more content tweaks

abeiku12 · Nov 20, 2019 · e356373 · e356373
1 parent 8cbf7c1
commit e356373
Show file tree

Hide file tree

Showing 15 changed files with 169 additions and 67 deletions.
diff --git a/dockercoins/webui/files/index.html b/dockercoins/webui/files/index.html
@@ -50,7 +50,7 @@
             points.push({ x: s2.now, y: speed });
         }
         $("#speed").text("~" + speed.toFixed(1) + " hashes/second");
-        var msg = ("I'm attending a @docker orchestration workshop, "
+        var msg = ("I'm taking @bretfisher #Kubernetes Mastery course, "
                    + "and my #DockerCoins mining rig is crunching "
                    + speed.toFixed(1) + " hashes/second! W00T!");
         $("#tweet").attr(

diff --git a/slides/k8s/daemonset.md b/slides/k8s/daemonset.md
@@ -18,12 +18,18 @@
 
 - Nothing guarantees that the `rng` containers will be distributed evenly
 
+--
+
 - If we add nodes later, they will not automatically run a copy of `rng`
 
+--
+
 - If we remove (or reboot) a node, one `rng` container will restart elsewhere
 
   (and we will end up with two instances `rng` on the same node)
 
+--
+
 - By contrast, a daemon set will start one pod per node and keep it that way
 
   (as nodes are added or removed)
@@ -36,7 +42,7 @@
 
   - `kube-proxy`
 
-  - `weave` (our overlay network)
+  - CNI network plugins
 
   - monitoring agents
 
@@ -253,14 +259,12 @@ daemonset.apps/rng  2        2        2      2           2          <none>
 
 --
 
-The daemon set created one pod per node, except on the master node.
+The daemon set created one pod per node.
 
-The master node has [taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) preventing pods from running there.
+In a multi-node setup, masters usually have [taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) preventing pods from running there.
 
 (To schedule a pod on this node anyway, the pod will require appropriate [tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/).)
 
-.footnote[(Off by one? We don't run these pods on the node hosting the control plane.)]
-
 ---
 
 ## Is this working?

diff --git a/slides/k8s/dashboard.md b/slides/k8s/dashboard.md
@@ -1,6 +1,6 @@
-# The Kubernetes dashboard
+# The Kubernetes Dashboard
 
-- Kubernetes resources can also be viewed with a web dashboard
+- Kubernetes resources can also be viewed with an official web UI
 
 - That dashboard is usually exposed over HTTPS
 
@@ -42,7 +42,7 @@
 
 - Create all the dashboard resources, with the following command:
   ```bash
-  kubectl apply -f ~/container.training/k8s/insecure-dashboard.yaml
+  kubectl apply -f https://k8smastery.com/insecure-dashboard.yaml
   ```
 
 ]
@@ -65,7 +65,7 @@ You'll want the `3xxxx` port.
 
 .exercise[
 
-- Connect to http://oneofournodes:3xxxx/
+- Connect to http://localhost:3xxxx/
 
 <!-- ```open http://node1:3xxxx/``` -->
 
@@ -81,7 +81,7 @@ The dashboard will then ask you which authentication you want to use.
 
   - token (associated with a role that has appropriate permissions)
 
-  - kubeconfig (e.g. using the `~/.kube/config` file from `node1`)
+  - kubeconfig (e.g. using the `~/.kube/config` file)
 
   - "skip" (use the dashboard "service account")
 
@@ -93,7 +93,7 @@ The dashboard will then ask you which authentication you want to use.
 
 ---
 
-## Running the Kubernetes dashboard securely
+## Running the Kubernetes Dashboard securely
 
 - The steps that we just showed you are *for educational purposes only!*
 
@@ -103,6 +103,11 @@ The dashboard will then ask you which authentication you want to use.
   <br/>
   check [this excellent post on Heptio's blog](https://blog.heptio.com/on-securing-the-kubernetes-dashboard-16b09b1b7aca)
 
+--
+
+- Minikube/microK8s can be enabled with easy commands
+
+  `minikube dashboard` and `microk8s.enable dashboard`
 ---
 
 ## Other dashboards
@@ -119,6 +124,14 @@ The dashboard will then ask you which authentication you want to use.
 
   - "provides a common operational picture for multiple Kubernetes clusters"
 
+--
+
+- Your Kubernetes distro comes with one!
+
+--
+
+- Cloud-provided control-planes often don't come with one
+
 ---
 
 # Security implications of `kubectl apply`

diff --git a/slides/k8s/kubectlexpose.md b/slides/k8s/kubectlexpose.md
@@ -146,6 +146,12 @@ Under the hood: `kube-proxy` is using a userland proxy and a bunch of `iptables`
 
 .exercise[
 
+- Run shpod if not on Linux host so we can access internal ClusterIP
+  ```bash
+  kubectl apply -f https://bret.run/shpod.yml
+  kubectl attach --namespace=shpod -ti shpod
+  ```
+
 - Let's obtain the IP address that was allocated for our service, *programmatically:*
   ```bash
   IP=$(kubectl get svc httpenv -o go-template --template '{{ .spec.clusterIP }}')
@@ -167,10 +173,6 @@ Under the hood: `kube-proxy` is using a userland proxy and a bunch of `iptables`
 
 ]
 
---
-
-Try it a few times! Our requests are load balanced across multiple pods.
-
 ---
 
 class: extra-details
@@ -245,14 +247,11 @@ class: extra-details
   kubectl get endpoints
   ```
 
-- If we want to see the full list, we can use one of the following commands:
+- If we want to see the full list, we can use a different output:
   ```bash
-  kubectl describe endpoints httpenv
   kubectl get endpoints httpenv -o yaml
   ```
 
-- These commands will show us a list of IP addresses
-
 - These IP addresses should match the addresses of the corresponding pods:
   ```bash
   kubectl get pods -l app=httpenv -o wide

diff --git a/slides/k8s/kubenet.md b/slides/k8s/kubenet.md
@@ -65,9 +65,7 @@
 
 ## Kubernetes network model: in practice
 
-- The nodes we are using have been set up to use [Weave](https://github.com/weaveworks/weave)
-
-- We don't endorse Weave in a particular way, it just Works For Us
+- The nodes we are using have been set up to use kubenet, Calico, or something else
 
 - Don't worry about the warning about `kube-proxy` performance
 

diff --git a/slides/k8s/ourapponkube.md b/slides/k8s/ourapponkube.md
@@ -1,4 +1,4 @@
-# Running our application on Kubernetes
+# Running DockerCoins on Kubernetes
 
 - We can now deploy our code (as well as a redis instance)
 
@@ -21,7 +21,7 @@
 
 ---
 
-class: extra-details
+class: extra-details, not-mastery
 
 ## Deploying other images
 

diff --git a/slides/k8s/scalingdockercoins.md b/slides/k8s/scalingdockercoins.md
@@ -4,10 +4,14 @@
 
   (i.e. increase the number of loops per second shown on the web UI)
 
-- Let's look at the architecture again:
+- Let's look at the [architecture](images/dockercoins-diagram.svg) again:
 
   ![DockerCoins architecture](images/dockercoins-diagram.svg)
 
+--
+
+- We're at 4 hashes a second. Let's ramp this up!
+
 - The loop is done in the worker;
   perhaps we could try adding more workers?
 
@@ -39,6 +43,8 @@
 
 ]
 
+--
+
 After a few seconds, the graph in the web UI should show up.
 
 ---
@@ -56,6 +62,8 @@ After a few seconds, the graph in the web UI should show up.
 
 ]
 
+--
+
 The graph in the web UI should go up again.
 
 (This is looking great! We're gonna be RICH!)
@@ -97,7 +105,7 @@ class: extra-details
 
 ---
 
-class: extra-details
+class: extra-details, not-mastery
 
 ## Why instant speed is misleading
 
@@ -183,8 +191,15 @@ Now we can access the IP addresses of our services through `$HASHER` and `$RNG`.
 
 ## Checking `hasher` and `rng` response times
 
+
 .exercise[
 
+- Remember to use `shpod` on macOS and Windows:
+  ```bash
+  kubectl apply -f https://bret.run/shpod.yml
+  kubectl attach --namespace=shpod -ti shpod
+  ```
+
 - Check the response times for both services:
   ```bash
   httping -c 3 $HASHER
@@ -193,6 +208,8 @@ Now we can access the IP addresses of our services through `$HASHER` and `$RNG`.
 
 ]
 
+--
+
 - `hasher` is fine (it should take a few milliseconds to reply)
 
 - `rng` is not (it should take about 700 milliseconds if there are 10 workers)

diff --git a/slides/k8s/shippingimages.md b/slides/k8s/shippingimages.md
@@ -1,14 +1,12 @@
 # Shipping images with a registry
 
-- Initially, our app was running on a single node
-
-- We could *build* and *run* in the same place
-
-- Therefore, we did not need to *ship* anything
+- For development using Docker, it has *build*, *ship*, and *run* features
 
 - Now that we want to run on a cluster, things are different
 
-- The easiest way to ship container images is to use a registry
+- Kubernetes doesn't have a *build* feature built-in
+
+- The way to ship (pull) images to Kubernetes is to use a registry
 
 ---
 
@@ -29,27 +27,12 @@
   docker pull gcr.io/google-containers/alpine-with-bash:1.0
 
   docker build -t registry.mycompany.io:5000/myimage:awesome .
+
   docker push registry.mycompany.io:5000/myimage:awesome
   ```
 
 ---
 
-## Running DockerCoins on Kubernetes
-
-- Create one deployment for each component
-
-  (hasher, redis, rng, webui, worker)
-
-- Expose deployments that need to accept connections
-
-  (hasher, redis, rng, webui)
-
-- For redis, we can use the official redis image
-
-- For the 4 others, we need to build images and push them to some registry
-
----
-
 ## Building and shipping images
 
 - There are *many* options!
@@ -74,18 +57,46 @@
 
 ## Which registry do we want to use?
 
-- There are SAAS products like Docker Hub, Quay ...
+- There are SAAS products like Docker Hub, Quay, GitLab ...
 
 - Each major cloud provider has an option as well
 
   (ACR on Azure, ECR on AWS, GCR on Google Cloud...)
 
+--
+
 - There are also commercial products to run our own registry
 
-  (Docker EE, Quay...)
+  (Docker Enterprise DTR, Quay, GitLab, JFrog Artifactory...)
+
+--
 
 - And open source options, too!
 
-- When picking a registry, pay attention to its build system
+  (Quay, Portus, OpenShift OCR, GitLab, Harbor, Kraken...)
+
+  (I don't mention Docker Distribution here because it's too basic)
+
+--
+
+- When picking a registry, pay attention to:
+  - Its build system
+  - Multi-user auth and mgmt (RBAC)
+  - Storage features (replication, caching,  garbage collection)
+
+---
+
+## Running DockerCoins on Kubernetes
+
+- Create one deployment for each component
+
+  (hasher, redis, rng, webui, worker)
+
+- Expose deployments that need to accept connections
+
+  (hasher, redis, rng, webui)
+
+- For redis, we can use the official redis image
+
+- For the 4 others, we need to build images and push them to some registry
 
-  (when it has one)
diff --git a/slides/k8s/yamldeploy.md b/slides/k8s/yamldeploy.md
@@ -70,24 +70,24 @@
 
 ---
 
-## Deploying dockercoins with YAML
+## Deploying DockerCoins with YAML
 
-- We provide a YAML manifest with all the resources for Dockercoins
+- We provide a YAML manifest with all the resources for DockerCoins
 
   (Deployments and Services)
 
-- We can use it if we need to deploy or redeploy Dockercoins
+- We can use it if we need to deploy or redeploy DockerCoins
 
 .exercise[
 
-- Deploy or redeploy Dockercoins:
+- Deploy or redeploy DockerCoins:
   ```bash
-  kubectl apply -f ~/container.training/k8s/dockercoins.yaml
+  kubectl apply -f https://k8smastery.com/dockercoins.yaml
   ```
 
 ]
 
-(If we deployed Dockercoins earlier, we will see warning messages,
+(If we deployed DockerCoins earlier, we will see warning messages,
 because the resources that we created lack the necessary annotation.
 We can safely ignore them.)