WIP

dockercoins/rng/Dockerfile

@@ -3,5 +3,5 @@ WORKDIR /app
 RUN pip install Flask
 COPY rng.py .
 ENV FLASK_APP=rng FLASK_RUN_HOST=:: FLASK_RUN_PORT=80
-CMD ["flask", "run", "--without-threads"]
+CMD ["flask", "run"]
 EXPOSE 80

k8s/haproxy.cfg

@@ -12,5 +12,5 @@ listen very-basic-load-balancer
   server blue color.blue.svc:80
   server green color.green.svc:80
 
-### Note: the services above must exist,
-### otherwise HAproxy won't start.
+# Note: the services above must exist,
+# otherwise HAproxy won't start.

k8s/kyverno-ingress-domain-name-4.yaml

@@ -1,56 +0,0 @@
-# This is a Kyverno policy to automatically generate an Ingress resource,
-# similar to the other ones in this directory; but instead of using the
-# "old-style" policies (ClusterPolicy with spec.rules.generate), it is
-# using the new CR GeneratingPolicy and CEL.
-apiVersion: policies.kyverno.io/v1
-kind: GeneratingPolicy
-metadata:
-  name: generate-ingress-for-service
-spec:
-  matchConstraints:
-    resourceRules:
-      - apiGroups: ['']
-        apiVersions: ['v1']
-        operations: ['CREATE']
-        resources: ['services']
-  variables:
-    - name: host
-      expression: |
-        object.metadata.name + "." + object.metadata.namespace + ".example.com"
-    - name: ingress
-      expression: >-
-        [
-          {
-            "kind": dyn("Ingress"),
-            "apiVersion": dyn("networking.k8s.io/v1"),
-            "metadata": dyn({
-              "name": object.metadata.name,
-              "namespace": object.metadata.namespace,
-            }),
-            "spec": dyn({
-              "rules": [
-                {
-                  "host": dyn(variables.host),
-                  "http": dyn({
-                    "paths": [
-                      {
-                        "path": dyn("/"),
-                        "pathType": dyn("Prefix"),
-                        "backend": dyn({
-                          "service": {
-                            "name": dyn(object.metadata.name),
-                            "port": dyn({
-                              "number": 80
-                            })
-                          }
-                        })
-                      }
-                    ]
-                  })
-                }
-              ]
-            })
-          }
-        ]
-  generate:
-    - expression: generator.Apply(object.metadata.namespace, variables.ingress)

k8s/kyverno-vap.yaml

@@ -1,37 +0,0 @@
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingAdmissionPolicy
-metadata:
-  name: ensure-security-label
-spec:
-  # What to do if an error happens when evaluating that policy? (Fail or Ignore)
-  failurePolicy: Fail
-  matchConstraints:
-    resourceRules:
-    - apiGroups:   [""]
-      apiVersions: ["v1"]
-      operations:  ["CREATE", "UPDATE"]
-      resources:   ["pods"]
-      scope:       Namespaced # "Cluster", "Namespaced", or "*"
-  validations:
-    - expression: |
-        'security' in object.metadata.labels
-        &&
-        object.metadata.labels.security in [ "public", "private", "namespace" ]
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingAdmissionPolicyBinding
-metadata:
-  name: ensure-security-label
-spec:
-  policyName: ensure-security-label
-  # What to do when a policy doesn't validate: Deny, Warn, Audit.
-  # (Note: it doesn't make sense to put Deny and Warn together.)
-  validationActions: [ Deny ]
-  matchResources:
-    namespaceSelector:
-      matchExpressions:
-      - key: kubernetes.io/metadata.name
-        operator: NotIn
-        values: [ kube-system, local-path-storage, kyverno ]
-

prepare-labs/konk.sh

@@ -5,9 +5,6 @@
 # 10% CPU
 # (See https://docs.google.com/document/d/1n0lwp6rQKQUIuo_A5LQ1dgCzrmjkDjmDtNj1Jn92UrI)
 # PRO2-XS = 4 core, 16 gb
-# Note that we also need 2 volumes per vcluster (one for vcluster itself, one for shpod),
-# so we might hit the maximum number of volumes per node!
-# (TODO: check what that limit is on Scaleway and Linode)
 #
 # With vspod:
 # 800 MB RAM
@@ -18,7 +15,7 @@ set -e
 
 KONKTAG=konk
 PROVIDER=linode
-STUDENTS=2
+STUDENTS=5
 
 case "$PROVIDER" in
 linode)

prepare-labs/lib/commands.sh

@@ -479,7 +479,7 @@ _cmd_kubebins() {
     need_tag
 
     if [ "$KUBEVERSION" = "" ]; then
-        KUBEVERSION="$(curl -fsSL https://dl.k8s.io/release/stable.txt | sed s/^v//)"
+        KUBEVERSION="$(curl -fsSL https://cdn.dl.k8s.io/release/stable.txt | sed s/^v//)"
     fi
 
     ##VERSION##
@@ -531,7 +531,7 @@ _cmd_kubepkgs() {
     # minor version, so we need to figure out what minor version we are
     # installing to add the corresponding repo.
     if [ "$KUBEVERSION" = "" ]; then
-        KUBEVERSION="$(curl -fsSL https://dl.k8s.io/release/stable.txt | sed s/^v//)"
+        KUBEVERSION="$(curl -fsSL https://cdn.dl.k8s.io/release/stable.txt | sed s/^v//)"
     fi
     KUBEREPOVERSION="$(echo $KUBEVERSION | cut -d. -f1-2)"
 
@@ -819,7 +819,7 @@ EOF
 
     # Install kustomize
     ##VERSION## https://github.com/kubernetes-sigs/kustomize/releases
-    KUSTOMIZE_VERSION=v5.8.1
+    KUSTOMIZE_VERSION=v5.4.1
     URL=\$GITHUB/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_${ARCH}.tar.gz
     pssh "
     if [ ! -x /usr/local/bin/kustomize ]; then

prepare-labs/terraform/one-kubernetes/vcluster/main.tf

@@ -4,7 +4,7 @@ resource "helm_release" "_" {
   create_namespace = true
   repository       = "https://charts.loft.sh"
   chart            = "vcluster"
-  version          = "0.30.4"
+  version          = "0.27.1"
   values = [
     yamlencode({
       controlPlane = {

slides/_redirects

@@ -2,7 +2,6 @@
 #/ /kube-halfday.yml.html 200!
 #/ /kube-fullday.yml.html 200!
 #/ /kube-twodays.yml.html 200!
-/ /kube.yml.html 200!
 
 # And this allows to do "git clone https://container.training".
 /info/refs service=git-upload-pack https://github.com/jpetazzo/container.training/info/refs?service=git-upload-pack

slides/academy.yml

@@ -0,0 +1,42 @@
+title: "Kubernetes Academy"
+
+exclude:
+- self-paced
+
+content:
+- shared/toc.md
+-
+  - shared/codespaces.md
+  - k8s/concepts-k8s.md
+  - k8s/kubectlget.md
+  - k8s/kubectl-run.md
+  - k8s/deploymentslideshow.md
+  - k8s/kubectlexpose.md
+  - k8s/service-types.md
+  - k8s/accessinternal.md
+  - k8s/kubenet.md
+  - exercises/k8sfundamentals-details.md
+-
+  - k8s/declarative.md
+  - k8s/namespaces.md
+  - shared/yaml.md
+  - k8s/yamldeploy.md
+  - exercises/yaml-dockercoins-details.md
+-
+  - k8s/setup-devel.md
+  - k8s/k9s.md
+
+  - k8s/labels-annotations.md
+  - k8s/kubectl-logs.md
+  - k8s/logs-cli.md
+  - k8s/rollout.md
+  - k8s/healthchecks.md
+  - k8s/healthchecks-more.md
+  - k8s/volumes.md
+  - k8s/configuration.md
+  - k8s/secrets.md
+  - k8s/resource-limits.md
+  - k8s/batch-jobs.md
+  - k8s/ingress.md
+  - k8s/ingress-advanced.md
+  - k8s/gateway-api.md

slides/httpapps.yml

@@ -0,0 +1,54 @@
+title: |
+  Exposing HTTP apps
+  on Kubernetes:
+  Services, Ingress Controllers,
+  and Gateway API
+
+gitrepo: github.com/jpetazzo/container.training
+
+slides: https://container.training/
+
+content:
+- |
+  ## What are we going to learn?
+
+  - Exposing HTTP apps on Kubernetes
+
+  - Recap on Kubernetes Services and networking model
+
+  - Ingress resources and controllers
+
+  - Gateway API
+
+  - Things that make Ingress and Gateway API better:
+
+    - ExternalDNS
+
+    - cert-manager
+
+    - Kyverno
+
+
+#- shared/about-slides.md
+- k8s/prereqs-advanced.md
+- shared/handson.md
+#- k8s/labs-live.md
+#- shared/connecting.md
+- k8s/labs-async.md
+- |
+  class: title
+  Let's get started!
+- shared/toc.md
+-
+  - k8s/demo-apps.md
+  - k8s/kubectlexpose.md
+  - k8s/service-types.md
+  - k8s/kubenet.md
+  - k8s/ingress.md
+  - k8s/ingress-setup.md
+  - k8s/ingress-advanced.md
+  - k8s/externaldns.md
+  - k8s/kyverno.md
+  - k8s/cert-manager.md
+  - k8s/gateway-api.md
+  - k8s/taints-and-tolerations.md

slides/k8s/argocd.md

@@ -61,7 +61,7 @@ ArgoCD manages **applications** by **syncing** their **live state** with their *
 - Create a namespace for ArgoCD and install it there:
   ```bash
   kubectl create namespace argocd
-  kubectl create --namespace argocd -f \
+  kubectl apply --namespace argocd -f \
       https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
   ```
 

slides/k8s/daemonset.md

@@ -729,8 +729,8 @@ class: extra-details
 
 - Relevant documentation:
 
-  [Service spec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec),
-  [LabelSelector spec](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/label-selector/),
+  [Service spec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#servicespec-v1-core),
+  [LabelSelector spec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#labelselector-v1-meta),
   [label selector doc](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors)
 
 ---

slides/kube.yml

@@ -1,101 +0,0 @@
-title: |
-  Kubernetes
-
-chat: "[Mattermost](https://training.enix.io/mattermost)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: https://2026-04-advens.container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-content:
-- shared/title.md
-- logistics.md
-- shared/about-slides.md
-- shared/chat-room-im.md
-- k8s/prereqs-basic.md
-- shared/handson.md
-- k8s/labs-live.md
-#- shared/webssh.md
-- shared/connecting.md
-- k8s/labs-async.md
-- shared/toc.md
-- # 1
-  #- k8s/versions-k8s.md
-  - shared/sampleapp.md
-  #- shared/composescale.md
-  #- shared/hastyconclusions.md
-  - shared/composedown.md
-  - k8s/concepts-k8s.md
-  - k8s/kubectlget.md
-  - k8s/kubectl-run.md
-  - k8s/kubectlexpose.md
-  - k8s/shippingimages.md
-  #- k8s/buildshiprun-selfhosted.md
-  - k8s/buildshiprun-dockerhub.md
-  - exercises/k8sfundamentals-details.md
-  - k8s/ourapponkube.md
-  #- k8s/exercise-wordsmith.md
-- # 2
-  - shared/yaml.md
-  - k8s/service-types.md
-  - k8s/kubenet.md
-  - k8s/labels-annotations.md
-  - k8s/kubectl-logs.md
-  - k8s/logs-cli.md
-  - shared/declarative.md
-  - k8s/declarative.md
-  - k8s/deploymentslideshow.md
-  - k8s/yamldeploy.md
-  - k8s/namespaces.md
-  #- k8s/setup-overview.md
-  #- k8s/setup-devel.md
-  #- k8s/setup-managed.md
-  #- k8s/setup-selfhosted.md
-  - exercises/yaml-dockercoins-details.md
-- # 3
-  #- k8s/kubectlscale.md
-  - k8s/scalingdockercoins.md
-  - shared/hastyconclusions.md
-  - k8s/daemonset.md
-  - k8s/rollout.md
-  - k8s/healthchecks.md
-  #- k8s/healthchecks-more.md
-  - k8s/k9s.md
-  - exercises/healthchecks-details.md
-- # 4
-  - k8s/resource-limits.md
-  - k8s/metrics-server.md
-  - k8s/cluster-sizing.md
-  - k8s/templating.md
-  - k8s/helm-intro.md
-  - k8s/helm-chart-format.md
-  - exercises/reqlim-details.md
-- # 5
-  #- k8s/localkubeconfig.md
-  - k8s/accessinternal.md
-  #- k8s/kubectlproxy.md
-  #- k8s/ingress.md
-  #- k8s/ingress-tls.md
-  #- k8s/ingress-advanced.md
-  #- k8s/gateway-api.md
-  - k8s/volumes.md
-  #- k8s/exercise-configmap.md
-  #- k8s/build-with-docker.md
-  #- k8s/build-with-kaniko.md
-  - k8s/configuration.md
-  - k8s/secrets.md
-  - shared/thankyou.md
-- # EXTRA
-  - |
-    # (Extra stuff...)
-  - k8s/tilt.md
-  - k8s/batch-jobs.md
-  - k8s/kustomize.md
-  - k8s/dashboard.md
-
-

slides/workshop.html

@@ -54,7 +54,7 @@
         mermaid.initialize({ startOnLoad: false });
         slideshow.on('afterShowSlide', function (slide) {
           mermaid.run({
-            nodes: document.querySelectorAll('div.remark-visible pre.mermaid'),
+            nodes: document.querySelectorAll('div.remark-visible.mermaid'),
           });
         });
         // Reminder, if you want to tinker with mermaid,