fix-redirects.sh: adding forced redirect

And other hacks for video recording.
This should be carefully backported to master.

CHECKLIST.md

@@ -1,19 +0,0 @@
-This is the checklist that I (Jérôme) use when delivering a workshop.
-
-- [ ] Create branch + `_redirects` + push to GitHub + Netlify setup
-- [ ] Add branch to index.html
-- [ ] Update the slides that says which versions we are using
-- [ ] Update the version of Compose and Machine in settings
-- [ ] Create chatroom
-- [ ] Set chatroom in YML and deploy
-- [ ] Put chat room in index.html
-- [ ] Walk the room to count seats, check power supplies, lectern, A/V setup
-- [ ] How many VMs do we need?
-- [ ] Provision VMs
-- [ ] Print cards
-- [ ] Cut cards
-- [ ] Last minute merge from master
-- [ ] Check that all looks good
-- [ ] DELIVER!
-- [ ] Shutdown VMs
-- [ ] Update index.html to remove chat link and move session to past things

README.md

@@ -247,17 +247,6 @@ content but you also know to skip during presentation.
 - Last 15-30 minutes is for stateful services, DAB files, and questions.
 
 
-### Pre-built images
-
-There are pre-built images for the 4 components of the DockerCoins demo app: `dockercoins/hasher:v0.1`, `dockercoins/rng:v0.1`, `dockercoins/webui:v0.1`, and `dockercoins/worker:v0.1`. They correspond to the code in this repository.
-
-There are also three variants, for demo purposes:
-
-- `dockercoins/rng:v0.2` is broken (the server won't even start),
-- `dockercoins/webui:v0.2` has bigger font on the Y axis and a green graph (instead of blue),
-- `dockercoins/worker:v0.2` is 11x slower than `v0.1`.
-
-
 ## Past events
 
 Since its inception, this workshop has been delivered dozens of times,

prepare-vms/README.md

@@ -4,12 +4,6 @@
 
 - [Docker](https://docs.docker.com/engine/installation/)
 - [Docker Compose](https://docs.docker.com/compose/install/)
-- [Parallel SSH](https://code.google.com/archive/p/parallel-ssh/) (on a Mac: `brew install pssh`) - the configuration scripts require this
-
-And if you want to generate printable cards:
-
-- [pyyaml](https://pypi.python.org/pypi/PyYAML) (on a Mac: `brew install pyyaml`)
-- [jinja2](https://pypi.python.org/pypi/Jinja2) (on a Mac: `brew install jinja2`)
 
 ## General Workflow
 
@@ -41,16 +35,6 @@ The Docker Compose file here is used to build a image with all the dependencies
 - `AWS_SECRET_ACCESS_KEY`
 - `AWS_DEFAULT_REGION`
 
-If you're not using AWS, set these to placeholder values:
-
-```
-export AWS_ACCESS_KEY_ID="foo"
-export AWS_SECRET_ACCESS_KEY="foo"
-export AWS_DEFAULT_REGION="foo"
-```
-
-If you don't have the `aws` CLI installed, you will get a warning that it's a missing dependency. If you're not using AWS you can ignore this.
-
 ### Update/copy `settings/example.yaml`
 
 Then pass `settings/YOUR_WORKSHOP_NAME-settings.yaml` as an argument to `./workshopctl deploy`, `./workshopctl cards`, etc.
@@ -64,7 +48,6 @@ workshopctl - the orchestration workshop swiss army knife
 Commands:
 ami          Show the AMI that will be used for deployment
 amis         List Ubuntu AMIs in the current region
-build        Build the Docker image to run this program in a container
 cards        Generate ready-to-print cards for a batch of VMs
 deploy       Install Docker on a bunch of running VMs
 ec2quotas    Check our EC2 quotas (max instances)
@@ -72,7 +55,6 @@ help         Show available commands
 ids          List the instance IDs belonging to a given tag or token
 ips          List the IP addresses of the VMs for a given tag or token
 kube         Setup kubernetes clusters with kubeadm (must be run AFTER deploy)
-kubetest     Check that all notes are reporting as Ready
 list         List available batches in the current region
 opensg       Open the default security group to ALL ingress traffic
 pull_images  Pre-pull a bunch of Docker images
@@ -81,7 +63,6 @@ start        Start a batch of VMs
 status       List instance status for a given batch
 stop         Stop (terminate, shutdown, kill, remove, destroy...) instances
 test         Run tests (pre-flight checks) on a batch of VMs
-wrap         Run this program in a container
 ```
 
 ### Summary of What `./workshopctl` Does For You
@@ -94,12 +75,12 @@ wrap         Run this program in a container
 - During `start` it will add your default local SSH key to all instances under the `ubuntu` user.
 - During `deploy` it will create the `docker` user with password `training`, which is printing on the cards for students. For now, this is hard coded.
 
-### Example Steps to Launch a Batch of AWS Instances for a Workshop
+### Example Steps to Launch a Batch of Instances for a Workshop
 
 - Run `./workshopctl start N` Creates `N` EC2 instances
   - Your local SSH key will be synced to instances under `ubuntu` user
   - AWS instances will be created and tagged based on date, and IP's stored in `prepare-vms/tags/`
-- Run `./workshopctl deploy TAG settings/somefile.yaml` to run `lib/postprep.py` via parallel-ssh
+- Run `./workshopctl deploy TAG settings/somefile.yaml` to run `scripts/postprep.rc` via parallel-ssh
   - If it errors or times out, you should be able to rerun
   - Requires good connection to run all the parallel SSH connections, up to 100 parallel (ProTip: create dedicated management instance in same AWS region where you run all these utils from)
 - Run `./workshopctl pull-images TAG` to pre-pull a bunch of Docker images to the instances
@@ -107,67 +88,6 @@ wrap         Run this program in a container
 - *Have a great workshop*
 - Run `./workshopctl stop TAG` to terminate instances.
 
-### Example Steps to Launch Azure Instances
-
-- Install the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) and authenticate with a valid account
-- Customize `azuredeploy.parameters.json`
-  - Required:
-    - Provide the SSH public key you plan to use for instance configuration
-  - Optional:
-    - Choose a name for the workshop (default is "workshop")
-    - Choose the number of instances (default is 3)
-    - Customize the desired instance size (default is Standard_D1_v2)
- - Launch instances with your chosen resource group name and your preferred region; the examples are "workshop" and "eastus":
-```
-az group create --name workshop --location eastus
-az group deployment create --resource-group workshop --template-file azuredeploy.json --parameters @azuredeploy.parameters.json
-```
-
-The `az group deployment create` command can take several minutes and will only say `- Running ..` until it completes, unless you increase the verbosity with `--verbose` or `--debug`.
-
-To display the IPs of the instances you've launched:
-
-```
-az vm list-ip-addresses --resource-group workshop --output table
-```
-
-If you want to put the IPs into `prepare-vms/tags/<tag>/ips.txt` for a tag of "myworkshop":
-
-1) If you haven't yet installed `jq` and/or created your event's tags directory in `prepare-vms`:
-
-```
-brew install jq
-mkdir -p tags/myworkshop
-```
-
-2) And then generate the IP list:
-
-```
-az vm list-ip-addresses --resource-group workshop --output json | jq -r '.[].virtualMachine.network.publicIpAddresses[].ipAddress' > tags/myworkshop/ips.txt
-```
-
-After the workshop is over, remove the instances:
-
-```
-az group delete --resource-group workshop
-```
-
-### Example Steps to Configure Instances from a non-AWS Source
-
-- Launch instances via your preferred method. You'll need to get the instance IPs and be able to ssh into them.
-- Set placeholder values for [AWS environment variable settings](#required-environment-variables).
-- Choose a tag. It could be an event name, datestamp, etc. Ensure you have created a directory for your tag: `prepare-vms/tags/<tag>/`
-- If you have not already generated a file with the IPs to be configured:
-  - The file should be named `prepare-vms/tags/<tag>/ips.txt`
-  - Format is one IP per line, no other info needed.
-- Ensure the settings file is as desired (especially the number of nodes): `prepare-vms/settings/kube101.yaml`
-- For a tag called `myworkshop`, configure instances: `workshopctl deploy myworkshop settings/kube101.yaml`
-- Optionally, configure Kubernetes clusters of the size in the settings: `workshopctl kube myworkshop`
-- Optionally, test your Kubernetes clusters. They may take a little time to become ready: `workshopctl kubetest myworkshop`
-- Generate cards to print and hand out: `workshopctl cards myworkshop settings/kube101.yaml`
-- Print the cards file: `prepare-vms/tags/myworkshop/ips.html`
-
-
 ## Other Tools
 
 ### Deploying your SSH key to all the machines
@@ -177,6 +97,13 @@ az group delete --resource-group workshop
 - Run `pcopykey`.
 
 
+### Installing extra packages
+
+- Source `postprep.rc`.
+  (This will install a few extra packages, add entries to
+  /etc/hosts, generate SSH keys, and deploy them on all hosts.)
+
+
 ## Even More Details
 
 #### Sync of SSH keys
@@ -205,7 +132,7 @@ Instances can be deployed manually using the `deploy` command:
 
     $ ./workshopctl deploy TAG settings/somefile.yaml
 
-The `postprep.py` file will be copied via parallel-ssh to all of the VMs and executed.
+The `postprep.rc` file will be copied via parallel-ssh to all of the VMs and executed.
 
 #### Pre-pull images
 
@@ -215,10 +142,6 @@ The `postprep.py` file will be copied via parallel-ssh to all of the VMs and exe
 
     $ ./workshopctl cards TAG settings/somefile.yaml
 
-If you want to generate both HTML and PDF cards, install [wkhtmltopdf](https://wkhtmltopdf.org/downloads.html); without that installed, only HTML cards will be generated.
-
-If you don't have `wkhtmltopdf` installed, you will get a warning that it is a missing dependency. If you plan to just print the HTML cards, you can ignore this.
-
 #### List tags
 
     $ ./workshopctl list

prepare-vms/azuredeploy.json

@@ -1,250 +0,0 @@
-{
-  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    "workshopName": {
-      "type": "string",
-      "defaultValue": "workshop",
-      "metadata": {
-        "description": "Workshop name."
-      }
-    },
-    "vmPrefix": {
-      "type": "string",
-      "defaultValue": "node",
-      "metadata": {
-        "description": "Prefix for VM names."
-      }
-    },
-    "numberOfInstances": {
-      "type": "int",
-      "defaultValue": 3,
-      "metadata": {
-        "description": "Number of VMs to create."
-      }
-    },
-    "adminUsername": {
-      "type": "string",
-      "defaultValue": "ubuntu",
-      "metadata": {
-        "description": "Admin username for VMs."
-      }
-    },
-    "sshKeyData": {
-      "type": "string",
-      "defaultValue": "",
-      "metadata": {
-        "description": "SSH rsa public key file as a string."
-      }
-    },
-    "imagePublisher": {
-      "type": "string",
-      "defaultValue": "Canonical",
-      "metadata": {
-        "description": "OS image publisher; default Canonical."
-      }
-    },
-    "imageOffer": {
-      "type": "string",
-      "defaultValue": "UbuntuServer",
-      "metadata": {
-        "description": "The name of the image offer. The default is Ubuntu"
-      }
-    },
-    "imageSKU": {
-      "type": "string",
-      "defaultValue": "16.04-LTS",
-      "metadata": {
-        "description": "Version of the image. The default is 16.04-LTS"
-      }
-    },
-    "vmSize": {
-      "type": "string",
-      "defaultValue": "Standard_D1_v2",
-      "metadata": {
-        "description": "VM Size."
-      }
-    }
-  },
-  "variables": {
-    "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',variables('virtualNetworkName'))]",
-    "subnet1Ref": "[concat(variables('vnetID'),'/subnets/',variables('subnet1Name'))]",
-    "vmName": "[parameters('vmPrefix')]",
-    "sshKeyPath": "[concat('/home/',parameters('adminUsername'),'/.ssh/authorized_keys')]",
-    "publicIPAddressName": "PublicIP",
-    "publicIPAddressType": "Dynamic",
-    "virtualNetworkName": "MyVNET",
-    "netSecurityGroup": "MyNSG",
-    "addressPrefix": "10.0.0.0/16",
-    "subnet1Name": "subnet-1",
-    "subnet1Prefix": "10.0.0.0/24",
-    "nicName": "myVMNic"
-  },
-  "resources": [
-    {
-      "apiVersion": "2017-11-01",
-      "type": "Microsoft.Network/publicIPAddresses",
-      "name": "[concat(variables('publicIPAddressName'),copyIndex(1))]",
-      "location": "[resourceGroup().location]",
-      "copy": {
-        "name": "publicIPLoop",
-        "count": "[parameters('numberOfInstances')]"
-      },
-      "properties": {
-        "publicIPAllocationMethod": "[variables('publicIPAddressType')]"
-      },
-      "tags": {
-        "workshop": "[parameters('workshopName')]"
-      }
-    },
-    {
-      "apiVersion": "2017-11-01",
-      "type": "Microsoft.Network/virtualNetworks",
-      "name": "[variables('virtualNetworkName')]",
-      "location": "[resourceGroup().location]",
-      "dependsOn": [
-        "[concat('Microsoft.Network/networkSecurityGroups/', variables('netSecurityGroup'))]"
-      ],
-      "properties": {
-        "addressSpace": {
-          "addressPrefixes": [
-            "[variables('addressPrefix')]"
-          ]
-        },
-        "subnets": [
-          {
-            "name": "[variables('subnet1Name')]",
-            "properties": {
-              "addressPrefix": "[variables('subnet1Prefix')]",
-              "networkSecurityGroup": {
-                "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('netSecurityGroup'))]"
-              }
-            }
-          }
-        ]
-      },
-      "tags": {
-        "workshop": "[parameters('workshopName')]"
-      }
-    },
-    {
-      "apiVersion": "2017-11-01",
-      "type": "Microsoft.Network/networkInterfaces",
-      "name": "[concat(variables('nicName'),copyIndex(1))]",
-      "location": "[resourceGroup().location]",
-      "copy": {
-        "name": "nicLoop",
-        "count": "[parameters('numberOfInstances')]"
-      },
-      "dependsOn": [
-        "[concat('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'),copyIndex(1))]",
-        "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
-      ],
-      "properties": {
-        "ipConfigurations": [
-          {
-            "name": "ipconfig1",
-            "properties": {
-              "privateIPAllocationMethod": "Dynamic",
-              "publicIPAddress": {
-                "id": "[resourceId('Microsoft.Network/publicIPAddresses', concat(variables('publicIPAddressName'), copyIndex(1)))]"
-              },
-              "subnet": {
-                "id": "[variables('subnet1Ref')]"
-              }
-            }
-          }
-        ]
-      },
-      "tags": {
-        "workshop": "[parameters('workshopName')]"
-      }
-    },
-    {
-      "apiVersion": "2017-12-01",
-      "type": "Microsoft.Compute/virtualMachines",
-      "name": "[concat(variables('vmName'),copyIndex(1))]",
-      "location": "[resourceGroup().location]",
-      "copy": {
-        "name": "vmLoop",
-        "count": "[parameters('numberOfInstances')]"
-      },
-      "dependsOn": [
-        "[concat('Microsoft.Network/networkInterfaces/', variables('nicName'), copyIndex(1))]"
-      ],
-      "properties": {
-        "hardwareProfile": {
-          "vmSize": "[parameters('vmSize')]"
-        },
-        "osProfile": {
-          "computerName": "[concat(variables('vmName'),copyIndex(1))]",
-          "adminUsername": "[parameters('adminUsername')]",
-          "linuxConfiguration": {
-            "disablePasswordAuthentication": true,
-            "ssh": {
-              "publicKeys": [
-                {
-                  "path": "[variables('sshKeyPath')]",
-                  "keyData": "[parameters('sshKeyData')]"
-                }
-              ]
-            }
-          }
-        },
-        "storageProfile": {
-          "osDisk": {
-            "createOption": "FromImage"
-          },
-          "imageReference": {
-            "publisher": "[parameters('imagePublisher')]",
-            "offer": "[parameters('imageOffer')]",
-            "sku": "[parameters('imageSKU')]",
-            "version": "latest"
-          }
-        },
-        "networkProfile": {
-          "networkInterfaces": [
-            {
-              "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('nicName'),copyIndex(1)))]"
-            }
-          ]
-        }
-      },
-      "tags": {
-        "workshop": "[parameters('workshopName')]"
-      }
-    },
-    {
-      "apiVersion": "2017-11-01",
-      "type": "Microsoft.Network/networkSecurityGroups",
-      "name": "[variables('netSecurityGroup')]",
-      "location": "[resourceGroup().location]",
-      "tags": {
-        "workshop": "[parameters('workshopName')]"
-      },
-      "properties": {
-        "securityRules": [
-          {
-            "name": "default-open-ports",
-            "properties": {
-              "protocol": "Tcp",
-              "sourcePortRange": "*",
-              "destinationPortRange": "*",
-              "sourceAddressPrefix": "*",
-              "destinationAddressPrefix": "*",
-              "access": "Allow",
-              "priority": 1000,
-              "direction": "Inbound"
-            }
-          }
-        ]
-      }
-    }
-  ],
-  "outputs": {
-    "resourceID": {
-      "type": "string",
-      "value": "[resourceId('Microsoft.Network/publicIPAddresses', concat(variables('publicIPAddressName'),'1'))]"
-    }
-  }
-}

prepare-vms/azuredeploy.parameters.json

@@ -1,18 +0,0 @@
-{
-  "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    "sshKeyData": {
-      "value": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXTIl/M9oeSlcsC5Rfe+nZr4Jc4sl200pSw2lpdxlZ3xzeP15NgSSMJnigUrKUXHfqRQ+2wiPxEf0Odz2GdvmXvR0xodayoOQsO24AoERjeSBXCwqITsfp1bGKzMb30/3ojRBo6LBR6r1+lzJYnNCGkT+IQwLzRIpm0LCNz1j08PUI2aZ04+mcDANvHuN/hwi/THbLLp6SNWN43m9r02RcC6xlCNEhJi4wk4VzMzVbSv9RlLGST2ocbUHwmQ2k9OUmpzoOx73aQi9XNnEaFh2w/eIdXM75VtkT3mRryyykg9y0/hH8/MVmIuRIdzxHQqlm++DLXVH5Ctw6a4kS+ki7 workshop"
-      },
-    "workshopName": {
-      "value": "workshop"
-    },
-    "numberOfInstances": {
-      "value": 3
-    },
-    "vmSize": {
-      "value": "Standard_D1_v2"
-    }
-  }
-}

prepare-vms/docker-compose.yml

@@ -15,6 +15,5 @@ services:
             AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
             AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
             AWS_DEFAULT_REGION: ${AWS_DEFAULT_REGION}
-            AWS_INSTANCE_TYPE: ${AWS_INSTANCE_TYPE}
             USER: ${USER}
         entrypoint: /root/prepare-vms/workshopctl

prepare-vms/lib/cli.sh

@@ -2,7 +2,7 @@
 _ERR() {
     error "Command $BASH_COMMAND failed (exit status: $?)"
 }
-set -eE
+set -e
 trap _ERR ERR
 
 die() {

prepare-vms/lib/commands.sh

@@ -39,10 +39,7 @@ _cmd_cards() {
     need_tag $TAG
     need_settings $SETTINGS
 
-    # If you're not using AWS, populate the ips.txt file manually
-    if [ ! -f tags/$TAG/ips.txt ]; then
-      aws_get_instance_ips_by_tag $TAG >tags/$TAG/ips.txt
-    fi
+    aws_get_instance_ips_by_tag $TAG >tags/$TAG/ips.txt
 
     # Remove symlinks to old cards
     rm -f ips.html ips.pdf
@@ -127,7 +124,7 @@ _cmd kube "Setup kubernetes clusters with kubeadm (must be run AFTER deploy)"
 _cmd_kube() {
 
     # Install packages
-    pssh --timeout 200 "
+    pssh "
     curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg |
     sudo apt-key add - &&
     echo deb http://apt.kubernetes.io/ kubernetes-xenial main |
@@ -137,11 +134,17 @@ _cmd_kube() {
     sudo apt-get install -qy kubelet kubeadm kubectl
     kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl"
 
+    # Work around https://github.com/kubernetes/kubernetes/issues/53356
+    pssh "
+    if [ ! -f /etc/kubernetes/kubelet.conf ]; then
+        sudo systemctl stop kubelet
+        sudo rm -rf /var/lib/kubelet/pki
+    fi"
+
     # Initialize kube master
-    pssh --timeout 200 "
+    pssh "
     if grep -q node1 /tmp/node && [ ! -f /etc/kubernetes/admin.conf ]; then
-        kubeadm token generate > /tmp/token
-	sudo kubeadm init --token \$(cat /tmp/token)
+        sudo kubeadm init
     fi"
 
     # Put kubeconfig in ubuntu's and docker's accounts
@@ -154,6 +157,15 @@ _cmd_kube() {
         sudo chown -R docker /home/docker/.kube
     fi"
 
+    # Get bootstrap token
+    pssh "
+    if grep -q node1 /tmp/node; then
+        TOKEN_NAME=\$(kubectl -n kube-system get secret -o name | grep bootstrap-token)
+        TOKEN_ID=\$(kubectl -n kube-system get \$TOKEN_NAME -o go-template --template '{{ index .data \"token-id\" }}' | base64 -d)
+        TOKEN_SECRET=\$(kubectl -n kube-system get \$TOKEN_NAME -o go-template --template '{{ index .data \"token-secret\" }}' | base64 -d)
+        echo \$TOKEN_ID.\$TOKEN_SECRET >/tmp/token
+    fi"
+
     # Install weave as the pod network
     pssh "
     if grep -q node1 /tmp/node; then
@@ -162,28 +174,15 @@ _cmd_kube() {
     fi"
 
     # Join the other nodes to the cluster
-    pssh --timeout 200 "
+    pssh "
     if ! grep -q node1 /tmp/node && [ ! -f /etc/kubernetes/kubelet.conf ]; then
         TOKEN=\$(ssh -o StrictHostKeyChecking=no node1 cat /tmp/token)
-        sudo kubeadm join --discovery-token-unsafe-skip-ca-verification --token \$TOKEN node1:6443
+        sudo kubeadm join --token \$TOKEN node1:6443
     fi"
 
     sep "Done"
 }
 
-_cmd kubetest "Check that all notes are reporting as Ready"
-_cmd_kubetest() {
-    # There are way too many backslashes in the command below.
-    # Feel free to make that better ♥
-    pssh "
-    set -e
-    if grep -q node1 /tmp/node; then
-      for NODE in \$(awk /\ node/\ {print\ \\\$2} /etc/hosts); do
-        echo \$NODE ; kubectl get nodes | grep -w \$NODE | grep -w Ready
-      done
-    fi"
-}
-
 _cmd ids "List the instance IDs belonging to a given tag or token"
 _cmd_ids() {
     TAG=$1
@@ -281,9 +280,6 @@ _cmd_start() {
     key_name=$(sync_keys)
 
     AMI=$(_cmd_ami)    # Retrieve the AWS image ID
-    if [ -z "$AMI" ]; then
-        die "I could not find which AMI to use in this region. Try another region?"
-    fi
     TOKEN=$(get_token) # generate a timestamp token for this batch of VMs
     AWS_KEY_NAME=$(make_key_name)
 
@@ -296,7 +292,7 @@ _cmd_start() {
     result=$(aws ec2 run-instances \
         --key-name $AWS_KEY_NAME \
         --count $COUNT \
-        --instance-type ${AWS_INSTANCE_TYPE-t2.medium} \
+        --instance-type t2.medium \
         --client-token $TOKEN \
         --image-id $AMI)
     reservation_id=$(echo "$result" | head -1 | awk '{print $2}')
@@ -434,7 +430,6 @@ tag_is_reachable() {
 }
 
 test_tag() {
-    TAG=$1
     ips_file=tags/$TAG/ips.txt
     info "Picking a random IP address in $ips_file to run tests."
     n=$((1 + $RANDOM % $(wc -l <$ips_file)))

prepare-vms/settings/example.yaml

@@ -1,24 +0,0 @@
-# customize your cluster size, your cards template, and the versions
-
-# Number of VMs per cluster
-clustersize: 5
-
-# Jinja2 template to use to generate ready-to-cut cards
-cards_template: cards.html
-
-# Use "Letter" in the US, and "A4" everywhere else
-paper_size: Letter
-
-# Feel free to reduce this if your printer can handle it
-paper_margin: 0.2in
-
-# Note: paper_size and paper_margin only apply to PDF generated with pdfkit.
-# If you print (or generate a PDF) using ips.html, they will be ignored.
-# (The equivalent parameters must be set from the browser's print dialog.)
-
-# This can be "test" or "stable"
-engine_version: test
-
-# These correspond to the version numbers visible on their respective GitHub release pages
-compose_version: 1.18.0
-machine_version: 0.13.0

prepare-vms/settings/kube101.html

@@ -1,106 +0,0 @@
-{# Feel free to customize or override anything in there! #}
-{%- set url = "http://container.training/" -%}
-{%- set pagesize = 12 -%}
-{%- if clustersize == 1 -%}
-    {%- set workshop_name = "Docker workshop" -%}
-    {%- set cluster_or_machine = "machine" -%}
-    {%- set this_or_each = "this" -%}
-    {%- set machine_is_or_machines_are = "machine is" -%}
-    {%- set image_src = "https://s3-us-west-2.amazonaws.com/www.breadware.com/integrations/docker.png" -%}
-{%- else -%}
-    {%- set workshop_name = "Kubernetes workshop" -%}
-    {%- set cluster_or_machine = "cluster" -%}
-    {%- set this_or_each = "each" -%}
-    {%- set machine_is_or_machines_are = "machines are" -%}
-    {%- set image_src_swarm = "https://cdn.wp.nginx.com/wp-content/uploads/2016/07/docker-swarm-hero2.png" -%}
-    {%- set image_src_kube = "https://avatars1.githubusercontent.com/u/13629408" -%}
-    {%- set image_src = image_src_kube -%}
-{%- endif -%}
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head><style>
-body, table {
-    margin: 0;
-    padding: 0;
-    line-height: 1em;
-    font-size: 14px;
-}
-
-table {
-    border-spacing: 0;
-    margin-top: 0.4em;
-    margin-bottom: 0.4em;
-    border-left: 0.8em double grey;
-    padding-left: 0.4em;
-}
-
-div {
-    float: left;
-    border: 1px dotted black;
-    padding-top: 1%;
-    padding-bottom: 1%;
-    /* columns * (width+left+right) < 100% */
-    width: 21.5%;
-    padding-left: 1.5%;
-    padding-right: 1.5%;
-}
-
-p {
-    margin: 0.4em 0 0.4em 0;
-}
-
-img {
-    height: 4em;
-    float: right;
-    margin-right: -0.4em;
-}
-
-.logpass {
-    font-family: monospace;
-    font-weight: bold;
-}
-
-.pagebreak {
-    page-break-after: always;
-    clear: both;
-    display: block;
-    height: 8px;
-}
-</style></head>
-<body>
-{% for cluster in clusters %}
-    {% if loop.index0>0 and loop.index0%pagesize==0 %}
-        <span class="pagebreak"></span>
-    {% endif %}
-    <div>
-
-        <p>
-            Here is the connection information to your very own
-            {{ cluster_or_machine }} for this {{ workshop_name }}.
-            You can connect to {{ this_or_each }} VM with any SSH client.
-        </p>
-        <p>
-            <img src="{{ image_src }}" />
-            <table>
-                <tr><td>login:</td></tr>
-                <tr><td class="logpass">docker</td></tr>
-                <tr><td>password:</td></tr>
-                <tr><td class="logpass">training</td></tr>
-            </table>
-
-        </p>
-        <p>
-            Your {{ machine_is_or_machines_are }}:
-            <table>
-                {% for node in cluster %}
-                <tr><td>node{{ loop.index }}:</td><td>{{ node }}</td></tr>
-                {% endfor %}
-            </table>
-        </p>
-        <p>You can find the slides at:
-            <center>{{ url }}</center>
-        </p>
-    </div>
-{% endfor %}
-</body>
-</html>

prepare-vms/settings/kube101.yaml

@@ -1,24 +0,0 @@
-# 3 nodes for k8s 101 workshops
-
-# Number of VMs per cluster
-clustersize: 3
-
-# Jinja2 template to use to generate ready-to-cut cards
-cards_template: settings/kube101.html
-
-# Use "Letter" in the US, and "A4" everywhere else
-paper_size: Letter
-
-# Feel free to reduce this if your printer can handle it
-paper_margin: 0.2in
-
-# Note: paper_size and paper_margin only apply to PDF generated with pdfkit.
-# If you print (or generate a PDF) using ips.html, they will be ignored.
-# (The equivalent parameters must be set from the browser's print dialog.)
-
-# This can be "test" or "stable"
-engine_version: test
-
-# These correspond to the version numbers visible on their respective GitHub release pages
-compose_version: 1.18.0
-machine_version: 0.13.0

prepare-vms/workshopctl

@@ -20,7 +20,7 @@ DEPENDENCIES="
     ssh
     curl
     jq
-    pssh
+    parallel-ssh
     wkhtmltopdf
     man
     "

slides/_redirects

@@ -1 +1 @@
-/* http://paris-container-training.netlify.com/:splat 200!
+/ /swarm-video.yml.html 200!

slides/autopilot/autotest.py

@@ -6,7 +6,6 @@ import logging
 import os
 import random
 import re
-import select
 import subprocess
 import sys
 import time
@@ -26,16 +25,14 @@ class State(object):
         self.interactive = True
         self.verify_status = False
         self.simulate_type = True
-        self.slide = 1
-        self.snippet = 0
+        self.next_step = 0
 
     def load(self):
         data = yaml.load(open("state.yaml"))
         self.interactive = bool(data["interactive"])
         self.verify_status = bool(data["verify_status"])
         self.simulate_type = bool(data["simulate_type"])
-        self.slide = int(data["slide"])
-        self.snippet = int(data["snippet"])
+        self.next_step = int(data["next_step"])
 
     def save(self):
         with open("state.yaml", "w") as f:
@@ -43,12 +40,7 @@ class State(object):
                 interactive=self.interactive,
                 verify_status=self.verify_status,
                 simulate_type=self.simulate_type,
-                slide=self.slide,
-                snippet=self.snippet,
-                ), f, default_flow_style=False)
-
-
-state = State()
+                next_step=self.next_step), f, default_flow_style=False)
 
 
 def hrule():
@@ -65,15 +57,7 @@ class Snippet(object):
     def __init__(self, slide, content):
         self.slide = slide
         self.content = content
-        # Extract the "method" (e.g. bash, keys, ...)
-        # On multi-line snippets, the method is alone on the first line
-        # On single-line snippets, the data follows the method immediately
-        if '\n' in content:
-            self.method, self.data = content.split('\n', 1)
-        else:
-            self.method, self.data = content.split(' ', 1)
-        self.data = self.data.strip()
-        self.next = None
+        self.actions = []
 
     def __str__(self):
         return self.content
@@ -84,8 +68,8 @@ class Slide(object):
     current_slide = 0
 
     def __init__(self, content):
-        self.number = Slide.current_slide
         Slide.current_slide += 1
+        self.number = Slide.current_slide
 
         # Remove commented-out slides
         # (remark.js considers ??? to be the separator for speaker notes)
@@ -96,13 +80,8 @@ class Slide(object):
         exercises = re.findall("\.exercise\[(.*)\]", content, re.DOTALL)
         for exercise in exercises:
             if "```" in exercise:
-                previous = None
-                for snippet_content in exercise.split("```")[1::2]:
-                    snippet = Snippet(self, snippet_content)
-                    if previous:
-                        previous.next = snippet
-                    previous = snippet
-                    self.snippets.append(snippet)
+                for snippet in exercise.split("```")[1::2]:
+                    self.snippets.append(Snippet(self, snippet))
             else:
                 logging.warning("Exercise on slide {} does not have any ``` snippet."
                                 .format(self.number))
@@ -117,6 +96,43 @@ class Slide(object):
     def debug(self):
         logging.debug("\n{}\n{}\n{}".format(hrule(), self.content, hrule()))
 
+# Synchronize slides in a remote browser
+class Remote(object):
+
+    def __init__(self):
+        self.slide_on_screen = 0
+
+    # Directly go to a specific slide
+    def goto(self, slide_number):
+        subprocess.check_call(["./gotoslide.js", str(slide_number)])
+        self.slide_on_screen = slide_number
+        focus_slides()
+
+    # Offer the opportunity to go step by step to the given slide
+    def catchup(self, slide_number):
+        if self.slide_on_screen > slide_number:
+            return self.goto(slide_number)
+        while self.slide_on_screen < slide_number:
+            if state.interactive:
+                click.clear()
+                print("Catching up on slide: {} -> {}"
+                    .format(self.slide_on_screen, slide_number))
+                print("z/⏎     Zoom to target slide")
+                print("n/→/⎵   Next slide")
+                print("p/←     Previous slide")
+                print("q       Abort remote control")
+                command = click.getchar()
+            else:
+                command = "z"
+            if command in ("z", "\r"):
+                self.goto(slide_number)
+            elif command in ("n", "\x1b[C", " "):
+                self.goto(self.slide_on_screen+1)
+            elif command in ("p", "\x1b[D"):
+                self.goto(self.slide_on_screen-1)
+            elif command == "q":
+                return
+
 
 def focus_slides():
     subprocess.check_output(["i3-msg", "workspace", "3"])
@@ -131,17 +147,14 @@ def focus_browser():
     subprocess.check_output(["i3-msg", "workspace", "1"])
 
 
+remote = Remote()
+state = State()
+
+
 def ansi(code):
     return lambda s: "\x1b[{}m{}\x1b[0m".format(code, s)
 
 
-# Sleeps the indicated delay, but interruptible by pressing ENTER.
-# If interrupted, returns True.
-def interruptible_sleep(t):
-    rfds, _, _ = select.select([0], [], [], t)
-    return 0 in rfds
-
-
 def wait_for_string(s, timeout=TIMEOUT):
     logging.debug("Waiting for string: {}".format(s))
     deadline = time.time() + timeout
@@ -149,7 +162,7 @@ def wait_for_string(s, timeout=TIMEOUT):
         output = capture_pane()
         if s in output:
             return
-        if interruptible_sleep(1): return
+        time.sleep(1)
     raise Exception("Timed out while waiting for {}!".format(s))
 
 
@@ -160,17 +173,11 @@ def wait_for_prompt():
         output = capture_pane()
         # If we are not at the bottom of the screen, there will be a bunch of extra \n's
         output = output.rstrip('\n')
-        last_line = output.split('\n')[-1]
-        # Our custom prompt on the VMs has two lines; the 2nd line is just '$'
-        if last_line == "$":
+        if output.endswith("\n$"):
             return
-        # When we are in an alpine container, the prompt will be "/ #"
-        if last_line == "/ #":
+        if output.endswith("\n/ #"):
             return
-        # We did not recognize a known prompt; wait a bit and check again
-        logging.debug("Could not find a known prompt on last line: {!r}"
-                      .format(last_line))
-        if interruptible_sleep(1): return
+        time.sleep(1)
     raise Exception("Timed out while waiting for prompt!")
 
 
@@ -209,7 +216,7 @@ tmux
 
 2. If you want to control a remote tmux:
 
-rm -f /tmp/tmux-{uid}/default && ssh -t -L /tmp/tmux-{uid}/default:/tmp/tmux-1001/default docker@{ipaddr} tmux new-session -As 0
+rm -f /tmp/tmux-{uid}/default && ssh -t -L /tmp/tmux-{uid}/default:/tmp/tmux-1001/default docker@{ipaddr} tmux
 
 3. If you cannot control a remote tmux:
 
@@ -221,7 +228,8 @@ tmux new-session ssh docker@{ipaddr}
     logging.info("Successfully connected to test cluster in tmux session.")
 
 
-slides = [Slide("Dummy slide zero")]
+
+slides = []
 content = open(sys.argv[1]).read()
 
 # OK, this part is definitely hackish, and will break if the
@@ -239,6 +247,19 @@ for slide in re.split("\n---?\n", content):
         continue
     slides.append(Slide(slide))
 
+actions = []
+for slide in slides:
+    for snippet in slide.snippets:
+        content = snippet.content
+        # Extract the "method" (e.g. bash, keys, ...)
+        # On multi-line snippets, the method is alone on the first line
+        # On single-line snippets, the data follows the method immediately
+        if '\n' in content:
+            method, data = content.split('\n', 1)
+        else:
+            method, data = content.split(' ', 1)
+        actions.append((slide, snippet, method, data))
+
 
 def send_keys(data):
     if state.simulate_type and data[0] != '^':
@@ -246,15 +267,14 @@ def send_keys(data):
             if key == ";":
                 key = "\\;"
             if key == "\n":
-                if interruptible_sleep(1): return
+                time.sleep(1)
             subprocess.check_call(["tmux", "send-keys", key])
-            if interruptible_sleep(0.15*random.random()): return
+            time.sleep(0.2*random.random())
             if key == "\n":
-                if interruptible_sleep(1): return
+                time.sleep(1)
     else:
         subprocess.check_call(["tmux", "send-keys", data])
 
-
 def capture_pane():
     return subprocess.check_output(["tmux", "capture-pane", "-p"]).decode('utf-8')
 
@@ -273,90 +293,63 @@ except Exception as e:
     logging.exception("Could not load state from file.")
     logging.warning("Using default values.")
 
-def move_forward():
-    state.snippet += 1
-    if state.snippet > len(slides[state.slide].snippets):
-        state.slide += 1
-        state.snippet = 0
-    check_bounds()
 
-
-def move_backward():
-    state.snippet -= 1
-    if state.snippet < 0:
-        state.slide -= 1
-        state.snippet = 0
-    check_bounds()
-
-
-def check_bounds():
-    if state.slide < 1:
-        state.slide = 1
-    if state.slide >= len(slides):
-        state.slide = len(slides)-1
-
-
-while True:
+while state.next_step < len(actions):
     state.save()
-    slide = slides[state.slide]
-    snippet = slide.snippets[state.snippet-1] if state.snippet else None
+
+    slide, snippet, method, data = actions[state.next_step]
+
+    # Remove extra spaces (we don't want them in the terminal) and carriage returns
+    data = data.strip()
+
+    # Synchronize the remote slides
+    remote.catchup(slide.number)
+
     click.clear()
-    print("[Slide {}/{}] [Snippet {}/{}] [simulate_type:{}] [verify_status:{}]"
-          .format(state.slide, len(slides)-1,
-                  state.snippet, len(slide.snippets) if slide.snippets else 0,
-                  state.simulate_type, state.verify_status))
     print(hrule())
-    if snippet:
-        print(slide.content.replace(snippet.content, ansi(7)(snippet.content)))
-        focus_terminal()
-    else:
-        print(slide.content)
-        subprocess.check_output(["./gotoslide.js", str(slide.number)])
-        focus_slides()
+    print(slide.content.replace(snippet.content, ansi(7)(snippet.content)))
     print(hrule())
     if state.interactive:
-        print("y/⎵/⏎   Execute snippet or advance to next snippet")
-        print("p/←     Previous")
-        print("n/→     Next")
+        print("simulate_type:{} verify_status:{}".format(state.simulate_type, state.verify_status))
+        print("[{}/{}] Shall we execute that snippet above?".format(state.next_step, len(actions)))
+        print("y/⎵/⏎   Execute snippet")
+        print("p/←     Previous snippet")
+        print("n/→     Next snippet")
         print("s       Simulate keystrokes")
         print("v       Validate exit status")
-        print("g       Go to a specific slide")
+        print("g       Go to a specific snippet")
         print("q       Quit")
         print("c       Continue non-interactively until next error")
         command = click.getchar()
     else:
         command = "y"
 
+    # For now, remove the `highlighted` sections
+    # (Make sure to use $() in shell snippets!)
+    if '`' in data:
+        logging.info("Stripping ` from snippet.")
+        data = data.replace('`', '')
+
     if command in ("n", "\x1b[C"):
-        move_forward()
+        state.next_step += 1
     elif command in ("p", "\x1b[D"):
-        move_backward()
+        state.next_step -= 1
     elif command == "s":
         state.simulate_type = not state.simulate_type
     elif command == "v":
         state.verify_status = not state.verify_status
     elif command == "g":
-        state.slide = click.prompt("Enter slide number", type=int)
-        state.snippet = 0
-        check_bounds()
+        state.next_step = click.prompt("Enter snippet number", type=int)
+        # Special case: if we go to snippet 0, also reset the slides deck
+        if state.next_step == 0:
+            remote.goto(1)
     elif command == "q":
         break
     elif command == "c":
         # continue until next timeout
         state.interactive = False
     elif command in ("y", "\r", " "):
-        if not snippet:
-            # Advance to next snippet
-            # Advance until a slide that has snippets
-            while not slides[state.slide].snippets:
-                move_forward()
-                # But stop if we reach the last slide
-                if state.slide == len(slides)-1:
-                    break
-            # And then advance to the snippet
-            move_forward()
-            continue
-        method, data = snippet.method, snippet.data
+        focus_terminal()
         logging.info("Running with method {}: {}".format(method, data))
         if method == "keys":
             send_keys(data)
@@ -365,21 +358,20 @@ while True:
             wait_for_prompt()
             # Strip leading spaces
             data = re.sub("\n +", "\n", data)
-            # Remove backticks (they are used to highlight sections)
-            data = data.replace('`', '')
             # Add "RETURN" at the end of the command :)
             data += "\n"
             # Send command
             send_keys(data)
             # Force a short sleep to avoid race condition
             time.sleep(0.5)
-            if snippet.next and snippet.next.method == "wait":
-                wait_for_string(snippet.next.data)
-            elif snippet.next and snippet.next.method == "longwait":
-                wait_for_string(snippet.next.data, 10*TIMEOUT)
+            _, _, next_method, next_data = actions[state.next_step+1]
+            if next_method == "wait":
+                wait_for_string(next_data)
+            elif next_method == "longwait":
+                wait_for_string(next_data, 10*TIMEOUT)
             else:
                 wait_for_prompt()
-                # Verify return code
+                # Verify return code FIXME should be optional
                 check_exit_status()
         elif method == "copypaste":
             screen = capture_pane()
@@ -407,7 +399,7 @@ while True:
                 click.getchar()
         else:
             logging.warning("Unknown method {}: {!r}".format(method, data))
-        move_forward()
+        state.next_step += 1
 
     else:
         logging.warning("Unknown command {}.".format(command))

slides/common/about-slides.md

@@ -1,28 +0,0 @@
-## About these slides
-
-- All the content is available in a public GitHub repository:
-
-  https://github.com/jpetazzo/container.training
-
-- You can get updated "builds" of the slides there:
-
-  http://container.training/
-
-<!--
-.exercise[
-```open https://github.com/jpetazzo/container.training```
-```open http://container.training/```
-]
--->
-
---
-
-- Typos? Mistakes? Questions? Feel free to hover over the bottom of the slide ...
-
-.footnote[.emoji[👇] Try it! The source file will be shown and you can view it on GitHub and fork and edit it.]
-
-<!--
-.exercise[
-```open https://github.com/jpetazzo/container.training/tree/master/slides/common/about-slides.md```
-]
--->

slides/common/composedown.md

@@ -1,12 +0,0 @@
-## Clean up
-
-- Before moving on, let's remove those containers
-
-.exercise[
-
-- Tell Compose to remove everything:
-  ```bash
-  docker-compose down
-  ```
-
-]

slides/common/composescale.md

@@ -1,240 +0,0 @@
-## Restarting in the background
-
-- Many flags and commands of Compose are modeled after those of `docker`
-
-.exercise[
-
-- Start the app in the background with the `-d` option:
-  ```bash
-  docker-compose up -d
-  ```
-
-- Check that our app is running with the `ps` command:
-  ```bash
-  docker-compose ps
-  ```
-
-]
-
-`docker-compose ps` also shows the ports exposed by the application.
-
----
-
-class: extra-details
-
-## Viewing logs
-
-- The `docker-compose logs` command works like `docker logs`
-
-.exercise[
-
-- View all logs since container creation and exit when done:
-  ```bash
-  docker-compose logs
-  ```
-
-- Stream container logs, starting at the last 10 lines for each container:
-  ```bash
-  docker-compose logs --tail 10 --follow
-  ```
-
-<!--
-```wait units of work done```
-```keys ^C```
--->
-
-]
-
-Tip: use `^S` and `^Q` to pause/resume log output.
-
----
-
-class: extra-details
-
-## Upgrading from Compose 1.6
-
-.warning[The `logs` command has changed between Compose 1.6 and 1.7!]
-
-- Up to 1.6
-
-  - `docker-compose logs` is the equivalent of `logs --follow`
-
-  - `docker-compose logs` must be restarted if containers are added
-
-- Since 1.7
-
-  - `--follow` must be specified explicitly
-
-  - new containers are automatically picked up by `docker-compose logs`
-
----
-
-## Scaling up the application
-
-- Our goal is to make that performance graph go up (without changing a line of code!)
-
---
-
-- Before trying to scale the application, we'll figure out if we need more resources
-
-  (CPU, RAM...)
-
-- For that, we will use good old UNIX tools on our Docker node
-
----
-
-## Looking at resource usage
-
-- Let's look at CPU, memory, and I/O usage
-
-.exercise[
-
-- run `top` to see CPU and memory usage (you should see idle cycles)
-
-<!--
-```bash top```
-
-```wait Tasks```
-```keys ^C```
--->
-
-- run `vmstat 1` to see I/O usage (si/so/bi/bo)
-  <br/>(the 4 numbers should be almost zero, except `bo` for logging)
-
-<!--
-```bash vmstat 1```
-
-```wait memory```
-```keys ^C```
--->
-
-]
-
-We have available resources.
-
-- Why?
-- How can we use them?
-
----
-
-## Scaling workers on a single node
-
-- Docker Compose supports scaling
-- Let's scale `worker` and see what happens!
-
-.exercise[
-
-- Start one more `worker` container:
-  ```bash
-  docker-compose scale worker=2
-  ```
-
-- Look at the performance graph (it should show a x2 improvement)
-
-- Look at the aggregated logs of our containers (`worker_2` should show up)
-
-- Look at the impact on CPU load with e.g. top (it should be negligible)
-
-]
-
----
-
-## Adding more workers
-
-- Great, let's add more workers and call it a day, then!
-
-.exercise[
-
-- Start eight more `worker` containers:
-  ```bash
-  docker-compose scale worker=10
-  ```
-
-- Look at the performance graph: does it show a x10 improvement?
-
-- Look at the aggregated logs of our containers
-
-- Look at the impact on CPU load and memory usage
-
-]
-
----
-
-# Identifying bottlenecks
-
-- You should have seen a 3x speed bump (not 10x)
-
-- Adding workers didn't result in linear improvement
-
-- *Something else* is slowing us down
-
---
-
-- ... But what?
-
---
-
-- The code doesn't have instrumentation
-
-- Let's use state-of-the-art HTTP performance analysis!
-  <br/>(i.e. good old tools like `ab`, `httping`...)
-
----
-
-## Accessing internal services
-
-- `rng` and `hasher` are exposed on ports 8001 and 8002
-
-- This is declared in the Compose file:
-
-  ```yaml
-    ...
-    rng:
-      build: rng
-      ports:
-      - "8001:80"
-
-    hasher:
-      build: hasher
-      ports:
-      - "8002:80"
-    ...
-  ```
-
----
-
-## Measuring latency under load
-
-We will use `httping`.
-
-.exercise[
-
-- Check the latency of `rng`:
-  ```bash
-  httping -c 3 localhost:8001
-  ```
-
-- Check the latency of `hasher`:
-  ```bash
-  httping -c 3 localhost:8002
-  ```
-
-]
-
-`rng` has a much higher latency than `hasher`.
-
----
-
-## Let's draw hasty conclusions
-
-- The bottleneck seems to be `rng`
-
-- *What if* we don't have enough entropy and can't generate enough random numbers?
-
-- We need to scale out the `rng` service on multiple machines!
-
-Note: this is a fiction! We have enough entropy. But we need a pretext to scale out.
-
-(In fact, the code of `rng` uses `/dev/urandom`, which never runs out of entropy...
-<br/>
-...and is [just as good as `/dev/random`](http://www.slideshare.net/PacSecJP/filippo-plain-simple-reality-of-entropy).)

slides/common/intro.md

@@ -36,3 +36,34 @@ class: self-paced
 
 - If you are doing this on your own:
   <br/>the first chapter will give you various options to get your own cluster
+
+---
+
+## About these slides
+
+- All the content is available in a public GitHub repository:
+
+  https://github.com/jpetazzo/container.training
+
+- You can get updated "builds" of the slides there:
+
+  http://container.training/
+
+<!--
+.exercise[
+```open https://github.com/jpetazzo/container.training```
+```open http://container.training/```
+]
+-->
+
+--
+
+- Typos? Mistakes? Questions? Feel free to hover over the bottom of the slide ...
+
+.footnote[.emoji[👇] Try it! The source file will be shown and you can view it on GitHub and fork and edit it.]
+
+<!--
+.exercise[
+```open https://github.com/jpetazzo/container.training/tree/master/slides/common/intro.md```
+]
+-->

slides/common/prereqs.md

@@ -24,19 +24,13 @@ class: extra-details
 
 ## Extra details
 
-- This slide has a little magnifying glass in the top left corner
+- This slide should have a little magnifying glass in the top left corner
 
-- This magnifiying glass indicates slides that provide extra details
+  (If it doesn't, it's because CSS is hard — Jérôme is only a backend person, alas)
 
-- Feel free to skip them if:
+- Slides with that magnifying glass indicate slides providing extra details
 
-  - you are in a hurry
-
-  - you are new to this and want to avoid cognitive overload
-
-  - you want only the most essential information
-
-- You can review these slides another time if you want, they'll be waiting for you ☺
+- Feel free to skip them if you're in a hurry!
 
 ---
 
@@ -68,9 +62,9 @@ Misattributed to Benjamin Franklin
 
 - This is the stuff you're supposed to do!
 
-- Go to [container.training](http://container.training/) to view these slides
+- Go to [swarm2017.container.training](http://swarm2017.container.training/) to view these slides
 
-- Join the chat room: @@CHAT@@
+- Join the chat room on @@CHAT@@
 
 <!-- ```open http://container.training/``` -->
 
@@ -86,15 +80,15 @@ class: in-person
 
 class: in-person, pic
 
-![You get a cluster](images/you-get-a-cluster.jpg)
+![You get five VMs](images/you-get-five-vms.jpg)
 
 ---
 
 class: in-person
 
-## You get a cluster of cloud VMs
+## You get five VMs
 
-- Each person gets a private cluster of cloud VMs (not shared with anybody else)
+- Each person gets 5 private VMs (not shared with anybody else)
 
 - They'll remain up for the duration of the workshop
 
@@ -159,7 +153,7 @@ class: in-person
 
 <!--
 ```bash
-for N in $(awk '/node/{print $2}' /etc/hosts); do
+for N in $(seq 1 5); do
   ssh -o StrictHostKeyChecking=no node$N true
 done
 ```
@@ -175,7 +169,7 @@ fi
   ```bash
   ssh node2
   ```
-- Type `exit` or `^D` to come back to `node1`
+- Type `exit` or `^D` to come back to node1
 
 <!-- ```bash exit``` -->
 

slides/common/sampleapp.md

@@ -39,15 +39,21 @@ class: extra-details
 
 ---
 
-## Service discovery in container-land
+## Links, naming, and service discovery
 
-- We do not hard-code IP addresses in the code
+- Containers can have network aliases (resolvable through DNS)
 
-- We do not hard-code FQDN in the code, either
+- Compose file version 2+ makes each container reachable through its service name
 
-- We just connect to a service name, and container-magic does the rest
+- Compose file version 1 did require "links" sections
 
-  (And by container-magic, we mean "a crafty, dynamic, embedded DNS server")
+- Our code can connect to services using their short name
+
+  (instead of e.g. IP address or FQDN)
+
+- Network aliases are automatically namespaced
+
+  (i.e. you can have multiple apps declaring and using a service named `database`)
 
 ---
 
@@ -74,26 +80,6 @@ https://github.com/jpetazzo/container.training/blob/8279a3bce9398f7c1a53bdd95187
 
 ---
 
-class: extra-details
-
-## Links, naming, and service discovery
-
-- Containers can have network aliases (resolvable through DNS)
-
-- Compose file version 2+ makes each container reachable through its service name
-
-- Compose file version 1 did require "links" sections
-
-- Network aliases are automatically namespaced
-
-  - you can have multiple apps declaring and using a service named `database`
-
-  - containers in the blue app will resolve `database` to the IP of the blue database
-
-  - containers in the green app will resolve `database` to the IP of the green database
-
----
-
 ## What's this application?
 
 --
@@ -165,6 +151,7 @@ Without further ado, let's start our application.
 
 <!--
 ```longwait units of work done```
+```keys ^C```
 -->
 
 ]
@@ -175,22 +162,100 @@ and displays aggregated logs.
 
 ---
 
-## Our application at work
+## Lots of logs
 
-- On the left-hand side, the "rainbow strip" shows the container names
-
-- On the right-hand side, we see the output of our containers
+- The application continuously generates logs
 
 - We can see the `worker` service making requests to `rng` and `hasher`
 
-- For `rng` and `hasher`, we see HTTP access logs
+- Let's put that in the background
+
+.exercise[
+
+- Stop the application by hitting `^C`
+
+]
+
+- `^C` stops all containers by sending them the `TERM` signal
+
+- Some containers exit immediately, others take longer
+  <br/>(because they don't handle `SIGTERM` and end up being killed after a 10s timeout)
+
+---
+
+## Restarting in the background
+
+- Many flags and commands of Compose are modeled after those of `docker`
+
+.exercise[
+
+- Start the app in the background with the `-d` option:
+  ```bash
+  docker-compose up -d
+  ```
+
+- Check that our app is running with the `ps` command:
+  ```bash
+  docker-compose ps
+  ```
+
+]
+
+`docker-compose ps` also shows the ports exposed by the application.
+
+---
+
+class: extra-details
+
+## Viewing logs
+
+- The `docker-compose logs` command works like `docker logs`
+
+.exercise[
+
+- View all logs since container creation and exit when done:
+  ```bash
+  docker-compose logs
+  ```
+
+- Stream container logs, starting at the last 10 lines for each container:
+  ```bash
+  docker-compose logs --tail 10 --follow
+  ```
+
+<!--
+```wait units of work done```
+```keys ^C```
+-->
+
+]
+
+Tip: use `^S` and `^Q` to pause/resume log output.
+
+---
+
+class: extra-details
+
+## Upgrading from Compose 1.6
+
+.warning[The `logs` command has changed between Compose 1.6 and 1.7!]
+
+- Up to 1.6
+
+  - `docker-compose logs` is the equivalent of `logs --follow`
+
+  - `docker-compose logs` must be restarted if containers are added
+
+- Since 1.7
+
+  - `--follow` must be specified explicitly
+
+  - new containers are automatically picked up by `docker-compose logs`
 
 ---
 
 ## Connecting to the web UI
 
-- "Logs are exciting and fun!" (No-one, ever)
-
 - The `webui` container exposes a web dashboard; let's view it
 
 .exercise[
@@ -229,7 +294,7 @@ work on a local environment, or when using Docker4Mac or Docker4Windows.
 
 How to fix this?
 
-Stop the app with `^C`, edit `dockercoins.yml`, comment out the `volumes` section, and try again.
+Edit `dockercoins.yml` and comment out the `volumes` section, and try again.
 
 ---
 
@@ -273,31 +338,191 @@ class: extra-details
 
 class: extra-details
 
-- "I'm clearly incapable of writing good frontend code!" 😀 — Jérôme
+- Jérôme is clearly incapable of writing good frontend code
 
 ---
 
-## Stopping the application
+## Scaling up the application
 
-- If we interrupt Compose (with `^C`), it will politely ask the Docker Engine to stop the app
+- Our goal is to make that performance graph go up (without changing a line of code!)
 
-- The Docker Engine will send a `TERM` signal to the containers
+--
 
-- If the containers do not exit in a timely manner, the Engine sends a `KILL` signal
+- Before trying to scale the application, we'll figure out if we need more resources
+
+  (CPU, RAM...)
+
+- For that, we will use good old UNIX tools on our Docker node
+
+---
+
+## Looking at resource usage
+
+- Let's look at CPU, memory, and I/O usage
 
 .exercise[
 
-- Stop the application by hitting `^C`
+- run `top` to see CPU and memory usage (you should see idle cycles)
 
 <!--
+```bash top```
+
+```wait Tasks```
+```keys ^C```
+-->
+
+- run `vmstat 1` to see I/O usage (si/so/bi/bo)
+  <br/>(the 4 numbers should be almost zero, except `bo` for logging)
+
+<!--
+```bash vmstat 1```
+
+```wait memory```
 ```keys ^C```
 -->
 
 ]
 
+We have available resources.
+
+- Why?
+- How can we use them?
+
+---
+
+## Scaling workers on a single node
+
+- Docker Compose supports scaling
+- Let's scale `worker` and see what happens!
+
+.exercise[
+
+- Start one more `worker` container:
+  ```bash
+  docker-compose scale worker=2
+  ```
+
+- Look at the performance graph (it should show a x2 improvement)
+
+- Look at the aggregated logs of our containers (`worker_2` should show up)
+
+- Look at the impact on CPU load with e.g. top (it should be negligible)
+
+]
+
+---
+
+## Adding more workers
+
+- Great, let's add more workers and call it a day, then!
+
+.exercise[
+
+- Start eight more `worker` containers:
+  ```bash
+  docker-compose scale worker=10
+  ```
+
+- Look at the performance graph: does it show a x10 improvement?
+
+- Look at the aggregated logs of our containers
+
+- Look at the impact on CPU load and memory usage
+
+]
+
+---
+
+# Identifying bottlenecks
+
+- You should have seen a 3x speed bump (not 10x)
+
+- Adding workers didn't result in linear improvement
+
+- *Something else* is slowing us down
+
 --
 
-Some containers exit immediately, others take longer.
+- ... But what?
 
-The containers that do not handle `SIGTERM` end up being killed after a 10s timeout.
+--
 
+- The code doesn't have instrumentation
+
+- Let's use state-of-the-art HTTP performance analysis!
+  <br/>(i.e. good old tools like `ab`, `httping`...)
+
+---
+
+## Accessing internal services
+
+- `rng` and `hasher` are exposed on ports 8001 and 8002
+
+- This is declared in the Compose file:
+
+  ```yaml
+    ...
+    rng:
+      build: rng
+      ports:
+      - "8001:80"
+
+    hasher:
+      build: hasher
+      ports:
+      - "8002:80"
+    ...
+  ```
+
+---
+
+## Measuring latency under load
+
+We will use `httping`.
+
+.exercise[
+
+- Check the latency of `rng`:
+  ```bash
+  httping -c 3 localhost:8001
+  ```
+
+- Check the latency of `hasher`:
+  ```bash
+  httping -c 3 localhost:8002
+  ```
+
+]
+
+`rng` has a much higher latency than `hasher`.
+
+---
+
+## Let's draw hasty conclusions
+
+- The bottleneck seems to be `rng`
+
+- *What if* we don't have enough entropy and can't generate enough random numbers?
+
+- We need to scale out the `rng` service on multiple machines!
+
+Note: this is a fiction! We have enough entropy. But we need a pretext to scale out.
+
+(In fact, the code of `rng` uses `/dev/urandom`, which never runs out of entropy...
+<br/>
+...and is [just as good as `/dev/random`](http://www.slideshare.net/PacSecJP/filippo-plain-simple-reality-of-entropy).)
+
+---
+
+## Clean up
+
+- Before moving on, let's remove those containers
+
+.exercise[
+
+- Tell Compose to remove everything:
+  ```bash
+  docker-compose down
+  ```
+
+]

slides/common/thankyou.md

@@ -6,6 +6,21 @@ Thank you!
 
 class: title, in-person
 
-That's all, folks! <br/> Questions?
+That's all folks! <br/> Questions?
 
 ![end](images/end.jpg)
+
+---
+
+# Links and resources
+
+- [Docker Community Slack](https://community.docker.com/registrations/groups/4316)
+- [Docker Community Forums](https://forums.docker.com/)
+- [Docker Hub](https://hub.docker.com)
+- [Docker Blog](http://blog.docker.com/)
+- [Docker documentation](http://docs.docker.com/)
+- [Docker on StackOverflow](https://stackoverflow.com/questions/tagged/docker)
+- [Docker on Twitter](http://twitter.com/docker)
+- [Play With Docker Hands-On Labs](http://training.play-with-docker.com/)
+
+.footnote[These slides (and future updates) are on → http://container.training/]

slides/common/title.md

@@ -2,8 +2,6 @@ class: title, self-paced
 
 @@TITLE@@
 
-.nav[*Self-paced version*]
-
 ---
 
 class: title, in-person
@@ -18,4 +16,4 @@ class: title, in-person
 *Thank you!*
 
 **Slides: http://container.training/**
-]
+]

slides/index.html

@@ -66,34 +66,16 @@
 
         <tr><td class="title" colspan="4">Coming soon at a conference near you</td></tr>
 
-        <tr>
-	    <!--
-	     <td>Nothing for now (stay tuned...)</td>
-thing for now (stay tuned...)</td>
-             -->
-            <td>March 14, 2018: Boosterconf — Kubernetes 101</td>
-            <td>&nbsp;</td>
-            <td><a class="attend" href="https://2018.boosterconf.no/talks/1179" />
-        </tr>
+            <!--
+            <td><a class="attend" href="https://qconsf.com/sf2017/workshop/orchestrating-microservices-docker-swarm" /></td>
+            -->
 
         <tr>
-            <td>March 27, 2018: SREcon Americas — Kubernetes 101</td>
-            <td>&nbsp;</td>
-            <td><a class="attend" href="https://www.usenix.org/conference/srecon18americas/presentation/kromhout" />
+            <td>Nothing for now (stay tuned...)</td>
         </tr>
-
-
+        
         <tr><td class="title" colspan="4">Past workshops</td></tr>
 
-	<tr>
-	    <!-- February 22, 2018 -->
-	    <td>IndexConf: Kubernetes 101</td>
-            <td><a class="slides" href="http://indexconf2018.container.training/" /></td>
-	    <!--
-            <td><a class="attend" href="https://developer.ibm.com/indexconf/sessions/#!?id=5474" />
-	    -->
-	</tr>
-
         <tr>
             <td>Kubernetes enablement at Docker</td>
             <td><a class="slides" href="http://kube.container.training/" /></td>
@@ -175,4 +157,4 @@ thing for now (stay tuned...)</td>
     </table>
     </div>
 </body>
-</html>
+</html>

slides/intro-fullday.yml

@@ -12,8 +12,7 @@ exclude:
 chapters:
 - common/title.md
 - logistics.md
-- intro/intro.md
-- common/about-slides.md
+- common/intro.md
 - common/toc.md
 - - intro/Docker_Overview.md
   #- intro/Docker_History.md
@@ -41,4 +40,3 @@ chapters:
   - intro/Compose_For_Dev_Stacks.md
   - intro/Advanced_Dockerfiles.md
   - common/thankyou.md
-  - intro/links.md

slides/intro-selfpaced.yml

@@ -12,8 +12,7 @@ exclude:
 chapters:
 - common/title.md
 # - common/logistics.md
-- intro/intro.md
-- common/about-slides.md
+- common/intro.md
 - common/toc.md
 - - intro/Docker_Overview.md
   #- intro/Docker_History.md
@@ -41,4 +40,3 @@ chapters:
   - intro/Compose_For_Dev_Stacks.md
   - intro/Advanced_Dockerfiles.md
   - common/thankyou.md
-  - intro/links.md

slides/intro/Dockerfile_Tips.md

@@ -90,11 +90,11 @@ COPY <test data sets and fixtures>
 RUN <unit tests>
 FROM <baseimage>
 RUN <install dependencies>
-COPY <code>
+COPY <vcode>
 RUN <build code>
 CMD, EXPOSE ...
 ```
 
-* The build fails as soon as an instruction fails
+* The build fails as soon as an instructions fails
 * If `RUN <unit tests>` fails, the build doesn't produce an image
 * If it succeeds, it produces a clean image (without test libraries and data)

slides/intro/intro.md

@@ -1,38 +0,0 @@
-## A brief introduction
-
-- This was initially written to support in-person,
-  instructor-led workshops and tutorials
-
-- You can also follow along on your own, at your own pace
-
-- We included as much information as possible in these slides
-
-- We recommend having a mentor to help you ...
-
-- ... Or be comfortable spending some time reading the Docker
- [documentation](https://docs.docker.com/) ...
-
-- ... And looking for answers in the [Docker forums](forums.docker.com),
-  [StackOverflow](http://stackoverflow.com/questions/tagged/docker),
-  and other outlets
-
----
-
-class: self-paced
-
-## Hands on, you shall practice
-
-- Nobody ever became a Jedi by spending their lives reading Wookiepedia
-
-- Likewise, it will take more than merely *reading* these slides
-  to make you an expert
-
-- These slides include *tons* of exercises and examples
-
-- They assume that you have acccess to a machine running Docker
-
-- If you are attending a workshop or tutorial:
-  <br/>you will be given specific instructions to access a cloud VM
-
-- If you are doing this on your own:
-  <br/>we will tell you how to install Docker or access a Docker environment

slides/intro/links.md

@@ -1 +0,0 @@
-../swarm/links.md

slides/kube-halfday.yml

@@ -1,11 +1,9 @@
 title: |
   Deploying and Scaling Microservices
-  with Kubernetes
+  with Docker and Kubernetes
 
-
-#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
+chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
 #chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-chat: "In person!"
 
 exclude:
 - self-paced
@@ -13,14 +11,11 @@ exclude:
 chapters:
 - common/title.md
 - logistics.md
-- kube/intro.md
-- common/about-slides.md
+- common/intro.md
 - common/toc.md
 - - common/prereqs.md
   - kube/versions-k8s.md
   - common/sampleapp.md
-  #- common/composescale.md
-  - common/composedown.md
 - - kube/concepts-k8s.md
   - common/declarative.md
   - kube/declarative.md
@@ -36,4 +31,3 @@ chapters:
   - kube/rollout.md
   - kube/whatsnext.md
   - common/thankyou.md
-  - kube/links.md

slides/kube-selfpaced.yml

@@ -11,14 +11,11 @@ exclude:
 chapters:
 - common/title.md
 #- logistics.md
-- kube/intro.md
-- common/about-slides.md
+- common/intro.md
 - common/toc.md
 - - common/prereqs.md
   - kube/versions-k8s.md
   - common/sampleapp.md
-  - common/composescale.md
-  - common/composedown.md
 - - kube/concepts-k8s.md
   - common/declarative.md
   - kube/declarative.md
@@ -34,4 +31,3 @@ chapters:
   - kube/rollout.md
   - kube/whatsnext.md
   - common/thankyou.md
-  - kube/links.md

slides/kube/concepts-k8s.md

@@ -210,24 +210,4 @@ class: pic
 
 ![Node, pod, container](images/k8s-arch3-thanks-weave.png)
 
----
-
-class: pic
-
-![One of the best Kubernetes architecture diagrams available](images/k8s-arch4-thanks-luxas.png)
-
----
-
-## Credits
-
-- The first diagram is courtesy of Weave Works
-
-  - a *pod* can have multiple containers working together
-
-  - IP addresses are associated with *pods*, not with individual containers
-
-- The second diagram is courtesy of Lucas Käldström, in [this presentation](https://speakerdeck.com/luxas/kubeadm-cluster-creation-internals-from-self-hosting-to-upgradability-and-ha)
-
-  - it's one of the best Kubernetes architecture diagrams available!
-
-Both diagrams used with permission.
+(Diagram courtesy of Weave Works, used with permission.)

slides/kube/daemonset.md

@@ -1,33 +1,19 @@
 # Daemon sets
 
-- We want to scale `rng` in a way that is different from how we scaled `worker`
+- Remember: we did all that cluster orchestration business for `rng`
 
 - We want one (and exactly one) instance of `rng` per node
 
-- What if we just scale up `deploy/rng` to the number of nodes?
-
-  - nothing guarantees that the `rng` containers will be distributed evenly
-
-  - if we add nodes later, they will not automatically run a copy of `rng`
-
-  - if we remove (or reboot) a node, one `rng` container will restart elsewhere
+- If we just scale `deploy/rng` to 4, nothing guarantees that they spread
 
 - Instead of a `deployment`, we will use a `daemonset`
 
----
-
-## Daemon sets in practice
-
 - Daemon sets are great for cluster-wide, per-node processes:
 
   - `kube-proxy`
-
   - `weave` (our overlay network)
-
   - monitoring agents
-
   - hardware management tools (e.g. SCSI/FC HBA agents)
-
   - etc.
 
 - They can also be restricted to run [only on some nodes](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/#running-pods-on-only-some-nodes)
@@ -36,7 +22,7 @@
 
 ## Creating a daemon set
 
-- Unfortunately, as of Kubernetes 1.9, the CLI cannot create daemon sets
+- Unfortunately, as of Kubernetes 1.8, the CLI cannot create daemon sets
 
 --
 
@@ -396,7 +382,7 @@ Of course, option 2 offers more learning opportunities. Right?
 
 .exercise[
 
-- Check the logs of all `run=rng` pods to confirm that exactly one per node is now active:
+- Check the logs of all `run=rng` pods to confirm that only 4 of them are now active:
   ```bash
   kubectl logs -l run=rng
   ```
@@ -420,4 +406,4 @@ The timestamps should give us a hint about how many pods are currently receiving
 
 - Bonus exercise 1: clean up the pods of the "old" daemon set
 
-- Bonus exercise 2: how could we have done this to avoid creating new pods?
+- Bonus exercise 2: how could we have done to avoid creating new pods?

slides/kube/dashboard.md

@@ -4,15 +4,11 @@
 
 - We are going to deploy that dashboard with *three commands:*
 
-  1) actually *run* the dashboard
+  - one to actually *run* the dashboard
 
-  2) bypass SSL for the dashboard
+  - one to make the dashboard available from outside
 
-  3) bypass authentication for the dashboard
-
---
-
-There is an additional step to make the dashboard available from outside (we'll get to that)
+  - one to bypass authentication for the dashboard
 
 --
 
@@ -20,7 +16,7 @@ There is an additional step to make the dashboard available from outside (we'll
 
 ---
 
-## 1) Running the dashboard
+## Running the dashboard
 
 - We need to create a *deployment* and a *service* for the dashboard
 
@@ -43,109 +39,11 @@ The goo.gl URL expands to:
 
 ---
 
+## Making the dashboard reachable from outside
 
-## 2) Bypassing SSL for the dashboard
+- The dashboard is exposed through a `ClusterIP` service
 
-- The Kubernetes dashboard uses HTTPS, but we don't have a certificate
-
-- Recent versions of Chrome (63 and later) and Edge will refuse to connect
-
-  (You won't even get the option to ignore a security warning!)
-
-- We could (and should!) get a certificate, e.g. with [Let's Encrypt](https://letsencrypt.org/)
-
-- ... But for convenience, for this workshop, we'll forward HTTP to HTTPS
-
-.warning[Do not do this at home, or even worse, at work!]
-
----
-
-## Running the SSL unwrapper
-
-- We are going to run [`socat`](http://www.dest-unreach.org/socat/doc/socat.html), telling it to accept TCP connections and relay them over SSL
-
-- Then we will expose that `socat` instance with a `NodePort` service
-
-- For convenience, these steps are neatly encapsulated into another YAML file
-
-.exercise[
-
-- Apply the convenient YAML file, and defeat SSL protection:
-  ```bash
-  kubectl apply -f https://goo.gl/tA7GLz
-  ```
-
-]
-
-The goo.gl URL expands to:
-<br/>
-.small[.small[https://gist.githubusercontent.com/jpetazzo/c53a28b5b7fdae88bc3c5f0945552c04/raw/da13ef1bdd38cc0e90b7a4074be8d6a0215e1a65/socat.yaml]]
-
-.warning[All our dashboard traffic is now clear-text, including passwords!]
-
----
-
-## Connecting to the dashboard
-
-
-.exercise[
-
-- Connect to http://oneofournodes:3xxxx/
-
-<!-- ```open https://node1:3xxxx/``` -->
-
-]
-
-The dashboard will then ask you which authentication you want to use.
-
----
-
-## Dashboard authentication
-
-- We have three authentication options at this point:
-
-  - token (associated with a role that has appropriate permissions)
-
-  - kubeconfig (e.g. using the `~/.kube/config` file from `node1`)
-
-  - "skip" (use the dashboard "service account")
-
-- Let's use "skip": we get a bunch of warnings and don't see much
-
----
-
-## 3) Bypass authentication for the dashboard
-
-- The dashboard documentation [explains how to do this](https://github.com/kubernetes/dashboard/wiki/Access-control#admin-privileges)
-
-- We just need to load another YAML file!
-
-.exercise[
-
-- Grant admin privileges to the dashboard so we can see our resources:
-  ```bash
-  kubectl apply -f https://goo.gl/CHsLTA
-  ```
-
-- Reload the dashboard and enjoy!
-
-]
-
---
-
-.warning[By the way, we just added a backdoor to our Kubernetes cluster!]
-
----
-
-## Exposing the dashboard over HTTPS
-
-- We took a shortcut by forwarding HTTP to HTTPS inside the cluster
-
-- Let's expose the dashboard over HTTPS!
-
-- The dashboard is exposed through a `ClusterIP` service (internal traffic only)
-
-- We will change that into a `NodePort` service (accepting outside traffic)
+- We need a `NodePort` service instead
 
 .exercise[
 
@@ -170,8 +68,6 @@ The dashboard will then ask you which authentication you want to use.
 
 - The dashboard was created in the `kube-system` namespace
 
---
-
 .exercise[
 
 - Edit the service:
@@ -187,15 +83,50 @@ The dashboard will then ask you which authentication you want to use.
 
 ---
 
-## Running the Kubernetes dashboard securely
+## Connecting to the dashboard
 
-- The steps that we just showed you are *for educational purposes only!*
+.exercise[
 
-- If you do that on your production cluster, people [can and will abuse it](https://blog.redlock.io/cryptojacking-tesla)
+- Connect to https://oneofournodes:3xxxx/
 
-- For an in-depth discussion about securing the dashboard,
-  <br/>
-  check [this excellent post on Heptio's blog](https://blog.heptio.com/on-securing-the-kubernetes-dashboard-16b09b1b7aca)
+  (You will have to work around the TLS certificate validation warning)
+
+<!-- ```open https://node1:3xxxx/``` -->
+
+]
+
+- We have three authentication options at this point:
+
+  - token (associated with a role that has appropriate permissions)
+
+  - kubeconfig (e.g. using the `~/.kube/config` file from `node1`)
+
+  - "skip" (use the dashboard "service account")
+
+- Let's use "skip": we get a bunch of warnings and don't see much
+
+---
+
+## Granting more rights to the dashboard
+
+- The dashboard documentation [explains how to do](https://github.com/kubernetes/dashboard/wiki/Access-control#admin-privileges)
+
+- We just need to load another YAML file!
+
+.exercise[
+
+- Grant admin privileges to the dashboard so we can see our resources:
+  ```bash
+  kubectl apply -f https://goo.gl/CHsLTA
+  ```
+
+- Reload the dashboard and enjoy!
+
+]
+
+--
+
+.warning[By the way, we just added a backdoor to our Kubernetes cluster!]
 
 ---
 
@@ -248,4 +179,3 @@ The dashboard will then ask you which authentication you want to use.
 - It introduces new failure modes
 
 - Example: the official setup instructions for most pod networks
-

slides/kube/intro.md

@@ -1,35 +0,0 @@
-## A brief introduction
-
-- This was initially written to support in-person,
-  instructor-led workshops and tutorials
-
-- You can also follow along on your own, at your own pace
-
-- We included as much information as possible in these slides
-
-- We recommend having a mentor to help you ...
-
-- ... Or be comfortable spending some time reading the Kubernetes [documentation](https://kubernetes.io/docs/) ...
-
-- ... And looking for answers on [StackOverflow](http://stackoverflow.com/questions/tagged/kubernetes) and other outlets
-
----
-
-class: self-paced
-
-## Hands on, you shall practice
-
-- Nobody ever became a Jedi by spending their lives reading Wookiepedia
-
-- Likewise, it will take more than merely *reading* these slides
-  to make you an expert
-
-- These slides include *tons* of exercises and examples
-
-- They assume that you have access to a Kubernetes cluster
-
-- If you are attending a workshop or tutorial:
-  <br/>you will be given specific instructions to access your cluster
-
-- If you are doing this on your own:
-  <br/>the first chapter will give you various options to get your own cluster

slides/kube/kubectlget.md

@@ -48,7 +48,7 @@
 
 .exercise[
 
-- Give us more info about the nodes:
+- Give us more info about them nodes:
   ```bash
   kubectl get nodes -o wide
   ```
@@ -136,8 +136,7 @@ There is already one service on our cluster: the Kubernetes API itself.
   ```
   
   - `-k` is used to skip certificate verification
-
-  - Make sure to replace 10.96.0.1 with the CLUSTER-IP shown by `kubectl get svc`
+  - Make sure to replace 10.96.0.1 with the CLUSTER-IP shown earlier
 
 ]
 
@@ -174,7 +173,7 @@ The error that we see is expected: the Kubernetes API requires authentication.
 
 ## Namespaces
 
-- Namespaces allow us to segregate resources
+- Namespaces allow to segregate resources
 
 .exercise[
 
@@ -212,11 +211,9 @@ The error that we see is expected: the Kubernetes API requires authentication.
 
 *Ding ding ding ding ding!*
 
-The `kube-system` namespace is used for the control plane.
-
 ---
 
-## What are all these control plane pods?
+## What are all these pods?
 
 - `etcd` is our etcd server
 
@@ -235,34 +232,3 @@ The `kube-system` namespace is used for the control plane.
 - the pods with a name ending with `-node1` are the master components
   <br/>
   (they have been specifically "pinned" to the master node)
-
----
-
-## What about `kube-public`?
-
-.exercise[
-
-- List the pods in the `kube-public` namespace:
-  ```bash
-  kubectl -n kube-public get pods
-  ```
-
-]
-
---
-
-- Maybe it doesn't have pods, but what secrets is `kube-public` keeping?
-
---
-
-.exercise[
-
-- List the secrets in the `kube-public` namespace:
-  ```bash
-  kubectl -n kube-public get secrets
-  ```
-
-]
---
-
-- `kube-public` is created by kubeadm & [used for security bootstrapping](http://blog.kubernetes.io/2017/01/stronger-foundation-for-creating-and-managing-kubernetes-clusters.html)

slides/kube/kubectlrun.md

@@ -245,4 +245,4 @@ at the Google NOC ...
 <br/>
 .small[are we getting 1000 packets per second]
 <br/>
-.small[of ICMP ECHO traffic from these IPs?!?”]
+.small[of ICMP ECHO traffic from EC2 ?!?”]

slides/kube/links-bridget.md

@@ -1,17 +0,0 @@
-# Links and resources
-
-- [Kubernetes Community](https://kubernetes.io/community/) - Slack, Google Groups, meetups
-
-- [Kubernetes on StackOverflow](https://stackoverflow.com/questions/tagged/kubernetes)
-
-- [Play With Kubernetes Hands-On Labs](https://medium.com/@marcosnils/introducing-pwk-play-with-k8s-159fcfeb787b)
-
-- [Azure Container Service](https://docs.microsoft.com/azure/aks/)
-
-- [Cloud Developer Advocates](https://developer.microsoft.com/advocates/)
-
-- [Local meetups](https://www.meetup.com/)
-
-- [devopsdays](https://www.devopsdays.org/)
-
-.footnote[These slides (and future updates) are on → http://container.training/]

slides/kube/links.md

@@ -1,20 +0,0 @@
-# Links and resources
-
-All things Kubernetes:
-
-- [Kubernetes Community](https://kubernetes.io/community/) - Slack, Google Groups, meetups
-- [Kubernetes on StackOverflow](https://stackoverflow.com/questions/tagged/kubernetes)
-- [Play With Kubernetes Hands-On Labs](https://medium.com/@marcosnils/introducing-pwk-play-with-k8s-159fcfeb787b)
-
-All things Docker:
-
-- [Docker documentation](http://docs.docker.com/)
-- [Docker Hub](https://hub.docker.com)
-- [Docker on StackOverflow](https://stackoverflow.com/questions/tagged/docker)
-- [Play With Docker Hands-On Labs](http://training.play-with-docker.com/)
-
-Everything else:
-
-- [Local meetups](https://www.meetup.com/)
-
-.footnote[These slides (and future updates) are on → http://container.training/]

slides/kube/ourapponkube.md

@@ -40,7 +40,7 @@ In this part, we will:
 
 - We could use the Docker Hub
 
-- Or a service offered by our cloud provider (ACR, GCR, ECR...)
+- Or a service offered by our cloud provider (GCR, ECR...)
 
 - Or we could just self-host that registry
 
@@ -185,7 +185,6 @@ The curl command should now output:
 - Build and push the images:
   ```bash
   export REGISTRY
-  export TAG=v0.1
   docker-compose -f dockercoins.yml build
   docker-compose -f dockercoins.yml push
   ```
@@ -221,30 +220,6 @@ services:
 
 ---
 
-class: extra-details
-
-## Avoiding the `latest` tag
-
-.warning[Make sure that you've set the `TAG` variable properly!]
-
-- If you don't, the tag will default to `latest`
-
-- The problem with `latest`: nobody knows what it points to!
-
-  - the latest commit in the repo?
-
-  - the latest commit in some branch? (Which one?)
-
-  - the latest tag?
-
-  - some random version pushed by a random team member?
-
-- If you keep pushing the `latest` tag, how do you roll back?
-
-- Image tags should be meaningful, i.e. correspond to code branches, tags, or hashes
-
----
-
 ## Deploying all the things
 
 - We can now deploy our code (as well as a redis instance)
@@ -259,7 +234,7 @@ class: extra-details
 - Deploy everything else:
   ```bash
     for SERVICE in hasher rng webui worker; do
-      kubectl run $SERVICE --image=$REGISTRY/$SERVICE:$TAG
+      kubectl run $SERVICE --image=$REGISTRY/$SERVICE
     done
   ```
 
@@ -293,7 +268,7 @@ class: extra-details
 
 ---
 
-# Exposing services internally
+# Exposing services internally 
 
 - Three deployments need to be reachable by others: `hasher`, `redis`, `rng`
 

slides/kube/setup-k8s.md

@@ -4,7 +4,7 @@
 
 --
 
-- We used `kubeadm` on freshly installed VM instances running Ubuntu 16.04 LTS
+- We used `kubeadm` on "fresh" EC2 instances with Ubuntu 16.04 LTS
 
     1. Install Docker
 
@@ -36,27 +36,26 @@
 
 --
 
-- "It's still twice as many steps as setting up a Swarm cluster 😕" -- Jérôme
+- It's still twice as many steps as setting up a Swarm cluster 😕
 
 ---
 
 ## Other deployment options
 
-- If you are on Azure:
-  [AKS](https://azure.microsoft.com/services/container-service/)
-
 - If you are on Google Cloud:
-  [GKE](https://cloud.google.com/kubernetes-engine/)
+  [GKE](https://cloud.google.com/container-engine/)
+
+  Empirically the best Kubernetes deployment out there
 
 - If you are on AWS:
-  [EKS](https://aws.amazon.com/eks/)
-  or
   [kops](https://github.com/kubernetes/kops)
 
+  ... But with AWS re:invent just around the corner, expect some changes
+
 - On a local machine:
   [minikube](https://kubernetes.io/docs/getting-started-guides/minikube/),
   [kubespawn](https://github.com/kinvolk/kube-spawn),
-  [Docker4Mac](https://docs.docker.com/docker-for-mac/kubernetes/)
+  [Docker4Mac (coming soon)](https://beta.docker.com/)
 
 - If you want something customizable:
   [kubicorn](https://github.com/kris-nova/kubicorn)

slides/kube/versions-k8s.md

@@ -1,8 +1,8 @@
-## Versions installed
+## Brand new versions!
 
-- Kubernetes 1.9.3
-- Docker Engine 18.02.0-ce
-- Docker Compose 1.18.0
+- Kubernetes 1.8
+- Docker Engine 17.11
+- Docker Compose 1.17
 
 
 .exercise[

slides/kube/whatsnext.md

@@ -133,7 +133,6 @@ And *then* it is time to look at orchestration!
   - YAML resources descriptions committed to a repo
   - [Helm](https://github.com/kubernetes/helm) (~package manager)
   - [Spinnaker](https://www.spinnaker.io/) (Netflix' CD platform)
-  - [Brigade](https://brigade.sh/) (event-driven scripting; no YAML)
 
 ---
 
@@ -161,7 +160,7 @@ Sorry Star Trek fans, this is not the federation you're looking for!
 
 - Raft recommends low latency between nodes
 
-- What if our cluster spreads to multiple regions?
+- What if our cluster spreads multiple regions?
 
 --
 

slides/logistics-bridget.md

@@ -1,16 +0,0 @@
-## Intros
-
- - Hello! We are:
-
-   - .emoji[✨] Bridget ([@bridgetkromhout](https://twitter.com/bridgetkromhout))
-
-   - .emoji[🌟] Joe ([@joelaha](https://twitter.com/joelaha))
-
-- The workshop will run from 13:30-16:45
-
-- There will be a break from 15:00-15:15
-
-- Feel free to interrupt for questions at any time
-
-- *Especially when you see full screen container pictures!*
-

slides/package-lock.json

@@ -0,0 +1,601 @@
+{
+  "requires": true,
+  "lockfileVersion": 1,
+  "dependencies": {
+    "accepts": {
+      "version": "1.3.4",
+      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.4.tgz",
+      "integrity": "sha1-hiRnWMfdbSGmR0/whKR0DsBesh8=",
+      "requires": {
+        "mime-types": "2.1.17",
+        "negotiator": "0.6.1"
+      }
+    },
+    "after": {
+      "version": "0.8.2",
+      "resolved": "https://registry.npmjs.org/after/-/after-0.8.2.tgz",
+      "integrity": "sha1-/ts5T58OAqqXaOcCvaI7UF+ufh8="
+    },
+    "array-flatten": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
+      "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI="
+    },
+    "arraybuffer.slice": {
+      "version": "0.0.6",
+      "resolved": "https://registry.npmjs.org/arraybuffer.slice/-/arraybuffer.slice-0.0.6.tgz",
+      "integrity": "sha1-8zshWfBTKj8xB6JywMz70a0peco="
+    },
+    "async-limiter": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.0.tgz",
+      "integrity": "sha512-jp/uFnooOiO+L211eZOoSyzpOITMXx1rBITauYykG3BRYPu8h0UcxsPNB04RR5vo4Tyz3+ay17tR6JVf9qzYWg=="
+    },
+    "backo2": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/backo2/-/backo2-1.0.2.tgz",
+      "integrity": "sha1-MasayLEpNjRj41s+u2n038+6eUc="
+    },
+    "base64-arraybuffer": {
+      "version": "0.1.5",
+      "resolved": "https://registry.npmjs.org/base64-arraybuffer/-/base64-arraybuffer-0.1.5.tgz",
+      "integrity": "sha1-c5JncZI7Whl0etZmqlzUv5xunOg="
+    },
+    "base64id": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/base64id/-/base64id-1.0.0.tgz",
+      "integrity": "sha1-R2iMuZu2gE8OBtPnY7HDLlfY5rY="
+    },
+    "better-assert": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/better-assert/-/better-assert-1.0.2.tgz",
+      "integrity": "sha1-QIZrnhueC1W0gYlDEeaPr/rrxSI=",
+      "requires": {
+        "callsite": "1.0.0"
+      }
+    },
+    "blob": {
+      "version": "0.0.4",
+      "resolved": "https://registry.npmjs.org/blob/-/blob-0.0.4.tgz",
+      "integrity": "sha1-vPEwUspURj8w+fx+lbmkdjCpSSE="
+    },
+    "body-parser": {
+      "version": "1.18.2",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.18.2.tgz",
+      "integrity": "sha1-h2eKGdhLR9hZuDGZvVm84iKxBFQ=",
+      "requires": {
+        "bytes": "3.0.0",
+        "content-type": "1.0.4",
+        "debug": "2.6.9",
+        "depd": "1.1.1",
+        "http-errors": "1.6.2",
+        "iconv-lite": "0.4.19",
+        "on-finished": "2.3.0",
+        "qs": "6.5.1",
+        "raw-body": "2.3.2",
+        "type-is": "1.6.15"
+      }
+    },
+    "bytes": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.0.0.tgz",
+      "integrity": "sha1-0ygVQE1olpn4Wk6k+odV3ROpYEg="
+    },
+    "callsite": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/callsite/-/callsite-1.0.0.tgz",
+      "integrity": "sha1-KAOY5dZkvXQDi28JBRU+borxvCA="
+    },
+    "component-bind": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/component-bind/-/component-bind-1.0.0.tgz",
+      "integrity": "sha1-AMYIq33Nk4l8AAllGx06jh5zu9E="
+    },
+    "component-emitter": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.2.1.tgz",
+      "integrity": "sha1-E3kY1teCg/ffemt8WmPhQOaUJeY="
+    },
+    "component-inherit": {
+      "version": "0.0.3",
+      "resolved": "https://registry.npmjs.org/component-inherit/-/component-inherit-0.0.3.tgz",
+      "integrity": "sha1-ZF/ErfWLcrZJ1crmUTVhnbJv8UM="
+    },
+    "content-disposition": {
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.2.tgz",
+      "integrity": "sha1-DPaLud318r55YcOoUXjLhdunjLQ="
+    },
+    "content-type": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
+      "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA=="
+    },
+    "cookie": {
+      "version": "0.3.1",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz",
+      "integrity": "sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s="
+    },
+    "cookie-signature": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
+      "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw="
+    },
+    "debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "requires": {
+        "ms": "2.0.0"
+      }
+    },
+    "depd": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.1.tgz",
+      "integrity": "sha1-V4O04cRZ8G+lyif5kfPQbnoxA1k="
+    },
+    "destroy": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz",
+      "integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA="
+    },
+    "ee-first": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
+      "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
+    },
+    "encodeurl": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.1.tgz",
+      "integrity": "sha1-eePVhlU0aQn+bw9Fpd5oEDspTSA="
+    },
+    "engine.io": {
+      "version": "3.1.4",
+      "resolved": "https://registry.npmjs.org/engine.io/-/engine.io-3.1.4.tgz",
+      "integrity": "sha1-PQIRtwpVLOhB/8fahiezAamkFi4=",
+      "requires": {
+        "accepts": "1.3.3",
+        "base64id": "1.0.0",
+        "cookie": "0.3.1",
+        "debug": "2.6.9",
+        "engine.io-parser": "2.1.1",
+        "uws": "0.14.5",
+        "ws": "3.3.3"
+      },
+      "dependencies": {
+        "accepts": {
+          "version": "1.3.3",
+          "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.3.tgz",
+          "integrity": "sha1-w8p0NJOGSMPg2cHjKN1otiLChMo=",
+          "requires": {
+            "mime-types": "2.1.17",
+            "negotiator": "0.6.1"
+          }
+        }
+      }
+    },
+    "engine.io-client": {
+      "version": "3.1.4",
+      "resolved": "https://registry.npmjs.org/engine.io-client/-/engine.io-client-3.1.4.tgz",
+      "integrity": "sha1-T88TcLRxY70s6b4nM5ckMDUNTqE=",
+      "requires": {
+        "component-emitter": "1.2.1",
+        "component-inherit": "0.0.3",
+        "debug": "2.6.9",
+        "engine.io-parser": "2.1.1",
+        "has-cors": "1.1.0",
+        "indexof": "0.0.1",
+        "parseqs": "0.0.5",
+        "parseuri": "0.0.5",
+        "ws": "3.3.3",
+        "xmlhttprequest-ssl": "1.5.4",
+        "yeast": "0.1.2"
+      }
+    },
+    "engine.io-parser": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-2.1.1.tgz",
+      "integrity": "sha1-4Ps/DgRi9/WLt3waUun1p+JuRmg=",
+      "requires": {
+        "after": "0.8.2",
+        "arraybuffer.slice": "0.0.6",
+        "base64-arraybuffer": "0.1.5",
+        "blob": "0.0.4",
+        "has-binary2": "1.0.2"
+      }
+    },
+    "escape-html": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
+      "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg="
+    },
+    "etag": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
+      "integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc="
+    },
+    "express": {
+      "version": "4.16.2",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.16.2.tgz",
+      "integrity": "sha1-41xt/i1kt9ygpc1PIXgb4ymeB2w=",
+      "requires": {
+        "accepts": "1.3.4",
+        "array-flatten": "1.1.1",
+        "body-parser": "1.18.2",
+        "content-disposition": "0.5.2",
+        "content-type": "1.0.4",
+        "cookie": "0.3.1",
+        "cookie-signature": "1.0.6",
+        "debug": "2.6.9",
+        "depd": "1.1.1",
+        "encodeurl": "1.0.1",
+        "escape-html": "1.0.3",
+        "etag": "1.8.1",
+        "finalhandler": "1.1.0",
+        "fresh": "0.5.2",
+        "merge-descriptors": "1.0.1",
+        "methods": "1.1.2",
+        "on-finished": "2.3.0",
+        "parseurl": "1.3.2",
+        "path-to-regexp": "0.1.7",
+        "proxy-addr": "2.0.2",
+        "qs": "6.5.1",
+        "range-parser": "1.2.0",
+        "safe-buffer": "5.1.1",
+        "send": "0.16.1",
+        "serve-static": "1.13.1",
+        "setprototypeof": "1.1.0",
+        "statuses": "1.3.1",
+        "type-is": "1.6.15",
+        "utils-merge": "1.0.1",
+        "vary": "1.1.2"
+      }
+    },
+    "finalhandler": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.0.tgz",
+      "integrity": "sha1-zgtoVbRYU+eRsvzGgARtiCU91/U=",
+      "requires": {
+        "debug": "2.6.9",
+        "encodeurl": "1.0.1",
+        "escape-html": "1.0.3",
+        "on-finished": "2.3.0",
+        "parseurl": "1.3.2",
+        "statuses": "1.3.1",
+        "unpipe": "1.0.0"
+      }
+    },
+    "forwarded": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.1.2.tgz",
+      "integrity": "sha1-mMI9qxF1ZXuMBXPozszZGw/xjIQ="
+    },
+    "fresh": {
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
+      "integrity": "sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac="
+    },
+    "has-binary2": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/has-binary2/-/has-binary2-1.0.2.tgz",
+      "integrity": "sha1-6D26SfC5vk0CbSc2U1DZ8D9Uvpg=",
+      "requires": {
+        "isarray": "2.0.1"
+      }
+    },
+    "has-cors": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/has-cors/-/has-cors-1.1.0.tgz",
+      "integrity": "sha1-XkdHk/fqmEPRu5nCPu9J/xJv/zk="
+    },
+    "http-errors": {
+      "version": "1.6.2",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.2.tgz",
+      "integrity": "sha1-CgAsyFcHGSp+eUbO7cERVfYOxzY=",
+      "requires": {
+        "depd": "1.1.1",
+        "inherits": "2.0.3",
+        "setprototypeof": "1.0.3",
+        "statuses": "1.3.1"
+      },
+      "dependencies": {
+        "setprototypeof": {
+          "version": "1.0.3",
+          "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.0.3.tgz",
+          "integrity": "sha1-ZlZ+NwQ+608E2RvWWMDL77VbjgQ="
+        }
+      }
+    },
+    "iconv-lite": {
+      "version": "0.4.19",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.19.tgz",
+      "integrity": "sha512-oTZqweIP51xaGPI4uPa56/Pri/480R+mo7SeU+YETByQNhDG55ycFyNLIgta9vXhILrxXDmF7ZGhqZIcuN0gJQ=="
+    },
+    "indexof": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/indexof/-/indexof-0.0.1.tgz",
+      "integrity": "sha1-gtwzbSMrkGIXnQWrMpOmYFn9Q10="
+    },
+    "inherits": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
+      "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4="
+    },
+    "ipaddr.js": {
+      "version": "1.5.2",
+      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.5.2.tgz",
+      "integrity": "sha1-1LUFvemUaYfM8PxY2QEP+WB+P6A="
+    },
+    "isarray": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.1.tgz",
+      "integrity": "sha1-o32U7ZzaLVmGXJ92/llu4fM4dB4="
+    },
+    "media-typer": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
+      "integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g="
+    },
+    "merge-descriptors": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
+      "integrity": "sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E="
+    },
+    "methods": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
+      "integrity": "sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4="
+    },
+    "mime": {
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-1.4.1.tgz",
+      "integrity": "sha512-KI1+qOZu5DcW6wayYHSzR/tXKCDC5Om4s1z2QJjDULzLcmf3DvzS7oluY4HCTrc+9FiKmWUgeNLg7W3uIQvxtQ=="
+    },
+    "mime-db": {
+      "version": "1.30.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.30.0.tgz",
+      "integrity": "sha1-dMZD2i3Z1qRTmZY0ZbJtXKfXHwE="
+    },
+    "mime-types": {
+      "version": "2.1.17",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.17.tgz",
+      "integrity": "sha1-Cdejk/A+mVp5+K+Fe3Cp4KsWVXo=",
+      "requires": {
+        "mime-db": "1.30.0"
+      }
+    },
+    "ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
+    },
+    "negotiator": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.1.tgz",
+      "integrity": "sha1-KzJxhOiZIQEXeyhWP7XnECrNDKk="
+    },
+    "object-component": {
+      "version": "0.0.3",
+      "resolved": "https://registry.npmjs.org/object-component/-/object-component-0.0.3.tgz",
+      "integrity": "sha1-8MaapQ78lbhmwYb0AKM3acsvEpE="
+    },
+    "on-finished": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
+      "integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=",
+      "requires": {
+        "ee-first": "1.1.1"
+      }
+    },
+    "parseqs": {
+      "version": "0.0.5",
+      "resolved": "https://registry.npmjs.org/parseqs/-/parseqs-0.0.5.tgz",
+      "integrity": "sha1-1SCKNzjkZ2bikbouoXNoSSGouJ0=",
+      "requires": {
+        "better-assert": "1.0.2"
+      }
+    },
+    "parseuri": {
+      "version": "0.0.5",
+      "resolved": "https://registry.npmjs.org/parseuri/-/parseuri-0.0.5.tgz",
+      "integrity": "sha1-gCBKUNTbt3m/3G6+J3jZDkvOMgo=",
+      "requires": {
+        "better-assert": "1.0.2"
+      }
+    },
+    "parseurl": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.2.tgz",
+      "integrity": "sha1-/CidTtiZMRlGDBViUyYs3I3mW/M="
+    },
+    "path-to-regexp": {
+      "version": "0.1.7",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
+      "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="
+    },
+    "proxy-addr": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.2.tgz",
+      "integrity": "sha1-ZXFQT0e7mI7IGAJT+F3X4UlSvew=",
+      "requires": {
+        "forwarded": "0.1.2",
+        "ipaddr.js": "1.5.2"
+      }
+    },
+    "qs": {
+      "version": "6.5.1",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.1.tgz",
+      "integrity": "sha512-eRzhrN1WSINYCDCbrz796z37LOe3m5tmW7RQf6oBntukAG1nmovJvhnwHHRMAfeoItc1m2Hk02WER2aQ/iqs+A=="
+    },
+    "range-parser": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz",
+      "integrity": "sha1-9JvmtIeJTdxA3MlKMi9hEJLgDV4="
+    },
+    "raw-body": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.3.2.tgz",
+      "integrity": "sha1-vNYMd9Prk83gBQKVw/N5OJvIj4k=",
+      "requires": {
+        "bytes": "3.0.0",
+        "http-errors": "1.6.2",
+        "iconv-lite": "0.4.19",
+        "unpipe": "1.0.0"
+      }
+    },
+    "safe-buffer": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz",
+      "integrity": "sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg=="
+    },
+    "send": {
+      "version": "0.16.1",
+      "resolved": "https://registry.npmjs.org/send/-/send-0.16.1.tgz",
+      "integrity": "sha512-ElCLJdJIKPk6ux/Hocwhk7NFHpI3pVm/IZOYWqUmoxcgeyM+MpxHHKhb8QmlJDX1pU6WrgaHBkVNm73Sv7uc2A==",
+      "requires": {
+        "debug": "2.6.9",
+        "depd": "1.1.1",
+        "destroy": "1.0.4",
+        "encodeurl": "1.0.1",
+        "escape-html": "1.0.3",
+        "etag": "1.8.1",
+        "fresh": "0.5.2",
+        "http-errors": "1.6.2",
+        "mime": "1.4.1",
+        "ms": "2.0.0",
+        "on-finished": "2.3.0",
+        "range-parser": "1.2.0",
+        "statuses": "1.3.1"
+      }
+    },
+    "serve-static": {
+      "version": "1.13.1",
+      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.13.1.tgz",
+      "integrity": "sha512-hSMUZrsPa/I09VYFJwa627JJkNs0NrfL1Uzuup+GqHfToR2KcsXFymXSV90hoyw3M+msjFuQly+YzIH/q0MGlQ==",
+      "requires": {
+        "encodeurl": "1.0.1",
+        "escape-html": "1.0.3",
+        "parseurl": "1.3.2",
+        "send": "0.16.1"
+      }
+    },
+    "setprototypeof": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.0.tgz",
+      "integrity": "sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ=="
+    },
+    "socket.io": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/socket.io/-/socket.io-2.0.4.tgz",
+      "integrity": "sha1-waRZDO/4fs8TxyZS8Eb3FrKeYBQ=",
+      "requires": {
+        "debug": "2.6.9",
+        "engine.io": "3.1.4",
+        "socket.io-adapter": "1.1.1",
+        "socket.io-client": "2.0.4",
+        "socket.io-parser": "3.1.2"
+      }
+    },
+    "socket.io-adapter": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-1.1.1.tgz",
+      "integrity": "sha1-KoBeihTWNyEk3ZFZrUUC+MsH8Gs="
+    },
+    "socket.io-client": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/socket.io-client/-/socket.io-client-2.0.4.tgz",
+      "integrity": "sha1-CRilUkBtxeVAs4Dc2Xr8SmQzL44=",
+      "requires": {
+        "backo2": "1.0.2",
+        "base64-arraybuffer": "0.1.5",
+        "component-bind": "1.0.0",
+        "component-emitter": "1.2.1",
+        "debug": "2.6.9",
+        "engine.io-client": "3.1.4",
+        "has-cors": "1.1.0",
+        "indexof": "0.0.1",
+        "object-component": "0.0.3",
+        "parseqs": "0.0.5",
+        "parseuri": "0.0.5",
+        "socket.io-parser": "3.1.2",
+        "to-array": "0.1.4"
+      }
+    },
+    "socket.io-parser": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-3.1.2.tgz",
+      "integrity": "sha1-28IoIVH8T6675Aru3Ady66YZ9/I=",
+      "requires": {
+        "component-emitter": "1.2.1",
+        "debug": "2.6.9",
+        "has-binary2": "1.0.2",
+        "isarray": "2.0.1"
+      }
+    },
+    "statuses": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.3.1.tgz",
+      "integrity": "sha1-+vUbnrdKrvOzrPStX2Gr8ky3uT4="
+    },
+    "to-array": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/to-array/-/to-array-0.1.4.tgz",
+      "integrity": "sha1-F+bBH3PdTz10zaek/zI46a2b+JA="
+    },
+    "type-is": {
+      "version": "1.6.15",
+      "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.15.tgz",
+      "integrity": "sha1-yrEPtJCeRByChC6v4a1kbIGARBA=",
+      "requires": {
+        "media-typer": "0.3.0",
+        "mime-types": "2.1.17"
+      }
+    },
+    "ultron": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/ultron/-/ultron-1.1.1.tgz",
+      "integrity": "sha512-UIEXBNeYmKptWH6z8ZnqTeS8fV74zG0/eRU9VGkpzz+LIJNs8W/zM/L+7ctCkRrgbNnnR0xxw4bKOr0cW0N0Og=="
+    },
+    "unpipe": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
+      "integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw="
+    },
+    "utils-merge": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
+      "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM="
+    },
+    "uws": {
+      "version": "0.14.5",
+      "resolved": "https://registry.npmjs.org/uws/-/uws-0.14.5.tgz",
+      "integrity": "sha1-Z6rzPEaypYel9mZtAPdpEyjxSdw=",
+      "optional": true
+    },
+    "vary": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
+      "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
+    },
+    "ws": {
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-3.3.3.tgz",
+      "integrity": "sha512-nnWLa/NwZSt4KQJu51MYlCcSQ5g7INpOrOMt4XV8j4dqTXdmlUmSHQ8/oLC069ckre0fRsgfvsKwbTdtKLCDkA==",
+      "requires": {
+        "async-limiter": "1.0.0",
+        "safe-buffer": "5.1.1",
+        "ultron": "1.1.1"
+      }
+    },
+    "xmlhttprequest-ssl": {
+      "version": "1.5.4",
+      "resolved": "https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.5.4.tgz",
+      "integrity": "sha1-BPVgkVcks4kIhxXMDteBPpZ3v1c="
+    },
+    "yeast": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/yeast/-/yeast-0.1.2.tgz",
+      "integrity": "sha1-AI4G2AlDIMNy28L47XagymyKxBk="
+    }
+  }
+}

slides/swarm-fullday.yml

@@ -16,14 +16,11 @@ exclude:
 chapters:
 - common/title.md
 - logistics.md
-- swarm/intro.md
-- common/about-slides.md
+- common/intro.md
 - common/toc.md
 - - common/prereqs.md
   - swarm/versions.md
   - common/sampleapp.md
-  - common/composescale.md
-  - common/composedown.md
   - swarm/swarmkit.md
   - common/declarative.md
   - swarm/swarmmode.md
@@ -54,4 +51,3 @@ chapters:
   - swarm/stateful.md
   - swarm/extratips.md
   - common/thankyou.md
-  - swarm/links.md

slides/swarm-halfday.yml

@@ -16,14 +16,11 @@ exclude:
 chapters:
 - common/title.md
 - logistics.md
-- swarm/intro.md
-- common/about-slides.md
+- common/intro.md
 - common/toc.md
 - - common/prereqs.md
   - swarm/versions.md
   - common/sampleapp.md
-  - common/composescale.md
-  - common/composedown.md
   - swarm/swarmkit.md
   - common/declarative.md
   - swarm/swarmmode.md
@@ -54,4 +51,3 @@ chapters:
   #- swarm/stateful.md
   #- swarm/extratips.md
   - common/thankyou.md
-  - swarm/links.md

slides/swarm-selfpaced.yml

@@ -11,8 +11,7 @@ exclude:
 chapters:
 - common/title.md
 #- common/logistics.md
-- swarm/intro.md
-- common/about-slides.md
+- common/intro.md
 - common/toc.md
 - - common/prereqs.md
   - swarm/versions.md
@@ -23,8 +22,6 @@ chapters:
 
     Part 1
   - common/sampleapp.md
-  - common/composescale.md
-  - common/composedown.md
   - swarm/swarmkit.md
   - common/declarative.md
   - swarm/swarmmode.md
@@ -63,4 +60,3 @@ chapters:
   - swarm/stateful.md
   - swarm/extratips.md
   - common/thankyou.md
-  - swarm/links.md

slides/swarm-video.yml

@@ -6,25 +6,17 @@ chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
 
 exclude:
 - in-person
+- extra-details
 - btp-auto
 
 chapters:
 - common/title.md
 #- common/logistics.md
-- swarm/intro.md
-- common/about-slides.md
+- common/intro.md
 - common/toc.md
 - - common/prereqs.md
   - swarm/versions.md
-  - |
-    name: part-1
-
-    class: title, self-paced
-
-    Part 1
   - common/sampleapp.md
-  - common/composescale.md
-  - common/composedown.md
   - swarm/swarmkit.md
   - common/declarative.md
   - swarm/swarmmode.md
@@ -38,12 +30,6 @@ chapters:
   - swarm/btp-manual.md
   - swarm/swarmready.md
   - swarm/compose2swarm.md
-  - |
-    name: part-2
-
-    class: title, self-paced
-
-    Part 2
 - - swarm/operatingswarm.md
   #- swarm/netshoot.md
   #- swarm/swarmnbt.md
@@ -55,12 +41,11 @@ chapters:
   - swarm/swarmtools.md
 - - swarm/security.md
   - swarm/secrets.md
-  - swarm/encryptionatrest.md
+  #- swarm/encryptionatrest.md
   - swarm/leastprivilege.md
   - swarm/apiscope.md
   #- swarm/logging.md
   #- swarm/metrics.md
   - swarm/stateful.md
-  - swarm/extratips.md
+  #- swarm/extratips.md
   - common/thankyou.md
-  - swarm/links.md

slides/swarm/links.md

@@ -1,12 +0,0 @@
-# Links and resources
-
-- [Docker Community Slack](https://community.docker.com/registrations/groups/4316)
-- [Docker Community Forums](https://forums.docker.com/)
-- [Docker Hub](https://hub.docker.com)
-- [Docker Blog](http://blog.docker.com/)
-- [Docker documentation](http://docs.docker.com/)
-- [Docker on StackOverflow](https://stackoverflow.com/questions/tagged/docker)
-- [Docker on Twitter](http://twitter.com/docker)
-- [Play With Docker Hands-On Labs](http://training.play-with-docker.com/)
-
-.footnote[These slides (and future updates) are on → http://container.training/]

slides/swarm/morenodes.md

@@ -22,7 +22,7 @@ With Play-With-Docker:
 
 ```bash
 TOKEN=$(docker swarm join-token -q manager)
-for N in $(seq 3 5); do
+for N in $(seq 4 5); do
   export DOCKER_HOST=tcp://node$N:2375
   docker swarm join --token $TOKEN node1:2377
 done

slides/swarm/operatingswarm.md

@@ -10,7 +10,7 @@ Otherwise: check [part 1](#part-1) to learn how to set up your own cluster.
 
 We pick up exactly where we left you, so we assume that you have:
 
-- a Swarm cluster with at least 3 nodes,
+- a five nodes Swarm cluster,
 
 - a self-hosted registry,