fix-redirects.sh: adding forced redirect

[cluster-backup] add bivac

slides/1.yml

@@ -1,15 +1,14 @@
 title: |
-  Introduction
-  to Containers
+  Jour 1
+  Fondamentaux
+  Conteneurs & Docker
 
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
+#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
+chat: "[Gitter](https://gitter.im/enix/formation-highfive-202002)"
 
 gitrepo: github.com/jpetazzo/container.training
 
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
+slides: http://2020-02-enix.container.training/
 
 exclude:
 - self-paced
@@ -24,53 +23,47 @@ chapters:
   - containers/Docker_Overview.md
   #- containers/Docker_History.md
   - containers/Training_Environment.md
-  - containers/Installing_Docker.md
+  #- containers/Installing_Docker.md
   - containers/First_Containers.md
   - containers/Background_Containers.md
   - containers/Start_And_Attach.md
--
   - containers/Initial_Images.md
+-
   - containers/Building_Images_Interactively.md
   - containers/Building_Images_With_Dockerfiles.md
   - containers/Cmd_And_Entrypoint.md
--
   - containers/Copying_Files_During_Build.md
   - containers/Exercise_Dockerfile_Basic.md
+-
+  - containers/Naming_And_Inspecting.md
+  #- containers/Labels.md
+  - containers/Getting_Inside.md
+  #- containers/Resource_Limits.md
   - containers/Multi_Stage_Builds.md
   - containers/Publishing_To_Docker_Hub.md
   - containers/Dockerfile_Tips.md
   - containers/Exercise_Dockerfile_Advanced.md
--
-  - containers/Naming_And_Inspecting.md
-  - containers/Labels.md
-  - containers/Getting_Inside.md
-  - containers/Resource_Limits.md
 -
   - containers/Container_Networking_Basics.md
-  - containers/Network_Drivers.md
+  #- containers/Network_Drivers.md
   - containers/Container_Network_Model.md
   #- containers/Connecting_Containers_With_Links.md
-  - containers/Ambassadors.md
--
+  #- containers/Ambassadors.md
   - containers/Local_Development_Workflow.md
-  - containers/Windows_Containers.md
-  - containers/Working_With_Volumes.md
+  #- containers/Windows_Containers.md
+  #- containers/Working_With_Volumes.md
   - containers/Compose_For_Dev_Stacks.md
   - containers/Exercise_Composefile.md
--
-  - containers/Docker_Machine.md
-  - containers/Advanced_Dockerfiles.md
-  - containers/Init_Systems.md
-  - containers/Application_Configuration.md
-  - containers/Logging.md
--
-  - containers/Namespaces_Cgroups.md
-  - containers/Copy_On_Write.md
+  #- containers/Docker_Machine.md
+  #- containers/Advanced_Dockerfiles.md
+  #- containers/Application_Configuration.md
+  #- containers/Logging.md
+  #- containers/Namespaces_Cgroups.md
+  #- containers/Copy_On_Write.md
   #- containers/Containers_From_Scratch.md
--
-  - containers/Container_Engines.md
-  - containers/Pods_Anatomy.md
+  #- containers/Container_Engines.md
   #- containers/Ecosystem.md
-  - containers/Orchestration_Overview.md
+  #- containers/Orchestration_Overview.md
+-
   - shared/thankyou.md
   - containers/links.md

slides/2.yml

@@ -0,0 +1,57 @@
+title: |
+  Jour 2
+  Fondamentaux 
+  Orchestration
+  & Kubernetes
+
+#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
+chat: "[Gitter](https://gitter.im/enix/formation-highfive-202002)"
+
+gitrepo: github.com/jpetazzo/container.training
+
+slides: http://2020-02-enix.container.training/
+
+exclude:
+- self-paced
+
+chapters:
+- shared/title.md
+- logistics.md
+- k8s/intro.md
+- shared/about-slides.md
+- shared/toc.md
+-
+  - shared/prereqs.md
+  #- shared/webssh.md
+  - shared/connecting.md
+  - k8s/versions-k8s.md
+  - shared/sampleapp.md
+  - shared/composedown.md
+  - k8s/concepts-k8s.md
+  - k8s/kubectlget.md
+-
+  - k8s/kubectlrun.md
+  - k8s/logs-cli.md
+  - shared/declarative.md
+  - k8s/declarative.md
+  - k8s/deploymentslideshow.md
+  - k8s/kubenet.md
+  - k8s/kubectlexpose.md
+-
+  - k8s/shippingimages.md
+  - k8s/buildshiprun-dockerhub.md
+  - k8s/ourapponkube.md
+  - k8s/yamldeploy.md
+  - k8s/scalingdockercoins.md
+  - shared/hastyconclusions.md
+  - k8s/daemonset.md
+-
+  - k8s/rollout.md
+  #- k8s/dryrun.md
+  - k8s/healthchecks.md
+  #- k8s/healthchecks-more.md
+  #- k8s/record.md
+  #- k8s/dashboard.md
+  - k8s/ingress.md
+-
+  - shared/thankyou.md

slides/3.yml

@@ -0,0 +1,81 @@
+title: |
+  Jour 3
+  Méthodologies DevOps
+
+#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
+chat: "[Gitter](https://gitter.im/enix/formation-highfive-202002)"
+
+gitrepo: github.com/jpetazzo/container.training
+
+slides: http://2020-02-enix.container.training/
+
+exclude:
+- self-paced
+- hide-exercise
+
+chapters:
+- shared/title.md
+- logistics.md
+- k8s/intro.md
+- shared/about-slides.md
+- shared/toc.md
+-
+  - shared/prereqs.md
+  - shared/connecting.md
+  # Bien démarrer en local (minikube, kind)
+  - shared/sampleapp.md
+  - k8s/software-dev-banalities.md
+  - k8s/on-desktop.md
+  - k8s/volumes.md
+  - k8s/namespaces.md
+  - k8s/localkubeconfig.md
+  - k8s/accessinternal.md
+  - k8s/testing.md
+
+-
+  - k8s/configuration.md
+  - k8s/sealed-secrets.md
+  - k8s/kustomize.md
+  - k8s/helm-intro.md
+  - k8s/helm-chart-format.md
+  - k8s/helm-secrets.md
+
+-
+  - k8s/shippingimages.md
+  - k8s/registries.md
+  - k8s/stop-manual.md
+  - k8s/ci-cd.md
+  - k8s/exercise-ci-build.md
+  - k8s/kaniko.md
+  - k8s/exercise-ci-kaniko.md
+  - k8s/rollout.md
+  - k8s/advanced-rollout.md
+  - k8s/devs-and-ops-joined-topics.md
+
+-
+  - k8s/prometheus-endpoint.md
+  - k8s/exercise-prometheus.md
+  - k8s/opentelemetry.md
+  - k8s/exercise-opentelemetry.md
+  - k8s/kubernetes-security.md
+
+    #- |
+    #  # (Automatiser)
+    #- |
+    #  # Fabrication d'image
+    #- |
+    #  # Skaffold
+    #- |
+    #  # Registries
+    #- |
+    #  # Gitlab, CI
+    #- |
+    #  # ROllout avancé, blue green, canary
+    #- |
+    #  # Monitoring applicatif
+    #- |
+    #  # Prometheus Grafana
+    #- |
+    #  # Telemetry
+-
+  - shared/thankyou.md

slides/4.yml

@@ -0,0 +1,40 @@
+title: |
+  Jour 4
+  Kubernetes Avancé
+
+#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
+chat: "[Gitter](https://gitter.im/enix/formation-highfive-202002)"
+
+gitrepo: github.com/jpetazzo/container.training
+
+slides: http://2020-02-enix.container.training/
+
+exclude:
+- self-paced
+
+chapters:
+- shared/title.md
+- logistics.md
+- k8s/intro.md
+- shared/about-slides.md
+- shared/toc.md
+-
+  - k8s/netpol.md
+  - k8s/authn-authz.md
+-
+  - k8s/statefulsets.md
+  - k8s/local-persistent-volumes.md
+  - k8s/portworx.md
+-
+  - k8s/resource-limits.md
+  - k8s/metrics-server.md
+  - k8s/cluster-sizing.md
+  - k8s/horizontal-pod-autoscaler.md
+-
+  - k8s/prometheus.md
+  - k8s/logs-centralized.md
+  - k8s/extending-api.md
+  - k8s/operators.md
+  #- k8s/operators-design.md
+-
+  - shared/thankyou.md

slides/5.yml

@@ -0,0 +1,42 @@
+title: |
+  Jour 5
+  Opérer Kubernetes
+
+#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
+chat: "[Gitter](https://gitter.im/enix/formation-highfive-202002)"
+
+gitrepo: github.com/jpetazzo/container.training
+
+slides: http://2020-02-enix.container.training/
+
+exclude:
+- self-paced
+
+chapters:
+- shared/title.md
+- logistics.md
+- k8s/intro.md
+- shared/about-slides.md
+- shared/toc.md
+-
+  - k8s/prereqs-admin.md
+  - k8s/architecture.md
+  - k8s/deploymentslideshow.md
+  - k8s/dmuc.md
+-
+  - k8s/multinode.md
+  - k8s/cni.md
+-
+  - k8s/apilb.md
+  #- k8s/setup-managed.md
+  #- k8s/setup-selfhosted.md
+  - k8s/cluster-upgrade.md
+  - k8s/cluster-backup.md
+  - k8s/staticpods.md
+-
+  - k8s/control-plane-auth.md
+  - k8s/csr-api.md
+  - k8s/openid-connect.md
+  - k8s/podsecuritypolicy.md
+-
+  - shared/thankyou.md

slides/_redirects

@@ -2,6 +2,7 @@
 #/ /kube-halfday.yml.html 200
 #/ /kube-fullday.yml.html 200
 #/ /kube-twodays.yml.html 200
+/ /menu.html 200!
 
 # And this allows to do "git clone https://container.training".
 /info/refs service=git-upload-pack https://github.com/jpetazzo/container.training/info/refs?service=git-upload-pack

slides/intro-selfpaced.yml

@@ -1,67 +0,0 @@
-title: |
-  Introduction
-  to Containers
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- in-person
-
-chapters:
-- shared/title.md
-# - shared/logistics.md
-- containers/intro.md
-- shared/about-slides.md
-- shared/toc.md
-- - containers/Docker_Overview.md
-  - containers/Docker_History.md
-  - containers/Training_Environment.md
-  - containers/Installing_Docker.md
-  - containers/First_Containers.md
-  - containers/Background_Containers.md
-  - containers/Start_And_Attach.md
-- - containers/Initial_Images.md
-  - containers/Building_Images_Interactively.md
-  - containers/Building_Images_With_Dockerfiles.md
-  - containers/Cmd_And_Entrypoint.md
-  - containers/Copying_Files_During_Build.md
-  - containers/Exercise_Dockerfile_Basic.md
-- - containers/Multi_Stage_Builds.md
-  - containers/Publishing_To_Docker_Hub.md
-  - containers/Dockerfile_Tips.md
-  - containers/Exercise_Dockerfile_Advanced.md
-- - containers/Naming_And_Inspecting.md
-  - containers/Labels.md
-  - containers/Getting_Inside.md
-- - containers/Container_Networking_Basics.md
-  - containers/Network_Drivers.md
-  - containers/Container_Network_Model.md
-  #- containers/Connecting_Containers_With_Links.md
-  - containers/Ambassadors.md
-- - containers/Local_Development_Workflow.md
-  - containers/Windows_Containers.md
-  - containers/Working_With_Volumes.md
-  - containers/Compose_For_Dev_Stacks.md
-  - containers/Exercise_Composefile.md
-  - containers/Docker_Machine.md
-- - containers/Advanced_Dockerfiles.md
-  - containers/Init_Systems.md
-  - containers/Application_Configuration.md
-  - containers/Logging.md
-  - containers/Resource_Limits.md
-- - containers/Namespaces_Cgroups.md
-  - containers/Copy_On_Write.md
-  #- containers/Containers_From_Scratch.md
-- - containers/Container_Engines.md
-  - containers/Pods_Anatomy.md
-  - containers/Ecosystem.md
-  - containers/Orchestration_Overview.md
-  - shared/thankyou.md
-  - containers/links.md

slides/k8s/Exercise_gitlab_build.md

@@ -0,0 +1,5 @@
+# Exercise -- write a simple pipeline
+
+Let's create a simple pipeline with gitlab
+
+The code is at: https://github.com/enix/kubecoin-build

slides/k8s/advanced-rollout.md

@@ -0,0 +1,76 @@
+# Advanced Rollout
+
+- In some cases the built-in mechanism of kubernetes is not enough.
+
+- You want more control on the rollout, include a feedback of the monitoring, deploying
+on multiple clusters, etc
+
+- Two "main" strategies exist here:
+
+   - canary deployment
+   - blue/green deployment
+
+---
+## Canary deployment
+
+- focus on one component of the stack
+
+    - deploy a new version of the component close to the production
+    - redirect some portion of prod traffic to new version
+    - scale up new version, redirect more traffic, checking everything is ok
+    - scale down old version
+    - move component to component with the same procedure
+
+- That's what kubernetes does by default, but does every components at the same time
+
+- Could be paired with `kubectl wait --for` and applying component sequentially,
+    for hand made canary deployement
+
+---
+## Blue/Green deployment
+
+- focus on entire stack
+
+    - deploy a new stack
+    - check the new stack work as espected
+    - put traffic on new stack, rollback if any goes wrong
+    - garbage collect the previous infra structure
+
+- there is nothing like that by default in kubernetes
+
+- helm chart with multiple releases is the closest one
+
+- could be paired with ingress feature like `nginx.ingress.kubernetes.io/canary-*`
+
+---
+## Not hand-made ?
+
+There is a few additionnal controllers that help achieving those kind of rollout behaviours
+
+They leverage kubernetes API at different levels to achieve this goal.
+
+---
+## Spinnaker
+
+- https://www.spinnaker.io
+
+- Help to deploy the same app on multiple cluster.
+
+- Is able to analyse rollout status (canary analysis) and correlate it to monitoring
+
+- Rollback if anything goes wrong
+
+- also support Blue/Green
+
+- Configuration done via UI
+
+---
+## Argo-rollout
+
+- https://github.com/argoproj/argo-rollouts
+
+- Replace your deployments with CRD (Custom Resource Definition) "deployment-like"
+
+- Full control via CRDs
+
+- BlueGreen and Canary deployment

slides/k8s/ci-cd.md

@@ -0,0 +1,51 @@
+## Jenkins / Jenkins-X
+
+- Multi-purpose CI
+
+- Self-hosted CI for kubernetes
+
+- create a namespace per commit and apply manifests in the namespace
+  </br>
+  "A deploy per feature-branch"
+
+.small[
+```shell
+curl -L "https://github.com/jenkins-x/jx/releases/download/v2.0.1103/jx-darwin-amd64.tar.gz" | tar xzv jx
+./jx boot
+```
+]
+
+---
+
+## GitLab
+
+- Repository + registry + CI/CD integrated all-in-one
+
+```shell
+helm repo add gitlab https://charts.gitlab.io/
+helm install gitlab gitlab/gitlab
+```
+
+---
+
+## ArgoCD / flux
+
+- Watch a git repository and apply changes to kubernetes
+
+- provide UI to see changes, rollback
+
+.small[
+```shell
+kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
+```
+]
+
+---
+
+## Tekton / knative
+
+- knative is serverless project from google
+
+- Tekton leverages knative to run pipelines
+
+- not really user friendly today, but stay tune for wrappers/products

slides/k8s/cluster-backup.md

@@ -360,3 +360,7 @@ docker run --rm --net host -v $PWD:/vol \
 - [kube-backup](https://github.com/pieterlange/kube-backup)
 
   simple scripts to save resource YAML to a git repository
+  
+- [bivac](https://github.com/camptocamp/bivac) 
+
+  Backup Interface for Volumes Attached to Containers 

slides/k8s/cluster-sizing.md

@@ -154,7 +154,7 @@ class: extra-details
 
 - "Running Kubernetes without nodes"
 
-- Systems like [Virtual Kubelet](https://virtual-kubelet.io/) or Kiyot can run pods using on-demand resources
+- Systems like [Virtual Kubelet](https://virtual-kubelet.io/) or [Kiyot](https://static.elotl.co/docs/latest/kiyot/kiyot.html) can run pods using on-demand resources
 
   - Virtual Kubelet can leverage e.g. ACI or Fargate to run pods
 

slides/k8s/cni.md

@@ -28,7 +28,7 @@ The reference plugins are available [here].
 
 Look in each plugin's directory for its documentation.
 
-[here]: https://github.com/containernetworking/plugins/tree/master/plugins
+[here]: https://github.com/containernetworking/plugins
 
 ---
 

slides/k8s/devs-and-ops-joined-topics.md

@@ -0,0 +1,10 @@
+## We are done, what else ?
+
+We have seen what means developping an application on kubernetes.
+
+There still few subjects to tackle that are not purely relevant for developers
+
+They have *some involvement* for developers:
+
+- Monitoring
+- Security

slides/k8s/exercise-ci-build.md

@@ -0,0 +1,5 @@
+## Exercise - building with Kubernetes
+
+- Let's go to https://github.com/enix/kubecoin
+
+- Our goal is to follow the instructions and complete exercise #1

slides/k8s/exercise-ci-kaniko.md

@@ -0,0 +1,3 @@
+## Exercice - build with kaniko
+
+Complete exercise #2, (again code at: https://github.com/enix/kubecoin )

slides/k8s/exercise-opentelemetry.md

@@ -0,0 +1,5 @@
+## Exercice - monitor with opentelemetry
+
+Complete exercise #5, (again code at: https://github.com/enix/kubecoin )
+
+*Note: Not all daemon are "ready" for opentelemetry, only `rng` and `worker`

slides/k8s/exercise-prometheus.md

@@ -0,0 +1,5 @@
+## Exercice - monitor with prometheus
+
+Complete exercise #4, (again code at: https://github.com/enix/kubecoin )
+
+*Note: Not all daemon are "ready" for prometheus, only `hasher` and `redis`

slides/k8s/extending-api.md

@@ -151,7 +151,7 @@ There are many possibilities!
 
 - Replacing built-in types with CRDs
 
-  (see [this lightning talk by Tim Hockin](https://www.youtube.com/watch?v=ji0FWzFwNhA&index=2&list=PLj6h78yzYM2PZf9eA7bhWnIh_mK1vyOfU))
+  (see [this lightning talk by Tim Hockin](https://www.youtube.com/watch?v=ji0FWzFwNhA))
 
 ---
 

slides/k8s/kaniko.md

@@ -0,0 +1,34 @@
+## Privileged container
+
+- Running privileged container could be really harmful for the node it run on.
+
+- Getting control of a node could expose other containers in the cluster and the cluster itself
+
+- It's even worse when it is docker that run in this privileged container
+
+- `docker build` doesn't allow to run privileged container for building layer
+
+- nothing forbid to run `docker run --privileged`
+
+---
+## Kaniko
+
+- https://github.com/GoogleContainerTools/kaniko
+
+- *kaniko doesn't depend on a Docker daemon and executes each command
+within a Dockerfile completely in userspace*
+
+- Kaniko is only a build system, there is no runtime like docker does
+
+- generates OCI compatible image, so could be run on Docker or other CRI
+
+- use a different cache system than Docker
+
+---
+## Rootless docker and rootless buildkit
+
+- This is experimental
+
+- Have a lot of requirement of kernel param, options to set
+
+- But it exists

slides/k8s/kubernetes-security.md

@@ -0,0 +1,78 @@
+# Security and kubernetes
+
+There are many mechanisms in kubernetes to ensure the security.
+Obviously the more you constrain your app, the better.
+
+There is also mechanism to forbid "unsafe" application to be launched on
+kubernetes, but that's more for ops-guys 😈 (more on that next days)
+
+Let's focus on what can we do on the developer latop, to make app
+compatible with secure system, enforced or not (it's always a good practice)
+
+---
+## No container in privileged mode
+
+- risks:
+   - If one privileged container get compromised,
+     we basically get full access to the node from within a container
+     (not need to tamper auth logs, alter binary).
+
+   - Sniffing networks allow often to get access to the entire cluster.
+
+- how to avoid:
+   ```
+   [...]
+   spec:
+     containers:
+       - name: foo
+         securityContext:
+           privileged: false
+   ```
+
+   Luckily that's the default !
+
+---
+## No container run as "root"
+
+- risks:
+   - bind mounting a directory like /usr/bin allow to change node system core
+     </br>ex: copy a tampered version of "ping", wait for an admin to login
+     and to issue a ping command and bingo !
+
+- how to avoid:
+
+   ```
+   [...]
+   spec:
+     containers:
+       - name: foo
+         securityContext:
+           runAsUser: 1000
+           runAsGroup: 100
+   ```
+   - The default is to use the image default
+
+   - If your writing your own Dockerfile, don't forget about the `USER` instruction
+---
+## Capabilities
+
+- You can give capabilities one-by-one to a container
+
+- It's useful if you need more capabilities (for some reason), but not grating 'root' privileged
+
+- risks: no risks whatsoever, except by granting a big list of capabilities
+
+- how to use:
+   ```
+   [...]
+   spec:
+     containers:
+       - name: foo
+         securityContext:
+           capabilities:
+             add: ["NET_ADMIN", "SYS_TIME"]
+             drop: []
+   ```
+   The default use the container runtime defaults
+
+- and we can also drop default capabilities granted by the container runtime !

slides/k8s/on-desktop.md

@@ -0,0 +1,179 @@
+# Development Workflow
+
+In this section we will see how to set up a local development workflow.
+
+We will list multiple options.
+
+Keep in mind that we don't have to use *all* these tools!
+
+It's up to the developer to find what best suits them.
+
+---
+
+## What does it mean to develop on Kubernetes ?
+
+In theory, the generic workflow is:
+
+1. Make changes to our code or edit a Dockerfile
+
+2. Build a new Docker image with a new tag
+
+3. Push that Docker image to a registry
+
+4. Update the YAML or templates referencing that Docker image
+   <br/>(e.g. of the corresponding Deployment, StatefulSet, Job ...)
+
+5. Apply the YAML or templates
+
+6. Are we satisfied with the result?
+   <br/>No → go back to step 1 (or step 4 if the image is OK)
+   <br/>Yes → commit and push our changes to source control
+
+---
+
+## A few quirks
+
+In practice, there are some details that make this workflow more complex.
+
+- We need a Docker container registry to store our images
+  <br/>
+  (for Open Source projects, a free Docker Hub account works fine)
+
+- We need to set image tags properly, hopefully automatically
+
+- If we decide to use a fixed tag (like `:latest`) instead:
+
+  - we need to specify `imagePullPolicy=Always` to force image pull
+
+  - we need to trigger a rollout when we want to deploy a new image
+    <br/>(with `kubectl rollout restart` or by killing the running pods)
+
+- We need a fast internet connection to push the images
+
+- We need to regularly clean up the registry to avoid accumulating old images
+
+---
+
+## When developing locally
+
+- If we work with a local cluster, pushes and pulls are much faster
+
+- Even better, with a one-node cluster, most of these problems disappear
+
+- If we build and run the images on the same node, ...
+
+  - we don't need to push images
+
+  - we don't need a fast internet connection
+
+  - we don't need a registry
+
+  - we can use bind mounts to edit code locally and make changes available immediately in running containers
+
+- This means that it is much simpler to deploy to local development environment (like Minikube, Docker Desktop ...) than to a "real" cluster
+
+---
+
+## Minikube
+
+- Start a VM with the hypervisor of your choice: VirtualBox, kvm, Hyper-V ...
+
+- Well supported by the Kubernetes community
+
+- Lot of addons
+
+- Easy cleanup: delete the VM with `minikube delete`
+
+- Bind mounts depend on the underlying hypervisor
+
+  (they may require additionnal setup)
+
+---
+
+## Docker Desktop
+
+- Available for Mac and Windows
+
+- Start a VM with the appropriate hypervisor (even better!)
+
+- Bind mounts work out of the box
+
+```yaml
+volumes:
+- name: repo_dir
+  hostPath:
+    path: /C/Users/Enix/my_code_repository
+```
+
+- Ingress and other addons need to be installed manually
+
+---
+
+## Kind
+
+- Kubernetes-in-Docker
+
+- Uses Docker-in-Docker to run Kubernetes
+  <br/>
+  (technically, it's more like Containerd-in-Docker)
+
+- We don't get a real Docker Engine (and cannot build Dockerfiles)
+
+- Single-node by default, but multi-node clusters are possible
+
+- Very convenient to test Kubernetes deployments when only Docker is available
+  <br/>
+  (e.g. on public CI services like Travis, Circle, GitHub Actions ...)
+
+- Bind mounts require extra configuration
+
+- Extra configuration for a couple of addons, totally custom for other
+
+- Doesn't work with BTRFS (sorry BTRFS users😢)
+
+---
+
+## microk8s
+
+- Distribution of Kubernetes using Snap
+
+  (Snap is a container-like method to install software)
+
+- Available on Ubuntu and derivatives
+
+- Bind mounts work natively (but require extra setup if we run in a VM)
+
+- Big list of addons; easy to install
+
+---
+
+## Proper tooling
+
+The simple workflow seems to be:
+
+- set up a one-node cluster with one of the methods mentioned previously,
+
+- find the remote Docker endpoint,
+
+- configure the `DOCKER_HOST` variable to use that endpoint,
+
+- follow the previous 7-step workflow.
+
+Can we do better?
+
+---
+
+## Helpers
+
+- Skaffold (https://skaffold.dev/):
+    - build with docker, kaniko, google builder
+    - install with pure yaml manifests, kustomize, helm
+
+- Tilt (https://tilt.dev/)
+    - Tiltfile is programmatic format (python ?)
+    - Primitive for building with docker
+    - Primitive for deploying with pure yaml manifests, kustomize, helm
+
+- Garden (https://garden.io/)
+
+- Forge (https://forge.sh/)

slides/k8s/opentelemetry.md

@@ -0,0 +1,84 @@
+# OpenTelemetry
+
+*OpenTelemetry* is a "tracing" framework.
+
+It's a fusion of two other frameworks:
+*OpenTracing* and *OpenCensus*.
+
+Its goal is to provide deep integration with programming languages and
+application frameworks to enabled deep dive tracing of different events accross different components.
+
+---
+
+## Span ! span ! span !
+
+- A unit of tracing is called a *span*
+
+- A span has: a start time, a stop time, and an ID
+
+- It represents an action that took some time to complete
+
+  (e.g.: function call, database transaction, REST API call ...)
+
+- A span can have a parent span, and can have multiple child spans
+
+  (e.g.: when calling function `B`, sub-calls to `C` and `D` were issued)
+
+- Think of it as a "tree" of calls
+
+---
+
+## Distributed tracing
+
+- When two components interact, their spans can be connected together
+
+- Example: microservice `A` sends a REST API call to microservice `B`
+
+    - `A` will have a span for the call to `B`
+
+    - `B` will have a span for the call from `A`
+       <br/>(that normally starts shortly after, and finishes shortly before)
+
+    - the span of `A` will be the parent of the span of `B`
+
+    - they join the same "tree" of calls
+
+<!-- FIXME the thing below? -->
+
+details: `A` will send headers (depends of the protocol used) to tag the span ID,
+so that `B` can generate child span and joining the same tree of call
+
+---
+
+## Centrally stored
+
+- What do we do with all these spans?
+
+- We store them!
+
+- In the previous exemple:
+
+    - `A` will send trace information to its local agent
+    - `B` will do the same
+    - every span will end up in the same DB
+    - at a later point, we can reconstruct the "tree" of call and analyze it
+
+- There are multiple implementations of this stack (agent + DB + web UI)
+
+  (the most famous open source ones are Zipkin and Jaeger)
+
+---
+
+## Data sampling
+
+- Do we store *all* the spans?
+
+  (it looks like this could need a lot of storage!)
+
+- No, we can use *sampling*, to reduce storage and network requirements
+
+- Smart sampling is applied directly in the application to save CPU if span is not needed
+
+- It also insures that if a span is marked as sampled, all child span are sampled as well
+
+    (so that the tree of call is complete)

slides/k8s/prometheus-endpoint.md

@@ -0,0 +1,150 @@
+# Prometheus
+
+Prometheus is a monitoring system with a small storage I/O footprint.
+
+It's quite ubiquitous in the Kubernetes world.
+
+This section is not an in-depth description of Prometheus.
+
+*Note: More on Prometheus next day!*
+
+<!--
+FIXME maybe just use prometheus.md and add this file after it?
+This way there is not need to write a Prom intro.
+-->
+
+---
+
+## Prometheus exporter
+
+- Prometheus *scrapes* (pulls) metrics from *exporters*
+
+- A Prometheus exporter is an HTTP endpoint serving a response like this one:
+
+```
+ # HELP http_requests_total The total number of HTTP requests.
+ # TYPE http_requests_total counter
+ http_requests_total{method="post",code="200"} 1027 1395066363000
+ http_requests_total{method="post",code="400"}    3 1395066363000
+
+ # Minimalistic line:
+ metric_without_timestamp_and_labels 12.47
+```
+
+- Our goal, as a developer, will be to expose such an endpoint to Prometheus
+
+---
+
+## Implementing a Prometheus exporter
+
+Multiple strategies can be used:
+
+- Implement the exporter in the application itself
+
+  (especially if it's already an  HTTP server)
+
+- Use building blocks that may already expose such an endpoint
+
+  (puma, uwsgi)
+
+- Add a sidecar exporter that leverages and adapts an existing monitoring channel
+
+  (e.g. JMX for Java applications)
+
+---
+
+## Implementing a Prometheus exporter
+
+- The Prometheus client libraries are often the easiest solution
+
+- They offer multiple ways of integration, including:
+
+  - "I'm already running a web server, just add a monitoring route"
+
+  - "I don't have a web server (or I want another one), please run one in a thread"
+
+- Client libraries for various languages:
+
+  - https://github.com/prometheus/client_python
+
+  - https://github.com/prometheus/client_ruby
+
+  - https://github.com/prometheus/client_golang
+
+  (Can you see the pattern?)
+
+---
+
+## Adding a sidecar exporter
+
+- There are many exporters available already:
+
+  https://prometheus.io/docs/instrumenting/exporters/
+
+- These are "translators" from one monitoring channel to another
+
+- Writing your own is not complicated
+
+  (using the client libraries mentioned previously)
+
+- Avoid exposing the internal monitoring channel more than enough
+
+  (the app and its sidecars run in the same network namespace,
+  <br/>so they can communicate over `localhost`)
+
+---
+
+## Configuring the Prometheus server
+
+- We need to tell the Prometheus server to *scrape* our exporter
+
+- Prometheus has a very flexible "service discovery" mechanism
+
+  (to discover and enumerate the targets that it should scrape)
+
+- Depending on how we installed Prometheus, various methods might be available
+
+---
+
+## Configuring Prometheus, option 1
+
+- Edit `prometheus.conf`
+
+- Always possible
+
+  (we should always have a Prometheus configuration file somewhere!)
+
+- Dangerous and error-prone
+
+  (if we get it wrong, it is very easy to break Prometheus)
+
+- Hard to maintain
+
+  (the file will grow over time, and might accumulate obsolete information)
+
+---
+
+## Configuring Prometheus, option 2
+
+- Add *annotations* to the pods or services to monitor
+
+- We can do that if Prometheus is installed with the official Helm chart
+
+- Prometheus will detect these annotations and automatically start scraping
+
+- Example:
+  ```yaml
+    annotations:
+      prometheus.io/port: 9090
+      prometheus.io/path: /metrics
+  ```
+
+---
+
+## Configuring Prometheus, option 3
+
+- Create a ServiceMonitor custom resource
+
+- We can do that if we are using the CoreOS Prometheus operator
+
+- See the [Prometheus operator documentation](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) for more details

slides/k8s/registries.md

@@ -0,0 +1,99 @@
+# Registries
+
+- There are lots of options to ship our container images to a registry
+
+- We can group them depending on some characteristics:
+
+- SaaS or self-hosted
+
+- with or without a build system
+
+---
+
+## Docker registry
+
+- Self-hosted and [open source](https://github.com/docker/distribution)
+
+- Runs in a single Docker container
+
+- Supports multiple storage backends
+
+- Supports basic authentication out of the box
+
+- [Other authentication schemes](https://docs.docker.com/registry/deploying/#more-advanced-authentication) through proxy or delegation
+
+- No build system
+
+- To run it with the Docker engine:
+
+  ```shell
+  docker run -d -p 5000:5000 --name registry registry:2
+  ```
+
+- Or use the dedicated plugin in minikube, microk8s, etc.
+
+---
+
+## Harbor
+
+- Self-hostend and [open source](https://github.com/goharbor/harbor)
+
+- Supports both Docker images and Helm charts
+
+- Advanced authentification mechanism
+
+- Multi-site synchronisation
+
+- Vulnerability scanning
+
+- No build system
+
+- To run it with Helm:
+  ```shell
+  helm repo add harbor https://helm.goharbor.io
+  helm install my-release harbor/harbor
+  ```
+
+---
+
+## Gitlab
+
+- Available both as a SaaS product and self-hosted
+
+- SaaS product is free for open source projects; paid subscription otherwise
+
+- Some parts are [open source](https://gitlab.com/gitlab-org/gitlab-foss/)
+
+- Integrated CI
+
+- No build system (but a custom build system can be hooked to the CI)
+
+- To run it with Helm:
+  ```shell
+  helm repo add gitlab https://charts.gitlab.io/
+  helm install gitlab gitlab/gitlab
+  ```
+
+---
+
+## Docker Hub
+
+- SaaS product: [hub.docker.com](https://hub.docker.com)
+
+- Free for public image; paid subscription for private ones
+
+- Build system included
+
+---
+
+## Quay
+
+- Available both as a SaaS product (Quay) and self-hosted ([quay.io](https://quay.io))
+
+- SaaS product is free for public repositories; paid subscription otherwise
+
+- Some components of Quay and quay.io are open source
+
+  (see [Project Quay](https://www.projectquay.io/) and the [announcement](https://www.redhat.com/en/blog/red-hat-introduces-open-source-project-quay-container-registry))
+
+- Build system included

slides/k8s/rollout.md

@@ -80,6 +80,7 @@
 - Rolling updates can be monitored with the `kubectl rollout` subcommand
 
 ---
+class: hide-exercise
 
 ## Rolling out the new `worker` service
 
@@ -109,6 +110,7 @@
 That rollout should be pretty quick. What shows in the web UI?
 
 ---
+class: hide-exercise
 
 ## Give it some time
 
@@ -131,6 +133,7 @@ That rollout should be pretty quick. What shows in the web UI?
   (The grace period is 30 seconds, but [can be changed](https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods) if needed)
 
 ---
+class: hide-exercise
 
 ## Rolling out something invalid
 
@@ -148,10 +151,10 @@ That rollout should be pretty quick. What shows in the web UI?
   kubectl rollout status deploy worker
   ```
 
-<!--
+/<!--
 ```wait Waiting for deployment```
 ```key ^C```
--->
+/-->
 
 ]
 
@@ -162,6 +165,7 @@ Our rollout is stuck. However, the app is not dead.
 (After a minute, it will stabilize to be 20-25% slower.)
 
 ---
+class: hide-exercise
 
 ## What's going on with our rollout?
 
@@ -202,6 +206,7 @@ class: extra-details
 - Our rollout is stuck at this point!
 
 ---
+class: hide-exercise
 
 ## Checking the dashboard during the bad rollout
 
@@ -218,6 +223,7 @@ If you didn't deploy the Kubernetes dashboard earlier, just skip this slide.
 ]
 
 ---
+class: hide-exercise
 
 ## Recovering from a bad rollout
 
@@ -240,6 +246,7 @@ If you didn't deploy the Kubernetes dashboard earlier, just skip this slide.
 ]
 
 ---
+class: hide-exercise
 
 ## Rolling back to an older version
 
@@ -250,6 +257,7 @@ If you didn't deploy the Kubernetes dashboard earlier, just skip this slide.
 - How can we get back to the previous version?
 
 ---
+class: hide-exercise
 
 ## Multiple "undos"
 
@@ -269,6 +277,7 @@ If you didn't deploy the Kubernetes dashboard earlier, just skip this slide.
 🤔 That didn't work.
 
 ---
+class: hide-exercise
 
 ## Multiple "undos" don't work
 
@@ -291,6 +300,8 @@ If you didn't deploy the Kubernetes dashboard earlier, just skip this slide.
 
 ---
 
+class: hide-exercise
+
 ## In this specific scenario
 
 - Our version numbers are easy to guess
@@ -301,6 +312,8 @@ If you didn't deploy the Kubernetes dashboard earlier, just skip this slide.
 
 ---
 
+class: hide-exercise
+
 ## Listing versions
 
 - We can list successive versions of a Deployment with `kubectl rollout history`
@@ -321,6 +334,7 @@ We might see something like 1, 4, 5.
 (Depending on how many "undos" we did before.)
 
 ---
+class: hide-exercise
 
 ## Explaining deployment revisions
 
@@ -340,6 +354,7 @@ We might see something like 1, 4, 5.
 ---
 
 class: extra-details
+class: hide-exercise
 
 ## What about the missing revisions?
 
@@ -354,6 +369,7 @@ class: extra-details
   (if we wanted to!)
 
 ---
+class: hide-exercise
 
 ## Rolling back to an older version
 
@@ -373,6 +389,7 @@ class: extra-details
 ---
 
 class: extra-details
+class: hide-exercise
 
 ## Changing rollout parameters
 
@@ -380,7 +397,7 @@ class: extra-details
 
   - revert to `v0.1`
   - be conservative on availability (always have desired number of available workers)
-  - go slow on rollout speed (update only one pod at a time) 
+  - go slow on rollout speed (update only one pod at a time)
   - give some time to our workers to "warm up" before starting more
 
 The corresponding changes can be expressed in the following YAML snippet:
@@ -404,6 +421,7 @@ spec:
 ---
 
 class: extra-details
+class: hide-exercise
 
 ## Applying changes through a YAML patch
 
@@ -434,6 +452,6 @@ class: extra-details
   kubectl get deploy -o json worker |
           jq "{name:.metadata.name} + .spec.strategy.rollingUpdate"
   ```
-  ] 
+  ]
 
 ]

slides/k8s/sealed-secrets.md

@@ -0,0 +1,72 @@
+# sealed-secrets
+
+- https://github.com/bitnami-labs/sealed-secrets
+
+- has a server side (standard kubernetes deployment) and a client side *kubeseal* binary
+
+- server-side start by generating a key pair, keep the private, expose the public.
+
+- To create a sealed-secret, you only need access to public key
+
+- You can enforce access with RBAC rules of kubernetes
+
+---
+
+## sealed-secrets how to
+
+- adding a secret: *kubeseal* will cipher it with the public key
+
+- server side controller will re-create original secret, when the ciphered one are added to the cluster
+
+- it makes it "safe" to add those secret to your source tree
+
+- since version 0.9 key rotation are enable by default, so remember to backup private keys regularly.
+  </br> (or you won't be able to decrypt all you keys, in a case of *disaster recovery*)
+
+
+---
+
+## First "sealed-secret"
+
+
+.exercise[
+- Install *kubeseal*
+  ```bash
+  wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.9.7/kubeseal-linux-amd64 -O kubeseal
+  sudo install -m 755 kubeseal /usr/local/bin/kubeseal
+  ```
+
+- Install controller
+  ```bash
+  helm install -n kube-system sealed-secrets-controller stable/sealed-secrets
+  ```
+
+- Create a secret you don't want to leak
+  ```bash
+  kubectl create secret generic --from-literal=foo=bar my-secret -o yaml --dry-run \
+    | kubeseal > mysecret.yaml
+  kubectl apply -f mysecret.yaml
+  ```
+]
+
+---
+
+## Alternative: sops / git crypt
+
+- You can work a VCS level (ie totally abstracted from kubernetess)
+
+- sops (https://github.com/mozilla/sops), VCS agnostic, encrypt portion of files
+
+- git-crypt that work with git to transparently encrypt (some) files in git
+
+---
+
+## Other alternative
+
+- You can delegate secret management to another component like *hashicorp vault*
+
+- Can work in multiple ways:
+
+   - encrypt secret from API-server (instead of the much secure *base64*)
+   - encrypt secret before sending it in kubernetes (avoid git in plain text)
+   - manager secret entirely in vault and expose to the container via volume

slides/k8s/software-dev-banalities.md

@@ -0,0 +1,15 @@
+## Software development
+
+From years, decades, (centuries !), software development has followed the same principles:
+
+- Development
+
+- Testing
+
+- Packaging
+
+- Shipping
+
+- Deployment
+
+We will see how this map to Kubernetes world.

slides/k8s/stop-manual.md

@@ -0,0 +1,17 @@
+# Automation && CI/CD
+
+What we've done so far:
+
+- development of our application
+
+- manual testing, and exploration of automated testing strategies
+
+- packaging in a container image
+
+- shipping that image to a registry
+
+What still need to be done:
+
+- deployment of our application
+
+- automation of the whole build / ship / run cycle

slides/k8s/testing.md

@@ -0,0 +1,82 @@
+# Testing
+
+There are multiple levels of testing:
+
+- unit testing (many small tests that run in isolation),
+
+- integration testing (bigger tests involving multiple components),
+
+- functional or end-to-end testing (even bigger tests involving the whole app).
+
+In this section, we will focus on *unit testing*, where each test case
+should (ideally) be completely isolated from other components and system
+interaction: no real database, no real backend, *mocks* everywhere.
+
+(For a good discussion on the merits of unit testing, we can read
+[Just Say No to More End-to-End Tests](https://testing.googleblog.com/2015/04/just-say-no-to-more-end-to-end-tests.html).)
+
+Unfortunately, this ideal scenario is easier said than done ...
+
+---
+
+## Multi-stage build
+
+```dockerfile
+FROM <baseimage>
+RUN <install dependencies>
+COPY <code>
+RUN <build code>
+RUN <install test dependencies>
+COPY <test data sets and fixtures>
+RUN <unit tests>
+FROM <baseimage>
+RUN <install dependencies>
+COPY <code>
+RUN <build code>
+CMD, EXPOSE ...
+```
+
+- This leverages the Docker cache: if the code doesn't change, the tests don't need to run
+
+- If the tests require a database or other backend, we can use `docker build --network`
+
+- If the tests fail, the build fails; and no image is generated
+
+---
+
+## Docker Compose
+
+```yaml
+version: 3
+service:
+  project:
+    image: my_image_name
+    build:
+      context: .
+      target: dev
+
+  database:
+    image: redis
+  backend:
+    image: backend
+
+```
++
+
+```shell
+docker-compose build && docker-compose run project pytest -v
+```
+
+---
+
+## Skaffold/Container-structure-test
+
+- The `test` field of the `skaffold.yaml` instructs skaffold to run test against your image.
+
+- It uses the [container-structure-test](https://github.com/GoogleContainerTools/container-structure-test)
+
+- It allows to run custom commands
+
+- Unfortunately, nothing to run other Docker images
+
+  (to start a database or a backend that we need to run tests)

slides/kadm-fullday.yml

@@ -1,45 +0,0 @@
-title: |
-  Kubernetes
-  for Admins and Ops
-
-#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-chat: "In person!"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-- static-pods-exercise
-
-chapters:
-- shared/title.md
-- logistics.md
-- k8s/intro.md
-- shared/about-slides.md
-- shared/toc.md
-- - k8s/prereqs-admin.md
-  - k8s/architecture.md
-  - k8s/dmuc.md
-- - k8s/multinode.md
-  - k8s/cni.md
-  - k8s/apilb.md
-  - k8s/control-plane-auth.md
-- - k8s/setup-managed.md
-  - k8s/setup-selfhosted.md
-  - k8s/cluster-upgrade.md
-  - k8s/staticpods.md
-  - k8s/cluster-backup.md
-  - k8s/cloud-controller-manager.md
-  - k8s/bootstrap.md  
-- - k8s/resource-limits.md
-  - k8s/metrics-server.md
-  - k8s/cluster-sizing.md
-  - k8s/horizontal-pod-autoscaler.md
-- - k8s/lastwords-admin.md
-  - k8s/links.md
-  - shared/thankyou.md

slides/kadm-twodays.yml

@@ -1,71 +0,0 @@
-title: |
-  Kubernetes
-  for administrators
-  and operators
-
-#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-chat: "In person!"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-chapters:
-- shared/title.md
-- logistics.md
-- k8s/intro.md
-- shared/about-slides.md
-- shared/toc.md
-# DAY 1
-- - k8s/prereqs-admin.md
-  - k8s/architecture.md
-  - k8s/deploymentslideshow.md
-  - k8s/dmuc.md
-- - k8s/multinode.md
-  - k8s/cni.md
-- - k8s/apilb.md
-  - k8s/setup-managed.md
-  - k8s/setup-selfhosted.md
-  - k8s/cluster-upgrade.md
-  - k8s/staticpods.md
-- - k8s/cluster-backup.md
-  - k8s/cloud-controller-manager.md
-  - k8s/healthchecks.md
-  - k8s/healthchecks-more.md
-# DAY 2
-- - k8s/kubercoins.md
-  - k8s/logs-cli.md
-  - k8s/logs-centralized.md
-  - k8s/authn-authz.md
-  - k8s/csr-api.md
-- - k8s/openid-connect.md
-  - k8s/control-plane-auth.md
-  ###- k8s/bootstrap.md
-  - k8s/netpol.md
-  - k8s/podsecuritypolicy.md
-- - k8s/resource-limits.md
-  - k8s/metrics-server.md
-  - k8s/cluster-sizing.md
-  - k8s/horizontal-pod-autoscaler.md
-- - k8s/prometheus.md
-  - k8s/extending-api.md
-  - k8s/operators.md
-  ###- k8s/operators-design.md
-# CONCLUSION
-- - k8s/lastwords-admin.md
-  - k8s/links.md
-  - shared/thankyou.md
-  - |
-    # (All content after this slide is bonus material)
-# EXTRA
-- - k8s/volumes.md
-  - k8s/configuration.md
-  - k8s/statefulsets.md
-  - k8s/local-persistent-volumes.md
-  - k8s/portworx.md

slides/kube-fullday.yml

@@ -1,97 +0,0 @@
-title: |
-  Deploying and Scaling Microservices
-  with Kubernetes
-
-#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-chat: "In person!"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-chapters:
-- shared/title.md
-- logistics.md
-- k8s/intro.md
-- shared/about-slides.md
-- shared/toc.md
--
-  - shared/prereqs.md
-  #- shared/webssh.md
-  - shared/connecting.md
-  #- k8s/versions-k8s.md
-  - shared/sampleapp.md
-  #- shared/composescale.md
-  #- shared/hastyconclusions.md
-  - shared/composedown.md
-  - k8s/concepts-k8s.md
-  - k8s/kubectlget.md
--
-  - k8s/kubectlrun.md
-  - k8s/logs-cli.md
-  - shared/declarative.md
-  - k8s/declarative.md
-  - k8s/deploymentslideshow.md
-  - k8s/kubenet.md
-  - k8s/kubectlexpose.md
-  - k8s/shippingimages.md
-  #- k8s/buildshiprun-selfhosted.md
-  - k8s/buildshiprun-dockerhub.md
-  - k8s/ourapponkube.md
--
-  - k8s/yamldeploy.md
-  - k8s/setup-k8s.md
-  #- k8s/dashboard.md
-  #- k8s/kubectlscale.md
-  - k8s/scalingdockercoins.md
-  - shared/hastyconclusions.md
-  - k8s/daemonset.md
-  #- k8s/dryrun.md
-  #- k8s/kubectlproxy.md
-  #- k8s/localkubeconfig.md
-  #- k8s/accessinternal.md
-  - k8s/rollout.md
-  #- k8s/healthchecks.md
-  #- k8s/healthchecks-more.md
-  #- k8s/record.md
--
-  - k8s/namespaces.md
-  - k8s/ingress.md
-  #- k8s/kustomize.md
-  #- k8s/helm-intro.md
-  #- k8s/helm-chart-format.md
-  #- k8s/helm-create-basic-chart.md
-  #- k8s/helm-create-better-chart.md
-  #- k8s/helm-secrets.md
-  #- k8s/create-chart.md
-  #- k8s/create-more-charts.md
-  #- k8s/netpol.md
-  #- k8s/authn-authz.md
-  #- k8s/csr-api.md
-  #- k8s/openid-connect.md
-  #- k8s/podsecuritypolicy.md
-  - k8s/volumes.md
-  #- k8s/build-with-docker.md
-  #- k8s/build-with-kaniko.md
-  - k8s/configuration.md
-  #- k8s/logs-centralized.md
-  #- k8s/prometheus.md
-  #- k8s/statefulsets.md
-  #- k8s/local-persistent-volumes.md
-  #- k8s/portworx.md
-  #- k8s/extending-api.md
-  #- k8s/operators.md
-  #- k8s/operators-design.md
-  #- k8s/staticpods.md
-  #- k8s/owners-and-dependents.md
-  #- k8s/gitworkflows.md
--
-  - k8s/whatsnext.md
-  - k8s/links.md
-  - shared/thankyou.md

slides/kube-halfday.yml

@@ -1,73 +0,0 @@
-title: |
-  Kubernetes 101
-
-
-#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/training-20180413-paris)"
-chat: "In person!"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-chapters:
-- shared/title.md
-#- logistics.md
-# Bridget-specific; others use logistics.md
-- logistics-bridget.md
-- k8s/intro.md
-- shared/about-slides.md
-- shared/toc.md
-- - shared/prereqs.md
-  #- shared/webssh.md
-  - shared/connecting.md
-  - k8s/versions-k8s.md
-  - shared/sampleapp.md
-# Bridget doesn't go into as much depth with compose
-  #- shared/composescale.md
-  #- shared/hastyconclusions.md
-  - shared/composedown.md
-  - k8s/concepts-k8s.md
-  - shared/declarative.md
-  - k8s/declarative.md
-  - k8s/kubenet.md
-  - k8s/kubectlget.md
-  - k8s/setup-k8s.md
-- - k8s/kubectlrun.md
-  - k8s/deploymentslideshow.md
-  - k8s/kubectlexpose.md
-  - k8s/shippingimages.md
-  #- k8s/buildshiprun-selfhosted.md
-  - k8s/buildshiprun-dockerhub.md
-  - k8s/ourapponkube.md
-  #- k8s/kubectlproxy.md
-  #- k8s/localkubeconfig.md
-  #- k8s/accessinternal.md
-- - k8s/dashboard.md
-  #- k8s/kubectlscale.md
-  - k8s/scalingdockercoins.md
-  - shared/hastyconclusions.md
-  - k8s/daemonset.md
-  - k8s/rollout.md
-  #- k8s/record.md
-- - k8s/logs-cli.md
-# Bridget hasn't added EFK yet
-  #- k8s/logs-centralized.md
-  - k8s/namespaces.md
-  - k8s/helm-intro.md
-  #- k8s/helm-chart-format.md
-  - k8s/helm-create-basic-chart.md
-  #- k8s/helm-create-better-chart.md
-  #- k8s/helm-secrets.md
-  #- k8s/kustomize.md
-  #- k8s/netpol.md
-  - k8s/whatsnext.md
-#  - k8s/links.md
-# Bridget-specific
-  - k8s/links-bridget.md
-  - shared/thankyou.md

slides/kube-selfpaced.yml

@@ -1,117 +0,0 @@
-title: |
-  Deploying and Scaling Microservices
-  with Docker and Kubernetes
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- in-person
-
-chapters:
-- shared/title.md
-#- logistics.md
-- k8s/intro.md
-- shared/about-slides.md
-- shared/toc.md
--
-  - shared/prereqs.md
-  #- shared/webssh.md
-  - shared/connecting.md
-  - k8s/versions-k8s.md
-  - shared/sampleapp.md
-  #- shared/composescale.md
-  #- shared/hastyconclusions.md
-  - shared/composedown.md
-  - k8s/concepts-k8s.md
--
-  - k8s/kubectlget.md
-  - k8s/kubectlrun.md
-  - k8s/logs-cli.md
-  - shared/declarative.md
-  - k8s/declarative.md
-  - k8s/deploymentslideshow.md
--
-  - k8s/kubenet.md
-  - k8s/kubectlexpose.md
-  - k8s/shippingimages.md
-  - k8s/buildshiprun-selfhosted.md
-  - k8s/buildshiprun-dockerhub.md
-  - k8s/ourapponkube.md
-  - k8s/yamldeploy.md
--
-  - k8s/setup-k8s.md
-  - k8s/dashboard.md
-  #- k8s/kubectlscale.md
-  - k8s/scalingdockercoins.md
-  - shared/hastyconclusions.md
-  - k8s/daemonset.md
-  - k8s/dryrun.md
--
-  - k8s/rollout.md
-  - k8s/healthchecks.md
-  - k8s/healthchecks-more.md
-  - k8s/record.md
--
-  - k8s/namespaces.md
-  - k8s/kubectlproxy.md
-  - k8s/localkubeconfig.md
-  - k8s/accessinternal.md
--
-  - k8s/ingress.md
-  - k8s/kustomize.md
-  - k8s/helm-intro.md
-  - k8s/helm-chart-format.md
-  - k8s/helm-create-basic-chart.md
-  - k8s/helm-create-better-chart.md
-  - k8s/helm-secrets.md
--
-  - k8s/netpol.md
-  - k8s/authn-authz.md
-  - k8s/podsecuritypolicy.md
-  - k8s/csr-api.md
-  - k8s/openid-connect.md
-  - k8s/control-plane-auth.md
--
-  - k8s/volumes.md
-  - k8s/build-with-docker.md
-  - k8s/build-with-kaniko.md
--
-  - k8s/configuration.md
-  - k8s/statefulsets.md
-  - k8s/local-persistent-volumes.md
-  - k8s/portworx.md
--
-  - k8s/logs-centralized.md
-  - k8s/prometheus.md
-  - k8s/resource-limits.md
-  - k8s/metrics-server.md
-  - k8s/cluster-sizing.md
-  - k8s/horizontal-pod-autoscaler.md
--
-  - k8s/extending-api.md
-  - k8s/operators.md
-  - k8s/operators-design.md
-  - k8s/owners-and-dependents.md
--
-  - k8s/dmuc.md
-  - k8s/multinode.md
-  - k8s/cni.md
-  - k8s/apilb.md
-  - k8s/staticpods.md
--
-  - k8s/cluster-upgrade.md
-  - k8s/cluster-backup.md
-  - k8s/cloud-controller-manager.md
-  - k8s/gitworkflows.md
--
-  - k8s/whatsnext.md
-  - k8s/links.md
-  - shared/thankyou.md

slides/kube-twodays.yml

@@ -1,99 +0,0 @@
-title: |
-  Deploying and Scaling Microservices
-  with Kubernetes
-
-#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-chat: "In person!"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-
-chapters:
-- shared/title.md
-- logistics.md
-- k8s/intro.md
-- shared/about-slides.md
-- shared/toc.md
--
-  - shared/prereqs.md
-  #- shared/webssh.md
-  - shared/connecting.md
-  #- k8s/versions-k8s.md
-  - shared/sampleapp.md
-  #- shared/composescale.md
-  #- shared/hastyconclusions.md
-  - shared/composedown.md
-  - k8s/concepts-k8s.md
-  - k8s/kubectlget.md
--
-  - k8s/kubectlrun.md
-  - k8s/logs-cli.md
-  - shared/declarative.md
-  - k8s/declarative.md
-  - k8s/deploymentslideshow.md
-  - k8s/kubenet.md
-  - k8s/kubectlexpose.md
-  - k8s/shippingimages.md
-  #- k8s/buildshiprun-selfhosted.md
-  - k8s/buildshiprun-dockerhub.md
-  - k8s/ourapponkube.md
--
-  - k8s/yamldeploy.md
-  #- k8s/setup-k8s.md
-  - k8s/dashboard.md
-  #- k8s/kubectlscale.md
-  - k8s/scalingdockercoins.md
-  - shared/hastyconclusions.md
-  - k8s/daemonset.md
-  - k8s/dryrun.md
--
-  #- k8s/kubectlproxy.md
-  - k8s/localkubeconfig.md
-  - k8s/accessinternal.md
-  - k8s/rollout.md
-  - k8s/healthchecks.md
-  #- k8s/healthchecks-more.md
-  - k8s/record.md
--
-  - k8s/namespaces.md
-  - k8s/ingress.md
-  - k8s/kustomize.md
-  - k8s/helm-intro.md
-  - k8s/helm-chart-format.md
-  - k8s/helm-create-basic-chart.md
-  - k8s/helm-create-better-chart.md
-  - k8s/helm-secrets.md
--
-  - k8s/netpol.md
-  - k8s/authn-authz.md
-  #- k8s/csr-api.md
-  #- k8s/openid-connect.md
-  #- k8s/podsecuritypolicy.md
--
-  - k8s/volumes.md
-  #- k8s/build-with-docker.md
-  #- k8s/build-with-kaniko.md
-  - k8s/configuration.md
-  - k8s/logs-centralized.md
-  - k8s/prometheus.md
--
-  - k8s/statefulsets.md
-  - k8s/local-persistent-volumes.md
-  - k8s/portworx.md
-  #- k8s/extending-api.md
-  #- k8s/operators.md
-  #- k8s/operators-design.md
-  #- k8s/staticpods.md
-  #- k8s/owners-and-dependents.md
-  #- k8s/gitworkflows.md
--
-  - k8s/whatsnext.md
-  - k8s/links.md
-  - shared/thankyou.md

slides/logistics.md

@@ -1,35 +1,17 @@
 ## Intros
 
-- This slide should be customized by the tutorial instructor(s).
-
 - Hello! We are:
 
-   - .emoji[👩🏻‍🏫] Ann O'Nymous ([@...](https://twitter.com/...), Megacorp Inc)
+   - .emoji[🐳] Jérôme Petazzoni ([@jpetazzo](https://twitter.com/jpetazzo), Enix SAS)
 
-   - .emoji[👨🏾‍🎓] Stu Dent ([@...](https://twitter.com/...), University of Wakanda)
+   - .emoji[☸️] Julien Girardin ([Zempashi](https://github.com/zempashi), Enix SAS)
 
- <!-- .dummy[
+- The training will run from 9am to 5:30pm (with lunch and coffee breaks)
 
-   - .emoji[👷🏻‍♀️] AJ ([@s0ulshake](https://twitter.com/s0ulshake), Travis CI)
+- For lunch, we'll invite you at [Chameleon, 70 Rue René Boulanger](https://goo.gl/maps/h2XjmJN5weDSUios8)
 
-   - .emoji[🚁] Alexandre ([@alexbuisine](https://twitter.com/alexbuisine), Enix SAS)
-
-   - .emoji[🐳] Jérôme ([@jpetazzo](https://twitter.com/jpetazzo), Enix SAS)
-
-   - .emoji[⛵] Jérémy ([@jeremygarrouste](twitter.com/jeremygarrouste), Inpiwee)
-
-   - .emoji[🎧] Romain ([@rdegez](https://twitter.com/rdegez), Enix SAS)
-
-] -->
-
-- The workshop will run from ...
-
-- There will be a lunch break at ...
-
-  (And coffee breaks!)
+  (please let us know if you'll eat on your own)
 
 - Feel free to interrupt for questions at any time
 
 - *Especially when you see full screen container pictures!*
-
-- Live feedback, questions, help: @@CHAT@@

slides/menu.html

@@ -0,0 +1,7 @@
+<ul>
+<li><a href="1.yml.html">Jour 1</a></li>
+<li><a href="2.yml.html">Jour 2</a></li>
+<li><a href="3.yml.html">Jour 3</a></li>
+<li><a href="4.yml.html">Jour 4</a></li>
+<li><a href="5.yml.html">Jour 5</a></li>
+</ul>

slides/shared/title.md

@@ -11,11 +11,8 @@ class: title, in-person
 @@TITLE@@<br/></br>
 
 .footnote[
-**Be kind to the WiFi!**<br/>
-<!-- *Use the 5G network.* -->
-*Don't use your hotspot.*<br/>
-*Don't stream videos or download big files during the workshop[.](https://www.youtube.com/watch?v=h16zyxiwDLY)*<br/>
-*Thank you!*
+**WiFi: CONFERENCE**<br/>
+**Mot de passe: 123conference**
 
-**Slides: @@SLIDES@@**
+**Slides[:](https://www.youtube.com/watch?v=h16zyxiwDLY) @@SLIDES@@**
 ]

slides/swarm-fullday.yml

@@ -1,67 +0,0 @@
-title: |
-  Container Orchestration
-  with Docker and Swarm
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-- snap
-- btp-auto
-- benchmarking
-- elk-manual
-- prom-manual
-
-chapters:
-- shared/title.md
-- logistics.md
-- swarm/intro.md
-- shared/about-slides.md
-- shared/toc.md
-- - shared/prereqs.md
-  - shared/connecting.md
-  - swarm/versions.md
-  - shared/sampleapp.md
-  - shared/composescale.md
-  - shared/hastyconclusions.md
-  - shared/composedown.md
-  - swarm/swarmkit.md
-  - shared/declarative.md
-  - swarm/swarmmode.md
-  - swarm/creatingswarm.md
-  #- swarm/machine.md
-  - swarm/morenodes.md
-- - swarm/firstservice.md
-  - swarm/ourapponswarm.md
-  - swarm/hostingregistry.md
-  - swarm/testingregistry.md
-  - swarm/btp-manual.md
-  - swarm/swarmready.md
-  - swarm/stacks.md
-  - swarm/cicd.md
-  - swarm/updatingservices.md
-  - swarm/rollingupdates.md
-  - swarm/healthchecks.md
-- - swarm/operatingswarm.md
-  - swarm/netshoot.md
-  - swarm/ipsec.md
-  - swarm/swarmtools.md
-  - swarm/security.md
-  - swarm/secrets.md
-  - swarm/encryptionatrest.md
-  - swarm/leastprivilege.md
-  - swarm/apiscope.md
-- - swarm/logging.md
-  - swarm/metrics.md
-  - swarm/gui.md
-  - swarm/stateful.md
-  - swarm/extratips.md
-  - shared/thankyou.md
-  - swarm/links.md

slides/swarm-halfday.yml

@@ -1,66 +0,0 @@
-title: |
-  Container Orchestration
-  with Docker and Swarm
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- self-paced
-- snap
-- btp-manual
-- benchmarking
-- elk-manual
-- prom-manual
-
-chapters:
-- shared/title.md
-- logistics.md
-- swarm/intro.md
-- shared/about-slides.md
-- shared/toc.md
-- - shared/prereqs.md
-  - shared/connecting.md
-  - swarm/versions.md
-  - shared/sampleapp.md
-  - shared/composescale.md
-  - shared/hastyconclusions.md
-  - shared/composedown.md
-  - swarm/swarmkit.md
-  - shared/declarative.md
-  - swarm/swarmmode.md
-  - swarm/creatingswarm.md
-  #- swarm/machine.md
-  - swarm/morenodes.md
-- - swarm/firstservice.md
-  - swarm/ourapponswarm.md
-  #- swarm/hostingregistry.md
-  #- swarm/testingregistry.md
-  #- swarm/btp-manual.md
-  #- swarm/swarmready.md
-  - swarm/stacks.md
-  - swarm/cicd.md
-  - swarm/updatingservices.md
-  #- swarm/rollingupdates.md
-  #- swarm/healthchecks.md
-- - swarm/operatingswarm.md
-  #- swarm/netshoot.md
-  #- swarm/ipsec.md
-  #- swarm/swarmtools.md
-  - swarm/security.md
-  #- swarm/secrets.md
-  #- swarm/encryptionatrest.md
-  - swarm/leastprivilege.md
-  - swarm/apiscope.md
-  - swarm/logging.md
-  - swarm/metrics.md
-  #- swarm/stateful.md
-  #- swarm/extratips.md
-  - shared/thankyou.md
-  - swarm/links.md

slides/swarm-selfpaced.yml

@@ -1,75 +0,0 @@
-title: |
-  Container Orchestration
-  with Docker and Swarm
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- in-person
-- btp-auto
-
-chapters:
-- shared/title.md
-#- shared/logistics.md
-- swarm/intro.md
-- shared/about-slides.md
-- shared/toc.md
-- - shared/prereqs.md
-  - shared/connecting.md
-  - swarm/versions.md
-  - |
-    name: part-1
-
-    class: title, self-paced
-
-    Part 1
-  - shared/sampleapp.md
-  - shared/composescale.md
-  - shared/hastyconclusions.md
-  - shared/composedown.md
-  - swarm/swarmkit.md
-  - shared/declarative.md
-  - swarm/swarmmode.md
-  - swarm/creatingswarm.md
-  #- swarm/machine.md
-  - swarm/morenodes.md
-- - swarm/firstservice.md
-  - swarm/ourapponswarm.md
-  - swarm/hostingregistry.md
-  - swarm/testingregistry.md
-  - swarm/btp-manual.md
-  - swarm/swarmready.md
-  - swarm/stacks.md
-  - swarm/cicd.md
-  - |
-    name: part-2
-
-    class: title, self-paced
-
-    Part 2
-- - swarm/operatingswarm.md
-  - swarm/netshoot.md
-  - swarm/swarmnbt.md
-  - swarm/ipsec.md
-  - swarm/updatingservices.md
-  - swarm/rollingupdates.md
-  - swarm/healthchecks.md
-  - swarm/nodeinfo.md
-  - swarm/swarmtools.md
-- - swarm/security.md
-  - swarm/secrets.md
-  - swarm/encryptionatrest.md
-  - swarm/leastprivilege.md
-  - swarm/apiscope.md
-  - swarm/logging.md
-  - swarm/metrics.md
-  - swarm/stateful.md
-  - swarm/extratips.md
-  - shared/thankyou.md
-  - swarm/links.md

slides/swarm-video.yml

@@ -1,74 +0,0 @@
-title: |
-  Container Orchestration
-  with Docker and Swarm
-
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-
-gitrepo: github.com/jpetazzo/container.training
-
-slides: http://container.training/
-
-#slidenumberprefix: "#SomeHashTag — "
-
-exclude:
-- in-person
-- btp-auto
-
-chapters:
-- shared/title.md
-#- shared/logistics.md
-- swarm/intro.md
-- shared/about-slides.md
-- shared/toc.md
-- - shared/prereqs.md
-  - shared/connecting.md
-  - swarm/versions.md
-  - |
-    name: part-1
-
-    class: title, self-paced
-
-    Part 1
-  - shared/sampleapp.md
-  - shared/composescale.md
-  - shared/hastyconclusions.md
-  - shared/composedown.md
-  - swarm/swarmkit.md
-  - shared/declarative.md
-  - swarm/swarmmode.md
-  - swarm/creatingswarm.md
-  #- swarm/machine.md
-  - swarm/morenodes.md
-- - swarm/firstservice.md
-  - swarm/ourapponswarm.md
-  - swarm/hostingregistry.md
-  - swarm/testingregistry.md
-  - swarm/btp-manual.md
-  - swarm/swarmready.md
-  - swarm/stacks.md
-  - |
-    name: part-2
-
-    class: title, self-paced
-
-    Part 2
-- - swarm/operatingswarm.md
-  #- swarm/netshoot.md
-  #- swarm/swarmnbt.md
-  - swarm/ipsec.md
-  - swarm/updatingservices.md
-  - swarm/rollingupdates.md
-  #- swarm/healthchecks.md
-  - swarm/nodeinfo.md
-  - swarm/swarmtools.md
-- - swarm/security.md
-  - swarm/secrets.md
-  - swarm/encryptionatrest.md
-  - swarm/leastprivilege.md
-  - swarm/apiscope.md
-  #- swarm/logging.md
-  #- swarm/metrics.md
-  - swarm/stateful.md
-  - swarm/extratips.md
-  - shared/thankyou.md
-  - swarm/links.md