  ssh `user`@`A.B.C.D`
+  ```
+
+  (Replace `user` and `A.B.C.D` with the user and IP address provided to you)
+
+
+]
+
+You should see a prompt looking like this:
+```
+[A.B.C.D] (...) user@node1 ~
+$
+```
+If anything goes wrong — ask for help!
+
+---
+## Our Docker VM
+
+About the Lab VM
+
+- The VM is created just before the training.
+
+- It will stay up during the whole training.
+
+- It will be destroyed shortly after the training.
+
+- It comes pre-loaded with Docker and some other useful tools.
+
+---
+
+## Why don't we run Docker locally?
+
+- I can log into your VMs to help you with labs
+
+- Installing docker is out of the scope of this class (lots of online docs)
+
+    - It's better to spend time learning containers than fiddling with the installer!
+
+---
+class: in-person
+
+## `tailhist`
+
+- The shell history of the instructor is available online in real time
+
+- Note the IP address of the instructor's virtual machine (A.B.C.D)
+
+- Open http://A.B.C.D:1088 in your browser and you should see the history
+
+- The history is updated in real time  (using a WebSocket connection)
+
+- It should be green when the WebSocket is connected
+
+  (if it turns red, reloading the page should fix it)
+
+- If you want to play with it on your lab machine, tailhist is installed
+
+    - sudo apt install firewalld
+    - sudo firewall-cmd --add-port=1088/tcp
+---
+
+## Checking your Virtual Machine
+
+Once logged in, make sure that you can run a basic Docker command:
+
+.small[
+```bash
+$ docker version
+Client:
+ Version:       18.03.0-ce
+ API version:   1.37
+ Go version:    go1.9.4
+ Git commit:    0520e24
+ Built:         Wed Mar 21 23:10:06 2018
+ OS/Arch:       linux/amd64
+ Experimental:  false
+ Orchestrator:  swarm
+
+Server:
+ Engine:
+  Version:      18.03.0-ce
+  API version:  1.37 (minimum version 1.12)
+  Go version:   go1.9.4
+  Git commit:   0520e24
+  Built:        Wed Mar 21 23:08:35 2018
+  OS/Arch:      linux/amd64
+  Experimental: false
+```
+]
+
+If this doesn't work, raise your hand so that an instructor can assist you!
+
+???
+
+:EN:Container concepts
+:FR:Premier contact avec les conteneurs
+
+:EN:- What's a container engine?
+:FR:- Qu'est-ce qu'un *container engine* ?
+
+
+---
+
+## Doing or re-doing the workshop on your own?
+
+- Use something like
+  [Play-With-Docker](http://play-with-docker.com/) or
+  [Play-With-Kubernetes](https://training.play-with-kubernetes.com/)
+
+  Zero setup effort; but environment are short-lived and
+  might have limited resources
+
+- Create your own cluster (local or cloud VMs)
+
+  Small setup effort; small cost; flexible environments
+
+- Create a bunch of clusters for you and your friends
+    ([instructions](https://@@GITREPO@@/tree/master/prepare-vms))
+
+  Bigger setup effort; ideal for group training
+
+---
+
+class: self-paced
+
+## Get your own Docker nodes
+
+- If you already have some Docker nodes: great!
+
+- If not: let's get some thanks to Play-With-Docker
+
+.lab[
+
+- Go to http://www.play-with-docker.com/
+
+- Log in
+
+- Create your first node
+
+<!-- ```open http://www.play-with-docker.com/``` -->
+
+]
+
+You will need a Docker ID to use Play-With-Docker.
+
+(Creating a Docker ID is free.)
+
+---
+
+## Terminals
+
+Once in a while, the instructions will say:
+<br/>"Open a new terminal."
+
+There are multiple ways to do this:
+
+- create a new window or tab on your machine, and SSH into the VM;
+
+- use screen or tmux on the VM and open a new window from there.
+
+You are welcome to use the method that you feel the most comfortable with.
+
+---
+
+## Tmux cheat sheet
+
+[Tmux](https://en.wikipedia.org/wiki/Tmux) is a terminal multiplexer like `screen`.
+
+*You don't have to use it or even know about it to follow along.
+<br/>
+But some of us like to use it to switch between terminals.
+<br/>
+It has been preinstalled on your workshop nodes.*
+
+- Ctrl-b c → creates a new window
+- Ctrl-b n → go to next window
+- Ctrl-b p → go to previous window
+- Ctrl-b " → split window top/bottom
+- Ctrl-b % → split window left/right
+- Ctrl-b Alt-1 → rearrange windows in columns
+- Ctrl-b Alt-2 → rearrange windows in rows
+- Ctrl-b arrows → navigate to other windows
+- Ctrl-b d → detach session
+- tmux attach → re-attach to session

slides/containers/Understanding_Images.md

@@ -0,0 +1,27 @@
+
+
+```bash
+$ docker run -it debian
+root@ef22f9437171:/# apt-get update
+
+root@ef22f9437171:/# apt-get install skopeo
+
+root@ef22f9437171:/# apt-get wget curl jq
+
+root@ef22f9437171:/# skopeo login docker.io -u containertraining -p testaccount
+
+$ docker commit $(docker ps -lq) skop
+```
+
+```bash
+root@0ab665194c4f:~# skopeo copy docker://docker.io/containertraining/test-image-0 dir:/root/test-image-0
+root@0ab665194c4f:~# cd /root/test-image-0
+root@0ab665194c4f:~# jq <manifest.json .layers[].digest
+```
+
+
+Stuff in Exploring-images
+    image-test-0/1/2 + jpg
+
+
+

slides/containers/exploring-images/Dockerfile.test-image-0

@@ -0,0 +1,20 @@
+FROM busybox
+
+ADD verifyImageFiles.sh /
+
+WORKDIR /play
+
+RUN echo "== LAYER 0 ==" && \
+    echo "A is for Aardvark" >A && \
+    echo "B is for Beetle" >B && \
+    mkdir C/ && \
+    echo "A is for Cowboy Allan" >C/CA && \
+    mkdir -p C/CB && \
+    echo "A is for Cowboy Buffalo Alex" >C/CB/CBA && \
+    echo "B is for Cowboy Buffalo Bill" >C/CB/CBB && \
+    echo "Z is for Cowboy Zeke" >> C/CZ && \
+    mkdir D/ && \
+    echo "A is for Detective Alisha" >D/DA && \
+    echo "B is for Detective Betty" >D/DB && \
+    echo "E is for Elephant" >E && \
+    find . >../state.layer-0

slides/containers/exploring-images/Dockerfile.test-image-1

@@ -0,0 +1,17 @@
+FROM test-image-0
+
+WORKDIR /play
+   
+RUN echo "== LAYER 1 ==  Change File B, Create File C/CC, Add Dir C/CD, Remove File E, Create Dir F, Add File G, Create Empty Dir H" && \
+    echo "B is for Butterfly" >B && \
+    echo "C is for Cowboy Chuck">C/CC && \
+    mkdir -p C/CD && \
+    echo "A is for Cowboy Dandy Austin" >C/CD/CDA && \
+    rm E && \
+    mkdir F && \
+    echo "A is for Ferret Albert" >F/FA  && \
+    echo "G is for Gorilla" >G && \
+    mkdir H && \
+    find . >../state.layer-1 
+
+

slides/containers/exploring-images/Dockerfile.test-image-2

@@ -0,0 +1,18 @@
+FROM test-image-1
+
+WORKDIR /play
+
+RUN echo "== LAYER 2 ==  Remove File C/CA, Remove Dir G, Remove Dir D / Replace with new Dir D, Remove Dir C/CB, Remove Dir C/CB, Remove Dir F, Add File G, Remove Dir H / Create File H" && \
+    rm C/CA  && \
+    rm -rf C/CB && \
+    echo "Z is for Cowboy Zoe" >> CZ && \
+    rm -rf D && \
+    mkdir -p D && \
+    echo "A is for Duplicitous Albatros" >D/DA && \
+    rm -rf F && \
+    rm G && \
+    echo "G is for Geccos" >G && \
+    rmdir H \
+    echo "H is for Human" >H && \
+    find . >../state.layer-2
+

slides/containers/exploring-images/testplan.sh

@@ -0,0 +1,87 @@
+clear
+
+baseDir=$(pwd)
+
+rm -rf /tmp/exploringImags
+
+mkdir -p /tmp/exploringImags
+
+cd /tmp/exploringImags
+
+
+echo "== LAYER 0 =="
+
+echo "A is for Aardvark" >A
+echo "B is for Beetle" >B
+
+mkdir C/
+echo "A is for Cowboy Allan" >C/CA
+
+mkdir -p C/CB
+echo "A is for Cowboy Buffalo Alex" >C/CB/CBA
+echo "B is for Cowboy Buffalo Bill" >C/CB/CBB
+
+echo "Z is for Cowboy Zeke" >C/CZ
+
+mkdir D/
+echo "A is for Detective Alisha" >D/DA
+echo "B is for Detective Betty" >D/DB
+
+echo "E is for Elephant" >E
+
+find . >../state.layer-0
+tree | grep -v directories | tee ../tree.layer-0
+
+$baseDir/verifyImageFiles.sh 0 $(pwd)
+
+
+echo "== LAYER 1 ==  Change File B, Create File C/CC, Add Dir C/CD, Remove File E, Create Dir F, Add File G, Create Empty Dir H"
+
+echo "B is for Butterfly" >B
+
+echo "C is for Cowboy Chuck">C/CC
+
+mkdir -p C/CD
+echo "A is for Cowboy Dandy Austin" >C/CD/CDA
+
+rm E
+
+mkdir F
+echo "A is for Ferret Albert" >F/FA 
+
+echo "G is for Gorilla" >G
+
+mkdir H
+
+find . >../state.layer-1
+tree | grep -v directories | tee ../tree.layer-1
+
+$baseDir/verifyImageFiles.sh 1 $(pwd)
+
+
+echo "== LAYER 2 ==  Remove File C/CA, Remove Dir G, Remove Dir D Replace with new Dir D, Remove Dir C/CB, Remove Dir C/CB, Add File H/HA, Add File, Create Dir I"
+
+rm C/CA 
+
+rm -rf C/CB
+
+echo "Z is for Cowboy Zoe" >C/CZ
+
+rm -rf D
+mkdir -p D
+echo "A is for Duplicitous Albatros" >D/DA
+
+rm -rf F
+
+rm -rf G
+echo "G is for Geccos" >G
+
+rmdir H
+echo "H is for Human" >H
+
+
+find . >../state.layer-2
+tree | grep -v directories | tee ../tree.layer-2
+
+$baseDir/verifyImageFiles.sh 2 $(pwd)
+

slides/containers/exploring-images/verifyImageFiles.sh

@@ -0,0 +1,88 @@
+
+fileContentsCompare() {
+    layer=$1
+    text=$2
+    file=$(pwd)/$3
+
+    if [ -f "$file" ]; then
+
+        fileContents=$(cat $file)
+
+        if [ "$fileContents" != "$text" ]; then
+            echo In Layer $layer Unexpected contents in file: $file
+            echo -- Contents: $fileContents
+            echo -- Expected: $text
+        fi
+    else 
+        echo Missing File $file in Layer $layer
+    fi
+}
+
+checkLayer() {
+    layer=$1
+
+    find . >/tmp/state
+
+
+    if [[ $(diff /tmp/state $targetDir/../state.layer-$layer) ]]; then
+      echo Directory Structure mismatch in layer: $layer 
+      diff /tmp/state $targetDir/../state.layer-$layer
+    fi
+
+    case $layer in
+        0)
+            fileContentsCompare $layer "A is for Aardvark" A
+            fileContentsCompare $layer "B is for Beetle" B
+            fileContentsCompare $layer "A is for Cowboy Allan" C/CA
+            fileContentsCompare $layer "A is for Cowboy Buffalo Alex" C/CB/CBA
+            fileContentsCompare $layer "B is for Cowboy Buffalo Bill" C/CB/CBB
+            fileContentsCompare $layer "Z is for Cowboy Zeke"  C/CZ
+            fileContentsCompare $layer "A is for Detective Alisha" D/DA
+            fileContentsCompare $layer "B is for Detective Betty" D/DB
+            fileContentsCompare $layer "E is for Elephant" E
+            ;;
+
+        # echo "== LAYER 1 ==  Change File B, Create File C/CC, Add Dir C/CD, Remove File E, Create Dir F, Add File G, Create Empty Dir H"
+        1)
+            fileContentsCompare $layer "A is for Aardvark" A
+            fileContentsCompare $layer "B is for Butterfly" B                       ## CHANGED FILE B
+            fileContentsCompare $layer "A is for Cowboy Allan" C/CA
+            fileContentsCompare $layer "A is for Cowboy Buffalo Alex" C/CB/CBA
+            fileContentsCompare $layer "B is for Cowboy Buffalo Bill" C/CB/CBB
+            fileContentsCompare $layer "C is for Cowboy Chuck" C/CC                 ## ADDED FILE C/CC
+            fileContentsCompare $layer "A is for Cowboy Dandy Austin" C/CD/CDA      ## ADDED DIR C/CD, ADDED FILE C/CD/CDA
+            fileContentsCompare $layer "Z is for Cowboy Zeke"  C/CZ
+            fileContentsCompare $layer "A is for Detective Alisha" D/DA
+            fileContentsCompare $layer "B is for Detective Betty" D/DB
+                                                                                    ## REMOVED FILE E
+            fileContentsCompare $layer "A is for Ferret Albert" F/FA                ## ADDED DIR F, ADDED FILE F/A
+            fileContentsCompare $layer "G is for Gorilla" G                         ## ADDED G
+                                                                                    ## CREATED EMPTY DIR H
+            ;;
+
+        # echo "== LAYER 2 ==  Remove File C/CA, Remove Dir C/CB, Remove Dir C/CB, Remove Dir D Replace with new Dir D, Delete and Recreatee File G, Add File H/HA Create Dir I"
+        2)  
+            fileContentsCompare $layer "A is for Aardvark" A
+            fileContentsCompare $layer "B is for Butterfly" B
+                                                                                    ## REMOVED FILE C/CA
+                                                                                    ## REMOVED DIR C/CB
+            fileContentsCompare $layer "C is for Cowboy Chuck" C/CC
+            fileContentsCompare $layer "A is for Cowboy Dandy Austin" C/CD/CDA
+            fileContentsCompare $layer "Z is for Cowboy Zoe"  C/CZ                     ## CHANGED FILE C/CZ
+                                                                                    ## REMOVE DIR D
+            fileContentsCompare $layer "A is for Duplicitous Albatros" D/DA         ## RECREATE DIR D, ADD FILE D/DA
+            fileContentsCompare $layer "G is for Geccos" G                          ## DELETED FILE G, ADDED FILE G (Implicit CHANGED)
+            fileContentsCompare $layer "H is for Human"  H                          ## ADDED FILE H
+            ;;
+
+    esac 
+}
+
+
+
+layer=$1
+targetDir=$2
+
+echo VERIFYING LAYER $layer
+
+checkLayer $layer

slides/containers/software-deployment.md

@@ -0,0 +1,120 @@
+# Container Based Software Deployment
+
+---
+
+class: pic
+
+
+![dummmy](containers/software-deployment/slide-1.jpg)	
+
+---
+
+class: pic
+
+
+![dummmy](containers/software-deployment/slide-2.jpg)	
+
+---
+
+class: pic
+
+
+![dummmy](containers/software-deployment/slide-3.jpg)	
+
+---
+
+class: pic
+
+
+![dummmy](containers/software-deployment/slide-4.jpg)	
+
+---
+
+class: pic
+
+
+![dummmy](containers/software-deployment/slide-5.jpg)	
+
+---
+
+class: pic
+
+
+![dummmy](containers/software-deployment/slide-6.jpg)
+
+---
+
+class: pic
+
+
+![dummmy](containers/software-deployment/slide-7.jpg)
+
+---
+
+class: pic
+
+
+![dummmy](containers/software-deployment/slide-8.jpg)
+
+---
+
+class: pic
+
+
+![dummmy](containers/software-deployment/slide-9.jpg)
+
+---
+
+class: pic
+
+
+![dummmy](containers/software-deployment/slide-10.jpg)
+
+---
+
+class: pic
+
+
+![dummmy](containers/software-deployment/slide-11.jpg)
+
+---
+
+class: pic
+
+
+![dummmy](containers/software-deployment/slide-12.jpg)
+
+---
+
+class: pic
+
+
+![dummmy](containers/software-deployment/slide-13.jpg)
+
+---
+
+class: pic
+
+
+![dummmy](containers/software-deployment/slide-14.jpg)
+
+---
+
+class: pic
+
+
+![dummmy](containers/software-deployment/slide-15.jpg)
+
+---
+
+class: pic
+
+
+![dummmy](containers/software-deployment/slide-16.jpg)
+
+---
+
+class: pic
+
+
+![dummmy](containers/software-deployment/slide-17.jpg)

slides/count-slides.py

@@ -1,75 +1,57 @@
 #!/usr/bin/env python
 import re
 import sys
-import yaml
-
-FIRST_SLIDE_MARKER = "name: toc-"
-PART_PREFIX = "part-"
-
-filename = sys.argv[1]
-if filename.endswith(".html"):
-    html_file = filename
-    yaml_file = filename[: -len(".html")]
-else:
-    html_file = filename + ".html"
-    yaml_file = filename
-excluded_classes = yaml.safe_load(open(yaml_file))["exclude"]
 
+PREFIX = "name: toc-"
+EXCLUDED = ["in-person"]
 
 class State(object):
     def __init__(self):
-        self.current_slide = -1
-        self.parts = {}
-
-    def end_section(self):
-        if state.section_title:
-            print(
-                "{0.section_start}\t{0.section_slides}\t{0.section_title}".format(self)
-            )
-        if self.section_part:
-            if self.section_part not in self.parts:
-                self.parts[self.section_part] = 0
-            self.parts[self.section_part] += self.section_slides
-
-    def new_section(self, slide):
-        # Normally, the title should be prefixed by a space
-        # (because section titles are first-level titles in markdown,
-        # e.g. "# Introduction", and markmaker removes the # but leaves
-        # the leading space).
+        self.current_slide = 1
         self.section_title = None
-        if "\n " in slide:
-            self.section_title = slide.split("\n ")[1].split("\n")[0]
-        toc_links = re.findall("\(#toc-(.*)\)", slide)
-        self.section_part = None
-        for toc_link in toc_links:
-            if toc_link.startswith(PART_PREFIX):
-                self.section_part = toc_link
-        self.section_start = self.current_slide
+        self.section_start = 0
         self.section_slides = 0
-
+        self.parts = {}
+        self.sections = {}
+    def show(self):
+        if self.section_title.startswith("part-"):
+            return
+        print("{0.section_title}\t{0.section_start}\t{0.section_slides}".format(self))
+        self.sections[self.section_title] = self.section_slides
 
 state = State()
-state.new_section("")
-print("{}\t{}\t{}".format("index", "size", "title"))
 
-for slide in open(html_file).read().split("\n---\n"):
-    excluded = False
-    for line in slide.split("\n"):
-        if line.startswith("class:"):
-            for klass in excluded_classes:
-                if klass in line.split():
-                    excluded = True
-    if excluded:
-        continue
-    if FIRST_SLIDE_MARKER in slide:
-        # A new section starts. Show info about the part that just ended.
-        state.end_section()
-        state.new_section(slide)
-    state.section_slides += 1
-    for sub_slide in slide.split("\n--\n"):
+title = None
+for line in open(sys.argv[1]):
+    line = line.rstrip()
+    if line.startswith(PREFIX):
+        if state.section_title is None:
+            print("{}\t{}\t{}".format("title", "index", "size"))
+        else:
+            state.show()
+        state.section_title = line[len(PREFIX):].strip()
+        state.section_start = state.current_slide
+        state.section_slides = 0
+    if line == "---":
         state.current_slide += 1
-else:
-    state.end_section()
+        state.section_slides += 1
+    if line == "--":
+        state.current_slide += 1
+    toc_links = re.findall("\(#toc-(.*)\)", line)
+    if toc_links and state.section_title.startswith("part-"):
+        if state.section_title not in state.parts:
+            state.parts[state.section_title] = []
+        state.parts[state.section_title].append(toc_links[0])
+    # This is really hackish
+    if line.startswith("class:"):
+        for klass in EXCLUDED:
+            if klass in line:
+                state.section_slides -= 1
+                state.current_slide -= 1
+
+state.show()
 
 for part in sorted(state.parts, key=lambda f: int(f.split("-")[1])):
-    print("{}\t{}\t{}".format(0, state.parts[part], "total size for " + part))
+    part_size = sum(state.sections[s] for s in state.parts[part])
+    print("{}\t{}\t{}".format("total size for", part, part_size))
+

slides/exercises/healthchecks-brief.md

@@ -4,6 +4,6 @@
 
   (we will use the `rng` service in the dockercoins app)
 
-- See what happens when the load increases
+- See what happens when the load increses
 
   (spoiler alert: it involves timeouts!)

slides/exercises/ingress-brief.md

@@ -2,7 +2,7 @@
 
 - Add an ingress controller to a Kubernetes cluster
 
-- Create an ingress resource for a couple of web apps on that cluster
+- Create an ingress resource for a web app on that cluster
 
 - Challenge: accessing/exposing port 80
 

slides/exercises/ingress-details.md

@@ -1,131 +1,49 @@
 # Exercise — Ingress
 
-- We want to expose a couple of web apps through an ingress controller
+- We want to expose a web app through an ingress controller
 
 - This will require:
 
-  - the web apps (e.g. two instances of `jpetazzo/color`)
+  - the web app itself (dockercoins, NGINX, whatever we want)
 
   - an ingress controller
 
+  - a domain name (`use \*.nip.io` or `\*.localdev.me`)
+
   - an ingress resource
 
 ---
 
-## Different scenarios
+## Goal
 
-We will use a different deployment mechanism depending on the cluster that we have:
+- We want to be able to access the web app using a URL like:
 
-- Managed cluster with working `LoadBalancer` Services
+  http://webapp.localdev.me
 
-- Local development cluster
+  *or*
 
-- Cluster without `LoadBalancer` Services (e.g. deployed with `kubeadm`)
+  http://webapp.A.B.C.D.nip.io
 
----
-
-## The apps
-
-- The web apps will be deployed similarly, regardless of the scenario
-
-- Let's start by deploying two web apps, e.g.:
-
-  a Deployment called `blue` and another called `green`, using image `jpetazzo/color`
-
-- Expose them with two `ClusterIP` Services
-
----
-
-## Scenario "classic cloud Kubernetes"
-
-*Difficulty: easy*
-
-For this scenario, we need a cluster with working `LoadBalancer` Services.
-
-(For instance, a managed Kubernetes cluster from a cloud provider.)
-
-We suggest to use "Ingress NGINX" with its default settings.
-
-It can be installed with `kubectl apply` or with `helm`.
-
-Both methods are described in [the documentation][ingress-nginx-deploy].
-
-We want our apps to be available on e.g. http://X.X.X.X/blue and http://X.X.X.X/green
-<br/>
-(where X.X.X.X is the IP address of the `LoadBalancer` allocated by Ingress NGINX).
-
-[ingress-nginx-deploy]: https://kubernetes.github.io/ingress-nginx/deploy/
-
----
-
-## Scenario "local development cluster"
-
-*Difficulty: easy-hard (depends on the type of cluster!)*
-
-For this scenario, we want to use a local cluster like KinD, minikube, etc.
-
-We suggest to use "Ingress NGINX" again, like for the previous scenario.
-
-Furthermore, we want to use `localdev.me`.
-
-We want our apps to be available on e.g. `blue.localdev.me` and `green.localdev.me`.
-
-The difficulty is to ensure that `localhost:80` will map to the ingress controller.
-
-(See next slide for hints!)
+  (where A.B.C.D is the IP address of one of our nodes)
 
 ---
 
 ## Hints
 
-- With clusters like Docker Desktop, the first `LoadBalancer` service uses `localhost`
+- For the ingress controller, we can use:
 
-  (if the ingress controller is the first `LoadBalancer` service, we're all set!)
+  - [ingress-nginx](https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/index.md)
 
-- With clusters like K3D and KinD, it is possible to define extra port mappings
+  - the [Traefik Helm chart](https://doc.traefik.io/traefik/getting-started/install-traefik/#use-the-helm-chart)
 
-  (and map e.g. `localhost:80` to port 30080 on the node; then use that as a `NodePort`)
+  - the container.training [Traefik DaemonSet](https://raw.githubusercontent.com/jpetazzo/container.training/main/k8s/traefik-v2.yaml)
 
----
+- If our cluster supports LoadBalancer Services: easy
 
-## Scenario "on premises cluster", take 1
+  (nothing special to do)
 
-*Difficulty: easy*
+- For local clusters, things can be more difficult; two options:
 
-For this scenario, we need a cluster with nodes that are publicly accessible.
+  - map localhost:80 to e.g. a NodePort service, and use `\*.localdev.me`
 
-We want to deploy the ingress controller so that it listens on port 80 on all nodes.
-
-This can be done e.g. with the manifests in @@LINK[k8s/traefik.yaml].
-
-We want our apps to be available on e.g. http://X.X.X.X/blue and http://X.X.X.X/green
-<br/>
-(where X.X.X.X is the IP address of any of our nodes).
-
----
-
-## Scenario "on premises cluster", take 2
-
-*Difficulty: medium*
-
-We want to deploy the ingress controller so that it listens on port 80 on all nodes.
-
-But this time, we want to use a Helm chart to install the ingress controller.
-
-We can use either the Ingress NGINX Helm chart, or the Traefik Helm chart.
-
-Test with an untainted node first.
-
-Feel free to make it work on tainted nodes (e.g. control plane nodes) later.
-
----
-
-## Scenario "on premises cluster", take 3
-
-*Difficulty: hard*
-
-This is similar to the previous scenario, but with two significant changes:
-
-1. We only want to run the ingress controller on nodes that have the role `ingress`.
-
-2. We don't want to use `hostNetwork`, but a list of `externalIPs` instead.
+  - use hostNetwork, or ExternalIP, and use `\*.nip.io`

slides/exercises/netpol-brief.md

@@ -1,7 +0,0 @@
-## Exercise — Network Policies
-
-- Implement a system with 3 levels of security
-
-  (private pods, public pods, namespace pods)
-
-- Apply it to the DockerCoins demo app

slides/exercises/netpol-details.md

@@ -1,63 +0,0 @@
-# Exercise — Network Policies
-
-We want to to implement a generic network security mechanism.
-
-Instead of creating one policy per service, we want to
-create a fixed number of policies, and use a single label
-to indicate the security level of our pods.
-
-Then, when adding a new service to the stack, instead
-of writing a new network policy for that service, we
-only need to add the right label to the pods of that service.
-
----
-
-## Specifications
-
-We will use the label `security` to classify our pods.
-
-- If `security=private`:
-
-  *the pod shouldn't accept any traffic*
-
-- If `security=public`:
-
-  *the pod should accept all traffic*
-
-- If `security=namespace`:
-
-  *the pod should only accept connections coming from the same namespace*
-
-If `security` isn't set, assume it's `private`.
-
----
-
-## Test setup
-
-- Deploy a copy of the DockerCoins app in a new namespace
-
-- Modify the pod templates so that:
-
-  - `webui` has `security=public`
-
-  - `worker` has `security=private`
-
-  - `hasher`, `redis`, `rng` have `security=namespace`
-
----
-
-## Implement and test policies
-
-- Write the network policies
-
-  (feel free to draw inspiration from the ones we've seen so far)
-
-- Check that:
-
-  - you can connect to the `webui` from outside the cluster
-
-  - the application works correctly (shows 3-4 hashes/second)
-
-  - you cannot connect to the `hasher`, `redis`, `rng` services
-
-  - you cannot connect or even ping the `worker` pods

slides/exercises/rbac-brief.md

@@ -1,9 +0,0 @@
-## Exercise — RBAC
-
-- Create two namespaces for users `alice` and `bob`
-
-- Give each user full access to their own namespace
-
-- Give each user read-only access to the other's namespace
-
-- Let `alice` view the nodes of the cluster as well

slides/exercises/rbac-details.md

@@ -1,97 +0,0 @@
-# Exercise — RBAC
-
-We want to:
-
-- Create two namespaces for users `alice` and `bob`
-
-- Give each user full access to their own namespace
-
-- Give each user read-only access to the other's namespace
-
-- Let `alice` view the nodes of the cluster as well
-
----
-
-## Initial setup
-
-- Create two namespaces named `alice` and `bob`
-
-- Check that if we impersonate Alice, we can't access her namespace yet:
-  ```bash
-  kubectl --as alice get pods --namespace alice
-  ```
-
----
-
-## Access for Alice
-
-- Grant Alice full access to her own namespace
-
-  (you can use a pre-existing Cluster Role)
-
-- Check that Alice can create stuff in her namespace:
-  ```bash
-  kubectl --as alice create deployment hello --image nginx --namespace alice
-  ```
-
-- But that she can't create stuff in Bob's namespace:
-  ```bash
-  kubectl --as alice create deployment hello --image nginx --namespace bob
-  ```
-
----
-
-## Access for Bob
-
-- Similarly, grant Bob full access to his own namespace
-
-- Check that Bob can create stuff in his namespace:
-  ```bash
-  kubectl --as bob create deployment hello --image nginx --namespace bob
-  ```
-
-- But that he can't create stuff in Alice's namespace:
-  ```bash
-  kubectl --as bob create deployment hello --image nginx --namespace alice
-  ```
-
----
-
-## Read-only access
-
-- Now, give Alice read-only access to Bob's namespace
-
-- Check that Alice can view Bob's stuff:
-  ```bash
-  kubectl --as alice get pods --namespace bob
-  ```
-
-- But that she can't touch this:
-  ```bash
-  kubectl --as alice delete pods --namespace bob --all
-  ```
-
-- Likewise, give Bob read-only access to Alice's namespace
-
----
-
-## Nodes
-
-- Give Alice read-only access to the cluster nodes
-
-  (this will require creating a custom Cluster Role)
-
-- Check that Alice can view the nodes:
-  ```bash
-  kubectl --as alice get nodes
-  ```
-
-- But that Bob cannot:
-  ```bash
-  kubectl --as bob get nodes
-  ```
-
-- And that Alice can't update nodes:
-  ```bash
-  kubectl --as alice label nodes --all hello=world
-  ```

slides/highfive.html

@@ -1,141 +0,0 @@
-<?xml version="1.0"?>
-<html>
-  <head>
-    <style>
-      td { 
-        background: #ccc; 
-        padding: 1em;
-      }
-</style>
-  </head>
-  <body>
-    <table>
-      <tr>
-        <td>Mardi 17 janvier 2023</td>
-        <td>
-          <a href="1.yml.html">Docker Intensif</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mercredi 18 janvier 2023</td>
-        <td>
-          <a href="1.yml.html">Docker Intensif</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Jeudi 19 janvier 2023</td>
-        <td>
-          <a href="1.yml.html">Docker Intensif</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Vendredi 20 janvier 2023</td>
-        <td>
-          <a href="1.yml.html">Docker Intensif</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mardi 24 janvier 2023</td>
-        <td>
-          <a href="2.yml.html">Fondamentaux Kubernetes (groupe A)</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mercredi 25 janvier 2023</td>
-        <td>
-          <a href="2.yml.html">Fondamentaux Kubernetes (groupe A)</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Jeudi 26 janvier 2023</td>
-        <td>
-          <a href="2.yml.html">Fondamentaux Kubernetes (groupe A)</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Vendredi 27 janvier 2023</td>
-        <td>
-          <a href="2.yml.html">Fondamentaux Kubernetes (groupe A)</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mardi 7 février 2023</td>
-        <td>
-          <a href="2.yml.html">Fondamentaux Kubernetes (groupe B)</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mercredi 8 février 2023</td>
-        <td>
-          <a href="2.yml.html">Fondamentaux Kubernetes (groupe B)</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Jeudi 9 février 2023</td>
-        <td>
-          <a href="2.yml.html">Fondamentaux Kubernetes (groupe B)</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Vendredi 10 février 2023</td>
-        <td>
-          <a href="2.yml.html">Fondamentaux Kubernetes (groupe B)</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mardi 6 février 2023</td>
-        <td>
-          <a href="4.yml.html">Kubernetes Avancé</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mercredi 7 février 2023</td>
-        <td>
-          <a href="4.yml.html">Kubernetes Avancé</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Jeudi 8 février 2023</td>
-        <td>
-          <a href="4.yml.html">Kubernetes Avancé</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Vendredi 9 février 2023</td>
-        <td>
-          <a href="4.yml.html">Kubernetes Avancé</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Lundi 13 février 2023</td>
-        <td>
-          <a href="3.yml.html">Packaging d'applications pour Kubernetes</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mardi 14 février 2023</td>
-        <td>
-          <a href="3.yml.html">Packaging d'applications pour Kubernetes</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mercredi 15 février 2023</td>
-        <td>
-          <a href="3.yml.html">Packaging d'applications pour Kubernetes</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Jeudi 16 février 2023</td>
-        <td>
-          <a href="5.yml.html">Opérer Kubernetes</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Vendredi 17 février 2023</td>
-        <td>
-          <a href="5.yml.html">Opérer Kubernetes</a>
-        </td>
-      </tr>
-    </table>
-  </body>
-</html>

slides/interstitials.txt

@@ -13,4 +13,3 @@ https://gallant-turing-d0d520.netlify.com/containers/train-of-containers-1.jpg
 https://gallant-turing-d0d520.netlify.com/containers/train-of-containers-2.jpg
 https://gallant-turing-d0d520.netlify.com/containers/two-containers-on-a-truck.jpg
 https://gallant-turing-d0d520.netlify.com/containers/wall-of-containers.jpeg
-https://gallant-turing-d0d520.netlify.com/containers/catene-de-conteneurs.jpg

slides/k8s/alias-and-references.md

@@ -0,0 +1,46 @@
+
+
+# External References && kubectl Aliases
+
+Class Slides:    https://2022-09-nr1.container.training/
+    
+Kubectl Cheat Sheet:    https://kubernetes.io/docs/reference/kubectl/cheatsheet/
+
+Kubernetes API Object and kubectl Explorers
+
+-   https://github.com/GerrySeidman/Kubernetes-Explorer
+
+Gerry Kubernetes Storage Converence Talks
+
+-   Vault '20:     https://www.usenix.org/conference/vault20/presentation/seidman
+- Data and Dev '21:  https://www.youtube.com/watch?v=k_8rWPwJ_38
+
+Gerry Seidman’s Info
+
+- gerry.seidman@ardanlabs.com
+- https://www.linkedin.com/in/gerryseidman/
+
+
+---
+
+## Kubectl Aliases
+
+```bash
+alias k='kubectl'
+alias kg='kubectl get'
+alias kl='kubectl logs'
+alias ka='kubectl apply -f'
+alias kd='kubectl delete'
+alias kdf='kubectl delete -f'
+alias kb='kubectl describe'
+alias kex='kubectl explain'
+alias kx='kubectl expose'
+alias kr='kubectl run'
+alias ke='kubectl edit'
+```     
+Note the below is only because of a quirk in how the lab VMs were installed:
+```bash
+echo 'kubectl exec -it $1 -- /bin/sh'  >kx
+chmod +x kx
+sudo mv kx /usr/local/bin/kx
+```

slides/k8s/authn-authz.md

@@ -246,7 +246,7 @@ class: extra-details
 
   (they don't require hand-editing a file and restarting the API server)
 
-- A service account can be associated with a set of secrets
+- A service account is associated with a set of secrets
 
   (the kind that you can view with `kubectl get secrets`)
 
@@ -256,28 +256,6 @@ class: extra-details
 
 ---
 
-## Service account tokens evolution
-
-- In Kubernetes 1.21 and above, pods use *bound service account tokens*:
-
-  - these tokens are *bound* to a specific object (e.g. a Pod)
-
-  - they are automatically invalidated when the object is deleted
-
-  - these tokens also expire quickly (e.g. 1 hour) and gets rotated automatically
-
-- In Kubernetes 1.24 and above, unbound tokens aren't created automatically
-
-  - before 1.24, we would see unbound tokens with `kubectl get secrets`
-
-  - with 1.24 and above, these tokens can be created with `kubectl create token`
-
-  - ...or with a Secret with the right [type and annotation][create-token]
-
-[create-token]: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#create-token
-
----
-
 class: extra-details
 
 ## Checking our authentication method
@@ -412,10 +390,6 @@ class: extra-details
 
 It should be named `default-token-XXXXX`.
 
-When running Kubernetes 1.24 and above, this Secret won't exist.
-<br/>
-Instead, create a token with `kubectl create token default`.
-
 ---
 
 class: extra-details

slides/k8s/bootstrap.md

@@ -202,9 +202,7 @@ class: extra-details
 
 - These are JWS signatures using HMAC-SHA256
 
-  (see [the reference documentation][configmap-signing] for more details)
-
-[configmap-signing]: https://kubernetes.io/docs/reference/access-authn-authz/bootstrap-tokens/#configmap-signing
+  (see [here](https://kubernetes.io/docs/reference/access-authn-authz/bootstrap-tokens/#configmap-signing) for more details)
 
 ---
 

slides/k8s/cluster-autoscaler.md

@@ -48,7 +48,7 @@
 
 - We must run nodes on a supported infrastructure
 
-- Check the [GitHub repo][autoscaler-providers] for a non-exhaustive list of supported providers
+- See [here] for a non-exhaustive list of supported providers
 
 - Sometimes, the cluster autoscaler is installed automatically
 
@@ -58,7 +58,7 @@
 
   (which is often non-trivial and highly provider-specific)
 
-[autoscaler-providers]: https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler/cloudprovider
+[here]: https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler/cloudprovider
 
 ---
 

slides/k8s/cluster-sizing.md

@@ -138,7 +138,7 @@ class: extra-details
 
 - The Cluster Autoscaler only supports a few cloud infrastructures
 
-  (see the [kubernetes/autoscaler repo][kubernetes-autoscaler-repo] for a list)
+  (see [here](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler/cloudprovider) for a list)
 
 - The Cluster Autoscaler cannot scale down nodes that have pods using:
 
@@ -148,8 +148,6 @@ class: extra-details
 
   - a restrictive PodDisruptionBudget
 
-[kubernetes-autoscaler-repo]: https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler/cloudprovider
-
 ---
 
 ## Other way to do capacity planning