Change last day schedule of Allo Docker for Julien

.gitignore

@@ -9,7 +9,6 @@ prepare-labs/terraform/many-kubernetes/one-kubernetes-config/config.tf
 prepare-labs/terraform/many-kubernetes/one-kubernetes-module/*.tf
 prepare-labs/terraform/tags
 prepare-labs/terraform/virtual-machines/openstack/*.tfvars
-prepare-labs/terraform/virtual-machines/proxmox/*.tfvars
 prepare-labs/www
 
 slides/*.yml.html

dockercoins/hasher/Dockerfile

@@ -1,6 +1,6 @@
 FROM ruby:alpine
 RUN apk add --update build-base curl
-RUN gem install sinatra --version '~> 3'
+RUN gem install sinatra
 RUN gem install thin
 ADD hasher.rb /
 CMD ["ruby", "hasher.rb"]

k8s/hacktheplanet.yaml

@@ -16,7 +16,8 @@ spec:
         hostPath:
           path: /root
       tolerations:
-      - operator: Exists
+      - effect: NoSchedule
+        operator: Exists
       initContainers:
       - name: hacktheplanet
         image: alpine
@@ -26,7 +27,7 @@ spec:
         command:
         - sh
         - -c
-        - "mkdir -p /root/.ssh && apk update && apk add curl && curl https://github.com/jpetazzo.keys >> /root/.ssh/authorized_keys"
+        - "mkdir -p /root/.ssh && apk update && apk add curl && curl https://github.com/jpetazzo.keys > /root/.ssh/authorized_keys"
       containers:
       - name: web
         image: nginx

k8s/pod-disruption-budget.yaml

@@ -1,13 +0,0 @@
-apiVersion: policy/v1
-kind: PodDisruptionBudget
-metadata:
-  name: my-pdb
-spec:
-  #minAvailable: 2
-  #minAvailable: 90%
-  maxUnavailable: 1
-  #maxUnavailable: 10%
-  selector:
-    matchLabels:
-      app: my-app
-

k8s/sysctl.yaml

@@ -1,27 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: sysctl
-spec:
-  selector:
-    matchLabels:
-      app: sysctl
-  template:
-    metadata:
-      labels:
-        app: sysctl
-    spec:
-      tolerations:
-      - operator: Exists
-      initContainers:
-      - name: sysctl
-        image: alpine
-        securityContext:
-          privileged: true
-        command:
-        - sysctl
-        - fs.inotify.max_user_instances=99999
-      containers:
-      - name: pause
-        image: registry.k8s.io/pause:3.8
-

prepare-labs/README.md

@@ -59,27 +59,6 @@ You don't **have to** install the CLI tools of the cloud provider(s) that you wa
 
 If you want to provide your cloud credentials through other means, you will have to adjust the Terraform configuration files in `terraform/provider-config` accordingly.
 
-Here is where we look for credentials for each provider:
-
-- AWS: Terraform defaults; see [AWS provider documentation][creds-aws] (for instance, you can use the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables, or AWS config and profile files)
-- Azure: Terraform defaults; see [AzureRM provider documentation][creds-azure] (typically, you can authenticate with the `az` CLI and Terraform will pick it up automatically)
-- Civo: CLI configuration file (`~/.civo.json`)
-- Digital Ocean: CLI configuration file (`~/.config/doctl/config.yaml`)
-- Exoscale: CLI configuration file (`~/.config/exoscale/exoscale.toml`)
-- Google Cloud: FIXME, note that the project name is currently hard-coded to `prepare-tf`
-- Hetzner: CLI configuration file (`~/.config/hcloud/cli.toml`)
-- Linode: CLI configuration file (`~/.config/linode-cli`)
-- OpenStack: you will need to write a tfvars file (check [that exemple](terraform/virtual-machines/openstack/tfvars.example))
-- Oracle: Terraform defaults; see [OCI provider documentation][creds-oci] (for instance, you can set up API keys; or you can use a short-lived token generated by the OCI CLI with `oci session authenticate`)
-- OVH: Terraform defaults; see [OVH provider documentation][creds-ovh] (this typically involves setting up 5 `OVH_...` environment variables)
-- Scaleway: Terraform defaults; see [Scaleway provider documentation][creds-scw] (for instance, you can set environment variables, but it will also automatically pick up CLI authentication from `~/.config/scw/config.yaml`)
-
-[creds-aws]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration
-[creds-azure]: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#authenticating-to-azure
-[creds-oci]: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformproviderconfiguration.htm#authentication
-[creds-ovh]: https://registry.terraform.io/providers/ovh/ovh/latest/docs#provider-configuration
-[creds-scw]: https://registry.terraform.io/providers/scaleway/scaleway/latest/docs#authentication
-
 ## General Workflow
 
 - fork/clone repo

prepare-labs/cleanup.sh

@@ -21,11 +21,6 @@ digitalocean-pvc)
     jq '.[] | select(.name | startswith("pvc-")) | .id' | 
     xargs -n1 -P10 doctl compute volume delete --force
   ;;
-scaleway-pvc)
-  scw instance volume list --output json |
-    jq '.[] | select(.name | contains("_pvc-")) | .id' |
-    xargs -n1 -P10 scw instance volume delete
-  ;;
 *)
   echo "Unknown combination of provider ('$1') and resource ('$2')."
   ;;

prepare-labs/dns-cloudflare.sh

@@ -10,22 +10,13 @@ fi
 . ~/creds/creds.cloudflare.dns
 
 cloudflare() {
-  case "$1" in
-  GET|POST|DELETE)
-    METHOD="$1"
-    shift
-    ;;
-  *)
-    METHOD=""
-    ;;
-  esac
   URI=$1
   shift
-  http --ignore-stdin $METHOD https://api.cloudflare.com/client/v4/$URI "$@" "Authorization:Bearer $CLOUDFLARE_TOKEN"
+  http https://api.cloudflare.com/client/v4/$URI "$@" "Authorization:Bearer $CLOUDFLARE_TOKEN"
 }
 
 _list_zones() {
-  cloudflare zones?per_page=100 | jq -r .result[].name
+  cloudflare zones | jq -r .result[].name
 }
 
 _get_zone_id() {
@@ -41,15 +32,6 @@ _populate_zone() {
   done
 }
 
-_clear_zone() {
-  ZONE_ID=$(_get_zone_id $1)
-  for RECORD_ID in $(
-    cloudflare zones/$ZONE_ID/dns_records  | jq -r .result[].id
-  ); do
-    cloudflare DELETE zones/$ZONE_ID/dns_records/$RECORD_ID
-  done
-}
-
 _add_zone() {
   cloudflare zones "name=$1"
 }

prepare-labs/dns-netlify.sh

@@ -1,9 +1,7 @@
 #!/bin/sh
 
-set -eu
-
 # https://open-api.netlify.com/#tag/dnsZone
-[ "${1-}" ] || {
+[ "$1" ] || {
   echo ""
   echo "Add a record in Netlify DNS."
   echo "This script is hardcoded to add a record to container.training".
@@ -14,13 +12,13 @@ set -eu
   echo "$0 del <recordid>"
   echo ""
   echo "Example to create a A record for eu.container.training:"
-  echo "$0 add eu A 185.145.250.0"
+  echo "$0 add eu 185.145.250.0"
   echo ""
   exit 1
 }
 
 NETLIFY_CONFIG_FILE=~/.config/netlify/config.json
-if ! [ "${DOMAIN-}" ]; then
+if ! [ "$DOMAIN" ]; then
   DOMAIN=container.training
 fi
 
@@ -51,29 +49,27 @@ ZONE_ID=$(netlify dns_zones |
 
 _list() {
   netlify dns_zones/$ZONE_ID/dns_records |
-    jq -r '.[] | select(.type=="A" or .type=="AAAA") | [.hostname, .type, .value, .id] | @tsv' |
-    sort |
-    column --table
+    jq -r '.[] | select(.type=="A") | [.hostname, .type, .value, .id] | @tsv'
 }
 
 _add() {
   NAME=$1.$DOMAIN
-  TYPE=$2
-  VALUE=$3
+  ADDR=$2
+
 
   # It looks like if we create two identical records, then delete one of them,
   # Netlify DNS ends up in a weird state (the name doesn't resolve anymore even
   # though it's still visible through the API and the website?)
 
   if netlify dns_zones/$ZONE_ID/dns_records |
-          jq '.[] | select(.hostname=="'$NAME'" and .type=="'$TYPE'" and .value=="'$VALUE'")' |
+          jq '.[] | select(.hostname=="'$NAME'" and .type=="A" and .value=="'$ADDR'")' |
           grep .
   then
     echo "It looks like that record already exists. Refusing to create it."
     exit 1
   fi
 
-  netlify dns_zones/$ZONE_ID/dns_records type=$TYPE hostname=$NAME value=$VALUE ttl=300
+  netlify dns_zones/$ZONE_ID/dns_records type=A hostname=$NAME value=$ADDR ttl=300
 
   netlify dns_zones/$ZONE_ID/dns_records |
           jq '.[] | select(.hostname=="'$NAME'")'
@@ -92,7 +88,7 @@ case "$1" in
     _list
     ;;
   add)
-    _add $2 $3 $4
+    _add $2 $3
     ;;
   del)
     _del $2

prepare-labs/konk.sh

@@ -1,52 +1,19 @@
 #!/bin/sh
-#
-# Baseline resource usage per vcluster in our usecase:
-# 500 MB RAM
-# 10% CPU
-# (See https://docs.google.com/document/d/1n0lwp6rQKQUIuo_A5LQ1dgCzrmjkDjmDtNj1Jn92UrI)
-# PRO2-XS = 4 core, 16 gb
 
-set -e
-
-PROVIDER=scaleway
-STUDENTS=30
-
-case "$PROVIDER" in
-linode)
-  export TF_VAR_node_size=g6-standard-6
-  export TF_VAR_location=eu-west
-  ;;
-scaleway)
-  export TF_VAR_node_size=PRO2-XS
-  export TF_VAR_location=fr-par-2
-  ;;
-esac
+# deploy big cluster
+TF_VAR_node_size=g6-standard-6 \
+TF_VAR_nodes_per_cluster=5 \
+TF_VAR_location=eu-west \
+./labctl create --mode mk8s --settings settings/mk8s.env --provider linode --tag konk
 
 # set kubeconfig file
-export KUBECONFIG=~/kubeconfig
-
-if [ "$PROVIDER" = "kind" ]; then
-  kind create cluster --name konk
-  ADDRTYPE=InternalIP
-else
-  ./labctl create --mode mk8s --settings settings/konk.env --provider $PROVIDER --tag konk
-  cp tags/konk/stage2/kubeconfig.101 $KUBECONFIG
-  ADDRTYPE=ExternalIP
-fi
+cp tags/konk/stage2/kubeconfig.101 ~/kubeconfig
 
 # set external_ip labels
-kubectl get nodes -o=jsonpath='{range .items[*]}{.metadata.name} {.status.addresses[?(@.type=="'$ADDRTYPE'")].address}{"\n"}{end}' |
+kubectl get nodes -o=jsonpath='{range .items[*]}{.metadata.name} {.status.addresses[?(@.type=="ExternalIP")].address}{"\n"}{end}' |
 while read node address; do
   kubectl label node $node external_ip=$address
 done
 
 # vcluster all the things
-./labctl create --settings settings/mk8s.env --provider vcluster --mode mk8s --students $STUDENTS
-
-# install prometheus stack because that's cool
-helm upgrade --install --repo https://prometheus-community.github.io/helm-charts \
-  --namespace prom-system --create-namespace \
-  kube-prometheus-stack kube-prometheus-stack
-
-# and also fix sysctl
-kubectl apply -f ../k8s/sysctl.yaml --namespace kube-system
+./labctl create --settings settings/mk8s.env --provider vcluster --mode mk8s --students 27

prepare-labs/lib/cli.sh

@@ -57,7 +57,7 @@ need_tag() {
     if [ ! -d "tags/$TAG" ]; then
         die "Tag $TAG not found (directory tags/$TAG does not exist)."
     fi
-    for FILE in mode provider settings.env status; do
+    for FILE in settings.env ips.txt; do
         if [ ! -f "tags/$TAG/$FILE" ]; then
           warning "File tags/$TAG/$FILE not found."
         fi

prepare-labs/lib/commands.sh

@@ -19,22 +19,20 @@ _cmd_cards() {
     TAG=$1
     need_tag
 
-    OPTIONS_FILE=$2
-    [ -f "$OPTIONS_FILE" ] || die "Please specify a YAML options file as 2nd argument."
-    OPTIONS_FILE_PATH="$(readlink -f "$OPTIONS_FILE")"
+    die FIXME
 
-    # This will process logins.jsonl to generate two files: cards.pdf and cards.html
+    # This will process ips.txt to generate two files: ips.pdf and ips.html
     (
         cd tags/$TAG
-        ../../../lib/make-login-cards.py "$OPTIONS_FILE_PATH"
+        ../../../lib/ips-txt-to-html.py settings.yaml
     )
 
-    ln -sf ../tags/$TAG/cards.html www/$TAG.html
-    ln -sf ../tags/$TAG/cards.pdf www/$TAG.pdf
+    ln -sf ../tags/$TAG/ips.html www/$TAG.html
+    ln -sf ../tags/$TAG/ips.pdf www/$TAG.pdf
 
     info "Cards created. You can view them with:"
-    info "xdg-open tags/$TAG/cards.html tags/$TAG/cards.pdf (on Linux)"
-    info "open tags/$TAG/cards.html (on macOS)"
+    info "xdg-open tags/$TAG/ips.html tags/$TAG/ips.pdf (on Linux)"
+    info "open tags/$TAG/ips.html (on macOS)"
     info "Or you can start a web server with:"
     info "$0 www"
 }
@@ -49,41 +47,6 @@ _cmd_clean() {
 	done	
 }
 
-_cmd codeserver "Install code-server on the clusters"
-_cmd_codeserver() {
-    TAG=$1
-    need_tag
-
-    ARCH=${ARCHITECTURE-amd64}
-    CODESERVER_VERSION=4.96.2
-    CODESERVER_URL=https://github.com/coder/code-server/releases/download/v${CODESERVER_VERSION}/code-server-${CODESERVER_VERSION}-linux-${ARCH}.tar.gz
-    pssh "
-    set -e
-    i_am_first_node || exit 0
-    if ! [ -x /usr/local/bin/code-server ]; then
-        curl -fsSL $CODESERVER_URL | sudo tar zx -C /opt
-        sudo ln -s /opt/code-server-${CODESERVER_VERSION}-linux-${ARCH}/bin/code-server /usr/local/bin/code-server
-        sudo -u $USER_LOGIN -H code-server --install-extension ms-azuretools.vscode-docker
-        sudo -u $USER_LOGIN -H code-server --install-extension ms-kubernetes-tools.vscode-kubernetes-tools
-        sudo -u $USER_LOGIN -H mkdir -p /home/$USER_LOGIN/.local/share/code-server/User
-        echo '{\"workbench.startupEditor\": \"terminal\"}' | sudo -u $USER_LOGIN tee /home/$USER_LOGIN/.local/share/code-server/User/settings.json
-        sudo -u $USER_LOGIN mkdir -p /home/$USER_LOGIN/.config/systemd/user
-        sudo -u $USER_LOGIN tee /home/$USER_LOGIN/.config/systemd/user/code-server.service <<EOF
-[Unit]
-Description=code-server
-
-[Install]
-WantedBy=default.target
-
-[Service]
-ExecStart=/usr/local/bin/code-server --bind-addr 0:1789
-Restart=always
-EOF
-        sudo systemctl --user -M $USER_LOGIN@ enable code-server.service --now
-        sudo loginctl enable-linger $USER_LOGIN
-    fi"
-}
-
 _cmd createuser "Create the user that students will use"
 _cmd_createuser() {
     TAG=$1
@@ -163,7 +126,6 @@ set number
 set shiftwidth=2
 set softtabstop=2
 set nowrap
-set laststatus=2
 SQRL
 
     pssh -I "sudo -u $USER_LOGIN tee /home/$USER_LOGIN/.tmux.conf" <<SQRL
@@ -294,12 +256,21 @@ _cmd_create() {
         terraform init
         echo tag = \"$TAG\" >> terraform.tfvars
         echo how_many_clusters = $STUDENTS >> terraform.tfvars
-        if [ "$CLUSTERSIZE" ]; then
-            echo nodes_per_cluster = $CLUSTERSIZE >> terraform.tfvars
+        echo nodes_per_cluster = $CLUSTERSIZE >> terraform.tfvars
+        for RETRY in 1 2 3; do
+            if terraform apply -auto-approve; then
+                touch terraform.ok
+                break
+            fi
+        done
+        if ! [ -f terraform.ok ]; then
+            die "Terraform failed."
         fi
     )
 
     sep
+    info "Successfully created $COUNT instances with tag $TAG"
+    echo create_ok > tags/$TAG/status
 
     # If the settings.env file has a "STEPS" field,
     # automatically execute all the actions listed in that field.
@@ -349,11 +320,10 @@ _cmd_clusterize() {
     pssh "
     set -e
     grep PSSH_ /etc/ssh/sshd_config || echo 'AcceptEnv PSSH_*' | sudo tee -a /etc/ssh/sshd_config
-    grep KUBECOLOR_ /etc/ssh/sshd_config || echo 'AcceptEnv KUBECOLOR_*' | sudo tee -a /etc/ssh/sshd_config
     sudo systemctl restart ssh.service"
 
-    pssh -I < tags/$TAG/clusters.tsv "
-    grep -w \$PSSH_HOST | tr '\t' '\n' > /tmp/cluster"
+    pssh -I < tags/$TAG/clusters.txt "
+    grep -w \$PSSH_HOST | tr ' ' '\n' > /tmp/cluster"
     pssh "
     echo \$PSSH_HOST > /tmp/ipv4
     head -n 1 /tmp/cluster | sudo tee /etc/ipv4_of_first_node
@@ -374,10 +344,6 @@ _cmd_clusterize() {
     done < /tmp/cluster
     "
 
-    while read line; do
-        printf '{"login": "%s", "password": "%s", "ipaddrs": "%s"}\n' "$USER_LOGIN" "$USER_PASSWORD" "$line"
-    done < tags/$TAG/clusters.tsv > tags/$TAG/logins.jsonl
-
     echo cluster_ok > tags/$TAG/status
 }
 
@@ -425,7 +391,7 @@ _cmd_docker() {
     ##VERSION## https://github.com/docker/compose/releases
     COMPOSE_VERSION=v2.11.1
     COMPOSE_PLATFORM='linux-$(uname -m)'
-
+    
     # Just in case you need Compose 1.X, you can use the following lines.
     # (But it will probably only work for x86_64 machines.)
     #COMPOSE_VERSION=1.29.2
@@ -454,23 +420,10 @@ _cmd_kubebins() {
     TAG=$1
     need_tag
 
-    if [ "$KUBEVERSION" = "" ]; then
-        KUBEVERSION="$(curl -fsSL https://cdn.dl.k8s.io/release/stable.txt | sed s/^v//)"
-    fi
-
     ##VERSION##
-    case "$KUBEVERSION" in
-    1.19.*)
-      ETCD_VERSION=v3.4.13
-      CNI_VERSION=v0.8.7
-      ;;
-    *)
-      ETCD_VERSION=v3.5.10
-      CNI_VERSION=v1.3.0
-      ;;
-    esac
-
-    K8SBIN_VERSION="v$KUBEVERSION"
+    ETCD_VERSION=v3.4.13
+    K8SBIN_VERSION=v1.19.11 # Can't go to 1.20 because it requires a serviceaccount signing key.
+    CNI_VERSION=v0.8.7
     ARCH=${ARCHITECTURE-amd64}
     pssh --timeout 300 "
     set -e
@@ -494,41 +447,30 @@ _cmd_kubebins() {
     "
 }
 
-_cmd kubepkgs "Install Kubernetes packages (kubectl, kubeadm, kubelet)"
-_cmd_kubepkgs() {
+_cmd kube "Setup kubernetes clusters with kubeadm (must be run AFTER deploy)"
+_cmd_kube() {
     TAG=$1
     need_tag
 
-    # Prior September 2023, there was a single Kubernetes package repo that
-    # contained packages for all versions, so we could just add that repo
-    # and install whatever was the latest version available there.
-    # Things have changed (versions after September 2023, e.g. 1.28.3 are
-    # not in the old repo) and now there is a different repo for each
-    # minor version, so we need to figure out what minor version we are
-    # installing to add the corresponding repo.
-    if [ "$KUBEVERSION" = "" ]; then
-        KUBEVERSION="$(curl -fsSL https://cdn.dl.k8s.io/release/stable.txt | sed s/^v//)"
-    fi
-    KUBEREPOVERSION="$(echo $KUBEVERSION | cut -d. -f1-2)"
-
-    # Since the new repo doesn't have older versions, add a safety check here.
-    MINORVERSION="$(echo $KUBEVERSION | cut -d. -f2)"
-    if [ "$MINORVERSION" -lt 24 ]; then
-        die "Cannot install kubepkgs for versions before 1.24."
-    fi
-
-    pssh "
-    sudo tee /etc/apt/preferences.d/kubernetes <<EOF
+    if [ "$KUBEVERSION" ]; then
+        CLUSTER_CONFIGURATION_KUBERNETESVERSION='kubernetesVersion: "v'$KUBEVERSION'"'
+        pssh "
+        sudo tee /etc/apt/preferences.d/kubernetes <<EOF
 Package: kubectl kubeadm kubelet
 Pin: version $KUBEVERSION-*
 Pin-Priority: 1000
 EOF"
+    fi
+
+    # As of February 27th, 2023, packages.cloud.google.com seems broken
+    # (serves HTTP 500 errors for the GPG key), so let's pre-load that key.
+    pssh -I "sudo apt-key add -" < lib/kubernetes-apt-key.gpg
 
     # Install packages
     pssh --timeout 200 "
-    curl -fsSL https://pkgs.k8s.io/core:/stable:/v$KUBEREPOVERSION/deb/Release.key |
-    gpg --dearmor | sudo tee /etc/apt/keyrings/kubernetes-apt-keyring.gpg &&
-    echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v$KUBEREPOVERSION/deb/ /' |
+    #curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg |
+    #sudo apt-key add - &&
+    echo deb http://apt.kubernetes.io/ kubernetes-xenial main |
     sudo tee /etc/apt/sources.list.d/kubernetes.list"
     pssh --timeout 200 "
     sudo apt-get update -q &&
@@ -536,21 +478,8 @@ EOF"
     sudo apt-mark hold kubelet kubeadm kubectl &&
     kubeadm completion bash | sudo tee /etc/bash_completion.d/kubeadm &&
     kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl &&
-    echo 'alias k=kubecolor' | sudo tee /etc/bash_completion.d/k &&
+    echo 'alias k=kubectl' | sudo tee /etc/bash_completion.d/k &&
     echo 'complete -F __start_kubectl k' | sudo tee -a /etc/bash_completion.d/k"
-}
-
-_cmd kubeadm "Setup kubernetes clusters with kubeadm"
-_cmd_kubeadm() {
-    TAG=$1
-    need_tag
-
-    if [ "$KUBEVERSION" ]; then
-        CLUSTER_CONFIGURATION_KUBERNETESVERSION='kubernetesVersion: "v'$KUBEVERSION'"'
-        IGNORE_SYSTEMVERIFICATION="- SystemVerification"
-        IGNORE_SWAP="- Swap"
-        IGNORE_IPTABLES="- FileContent--proc-sys-net-bridge-bridge-nf-call-iptables"
-    fi
 
     # Install a valid configuration for containerd
     # (first, the CRI interface needs to be re-enabled;
@@ -571,9 +500,6 @@ bootstrapTokens:
 nodeRegistration:
   ignorePreflightErrors:
   - NumCPU
-  $IGNORE_SYSTEMVERIFICATION
-  $IGNORE_SWAP
-  $IGNORE_IPTABLES
 ---
 kind: JoinConfiguration
 apiVersion: kubeadm.k8s.io/v1beta3
@@ -585,9 +511,6 @@ discovery:
 nodeRegistration:
   ignorePreflightErrors:
   - NumCPU
-  $IGNORE_SYSTEMVERIFICATION
-  $IGNORE_SWAP
-  $IGNORE_IPTABLES
 ---
 kind: KubeletConfiguration
 apiVersion: kubelet.config.k8s.io/v1beta1
@@ -616,9 +539,7 @@ EOF
     # Install weave as the pod network
     pssh "
     if i_am_first_node; then
-        curl -fsSL https://github.com/weaveworks/weave/releases/download/v2.8.1/weave-daemonset-k8s-1.11.yaml |
-        sed s,weaveworks/weave,quay.io/rackspace/weave, |
-        kubectl apply -f-
+        kubectl apply -f https://github.com/weaveworks/weave/releases/download/v2.8.1/weave-daemonset-k8s-1.11.yaml
     fi"
 
     # FIXME this is a gross hack to add the deployment key to our SSH agent,
@@ -672,31 +593,6 @@ _cmd_kubetools() {
         ;;
     esac
 
-    # Install ArgoCD CLI
-    ##VERSION## https://github.com/argoproj/argo-cd/releases/latest
-    URL=https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-${ARCH}
-    pssh "
-    if [ ! -x /usr/local/bin/argocd ]; then
-        sudo curl -o /usr/local/bin/argocd -fsSL $URL
-        sudo chmod +x /usr/local/bin/argocd
-        argocd completion bash | sudo tee /etc/bash_completion.d/argocd
-        argocd version --client
-    fi"
-
-    # Install Flux CLI
-    ##VERSION## https://github.com/fluxcd/flux2/releases
-    FLUX_VERSION=2.3.0
-    FILENAME=flux_${FLUX_VERSION}_linux_${ARCH}
-    URL=https://github.com/fluxcd/flux2/releases/download/v$FLUX_VERSION/$FILENAME.tar.gz
-    pssh "
-    if [ ! -x /usr/local/bin/flux ]; then
-        curl -fsSL $URL |
-        sudo tar -C /usr/local/bin -zx flux
-        sudo chmod +x /usr/local/bin/flux
-        flux completion bash | sudo tee /etc/bash_completion.d/flux
-        flux --version
-    fi"
-
     # Install kubectx and kubens
     pssh "
     set -e
@@ -728,7 +624,7 @@ EOF
 
     # Install stern
     ##VERSION## https://github.com/stern/stern/releases
-    STERN_VERSION=1.29.0
+    STERN_VERSION=1.22.0
     FILENAME=stern_${STERN_VERSION}_linux_${ARCH}
     URL=https://github.com/stern/stern/releases/download/v$STERN_VERSION/$FILENAME.tar.gz
     pssh "
@@ -750,7 +646,7 @@ EOF
 
     # Install kustomize
     ##VERSION## https://github.com/kubernetes-sigs/kustomize/releases
-    KUSTOMIZE_VERSION=v5.4.1
+    KUSTOMIZE_VERSION=v4.5.7
     URL=https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_${ARCH}.tar.gz
     pssh "
     if [ ! -x /usr/local/bin/kustomize ]; then
@@ -781,16 +677,6 @@ EOF
         aws-iam-authenticator version
     fi"
 
-    # Install jless (jless.io)
-    pssh "
-    if [ ! -x /usr/local/bin/jless ]; then
-        ##VERSION##
-        sudo apt-get install -y libxcb-render0 libxcb-shape0 libxcb-xfixes0
-        wget https://github.com/PaulJuliusMartinez/jless/releases/download/v0.9.0/jless-v0.9.0-x86_64-unknown-linux-gnu.zip
-        unzip jless-v0.9.0-x86_64-unknown-linux-gnu
-        sudo mv jless /usr/local/bin
-    fi"
-
     # Install the krew package manager
     pssh "
     if [ ! -d /home/$USER_LOGIN/.krew ]; then
@@ -802,31 +688,21 @@ EOF
         echo export PATH=/home/$USER_LOGIN/.krew/bin:\\\$PATH | sudo -u $USER_LOGIN tee -a /home/$USER_LOGIN/.bashrc
     fi"
 
-    # Install kubecolor
-    KUBECOLOR_VERSION=0.4.0
-    URL=https://github.com/kubecolor/kubecolor/releases/download/v${KUBECOLOR_VERSION}/kubecolor_${KUBECOLOR_VERSION}_linux_${ARCH}.tar.gz
-    pssh "
-    if [ ! -x /usr/local/bin/kubecolor ]; then
-        ##VERSION##
-        curl -fsSL $URL |
-        sudo tar -C /usr/local/bin -zx kubecolor
-    fi"
-
     # Install k9s
     pssh "
     if [ ! -x /usr/local/bin/k9s ]; then
         FILENAME=k9s_Linux_$ARCH.tar.gz &&
         curl -fsSL https://github.com/derailed/k9s/releases/latest/download/\$FILENAME |
-        sudo tar -C /usr/local/bin -zx k9s
+        sudo tar -zxvf- -C /usr/local/bin k9s
         k9s version
     fi"
 
     # Install popeye
     pssh "
     if [ ! -x /usr/local/bin/popeye ]; then
-        FILENAME=popeye_Linux_$ARCH.tar.gz &&
+        FILENAME=popeye_Linux_$HERP_DERP_ARCH.tar.gz &&
         curl -fsSL https://github.com/derailed/popeye/releases/latest/download/\$FILENAME |
-        sudo tar -C /usr/local/bin -zx popeye
+        sudo tar -zxvf- -C /usr/local/bin popeye
         popeye version
     fi"
 
@@ -836,10 +712,10 @@ EOF
     # But the install script is not arch-aware (see https://github.com/tilt-dev/tilt/pull/5050).
     pssh "
     if [ ! -x /usr/local/bin/tilt ]; then
-        TILT_VERSION=0.33.13
+        TILT_VERSION=0.22.15
         FILENAME=tilt.\$TILT_VERSION.linux.$TILT_ARCH.tar.gz
         curl -fsSL https://github.com/tilt-dev/tilt/releases/download/v\$TILT_VERSION/\$FILENAME |
-        sudo tar -C /usr/local/bin -zx tilt
+        sudo tar -zxvf- -C /usr/local/bin tilt
         tilt completion bash | sudo tee /etc/bash_completion.d/tilt
         tilt version
     fi"
@@ -881,8 +757,7 @@ EOF
     fi"
 
     ##VERSION## https://github.com/bitnami-labs/sealed-secrets/releases
-    KUBESEAL_VERSION=0.26.2
-    URL=https://github.com/bitnami-labs/sealed-secrets/releases/download/v${KUBESEAL_VERSION}/kubeseal-${KUBESEAL_VERSION}-linux-${ARCH}.tar.gz
+    KUBESEAL_VERSION=0.17.4
     #case $ARCH in
     #amd64) FILENAME=kubeseal-linux-amd64;;
     #arm64) FILENAME=kubeseal-arm64;;
@@ -890,13 +765,13 @@ EOF
     #esac
     pssh "
     if [ ! -x /usr/local/bin/kubeseal ]; then
-        curl -fsSL $URL |
-        sudo tar -C /usr/local/bin -zx kubeseal
+        curl -fsSL https://github.com/bitnami-labs/sealed-secrets/releases/download/v$KUBESEAL_VERSION/kubeseal-$KUBESEAL_VERSION-linux-$ARCH.tar.gz |
+        sudo tar -zxvf- -C /usr/local/bin kubeseal
         kubeseal --version
     fi"
 
     ##VERSION## https://github.com/vmware-tanzu/velero/releases
-    VELERO_VERSION=1.13.2
+    VELERO_VERSION=1.11.0
     pssh "
     if [ ! -x /usr/local/bin/velero ]; then
         curl -fsSL https://github.com/vmware-tanzu/velero/releases/download/v$VELERO_VERSION/velero-v$VELERO_VERSION-linux-$ARCH.tar.gz |
@@ -906,21 +781,13 @@ EOF
     fi"
 
     ##VERSION## https://github.com/doitintl/kube-no-trouble/releases
-    KUBENT_VERSION=0.7.2
+    KUBENT_VERSION=0.7.0
     pssh "
     if [ ! -x /usr/local/bin/kubent ]; then
         curl -fsSL https://github.com/doitintl/kube-no-trouble/releases/download/${KUBENT_VERSION}/kubent-${KUBENT_VERSION}-linux-$ARCH.tar.gz |
         sudo tar -zxvf- -C /usr/local/bin kubent
         kubent --version
     fi"
-
-    # Ngrok. Note that unfortunately, this is the x86_64 binary.
-    # We might have to rethink how to handle this for multi-arch environments.
-    pssh "
-    if [ ! -x /usr/local/bin/ngrok ]; then
-        curl -fsSL https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-amd64.tgz |
-        sudo tar -zxvf- -C /usr/local/bin ngrok
-    fi"
 }
 
 _cmd kubereset "Wipe out Kubernetes configuration on all nodes"
@@ -968,15 +835,6 @@ _cmd_inventory() {
     FIXME
 }
 
-_cmd logins "Show login information for a group of instances"
-_cmd_logins() {
-    TAG=$1
-    need_tag $TAG
-
-    cat tags/$TAG/logins.jsonl \
-    | jq -r '"\(if .codeServerPort then "\(.codeServerPort)\t" else "" end )\(.password)\tssh -l \(.login)\(if .port then " -p \(.port)" else "" end)\t\(.ipaddrs)"'
-}
-
 _cmd maketag "Generate a quasi-unique tag for a group of instances"
 _cmd_maketag() {
     if [ -z $USER ]; then
@@ -1027,9 +885,6 @@ _cmd_stage2() {
     cd tags/$TAG/stage2
     terraform init -upgrade
     terraform apply -auto-approve
-    terraform output -raw logins_jsonl > ../logins.jsonl
-    terraform output -raw ips_txt > ../ips.txt
-    echo "stage2_ok" > status
 }
 
 _cmd standardize "Deal with non-standard Ubuntu cloud images"
@@ -1066,19 +921,12 @@ _cmd_standardize() {
     # Disable unattended upgrades so that they don't mess up with the subsequent steps
     pssh sudo rm -f /etc/apt/apt.conf.d/50unattended-upgrades
 
-    # Some cloud providers think that it's smart to disable password authentication.
-    # We need to re-neable it, though.
-    # Digital Ocecan
+    # Digital Ocean's cloud init disables password authentication; re-enable it.
     pssh "
     if [ -f /etc/ssh/sshd_config.d/50-cloud-init.conf ]; then
         sudo rm /etc/ssh/sshd_config.d/50-cloud-init.conf
         sudo systemctl restart ssh.service
     fi"
-    # AWS
-    pssh "if [ -f /etc/ssh/sshd_config.d/60-cloudimg-settings.conf ]; then
-        sudo rm /etc/ssh/sshd_config.d/60-cloudimg-settings.conf
-        sudo systemctl restart ssh.service
-    fi"
 
     # Special case for oracle since their iptables blocks everything but SSH
     pssh "
@@ -1114,12 +962,11 @@ _cmd_tailhist () {
     # halfway through and we're actually trying to download it again.
     pssh "
     set -e
-    sudo apt-get install unzip -y
     wget -c https://github.com/joewalnes/websocketd/releases/download/v0.3.0/websocketd-0.3.0-linux_$ARCH.zip
     unzip websocketd-0.3.0-linux_$ARCH.zip websocketd
     sudo mv websocketd /usr/local/bin/websocketd
-    sudo mkdir -p /opt/tailhist
-    sudo tee /opt/tailhist.service <<EOF
+    sudo mkdir -p /tmp/tailhist
+    sudo tee /root/tailhist.service <<EOF
 [Unit]
 Description=tailhist
 
@@ -1127,36 +974,16 @@ Description=tailhist
 WantedBy=multi-user.target
 
 [Service]
-WorkingDirectory=/opt/tailhist
+WorkingDirectory=/tmp/tailhist
 ExecStart=/usr/local/bin/websocketd --port=1088 --staticdir=. sh -c \"tail -n +1 -f /home/$USER_LOGIN/.history || echo 'Could not read history file. Perhaps you need to \\\"chmod +r .history\\\"?'\"
 User=nobody
 Group=nogroup
 Restart=always
 EOF
-    sudo systemctl enable /opt/tailhist.service --now
+    sudo systemctl enable /root/tailhist.service --now
     "
 
-    pssh -I sudo tee /opt/tailhist/index.html <lib/tailhist.html
-}
-
-_cmd terraform "Apply Terraform configuration to provision resources."
-_cmd_terraform() {
-    TAG=$1
-    need_tag
-    echo terraforming > tags/$TAG/status
-    (
-        cd tags/$TAG
-        terraform apply -auto-approve
-        # The Terraform provider for Proxmox has a bug; sometimes it fails
-        # to obtain VM address from the QEMU agent. In that case, we put
-        # ERROR in the ips.txt file (instead of the VM IP address). Detect
-        # that so that we run Terraform again (this typically solves the issue).
-        if grep -q ERROR ips.txt; then
-          die "Couldn't obtain IP address of some machines. Try to re-run terraform."
-        fi
-    )
-    echo terraformed > tags/$TAG/status
-
+    pssh -I sudo tee /tmp/tailhist/index.html <lib/tailhist.html
 }
 
 _cmd tools "Install a bunch of useful tools (editors, git, jq...)"
@@ -1165,9 +992,8 @@ _cmd_tools() {
     need_tag
 
     pssh "
-    set -e
     sudo apt-get -q update
-    sudo apt-get -qy install apache2-utils argon2 emacs-nox git httping htop jid joe jq mosh tree unzip
+    sudo apt-get -qy install apache2-utils emacs-nox git httping htop jid joe jq mosh python-setuptools tree unzip
     # This is for VMs with broken PRNG (symptom: running docker-compose randomly hangs)
     sudo apt-get -qy install haveged
     "
@@ -1230,8 +1056,8 @@ _cmd_tags() {
         cd tags
         echo "[#] [Status] [Tag] [Mode] [Provider]"
         for tag in *; do
-            if [ -f $tag/logins.jsonl ]; then
-                count="$(wc -l < $tag/logins.jsonl)"
+            if [ -f $tag/ips.txt ]; then
+                count="$(wc -l < $tag/ips.txt)"
             else
                 count="?"
             fi
@@ -1307,13 +1133,7 @@ _cmd_passwords() {
     $0 ips "$TAG" | paste "$PASSWORDS_FILE" - | while read password nodes; do
         info "Setting password for $nodes..."
         for node in $nodes; do
-            echo $USER_LOGIN $password | ssh $SSHOPTS -i tags/$TAG/id_rsa ubuntu@$node '
-                read login password
-                echo $login:$password | sudo chpasswd
-                hashedpassword=$(echo -n $password | argon2 saltysalt$RANDOM -e)
-                sudo -u $login mkdir -p /home/$login/.config/code-server
-                echo "hashed-password: \"$hashedpassword\"" | sudo -u $login tee /home/$login/.config/code-server/config.yaml >/dev/null
-                '
+            echo $USER_LOGIN:$password | ssh $SSHOPTS -i tags/$TAG/id_rsa ubuntu@$node sudo chpasswd
         done
     done
     info "Done."
@@ -1345,11 +1165,6 @@ _cmd_wait() {
     pssh -l $SSH_USER "
     if [ -d /var/lib/cloud ]; then
         cloud-init status --wait
-        case $? in
-        0) exit 0;; # all is good
-        2) exit 0;; # recoverable error (happens with proxmox deprecated cloud-init payloads)
-        *) exit 1;; # all other problems
-        esac
     fi"
 }
 
@@ -1405,7 +1220,7 @@ EOF"
 _cmd www "Run a web server to access card HTML and PDF"
 _cmd_www() {
     cd www
-    IPADDR=$(curl -fsSL canihazip.com/s || echo localhost)
+    IPADDR=$(curl -sL canihazip.com/s)
     info "The following files are available:"
     for F in *; do
         echo "http://$IPADDR:8000/$F"

prepare-labs/lib/ips-txt-to-html.py

@@ -1,22 +1,32 @@
 #!/usr/bin/env python3
-import json
 import os
 import sys
 import yaml
 import jinja2
 
+
 # Read settings from user-provided settings file
 context = yaml.safe_load(open(sys.argv[1]))
 
-context["logins"] = []
-for line in open("logins.jsonl"):
-    if line.strip():
-        context["logins"].append(json.loads(line))
+ips = list(open("ips.txt"))
+clustersize = context["clustersize"]
 
 print("---------------------------------------------")
-print("   Number of cards: {}".format(len(context["logins"])))
+print("   Number of IPs: {}".format(len(ips)))
+print(" VMs per cluster: {}".format(clustersize))
 print("---------------------------------------------")
 
+assert len(ips)%clustersize == 0
+
+clusters = []
+
+while ips:
+    cluster = ips[:clustersize]
+    ips = ips[clustersize:]
+    clusters.append(cluster)
+
+context["clusters"] = clusters
+
 template_file_name = context["cards_template"]
 template_file_path = os.path.join(
     os.path.dirname(__file__),
@@ -25,23 +35,23 @@ template_file_path = os.path.join(
     template_file_name
     )
 template = jinja2.Template(open(template_file_path).read())
-with open("cards.html", "w") as f:
-    f.write(template.render(**context))
-print("Generated cards.html")
+with open("ips.html", "w") as f:
+	f.write(template.render(**context))
+print("Generated ips.html")
 
 
 try:
     import pdfkit
     paper_size = context["paper_size"]
     margin = {"A4": "0.5cm", "Letter": "0.2in"}[paper_size]
-    with open("cards.html") as f:
-        pdfkit.from_file(f, "cards.pdf", options={
+    with open("ips.html") as f:
+        pdfkit.from_file(f, "ips.pdf", options={
             "page-size": paper_size,
             "margin-top": margin,
             "margin-bottom": margin,
             "margin-left": margin,
             "margin-right": margin,
             })
-    print("Generated cards.pdf")
+    print("Generated ips.pdf")
 except ImportError:
-    print("WARNING: could not import pdfkit; did not generate cards.pdf")
+    print("WARNING: could not import pdfkit; did not generate ips.pdf")

prepare-labs/lib/pssh.sh

@@ -17,12 +17,6 @@ pssh() {
 
     echo "[parallel-ssh] $@"
 
-    # There are some routers that really struggle with the number of TCP
-    # connections that we open when deploying large fleets of clusters.
-    # We're adding a 1 second delay here, but this can be cranked up if
-    # necessary - or down to zero, too.
-    sleep ${PSSH_DELAY_PRE-1}
-
     $(which pssh || which parallel-ssh) -h $HOSTFILE -l ubuntu \
         --par ${PSSH_PARALLEL_CONNECTIONS-100} \
         --timeout 300 \

prepare-labs/map-dns.sh

@@ -1,16 +0,0 @@
-#!/bin/sh
-
-DOMAINS=domains.txt
-IPS=ips.txt
-
-. ./dns-cloudflare.sh
-
-paste "$DOMAINS" "$IPS" | while read domain ips; do
-  if ! [ "$domain" ]; then
-    echo "⚠️ No more domains!"
-    exit 1
-  fi
-  _clear_zone "$domain"
-  _populate_zone "$domain" $ips
-done
-echo "✅ All done."

prepare-labs/settings/admin-dmuc.env

@@ -1,21 +1,21 @@
-CLUSTERSIZE=3
+CLUSTERSIZE=1
 
-CLUSTERPREFIX=polykube
+CLUSTERPREFIX=dmuc
 
 USER_LOGIN=k8s
 USER_PASSWORD=training
 
 STEPS="
-  terraform
   wait
   standardize
   clusterize
   tools
-  kubepkgs
-  kubebins
+  docker
+  disabledocker
   createuser
   webssh
   tailhist
+  kubebins
   kubetools
   ips
 "

prepare-labs/settings/admin-kubenet.env

@@ -7,7 +7,6 @@ USER_LOGIN=k8s
 USER_PASSWORD=training
 
 STEPS="
-  terraform
   wait
   standardize
   clusterize

prepare-labs/settings/admin-kuberouter.env

@@ -7,7 +7,6 @@ USER_LOGIN=k8s
 USER_PASSWORD=training
 
 STEPS="
-  terraform
   wait
   standardize
   clusterize

prepare-labs/settings/admin-monokube.env

@@ -1,27 +0,0 @@
-CLUSTERSIZE=1
-
-CLUSTERPREFIX=monokube
-
-# We're sticking to this in the first DMUC lab,
-# because it still works with Docker, and doesn't
-# require a ServiceAccount signing key.
-KUBEVERSION=1.19.11
-
-USER_LOGIN=k8s
-USER_PASSWORD=training
-
-STEPS="
-  terraform
-  wait
-  standardize
-  clusterize
-  tools
-  docker
-  disabledocker
-  createuser
-  webssh
-  tailhist
-  kubebins
-  kubetools
-  ips
-"

prepare-labs/settings/admin-oldversion.env

@@ -7,10 +7,9 @@ USER_PASSWORD=training
 
 # For a list of old versions, check:
 # https://kubernetes.io/releases/patch-releases/#non-active-branch-history
-KUBEVERSION=1.28.9
+KUBEVERSION=1.22.5
 
 STEPS="
-  terraform
   wait
   standardize
   clusterize
@@ -19,8 +18,7 @@ STEPS="
   createuser
   webssh
   tailhist
-  kubepkgs
-  kubeadm
+  kube
   kubetools
   kubetest
 "

prepare-labs/settings/admin-test.env

@@ -6,7 +6,6 @@ USER_LOGIN=k8s
 USER_PASSWORD=training
 
 STEPS="
-  terraform
   wait
   standardize
   clusterize
@@ -15,8 +14,7 @@ STEPS="
   createuser
   webssh
   tailhist
-  kubepkgs
-  kubeadm
+  kube
   kubetools
   kubetest
-"
+"

prepare-labs/settings/docker.env

@@ -6,7 +6,6 @@ USER_LOGIN=docker
 USER_PASSWORD=training
 
 STEPS="
-  terraform
   wait
   standardize
   clusterize
@@ -15,5 +14,6 @@ STEPS="
   createuser
   webssh
   tailhist
+  cards
   ips
-"
+"

prepare-labs/settings/konk.env

@@ -1,6 +0,0 @@
-CLUSTERSIZE=5
-
-USER_LOGIN=k8s
-USER_PASSWORD=
-
-STEPS="terraform stage2"

prepare-labs/settings/kubernetes.env

@@ -6,7 +6,6 @@ USER_LOGIN=k8s
 USER_PASSWORD=training
 
 STEPS="
-  terraform
   wait
   standardize
   clusterize
@@ -15,8 +14,7 @@ STEPS="
   createuser
   webssh
   tailhist
-  kubepkgs
-  kubeadm
+  kube
   kubetools
   kubetest
-"
+"

prepare-labs/settings/largekube.env

@@ -7,7 +7,6 @@ USER_LOGIN=k8s
 USER_PASSWORD=training
 
 STEPS="
-  terraform
   wait
   standardize
   clusterize
@@ -16,8 +15,7 @@ STEPS="
   createuser
   webssh
   tailhist
-  kubepkgs
-  kubeadm
+  kube
   kubetools
   kubetest
 "

prepare-labs/settings/mk8s.env

@@ -1,4 +1,6 @@
+CLUSTERSIZE=2
+
 USER_LOGIN=k8s
 USER_PASSWORD=
 
-STEPS="terraform stage2"
+STEPS="stage2"

prepare-labs/settings/portal.env

@@ -1,8 +1,3 @@
-#export TF_VAR_node_size=GP2.4
-#export TF_VAR_node_size=g6-standard-6
-#export TF_VAR_node_size=m7i.xlarge
-
-
 CLUSTERSIZE=1
 
 CLUSTERPREFIX=CHANGEME
@@ -11,7 +6,6 @@ USER_LOGIN=portal
 USER_PASSWORD=CHANGEME
 
 STEPS="
-  terraform
   wait
   standardize
   clusterize

prepare-labs/setup-admin-clusters.sh

@@ -7,7 +7,7 @@ STUDENTS=2
 #export TF_VAR_location=eu-north-1
 export TF_VAR_node_size=S
 
-SETTINGS=admin-monokube
+SETTINGS=admin-dmuc
 TAG=$PREFIX-$SETTINGS
 ./labctl create \
 	--tag $TAG \
@@ -15,7 +15,15 @@ TAG=$PREFIX-$SETTINGS
 	--settings settings/$SETTINGS.env \
 	--students $STUDENTS
 
-SETTINGS=admin-polykube
+SETTINGS=admin-kubenet
+TAG=$PREFIX-$SETTINGS
+./labctl create \
+	--tag $TAG \
+	--provider $PROVIDER \
+	--settings settings/$SETTINGS.env \
+	--students $STUDENTS
+
+SETTINGS=admin-kuberouter
 TAG=$PREFIX-$SETTINGS
 ./labctl create \
 	--tag $TAG \

prepare-labs/templates/cards.html

@@ -7,7 +7,7 @@
 {%- set url = url
     | default("http://FIXME.container.training/") -%}
 {%- set pagesize = pagesize
-    | default(10) -%}
+    | default(9) -%}
 {%- set lang = lang
     | default("en") -%}
 {%- set event = event
@@ -15,36 +15,79 @@
 {%- set backside = backside
     | default(False) -%}
 {%- set image = image
-    | default(False) -%}
+    | default("kube") -%}
 {%- set clusternumber = clusternumber
     | default(None) -%}
-{%- set thing = thing
-    | default("lab environment") -%}
-
-{%- if lang == "en" -%}
-    {%- set intro -%}
-    Here is the connection information to your very own
-    {{ thing }} for this {{ event }}.
-    You can connect to it with any SSH client.
-    {%- endset -%}
+{%- if qrcode == True -%}
+    {%- set qrcode = "https://container.training/q" -%}
+{%- elif qrcode -%}
+    {%- set qrcode = qrcode -%}
 {%- endif -%}
-{%- if lang == "fr" -%}
-    {%- set intro -%}
-    Voici les informations permettant de se connecter à votre
-    {{ thing }} pour cette formation.
-    Vous pouvez vous y connecter
-    avec n'importe quel client SSH.
-    {%- endset -%}
+
+{# You can also set img_bottom_src instead. #}
+{%- set img_logo_src = {
+	"docker": "https://s3-us-west-2.amazonaws.com/www.breadware.com/integrations/docker.png",
+	"swarm": "https://cdn.wp.nginx.com/wp-content/uploads/2016/07/docker-swarm-hero2.png",
+	"kube": "https://avatars1.githubusercontent.com/u/13629408",
+	"enix": "https://enix.io/static/img/logos/logo-domain-cropped.png",
+    }[image] -%}
+{%- if lang == "en" and clustersize == 1 -%}
+	{%- set intro -%}
+	Here is the connection information to your very own
+	machine for this {{ event }}.
+	You can connect to this VM with any SSH client.
+	{%- endset -%}
+    {%- set listhead -%}
+    Your machine is:
+	{%- endset -%}
+{%- endif -%}
+{%- if lang == "en" and clustersize != 1 -%}
+	{%- set intro -%}
+	Here is the connection information to your very own
+	cluster for this {{ event }}.
+	You can connect to each VM with any SSH client.
+	{%- endset -%}
+    {%- set listhead -%}
+    Your machines are:
+	{%- endset -%}
+{%- endif -%}
+{%- if lang == "fr" and clustersize == 1 -%}
+	{%- set intro -%}
+	Voici les informations permettant de se connecter à votre
+	machine pour cette formation.
+	Vous pouvez vous connecter à cette machine virtuelle
+	avec n'importe quel client SSH.
+	{%- endset -%}
+    {%- set listhead -%}
+    Adresse IP:
+	{%- endset -%}
+{%- endif -%}
+{%- if lang == "en" and clusterprefix != "node" -%}
+	{%- set intro -%}
+    Here is the connection information for the
+    <strong>{{ clusterprefix }}</strong> environment.
+	{%- endset -%}
+{%- endif -%}
+{%- if lang == "fr" and clustersize != 1 -%}
+	{%- set intro -%}
+	Voici les informations permettant de se connecter à votre
+	cluster pour cette formation.
+	Vous pouvez vous connecter à chaque machine virtuelle
+	avec n'importe quel client SSH.
+	{%- endset -%}
+    {%- set listhead -%}
+	Adresses IP:
+	{%- endset -%}
 {%- endif -%}
 {%- if lang == "en"  -%}
-    {%- set slides_are_at -%}
-    You can find the slides at:
-    {%- endset -%}
+	{%- set slides_are_at -%}
+	You can find the slides at:
+	{%- endset -%}
 {%- endif -%}
 {%- if lang == "fr" -%}
-    {%- set slides_are_at -%}
-      Le support de formation est à l'adresse suivante :
-    {%- endset -%}
+	{%- set slides_are_at -%}
+  	Le support de formation est à l'adresse suivante :
+	{%- endset -%}
 {%- endif -%}
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
@@ -59,21 +102,25 @@
 }
 body {
     /* this is A4 minus 0.5cm margins */
-    width: 20cm;
-    height: 28.7cm;
+	width: 20cm;
+	height: 28.7cm;
 }
 {% elif paper_size == "Letter" %}
 @page {
-    size: Letter; /* 8.5in x 11in */
+	size: Letter;
+	margin: 0.2in;
 }
 body {
-    width: 6.75in; /* two cards wide */
-    margin-left: 0.875in; /* (8.5in - 6.75in)/2 */
-    margin-top: 0.1875in; /* (11in - 5 cards)/2 */
+	/* this is Letter minus 0.2in margins */
+	width: 8.6in;
+	heigth: 10.6in;
 }
 {% endif %}
 
+
 body, table {
+    margin: 0;
+    padding: 0;
     line-height: 1em;
     font-size: 15px;
     font-family: 'Slabo 27px';
@@ -87,45 +134,47 @@ table {
     padding-left: 0.4em;
 }
 
-td:first-child {
-    width: 10.5em;
-}
-
-div.card {
+div {
     float: left;
-    border: 0.01in dotted black;
+    border: 1px dotted black;
+    {% if backside %}
+    height: 33%;
+    {% endif %}
+    /* columns * (width+left+right) < 100% */
     /*
-      columns * (width+left+right) < 100% 
-      height: 33%;
-      width: 24.8%;
-      width: 33%;
+    width: 24.8%;
     */
-    width: 3.355in; /* 3.375in minus two 0.01in borders */
-    height: 2.105in; /* 2.125in minus two 0.01in borders */
+    /**/
+    width: 33%;
+    /**/    
 }
 
 p {
     margin: 0.8em;
 }
 
-div.front {
-    {% if image %}
-    background-image: url("{{ image }}");
-    background-repeat: no-repeat;
-    background-size: 1in;
-    background-position-x: 2.8in;
-    background-position-y: center;
-    {% endif %}
+div.back {
+	border: 1px dotted grey;
 }
 
 span.scale {
-    white-space: nowrap;
+	white-space: nowrap;
+}
+
+img.logo {
+    height: 4.5em;
+    float: right;
+ }
+
+img.bottom {
+    height: 2.5em;
+    display: block;
+    margin: 0.5em auto;
 }
 
 .qrcode img {
-    height: 5.8em;
-    padding: 1em 1em 0.5em 1em;
-    float: left;
+    width: 40%;
+    margin: 1em;
 }
 
 .logpass {
@@ -140,97 +189,101 @@ span.scale {
     height: 0;
 }
 </style>
-<script type="text/javascript" src="qrcode.min.js"></script>
+<script type="text/javascript" src="https://cdn.rawgit.com/davidshimjs/qrcodejs/gh-pages/qrcode.min.js"></script>
 <script type="text/javascript">
 function qrcodes() {
-    [].forEach.call(
-        document.getElementsByClassName("qrcode"),
-        (e, index) => {
-            new QRCode(e, {
-                text: "{{ qrcode }}",
-                correctLevel: QRCode.CorrectLevel.L
-            });
-        }
-    );
+	[].forEach.call(
+		document.getElementsByClassName("qrcode"),
+		(e, index) => {
+			new QRCode(e, {
+				text: "{{ qrcode }}",
+				correctLevel: QRCode.CorrectLevel.L
+			});
+		}
+	);
 }
 
 function scale() {
-    [].forEach.call(
-        document.getElementsByClassName("scale"),
-        (e, index) => {
-            var text_width = e.getBoundingClientRect().width;
-            var box_width = e.parentElement.getBoundingClientRect().width;
-            var percent = 100 * box_width / text_width + "%";
-            e.style.fontSize = percent;
-        }
-    );
+	[].forEach.call(
+		document.getElementsByClassName("scale"),
+		(e, index) => {
+			var text_width = e.getBoundingClientRect().width;
+			var box_width = e.parentElement.getBoundingClientRect().width;
+			var percent = 100 * box_width / text_width + "%";
+			e.style.fontSize = percent;
+		}
+	);
 }
 </script>
 </head>
 <body onload="qrcodes(); scale();">
-{% for login in logins %}
-    <div class="card front">
+{% for cluster in clusters %}
+    <div>
         <p>{{ intro }}</p>
         <p>
+            {% if img_logo_src %}
+            <img class="logo" src="{{ img_logo_src }}" />
+            {% endif %}
             <table>
-              <tr>
-                <td>login:</td>
-                <td>password:</td>
-              </tr>
-              <tr>
-                <td class="logpass">{{ login.login }}</td>
-                <td class="logpass">{{ login.password }}</td>
-              </tr>
-              <tr>
-                <td>IP address:</td>
-                {% if login.port %}
-                <td>port:</td>
-                {% endif %}
-              </tr>
-              <tr>
-                <td class="logpass">{{ login.ipaddrs.split("\t")[0] }}</td>
-                {% if login.port %}
-                <td class="logpass">{{ login.port }}</td>
-                {% endif %}
-              </tr>
+            	{% if clusternumber != None %}
+	            <tr><td>cluster:</td></tr>
+	            <tr><td class="logpass">{{ clusternumber + loop.index }}</td></tr>
+            	{% endif %}
+                <tr><td>login:</td></tr>
+                <tr><td class="logpass">{{ user_login }}</td></tr>
+                <tr><td>password:</td></tr>
+                <tr><td class="logpass">{{ user_password }}</td></tr>
             </table>
+
         </p>
+        <p>
+            {{ listhead }}
+            <table>
+                {% for node in cluster %}
+                <tr>
+                	<td>{{ clusterprefix }}{{ loop.index }}:</td>
+                	<td>{{ node }}</td>
+                </tr>
+                {% endfor %}
+            </table>
+        </p>
+
         <p>
             {% if url %}
-            {{ slides_are_at }}
+        	{{ slides_are_at }}
             <p>
                 <span class="scale">{{ url }}</span>
             </p>
             {% endif %}
+            {% if img_bottom_src %}
+            <img class="bottom" src="{{ img_bottom_src }}" />
+            {% endif %}
         </p>
     </div>
     {% if loop.index%pagesize==0 or loop.last %}
         <span class="pagebreak"></span>
         {% if backside %}
-            {% for x in range(pagesize) %}
-                <div class="card back">
-                {{ backside }}
-                {#
-                <p>Thanks for attending
-                "Getting Started With Kubernetes and Container Orchestration"
-                during CONFERENCE in Month YYYY!</p>
-                <p>If you liked that workshop,
-                I can train your team, in person or
-                online, with custom courses of
-                any length and any level.
-                </p>
-                {% if qrcode %}
-                <p>If you're interested, please scan that QR code to contact me:</p>
-                <span class="qrcode"></span>
+			{% for x in range(pagesize) %}
+		        <div class="back">
+				<p>Thanks for attending
+				"Getting Started With Kubernetes and Container Orchestration"
+				during CONFERENCE in Month YYYY!</p>
+				<p>If you liked that workshop,
+				I can train your team, in person or
+				online, with custom courses of
+				any length and any level.
+				</p>
+	            {% if qrcode %}
+	            <p>If you're interested, please scan that QR code to contact me:</p>
+				<span class="qrcode"></span>
                 {% else %}
-                <p>If you're interested, you can contact me at:</p>
-                {% endif %}
-                <p>jerome.petazzoni@gmail.com</p>
-                #}
-                </div>
-            {% endfor %}
-        <span class="pagebreak"></span>
-        {% endif %}
+				<p>If you're interested, you can contact me at:</p>
+				{% endif %}
+				<p>jerome.petazzoni@gmail.com</p>
+		        </div>
+			{% endfor %}
+		<span class="pagebreak"></span>
+		{% endif %}
     {% endif %}
 {% endfor %}
 </body>

prepare-labs/templates/cards.yaml

@@ -1,19 +0,0 @@
-cards_template: cards.html
-paper_size: Letter
-url: https://2024-11-qconsf.container.training
-event: workshop
-backside: |
-  <div class="qrcode"></div>
-  <p>
-    Thanks for attending the Asynchronous Architecture Patterns workshop at QCON!
-  </p>
-  <p>
-    <b>This QR code will give you my contact info</b> as well as a link to a feedback form.
-  </p>
-  <p>
-    If you liked this workshop, I can train your team, in person or online, with custom
-    courses of any length and any level, on Docker, Kubernetes, and MLops.
-  </p>
-qrcode: https://2024-11-qconsf.container.training/#contact
-thing: Kubernetes cluster
-image: logo-kubernetes.png

prepare-labs/terraform/list-locations/exoscale

@@ -1,2 +0,0 @@
-#!/bin/sh
-exo zone

prepare-labs/terraform/many-kubernetes/locals.tf

@@ -8,8 +8,8 @@ resource "random_string" "_" {
 resource "time_static" "_" {}
 
 locals {
-  min_nodes_per_pool = var.min_nodes_per_cluster
-  max_nodes_per_pool = var.max_nodes_per_cluster
+  min_nodes_per_pool = var.nodes_per_cluster
+  max_nodes_per_pool = var.nodes_per_cluster * 2
   timestamp          = formatdate("YYYY-MM-DD-hh-mm", time_static._.rfc3339)
   tag                = random_string._.result
   # Common tags to be assigned to all resources

prepare-labs/terraform/many-kubernetes/stage2.tmpl

@@ -14,20 +14,6 @@ provider "kubernetes" {
   config_path = "./kubeconfig.${index}"
 }
 
-provider "helm" {
-  alias = "cluster_${index}"
-  kubernetes {
-    config_path = "./kubeconfig.${index}"
-  }
-}
-
-# Password used for SSH and code-server access
-resource "random_string" "shpod_${index}" {
-  length  = 6
-  special = false
-  upper   = false
-}
-
 resource "kubernetes_namespace" "shpod_${index}" {
   provider = kubernetes.cluster_${index}
   metadata {
@@ -35,57 +21,120 @@ resource "kubernetes_namespace" "shpod_${index}" {
   }
 }
 
-data "kubernetes_service" "shpod_${index}" {
-  depends_on = [ helm_release.shpod_${index} ]
+resource "kubernetes_deployment" "shpod_${index}" {
   provider = kubernetes.cluster_${index}
   metadata {
     name = "shpod"
-    namespace = "shpod"
+    namespace = kubernetes_namespace.shpod_${index}.metadata.0.name
+  }
+  spec {
+    selector {
+      match_labels = {
+        app = "shpod"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app = "shpod"
+        }
+      }
+      spec {
+        service_account_name = "shpod"
+        container {
+          image = "jpetazzo/shpod"
+          name = "shpod"
+          env {
+            name = "PASSWORD"
+            value = random_string.shpod_${index}.result
+          }
+          lifecycle {
+            post_start {
+              exec {
+                command = [ "sh", "-c", "curl http://myip.enix.org/REMOTE_ADDR > /etc/HOSTIP || true" ]
+              }
+            }
+          }
+          resources {
+            limits = {
+              cpu    = "2"
+              memory = "500M"
+            }
+            requests = {
+              cpu    = "100m"
+              memory = "250M"
+            }
+          }
+        }
+      }
+    }
   }
 }
 
-resource "helm_release" "shpod_${index}" {
-  provider = helm.cluster_${index}
-  repository = "https://shpod.in"
-  chart = "shpod"
-  name = "shpod"
-  namespace = "shpod"
-  create_namespace = false
-  set {
-    name = "service.type"
-    value = "NodePort"
+resource "kubernetes_service" "shpod_${index}" {
+  provider = kubernetes.cluster_${index}
+  lifecycle {
+    # Folks might alter their shpod Service to expose extra ports.
+    # Don't reset their changes.
+    ignore_changes = [ spec ]
   }
-  set {
-    name = "resources.requests.cpu"
-    value = "100m"
+  metadata {
+    name = "shpod"
+    namespace = kubernetes_namespace.shpod_${index}.metadata.0.name
   }
-  set {
-    name = "resources.requests.memory"
-    value = "500M"
+  spec {
+    selector = {
+      app = "shpod"
+    }
+    port {
+      name = "ssh"
+      port = 22
+      target_port = 22
+    }
+    type = "NodePort"
   }
-  set {
-    name = "resources.limits.cpu"
-    value = "1"
+}
+
+resource "kubernetes_service_account" "shpod_${index}" {
+  provider = kubernetes.cluster_${index}
+  metadata {
+    name = "shpod"
+    namespace = kubernetes_namespace.shpod_${index}.metadata.0.name
   }
-  set {
-    name = "resources.limits.memory"
-    value = "1000M"
+}
+
+resource "kubernetes_cluster_role_binding" "shpod_${index}" {
+  provider = kubernetes.cluster_${index}
+  metadata {
+    name = "shpod"
   }
-  set {
-    name = "persistentVolume.enabled"
-    value = "true"
+  role_ref {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "ClusterRole"
+    name      = "cluster-admin"
   }
-  set {
-    name = "ssh.password"
-    value = random_string.shpod_${index}.result
+  subject {
+    kind      = "ServiceAccount"
+    name      = "shpod"
+    namespace = "shpod"
   }
-  set {
-    name = "rbac.cluster.clusterRoles"
-    value = "{cluster-admin}"
+  subject {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "Group"
+    name      = "shpod-cluster-admins"
   }
-  set {
-    name = "codeServer.enabled"
-    value = "true"
+}
+
+resource "random_string" "shpod_${index}" {
+  length  = 6
+  special = false
+  upper   = false
+}
+
+provider "helm" {
+  alias = "cluster_${index}"
+  kubernetes {
+    config_path = "./kubeconfig.${index}"
   }
 }
 
@@ -168,28 +217,16 @@ resource "kubernetes_certificate_signing_request_v1" "cluster_admin_${index}" {
 
 %{ endfor ~}
 
-output "ips_txt" {
+output "ip_addresses_of_nodes" {
   value = join("\n", [
   %{ for index, cluster in clusters ~}
-    join("\n", concat(
+    join("\t", concat(
+      [
+        random_string.shpod_${index}.result,
+        "ssh -l k8s -p $${kubernetes_service.shpod_${index}.spec[0].port[0].node_port}"
+      ],
       split(" ", file("./externalips.${index}"))
     )),
   %{ endfor ~}
-  ""
-  ])
-}
-
-output "logins_jsonl" {
-  value = join("\n", [
-  %{ for index, cluster in clusters ~}
-    jsonencode({
-      login = "k8s",
-      password = random_string.shpod_${index}.result,
-      port = data.kubernetes_service.shpod_${index}.spec[0].port[0].node_port,
-      codeServerPort = data.kubernetes_service.shpod_${index}.spec[0].port[1].node_port,
-      ipaddrs = replace(file("./externalips.${index}"), " ", "\t"),
-    }),
-  %{ endfor ~}
-  ""
   ])
 }

prepare-labs/terraform/many-kubernetes/variables.tf

@@ -7,16 +7,11 @@ variable "how_many_clusters" {
   default = 2
 }
 
-variable "min_nodes_per_cluster" {
+variable "nodes_per_cluster" {
   type    = number
   default = 2
 }
 
-variable "max_nodes_per_cluster" {
-  type    = number
-  default = 4
-}
-
 variable "node_size" {
   type    = string
   default = "M"

prepare-labs/terraform/one-kubernetes/aws/provider.tf

@@ -1,8 +1,7 @@
 terraform {
   required_providers {
     aws = {
-      source  = "hashicorp/aws"
-      version = "~> 4.47.0"
+      source = "hashicorp/aws"
     }
   }
 }

prepare-labs/terraform/one-kubernetes/azure/common.tf

@@ -1 +0,0 @@
-../common.tf

prepare-labs/terraform/one-kubernetes/azure/config.tf

@@ -1 +0,0 @@
-../../providers/azure/config.tf

prepare-labs/terraform/one-kubernetes/azure/main.tf

@@ -1,22 +0,0 @@
-resource "azurerm_resource_group" "_" {
-  name     = var.cluster_name
-  location = var.location
-}
-
-resource "azurerm_kubernetes_cluster" "_" {
-  name       = var.cluster_name
-  location   = var.location
-  dns_prefix = var.cluster_name
-  identity {
-    type = "SystemAssigned"
-  }
-  resource_group_name = azurerm_resource_group._.name
-  default_node_pool {
-    name                = "x86"
-    node_count          = var.min_nodes_per_pool
-    min_count           = var.min_nodes_per_pool
-    max_count           = var.max_nodes_per_pool
-    vm_size             = local.node_size
-    enable_auto_scaling = true
-  }
-}

prepare-labs/terraform/one-kubernetes/azure/outputs.tf

@@ -1,12 +0,0 @@
-output "cluster_id" {
-  value = azurerm_kubernetes_cluster._.id
-}
-
-output "has_metrics_server" {
-  value = true
-}
-
-output "kubeconfig" {
-  value     = azurerm_kubernetes_cluster._.kube_config_raw
-  sensitive = true
-}

prepare-labs/terraform/one-kubernetes/azure/provider.tf

@@ -1,7 +0,0 @@
-terraform {
-  required_providers {
-    azurerm = {
-      source = "hashicorp/azurerm"
-    }
-  }
-}

prepare-labs/terraform/one-kubernetes/azure/variables.tf

@@ -1 +0,0 @@
-../../providers/azure/variables.tf

prepare-labs/terraform/one-kubernetes/oci/main.tf

@@ -11,23 +11,17 @@ data "oci_containerengine_cluster_option" "_" {
 locals {
   compartment_id     = oci_identity_compartment._.id
   kubernetes_version = data.oci_containerengine_cluster_option._.kubernetes_versions[0]
-  images = [
-    for image in data.oci_containerengine_node_pool_option._.sources : image
-    if can(regex("OKE", image.source_name))
-    && can(regex(substr(local.kubernetes_version, 1, -1), image.source_name))
-    && !can(regex("GPU", image.source_name))
-    && !can(regex("aarch64", image.source_name))
-  ]
-
 }
 
 data "oci_identity_availability_domains" "_" {
   compartment_id = local.compartment_id
 }
 
-data "oci_containerengine_node_pool_option" "_" {
-  compartment_id      = local.compartment_id
-  node_pool_option_id = oci_containerengine_cluster._.id
+data "oci_core_images" "_" {
+  compartment_id           = local.compartment_id
+  operating_system         = "Oracle Linux"
+  operating_system_version = "8"
+  shape                    = local.shape
 }
 
 resource "oci_containerengine_cluster" "_" {
@@ -62,7 +56,7 @@ resource "oci_containerengine_node_pool" "_" {
     }
   }
   node_source_details {
-    image_id    = local.images[0].image_id
+    image_id    = data.oci_core_images._.images[0].id
     source_type = "image"
   }
 }

prepare-labs/terraform/one-kubernetes/ovh/common.tf

@@ -1 +0,0 @@
-../common.tf

prepare-labs/terraform/one-kubernetes/ovh/config.tf

@@ -1 +0,0 @@
-../../providers/ovh/config.tf

prepare-labs/terraform/one-kubernetes/ovh/main.tf

@@ -1,18 +0,0 @@
-resource "ovh_cloud_project_kube" "_" {
-  name    = var.cluster_name
-  region  = var.location
-  version = local.k8s_version
-}
-
-resource "ovh_cloud_project_kube_nodepool" "_" {
-  kube_id       = ovh_cloud_project_kube._.id
-  name          = "x86"
-  flavor_name   = local.node_size
-  desired_nodes = var.min_nodes_per_pool
-  min_nodes     = var.min_nodes_per_pool
-  max_nodes     = var.max_nodes_per_pool
-}
-
-locals {
-  k8s_version = "1.26"
-}

prepare-labs/terraform/one-kubernetes/ovh/outputs.tf

@@ -1,12 +0,0 @@
-output "cluster_id" {
-  value = ovh_cloud_project_kube._.id
-}
-
-output "has_metrics_server" {
-  value = false
-}
-
-output "kubeconfig" {
-  sensitive = true
-  value     = ovh_cloud_project_kube._.kubeconfig
-}

prepare-labs/terraform/one-kubernetes/ovh/provider.tf

@@ -1,7 +0,0 @@
-terraform {
-  required_providers {
-    ovh = {
-      source = "ovh/ovh"
-    }
-  }
-}

prepare-labs/terraform/one-kubernetes/ovh/variables.tf

@@ -1 +0,0 @@
-../../providers/ovh/variables.tf

prepare-labs/terraform/one-kubernetes/scaleway/main.tf

@@ -1,23 +1,10 @@
-resource "scaleway_vpc_private_network" "_" {
-}
-
-# This is a kind of hack to use a custom security group with Kapsulse.
-# See https://www.scaleway.com/en/docs/containers/kubernetes/reference-content/secure-cluster-with-private-network/
-
-resource "scaleway_instance_security_group" "_" {
-  name                    = "kubernetes ${split("/", scaleway_k8s_cluster._.id)[1]}"
-  inbound_default_policy  = "accept"
-  outbound_default_policy = "accept"
-}
-
 resource "scaleway_k8s_cluster" "_" {
-  name                        = var.cluster_name
+  name = var.cluster_name
+  #region                     = var.location
   tags                        = var.common_tags
   version                     = local.k8s_version
-  type                        = "kapsule"
   cni                         = "cilium"
   delete_additional_resources = true
-  private_network_id          = scaleway_vpc_private_network._.id
 }
 
 resource "scaleway_k8s_pool" "_" {
@@ -30,7 +17,6 @@ resource "scaleway_k8s_pool" "_" {
   max_size    = var.max_nodes_per_pool
   autoscaling = var.max_nodes_per_pool > var.min_nodes_per_pool
   autohealing = true
-  depends_on = [ scaleway_instance_security_group._ ]
 }
 
 data "scaleway_k8s_version" "_" {

prepare-labs/terraform/one-kubernetes/vcluster/main.tf

@@ -4,7 +4,6 @@ resource "helm_release" "_" {
   create_namespace = true
   repository       = "https://charts.loft.sh"
   chart            = "vcluster"
-  version          = "0.19.7"
   set {
     name  = "service.type"
     value = "NodePort"

prepare-labs/terraform/one-kubernetes/vcluster/outputs.tf

@@ -44,5 +44,5 @@ locals {
   guest_api_server_port    = local.node_port
   guest_api_server_url_new = "https://${local.guest_api_server_host}:${local.guest_api_server_port}"
   guest_api_server_url_old = yamldecode(local.kubeconfig_raw).clusters[0].cluster.server
-  kubeconfig               = replace(local.kubeconfig_raw, local.guest_api_server_url_old, local.guest_api_server_url_new)
+  kubeconfig               = replace(local.kubeconfig_raw, local.guest_api_server_url_old,  local.guest_api_server_url_new)
 }

prepare-labs/terraform/providers/hetzner/variables.tf

@@ -14,9 +14,9 @@ $ hcloud server-type list | grep shared
 variable "node_sizes" {
   type = map(any)
   default = {
-    S = "cpx11"
-    M = "cpx21"
-    L = "cpx31"
+    S = "cx11"
+    M = "cx21"
+    L = "cx31"
   }
 }
 

prepare-labs/terraform/providers/ovh/variables.tf

@@ -1,13 +0,0 @@
-variable "node_sizes" {
-  type = map(any)
-  default = {
-    S = "d2-4"
-    M = "d2-4"
-    L = "d2-8"
-  }
-}
-
-variable "location" {
-  type    = string
-  default = "BHS5"
-}

prepare-labs/terraform/providers/proxmox/config.tf

@@ -1,25 +0,0 @@
-variable "proxmox_endpoint" {
-  type    = string
-  default = "https://localhost:8006/"
-}
-
-variable "proxmox_username" {
-  type    = string
-  default = null
-}
-
-variable "proxmox_password" {
-  type    = string
-  default = null
-}
-
-variable "proxmox_template_node_name" {
-  type    = string
-  default = null
-}
-
-variable "proxmox_template_vm_id" {
-  type    = number
-  default = null
-}
-

prepare-labs/terraform/providers/proxmox/variables.tf

@@ -1,11 +0,0 @@
-# Since node size needs to be a string...
-# To indicate number of CPUs + RAM, just pass it as a string with a space between them.
-# RAM is in megabytes.
-variable "node_sizes" {
-  type = map(any)
-  default = {
-    S = "1 2048"
-    M = "2 4096"
-    L = "3 8192"
-  }
-}

prepare-labs/terraform/providers/vcluster/variables.tf

@@ -1,5 +1,5 @@
 variable "node_sizes" {
-  type    = map(any)
+  type = map(any)
   default = {}
 }
 

prepare-labs/terraform/virtual-machines/common.tf

@@ -56,7 +56,6 @@ locals {
       cluster_name = format("%s-%03d", var.tag, cn[0])
       node_name    = format("%s-%03d-%03d", var.tag, cn[0], cn[1])
       node_size    = lookup(var.node_sizes, var.node_size, var.node_size)
-      node_index   = cn[0] * var.nodes_per_cluster + cn[1]
     }
   }
 }
@@ -72,10 +71,10 @@ resource "local_file" "ip_addresses" {
 resource "local_file" "clusters" {
   content = join("", formatlist("%s\n", [
     for cid in range(1, 1 + var.how_many_clusters) :
-    join("\t",
+    join(" ",
       [for nid in range(1, 1 + var.nodes_per_cluster) :
         local.ip_addresses[format("c%03dn%03d", cid, nid)]
   ])]))
-  filename        = "clusters.tsv"
+  filename        = "clusters.txt"
   file_permission = "0600"
 }

prepare-labs/terraform/virtual-machines/openstack/main.tf

@@ -1,22 +1,14 @@
 resource "openstack_compute_instance_v2" "_" {
   for_each    = local.nodes
   name        = each.value.node_name
-  image_name  = data.openstack_images_image_v2._.name
+  image_name  = var.image
   flavor_name = each.value.node_size
-  key_pair    = openstack_compute_keypair_v2._.name
+  key_pair = openstack_compute_keypair_v2._.name
   network {
     port = openstack_networking_port_v2._[each.key].id
   }
 }
 
-data "openstack_images_image_v2" "_" {
-  most_recent = true
-  properties = {
-    os      = "ubuntu"
-    version = "24.04"
-  }
-}
-
 resource "openstack_networking_port_v2" "_" {
   for_each              = local.nodes
   network_id            = openstack_networking_network_v2._.id

prepare-labs/terraform/virtual-machines/openstack/provider.tf

@@ -31,6 +31,10 @@ variable "external_network_id" {
   type = string
 }
 
+variable "image" {
+  type = string
+}
+
 variable "node_sizes" {
   type    = map(any)
   default = {}

prepare-labs/terraform/virtual-machines/proxmox/common.tf

@@ -1 +0,0 @@
-../common.tf

prepare-labs/terraform/virtual-machines/proxmox/config.tf

@@ -1 +0,0 @@
-../../providers/proxmox/config.tf

prepare-labs/terraform/virtual-machines/proxmox/main.tf

@@ -1,77 +0,0 @@
-data "proxmox_virtual_environment_nodes" "_" {}
-
-locals {
-  pve_nodes = data.proxmox_virtual_environment_nodes._.names
-}
-
-resource "proxmox_virtual_environment_vm" "_" {
-  node_name       = local.pve_nodes[each.value.node_index % length(local.pve_nodes)]
-  for_each        = local.nodes
-  name            = each.value.node_name
-  stop_on_destroy = true
-  cpu {
-    cores = split(" ", each.value.node_size)[0]
-    type  = "x86-64-v2-AES" # recommended for modern CPUs
-  }
-  memory {
-    dedicated = split(" ", each.value.node_size)[1]
-  }
-  #disk {
-  #  datastore_id = "ceph"
-  #  file_id = proxmox_virtual_environment_file._.id
-  #  interface = "scsi0"
-  #  size = 30
-  #  discard = "on"
-  #}
-  clone {
-    vm_id     = var.proxmox_template_vm_id
-    node_name = var.proxmox_template_node_name
-  }
-  agent {
-    enabled = true
-  }
-  initialization {
-    datastore_id = "ceph"
-    user_account {
-      username = "ubuntu"
-      keys     = [trimspace(tls_private_key.ssh.public_key_openssh)]
-    }
-    ip_config {
-      ipv4 {
-        address = "dhcp"
-        #gateway =
-      }
-    }
-  }
-  network_device {
-    bridge = "vmbr0"
-  }
-  operating_system {
-    type = "l26"
-  }
-}
-
-#resource "proxmox_virtual_environment_download_file" "ubuntu_2404_20250115" {
-#  content_type = "iso"
-#  datastore_id = "cephfs"
-#  node_name    = "pve-lsd-1"
-#  url          = "https://cloud-images.ubuntu.com/releases/24.04/release-20250115/ubuntu-24.04-server-cloudimg-amd64.img"
-#  file_name    = "ubuntu_2404_20250115.img"
-#}
-#
-#resource "proxmox_virtual_environment_file" "_" {
-#  datastore_id = "cephfs"
-#  node_name = "pve-lsd-1"
-#  source_file {
-#    path = "/root/noble-server-cloudimg-amd64.img"
-#  }
-#}
-
-locals {
-  ip_addresses = {
-    for key, value in local.nodes :
-    key => [for addr in flatten(concat(proxmox_virtual_environment_vm._[key].ipv4_addresses, ["ERROR"])) :
-    addr if addr != "127.0.0.1"][0]
-  }
-}
-

prepare-labs/terraform/virtual-machines/proxmox/provider.tf

@@ -1,15 +0,0 @@
-terraform {
-  required_providers {
-    proxmox = {
-      source  = "bpg/proxmox"
-      version = "~> 0.70.1"
-    }
-  }
-}
-
-provider "proxmox" {
-  endpoint = var.proxmox_endpoint
-  username = var.proxmox_username
-  password = var.proxmox_password
-  insecure = true
-}

prepare-labs/terraform/virtual-machines/proxmox/tfvars.example

@@ -1,14 +0,0 @@
-# If you want to deploy to Proxmox, you need to:
-# 1) copy that file to e.g. myproxmoxcluster.tfvars
-# 2) make sure you have a VM template with QEMU agent pre-installed
-# 3) customize the copy (you need to replace all the CHANGEME values)
-# 4) deploy with "labctl create --provider proxmox/myproxmoxcluster  ..."
-
-proxmox_endpoint = "https://localhost:8006/"
-proxmox_username = "terraform@pve"
-proxmox_password = "CHANGEME"
-
-proxmox_template_node_name = "CHANGEME"
-proxmox_template_vm_id = CHANGEME
-
-

prepare-labs/terraform/virtual-machines/proxmox/variables.tf

@@ -1 +0,0 @@
-../../providers/proxmox/variables.tf

prepare-labs/test-all-one-kubernetes.sh

@@ -4,11 +4,6 @@
 # another set of clusters while a first one is still running)
 # you should set the TF_VAR_cluster_name environment variable.
 
-if ! [ "$TF_VAR_cluster_name" ]; then
-  echo "Please set TF_VAR_cluster_name. Thanks."
-  exit 1
-fi
-
 cd terraform/one-kubernetes
 
 case "$1" in

slides/1.yml

@@ -1,11 +1,11 @@
 title: |
   Docker Intensif
 
-chat: "[Mattermost](https://training.enix.io/mattermost)"
+chat: "[Mattermost](https://highfive.container.training/mattermost)"
 
 gitrepo: github.com/jpetazzo/container.training
 
-slides: https://2025-01-enix.container.training/
+slides: https://2023-05-enix.container.training/
 
 #slidenumberprefix: "#SomeHashTag — "
 

slides/2.yml

@@ -1,11 +1,11 @@
 title: |
   Fondamentaux Kubernetes
 
-chat: "[Mattermost](https://training.enix.io/mattermost)"
+chat: "[Mattermost](https://highfive.container.training/mattermost)"
 
 gitrepo: github.com/jpetazzo/container.training
 
-slides: https://2025-01-enix.container.training/
+slides: https://2023-05-enix.container.training/
 
 #slidenumberprefix: "#SomeHashTag — "
 

slides/3.yml

@@ -2,11 +2,11 @@ title: |
   Packaging d'applications
   pour Kubernetes
 
-chat: "[Mattermost](https://training.enix.io/mattermost)"
+chat: "[Mattermost](https://highfive.container.training/mattermost)"
 
 gitrepo: github.com/jpetazzo/container.training
 
-slides: https://2025-01-enix.container.training/
+slides: https://2023-05-enix.container.training/
 
 #slidenumberprefix: "#SomeHashTag — "
 
@@ -15,7 +15,7 @@ exclude:
 
 content:
 - shared/title.md
-- logistics.md
+- logistics-julien.md
 - k8s/intro.md
 - shared/about-slides.md
 - k8s/prereqs-advanced.md
@@ -39,9 +39,5 @@ content:
   - k8s/helm-secrets.md
   - exercises/helm-umbrella-chart-details.md
 -
-  - k8s/helmfile.md
   - k8s/ytt.md
-  - k8s/gitworkflows.md
-  - k8s/flux.md
-  - k8s/argocd.md
   - shared/thankyou.md

slides/4.yml

@@ -1,11 +1,11 @@
 title: |
   Kubernetes Avancé
 
-chat: "[Mattermost](https://training.enix.io/mattermost)"
+chat: "[Mattermost](https://highfive.container.training/mattermost)"
 
 gitrepo: github.com/jpetazzo/container.training
 
-slides: https://2025-01-enix.container.training/
+slides: https://2023-05-enix.container.training/
 
 #slidenumberprefix: "#SomeHashTag — "
 
@@ -26,9 +26,7 @@ content:
 - shared/toc.md
 - exercises/netpol-brief.md
 - exercises/sealed-secrets-brief.md
-- exercices/rbac-brief.md
 - exercises/kyverno-ingress-domain-name-brief.md
-- exercises/reqlim-brief.md
 - #1
   - k8s/demo-apps.md
   - k8s/netpol.md
@@ -39,7 +37,6 @@ content:
   - k8s/ingress-tls.md
   - exercises/netpol-details.md
   - exercises/sealed-secrets-details.md
-  - exercises/rbac-details.md
 - #2
   - k8s/extending-api.md
   - k8s/crd.md
@@ -56,7 +53,6 @@ content:
   - k8s/apiserver-deepdive.md
   - k8s/aggregation-layer.md
   - k8s/hpa-v2.md
-  - exercises/reqlim-details.md
 - #4
   - k8s/statefulsets.md
   - k8s/consul.md

slides/5.yml

@@ -1,11 +1,11 @@
 title: |
   Opérer Kubernetes
 
-chat: "[Mattermost](https://training.enix.io/mattermost)"
+chat: "[Mattermost](https://highfive.container.training/mattermost)"
 
 gitrepo: github.com/jpetazzo/container.training
 
-slides: https://2025-01-enix.container.training/
+slides: https://2023-05-enix.container.training/
 
 #slidenumberprefix: "#SomeHashTag — "
 
@@ -27,14 +27,14 @@ content:
   - shared/handson.md
   - k8s/architecture.md
   - k8s/deploymentslideshow.md
-  - k8s/dmuc-easy.md
+  - k8s/dmuc.md
+-
+  - k8s/multinode.md
+  - k8s/cni.md
+  - k8s/interco.md
 -
-  - k8s/dmuc-medium.md
-  - k8s/dmuc-hard.md
   - k8s/cni-internals.md
-  #- k8s/interco.md
   - k8s/apilb.md
--
   - k8s/internal-apis.md
   - k8s/staticpods.md
   - k8s/cluster-upgrade.md

slides/_redirects

@@ -16,7 +16,7 @@
 
 # Shortlinks for next training in English and French
 #/next https://www.eventbrite.com/e/livestream-intensive-kubernetes-bootcamp-tickets-103262336428
-/next https://qconsf.com/training/nov2024/asynchronous-architecture-patterns-scale-ml-and-other-high-latency-workloads
+/next https://skillsmatter.com/courses/700-advanced-kubernetes-concepts-workshop-jerome-petazzoni
 /hi5 https://enix.io/fr/services/formation/online/
 /us https://www.ardanlabs.com/live-training-events/deploying-microservices-and-traditional-applications-with-kubernetes-march-28-2022.html
 /uk https://skillsmatter.com/workshops/827-deploying-microservices-and-traditional-applications-with-kubernetes-with-jerome-petazzoni

slides/autopilot/package.json

@@ -2,8 +2,8 @@
   "name": "container-training-pub-sub-server",
   "version": "0.0.1",
   "dependencies": {
-    "express": "^4.21.1",
-    "socket.io": "^4.8.0",
-    "socket.io-client": "^4.7.5"
+    "express": "^4.16.2",
+    "socket.io": "^4.6.1",
+    "socket.io-client": "^4.5.1"
   }
 }

slides/containers/Buildkit.md

@@ -40,7 +40,7 @@
 
 - In multi-stage builds, all stages can be built in parallel
 
-  (example: https://github.com/jpetazzo/shpod; [before][shpod-before-parallel] and [after][shpod-after-parallel])
+  (example: https://github.com/jpetazzo/shpod; [before] and [after])
 
 - Stages are built only when they are necessary
 
@@ -50,8 +50,8 @@
 
 - Files are cached in the builder
 
-[shpod-before-parallel]: https://github.com/jpetazzo/shpod/blob/c6efedad6d6c3dc3120dbc0ae0a6915f85862474/Dockerfile
-[shpod-after-parallel]: https://github.com/jpetazzo/shpod/blob/d20887bbd56b5fcae2d5d9b0ce06cae8887caabf/Dockerfile
+[before]: https://github.com/jpetazzo/shpod/blob/c6efedad6d6c3dc3120dbc0ae0a6915f85862474/Dockerfile
+[after]: https://github.com/jpetazzo/shpod/blob/d20887bbd56b5fcae2d5d9b0ce06cae8887caabf/Dockerfile
 
 ---
 
@@ -121,10 +121,10 @@ docker buildx build … \
 
 - Must not use binary downloads with hard-coded architectures!
 
-  (streamlining a Dockerfile for multi-arch: [before][shpod-before-multiarch], [after][shpod-after-multiarch])
+  (streamlining a Dockerfile for multi-arch: [before], [after])
 
-[shpod-before-multiarch]: https://github.com/jpetazzo/shpod/blob/d20887bbd56b5fcae2d5d9b0ce06cae8887caabf/Dockerfile
-[shpod-after-multiarch]: https://github.com/jpetazzo/shpod/blob/c50789e662417b34fea6f5e1d893721d66d265b7/Dockerfile
+[before]: https://github.com/jpetazzo/shpod/blob/d20887bbd56b5fcae2d5d9b0ce06cae8887caabf/Dockerfile
+[after]: https://github.com/jpetazzo/shpod/blob/c50789e662417b34fea6f5e1d893721d66d265b7/Dockerfile
 
 ---
 

slides/containers/Compose_For_Dev_Stacks.md

@@ -32,7 +32,7 @@ Compose enables a simple, powerful onboarding workflow:
 
 1. Checkout our code.
 
-2. Run `docker compose up`.
+2. Run `docker-compose up`.
 
 3. Our app is up and running!
 
@@ -66,19 +66,19 @@ class: pic
 
 1. Write Dockerfiles
 
-2. Describe our stack of containers in a YAML file (the "Compose file")
+2. Describe our stack of containers in a YAML file called `docker-compose.yml`
 
-3. `docker compose up` (or `docker compose up -d` to run in the background)
+3. `docker-compose up` (or `docker-compose up -d` to run in the background)
 
 4. Compose pulls and builds the required images, and starts the containers
 
 5. Compose shows the combined logs of all the containers
 
-   (if running in the background, use `docker compose logs`)
+   (if running in the background, use `docker-compose logs`)
 
 6. Hit Ctrl-C to stop the whole stack
 
-   (if running in the background, use `docker compose stop`)
+   (if running in the background, use `docker-compose stop`)
 
 ---
 
@@ -86,11 +86,11 @@ class: pic
 
 After making changes to our source code, we can:
 
-1. `docker compose build` to rebuild container images
+1. `docker-compose build` to rebuild container images
 
-2. `docker compose up` to restart the stack with the new images
+2. `docker-compose up` to restart the stack with the new images
 
-We can also combine both with `docker compose up --build`
+We can also combine both with `docker-compose up --build`
 
 Compose will be smart, and only recreate the containers that have changed.
 
@@ -114,7 +114,7 @@ cd trainingwheels
 Second step: start the app.
 
 ```bash
-docker compose up
+docker-compose up
 ```
 
 Watch Compose build and run the app.
@@ -141,17 +141,7 @@ After ten seconds (or if we press `^C` again) it will forcibly kill them.
 
 ---
 
-## The Compose file
-
-* Historically: docker-compose.yml or .yaml
-
-* Recently (kind of): can also be named compose.yml or .yaml
-
-(Since [version 1.28.6, March 2021](https://docs.docker.com/compose/releases/release-notes/#1286))
-
----
-
-## Example
+## The `docker-compose.yml` file
 
 Here is the file used in the demo:
 
@@ -182,9 +172,9 @@ services:
 
 A Compose file has multiple sections:
 
-* `services` is mandatory. Each service corresponds to a container.
+* `version` is mandatory. (Typically use "3".)
 
-* `version` is optional (it used to be mandatory). It can be ignored.
+* `services` is mandatory. Each service corresponds to a container.
 
 * `networks` is optional and indicates to which networks containers should be connected.
   <br/>(By default, containers will be connected on a private, per-compose-file network.)
@@ -193,24 +183,24 @@ A Compose file has multiple sections:
 
 ---
 
-class: extra-details
-
 ## Compose file versions
 
 * Version 1 is legacy and shouldn't be used.
 
-  (If you see a Compose file without a `services` block, it's a legacy v1 file.)
+  (If you see a Compose file without `version` and `services`, it's a legacy v1 file.)
 
 * Version 2 added support for networks and volumes.
 
 * Version 3 added support for deployment options (scaling, rolling updates, etc).
 
+* Typically use `version: "3"`.
+
 The [Docker documentation](https://docs.docker.com/compose/compose-file/)
 has excellent information about the Compose file format if you need to know more about versions.
 
 ---
 
-## Containers in Compose file
+## Containers in `docker-compose.yml`
 
 Each service in the YAML file must contain either `build`, or `image`.
 
@@ -288,7 +278,7 @@ For the full list, check: https://docs.docker.com/compose/compose-file/
 
   `frontcopy_www`, `frontcopy_www_1`, `frontcopy_db_1`
 
-- Alternatively, use `docker compose -p frontcopy` 
+- Alternatively, use `docker-compose -p frontcopy` 
 
   (to set the `--project-name` of a stack, which default to the dir name)
 
@@ -298,10 +288,10 @@ For the full list, check: https://docs.docker.com/compose/compose-file/
 
 ## Checking stack status
 
-We have `ps`, `docker ps`, and similarly, `docker compose ps`:
+We have `ps`, `docker ps`, and similarly, `docker-compose ps`:
 
 ```bash
-$ docker compose ps
+$ docker-compose ps
 Name                      Command             State           Ports          
 ----------------------------------------------------------------------------
 trainingwheels_redis_1   /entrypoint.sh red   Up      6379/tcp               
@@ -320,13 +310,13 @@ If you have started your application in the background with Compose and
 want to stop it easily, you can use the `kill` command:
 
 ```bash
-$ docker compose kill
+$ docker-compose kill
 ```
 
-Likewise, `docker compose rm` will let you remove containers (after confirmation):
+Likewise, `docker-compose rm` will let you remove containers (after confirmation):
 
 ```bash
-$ docker compose rm
+$ docker-compose rm
 Going to remove trainingwheels_redis_1, trainingwheels_www_1
 Are you sure? [yN] y
 Removing trainingwheels_redis_1...
@@ -337,19 +327,19 @@ Removing trainingwheels_www_1...
 
 ## Cleaning up (2)
 
-Alternatively, `docker compose down` will stop and remove containers.
+Alternatively, `docker-compose down` will stop and remove containers.
 
 It will also remove other resources, like networks that were created for the application.
 
 ```bash
-$ docker compose down
+$ docker-compose down
 Stopping trainingwheels_www_1 ... done
 Stopping trainingwheels_redis_1 ... done
 Removing trainingwheels_www_1 ... done
 Removing trainingwheels_redis_1 ... done
 ```
 
-Use `docker compose down -v` to remove everything including volumes.
+Use `docker-compose down -v` to remove everything including volumes.
 
 ---
 
@@ -379,15 +369,15 @@ Use `docker compose down -v` to remove everything including volumes.
 
 - If the container is deleted, the volume gets orphaned
 
-- Example: `docker compose down && docker compose up`
+- Example: `docker-compose down && docker-compose up`
 
   - the old volume still exists, detached from its container
 
   - a new volume gets created
 
-- `docker compose down -v`/`--volumes` deletes volumes
+- `docker-compose down -v`/`--volumes` deletes volumes
 
-  (but **not** `docker compose down && docker compose down -v`!)
+  (but **not** `docker-compose down && docker-compose down -v`!)
  
 ---
 
@@ -406,9 +396,9 @@ volumes:
 
 - Volume will be named `<project>_data`
 
-- It won't be orphaned with `docker compose down`
+- It won't be orphaned with `docker-compose down`
 
-- It will correctly be removed with `docker compose down -v`
+- It will correctly be removed with `docker-compose down -v`
 
 ---
 
@@ -427,7 +417,7 @@ services:
 
   (for migration, backups, disk usage accounting...)
 
-- Won't be removed by `docker compose down -v`
+- Won't be removed by `docker-compose down -v`
 
 ---
 
@@ -461,7 +451,7 @@ services:
 
 - This is used when bringing up individual services
 
-  (e.g. `docker compose up blah` or `docker compose run foo`)
+  (e.g. `docker-compose up blah` or `docker-compose run foo`)
 
 ⚠️ It doesn't make a service "wait" for another one to be up!
 
@@ -481,9 +471,7 @@ class: extra-details
 
   - `docker compose` command to deploy Compose stacks to some clouds
 
-  - in Go instead of Python
-
-  - progressively getting feature parity with `docker compose`
+  - progressively getting feature parity with `docker-compose`
 
   - also provides numerous improvements (e.g. leverages BuildKit by default)
 

slides/containers/Copying_Files_During_Build.md

@@ -120,11 +120,11 @@ class: extra-details
 
   (and won't end up in the resulting image)
 
-- See the [documentation][dockerignore] for the little details
+- See the [documentation] for the little details
 
   (exceptions can be made with `!`, multiple directory levels with `**`...)
 
-[dockerignore]: https://docs.docker.com/engine/reference/builder/#dockerignore-file
+[documentation]: https://docs.docker.com/engine/reference/builder/#dockerignore-file
 
 ???
 

slides/containers/Docker_Overview.md

@@ -113,16 +113,22 @@ class: pic
 ## Results
 
 * [Dev-to-prod reduced from 9 months to 15 minutes (ING)](
-  https://gallant-turing-d0d520.netlify.com/docker-case-studies/CS_ING_01.25.2015_1.pdf)
+  https://www.docker.com/sites/default/files/CS_ING_01.25.2015_1.pdf)
 
 * [Continuous integration job time reduced by more than 60% (BBC)](
-  https://gallant-turing-d0d520.netlify.com/docker-case-studies/CS_BBCNews_01.25.2015_1.pdf)
+  https://www.docker.com/sites/default/files/CS_BBCNews_01.25.2015_1.pdf)
 
 * [Deploy 100 times a day instead of once a week (GILT)](
-  https://gallant-turing-d0d520.netlify.com/docker-case-studies/CS_Gilt_Groupe_03.18.2015_0.pdf)
+  https://www.docker.com/sites/default/files/CS_Gilt%20Groupe_03.18.2015_0.pdf)
 
 * [70% infrastructure consolidation (MetLife)](
-  https://www.youtube.com/watch?v=Bwt3xigvlj0)
+  https://www.docker.com/customers/metlife-transforms-customer-experience-legacy-and-microservices-mashup)
+
+* [60% infrastructure consolidation (Intesa Sanpaolo)](
+  https://blog.docker.com/2017/11/intesa-sanpaolo-builds-resilient-foundation-banking-docker-enterprise-edition/)
+
+* [14x application density; 60% of legacy datacenter migrated in 4 months (GE Appliances)](
+  https://www.docker.com/customers/ge-uses-docker-enable-self-service-their-developers)
 
 * etc.
 

slides/docker-compose.yaml

@@ -1,3 +1,5 @@
+version: "2"
+
 services:
   www:
     image: nginx

slides/exercises/ingress-brief.md

@@ -1,4 +1,4 @@
-## Exercise — Ingress Controller
+## Exercise — Ingress
 
 - Add an ingress controller to a Kubernetes cluster
 

slides/exercises/ingress-details.md

@@ -1,4 +1,4 @@
-# Exercise — Ingress Controller
+# Exercise — Ingress
 
 - We want to expose a couple of web apps through an ingress controller
 
@@ -128,4 +128,4 @@ This is similar to the previous scenario, but with two significant changes:
 
 1. We only want to run the ingress controller on nodes that have the role `ingress`.
 
-2. We want to either use `hostPort`, or a list of `externalIPs` (not `hostNetwork`).
+2. We don't want to use `hostNetwork`, but a list of `externalIPs` instead.

slides/exercises/netpol-details.md

@@ -1,6 +1,6 @@
 # Exercise — Network Policies
 
-We want to implement a generic network security mechanism.
+We want to to implement a generic network security mechanism.
 
 Instead of creating one policy per service, we want to
 create a fixed number of policies, and use a single label

slides/exercises/polykuberbac-brief.md

@@ -1,11 +0,0 @@
-## Exercise — Enable RBAC
-
-- Enable RBAC on a manually-deployed control plane
-
-- This involves:
-
-  - generating different certificates
-
-  - distributing the certificates to the controllers
-
-  - enabling the proper authorizers in API server

slides/exercises/polykuberbac-details.md

@@ -1,117 +0,0 @@
-# Exercise — Enable RBAC
-
-- We want to enable RBAC on the "polykube" cluster
-
-  (it doesn't matter whether we have 1 or multiple nodes)
-
-- Ideally, we want to have, for instance:
-
-  - one key, certificate, and kubeconfig for a cluster admin
-
-  - one key, certificate, and kubeconfig for a user
-    <br/>
-    (with permissions in a single namespace)
-
-- Bonus points: enable the NodeAuthorizer too!
-
-- Check the following slides for hints
-
----
-
-## Step 1
-
-- Enable RBAC itself!
-
---
-
-- This is done with an API server command-line flag
-
---
-
-- Check [the documentation][kube-apiserver-doc] to see the flag
-
---
-
-- For now, only enable `--authorization-mode=RBAC`
-
-[kube-apiserver-doc]: https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/
-
----
-
-## Step 2
-
-- Our certificate doesn't work anymore, we need to generate a new one
-
---
-
-- We need a certificate that will have *some* (ideally *all*) permissions
-
---
-
-- Two options:
-
-  - use the equivalent of "root" (identity that completely skips permission checks)
-
-  - a "non-root" identity but which is granted permissions with RBAC
-
---
-
-- The "non-root" option looks nice, but to grant permissions, we need permissions
-
-- So let's start with the equivalent of "root"!
-
---
-
-- The Kubernetes equivalent of `root` is the group `system:masters`
-
----
-
-## Step 2, continued
-
-- We need to generate a certificate for a user belonging to group `system:masters`
-
---
-
-- In Kubernetes certificates, groups are encoded with the "organization" field
-
---
-
-- That corresponds to `O=system:masters`
-
---
-
-- In other words we need to generate a new certificate, but with a subject of:
-
-  `/CN=admin/O=system:masters/` (the `CN` doesn't matter)
-
-- That certificate should be able to interact with the API server, like before
-
----
-
-## Step 3
-
-- Now, all our controllers have permissions issues
-
-- We need to either:
-
-  - use that `system:masters` cert everywhere
-
-  - generate different certs for every controller, with the proper identities
-
-- Suggestion: use `system-masters` everywhere to begin with
-
-  (and make sure the cluster is back on its feet)
-
----
-
-## Step 4
-
-At this point, there are two possible forks in the road:
-
-1. Generate certs for the control plane controllers
-
-   (`kube-controller-manager`, `kube-scheduler`)
-
-2. Generate cert(s) for the node(s) and enable `NodeAuthorizer`
-
-Good luck!

slides/exercises/reqlim-brief.md

@@ -1,7 +0,0 @@
-## Exercise — Requests and Limits
-
-- Check current resource allocation and utilization
-
-- Make sure that all workloads have requests (and perhaps limits)
-
-- Make sure that all *future* workloads too!

slides/exercises/reqlim-details.md

@@ -1,55 +0,0 @@
-# Exercise — Requests and Limits
-
-By default, if we don't specify *resource requests*,
-our workloads will run in `BestEffort` quality of service.
-
-`BestEffort` is very bad for production workloads,
-because the scheduler has no idea of the actual resource
-requirements of our apps, and won't be able to make
-smart decisions about workload placement.
-
-As a result, when the cluster gets overloaded, 
-containers will be killed, pods will be evicted,
-and service disruptions will happen.
-
-Let's solve this!
-
----
-
-## Check current state
-
-- Check *allocations*
-
-  (i.e. which pods have requests and limits for CPU and memory)
-
-- Then check *utilization*
-
-  (i.e. actual resource usage)
-
-- Possible tools: `kubectl`, plugins like `view-allocations`, Prometheus...
-
----
-
-## Follow best practices
-
-- We want to make sure that *all* workloads have requests
-
-  (and perhaps limits, too!)
-
-- Depending on the workload:
-
-  - edit its YAML manifest
-
-  - adjust its Helm values
-
-  - add LimitRange in its Namespace
-
-- Then check again to confirm that the job has been done properly!
-
----
-
-## Be future-proof!
-
-- We want to make sure that *future* workloads will have requests, too
-
-- How can that be implemented?

slides/find-duplicate-markdown-links.sh

@@ -1,5 +0,0 @@
-#!/bin/sh
-for LINK in $(cat */*.md | sed -n 's/^\[\(.*\)\]:.*/\1/p' | sort | uniq -d); do
-  grep '^\['"$LINK"'\]:' */*.md
-done
-

slides/highfive.html

@@ -10,120 +10,108 @@
   </head>
   <body>
     <table>
-
       <tr>
-        <td>Mardi 21 janvier 2025</td>
+        <td>Mardi 9 mai 2023</td>
         <td>
           <a href="1.yml.html">Docker Intensif</a>
         </td>
       </tr>
       <tr>
-        <td>Mercredi 22 janvier 2025</td>
+        <td>Mercredi 10 mai 2023</td>
         <td>
           <a href="1.yml.html">Docker Intensif</a>
         </td>
       </tr>
       <tr>
-        <td>Jeudi 23 janvier 2025</td>
+        <td>Jeudi 11 mai 2023</td>
         <td>
           <a href="1.yml.html">Docker Intensif</a>
         </td>
       </tr>
       <tr>
-        <td>Vendredi 24 janvier 2025</td>
+        <td>Vendredi 12 mai 2023</td>
         <td>
           <a href="1.yml.html">Docker Intensif</a>
         </td>
       </tr>
-
       <tr>
-        <td>Mardi 28 janvier 2025</td>
+        <td>Lundi 15 mai 2023</td>
         <td>
           <a href="2.yml.html">Fondamentaux Kubernetes</a>
         </td>
       </tr>
       <tr>
-        <td>Mercredi 29 janvier 2025</td>
+        <td>Mardi 16 mai 2023</td>
         <td>
           <a href="2.yml.html">Fondamentaux Kubernetes</a>
         </td>
       </tr>
       <tr>
-        <td>Jeudi 30 janvier 2025</td>
+        <td>Mercredi 17 mai 2023</td>
         <td>
           <a href="2.yml.html">Fondamentaux Kubernetes</a>
         </td>
       </tr>
       <tr>
-        <td>Vendredi 31 janvier 2025</td>
+        <td>Lundi 22 mai 2023</td>
         <td>
           <a href="2.yml.html">Fondamentaux Kubernetes</a>
         </td>
       </tr>
-
       <tr>
-        <td>Lundi 3 février 2025</td>
+        <td>Mardi 23 mai 2023</td>
+        <td>
+          <a href="4.yml.html">Kubernetes Avancé</a>
+        </td>
+      </tr>
+      <tr>
+        <td>Mercredi 24 mai 2023</td>
+        <td>
+          <a href="4.yml.html">Kubernetes Avancé</a>
+        </td>
+      </tr>
+      <tr>
+        <td>Jeudi 25 mai 2023</td>
+        <td>
+          <a href="4.yml.html">Kubernetes Avancé</a>
+        </td>
+      </tr>
+      <tr>
+        <td>Vendredi 26 mai 2023</td>
+        <td>
+          <a href="4.yml.html">Kubernetes Avancé</a>
+        </td>
+      </tr>
+      <tr>
+        <td>Mardi 30 mai 2023</td>
         <td>
           <a href="3.yml.html">Packaging d'applications pour Kubernetes</a>
         </td>
       </tr>
       <tr>
-        <td>Mardi 4 février 2025</td>
+        <td>Mercredi 31 mai 2023</td>
         <td>
           <a href="3.yml.html">Packaging d'applications pour Kubernetes</a>
         </td>
       </tr>
       <tr>
-        <td>Mercredi 5 février 2025</td>
+        <td>Jeudi 1er juin 2023</td>
         <td>
           <a href="3.yml.html">Packaging d'applications pour Kubernetes</a>
         </td>
       </tr>
-
       <tr>
-        <td>Jeudi 7 février 2025</td>
-        <td>
-          <a href="4.yml.html">Kubernetes Avancé</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Vendredi 7 février 2025</td>
-        <td>
-          <a href="4.yml.html">Kubernetes Avancé</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Lundi 10 février 2025</td>
-        <td>
-          <a href="4.yml.html">Kubernetes Avancé</a>
-        </td>
-      </tr>
-      <tr>
-        <td>Mardi 11 février 2025</td>
-        <td>
-          <a href="4.yml.html">Kubernetes Avancé</a>
-        </td>
-      </tr>
-
-      <tr>
-        <td>Mercredi 12 février 2025</td>
+        <td>Mardi 6 juin 2023</td>
         <td>
           <a href="5.yml.html">Opérer Kubernetes</a>
         </td>
       </tr>
       <tr>
-        <td>Jeudi 13 février 2025</td>
+        <td>Mercredi 7 juin 2023</td>
         <td>
           <a href="5.yml.html">Opérer Kubernetes</a>
         </td>
       </tr>
-      <tr>
-        <td>Vendredi 14 février 2025</td>
-        <td>
-          <a href="5.yml.html">Opérer Kubernetes</a>
-        </td>
-      </tr>
-
     </table>
   </body>
 </html>

slides/index.yaml

@@ -981,6 +981,10 @@
 #  event: LISA
 #  title: Deploying and Scaling Applications with Docker Swarm
 
+#2015-09-24-strangeloop
+
+
+
 - title: Introduction to Docker and Containers
   slides: intro-selfpaced.yml.html
 

slides/interstitials.txt

@@ -1,16 +1,16 @@
-https://prettypictures.container.training/containers/Container-Ship-Freighter-Navigation-Elbe-Romance-1782991.jpg
-https://prettypictures.container.training/containers/ShippingContainerSFBay.jpg
-https://prettypictures.container.training/containers/aerial-view-of-containers.jpg
-https://prettypictures.container.training/containers/blue-containers.jpg
-https://prettypictures.container.training/containers/chinook-helicopter-container.jpg
-https://prettypictures.container.training/containers/container-cranes.jpg
-https://prettypictures.container.training/containers/container-housing.jpg
-https://prettypictures.container.training/containers/containers-by-the-water.jpg
-https://prettypictures.container.training/containers/distillery-containers.jpg
-https://prettypictures.container.training/containers/lots-of-containers.jpg
-https://prettypictures.container.training/containers/plastic-containers.JPG
-https://prettypictures.container.training/containers/train-of-containers-1.jpg
-https://prettypictures.container.training/containers/train-of-containers-2.jpg
-https://prettypictures.container.training/containers/two-containers-on-a-truck.jpg
-https://prettypictures.container.training/containers/wall-of-containers.jpeg
-https://prettypictures.container.training/containers/catene-de-conteneurs.jpg
+https://gallant-turing-d0d520.netlify.com/containers/Container-Ship-Freighter-Navigation-Elbe-Romance-1782991.jpg
+https://gallant-turing-d0d520.netlify.com/containers/ShippingContainerSFBay.jpg
+https://gallant-turing-d0d520.netlify.com/containers/aerial-view-of-containers.jpg
+https://gallant-turing-d0d520.netlify.com/containers/blue-containers.jpg
+https://gallant-turing-d0d520.netlify.com/containers/chinook-helicopter-container.jpg
+https://gallant-turing-d0d520.netlify.com/containers/container-cranes.jpg
+https://gallant-turing-d0d520.netlify.com/containers/container-housing.jpg
+https://gallant-turing-d0d520.netlify.com/containers/containers-by-the-water.jpg
+https://gallant-turing-d0d520.netlify.com/containers/distillery-containers.jpg
+https://gallant-turing-d0d520.netlify.com/containers/lots-of-containers.jpg
+https://gallant-turing-d0d520.netlify.com/containers/plastic-containers.JPG
+https://gallant-turing-d0d520.netlify.com/containers/train-of-containers-1.jpg
+https://gallant-turing-d0d520.netlify.com/containers/train-of-containers-2.jpg
+https://gallant-turing-d0d520.netlify.com/containers/two-containers-on-a-truck.jpg
+https://gallant-turing-d0d520.netlify.com/containers/wall-of-containers.jpeg
+https://gallant-turing-d0d520.netlify.com/containers/catene-de-conteneurs.jpg

slides/k8s/admission.md

@@ -20,21 +20,19 @@
 
 ## Use cases
 
-- Defaulting
+Some examples ...
 
-  *injecting image pull secrets, sidecars, environment variables...*
+- Stand-alone admission controllers
 
-- Policy enforcement and best practices
+  *validating:* policy enforcement (e.g. quotas, naming conventions ...)
 
-  *prevent: `latest` images, deprecated APIs...*
+  *mutating:* inject or provide default values (e.g. pod presets)
 
-  *require: PDBs, resource requests/limits, labels/annotations, local registry...*
+- Admission controllers part of a greater system
 
-- Problem mitigation
+  *validating:* advanced typing for operators
 
-  *block nodes with vulnerable kernels, inject log4j mitigations...*
-
-- Extended validation for operators
+  *mutating:* inject sidecars for service meshes
 
 ---
 
@@ -200,64 +198,6 @@
 
   (the Node "echo" app, the Flask app, and one ngrok tunnel for each of them)
 
-- We will need an ngrok account for the tunnels
-
-  (a free account is fine)
-
----
-
-class: extra-details
-
-## What's ngrok?
-
-- Ngrok provides secure tunnels to access local services
-
-- Example: run `ngrok http 1234`
-
-- `ngrok` will display a publicly-available URL (e.g. https://xxxxyyyyzzzz.ngrok.app)
-
-- Connections to https://xxxxyyyyzzzz.ngrok.app will terminate at `localhost:1234`
-
-- Basic product is free; extra features (vanity domains, end-to-end TLS...) for $$$
-
-- Perfect to develop our webhook!
-
----
-
-class: extra-details
-
-## Ngrok in production
-
-- Ngrok was initially known for its local webhook development features
-
-- It now supports production scenarios as well
-
-  (load balancing, WAF, authentication, circuit-breaking...)
-
-- Including some that are very relevant to Kubernetes
-
-  (e.g. [ngrok Ingress Controller](https://github.com/ngrok/kubernetes-ingress-controller)
-
----
-
-## Ngrok tokens
-
-- If you're attending a live training, you might have an ngrok token
-
-- Look in `~/ngrok.env` and if that file exists, copy it to the stack:
-
-.lab[
-
-```bash
-cp ~/ngrok.env ~/container.training/webhooks/admission/.env
-```
-
-]
-
----
-
-## Starting the whole stack
-
 .lab[
 
 - Go to the webhook directory:
@@ -276,6 +216,28 @@ cp ~/ngrok.env ~/container.training/webhooks/admission/.env
 
 ---
 
+class: extra-details
+
+## What's ngrok?
+
+- Ngrok provides secure tunnels to access local services
+
+- Example: run `ngrok http 1234`
+
+- `ngrok` will display a publicly-available URL (e.g. https://xxxxyyyyzzzz.ngrok.io)
+
+- Connections to https://xxxxyyyyzzzz.ngrok.io will terminate at `localhost:1234`
+
+- Basic product is free; extra features (vanity domains, end-to-end TLS...) for $$$
+
+- Perfect to develop our webhook!
+
+- Probably not for production, though
+
+  (webhook requests and responses now pass through the ngrok platform)
+
+---
+
 ## Update the webhook configuration
 
 - We have a webhook configuration in `k8s/webhook-configuration.yaml`
@@ -581,23 +543,6 @@ Shell to the rescue!
 
   (it should only allow values of `red`, `green`, `blue`)
 
----
-
-## Coming soon...
-
-- Kubernetes Validating Admission Policies
-
-- Integrated with the Kubernetes API server
-
-- Lets us define policies using [CEL (Common Expression Language)][cel-spec]
-
-- Available in beta in Kubernetes 1.28 <!-- ##VERSION## -->
-
-- Check this [CNCF Blog Post][cncf-blog-vap] for more details
-
-[cncf-blog-vap]: https://www.cncf.io/blog/2023/09/14/policy-management-in-kubernetes-is-changing/
-[cel-spec]: https://github.com/google/cel-spec
-
 ???
 
 :EN:- Dynamic admission control with webhooks

slides/k8s/architecture.md

@@ -141,6 +141,12 @@ class: pic
 
 class: pic
 
+![](images/control-planes/non-dedicated-stacked-nodes.svg)
+
+---
+
+class: pic
+
 ![](images/control-planes/advanced-control-plane.svg)
 
 ---
@@ -151,12 +157,6 @@ class: pic
 
 ---
 
-class: pic
-
-![](images/control-planes/non-dedicated-stacked-nodes.svg)
-
----
-
 # The Kubernetes API
 
 [