fix-redirects.sh: adding forced redirect

Fix option

k8s/efk.yaml

@@ -72,6 +72,8 @@ spec:
             value: "elastic"
           - name: FLUENT_ELASTICSEARCH_PASSWORD
             value: "changeme"
+          - name: FLUENT_UID
+            value: "0"
         resources:
           limits:
             memory: 200Mi

k8s/haproxy.cfg

@@ -14,5 +14,5 @@ frontend the-frontend
 
 backend the-backend
   server google.com-80 google.com:80 maxconn 32 check
-  server bing.com-80 bing.com:80 maxconn 32 check
+  server ibm.fr-80 ibm.fr:80 maxconn 32 check
 

k8s/kaniko-build.yaml

@@ -19,7 +19,7 @@ spec:
     image: gcr.io/kaniko-project/executor:latest
     args:
       - "--context=/workspace/dockercoins/rng"
-      - "--skip-tls-verify"
+      - "--insecure"
       - "--destination=registry:5000/rng-kaniko:latest"
     volumeMounts:
     - name: workspace

k8s/postgres.yaml

@@ -17,7 +17,7 @@ spec:
       - name: postgres
         image: postgres:10.5
         volumeMounts:
-        - mountPath: /var/lib/postgresql
+        - mountPath: /var/lib/postgresql/data
           name: postgres
   volumeClaimTemplates:
   - metadata:

prepare-vms/lib/commands.sh

@@ -134,13 +134,13 @@ _cmd_kube() {
     sudo tee /etc/apt/sources.list.d/kubernetes.list"
     pssh --timeout 200 "
     sudo apt-get update -q &&
-    sudo apt-get install -qy kubelet kubeadm kubectl
+    sudo apt-get install -qy kubelet kubeadm kubectl &&
     kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl"
 
     # Initialize kube master
     pssh --timeout 200 "
     if grep -q node1 /tmp/node && [ ! -f /etc/kubernetes/admin.conf ]; then
-        kubeadm token generate > /tmp/token
+        kubeadm token generate > /tmp/token &&
 	sudo kubeadm init --token \$(cat /tmp/token)
     fi"
 
@@ -157,29 +157,29 @@ _cmd_kube() {
     # Install weave as the pod network
     pssh "
     if grep -q node1 /tmp/node; then
-        kubever=\$(kubectl version | base64 | tr -d '\n')
+        kubever=\$(kubectl version | base64 | tr -d '\n') &&
         kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version=\$kubever
     fi"
 
     # Join the other nodes to the cluster
     pssh --timeout 200 "
     if ! grep -q node1 /tmp/node && [ ! -f /etc/kubernetes/kubelet.conf ]; then
-        TOKEN=\$(ssh -o StrictHostKeyChecking=no node1 cat /tmp/token)
+        TOKEN=\$(ssh -o StrictHostKeyChecking=no node1 cat /tmp/token) &&
         sudo kubeadm join --discovery-token-unsafe-skip-ca-verification --token \$TOKEN node1:6443
     fi"
 
     # Install stern
     pssh "
     if [ ! -x /usr/local/bin/stern ]; then
-        sudo curl -L -o /usr/local/bin/stern https://github.com/wercker/stern/releases/download/1.8.0/stern_linux_amd64
-        sudo chmod +x /usr/local/bin/stern
+        sudo curl -L -o /usr/local/bin/stern https://github.com/wercker/stern/releases/download/1.8.0/stern_linux_amd64 &&
+        sudo chmod +x /usr/local/bin/stern &&
         stern --completion bash | sudo tee /etc/bash_completion.d/stern
     fi"
 
     # Install helm
     pssh "
     if [ ! -x /usr/local/bin/helm ]; then
-        curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | sudo bash
+        curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | sudo bash &&
         helm completion bash | sudo tee /etc/bash_completion.d/helm
     fi"
 
@@ -380,6 +380,32 @@ _cmd_test() {
     test_tag $TAG
 }
 
+_cmd netfix "Disable GRO and run a pinger job on the VMs"
+_cmd_netfix () {
+    TAG=$1
+    need_tag $TAG
+    link_tag $TAG
+
+    pssh "
+    sudo ethtool -K ens3 gro off
+    sudo tee /root/pinger.service <<EOF
+[Unit]
+Description=pinger
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+WorkingDirectory=/
+ExecStart=/bin/ping -w60 1.1
+User=nobody
+Group=nogroup
+Restart=always
+EOF
+    sudo systemctl enable /root/pinger.service
+    sudo systemctl start pinger"
+}
+
 ###
 
 greet() {

prepare-vms/settings/enix.html

@@ -0,0 +1,117 @@
+{# Feel free to customize or override anything in there! #}
+{%- set url = "http://septembre2018.container.training" -%}
+{%- set pagesize = 9 -%}
+{%- if clustersize == 1 -%}
+    {%- set workshop_name = "Docker workshop" -%}
+    {%- set cluster_or_machine = "machine" -%}
+    {%- set this_or_each = "this" -%}
+    {%- set machine_is_or_machines_are = "machine is" -%}
+    {%- set image_src = "https://s3-us-west-2.amazonaws.com/www.breadware.com/integrations/docker.png" -%}
+{%- else -%}
+    {%- set workshop_name = "Kubernetes workshop" -%}
+    {%- set cluster_or_machine = "cluster" -%}
+    {%- set this_or_each = "each" -%}
+    {%- set machine_is_or_machines_are = "machines are" -%}
+    {%- set image_src_swarm = "https://cdn.wp.nginx.com/wp-content/uploads/2016/07/docker-swarm-hero2.png" -%}
+    {%- set image_src_kube = "https://avatars1.githubusercontent.com/u/13629408" -%}
+    {%- set image_src = image_src_kube -%}
+{%- endif -%}
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head><style>
+body, table {
+    margin: 0;
+    padding: 0;
+    line-height: 1em;
+    font-size: 14px;
+}
+
+table {
+    border-spacing: 0;
+    margin-top: 0.4em;
+    margin-bottom: 0.4em;
+    border-left: 0.8em double grey;
+    padding-left: 0.4em;
+}
+
+div {
+    float: left;
+    border: 1px dotted black;
+    padding-top: 1%;
+    padding-bottom: 1%;
+    /* columns * (width+left+right) < 100% */
+    width: 30%;
+    padding-left: 1.5%;
+    padding-right: 1.5%;
+}
+
+p {
+    margin: 0.4em 0 0.4em 0;
+}
+
+img {
+    height: 4em;
+    float: right;
+    margin-right: -0.3em;
+}
+
+img.enix {
+    height: 4.5em;
+    margin-top: 0.2em;
+}
+
+img.kube {
+    height: 4.2em;
+    margin-top: 1.7em;
+}
+
+.logpass {
+    font-family: monospace;
+    font-weight: bold;
+}
+
+.pagebreak {
+    page-break-after: always;
+    clear: both;
+    display: block;
+    height: 8px;
+}
+</style></head>
+<body>
+{% for cluster in clusters %}
+    {% if loop.index0>0 and loop.index0%pagesize==0 %}
+        <span class="pagebreak"></span>
+    {% endif %}
+    <div>
+
+        <p>
+            Voici les informations permettant de se connecter à votre
+            cluster pour cette formation. Vous pouvez vous connecter
+	    à ces machines virtuelles avec n'importe quel client SSH.
+        </p>
+        <p>
+	    <img class="enix" src="https://enix.io/static/img/logos/logo-domain-cropped.png" />
+            <table>
+                <tr><td>identifiant:</td></tr>
+                <tr><td class="logpass">docker</td></tr>
+                <tr><td>mot de passe:</td></tr>
+                <tr><td class="logpass">{{ docker_user_password }}</td></tr>
+            </table>
+
+        </p>
+        <p>
+            Vos serveurs sont :
+            <img class="kube" src="{{ image_src }}" />
+            <table>
+                {% for node in cluster %}
+                <tr><td>node{{ loop.index }}:</td><td>{{ node }}</td></tr>
+                {% endfor %}
+            </table>
+        </p>
+        <p>Le support de formation est à l'adresse suivante :
+            <center>{{ url }}</center>
+        </p>
+    </div>
+{% endfor %}
+</body>
+</html>

prepare-vms/settings/enix.yaml

@@ -0,0 +1,25 @@
+# Number of VMs per cluster
+clustersize: 5
+
+# Jinja2 template to use to generate ready-to-cut cards
+cards_template: settings/enix.html
+
+# Use "Letter" in the US, and "A4" everywhere else
+paper_size: A4
+
+# Feel free to reduce this if your printer can handle it
+paper_margin: 0.2in
+
+# Note: paper_size and paper_margin only apply to PDF generated with pdfkit.
+# If you print (or generate a PDF) using ips.html, they will be ignored.
+# (The equivalent parameters must be set from the browser's print dialog.)
+
+# This can be "test" or "stable"
+engine_version: stable
+
+# These correspond to the version numbers visible on their respective GitHub release pages
+compose_version: 1.22.0
+machine_version: 0.14.0
+
+# Password used to connect with the "docker user"
+docker_user_password: training

slides/_redirects

@@ -0,0 +1 @@
+/ /kube-fullday.yml.html 200!

slides/k8s/authn-authz.md

@@ -24,15 +24,9 @@
 
   (it examines headers, certificates ... anything available)
 
-- Many authentication methods can be used simultaneously:
+- Many authentication methods are available and can be used simultaneously
 
-  - TLS client certificates (that's what we've been doing with `kubectl` so far)
-
-  - bearer tokens (a secret token in the HTTP headers of the request)
-
-  - [HTTP basic auth](https://en.wikipedia.org/wiki/Basic_access_authentication) (carrying user and password in a HTTP header)
-
-  - authentication proxy (sitting in front of the API and setting trusted headers)
+  (we will see them on the next slide)
 
 - It's the job of the authentication method to produce:
 
@@ -44,6 +38,26 @@
 
 ---
 
+## Authentication methods
+
+- TLS client certificates
+
+  (that's what we've been doing with `kubectl` so far)
+
+- Bearer tokens
+
+  (a secret token in the HTTP headers of the request)
+
+- [HTTP basic auth](https://en.wikipedia.org/wiki/Basic_access_authentication)
+
+  (carrying user and password in a HTTP header)
+
+- Authentication proxy
+
+  (sitting in front of the API and setting trusted headers)
+
+---
+
 ## Anonymous requests
 
 - If any authentication method *rejects* a request, it's denied
@@ -182,23 +196,23 @@ class: extra-details
   kubectl get sa
   ```
 
- ]
+]
 
- There should be just one service account in the default namespace: `default`.
+There should be just one service account in the default namespace: `default`.
 
- ---
+---
 
- class: extra-details
+class: extra-details
 
- ## Finding the secret
+## Finding the secret
 
- .exercise[
+.exercise[
 
- - List the secrets for the `default` service account:
-   ```bash
-   kubectl get sa default -o yaml
-   SECRET=$(kubectl get sa default -o json | jq -r .secrets[0].name)
-   ```
+- List the secrets for the `default` service account:
+  ```bash
+  kubectl get sa default -o yaml
+  SECRET=$(kubectl get sa default -o json | jq -r .secrets[0].name)
+  ```
 
 ]
 

slides/k8s/configuration.md

@@ -327,7 +327,7 @@ We'll cover them just after!*
 
 - We will provide a simple HAproxy configuration, `k8s/haproxy.cfg`
 
-- It listens on port 80, and load balances connections between Google and Bing
+- It listens on port 80, and load balances connections between IBM and Google
 
 ---
 

slides/k8s/daemonset.md

@@ -36,7 +36,7 @@
 
 ## Creating a daemon set
 
-- Unfortunately, as of Kubernetes 1.10, the CLI cannot create daemon sets
+- Unfortunately, as of Kubernetes 1.11, the CLI cannot create daemon sets
 
 --
 

slides/k8s/dashboard.md

@@ -182,7 +182,7 @@ The dashboard will then ask you which authentication you want to use.
   kubectl -n kube-system edit service kubernetes-dashboard
   ```
 
-- Change `ClusterIP` to `NodePort`, save, and exit
+- Change type `type:` from `ClusterIP` to `NodePort`, save, and exit
 
 <!--
 ```wait Please edit the object below```

slides/k8s/gitworkflows.md

@@ -111,7 +111,7 @@
 
 - Display that key:
   ```
-  kubectl get logs deployment flux | grep identity
+  kubectl logs deployment flux | grep identity
   ```
 
 - Then add that key to the repository, giving it **write** access

slides/k8s/ingress.md

@@ -344,7 +344,7 @@ This is normal: we haven't provided any ingress rule yet.
 
 - To make our lives easier, we will use [nip.io](http://nip.io)
 
-- Check out `http://cheddar.A.B.C.D.mip.io`
+- Check out `http://cheddar.A.B.C.D.nip.io`
 
   (replacing A.B.C.D with the IP address of `node1`)
 

slides/k8s/kubectlexpose.md

@@ -43,14 +43,14 @@ Under the hood: `kube-proxy` is using a userland proxy and a bunch of `iptables`
   - an external load balancer is allocated for the service
   - the load balancer is configured accordingly
     <br/>(e.g.: a `NodePort` service is created, and the load balancer sends traffic to that port)
+  - available only when the underlying infrastructure provides some "load balancer as a service"
+    <br/>(e.g. AWS, Azure, GCE, OpenStack...)
 
 - `ExternalName`
 
   - the DNS entry managed by CoreDNS will just be a `CNAME` to a provided record
   - no port, no IP address, no nothing else is allocated
 
-The `LoadBalancer` type is currently only available on AWS, Azure, and GCE.
-
 ---
 
 ## Running containers with open ports

slides/k8s/portworx.md

@@ -295,7 +295,7 @@ It should show as `portworx-replicated (default)`.
 
 - With a `volumeClaimTemplate` requesting a 1 GB volume
 
-- That volume will be mounted to `/var/lib/postgresql`
+- That volume will be mounted to `/var/lib/postgresql/data`
 
 - There is another little detail: we enable the `stork` scheduler
 
@@ -328,7 +328,7 @@ spec:
       - name: postgres
         image: postgres:10.5
         volumeMounts:
-        - mountPath: /var/lib/postgresql
+        - mountPath: /var/lib/postgresql/data
           name: postgres
   volumeClaimTemplates:
   - metadata:
@@ -494,7 +494,7 @@ By "disrupt" we mean: "disconnect it from the network".
 
 - Logout to go back on `node1`
 
-<!-- ```keys ^D``` -->>
+<!-- ```keys ^D``` -->
 
 - Watch the events unfolding with `kubectl get events -w` and `kubectl get pods -w`
 

slides/k8s/prometheus.md

@@ -38,7 +38,7 @@
 
 - An exporter serves metrics over HTTP, in plain text
 
-- This is was the *node exporter* looks like:
+- This is what the *node exporter* looks like:
 
   http://demo.robustperception.io:9100/metrics
 

slides/k8s/statefulsets.md

@@ -167,7 +167,7 @@ spec:
 
 - It indicates which *provisioner* to use
 
-- And arbitrary paramters for that provisioner
+- And arbitrary parameters for that provisioner
 
   (replication levels, type of disk ... anything relevant!)
 

slides/k8s/versions-k8s.md

@@ -22,7 +22,7 @@ class: extra-details
 
 ## Kubernetes and Docker compatibility
 
-- Kubernetes 1.10.x only validates Docker Engine versions [1.11.2 to 1.13.1 and 17.03.x](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.10.md#external-dependencies)
+- Kubernetes 1.11.x only validates Docker Engine versions [1.11.2 to 1.13.1 and 17.03.x](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.11.md#external-dependencies)
 
 --
 

slides/k8s/whatsnext.md

@@ -20,6 +20,43 @@ And *then* it is time to look at orchestration!
 
 ---
 
+
+## Options for our first production cluster
+
+- Get a managed cluster from a major cloud provider (AKS, EKS, GKE...)
+
+  (price: $, difficulty: medium)
+
+- Hire someone to deploy it for us
+
+  (price: $$, difficulty: easy)
+
+- Do it ourselves
+
+  (price: $-$$$, dificulty: hard)
+
+---
+
+## One big cluster vs. multiple small ones
+
+- Yes, it is possible to have prod+dev in a single cluster
+
+  (and implement good isolation and security with RBAC, network policies...)
+
+- But it is not a good idea to do that for our first deployment
+
+- Start with a production cluster + at least a test cluster
+
+- Implement and check RBAC and isolation on the test cluster
+
+  (e.g. deploy multiple test versions side-by-side)
+
+- Make sure that all our devs have usable dev clusters
+
+  (wether it's a local minikube or a full-blown multi-node cluster)
+
+---
+
 ## Namespaces
 
 - Namespaces let you run multiple identical stacks side by side
@@ -62,15 +99,19 @@ And *then* it is time to look at orchestration!
 
 ## Stateful services (second take)
 
-- If you really want to host stateful services on Kubernetes, you can look into:
+- If we want to host stateful services on Kubernetes, we can use:
 
-  - volumes (to carry persistent data)
+  - a storage provider
 
-  - storage plugins
+  - persistent volumes, persistent volume claims
 
-  - persistent volume claims (to ask for specific volume characteristics)
+  - stateful sets
 
-  - stateful sets (pods that are *not* ephemeral)
+- Good questions to ask:
+
+  - what's the *operational cost* of running this service ourselves?
+
+  - what do we gain by deploying this stateful service on Kubernetes?
 
 ---
 
@@ -123,8 +164,6 @@ And *then* it is time to look at orchestration!
 
   (but is being [deprecated](https://github.com/kubernetes/heapster/blob/master/docs/deprecation.md) starting with Kubernetes 1.11)
 
-
-
 ---
 
 ## Managing the configuration of our applications

slides/kube-fullday.yml

@@ -1,14 +1,14 @@
 title: |
-  Deploying and Scaling Microservices
-  with Kubernetes
+  Déployer ses applications
+  avec Kubernetes
 
 #chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
-chat: "In person!"
+chat: "[Gitter](https://gitter.im/enix/formation-kubernetes-20180920)"
+#chat: "FIXME"
 
 gitrepo: github.com/jpetazzo/container.training
 
-slides: http://container.training/
+slides: http://septembre2018.container.training/
 
 exclude:
 - self-paced

slides/logistics.md

@@ -1,26 +1,45 @@
 ## Intros
 
-- This slide should be customized by the tutorial instructor(s).
-
 - Hello! We are:
 
-   - .emoji[👩🏻‍🏫] Ann O'Nymous ([@...](https://twitter.com/...), Megacorp Inc)
-
-   - .emoji[👨🏾‍🎓] Stu Dent ([@...](https://twitter.com/...), University of Wakanda)
-
- <!-- .dummy[
-
-   - .emoji[👷🏻‍♀️] AJ ([@s0ulshake](https://twitter.com/s0ulshake), Travis CI)
-
    - .emoji[🐳] Jérôme ([@jpetazzo](https://twitter.com/jpetazzo), Enix SAS)
 
-   - .emoji[⛵] Jérémy ([@jeremygarrouste](twitter.com/jeremygarrouste), Inpiwee)
+   - .emoji[🚁] Alexandre ([@alexbuisine](https://twitter.com/alexbuisine), Enix SAS)
 
-] -->
+- Who are you?
 
-- The workshop will run from ...
+  - devs?
 
-- There will be a lunch break at ...
+  - ops?
+
+  - architects?
+
+  - other?
+
+---
+
+## Who's Enix?
+
+- Virtualization
+
+- Hosting
+
+- Networking
+
+- Container Orchestration
+
+- Consulting
+
+- Training
+
+---
+
+
+## Logistics
+
+- The workshop will run until 17:30
+
+- There will be a lunch break at 12:15
 
   (And coffee breaks!)
 

slides/override.css

@@ -0,0 +1,17 @@
+.remark-slide-content:not(.pic) {
+    background-repeat: no-repeat;
+    background-position: 99% 1%;
+    background-size: 8%;
+    background-image: url(https://enix.io/static/img/logos/logo-domain-cropped.png);
+}
+
+div.extra-details:not(.pic) {
+  background-image: url("images/extra-details.png"), url(https://enix.io/static/img/logos/logo-domain-cropped.png);
+  background-position: 0.5% 1%, 99% 1%;
+  background-size: 4%, 8%;
+}
+
+.remark-slide-content:not(.pic) div.remark-slide-number {
+	top: 16px;
+	right: 112px
+}

slides/shared/title.md

@@ -6,16 +6,19 @@ class: title, self-paced
 
 ---
 
+class: title, pic
+
+![ENIX logo](images/enix-io.svg)
+
+---
+
 class: title, in-person
 
 @@TITLE@@<br/></br>
 
 .footnote[
-**Be kind to the WiFi!**<br/>
-<!-- *Use the 5G network.* -->
-*Don't use your hotspot.*<br/>
-*Don't stream videos or download big files during the workshop.*<br/>
-*Thank you!*
+**WiFi: EnixTraining**<br/>
+**Password: kubeforever**
 
 **Slides: @@SLIDES@@**
 ]

slides/swarm/metrics.md

@@ -949,7 +949,7 @@ class: prom
 
 ## It's all about the `/metrics`
 
-- This is was the *node exporter* looks like:
+- This is what the *node exporter* looks like:
 
   http://demo.robustperception.io:9100/metrics
 

slides/workshop.html

@@ -4,6 +4,7 @@
     <title>@@TITLE@@</title>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
     <link rel="stylesheet" href="workshop.css">
+    <link rel="stylesheet" href="override.css">
   </head>
   <body>
     <!--