💥 HighFive Fall 2021 content update

2026-03-02 01:10:20 +00:00 · 2021-11-18 18:25:46 +01:00
576 changed files with 11112 additions and 26658 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -2,15 +2,17 @@
 *.swp
 *~

-**/terraform.tfstate
-**/terraform.tfstate.backup
-prepare-labs/terraform/lab-environments
-prepare-labs/terraform/many-kubernetes/one-kubernetes-config/config.tf
-prepare-labs/terraform/many-kubernetes/one-kubernetes-module/*.tf
-prepare-labs/terraform/tags
-prepare-labs/terraform/virtual-machines/openstack/*.tfvars
-prepare-labs/terraform/virtual-machines/proxmox/*.tfvars
-prepare-labs/www
+prepare-vms/tags
+prepare-vms/infra
+prepare-vms/www
+
+prepare-tf/.terraform*
+prepare-tf/terraform.*
+prepare-tf/stage2/*.tf
+prepare-tf/stage2/kubeconfig.*
+prepare-tf/stage2/.terraform*
+prepare-tf/stage2/terraform.*
+prepare-tf/stage2/externalips.*

 slides/*.yml.html
 slides/autopilot/state.yaml
@@ -30,4 +32,3 @@ node_modules
 Thumbs.db
 ehthumbs.db
 ehthumbs_vista.db
-
--- a/compose/frr-route-reflector/conf/zebra.conf
+++ b/compose/frr-route-reflector/conf/zebra.conf
@@ -1,3 +1,2 @@
 hostname frr
-ip nht resolve-via-default
 log stdout
--- a/compose/frr-route-reflector/docker-compose.yaml
+++ b/compose/frr-route-reflector/docker-compose.yaml
@@ -2,36 +2,30 @@ version: "3"

 services:
  bgpd:
-    image: frrouting/frr:v8.2.2
+    image: ajones17/frr:662
    volumes:
    - ./conf:/etc/frr
    - ./run:/var/run/frr
    network_mode: host
-    cap_add:
-    - NET_ADMIN
-    - SYS_ADMIN
-    entrypoint: /usr/lib/frr/bgpd -f /etc/frr/bgpd.conf --log=stdout --log-level=debug --no_kernel --no_zebra
+    entrypoint: /usr/lib/frr/bgpd -f /etc/frr/bgpd.conf --log=stdout --log-level=debug --no_kernel
    restart: always

  zebra:
-    image: frrouting/frr:v8.2.2
+    image: ajones17/frr:662
    volumes:
    - ./conf:/etc/frr
    - ./run:/var/run/frr
    network_mode: host
-    cap_add:
-    - NET_ADMIN
-    - SYS_ADMIN
    entrypoint: /usr/lib/frr/zebra -f /etc/frr/zebra.conf --log=stdout --log-level=debug
    restart: always

  vtysh:
-    image: frrouting/frr:v8.2.2
+    image: ajones17/frr:662
    volumes:
    - ./conf:/etc/frr
    - ./run:/var/run/frr
    network_mode: host
-    entrypoint: vtysh
+    entrypoint: vtysh -c "show ip bgp"

  chmod:
    image: alpine
--- a/dockercoins/Tiltfile
+++ b/dockercoins/Tiltfile
@@ -1,72 +1,14 @@
-# (1) Setting up a registry, and telling Tilt to use it.
-
-# Tilt needs a registry to store images.
-
-# The following manifest defines a Deployment to run a basic Docker registry,
-# and a NodePort Service to access it. Using a NodePort means that we don't
-# need to obtain a TLS certificate, because we will be accessing the registry
-# through localhost.
 k8s_yaml('../k8s/tilt-registry.yaml')
-
-# Tell Tilt to use the registry that we just deployed instead of whatever
-# is defined in our Kubernetes resources. Tilt will patch image names to
-# use our registry.
 default_registry('localhost:30555')
-
-# Create a port forward so that we can access the registry from our local
-# environment, too. Note that if you run Tilt directly from a Kubernetes node
-# (which is not typical, but might happen in some lab/training environments)
-# the following might cause an error because port 30555 is already taken.
-k8s_resource(workload='tilt-registry', port_forwards='30555:5000')
-
-# (2) Telling Tilt how to build and run our app.
-
-# The following two lines will use the kubectl-build plugin
-# to leverage buildkit and build the images in our Kubernetes
-# cluster. This is not enabled by default, because it requires
-# the plugin to be installed.
-# See https://github.com/vmware-tanzu/buildkit-cli-for-kubectl
-# for more information about this plugin.
-#load('ext://kubectl_build', 'kubectl_build')
-#docker_build = kubectl_build
-
-# Our Kubernetes manifests use images 'dockercoins/...' so we tell Tilt
-# how each of these images should be built. The first argument is the name
-# of the image, the second argument is the directory containing the build
-# context (i.e. the Dockerfile to build the image).
 docker_build('dockercoins/hasher', 'hasher')
 docker_build('dockercoins/rng', 'rng')
 docker_build('dockercoins/webui', 'webui')
 docker_build('dockercoins/worker', 'worker')
-
-# The following manifests defines five Deployments and four Services for
-# our application.
 k8s_yaml('../k8s/dockercoins.yaml')

-# (3) Finishing touches.
+# Uncomment the following line to let tilt run with the default kubeadm cluster-admin context.
+#allow_k8s_contexts('kubernetes-admin@kubernetes')

-# The following line lets Tilt run with the default kubeadm cluster-admin context.
-allow_k8s_contexts('kubernetes-admin@kubernetes')
-
-# Note: the whole section below (to set up ngrok tunnels) is disabled,
-# because ngrok now requires to set up an account to serve HTML
-# content. So we can still use ngrok for e.g. webhooks and "raw" APIs,
-# but not to serve web pages like the Tilt UI.
-
-# # This will run an ngrok tunnel to expose Tilt to the outside world.
-# # This is intended to be used when Tilt runs on a remote machine.
-# local_resource(name='ngrok:tunnel', serve_cmd='ngrok http 10350')
-
-# # This will wait until the ngrok tunnel is up, and show its URL to the user.
-# # We send the output to /dev/tty so that it doesn't get intercepted by
-# # Tilt, and gets displayed to the user's terminal instead.
-# # Note: this assumes that the ngrok instance will be running on port 4040.
-# # If you have other ngrok instances running on the machine, this might not work.
-# local_resource(name='ngrok:showurl', cmd='''
-#   while sleep 1; do
-#     TUNNELS=$(curl -fsSL http://localhost:4040/api/tunnels | jq -r .tunnels[].public_url)
-#     [ "$TUNNELS" ] && break
-#   done
-#   printf "\nYou should be able to connect to the Tilt UI with the following URL(s): %s\n" "$TUNNELS" >/dev/tty
-#   '''
-# )
+# While we're here: if you're controlling a remote cluster, uncomment that line.
+# It will create a port forward so that you can access the remote registry.
+#k8s_resource(workload='registry', port_forwards='30555:5000')
--- a/dockercoins/hasher/Dockerfile
+++ b/dockercoins/hasher/Dockerfile
@@ -1,6 +1,6 @@
 FROM ruby:alpine
 RUN apk add --update build-base curl
-RUN gem install sinatra --version '~> 3'
+RUN gem install sinatra
 RUN gem install thin
 ADD hasher.rb /
 CMD ["ruby", "hasher.rb"]
--- a/dockercoins/webui/Dockerfile
+++ b/dockercoins/webui/Dockerfile
@@ -1,6 +1,6 @@
 FROM node:4-slim
 RUN npm install express
-RUN npm install redis@3
+RUN npm install redis
 COPY files/ /files/
 COPY webui.js /
 CMD ["node", "webui.js"]
--- a/k8s/consul-1.yaml
+++ b/k8s/consul-1.yaml
@@ -3,12 +3,6 @@
 # - no actual persistence
 # - scaling down to 1 will break the cluster
 # - pods may be colocated
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: consul
---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -34,6 +28,11 @@ subjects:
    name: consul
 ---
 apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: consul
+---
+apiVersion: v1
 kind: Service
 metadata:
  name: consul
@@ -62,7 +61,7 @@ spec:
      serviceAccountName: consul
      containers:
        - name: consul
-          image: "consul:1.11"
+          image: "consul:1.8"
          env:
            - name: NAMESPACE
              valueFrom:
--- a/k8s/consul-2.yaml
+++ b/k8s/consul-2.yaml
@@ -2,12 +2,6 @@
 # There is still no actual persistence, but:
 # - podAntiaffinity prevents pod colocation
 # - clusters works when scaling down to 1 (thanks to lifecycle hook)
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: consul
---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -33,6 +27,11 @@ subjects:
    name: consul
 ---
 apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: consul
+---
+apiVersion: v1
 kind: Service
 metadata:
  name: consul
@@ -69,7 +68,7 @@ spec:
      terminationGracePeriodSeconds: 10
      containers:
        - name: consul
-          image: "consul:1.11"
+          image: "consul:1.8"
          env:
            - name: NAMESPACE
              valueFrom:
--- a/k8s/consul-3.yaml
+++ b/k8s/consul-3.yaml
@@ -1,11 +1,5 @@
 # Even better Consul cluster.
 # That one uses a volumeClaimTemplate to achieve true persistence.
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: consul
---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -31,6 +25,11 @@ subjects:
    name: consul
 ---
 apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: consul
+---
+apiVersion: v1
 kind: Service
 metadata:
  name: consul
@@ -76,7 +75,7 @@ spec:
      terminationGracePeriodSeconds: 10
      containers:
        - name: consul
-          image: "consul:1.11"
+          image: "consul:1.8"
          volumeMounts:
            - name: data
              mountPath: /consul/data
--- a/k8s/dashboard-insecure.yaml
+++ b/k8s/dashboard-insecure.yaml
@@ -9,273 +9,377 @@ metadata:
 spec: {}
 status: {}
 ---
+---
+# Source: kubernetes-dashboard/templates/serviceaccount.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  annotations: null
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
 ---
+# Source: kubernetes-dashboard/templates/secret.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# kubernetes-dashboard-certs
 apiVersion: v1
 kind: Secret
 metadata:
-  annotations: null
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
  name: kubernetes-dashboard-certs
-  namespace: kubernetes-dashboard
 type: Opaque
 ---
+# Source: kubernetes-dashboard/templates/secret.yaml
+# kubernetes-dashboard-csrf
 apiVersion: v1
 kind: Secret
 metadata:
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
  name: kubernetes-dashboard-csrf
-  namespace: kubernetes-dashboard
 type: Opaque
 ---
+# Source: kubernetes-dashboard/templates/secret.yaml
+# kubernetes-dashboard-key-holder
 apiVersion: v1
 kind: Secret
 metadata:
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
  name: kubernetes-dashboard-key-holder
-  namespace: kubernetes-dashboard
 type: Opaque
 ---
+# Source: kubernetes-dashboard/templates/configmap.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: v1
-data: null
 kind: ConfigMap
 metadata:
-  annotations: null
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
  name: kubernetes-dashboard-settings
-  namespace: kubernetes-dashboard
+data:
 ---
-apiVersion: rbac.authorization.k8s.io/v1
+# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  annotations: null
+  name: "kubernetes-dashboard-metrics"
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: kubernetes-dashboard-metrics
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
 rules:
- apiGroups:
-  - metrics.k8s.io
-  resources:
-  - pods
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
+  # Allow Metrics Scraper to get metrics from the Metrics server
+  - apiGroups: ["metrics.k8s.io"]
+    resources: ["pods", "nodes"]
+    verbs: ["get", "list", "watch"]
 ---
+# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  annotations: null
+  name: "kubernetes-dashboard-metrics"
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: kubernetes-dashboard-metrics
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubernetes-dashboard-metrics
 subjects:
- kind: ServiceAccount
-  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
+  - kind: ServiceAccount
+    name: kubernetes-dashboard
+    namespace: kubernetes-dashboard
 ---
+# Source: kubernetes-dashboard/templates/role.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  annotations: null
-  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/name: kubernetes-dashboard
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
 rules:
- apiGroups:
-  - ""
-  resourceNames:
-  - kubernetes-dashboard-key-holder
-  - kubernetes-dashboard-certs
-  - kubernetes-dashboard-csrf
-  resources:
-  - secrets
-  verbs:
-  - get
-  - update
-  - delete
- apiGroups:
-  - ""
-  resourceNames:
-  - kubernetes-dashboard-settings
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - update
- apiGroups:
-  - ""
-  resourceNames:
-  - heapster
-  - dashboard-metrics-scraper
-  resources:
-  - services
-  verbs:
-  - proxy
- apiGroups:
-  - ""
-  resourceNames:
-  - heapster
-  - 'http:heapster:'
-  - 'https:heapster:'
-  - dashboard-metrics-scraper
-  - http:dashboard-metrics-scraper
-  resources:
-  - services/proxy
-  verbs:
-  - get
+    # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
+  - apiGroups: [""]
+    resources: ["secrets"]
+    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
+    verbs: ["get", "update", "delete"]
+    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    resourceNames: ["kubernetes-dashboard-settings"]
+    verbs: ["get", "update"]
+    # Allow Dashboard to get metrics.
+  - apiGroups: [""]
+    resources: ["services"]
+    resourceNames: ["heapster", "dashboard-metrics-scraper"]
+    verbs: ["proxy"]
+  - apiGroups: [""]
+    resources: ["services/proxy"]
+    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
+    verbs: ["get"]
 ---
+# Source: kubernetes-dashboard/templates/rolebinding.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  annotations: null
-  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/name: kubernetes-dashboard
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard
 subjects:
- kind: ServiceAccount
-  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
+  - kind: ServiceAccount
+    name: kubernetes-dashboard
+    namespace: kubernetes-dashboard
 ---
+# Source: kubernetes-dashboard/templates/service.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: v1
 kind: Service
 metadata:
-  annotations: null
-  labels:
-    app.kubernetes.io/component: kubernetes-dashboard
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-    kubernetes.io/cluster-service: "true"
  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
-spec:
-  ports:
-  - name: http
-    port: 443
-    targetPort: http
-  selector:
-    app.kubernetes.io/component: kubernetes-dashboard
-    app.kubernetes.io/instance: kubernetes-dashboard
+  labels:
    app.kubernetes.io/name: kubernetes-dashboard
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: kubernetes-dashboard
+    kubernetes.io/cluster-service: "true"
+spec:
  type: NodePort
+  ports:
+  - port: 443
+    targetPort: http
+    name: http
+  selector:
+    app.kubernetes.io/name: kubernetes-dashboard
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/component: kubernetes-dashboard
 ---
+# Source: kubernetes-dashboard/templates/deployment.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  annotations: null
-  labels:
-    app.kubernetes.io/component: kubernetes-dashboard
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/name: kubernetes-dashboard
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: kubernetes-dashboard
 spec:
  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: kubernetes-dashboard
-      app.kubernetes.io/instance: kubernetes-dashboard
-      app.kubernetes.io/name: kubernetes-dashboard
  strategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
    type: RollingUpdate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: kubernetes-dashboard
+      app.kubernetes.io/instance: kubernetes-dashboard
+      app.kubernetes.io/component: kubernetes-dashboard
  template:
    metadata:
-      annotations: null
      labels:
-        app.kubernetes.io/component: kubernetes-dashboard
-        app.kubernetes.io/instance: kubernetes-dashboard
-        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/name: kubernetes-dashboard
-        app.kubernetes.io/version: 2.7.0
-        helm.sh/chart: kubernetes-dashboard-6.0.0
+        helm.sh/chart: kubernetes-dashboard-5.0.2
+        app.kubernetes.io/instance: kubernetes-dashboard
+        app.kubernetes.io/version: "2.3.1"
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/component: kubernetes-dashboard
    spec:
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: kubernetes-dashboard
      containers:
-      - args:
-        - --namespace=kubernetes-dashboard
-        - --sidecar-host=http://127.0.0.1:8000
-        - --enable-skip-login
-        - --enable-insecure-login
-        image: kubernetesui/dashboard:v2.7.0
+      - name: kubernetes-dashboard
+        image: "kubernetesui/dashboard:v2.3.1"
        imagePullPolicy: IfNotPresent
+        args:
+          - --namespace=kubernetes-dashboard
+          - --metrics-provider=none
+          - --enable-skip-login
+          - --enable-insecure-login
+        ports:
+        - name: http
+          containerPort: 9090
+          protocol: TCP
+        volumeMounts:
+        - name: kubernetes-dashboard-certs
+          mountPath: /certs
+          # Create on-disk volume to store exec logs
+        - mountPath: /tmp
+          name: tmp-volume
        livenessProbe:
          httpGet:
+            scheme: HTTP
            path: /
            port: 9090
-            scheme: HTTP
          initialDelaySeconds: 30
          timeoutSeconds: 30
-        name: kubernetes-dashboard
-        ports:
-        - containerPort: 9090
-          name: http
-          protocol: TCP
        resources:
          limits:
            cpu: 2
@@ -288,42 +392,102 @@ spec:
          readOnlyRootFilesystem: true
          runAsGroup: 2001
          runAsUser: 1001
-        volumeMounts:
-        - mountPath: /certs
-          name: kubernetes-dashboard-certs
-        - mountPath: /tmp
-          name: tmp-volume
-      - image: kubernetesui/metrics-scraper:v1.0.8
-        imagePullPolicy: IfNotPresent
-        livenessProbe:
-          httpGet:
-            path: /
-            port: 8000
-            scheme: HTTP
-          initialDelaySeconds: 30
-          timeoutSeconds: 30
-        name: dashboard-metrics-scraper
-        ports:
-        - containerPort: 8000
-          protocol: TCP
-        securityContext:
-          allowPrivilegeEscalation: false
-          readOnlyRootFilesystem: true
-          runAsGroup: 2001
-          runAsUser: 1001
-        volumeMounts:
-        - mountPath: /tmp
-          name: tmp-volume
-      securityContext:
-        seccompProfile:
-          type: RuntimeDefault
-      serviceAccountName: kubernetes-dashboard
      volumes:
      - name: kubernetes-dashboard-certs
        secret:
          secretName: kubernetes-dashboard-certs
-      - emptyDir: {}
-        name: tmp-volume
+      - name: tmp-volume
+        emptyDir: {}
+---
+# Source: kubernetes-dashboard/templates/clusterrole-readonly.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+# Source: kubernetes-dashboard/templates/clusterrolebinding-readonly.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+# Source: kubernetes-dashboard/templates/ingress.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+# Source: kubernetes-dashboard/templates/networkpolicy.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+# Source: kubernetes-dashboard/templates/pdb.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+# Source: kubernetes-dashboard/templates/psp.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
--- a/k8s/dashboard-recommended.yaml
+++ b/k8s/dashboard-recommended.yaml
@@ -9,272 +9,376 @@ metadata:
 spec: {}
 status: {}
 ---
+---
+# Source: kubernetes-dashboard/templates/serviceaccount.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  annotations: null
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
 ---
+# Source: kubernetes-dashboard/templates/secret.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# kubernetes-dashboard-certs
 apiVersion: v1
 kind: Secret
 metadata:
-  annotations: null
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
  name: kubernetes-dashboard-certs
-  namespace: kubernetes-dashboard
 type: Opaque
 ---
+# Source: kubernetes-dashboard/templates/secret.yaml
+# kubernetes-dashboard-csrf
 apiVersion: v1
 kind: Secret
 metadata:
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
  name: kubernetes-dashboard-csrf
-  namespace: kubernetes-dashboard
 type: Opaque
 ---
+# Source: kubernetes-dashboard/templates/secret.yaml
+# kubernetes-dashboard-key-holder
 apiVersion: v1
 kind: Secret
 metadata:
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
  name: kubernetes-dashboard-key-holder
-  namespace: kubernetes-dashboard
 type: Opaque
 ---
+# Source: kubernetes-dashboard/templates/configmap.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: v1
-data: null
 kind: ConfigMap
 metadata:
-  annotations: null
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
  name: kubernetes-dashboard-settings
-  namespace: kubernetes-dashboard
+data:
 ---
-apiVersion: rbac.authorization.k8s.io/v1
+# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  annotations: null
+  name: "kubernetes-dashboard-metrics"
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: kubernetes-dashboard-metrics
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
 rules:
- apiGroups:
-  - metrics.k8s.io
-  resources:
-  - pods
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
+  # Allow Metrics Scraper to get metrics from the Metrics server
+  - apiGroups: ["metrics.k8s.io"]
+    resources: ["pods", "nodes"]
+    verbs: ["get", "list", "watch"]
 ---
+# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  annotations: null
+  name: "kubernetes-dashboard-metrics"
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: kubernetes-dashboard-metrics
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubernetes-dashboard-metrics
 subjects:
- kind: ServiceAccount
-  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
+  - kind: ServiceAccount
+    name: kubernetes-dashboard
+    namespace: kubernetes-dashboard
 ---
+# Source: kubernetes-dashboard/templates/role.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  annotations: null
-  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/name: kubernetes-dashboard
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
 rules:
- apiGroups:
-  - ""
-  resourceNames:
-  - kubernetes-dashboard-key-holder
-  - kubernetes-dashboard-certs
-  - kubernetes-dashboard-csrf
-  resources:
-  - secrets
-  verbs:
-  - get
-  - update
-  - delete
- apiGroups:
-  - ""
-  resourceNames:
-  - kubernetes-dashboard-settings
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - update
- apiGroups:
-  - ""
-  resourceNames:
-  - heapster
-  - dashboard-metrics-scraper
-  resources:
-  - services
-  verbs:
-  - proxy
- apiGroups:
-  - ""
-  resourceNames:
-  - heapster
-  - 'http:heapster:'
-  - 'https:heapster:'
-  - dashboard-metrics-scraper
-  - http:dashboard-metrics-scraper
-  resources:
-  - services/proxy
-  verbs:
-  - get
+    # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
+  - apiGroups: [""]
+    resources: ["secrets"]
+    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
+    verbs: ["get", "update", "delete"]
+    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    resourceNames: ["kubernetes-dashboard-settings"]
+    verbs: ["get", "update"]
+    # Allow Dashboard to get metrics.
+  - apiGroups: [""]
+    resources: ["services"]
+    resourceNames: ["heapster", "dashboard-metrics-scraper"]
+    verbs: ["proxy"]
+  - apiGroups: [""]
+    resources: ["services/proxy"]
+    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
+    verbs: ["get"]
 ---
+# Source: kubernetes-dashboard/templates/rolebinding.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  annotations: null
-  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/name: kubernetes-dashboard
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard
 subjects:
- kind: ServiceAccount
-  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
+  - kind: ServiceAccount
+    name: kubernetes-dashboard
+    namespace: kubernetes-dashboard
 ---
+# Source: kubernetes-dashboard/templates/service.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: v1
 kind: Service
 metadata:
-  annotations: null
-  labels:
-    app.kubernetes.io/component: kubernetes-dashboard
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-    kubernetes.io/cluster-service: "true"
  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
-spec:
-  ports:
-  - name: https
-    port: 443
-    targetPort: https
-  selector:
-    app.kubernetes.io/component: kubernetes-dashboard
-    app.kubernetes.io/instance: kubernetes-dashboard
+  labels:
    app.kubernetes.io/name: kubernetes-dashboard
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: kubernetes-dashboard
+    kubernetes.io/cluster-service: "true"
+spec:
  type: ClusterIP
+  ports:
+  - port: 443
+    targetPort: https
+    name: https
+  selector:
+    app.kubernetes.io/name: kubernetes-dashboard
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/component: kubernetes-dashboard
 ---
+# Source: kubernetes-dashboard/templates/deployment.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  annotations: null
-  labels:
-    app.kubernetes.io/component: kubernetes-dashboard
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/name: kubernetes-dashboard
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: kubernetes-dashboard
 spec:
  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: kubernetes-dashboard
-      app.kubernetes.io/instance: kubernetes-dashboard
-      app.kubernetes.io/name: kubernetes-dashboard
  strategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
    type: RollingUpdate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: kubernetes-dashboard
+      app.kubernetes.io/instance: kubernetes-dashboard
+      app.kubernetes.io/component: kubernetes-dashboard
  template:
    metadata:
-      annotations: null
      labels:
-        app.kubernetes.io/component: kubernetes-dashboard
-        app.kubernetes.io/instance: kubernetes-dashboard
-        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/name: kubernetes-dashboard
-        app.kubernetes.io/version: 2.7.0
-        helm.sh/chart: kubernetes-dashboard-6.0.0
+        helm.sh/chart: kubernetes-dashboard-5.0.2
+        app.kubernetes.io/instance: kubernetes-dashboard
+        app.kubernetes.io/version: "2.3.1"
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/component: kubernetes-dashboard
    spec:
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: kubernetes-dashboard
      containers:
-      - args:
-        - --namespace=kubernetes-dashboard
-        - --auto-generate-certificates
-        - --sidecar-host=http://127.0.0.1:8000
-        image: kubernetesui/dashboard:v2.7.0
+      - name: kubernetes-dashboard
+        image: "kubernetesui/dashboard:v2.3.1"
        imagePullPolicy: IfNotPresent
+        args:
+          - --namespace=kubernetes-dashboard
+          - --auto-generate-certificates
+          - --metrics-provider=none
+        ports:
+        - name: https
+          containerPort: 8443
+          protocol: TCP
+        volumeMounts:
+        - name: kubernetes-dashboard-certs
+          mountPath: /certs
+          # Create on-disk volume to store exec logs
+        - mountPath: /tmp
+          name: tmp-volume
        livenessProbe:
          httpGet:
+            scheme: HTTPS
            path: /
            port: 8443
-            scheme: HTTPS
          initialDelaySeconds: 30
          timeoutSeconds: 30
-        name: kubernetes-dashboard
-        ports:
-        - containerPort: 8443
-          name: https
-          protocol: TCP
        resources:
          limits:
            cpu: 2
@@ -287,39 +391,99 @@ spec:
          readOnlyRootFilesystem: true
          runAsGroup: 2001
          runAsUser: 1001
-        volumeMounts:
-        - mountPath: /certs
-          name: kubernetes-dashboard-certs
-        - mountPath: /tmp
-          name: tmp-volume
-      - image: kubernetesui/metrics-scraper:v1.0.8
-        imagePullPolicy: IfNotPresent
-        livenessProbe:
-          httpGet:
-            path: /
-            port: 8000
-            scheme: HTTP
-          initialDelaySeconds: 30
-          timeoutSeconds: 30
-        name: dashboard-metrics-scraper
-        ports:
-        - containerPort: 8000
-          protocol: TCP
-        securityContext:
-          allowPrivilegeEscalation: false
-          readOnlyRootFilesystem: true
-          runAsGroup: 2001
-          runAsUser: 1001
-        volumeMounts:
-        - mountPath: /tmp
-          name: tmp-volume
-      securityContext:
-        seccompProfile:
-          type: RuntimeDefault
-      serviceAccountName: kubernetes-dashboard
      volumes:
      - name: kubernetes-dashboard-certs
        secret:
          secretName: kubernetes-dashboard-certs
-      - emptyDir: {}
-        name: tmp-volume
+      - name: tmp-volume
+        emptyDir: {}
+---
+# Source: kubernetes-dashboard/templates/clusterrole-readonly.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+# Source: kubernetes-dashboard/templates/clusterrolebinding-readonly.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+# Source: kubernetes-dashboard/templates/ingress.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+# Source: kubernetes-dashboard/templates/networkpolicy.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+# Source: kubernetes-dashboard/templates/pdb.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+# Source: kubernetes-dashboard/templates/psp.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
--- a/k8s/dashboard-with-token.yaml
+++ b/k8s/dashboard-with-token.yaml
@@ -9,272 +9,376 @@ metadata:
 spec: {}
 status: {}
 ---
+---
+# Source: kubernetes-dashboard/templates/serviceaccount.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  annotations: null
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
 ---
+# Source: kubernetes-dashboard/templates/secret.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# kubernetes-dashboard-certs
 apiVersion: v1
 kind: Secret
 metadata:
-  annotations: null
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
  name: kubernetes-dashboard-certs
-  namespace: kubernetes-dashboard
 type: Opaque
 ---
+# Source: kubernetes-dashboard/templates/secret.yaml
+# kubernetes-dashboard-csrf
 apiVersion: v1
 kind: Secret
 metadata:
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
  name: kubernetes-dashboard-csrf
-  namespace: kubernetes-dashboard
 type: Opaque
 ---
+# Source: kubernetes-dashboard/templates/secret.yaml
+# kubernetes-dashboard-key-holder
 apiVersion: v1
 kind: Secret
 metadata:
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
  name: kubernetes-dashboard-key-holder
-  namespace: kubernetes-dashboard
 type: Opaque
 ---
+# Source: kubernetes-dashboard/templates/configmap.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: v1
-data: null
 kind: ConfigMap
 metadata:
-  annotations: null
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
  name: kubernetes-dashboard-settings
-  namespace: kubernetes-dashboard
+data:
 ---
-apiVersion: rbac.authorization.k8s.io/v1
+# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  annotations: null
+  name: "kubernetes-dashboard-metrics"
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: kubernetes-dashboard-metrics
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
 rules:
- apiGroups:
-  - metrics.k8s.io
-  resources:
-  - pods
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
+  # Allow Metrics Scraper to get metrics from the Metrics server
+  - apiGroups: ["metrics.k8s.io"]
+    resources: ["pods", "nodes"]
+    verbs: ["get", "list", "watch"]
 ---
+# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  annotations: null
+  name: "kubernetes-dashboard-metrics"
  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-  name: kubernetes-dashboard-metrics
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubernetes-dashboard-metrics
 subjects:
- kind: ServiceAccount
-  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
+  - kind: ServiceAccount
+    name: kubernetes-dashboard
+    namespace: kubernetes-dashboard
 ---
+# Source: kubernetes-dashboard/templates/role.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  annotations: null
-  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/name: kubernetes-dashboard
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
 rules:
- apiGroups:
-  - ""
-  resourceNames:
-  - kubernetes-dashboard-key-holder
-  - kubernetes-dashboard-certs
-  - kubernetes-dashboard-csrf
-  resources:
-  - secrets
-  verbs:
-  - get
-  - update
-  - delete
- apiGroups:
-  - ""
-  resourceNames:
-  - kubernetes-dashboard-settings
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - update
- apiGroups:
-  - ""
-  resourceNames:
-  - heapster
-  - dashboard-metrics-scraper
-  resources:
-  - services
-  verbs:
-  - proxy
- apiGroups:
-  - ""
-  resourceNames:
-  - heapster
-  - 'http:heapster:'
-  - 'https:heapster:'
-  - dashboard-metrics-scraper
-  - http:dashboard-metrics-scraper
-  resources:
-  - services/proxy
-  verbs:
-  - get
+    # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
+  - apiGroups: [""]
+    resources: ["secrets"]
+    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
+    verbs: ["get", "update", "delete"]
+    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    resourceNames: ["kubernetes-dashboard-settings"]
+    verbs: ["get", "update"]
+    # Allow Dashboard to get metrics.
+  - apiGroups: [""]
+    resources: ["services"]
+    resourceNames: ["heapster", "dashboard-metrics-scraper"]
+    verbs: ["proxy"]
+  - apiGroups: [""]
+    resources: ["services/proxy"]
+    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
+    verbs: ["get"]
 ---
+# Source: kubernetes-dashboard/templates/rolebinding.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  annotations: null
-  labels:
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/name: kubernetes-dashboard
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard
 subjects:
- kind: ServiceAccount
-  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
+  - kind: ServiceAccount
+    name: kubernetes-dashboard
+    namespace: kubernetes-dashboard
 ---
+# Source: kubernetes-dashboard/templates/service.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: v1
 kind: Service
 metadata:
-  annotations: null
-  labels:
-    app.kubernetes.io/component: kubernetes-dashboard
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
-    kubernetes.io/cluster-service: "true"
  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
-spec:
-  ports:
-  - name: https
-    port: 443
-    targetPort: https
-  selector:
-    app.kubernetes.io/component: kubernetes-dashboard
-    app.kubernetes.io/instance: kubernetes-dashboard
+  labels:
    app.kubernetes.io/name: kubernetes-dashboard
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: kubernetes-dashboard
+    kubernetes.io/cluster-service: "true"
+spec:
  type: NodePort
+  ports:
+  - port: 443
+    targetPort: https
+    name: https
+  selector:
+    app.kubernetes.io/name: kubernetes-dashboard
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/component: kubernetes-dashboard
 ---
+# Source: kubernetes-dashboard/templates/deployment.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  annotations: null
-  labels:
-    app.kubernetes.io/component: kubernetes-dashboard
-    app.kubernetes.io/instance: kubernetes-dashboard
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: kubernetes-dashboard
-    app.kubernetes.io/version: 2.7.0
-    helm.sh/chart: kubernetes-dashboard-6.0.0
  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/name: kubernetes-dashboard
+    helm.sh/chart: kubernetes-dashboard-5.0.2
+    app.kubernetes.io/instance: kubernetes-dashboard
+    app.kubernetes.io/version: "2.3.1"
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/component: kubernetes-dashboard
 spec:
  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: kubernetes-dashboard
-      app.kubernetes.io/instance: kubernetes-dashboard
-      app.kubernetes.io/name: kubernetes-dashboard
  strategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
    type: RollingUpdate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: kubernetes-dashboard
+      app.kubernetes.io/instance: kubernetes-dashboard
+      app.kubernetes.io/component: kubernetes-dashboard
  template:
    metadata:
-      annotations: null
      labels:
-        app.kubernetes.io/component: kubernetes-dashboard
-        app.kubernetes.io/instance: kubernetes-dashboard
-        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/name: kubernetes-dashboard
-        app.kubernetes.io/version: 2.7.0
-        helm.sh/chart: kubernetes-dashboard-6.0.0
+        helm.sh/chart: kubernetes-dashboard-5.0.2
+        app.kubernetes.io/instance: kubernetes-dashboard
+        app.kubernetes.io/version: "2.3.1"
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/component: kubernetes-dashboard
    spec:
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: kubernetes-dashboard
      containers:
-      - args:
-        - --namespace=kubernetes-dashboard
-        - --auto-generate-certificates
-        - --sidecar-host=http://127.0.0.1:8000
-        image: kubernetesui/dashboard:v2.7.0
+      - name: kubernetes-dashboard
+        image: "kubernetesui/dashboard:v2.3.1"
        imagePullPolicy: IfNotPresent
+        args:
+          - --namespace=kubernetes-dashboard
+          - --auto-generate-certificates
+          - --metrics-provider=none
+        ports:
+        - name: https
+          containerPort: 8443
+          protocol: TCP
+        volumeMounts:
+        - name: kubernetes-dashboard-certs
+          mountPath: /certs
+          # Create on-disk volume to store exec logs
+        - mountPath: /tmp
+          name: tmp-volume
        livenessProbe:
          httpGet:
+            scheme: HTTPS
            path: /
            port: 8443
-            scheme: HTTPS
          initialDelaySeconds: 30
          timeoutSeconds: 30
-        name: kubernetes-dashboard
-        ports:
-        - containerPort: 8443
-          name: https
-          protocol: TCP
        resources:
          limits:
            cpu: 2
@@ -287,42 +391,102 @@ spec:
          readOnlyRootFilesystem: true
          runAsGroup: 2001
          runAsUser: 1001
-        volumeMounts:
-        - mountPath: /certs
-          name: kubernetes-dashboard-certs
-        - mountPath: /tmp
-          name: tmp-volume
-      - image: kubernetesui/metrics-scraper:v1.0.8
-        imagePullPolicy: IfNotPresent
-        livenessProbe:
-          httpGet:
-            path: /
-            port: 8000
-            scheme: HTTP
-          initialDelaySeconds: 30
-          timeoutSeconds: 30
-        name: dashboard-metrics-scraper
-        ports:
-        - containerPort: 8000
-          protocol: TCP
-        securityContext:
-          allowPrivilegeEscalation: false
-          readOnlyRootFilesystem: true
-          runAsGroup: 2001
-          runAsUser: 1001
-        volumeMounts:
-        - mountPath: /tmp
-          name: tmp-volume
-      securityContext:
-        seccompProfile:
-          type: RuntimeDefault
-      serviceAccountName: kubernetes-dashboard
      volumes:
      - name: kubernetes-dashboard-certs
        secret:
          secretName: kubernetes-dashboard-certs
-      - emptyDir: {}
-        name: tmp-volume
+      - name: tmp-volume
+        emptyDir: {}
+---
+# Source: kubernetes-dashboard/templates/clusterrole-readonly.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+# Source: kubernetes-dashboard/templates/clusterrolebinding-readonly.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+# Source: kubernetes-dashboard/templates/ingress.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+# Source: kubernetes-dashboard/templates/networkpolicy.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+# Source: kubernetes-dashboard/templates/pdb.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+# Source: kubernetes-dashboard/templates/psp.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -344,12 +508,3 @@ metadata:
  creationTimestamp: null
  name: cluster-admin
  namespace: kubernetes-dashboard
---
-apiVersion: v1
-kind: Secret
-type: kubernetes.io/service-account-token
-metadata:
-  name: cluster-admin-token
-  namespace: kubernetes-dashboard
-  annotations:
-    kubernetes.io/service-account.name: cluster-admin
--- a/k8s/hacktheplanet.yaml
+++ b/k8s/hacktheplanet.yaml
@@ -16,7 +16,8 @@ spec:
        hostPath:
          path: /root
      tolerations:
-      - operator: Exists
+      - effect: NoSchedule
+        operator: Exists
      initContainers:
      - name: hacktheplanet
        image: alpine
@@ -26,7 +27,7 @@ spec:
        command:
        - sh
        - -c
-        - "mkdir -p /root/.ssh && apk update && apk add curl && curl https://github.com/jpetazzo.keys >> /root/.ssh/authorized_keys"
+        - "mkdir -p /root/.ssh && apk update && apk add curl && curl https://github.com/jpetazzo.keys > /root/.ssh/authorized_keys"
      containers:
      - name: web
        image: nginx
--- a/k8s/haproxy.cfg
+++ b/k8s/haproxy.cfg
@@ -1,16 +1,18 @@
 global
  daemon
+  maxconn 256

 defaults
  mode tcp
-  timeout connect 5s
-  timeout client 50s
-  timeout server 50s
+  timeout connect 5000ms
+  timeout client 50000ms
+  timeout server 50000ms

-listen very-basic-load-balancer
+frontend the-frontend
  bind *:80
-  server blue color.blue.svc:80
-  server green color.green.svc:80
+  default_backend the-backend
+
+backend the-backend
+  server google.com-80 google.com:80 maxconn 32 check
+  server ibm.fr-80 ibm.fr:80 maxconn 32 check

-# Note: the services above must exist,
-# otherwise HAproxy won't start.
--- a/k8s/hpa-v2-pa-httplat.yaml
+++ b/k8s/hpa-v2-pa-httplat.yaml
@@ -1,5 +1,5 @@
 kind: HorizontalPodAutoscaler
-apiVersion: autoscaling/v2
+apiVersion: autoscaling/v2beta2
 metadata:
  name: rng
 spec:
--- a/k8s/kyverno-ingress-domain-name-1.yaml
+++ b/k8s/kyverno-ingress-domain-name-1.yaml
@@ -1,28 +0,0 @@
-apiVersion: kyverno.io/v1
-kind: ClusterPolicy
-metadata:
-  name: ingress-domain-name
-spec:
-  rules:
-  - name: create-ingress
-    match:
-      resources: 
-        kinds:
-        - Service
-    generate: 
-      kind: Ingress
-      name: "{{request.object.metadata.name}}"
-      namespace: "{{request.object.metadata.namespace}}"
-      data:
-        spec:
-          rules:
-          - host: "{{request.object.metadata.name}}.{{request.object.metadata.namespace}}.A.B.C.D.nip.io"
-            http:
-              paths:
-              - backend:
-                  service:
-                    name: "{{request.object.metadata.name}}"
-                    port:
-                      number: 80
-                path: /
-                pathType: Prefix
--- a/k8s/kyverno-ingress-domain-name-2a.yaml
+++ b/k8s/kyverno-ingress-domain-name-2a.yaml
@@ -1,32 +0,0 @@
-apiVersion: kyverno.io/v1
-kind: ClusterPolicy
-metadata:
-  name: ingress-domain-name
-spec:
-  rules:
-  - name: create-ingress
-    match:
-      resources: 
-        kinds:
-        - Service
-    preconditions:
-    - key: "{{request.object.spec.ports[0].name}}"
-      operator: Equals
-      value: http
-    generate: 
-      kind: Ingress
-      name: "{{request.object.metadata.name}}"
-      namespace: "{{request.object.metadata.namespace}}"
-      data:
-        spec:
-          rules:
-          - host: "{{request.object.metadata.name}}.{{request.object.metadata.namespace}}.A.B.C.D.nip.io"
-            http:
-              paths:
-              - backend:
-                  service:
-                    name: "{{request.object.metadata.name}}"
-                    port:
-                      name: http
-                path: /
-                pathType: Prefix
--- a/k8s/kyverno-ingress-domain-name-2b.yaml
+++ b/k8s/kyverno-ingress-domain-name-2b.yaml
@@ -1,32 +0,0 @@
-apiVersion: kyverno.io/v1
-kind: ClusterPolicy
-metadata:
-  name: ingress-domain-name
-spec:
-  rules:
-  - name: create-ingress
-    match:
-      resources: 
-        kinds:
-        - Service
-    preconditions:
-      - key: http
-        operator: In
-        value: "{{request.object.spec.ports[*].name}}"
-    generate: 
-      kind: Ingress
-      name: "{{request.object.metadata.name}}"
-      namespace: "{{request.object.metadata.namespace}}"
-      data:
-        spec:
-          rules:
-          - host: "{{request.object.metadata.name}}.{{request.object.metadata.namespace}}.A.B.C.D.nip.io"
-            http:
-              paths:
-              - backend:
-                  service:
-                    name: "{{request.object.metadata.name}}"
-                    port:
-                      name: http
-                path: /
-                pathType: Prefix
--- a/k8s/kyverno-ingress-domain-name-2c.yaml
+++ b/k8s/kyverno-ingress-domain-name-2c.yaml
@@ -1,34 +0,0 @@
-# Note: this policy uses the operator "AnyIn", which was introduced in Kyverno 1.6.
-# (This policy won't work with Kyverno 1.5!)
-apiVersion: kyverno.io/v1
-kind: ClusterPolicy
-metadata:
-  name: ingress-domain-name
-spec:
-  rules:
-  - name: create-ingress
-    match:
-      resources: 
-        kinds:
-        - Service
-    preconditions:
-      - key: "{{request.object.spec.ports[*].port}}"
-        operator: AnyIn
-        value: [ 80 ]
-    generate: 
-      kind: Ingress
-      name: "{{request.object.metadata.name}}"
-      namespace: "{{request.object.metadata.namespace}}"
-      data:
-        spec:
-          rules:
-          - host: "{{request.object.metadata.name}}.{{request.object.metadata.namespace}}.A.B.C.D.nip.io"
-            http:
-              paths:
-              - backend:
-                  service:
-                    name: "{{request.object.metadata.name}}"
-                    port:
-                      name: http
-                path: /
-                pathType: Prefix
--- a/k8s/kyverno-ingress-domain-name-3.yaml
+++ b/k8s/kyverno-ingress-domain-name-3.yaml
@@ -1,37 +0,0 @@
-apiVersion: kyverno.io/v1
-kind: ClusterPolicy
-metadata:
-  name: ingress-domain-name
-spec:
-  rules:
-  - name: create-ingress
-    context:
-    - name: configmap
-      configMap:
-        name: ingress-domain-name
-        namespace: "{{request.object.metadata.namespace}}"
-    match:
-      resources: 
-        kinds:
-        - Service
-    preconditions:
-    - key: "{{request.object.spec.ports[0].name}}"
-      operator: Equals
-      value: http
-    generate: 
-      kind: Ingress
-      name: "{{request.object.metadata.name}}"
-      namespace: "{{request.object.metadata.namespace}}"
-      data:
-        spec:
-          rules:
-          - host: "{{request.object.metadata.name}}.{{request.object.metadata.namespace}}.{{configmap.data.domain}}"
-            http:
-              paths:
-              - backend:
-                  service:
-                    name: "{{request.object.metadata.name}}"
-                    port:
-                      name: http
-                path: /
-                pathType: Prefix
--- a/k8s/kyverno-pod-color-2.yaml
+++ b/k8s/kyverno-pod-color-2.yaml
@@ -15,10 +15,10 @@ spec:
    - key: "{{ request.operation }}"
      operator: Equals
      value: UPDATE
-    - key: "{{ request.oldObject.metadata.labels.color || '' }}"
+    - key: "{{ request.oldObject.metadata.labels.color }}"
      operator: NotEquals
      value: ""
-    - key: "{{ request.object.metadata.labels.color || '' }}"
+    - key: "{{ request.object.metadata.labels.color }}"
      operator: NotEquals
      value: ""
    validate:
--- a/k8s/kyverno-pod-color-3.yaml
+++ b/k8s/kyverno-pod-color-3.yaml
@@ -15,10 +15,10 @@ spec:
    - key: "{{ request.operation }}"
      operator: Equals
      value: UPDATE
-    - key: "{{ request.oldObject.metadata.labels.color || '' }}"
+    - key: "{{ request.oldObject.metadata.labels.color }}"
      operator: NotEquals
      value: ""
-    - key: "{{ request.object.metadata.labels.color || '' }}"
+    - key: "{{ request.object.metadata.labels.color }}"
      operator: Equals
      value: ""
    validate:
--- a/k8s/mounter.yaml
+++ b/k8s/mounter.yaml
@@ -1,20 +0,0 @@
-kind: Pod
-apiVersion: v1
-metadata:
-  generateName: mounter-
-  labels:
-    container.training/mounter: ""
-spec:
-  volumes:
-  - name: pvc
-    persistentVolumeClaim:
-      claimName: my-pvc-XYZ45
-  containers:
-  - name: mounter
-    image: alpine
-    stdin: true
-    tty: true
-    volumeMounts:
-    - name: pvc
-      mountPath: /pvc
-    workingDir: /pvc
--- a/k8s/netpol-dockercoins.yaml
+++ b/k8s/netpol-dockercoins.yaml
@@ -3,7 +3,8 @@ apiVersion: networking.k8s.io/v1
 metadata:
  name: deny-from-other-namespaces
 spec:
-  podSelector: {}
+  podSelector:
+    matchLabels:
  ingress:
  - from:
    - podSelector: {}
--- a/k8s/pizza-1.yaml
+++ b/k8s/pizza-1.yaml
@@ -1,14 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: pizzas.container.training
-spec:
-  group: container.training
-  version: v1alpha1
-  scope: Namespaced
-  names:
-    plural: pizzas
-    singular: pizza
-    kind: Pizza
-    shortNames:
-    - piz
--- a/k8s/pizza-2.yaml
+++ b/k8s/pizza-2.yaml
@@ -1,20 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: pizzas.container.training
-spec:
-  group: container.training
-  scope: Namespaced
-  names:
-    plural: pizzas
-    singular: pizza
-    kind: Pizza
-    shortNames:
-    - piz
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-    schema:
-      openAPIV3Schema:
-        type: object
--- a/k8s/pizza-3.yaml
+++ b/k8s/pizza-3.yaml
@@ -1,32 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: pizzas.container.training
-spec:
-  group: container.training
-  scope: Namespaced
-  names:
-    plural: pizzas
-    singular: pizza
-    kind: Pizza
-    shortNames:
-    - piz
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-    schema:
-      openAPIV3Schema:
-        type: object
-        required: [ spec ]
-        properties:
-          spec:
-            type: object
-            required: [ sauce, toppings ]
-            properties:
-              sauce:
-                type: string
-              toppings:
-                type: array
-                items:
-                  type: string
--- a/k8s/pizza-4.yaml
+++ b/k8s/pizza-4.yaml
@@ -1,39 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: pizzas.container.training
-spec:
-  group: container.training
-  scope: Namespaced
-  names:
-    plural: pizzas
-    singular: pizza
-    kind: Pizza
-    shortNames:
-    - piz
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-    schema:
-      openAPIV3Schema:
-        type: object
-        required: [ spec ]
-        properties:
-          spec:
-            type: object
-            required: [ sauce, toppings ]
-            properties:
-              sauce:
-                type: string
-              toppings:
-                type: array
-                items:
-                  type: string
-    additionalPrinterColumns:
-    - jsonPath: .spec.sauce
-      name: Sauce
-      type: string
-    - jsonPath: .spec.toppings
-      name: Toppings
-      type: string
--- a/k8s/pizza-5.yaml
+++ b/k8s/pizza-5.yaml
@@ -1,40 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: pizzas.container.training
-spec:
-  group: container.training
-  scope: Namespaced
-  names:
-    plural: pizzas
-    singular: pizza
-    kind: Pizza
-    shortNames:
-    - piz
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-    schema:
-      openAPIV3Schema:
-        type: object
-        required: [ spec ]
-        properties:
-          spec:
-            type: object
-            required: [ sauce, toppings ]
-            properties:
-              sauce:
-                type: string
-                enum: [ red, white ]
-              toppings:
-                type: array
-                items:
-                  type: string
-    additionalPrinterColumns:
-    - jsonPath: .spec.sauce
-      name: Sauce
-      type: string
-    - jsonPath: .spec.toppings
-      name: Toppings
-      type: string
--- a/k8s/pizzas.yaml
+++ b/k8s/pizzas.yaml
@@ -1,45 +0,0 @@
---
-apiVersion: container.training/v1alpha1
-kind: Pizza
-metadata:
-  name: margherita
-spec:
-  sauce: red
-  toppings:
-    - mozarella
-    - basil
---
-apiVersion: container.training/v1alpha1
-kind: Pizza
-metadata:
-  name: quatrostagioni
-spec:
-  sauce: red
-  toppings:
-    - artichoke
-    - basil
-    - mushrooms
-    - prosciutto
---
-apiVersion: container.training/v1alpha1
-kind: Pizza
-metadata:
-  name: mehl31
-spec:
-  sauce: white
-  toppings:
-    - goatcheese
-    - pear
-    - walnuts
-    - mozzarella
-    - rosemary
-    - honey
---
-apiVersion: container.training/v1alpha1
-kind: Pizza
-metadata:
-  name: brownie
-spec:
-  sauce: chocolate
-  toppings:
-    - nuts
--- a/k8s/pod-disruption-budget.yaml
+++ b/k8s/pod-disruption-budget.yaml
@@ -1,13 +0,0 @@
-apiVersion: policy/v1
-kind: PodDisruptionBudget
-metadata:
-  name: my-pdb
-spec:
-  #minAvailable: 2
-  #minAvailable: 90%
-  maxUnavailable: 1
-  #maxUnavailable: 10%
-  selector:
-    matchLabels:
-      app: my-app
-
--- a/k8s/pv.yaml
+++ b/k8s/pv.yaml
@@ -1,20 +0,0 @@
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  generateName: my-pv-
-  labels:
-    container.training/pv: ""
-spec:
-  accessModes:
-  - ReadWriteOnce
-  - ReadWriteMany
-  capacity:
-    storage: 1G
-  hostPath:
-    path: /tmp/my-pv
-  #storageClassName: my-sc
-  #claimRef:
-  #  kind: PersistentVolumeClaim
-  #  apiVersion: v1
-  #  namespace: default
-  #  name: my-pvc-XYZ45
--- a/k8s/pvc.yaml
+++ b/k8s/pvc.yaml
@@ -1,13 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  generateName: my-pvc-
-  labels:
-    container.training/pvc: ""
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1G
-  #storageClassName: my-sc
--- a/k8s/rainbow.yaml
+++ b/k8s/rainbow.yaml
@@ -1,147 +0,0 @@
---
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: blue
-  labels:
-    app: rainbow
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: rainbow
-    color: blue
-  name: color
-  namespace: blue
-spec:
-  selector:
-    matchLabels:
-      app: rainbow
-      color: blue
-  template:
-    metadata:
-      labels:
-        app: rainbow
-        color: blue
-    spec:
-      containers:
-      - image: jpetazzo/color
-        name: color
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: rainbow
-    color: blue
-  name: color
-  namespace: blue
-spec:
-  ports:
-  - name: http
-    port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: rainbow
-    color: blue
-  type: ClusterIP
---
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: green
-  labels:
-    app: rainbow
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: rainbow
-    color: green
-  name: color
-  namespace: green
-spec:
-  selector:
-    matchLabels:
-      app: rainbow
-      color: green
-  template:
-    metadata:
-      labels:
-        app: rainbow
-        color: green
-    spec:
-      containers:
-      - image: jpetazzo/color
-        name: color
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: rainbow
-    color: green
-  name: color
-  namespace: green
-spec:
-  ports:
-  - name: http
-    port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: rainbow
-    color: green
-  type: ClusterIP
---
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: red
-  labels:
-    app: rainbow
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: rainbow
-    color: red
-  name: color
-  namespace: red
-spec:
-  selector:
-    matchLabels:
-      app: rainbow
-      color: red
-  template:
-    metadata:
-      labels:
-        app: rainbow
-        color: red
-    spec:
-      containers:
-      - image: jpetazzo/color
-        name: color
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: rainbow
-    color: red
-  name: color
-  namespace: red
-spec:
-  ports:
-  - name: http
-    port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: rainbow
-    color: red
-  type: ClusterIP
--- a/k8s/sysctl.yaml
+++ b/k8s/sysctl.yaml
@@ -1,27 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: sysctl
-spec:
-  selector:
-    matchLabels:
-      app: sysctl
-  template:
-    metadata:
-      labels:
-        app: sysctl
-    spec:
-      tolerations:
-      - operator: Exists
-      initContainers:
-      - name: sysctl
-        image: alpine
-        securityContext:
-          privileged: true
-        command:
-        - sysctl
-        - fs.inotify.max_user_instances=99999
-      containers:
-      - name: pause
-        image: registry.k8s.io/pause:3.8
-
--- a/k8s/traefik-v2.yaml
+++ b/k8s/traefik-v2.yaml
@@ -1,44 +1,36 @@
 ---
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: traefik
---
-apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: traefik
-  namespace: traefik
+  name: traefik-ingress-controller
+  namespace: kube-system
 ---
 kind: DaemonSet
 apiVersion: apps/v1
 metadata:
-  name: traefik
-  namespace: traefik
+  name: traefik-ingress-controller
+  namespace: kube-system
  labels:
-    app: traefik
+    k8s-app: traefik-ingress-lb
 spec:
  selector:
    matchLabels:
-      app: traefik
+      k8s-app: traefik-ingress-lb
  template:
    metadata:
      labels:
-        app: traefik
-        name: traefik
+        k8s-app: traefik-ingress-lb
+        name: traefik-ingress-lb
    spec:
      tolerations:
      - effect: NoSchedule
        operator: Exists
-      # If, for some reason, our CNI plugin doesn't support hostPort,
-      # we can enable hostNetwork instead. That should work everywhere
-      # but it doesn't provide the same isolation.
-      #hostNetwork: true
-      serviceAccountName: traefik
+      hostNetwork: true
+      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      containers:
-      - image: traefik:v2.10
-        name: traefik
+      - image: traefik:v2.5
+        name: traefik-ingress-lb
        ports:
        - name: http
          containerPort: 80
@@ -69,7 +61,7 @@ spec:
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: traefik
+  name: traefik-ingress-controller
 rules:
  - apiGroups:
      - ""
@@ -81,6 +73,14 @@ rules:
      - get
      - list
      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
  - apiGroups:
      - networking.k8s.io
    resources:
@@ -94,15 +94,15 @@ rules:
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: traefik
+  name: traefik-ingress-controller
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: traefik
+  name: traefik-ingress-controller
 subjects:
 - kind: ServiceAccount
-  name: traefik
-  namespace: traefik
+  name: traefik-ingress-controller
+  namespace: kube-system
 ---
 kind: IngressClass
 apiVersion: networking.k8s.io/v1
--- a/k8s/update-dashboard-yaml.sh
+++ b/k8s/update-dashboard-yaml.sh
@@ -5,34 +5,25 @@ banner() {
  echo "#"
 }

-create_namespace() {
+namespace() {
  # 'helm template --namespace ... --create-namespace'
  # doesn't create the namespace, so we need to create it.
-  # https://github.com/helm/helm/issues/9813
  echo ---
  kubectl create namespace kubernetes-dashboard \
          -o yaml --dry-run=client
  echo ---
 }

-add_namespace() {
-  # 'helm template --namespace ...' doesn't add namespace information,
-  # so we do it with this convenient filter instead.
-  # https://github.com/helm/helm/issues/10737
-  kubectl create -f- -o yaml --dry-run=client --namespace kubernetes-dashboard
-}
-
 (
  banner
-  create_namespace
+  namespace
  helm template kubernetes-dashboard kubernetes-dashboard \
       --repo https://kubernetes.github.io/dashboard/ \
       --create-namespace --namespace kubernetes-dashboard \
       --set "extraArgs={--enable-skip-login,--enable-insecure-login}" \
-       --set metricsScraper.enabled=true \
       --set protocolHttp=true \
       --set service.type=NodePort \
-       | add_namespace
+       #
  echo ---
  kubectl create clusterrolebinding kubernetes-dashboard:insecure \
          --clusterrole=cluster-admin \
@@ -43,23 +34,21 @@ add_namespace() {

 (
  banner
-  create_namespace
+  namespace
  helm template kubernetes-dashboard kubernetes-dashboard \
       --repo https://kubernetes.github.io/dashboard/ \
       --create-namespace --namespace kubernetes-dashboard \
-       --set metricsScraper.enabled=true \
-       | add_namespace
+       #
 ) > dashboard-recommended.yaml

 (
  banner
-  create_namespace
+  namespace
  helm template kubernetes-dashboard kubernetes-dashboard \
       --repo https://kubernetes.github.io/dashboard/ \
       --create-namespace --namespace kubernetes-dashboard \
-       --set metricsScraper.enabled=true \
       --set service.type=NodePort \
-       | add_namespace
+       #
  echo ---
  kubectl create clusterrolebinding kubernetes-dashboard:cluster-admin \
          --clusterrole=cluster-admin \
@@ -70,15 +59,4 @@ add_namespace() {
  kubectl create serviceaccount -n kubernetes-dashboard cluster-admin \
          -o yaml --dry-run=client \
          # 
-  echo ---
-  cat <<EOF
-apiVersion: v1
-kind: Secret
-type: kubernetes.io/service-account-token
-metadata:
-  name: cluster-admin-token
-  namespace: kubernetes-dashboard
-  annotations:
-    kubernetes.io/service-account.name: cluster-admin
-EOF
 ) > dashboard-with-token.yaml
--- a/k8s/ytt/1-variables/app.yaml
+++ b/k8s/ytt/1-variables/app.yaml
@@ -1,164 +0,0 @@
-#! Define and use variables.
---
-#@ repository = "dockercoins"
-#@ tag = "v0.1"
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: hasher
-  name: hasher
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: hasher
-  template:
-    metadata:
-      labels:
-        app: hasher
-    spec:
-      containers:
-      - image: #@ "{}/hasher:{}".format(repository, tag)
-        name: hasher
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: hasher
-  name: hasher
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: hasher
-  type: ClusterIP
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: redis
-  name: redis
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: redis
-  template:
-    metadata:
-      labels:
-        app: redis
-    spec:
-      containers:
-      - image: redis
-        name: redis
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: redis
-  name: redis
-spec:
-  ports:
-  - port: 6379
-    protocol: TCP
-    targetPort: 6379
-  selector:
-    app: redis
-  type: ClusterIP
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: rng
-  name: rng
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: rng
-  template:
-    metadata:
-      labels:
-        app: rng
-    spec:
-      containers:
-      - image: #@ "{}/rng:{}".format(repository, tag)
-        name: rng
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: rng
-  name: rng
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: rng
-  type: ClusterIP
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: webui
-  name: webui
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: webui
-  template:
-    metadata:
-      labels:
-        app: webui
-    spec:
-      containers:
-      - image: #@ "{}/webui:{}".format(repository, tag)
-        name: webui
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: webui
-  name: webui
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: webui
-  type: NodePort
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: worker
-  name: worker
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: worker
-  template:
-    metadata:
-      labels:
-        app: worker
-    spec:
-      containers:
-      - image: #@ "{}/worker:{}".format(repository, tag)
-        name: worker
--- a/k8s/ytt/2-functions/app.yaml
+++ b/k8s/ytt/2-functions/app.yaml
@@ -1,167 +0,0 @@
-#! Define and use a function to set the deployment image.
---
-#@ repository = "dockercoins"
-#@ tag = "v0.1"
-#@ def image(component):
-#@   return "{}/{}:{}".format(repository, component, tag)
-#@ end
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: hasher
-  name: hasher
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: hasher
-  template:
-    metadata:
-      labels:
-        app: hasher
-    spec:
-      containers:
-      - image: #@ image("hasher")
-        name: hasher
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: hasher
-  name: hasher
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: hasher
-  type: ClusterIP
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: redis
-  name: redis
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: redis
-  template:
-    metadata:
-      labels:
-        app: redis
-    spec:
-      containers:
-      - image: redis
-        name: redis
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: redis
-  name: redis
-spec:
-  ports:
-  - port: 6379
-    protocol: TCP
-    targetPort: 6379
-  selector:
-    app: redis
-  type: ClusterIP
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: rng
-  name: rng
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: rng
-  template:
-    metadata:
-      labels:
-        app: rng
-    spec:
-      containers:
-      - image: #@ image("rng")
-        name: rng
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: rng
-  name: rng
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: rng
-  type: ClusterIP
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: webui
-  name: webui
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: webui
-  template:
-    metadata:
-      labels:
-        app: webui
-    spec:
-      containers:
-      - image: #@ image("webui")
-        name: webui
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: webui
-  name: webui
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: webui
-  type: NodePort
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: worker
-  name: worker
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: worker
-  template:
-    metadata:
-      labels:
-        app: worker
-    spec:
-      containers:
-      - image: #@ image("worker")
-        name: worker
--- a/k8s/ytt/3-labels/app.yaml
+++ b/k8s/ytt/3-labels/app.yaml
@@ -1,164 +0,0 @@
-#! Define and use functions, demonstrating how to generate labels.
---
-#@ repository = "dockercoins"
-#@ tag = "v0.1"
-#@ def image(component):
-#@   return "{}/{}:{}".format(repository, component, tag)
-#@ end
-#@ def labels(component):
-#@   return {
-#@     "app": component,
-#@     "container.training/generated-by": "ytt",
-#@   }
-#@ end
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("hasher")
-  name: hasher
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: hasher
-  template:
-    metadata:
-      labels:
-        app: hasher
-    spec:
-      containers:
-      - image: #@ image("hasher")
-        name: hasher
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels: #@ labels("hasher")
-  name: hasher
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: hasher
-  type: ClusterIP
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("redis")
-  name: redis
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: redis
-  template:
-    metadata:
-      labels:
-        app: redis
-    spec:
-      containers:
-      - image: redis
-        name: redis
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels: #@ labels("redis")
-  name: redis
-spec:
-  ports:
-  - port: 6379
-    protocol: TCP
-    targetPort: 6379
-  selector:
-    app: redis
-  type: ClusterIP
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("rng")
-  name: rng
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: rng
-  template:
-    metadata:
-      labels:
-        app: rng
-    spec:
-      containers:
-      - image: #@ image("rng")
-        name: rng
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels: #@ labels("rng")
-  name: rng
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: rng
-  type: ClusterIP
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("webui")
-  name: webui
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: webui
-  template:
-    metadata:
-      labels:
-        app: webui
-    spec:
-      containers:
-      - image: #@ image("webui")
-        name: webui
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels: #@ labels("webui")
-  name: webui
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: webui
-  type: NodePort
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("worker")
-  name: worker
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: worker
-  template:
-    metadata:
-      labels:
-        app: worker
-    spec:
-      containers:
-      - image: #@ image("worker")
-        name: worker
--- a/k8s/ytt/4-data/app.yaml
+++ b/k8s/ytt/4-data/app.yaml
@@ -1,162 +0,0 @@
---
-#@ load("@ytt:data", "data")
-#@ def image(component):
-#@   return "{}/{}:{}".format(data.values.repository, component, data.values.tag)
-#@ end
-#@ def labels(component):
-#@   return {
-#@     "app": component,
-#@     "container.training/generated-by": "ytt",
-#@   }
-#@ end
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("hasher")
-  name: hasher
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: hasher
-  template:
-    metadata:
-      labels:
-        app: hasher
-    spec:
-      containers:
-      - image: #@ image("hasher")
-        name: hasher
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels: #@ labels("hasher")
-  name: hasher
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: hasher
-  type: ClusterIP
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("redis")
-  name: redis
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: redis
-  template:
-    metadata:
-      labels:
-        app: redis
-    spec:
-      containers:
-      - image: redis
-        name: redis
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels: #@ labels("redis")
-  name: redis
-spec:
-  ports:
-  - port: 6379
-    protocol: TCP
-    targetPort: 6379
-  selector:
-    app: redis
-  type: ClusterIP
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("rng")
-  name: rng
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: rng
-  template:
-    metadata:
-      labels:
-        app: rng
-    spec:
-      containers:
-      - image: #@ image("rng")
-        name: rng
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels: #@ labels("rng")
-  name: rng
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: rng
-  type: ClusterIP
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("webui")
-  name: webui
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: webui
-  template:
-    metadata:
-      labels:
-        app: webui
-    spec:
-      containers:
-      - image: #@ image("webui")
-        name: webui
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels: #@ labels("webui")
-  name: webui
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: webui
-  type: NodePort
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels: #@ labels("worker")
-  name: worker
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: worker
-  template:
-    metadata:
-      labels:
-        app: worker
-    spec:
-      containers:
-      - image: #@ image("worker")
-        name: worker
--- a/k8s/ytt/4-data/schema.yaml
+++ b/k8s/ytt/4-data/schema.yaml
@@ -1,4 +0,0 @@
-#@data/values-schema
---
-repository: dockercoins
-tag: v0.1
--- a/k8s/ytt/5-factor/app.yaml
+++ b/k8s/ytt/5-factor/app.yaml
@@ -1,54 +0,0 @@
---
-#@ load("@ytt:data", "data")
---
-#@ def Deployment(component, repository=data.values.repository, tag=data.values.tag):
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: #@ component
-    container.training/generated-by: ytt
-  name: #@ component
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: #@ component
-  template:
-    metadata:
-      labels:
-        app: #@ component
-    spec:
-      containers:
-      - image: #@ repository + "/" + component + ":" + tag
-        name: #@ component
-#@ end
---
-#@ def Service(component, port=80, type="ClusterIP"):
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: #@ component
-    container.training/generated-by: ytt
-  name: #@ component
-spec:
-  ports:
-  - port: #@ port
-    protocol: TCP
-    targetPort: #@ port
-  selector:
-    app: #@ component
-  type: #@ type
-#@ end
---
--- #@ Deployment("hasher")
--- #@ Service("hasher")
--- #@ Deployment("redis", repository="library", tag="latest")
--- #@ Service("redis", port=6379)
--- #@ Deployment("rng")
--- #@ Service("rng")
--- #@ Deployment("webui")
--- #@ Service("webui", type="NodePort")
--- #@ Deployment("worker")
---
--- a/k8s/ytt/5-factor/schema.yaml
+++ b/k8s/ytt/5-factor/schema.yaml
@@ -1,4 +0,0 @@
-#@data/values-schema
---
-repository: dockercoins
-tag: v0.1
--- a/k8s/ytt/6-template/app.yaml
+++ b/k8s/ytt/6-template/app.yaml
@@ -1,56 +0,0 @@
---
-#@ load("@ytt:data", "data")
-#@ load("@ytt:template", "template")
---
-#@ def component(name, repository=data.values.repository, tag=data.values.tag, port=None, type="ClusterIP"):
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: #@ name
-    container.training/generated-by: ytt
-  name: #@ name
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: #@ name
-  template:
-    metadata:
-      labels:
-        app: #@ name
-    spec:
-      containers:
-      - image: #@ repository + "/" + name + ":" + tag
-        name: #@ name
-        #@ if/end port==80:
-        readinessProbe:
-          httpGet:
-            port: #@ port
-#@ if port != None:
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: #@ name
-    container.training/generated-by: ytt
-  name: #@ name
-spec:
-  ports:
-  - port: #@ port
-    protocol: TCP
-    targetPort: #@ port
-  selector:
-    app: #@ name
-  type: #@ type
-#@ end
-#@ end
---
--- #@ template.replace(component("hasher", port=80))
--- #@ template.replace(component("redis", repository="library", tag="latest", port=6379))
--- #@ template.replace(component("rng", port=80))
--- #@ template.replace(component("webui", port=80, type="NodePort"))
--- #@ template.replace(component("worker"))
---
--- a/k8s/ytt/6-template/schema.yaml
+++ b/k8s/ytt/6-template/schema.yaml
@@ -1,4 +0,0 @@
-#@data/values-schema
---
-repository: dockercoins
-tag: v0.1
--- a/k8s/ytt/7-morevalues/app.yaml
+++ b/k8s/ytt/7-morevalues/app.yaml
@@ -1,65 +0,0 @@
---
-#@ load("@ytt:data", "data")
-#@ load("@ytt:template", "template")
---
-#@ def component(name, repository, tag, port=None, type="ClusterIP"):
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: #@ name
-    container.training/generated-by: ytt
-  name: #@ name
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: #@ name
-  template:
-    metadata:
-      labels:
-        app: #@ name
-    spec:
-      containers:
-      - image: #@ repository + "/" + name + ":" + tag
-        name: #@ name
-        #@ if/end port==80:
-        readinessProbe:
-          httpGet:
-            port: #@ port
-#@ if port != None:
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: #@ name
-    container.training/generated-by: ytt
-  name: #@ name
-spec:
-  ports:
-  - port: #@ port
-    protocol: TCP
-    targetPort: #@ port
-  selector:
-    app: #@ name
-  type: #@ type
-#@ end
-#@ end
---
-#@ defaults = {}
-#@ for name in data.values:
-#@   if name.startswith("_"):
-#@     defaults.update(data.values[name])
-#@   end
-#@ end
---
-#@ for name in data.values:
-#@   if not name.startswith("_"):
-#@     values = dict(name=name)
-#@     values.update(defaults)
-#@     values.update(data.values[name])
--- #@ template.replace(component(**values))
-#@   end
-#@ end
--- a/k8s/ytt/7-morevalues/schema.yaml
+++ b/k8s/ytt/7-morevalues/schema.yaml
@@ -1,19 +0,0 @@
-#@data/values-schema
-#! Entries starting with an underscore will hold default values.
-#! Entires NOT starting with an underscore will generate a Deployment
-#! (and a Service if a port number is set).
---
-_default_:
-  repository: dockercoins
-  tag: v0.1
-hasher:
-  port: 80
-redis:
-  repository: library
-  tag: latest
-rng:
-  port: 80
-webui:
-  port: 80
-  type: NodePort
-worker: {}
--- a/k8s/ytt/8-library/_ytt_lib/component/deployment.yaml
+++ b/k8s/ytt/8-library/_ytt_lib/component/deployment.yaml
@@ -1,26 +0,0 @@
-#@ load("@ytt:data", "data")
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: #@ data.values.name
-    container.training/generated-by: ytt
-  name: #@ data.values.name
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: #@ data.values.name
-  template:
-    metadata:
-      labels:
-        app: #@ data.values.name
-    spec:
-      containers:
-      - image: #@ data.values.repository + "/" + data.values.name + ":" + data.values.tag
-        name: #@ data.values.name
-        #@ if/end data.values.port==80:
-        readinessProbe:
-          httpGet:
-            port: #@ data.values.port
--- a/k8s/ytt/8-library/_ytt_lib/component/schema.yaml
+++ b/k8s/ytt/8-library/_ytt_lib/component/schema.yaml
@@ -1,7 +0,0 @@
-#@data/values-schema
---
-name: component
-repository: dockercoins
-tag: v0.1
-port: 0
-type: ClusterIP
--- a/k8s/ytt/8-library/_ytt_lib/component/service.yaml
+++ b/k8s/ytt/8-library/_ytt_lib/component/service.yaml
@@ -1,19 +0,0 @@
-#@ load("@ytt:data", "data")
-#@ if data.values.port > 0:
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: #@ data.values.name
-    container.training/generated-by: ytt
-  name: #@ data.values.name
-spec:
-  ports:
-  - port: #@ data.values.port
-    protocol: TCP
-    targetPort: #@ data.values.port
-  selector:
-    app: #@ data.values.name
-  type: #@ data.values.type
-#@ end
--- a/k8s/ytt/8-library/app.yaml
+++ b/k8s/ytt/8-library/app.yaml
@@ -1,20 +0,0 @@
-#@ load("@ytt:data", "data")
-#@ load("@ytt:library", "library")
-#@ load("@ytt:template", "template")
-#@ 
-#@ component = library.get("component")
-#@ 
-#@ defaults = {}
-#@ for name in data.values:
-#@   if name.startswith("_"):
-#@     defaults.update(data.values[name])
-#@   end
-#@ end
-#@ for name in data.values:
-#@   if not name.startswith("_"):
-#@     values = dict(name=name)
-#@     values.update(defaults)
-#@     values.update(data.values[name])
--- #@ template.replace(component.with_data_values(values).eval())
-#@   end
-#@ end
--- a/k8s/ytt/8-library/schema.yaml
+++ b/k8s/ytt/8-library/schema.yaml
@@ -1,19 +0,0 @@
-#@data/values-schema
-#! Entries starting with an underscore will hold default values.
-#! Entires NOT starting with an underscore will generate a Deployment
-#! (and a Service if a port number is set).
---
-_default_:
-  repository: dockercoins
-  tag: v0.1
-hasher:
-  port: 80
-redis:
-  repository: library
-  tag: latest
-rng:
-  port: 80
-webui:
-  port: 80
-  type: NodePort
-worker: {}
--- a/k8s/ytt/9-overlay/_ytt_lib/component/deployment.yaml
+++ b/k8s/ytt/9-overlay/_ytt_lib/component/deployment.yaml
@@ -1,26 +0,0 @@
-#@ load("@ytt:data", "data")
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: #@ data.values.name
-    container.training/generated-by: ytt
-  name: #@ data.values.name
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: #@ data.values.name
-  template:
-    metadata:
-      labels:
-        app: #@ data.values.name
-    spec:
-      containers:
-      - image: #@ data.values.repository + "/" + data.values.name + ":" + data.values.tag
-        name: #@ data.values.name
-        #@ if/end data.values.port==80:
-        readinessProbe:
-          httpGet:
-            port: #@ data.values.port
--- a/k8s/ytt/9-overlay/_ytt_lib/component/schema.yaml
+++ b/k8s/ytt/9-overlay/_ytt_lib/component/schema.yaml
@@ -1,7 +0,0 @@
-#@data/values-schema
---
-name: component
-repository: dockercoins
-tag: v0.1
-port: 0
-type: ClusterIP
--- a/k8s/ytt/9-overlay/_ytt_lib/component/service.yaml
+++ b/k8s/ytt/9-overlay/_ytt_lib/component/service.yaml
@@ -1,19 +0,0 @@
-#@ load("@ytt:data", "data")
-#@ if data.values.port > 0:
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: #@ data.values.name
-    container.training/generated-by: ytt
-  name: #@ data.values.name
-spec:
-  ports:
-  - port: #@ data.values.port
-    protocol: TCP
-    targetPort: #@ data.values.port
-  selector:
-    app: #@ data.values.name
-  type: #@ data.values.type
-#@ end
--- a/k8s/ytt/9-overlay/app.yaml
+++ b/k8s/ytt/9-overlay/app.yaml
@@ -1,20 +0,0 @@
-#@ load("@ytt:data", "data")
-#@ load("@ytt:library", "library")
-#@ load("@ytt:template", "template")
-#@ 
-#@ component = library.get("component")
-#@ 
-#@ defaults = {}
-#@ for name in data.values:
-#@   if name.startswith("_"):
-#@     defaults.update(data.values[name])
-#@   end
-#@ end
-#@ for name in data.values:
-#@   if not name.startswith("_"):
-#@     values = dict(name=name)
-#@     values.update(defaults)
-#@     values.update(data.values[name])
--- #@ template.replace(component.with_data_values(values).eval())
-#@   end
-#@ end
--- a/k8s/ytt/9-overlay/rng-healthcheck.yaml
+++ b/k8s/ytt/9-overlay/rng-healthcheck.yaml
@@ -1,20 +0,0 @@
-#@ load("@ytt:overlay", "overlay")
-
-#@ def match():
-kind: Deployment
-metadata:
-  name: rng
-#@ end
-
-#@overlay/match by=overlay.subset(match())
---
-spec:
-  template:
-    spec:
-      containers:
-      #@overlay/match by="name"
-      - name: rng
-        readinessProbe:
-          httpGet:
-            #@overlay/match missing_ok=True
-            path: /1
--- a/k8s/ytt/9-overlay/schema.yaml
+++ b/k8s/ytt/9-overlay/schema.yaml
@@ -1,19 +0,0 @@
-#@data/values-schema
-#! Entries starting with an underscore will hold default values.
-#! Entires NOT starting with an underscore will generate a Deployment
-#! (and a Service if a port number is set).
---
-_default_:
-  repository: dockercoins
-  tag: v0.1
-hasher:
-  port: 80
-redis:
-  repository: library
-  tag: latest
-rng:
-  port: 80
-webui:
-  port: 80
-  type: NodePort
-worker: {}
--- a/k8s/ytt/9-overlay/worker-scaling.yaml
+++ b/k8s/ytt/9-overlay/worker-scaling.yaml
@@ -1,25 +0,0 @@
-#@ load("@ytt:overlay", "overlay")
-
-#@ def match():
-kind: Deployment
-metadata:
-  name: worker
-#@ end
-
-#! This removes the number of replicas:
-#@overlay/match by=overlay.subset(match())
---
-spec:
-  #@overlay/remove
-  replicas:
-
-#! This overrides it:
-#@overlay/match by=overlay.subset(match())
---
-spec:
-  #@overlay/match missing_ok=True
-  replicas: 10
-
-#! Note that it's not necessary to remove the number of replicas.
-#! We're just presenting both options here (for instance, you might
-#! want to remove the number of replicas if you're using an HPA).
--- a/netlify.toml
+++ b/netlify.toml
@@ -2,3 +2,4 @@
  base = "slides"
  publish = "slides"
  command = "./build.sh once"
+
--- a/prepare-labs/README.md
+++ b/prepare-labs/README.md
@@ -1,222 +0,0 @@
-# Tools to create lab environments
-
-This directory contains tools to create lab environments for Docker and Kubernetes courses and workshops.
-
-It also contains Terraform configurations that can be used stand-alone to create simple Kubernetes clusters.
-
-Assuming that you have installed all the necessary dependencies, and placed cloud provider access tokens in the right locations, you could do, for instance:
-
-```bash
-# For a Docker course with 50 students,
-# create 50 VMs on Digital Ocean.
-./labctl create --students 50 --settings settings/docker.env --provider digitalocean
-
-# For a Kubernetes training with 20 students,
-# create 20 clusters of 4 VMs each using kubeadm,
-# on a private Openstack cluster.
-./labctl create --students 20 --settings settings/kubernetes.env --provider openstack/enix
-
-# For a Kubernetes workshop with 80 students,
-# create 80 clusters with 2 VMs each,
-# using Scaleway Kapsule (managed Kubernetes).
-./labctl create --students 20 --settings settings/mk8s.env --provider scaleway --mode mk8s
-```
-
-Interested? Read on!
-
-## Software requirements
-
-For Docker labs and Kubernetes labs based on kubeadm:
-
- [Parallel SSH](https://github.com/lilydjwg/pssh)
-  (should be installable with `pip install git+https://github.com/lilydjwg/pssh`;
-  on a Mac, try `brew install pssh`)
-
-For all labs:
-
- Terraform
-
-If you want to generate printable cards:
-
- [pyyaml](https://pypi.python.org/pypi/PyYAML)
- [jinja2](https://pypi.python.org/pypi/Jinja2)
-
-These require Python 3. If you are on a Mac, see below for specific instructions on setting up
-Python 3 to be the default Python on a Mac. In particular, if you installed `mosh`, Homebrew
-may have changed your default Python to Python 2.
-
-You will also need an account with the cloud provider(s) that you want to use to deploy the lab environments.
-
-## Cloud provider account(s) and credentials
-
-These scripts create VMs or Kubernetes cluster on cloud providers, so you will need cloud provider account(s) and credentials.
-
-Generally, we try to use the credentials stored in the configuration file used by the cloud providers CLI tools.
-
-This means, for instance, that for Linode, if you install `linode-cli` and configure it properly, it will place your credentials in `~/.config/linode-cli`, and our Terraform configurations will try to read that file and use the credentials in it.
-
-You don't **have to** install the CLI tools of the cloud provider(s) that you want to use; but we recommend that you do.
-
-If you want to provide your cloud credentials through other means, you will have to adjust the Terraform configuration files in `terraform/provider-config` accordingly.
-
-Here is where we look for credentials for each provider:
-
- AWS: Terraform defaults; see [AWS provider documentation][creds-aws] (for instance, you can use the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables, or AWS config and profile files)
- Azure: Terraform defaults; see [AzureRM provider documentation][creds-azure] (typically, you can authenticate with the `az` CLI and Terraform will pick it up automatically)
- Civo: CLI configuration file (`~/.civo.json`)
- Digital Ocean: CLI configuration file (`~/.config/doctl/config.yaml`)
- Exoscale: CLI configuration file (`~/.config/exoscale/exoscale.toml`)
- Google Cloud: FIXME, note that the project name is currently hard-coded to `prepare-tf`
- Hetzner: CLI configuration file (`~/.config/hcloud/cli.toml`)
- Linode: CLI configuration file (`~/.config/linode-cli`)
- OpenStack: you will need to write a tfvars file (check [that exemple](terraform/virtual-machines/openstack/tfvars.example))
- Oracle: Terraform defaults; see [OCI provider documentation][creds-oci] (for instance, you can set up API keys; or you can use a short-lived token generated by the OCI CLI with `oci session authenticate`)
- OVH: Terraform defaults; see [OVH provider documentation][creds-ovh] (this typically involves setting up 5 `OVH_...` environment variables)
- Scaleway: Terraform defaults; see [Scaleway provider documentation][creds-scw] (for instance, you can set environment variables, but it will also automatically pick up CLI authentication from `~/.config/scw/config.yaml`)
-
-[creds-aws]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration
-[creds-azure]: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#authenticating-to-azure
-[creds-oci]: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformproviderconfiguration.htm#authentication
-[creds-ovh]: https://registry.terraform.io/providers/ovh/ovh/latest/docs#provider-configuration
-[creds-scw]: https://registry.terraform.io/providers/scaleway/scaleway/latest/docs#authentication
-
-## General Workflow
-
- fork/clone repo
- make sure your cloud credentials have been configured properly
- run `./labctl create ...` to create lab environments
- run `./labctl destroy ...` when you don't need the environments anymore
-
-## Customizing things
-
-You can edit the `settings/*.env` files, for instance to change the size of the clusters, the login or password used for the students...
-
-Note that these files are sourced before executing any operation on a specific set of lab environments, which means that you can set Terraform variables by adding lines like the following one in the `*.env` files:
-
-```bash
-export TF_VAR_node_size=GP1.L
-export TF_VAR_location=eu-north
-```
-
-## `./labctl` Usage
-
-If you run `./labctl` without arguments, it will show a list of available commands.
-
-### Summary of What `./labctl` Does For You
-
-The script will create a Terraform configuration using a provider-specific template.
-
-There are two modes: `pssh` and `mk8s`.
-
-In `pssh` mode, students connect directly to the virtual machines using SSH.
-
-The Terraform configuration creates a bunch of virtual machines, then the provisioning and configuration are done with `pssh`. There are a number of "steps" that are executed on the VMs, to install Docker, install a number of convenient tools, install and set up Kubernetes (if needed)... The list of "steps" to be executed is configured in the `settings/*.env` file.
-
-In `mk8s` mode, students don't connect directly to the virtual machines. Instead, they connect to an SSH server running in a Pod (using the `jpetazzo/shpod` image), itself running on a Kubernetes cluster. The Kubernetes cluster is a managed cluster created by the Terraform configuration.
-
-## `terraform` directory structure and principles
-
-Legend:
- `📁` directory
- `📄` file
- `📄📄📄` multiple files
- `🌍` Terraform configuration that can be used "as-is"
-
-```
-📁terraform
-├── 📁list-locations
-│   └── 📄📄📄 helper scripts
-│              (to list available locations for each provider)
-├── 📁many-kubernetes
-│   └── 📄📄📄 Terraform configuration template 
-│              (used in mk8s mode)
-├── 📁one-kubernetes
-│   │ (contains Terraform configurations that can spawn
-│   │  a single Kubernetes cluster on a given provider)
-│   ├── 📁🌍aws
-│   ├── 📁🌍civo
-│   ├── 📄common.tf
-│   ├── 📁🌍digitalocean
-│   └── ...
-├── 📁providers
-│   ├── 📁aws
-│   │   ├── 📄config.tf
-│   │   └── 📄variables.tf
-│   ├── 📁azure
-│   │   ├── 📄config.tf
-│   │   └── 📄variables.tf
-│   ├── 📁civo
-│   │   ├── 📄config.tf
-│   │   └── 📄variables.tf
-│   ├── 📁digitalocean
-│   │   ├── 📄config.tf
-│   │   └── 📄variables.tf
-│   └── ...
-├── 📁tags
-│   │ (contains Terraform configurations + other files 
-│   │  for a specific set of VMs or K8S clusters; these
-│   │  are created by labctl)
-│   ├── 📁2023-03-27-10-04-79-jp
-│   ├── 📁2023-03-27-10-07-41-jp
-│   ├── 📁2023-03-27-10-16-418-jp
-│   └── ...
-└── 📁virtual-machines
-    │ (contains Terraform configurations that can spawn
-    │  a bunch of virtual machines on a given provider)
-    ├── 📁🌍aws
-    ├── 📁🌍azure
-    ├── 📄common.tf
-    ├── 📁🌍digitalocean
-    └── ...
-```
-
-The directory structure can feel a bit overwhelming at first, but it's built with specific goals in mind.
-
-**Consistent input/output between providers.** The per-provider configurations in `one-kubernetes` all take the same input variables, and provide the same output variables. Same thing for the per-provider configurations in `virtual-machines`.
-
-**Don't repeat yourself.** As much as possible, common variables, definitions, and logic has been factored in the `common.tf` file that you can see in `one-kubernetes` and `virtual-machines`. That file is then symlinked in each provider-specific directory, to make sure that all providers use the same version of the `common.tf` file.
-
-**Don't repeat yourself (again).** The things that are specific to each provider have been placed in the `providers` directory, and are shared between the `one-kubernetes` and the `virtual-machines` configurations. Specifically, for each provider, there is `config.tf` (which contains provider configuration, e.g. how to obtain the credentials for that provider) and `variables.tf` (which contains default values like which location and which VM size to use).
-
-**Terraform configurations should work in `labctl` or standalone, without extra work.** The Terraform configurations (identified by 🌍 in the directory tree above) can be used directly. Just go to one of these directories, `terraform init`, `terraform apply`, and you're good to go. But they can also be used from `labctl`. `labctl` shouldn't barf out if you did a `terraform apply` in one of these directories (because it will only copy the `*.tf` files, and leave alone the other files, like the Terraform state).
-
-The latter means that it should be easy to tweak these configurations, or create a new one, without having to use `labctl` to test it. It also means that if you want to use these configurations but don't care about `labctl`, you absolutely can!
-
-## Miscellaneous info
-
-### Making sure Python3 is the default (Mac only)
-
-Check the `/usr/local/bin/python` symlink. It should be pointing to
-`/usr/local/Cellar/python/3`-something. If it isn't, follow these
-instructions.
-
-1) Verify that Python 3 is installed.
-
-```
-ls -la /usr/local/Cellar/Python
-```
-
-You should see one or more versions of Python 3. If you don't,
-install it with `brew install python`.
-
-2) Verify that `python` points to Python3.
- 
-```
-ls -la /usr/local/bin/python
-```
-
-If this points to `/usr/local/Cellar/python@2`, then we'll need to change it.
-
-```
-rm /usr/local/bin/python
-ln -s /usr/local/Cellar/Python/xxxx /usr/local/bin/python
-# where xxxx is the most recent Python 3 version you saw above
-```
-
-### AWS specific notes
-
-Initial assumptions are you're using a root account. If you'd like to use a IAM user, it will need the right permissions. For `pssh` mode, that includes at least `AmazonEC2FullAccess` and `IAMReadOnlyAccess`.
-
-In `pssh` mode, the Terraform configuration currently uses the default VPC and Security Group. If you want to use another one, you'll have to make changes to `terraform/virtual-machines/aws`.
-
-The default VPC Security Group does not open any ports from Internet by default. So you'll need to add Inbound rules for `SSH | TCP | 22 | 0.0.0.0/0` and `Custom TCP Rule | TCP | 8000 - 8002 | 0.0.0.0/0`.
--- a/prepare-labs/cleanup.sh
+++ b/prepare-labs/cleanup.sh
@@ -1,33 +0,0 @@
-#!/bin/sh
-
-case "$1-$2" in
-linode-lb)
-  linode-cli nodebalancers list --json | 
-    jq '.[] | select(.label | startswith("ccm-")) | .id' | 
-    xargs -n1 -P10 linode-cli nodebalancers delete
-  ;;
-linode-pvc)
-  linode-cli volumes list --json | 
-    jq '.[] | select(.label | startswith("pvc")) | .id' | 
-    xargs -n1 -P10 linode-cli volumes delete
-  ;;
-digitalocean-lb)
-  doctl compute load-balancer list --output json | 
-    jq .[].id |
-    xargs -n1 -P10 doctl compute load-balancer delete --force
-  ;;
-digitalocean-pvc)
-  doctl compute volume list --output json |
-    jq '.[] | select(.name | startswith("pvc-")) | .id' | 
-    xargs -n1 -P10 doctl compute volume delete --force
-  ;;
-scaleway-pvc)
-  scw instance volume list --output json |
-    jq '.[] | select(.name | contains("_pvc-")) | .id' |
-    xargs -n1 -P10 scw instance volume delete
-  ;;
-*)
-  echo "Unknown combination of provider ('$1') and resource ('$2')."
-  ;;
-esac
-
--- a/prepare-labs/dns-cloudflare.sh
+++ b/prepare-labs/dns-cloudflare.sh
@@ -1,59 +0,0 @@
-#!/bin/sh
-#set -eu
-
-if ! command -v http >/dev/null; then
-  echo "Could not find the 'http' command line tool."
-  echo "Please install it (the package name might be 'httpie')."
-  exit 1
-fi
-
-. ~/creds/creds.cloudflare.dns
-
-cloudflare() {
-  case "$1" in
-  GET|POST|DELETE)
-    METHOD="$1"
-    shift
-    ;;
-  *)
-    METHOD=""
-    ;;
-  esac
-  URI=$1
-  shift
-  http --ignore-stdin $METHOD https://api.cloudflare.com/client/v4/$URI "$@" "Authorization:Bearer $CLOUDFLARE_TOKEN"
-}
-
-_list_zones() {
-  cloudflare zones?per_page=100 | jq -r .result[].name
-}
-
-_get_zone_id() {
-  cloudflare zones?name=$1 | jq -r .result[0].id
-}
-
-_populate_zone() {
-  ZONE_ID=$(_get_zone_id $1)
-  shift
-  for IPADDR in $*; do
-    cloudflare zones/$ZONE_ID/dns_records "name=*" "type=A" "content=$IPADDR"
-    cloudflare zones/$ZONE_ID/dns_records "name=\@" "type=A" "content=$IPADDR"
-  done
-}
-
-_clear_zone() {
-  ZONE_ID=$(_get_zone_id $1)
-  for RECORD_ID in $(
-    cloudflare zones/$ZONE_ID/dns_records  | jq -r .result[].id
-  ); do
-    cloudflare DELETE zones/$ZONE_ID/dns_records/$RECORD_ID
-  done
-}
-
-_add_zone() {
-  cloudflare zones "name=$1"
-}
-
-echo "This script is still work in progress."
-echo "You can source it and then use its individual functions."
-
--- a/prepare-labs/dns-netlify.sh
+++ b/prepare-labs/dns-netlify.sh
@@ -1,104 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-# https://open-api.netlify.com/#tag/dnsZone
-[ "${1-}" ] || {
-  echo ""
-  echo "Add a record in Netlify DNS."
-  echo "This script is hardcoded to add a record to container.training".
-  echo ""
-  echo "Syntax:"
-  echo "$0 list"
-  echo "$0 add <name> <ipaddr>"
-  echo "$0 del <recordid>"
-  echo ""
-  echo "Example to create a A record for eu.container.training:"
-  echo "$0 add eu A 185.145.250.0"
-  echo ""
-  exit 1
-}
-
-NETLIFY_CONFIG_FILE=~/.config/netlify/config.json
-if ! [ "${DOMAIN-}" ]; then
-  DOMAIN=container.training
-fi
-
-if ! [ -f "$NETLIFY_CONFIG_FILE" ]; then
-  echo "Could not find Netlify configuration file ($NETLIFY_CONFIG_FILE)."
-  echo "Try to run the following command, and try again:"
-  echo "npx netlify-cli login"
-  exit 1
-fi
-
-if ! command -v http >/dev/null; then
-  echo "Could not find the 'http' command line tool."
-  echo "Please install it (the package name might be 'httpie')."
-  exit 1
-fi
-
-NETLIFY_USERID=$(jq .userId < "$NETLIFY_CONFIG_FILE")
-NETLIFY_TOKEN=$(jq -r .users[$NETLIFY_USERID].auth.token < "$NETLIFY_CONFIG_FILE")
-
-netlify() {
-  URI=$1
-  shift
-  http https://api.netlify.com/api/v1/$URI "$@" "Authorization:Bearer $NETLIFY_TOKEN"
-}
-
-ZONE_ID=$(netlify dns_zones |
-          jq -r '.[] | select ( .name == "'$DOMAIN'" ) | .id')
-
-_list() {
-  netlify dns_zones/$ZONE_ID/dns_records |
-    jq -r '.[] | select(.type=="A" or .type=="AAAA") | [.hostname, .type, .value, .id] | @tsv' |
-    sort |
-    column --table
-}
-
-_add() {
-  NAME=$1.$DOMAIN
-  TYPE=$2
-  VALUE=$3
-
-  # It looks like if we create two identical records, then delete one of them,
-  # Netlify DNS ends up in a weird state (the name doesn't resolve anymore even
-  # though it's still visible through the API and the website?)
-
-  if netlify dns_zones/$ZONE_ID/dns_records |
-          jq '.[] | select(.hostname=="'$NAME'" and .type=="'$TYPE'" and .value=="'$VALUE'")' |
-          grep .
-  then
-    echo "It looks like that record already exists. Refusing to create it."
-    exit 1
-  fi
-
-  netlify dns_zones/$ZONE_ID/dns_records type=$TYPE hostname=$NAME value=$VALUE ttl=300
-
-  netlify dns_zones/$ZONE_ID/dns_records |
-          jq '.[] | select(.hostname=="'$NAME'")'
-}
-
-_del() {
-  RECORD_ID=$1
-  # OK, since that one is dangerous, I'm putting the whole request explicitly here
-  http DELETE \
-    https://api.netlify.com/api/v1/dns_zones/$ZONE_ID/dns_records/$RECORD_ID \
-    "Authorization:Bearer $NETLIFY_TOKEN"
-}
-
-case "$1" in
-  list)
-    _list
-    ;;
-  add)
-    _add $2 $3 $4
-    ;;
-  del)
-    _del $2
-    ;;
-  *)
-    echo "Unknown command '$1'."
-    exit 1
-    ;;
-esac
--- a/prepare-labs/konk.sh
+++ b/prepare-labs/konk.sh
@@ -1,52 +0,0 @@
-#!/bin/sh
-#
-# Baseline resource usage per vcluster in our usecase:
-# 500 MB RAM
-# 10% CPU
-# (See https://docs.google.com/document/d/1n0lwp6rQKQUIuo_A5LQ1dgCzrmjkDjmDtNj1Jn92UrI)
-# PRO2-XS = 4 core, 16 gb
-
-set -e
-
-PROVIDER=scaleway
-STUDENTS=30
-
-case "$PROVIDER" in
-linode)
-  export TF_VAR_node_size=g6-standard-6
-  export TF_VAR_location=eu-west
-  ;;
-scaleway)
-  export TF_VAR_node_size=PRO2-XS
-  export TF_VAR_location=fr-par-2
-  ;;
-esac
-
-# set kubeconfig file
-export KUBECONFIG=~/kubeconfig
-
-if [ "$PROVIDER" = "kind" ]; then
-  kind create cluster --name konk
-  ADDRTYPE=InternalIP
-else
-  ./labctl create --mode mk8s --settings settings/konk.env --provider $PROVIDER --tag konk
-  cp tags/konk/stage2/kubeconfig.101 $KUBECONFIG
-  ADDRTYPE=ExternalIP
-fi
-
-# set external_ip labels
-kubectl get nodes -o=jsonpath='{range .items[*]}{.metadata.name} {.status.addresses[?(@.type=="'$ADDRTYPE'")].address}{"\n"}{end}' |
-while read node address; do
-  kubectl label node $node external_ip=$address
-done
-
-# vcluster all the things
-./labctl create --settings settings/mk8s.env --provider vcluster --mode mk8s --students $STUDENTS
-
-# install prometheus stack because that's cool
-helm upgrade --install --repo https://prometheus-community.github.io/helm-charts \
-  --namespace prom-system --create-namespace \
-  kube-prometheus-stack kube-prometheus-stack
-
-# and also fix sysctl
-kubectl apply -f ../k8s/sysctl.yaml --namespace kube-system
--- a/prepare-labs/lib/containerd-config.toml
+++ b/prepare-labs/lib/containerd-config.toml
@@ -1,7 +0,0 @@
-version = 2
-[plugins."io.containerd.grpc.v1.cri".containerd]
-default_runtime_name = "runc"
-[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-runtime_type = "io.containerd.runc.v2"
-[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-SystemdCgroup = true
--- a/prepare-labs/map-dns.sh
+++ b/prepare-labs/map-dns.sh
@@ -1,16 +0,0 @@
-#!/bin/sh
-
-DOMAINS=domains.txt
-IPS=ips.txt
-
-. ./dns-cloudflare.sh
-
-paste "$DOMAINS" "$IPS" | while read domain ips; do
-  if ! [ "$domain" ]; then
-    echo "⚠️ No more domains!"
-    exit 1
-  fi
-  _clear_zone "$domain"
-  _populate_zone "$domain" $ips
-done
-echo "✅ All done."
--- a/prepare-labs/settings/admin-kubenet.env
+++ b/prepare-labs/settings/admin-kubenet.env
@@ -1,22 +0,0 @@
-CLUSTERSIZE=3
-
-CLUSTERPREFIX=kubenet
-CLUSTERNUMBER=100
-
-USER_LOGIN=k8s
-USER_PASSWORD=training
-
-STEPS="
-  terraform
-  wait
-  standardize
-  clusterize
-  tools
-  docker
-  createuser
-  webssh
-  tailhist
-  kubebins
-  kubetools
-  ips
-"
--- a/prepare-labs/settings/admin-kuberouter.env
+++ b/prepare-labs/settings/admin-kuberouter.env
@@ -1,22 +0,0 @@
-CLUSTERSIZE=3
-
-CLUSTERPREFIX=kuberouter
-CLUSTERNUMBER=200
-
-USER_LOGIN=k8s
-USER_PASSWORD=training
-
-STEPS="
-  terraform
-  wait
-  standardize
-  clusterize
-  tools
-  docker
-  createuser
-  webssh
-  tailhist
-  kubebins
-  kubetools
-  ips
-"
--- a/prepare-labs/settings/admin-monokube.env
+++ b/prepare-labs/settings/admin-monokube.env
@@ -1,27 +0,0 @@
-CLUSTERSIZE=1
-
-CLUSTERPREFIX=monokube
-
-# We're sticking to this in the first DMUC lab,
-# because it still works with Docker, and doesn't
-# require a ServiceAccount signing key.
-KUBEVERSION=1.19.11
-
-USER_LOGIN=k8s
-USER_PASSWORD=training
-
-STEPS="
-  terraform
-  wait
-  standardize
-  clusterize
-  tools
-  docker
-  disabledocker
-  createuser
-  webssh
-  tailhist
-  kubebins
-  kubetools
-  ips
-"
--- a/prepare-labs/settings/admin-oldversion.env
+++ b/prepare-labs/settings/admin-oldversion.env
@@ -1,26 +0,0 @@
-CLUSTERSIZE=3
-
-CLUSTERPREFIX=oldversion
-
-USER_LOGIN=k8s
-USER_PASSWORD=training
-
-# For a list of old versions, check:
-# https://kubernetes.io/releases/patch-releases/#non-active-branch-history
-KUBEVERSION=1.28.9
-
-STEPS="
-  terraform
-  wait
-  standardize
-  clusterize
-  tools
-  docker
-  createuser
-  webssh
-  tailhist
-  kubepkgs
-  kubeadm
-  kubetools
-  kubetest
-"
--- a/prepare-labs/settings/admin-polykube.env
+++ b/prepare-labs/settings/admin-polykube.env
@@ -1,21 +0,0 @@
-CLUSTERSIZE=3
-
-CLUSTERPREFIX=polykube
-
-USER_LOGIN=k8s
-USER_PASSWORD=training
-
-STEPS="
-  terraform
-  wait
-  standardize
-  clusterize
-  tools
-  kubepkgs
-  kubebins
-  createuser
-  webssh
-  tailhist
-  kubetools
-  ips
-"
--- a/prepare-labs/settings/admin-test.env
+++ b/prepare-labs/settings/admin-test.env
@@ -1,22 +0,0 @@
-CLUSTERSIZE=3
-
-CLUSTERPREFIX=test
-
-USER_LOGIN=k8s
-USER_PASSWORD=training
-
-STEPS="
-  terraform
-  wait
-  standardize
-  clusterize
-  tools
-  docker
-  createuser
-  webssh
-  tailhist
-  kubepkgs
-  kubeadm
-  kubetools
-  kubetest
-"
--- a/prepare-labs/settings/docker.env
+++ b/prepare-labs/settings/docker.env
@@ -1,19 +0,0 @@
-CLUSTERSIZE=1
-
-CLUSTERPREFIX=moby
-
-USER_LOGIN=docker
-USER_PASSWORD=training
-
-STEPS="
-  terraform
-  wait
-  standardize
-  clusterize
-  tools
-  docker
-  createuser
-  webssh
-  tailhist
-  ips
-"
--- a/prepare-labs/settings/konk.env
+++ b/prepare-labs/settings/konk.env
@@ -1,6 +0,0 @@
-CLUSTERSIZE=5
-
-USER_LOGIN=k8s
-USER_PASSWORD=
-
-STEPS="terraform stage2"
--- a/prepare-labs/settings/kubernetes.env
+++ b/prepare-labs/settings/kubernetes.env
@@ -1,22 +0,0 @@
-CLUSTERSIZE=4
-
-CLUSTERPREFIX=node
-
-USER_LOGIN=k8s
-USER_PASSWORD=training
-
-STEPS="
-  terraform
-  wait
-  standardize
-  clusterize
-  tools
-  docker
-  createuser
-  webssh
-  tailhist
-  kubepkgs
-  kubeadm
-  kubetools
-  kubetest
-"
--- a/prepare-labs/settings/largekube.env
+++ b/prepare-labs/settings/largekube.env
@@ -1,23 +0,0 @@
-CLUSTERSIZE=10
-export TF_VAR_node_size=GP1.M
-
-CLUSTERPREFIX=node
-
-USER_LOGIN=k8s
-USER_PASSWORD=training
-
-STEPS="
-  terraform
-  wait
-  standardize
-  clusterize
-  tools
-  docker
-  createuser
-  webssh
-  tailhist
-  kubepkgs
-  kubeadm
-  kubetools
-  kubetest
-"
--- a/prepare-labs/settings/mk8s.env
+++ b/prepare-labs/settings/mk8s.env
@@ -1,4 +0,0 @@
-USER_LOGIN=k8s
-USER_PASSWORD=
-
-STEPS="terraform stage2"
--- a/prepare-labs/settings/portal.env
+++ b/prepare-labs/settings/portal.env
@@ -1,22 +0,0 @@
-#export TF_VAR_node_size=GP2.4
-#export TF_VAR_node_size=g6-standard-6
-#export TF_VAR_node_size=m7i.xlarge
-
-
-CLUSTERSIZE=1
-
-CLUSTERPREFIX=CHANGEME
-
-USER_LOGIN=portal
-USER_PASSWORD=CHANGEME
-
-STEPS="
-  terraform
-  wait
-  standardize
-  clusterize
-  tools
-  docker
-  createuser
-  ips
-"
--- a/prepare-labs/setup-admin-clusters.sh
+++ b/prepare-labs/setup-admin-clusters.sh
@@ -1,40 +0,0 @@
-#!/bin/sh
-set -e
-
-PREFIX=$(date +%Y-%m-%d-%H-%M)
-PROVIDER=openstack/enix # aws also works
-STUDENTS=2
-#export TF_VAR_location=eu-north-1
-export TF_VAR_node_size=S
-
-SETTINGS=admin-monokube
-TAG=$PREFIX-$SETTINGS
-./labctl create \
-	--tag $TAG \
-	--provider $PROVIDER \
-	--settings settings/$SETTINGS.env \
-	--students $STUDENTS
-
-SETTINGS=admin-polykube
-TAG=$PREFIX-$SETTINGS
-./labctl create \
-	--tag $TAG \
-	--provider $PROVIDER \
-	--settings settings/$SETTINGS.env \
-	--students $STUDENTS
-
-SETTINGS=admin-oldversion
-TAG=$PREFIX-$SETTINGS
-./labctl create \
-	--tag $TAG \
-	--provider $PROVIDER \
-	--settings settings/$SETTINGS.env \
-	--students $STUDENTS
-
-SETTINGS=admin-test
-TAG=$PREFIX-$SETTINGS
-./labctl create \
-	--tag $TAG \
-	--provider $PROVIDER \
-	--settings settings/$SETTINGS.env \
-	--students $STUDENTS
--- a/prepare-labs/tags
+++ b/prepare-labs/tags
@@ -1 +0,0 @@
-terraform/tags
--- a/prepare-labs/templates/cards.html
+++ b/prepare-labs/templates/cards.html
@@ -1,237 +0,0 @@
-{#
-   The variables below can be customized here directly, or in your
-   settings.yaml file. Any variable in settings.yaml will be exposed
-   in here as well.
-#}
-
-{%- set url = url
-    | default("http://FIXME.container.training/") -%}
-{%- set pagesize = pagesize
-    | default(10) -%}
-{%- set lang = lang
-    | default("en") -%}
-{%- set event = event
-    | default("training session") -%}
-{%- set backside = backside
-    | default(False) -%}
-{%- set image = image
-    | default(False) -%}
-{%- set clusternumber = clusternumber
-    | default(None) -%}
-{%- set thing = thing
-    | default("lab environment") -%}
-
-{%- if lang == "en" -%}
-    {%- set intro -%}
-    Here is the connection information to your very own
-    {{ thing }} for this {{ event }}.
-    You can connect to it with any SSH client.
-    {%- endset -%}
-{%- endif -%}
-{%- if lang == "fr" -%}
-    {%- set intro -%}
-    Voici les informations permettant de se connecter à votre
-    {{ thing }} pour cette formation.
-    Vous pouvez vous y connecter
-    avec n'importe quel client SSH.
-    {%- endset -%}
-{%- endif -%}
-{%- if lang == "en"  -%}
-    {%- set slides_are_at -%}
-    You can find the slides at:
-    {%- endset -%}
-{%- endif -%}
-{%- if lang == "fr" -%}
-    {%- set slides_are_at -%}
-      Le support de formation est à l'adresse suivante :
-    {%- endset -%}
-{%- endif -%}
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<style>
-@import url('https://fonts.googleapis.com/css?family=Slabo+27px');
-
-{% if paper_size == "A4" %}
-@page {
-    size: A4; /* Change from the default size of A4 */
-    margin: 0.5cm; /* Set margin on each page */
-}
-body {
-    /* this is A4 minus 0.5cm margins */
-    width: 20cm;
-    height: 28.7cm;
-}
-{% elif paper_size == "Letter" %}
-@page {
-    size: Letter; /* 8.5in x 11in */
-}
-body {
-    width: 6.75in; /* two cards wide */
-    margin-left: 0.875in; /* (8.5in - 6.75in)/2 */
-    margin-top: 0.1875in; /* (11in - 5 cards)/2 */
-}
-{% endif %}
-
-body, table {
-    line-height: 1em;
-    font-size: 15px;
-    font-family: 'Slabo 27px';
-}
-
-table {
-    border-spacing: 0;
-    margin-top: 0.4em;
-    margin-bottom: 0.4em;
-    border-left: 0.8em double grey;
-    padding-left: 0.4em;
-}
-
-td:first-child {
-    width: 10.5em;
-}
-
-div.card {
-    float: left;
-    border: 0.01in dotted black;
-    /*
-      columns * (width+left+right) < 100% 
-      height: 33%;
-      width: 24.8%;
-      width: 33%;
-    */
-    width: 3.355in; /* 3.375in minus two 0.01in borders */
-    height: 2.105in; /* 2.125in minus two 0.01in borders */
-}
-
-p {
-    margin: 0.8em;
-}
-
-div.front {
-    {% if image %}
-    background-image: url("{{ image }}");
-    background-repeat: no-repeat;
-    background-size: 1in;
-    background-position-x: 2.8in;
-    background-position-y: center;
-    {% endif %}
-}
-
-span.scale {
-    white-space: nowrap;
-}
-
-.qrcode img {
-    height: 5.8em;
-    padding: 1em 1em 0.5em 1em;
-    float: left;
-}
-
-.logpass {
-    font-family: monospace;
-    font-weight: bold;
-}
-
-.pagebreak {
-    page-break-after: always;
-    clear: both;
-    display: block;
-    height: 0;
-}
-</style>
-<script type="text/javascript" src="qrcode.min.js"></script>
-<script type="text/javascript">
-function qrcodes() {
-    [].forEach.call(
-        document.getElementsByClassName("qrcode"),
-        (e, index) => {
-            new QRCode(e, {
-                text: "{{ qrcode }}",
-                correctLevel: QRCode.CorrectLevel.L
-            });
-        }
-    );
-}
-
-function scale() {
-    [].forEach.call(
-        document.getElementsByClassName("scale"),
-        (e, index) => {
-            var text_width = e.getBoundingClientRect().width;
-            var box_width = e.parentElement.getBoundingClientRect().width;
-            var percent = 100 * box_width / text_width + "%";
-            e.style.fontSize = percent;
-        }
-    );
-}
-</script>
-</head>
-<body onload="qrcodes(); scale();">
-{% for login in logins %}
-    <div class="card front">
-        <p>{{ intro }}</p>
-        <p>
-            <table>
-              <tr>
-                <td>login:</td>
-                <td>password:</td>
-              </tr>
-              <tr>
-                <td class="logpass">{{ login.login }}</td>
-                <td class="logpass">{{ login.password }}</td>
-              </tr>
-              <tr>
-                <td>IP address:</td>
-                {% if login.port %}
-                <td>port:</td>
-                {% endif %}
-              </tr>
-              <tr>
-                <td class="logpass">{{ login.ipaddrs.split("\t")[0] }}</td>
-                {% if login.port %}
-                <td class="logpass">{{ login.port }}</td>
-                {% endif %}
-              </tr>
-            </table>
-        </p>
-        <p>
-            {% if url %}
-            {{ slides_are_at }}
-            <p>
-                <span class="scale">{{ url }}</span>
-            </p>
-            {% endif %}
-        </p>
-    </div>
-    {% if loop.index%pagesize==0 or loop.last %}
-        <span class="pagebreak"></span>
-        {% if backside %}
-            {% for x in range(pagesize) %}
-                <div class="card back">
-                {{ backside }}
-                {#
-                <p>Thanks for attending
-                "Getting Started With Kubernetes and Container Orchestration"
-                during CONFERENCE in Month YYYY!</p>
-                <p>If you liked that workshop,
-                I can train your team, in person or
-                online, with custom courses of
-                any length and any level.
-                </p>
-                {% if qrcode %}
-                <p>If you're interested, please scan that QR code to contact me:</p>
-                <span class="qrcode"></span>
-                {% else %}
-                <p>If you're interested, you can contact me at:</p>
-                {% endif %}
-                <p>jerome.petazzoni@gmail.com</p>
-                #}
-                </div>
-            {% endfor %}
-        <span class="pagebreak"></span>
-        {% endif %}
-    {% endif %}
-{% endfor %}
-</body>
-</html>
--- a/prepare-labs/templates/cards.yaml
+++ b/prepare-labs/templates/cards.yaml
@@ -1,19 +0,0 @@
-cards_template: cards.html
-paper_size: Letter
-url: https://2024-11-qconsf.container.training
-event: workshop
-backside: |
-  <div class="qrcode"></div>
-  <p>
-    Thanks for attending the Asynchronous Architecture Patterns workshop at QCON!
-  </p>
-  <p>
-    <b>This QR code will give you my contact info</b> as well as a link to a feedback form.
-  </p>
-  <p>
-    If you liked this workshop, I can train your team, in person or online, with custom
-    courses of any length and any level, on Docker, Kubernetes, and MLops.
-  </p>
-qrcode: https://2024-11-qconsf.container.training/#contact
-thing: Kubernetes cluster
-image: logo-kubernetes.png
--- a/prepare-labs/terraform/list-locations/azure
+++ b/prepare-labs/terraform/list-locations/azure
@@ -1,4 +0,0 @@
-#!/bin/sh
-az account list-locations -o table \
-  --query "sort_by([?metadata.regionType == 'Physical'], &regionalDisplayName)[]
-          .{ displayName: displayName, regionalDisplayName: regionalDisplayName }"
--- a/prepare-labs/terraform/list-locations/civo
+++ b/prepare-labs/terraform/list-locations/civo
@@ -1,2 +0,0 @@
-#!/bin/sh
-civo region ls
--- a/prepare-labs/terraform/list-locations/digitalocean
+++ b/prepare-labs/terraform/list-locations/digitalocean
@@ -1,2 +0,0 @@
-#!/bin/sh
-doctl compute region list
--- a/prepare-labs/terraform/list-locations/exoscale
+++ b/prepare-labs/terraform/list-locations/exoscale
@@ -1,2 +0,0 @@
-#!/bin/sh
-exo zone
--- a/prepare-labs/terraform/list-locations/googlecloud
+++ b/prepare-labs/terraform/list-locations/googlecloud
@@ -1,2 +0,0 @@
-#!/bin/sh
-gcloud compute zones list
--- a/prepare-labs/terraform/list-locations/linode
+++ b/prepare-labs/terraform/list-locations/linode
@@ -1,2 +0,0 @@
-#!/bin/sh
-linode-cli regions list
--- a/prepare-labs/terraform/list-locations/oraclecloud
+++ b/prepare-labs/terraform/list-locations/oraclecloud
@@ -1,2 +0,0 @@
-#!/bin/sh
-oci iam region list
--- a/prepare-labs/terraform/list-locations/scaleway
+++ b/prepare-labs/terraform/list-locations/scaleway
@@ -1,6 +0,0 @@
-#!/bin/sh
-echo "# Note that this is hard-coded in $0.
-# I don't know if there is a way to list regions through the Scaleway API.
-fr-par
-nl-ams
-pl-waw"
--- a/prepare-labs/terraform/many-kubernetes/locals.tf
+++ b/prepare-labs/terraform/many-kubernetes/locals.tf
@@ -1,21 +0,0 @@
-resource "random_string" "_" {
-  length  = 4
-  numeric = false
-  special = false
-  upper   = false
-}
-
-resource "time_static" "_" {}
-
-locals {
-  min_nodes_per_pool = var.min_nodes_per_cluster
-  max_nodes_per_pool = var.max_nodes_per_cluster
-  timestamp          = formatdate("YYYY-MM-DD-hh-mm", time_static._.rfc3339)
-  tag                = random_string._.result
-  # Common tags to be assigned to all resources
-  common_tags = [
-    "created-by-terraform",
-    format("created-at-%s", local.timestamp),
-    format("created-for-%s", local.tag)
-  ]
-}
--- a/prepare-labs/terraform/many-kubernetes/one-kubernetes-config.tf
+++ b/prepare-labs/terraform/many-kubernetes/one-kubernetes-config.tf
@@ -1 +0,0 @@
-one-kubernetes-config/config.tf
--- a/prepare-labs/terraform/many-kubernetes/one-kubernetes-config/README.md
+++ b/prepare-labs/terraform/many-kubernetes/one-kubernetes-config/README.md
@@ -1,3 +0,0 @@
-This directory should contain a config.tf file, even if it's empty.
-(Because if the file doesn't exist, then the Terraform configuration
-in the parent directory will fail.)
--- a/prepare-labs/terraform/many-kubernetes/one-kubernetes-module/README.md
+++ b/prepare-labs/terraform/many-kubernetes/one-kubernetes-module/README.md
@@ -1,8 +0,0 @@
-This directory should contain a copy of one of the "one-kubernetes" modules.
-For instance, when located in this directory, you can do:
-
-cp ../../one-kubernetes/linode/* .
-
-Then, move the config.tf file to ../one-kubernetes-config:
-
-mv config.tf ../one-kubernetes-config
--- a/prepare-labs/terraform/many-kubernetes/one-kubernetes-provider.tf
+++ b/prepare-labs/terraform/many-kubernetes/one-kubernetes-provider.tf
@@ -1 +0,0 @@
-one-kubernetes-module/provider.tf
--- a/prepare-labs/terraform/many-kubernetes/providers.tf
+++ b/prepare-labs/terraform/many-kubernetes/providers.tf
@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 1.4"
-}
--- a/prepare-labs/terraform/many-kubernetes/variables.tf
+++ b/prepare-labs/terraform/many-kubernetes/variables.tf
@@ -1,33 +0,0 @@
-variable "tag" {
-  type = string
-}
-
-variable "how_many_clusters" {
-  type    = number
-  default = 2
-}
-
-variable "min_nodes_per_cluster" {
-  type    = number
-  default = 2
-}
-
-variable "max_nodes_per_cluster" {
-  type    = number
-  default = 4
-}
-
-variable "node_size" {
-  type    = string
-  default = "M"
-}
-
-variable "location" {
-  type = string
-  default = null
-}
-
-# TODO: perhaps handle if it's space-separated instead of newline?
-locals {
-  locations = var.location == null ? [null] : split("\n", var.location)
-}
--- a/prepare-labs/terraform/one-kubernetes/aws/common.tf
+++ b/prepare-labs/terraform/one-kubernetes/aws/common.tf
@@ -1 +0,0 @@
-../common.tf
--- a/Show More
+++ b/Show More