Merge branch 'master' of https://github.com/aws-samples/aws-workshop-for-kubernetes

Author: charlyF

01-path-basics/101-start-here/readme.adoc

@@ -20,7 +20,7 @@ Click on the "Deploy to AWS" button and follow the CloudFormation prompts to beg
 
 [NOTE]
 AWS Cloud9 is currently available in 5 regions, and EKS is currently available in 2 regions (us-east-1 and us-west-2).
-Please choose the region closest to you.  If you choose a region for Cloud9 that does not support EKS, you will need to change the `AWS_DEFAULT_REGION` environment variable later.
+Please choose the region closest to you.  If you choose a region for Cloud9 that does not support EKS, you need to create VPC resources and change environment variables. This configuration has not been tested.
 
 |===
 
@@ -29,25 +29,17 @@ Please choose the region closest to you.  If you choose a region for Cloud9 that
 a| image::./deploy-to-aws.png[link=https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=k8s-workshop&templateURL=https://s3.amazonaws.com/aws-kubernetes-artifacts/v0.5/lab-ide-vpc.template]
 a| image::./deploy-to-aws.png[link=https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=k8s-workshop&templateURL=https://s3.amazonaws.com/aws-kubernetes-artifacts/v0.5/lab-ide-novpc.template]
 
-| *Ohio* (us-east-2)
-a| image::./deploy-to-aws.png[link=https://console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/new?stackName=k8s-workshop&templateURL=https://s3.amazonaws.com/aws-kubernetes-artifacts/v0.5/lab-ide-vpc.template]
-a| image::./deploy-to-aws.png[link=https://console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/new?stackName=k8s-workshop&templateURL=https://s3.amazonaws.com/aws-kubernetes-artifacts/v0.5/lab-ide-novpc.template]
-
 | *Oregon* (us-west-2)
 a| image::./deploy-to-aws.png[link=https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/new?stackName=k8s-workshop&templateURL=https://s3.amazonaws.com/aws-kubernetes-artifacts/v0.5/lab-ide-vpc.template]
 a| image::./deploy-to-aws.png[link=https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/new?stackName=k8s-workshop&templateURL=https://s3.amazonaws.com/aws-kubernetes-artifacts/v0.5/lab-ide-novpc.template]
 
-| *Ireland* (eu-west-1)
-a| image::./deploy-to-aws.png[link=https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/new?stackName=k8s-workshop&templateURL=https://s3.amazonaws.com/aws-kubernetes-artifacts/v0.5/lab-ide-vpc.template]
-a| image::./deploy-to-aws.png[link=https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/new?stackName=k8s-workshop&templateURL=https://s3.amazonaws.com/aws-kubernetes-artifacts/v0.5/lab-ide-novpc.template]
-
-| *Singapore* (ap-southeast-1)
-a| image::./deploy-to-aws.png[link=https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-1#/stacks/new?stackName=k8s-workshop&templateURL=https://s3.amazonaws.com/aws-kubernetes-artifacts/v0.5/lab-ide-vpc.template]
-a| image::./deploy-to-aws.png[link=https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-1#/stacks/new?stackName=k8s-workshop&templateURL=https://s3.amazonaws.com/aws-kubernetes-artifacts/v0.5/lab-ide-novpc.template]
-
 |===
 
-To open the Cloud9 IDE environment, click on the "Outputs" tab in CloudFormation Console and click on the "Cloud9IDE" URL.
+Accept the default stack name and Click *Next*. You can give Tags such as Key=Name, Value=k8s-workshop, and click *Next*. Make sure
+to check *I acknowledge that AWS CloudFormation might create IAM resources with custom names* and click *Create*.
+
+CloudFormation creates nested stacks and builds several resources that are required for this workshop. Wait until all the resources are created. Once the status for *k8s-workshop* changes to *CREATE_COMPLETE*,
+you can open Cloud9 IDE. To open the Cloud9 IDE environment, click on the "Outputs" tab in CloudFormation Console and click on the "Cloud9IDE" URL.
 
 image:cloudformation-output-tab.png[CloudFormation Output Tab]
 
@@ -82,12 +74,8 @@ To install the script, run this command in the "bash" terminal tab of the Cloud9
 
 image:cloud9-run-script.png[Running the script in Cloud9 Terminal]
 
-If you deployed your Cloud9 IDE in any region not supported by EKS, you will need to manually set the `AWS_DEFAULT_REGION` environment variable to a region supported by EKS:
-
-    export AWS_DEFAULT_REGION=us-east-1
-    echo "AWS_DEFAULT_REGION=us-east-1" >> ~/.bash_profile
 
-At this point you can restart the Cloud9 IDE terminal session to ensure that the kubectl completion is enabled. Once a new terminal window is opened, type `kubectl get nodes`. You do not have to run the command. It is normal for this command to fail with an error message if you run it. You have not yet created the Kubernetes cluster. We are merely testing to make sure the `kubectl` tool is installed on the command line correctly and can autocomplete.
+At this point you can restart the Cloud9 IDE terminal session to ensure that the kubectl completion is enabled. Once a new terminal window is opened, type `kubectl ver` and press `Tab` to autocomplete and press `Enter`. This will ensure that the `kubectl` tool is installed on the command line correctly and can autocomplete.
 
 [NOTE]
 All shell commands _(starting with "$")_ throughout the rest of the workshop should be run in this tab. You may want to resize it upwards to make it larger.

01-path-basics/101-start-here/scripts/lab-ide-build.sh

@@ -23,8 +23,8 @@ chmod +x kubectl && sudo mv kubectl /usr/local/bin/
 echo "source <(kubectl completion bash)" >> ~/.bashrc
 
 # Install Heptio Authenticator
-curl -o heptio-authenticator-aws https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-06-05/bin/linux/amd64/heptio-authenticator-aws
-chmod +x ./heptio-authenticator-aws && sudo mv heptio-authenticator-aws /usr/local/bin/
+curl -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-06-05/bin/linux/amd64/heptio-authenticator-aws
+chmod +x ./aws-iam-authenticator && sudo mv aws-iam-authenticator /usr/local/bin/
 
 # Install kops
 curl -LO https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-linux-amd64

01-path-basics/101-start-here/templates/config-k8s-workshop

@@ -17,7 +17,7 @@ users:
   user:
     exec:
       apiVersion: client.authentication.k8s.io/v1alpha1
-      command: heptio-authenticator-aws
+      command: aws-iam-authenticator
       args:
         - "token"
         - "-i"

01-path-basics/102-your-first-cluster/readme.adoc

@@ -68,6 +68,54 @@ echo $EKS_SECURITY_GROUPS
 ```
 If any of those environment variables are blank, please re-run the "Build Script" section of the link:../101-start-here[Cloud9 Environment Setup].
 
+If you receive an *UnsupportedAvailabilityZoneException* error during EKS cluster creation, your account is using an AZ that is currently resource constrained. This occurs mostly in N.Virginia region (us-east-1).
+
+```
+An error occurred (UnsupportedAvailabilityZoneException) when calling the CreateCluster operation: Cannot create cluster 'k8s-workshop' because us-east-1c,
+the targeted availability zone, does not currently have sufficient capacity to support the cluster. Retry and choose from these availability zones: us-east-1a, us-east-1b, us-east-1d
+```
+
+If you receive this error, you need to remove the constrained AZ (us-east-1c in this example) from *`EKS_SUBNET_IDS`* environment variable. Follow these steps to update your environment variable.
+
+Save the EKS recommended AZ's that is referred in your CLI output in an environment variable.
+Note: you only need two AZ's defined to create EKS cluster
+
+    $ export EKS_VALID_AZS=us-east-1a,us-east-1b
+
+Run the command below to determine subnet ID's
+
+    $ aws ec2 describe-subnets --filters "Name=vpc-id,Values=$EKS_VPC_ID" "Name=availabilityZone,Values=$EKS_VALID_AZS" --query 'Subnets[*].[SubnetId]' --output text
+    subnet-6e672524
+    subnet-18b10e44
+
+Save this output as `*EKS_SUBNET_IDS*` environment variable
+
+    $ export EKS_SUBNET_IDS=subnet-6e672524,subnet-18b10e44
+
+Re-run EKS create-cluster and you should now be able to create cluster. The output should look similar to this
+
+    {
+    "cluster": {
+        "status": "CREATING",
+        "name": "k8s-workshop",
+        "certificateAuthority": {},
+        "roleArn": "arn:aws:iam::123456789012:role/k8s-workshop-EksServiceRo-AWSServiceRoleForAmazonE-1PCSJFFFAF4BL",
+        "resourcesVpcConfig": {
+            "subnetIds": [
+                "subnet-6e672524",
+                "subnet-18b10e44"
+            ],
+            "vpcId": "vpc-a779b4dd",
+            "securityGroupIds": [
+                "sg-d093de9a"
+            ]
+        },
+        "version": "1.10",
+        "arn": "arn:aws:eks:us-east-1:123456789012:cluster/k8s-workshop",
+        "createdAt": 1532734869.147
+    }
+    }
+
 === Create the configuration file
 
 In order to access the cluster locally, use a configuration file (sometimes referred to as a `kubeconfig` file). This configuration file can be created automatically.
@@ -80,6 +128,12 @@ Once the cluster has moved to the `ACTIVE` state, download and run the `create-k
 
 This will create a configuration file at `$HOME/.kube/config` and update the necessary environment variable for default access.
 
+You can test your kubectl configuration using 'kubectl get service'
+
+    $ kubectl get service
+    NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
+    kubernetes   ClusterIP   10.100.0.1   <none>        443/TCP   8m
+
 === Create the worker nodes
 
 Now that your EKS master nodes are created, you can launch and configure your worker nodes.
@@ -115,6 +169,20 @@ To enable worker nodes to join your cluster, download and run the `aws-auth-cm.s
 Watch the status of your nodes and wait for them to reach the `Ready` status.
 
     $ kubectl get nodes --watch
+    NAME                                            STATUS     ROLES     AGE       VERSION
+    ip-192-168-223-116.us-west-2.compute.internal   NotReady   <none>    0s        v1.10.3
+    ip-192-168-223-116.us-west-2.compute.internal   NotReady   <none>    0s        v1.10.3
+    ip-192-168-223-116.us-west-2.compute.internal   NotReady   <none>    0s        v1.10.3
+    ip-192-168-147-168.us-west-2.compute.internal   NotReady   <none>    0s        v1.10.3
+    ip-192-168-147-168.us-west-2.compute.internal   NotReady   <none>    0s        v1.10.3
+    ip-192-168-102-172.us-west-2.compute.internal   NotReady   <none>    0s        v1.10.3
+    ip-192-168-102-172.us-west-2.compute.internal   NotReady   <none>    0s        v1.10.3
+    ip-192-168-223-116.us-west-2.compute.internal   NotReady   <none>    10s       v1.10.3
+    ip-192-168-147-168.us-west-2.compute.internal   NotReady   <none>    10s       v1.10.3
+    ip-192-168-102-172.us-west-2.compute.internal   NotReady   <none>    10s       v1.10.3
+    ip-192-168-223-116.us-west-2.compute.internal   Ready     <none>    20s       v1.10.3
+    ip-192-168-147-168.us-west-2.compute.internal   Ready     <none>    20s       v1.10.3
+    ip-192-168-102-172.us-west-2.compute.internal   Ready     <none>    20s       v1.10.3
 
 == Kubernetes Cluster Context
 

01-path-basics/103-kubernetes-concepts/readme.adoc

@@ -223,10 +223,10 @@ CPU can be requested in _cpu units_. 1 cpu unit is equivalent 1 AWS vCPU. It can
 
 ===== Default memory and CPU
 
-By default, a container in a pod is allocated no memory request/limit and 100m CPU request and no limit. This can be verified using the previously started pod:
+By default, a container in a pod is not allocated any requests or limits. This can be verified using the previously started pod:
 
-	$ kubectl get pod/nginx-pod -o jsonpath={.spec.containers[].resources}
-	map[requests:map[cpu:100m]]
+$ kubectl get pod/nginx-pod -o jsonpath={.spec.containers[].resources}
+map[]
 
 ===== Assign memory and CPU
 
@@ -311,6 +311,10 @@ Watch the status of the Pod:
 
 `OOMKilled` shows that the container was terminated because it ran out of memory.
 
+To correct this, we'll need to re-create the pod with higher memory limits.  
+
+Although it may be instinctive to simply adjust the memory limit in the existing pod definition and re-apply it, Kubernetes does not currently support changing resource limits on running pods, so we'll need to first delete the existing pod, then recreate it.
+
 In `pod-resources2.yaml`, confirm that the value of `spec.containers[].resources.limits.memory` is `300Mi`. Delete the existing Pod, and create a new one:
 
 	$ kubectl delete -f pod-resources1.yaml
@@ -331,7 +335,7 @@ Get more details about the resources allocated to the Pod:
 
 === Quality of service
 
-Kubernetes opportunistically scavenge the difference between request and limit if they are not used by the Containers. This allows Kubernetes to oversubscribe nodes, which increases utilization, while at the same time maintaining resource guarantees for the containers that need guarantees.
+Kubernetes opportunistically scavenges the difference between request and limit if they are not used by the Containers. This allows Kubernetes to oversubscribe nodes, which increases utilization, while at the same time maintaining resource guarantees for the containers that need guarantees.
 
 Kubernetes assigns one of the QoS classes to the Pod:
 
@@ -920,7 +924,7 @@ As new nodes are added to the cluster, pods are started on them. As nodes are re
 
 === Create a DaemonSet
 
-The folowing is an example DaemonSet that runs a Prometheus container. Let's begin with the template:
+The following is an example DaemonSet that runs a Prometheus container. Let's begin with the template:
 
 	$ cat daemonset.yaml
 	apiVersion: extensions/v1beta1
@@ -1099,12 +1103,6 @@ Now, watch the job status again:
 
 The output shows that the job was successfully executed.
 
-The completed pod is not shown in the `kubectl get pods` command. Instead it can be shown by passing an additional option as shown below:
-
-	$ kubectl get pods --show-all
-	NAME         READY     STATUS      RESTARTS   AGE
-	wait-lk49x   0/1       Completed   0          1m
-
 To delete the job, you can run this command
 
 	$ kubectl delete -f job.yaml
@@ -1184,18 +1182,7 @@ In another terminal window, watch the status of pods created:
 	wait-ngrgl   0/1       Completed   0         21s
 	wait-6l22s   0/1       Completed   0         21s
 
-After all the pods have completed, `kubectl get pods` will not show the list of completed pods. The command to show the list of pods is shown below:
-
-	$ kubectl get pods -a
-	NAME         READY     STATUS      RESTARTS   AGE
-	wait-6l22s   0/1       Completed   0          1m
-	wait-f7kgb   0/1       Completed   0          2m
-	wait-jbdp7   0/1       Completed   0          2m
-	wait-ngrgl   0/1       Completed   0          1m
-	wait-r5v8n   0/1       Completed   0          2m
-	wait-smp4t   0/1       Completed   0          2m
-
-Similarly, `kubectl get jobs` shows the status of the job after it has completed:
+`kubectl get jobs` shows the status of the job after it has completed:
 
 	$ kubectl get jobs
 	NAME      DESIRED   SUCCESSFUL   AGE
@@ -1209,17 +1196,13 @@ Deleting a job deletes all the pods as well. Delete the job as:
 
 === Prerequisites
 
-For Kubernetes cluster versions < 1.8, Cron Job can be created with API version `batch/v2alpha1`. You can check the cluster version using this command,
-
-  $ kubectl version
-  Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.1", GitCommit:"f38e43b221d08850172a9a4ea785a86a3ffa3b3a", GitTreeState:"clean", BuildDate:"2017-10-12T00:45:05Z", GoVersion:"go1.9.1", Compiler:"gc", Platform:"darwin/amd64"}
-  Server Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.4", GitCommit:"793658f2d7ca7f064d2bdf606519f9fe1229c381", GitTreeState:"clean", BuildDate:"2017-08-17T08:30:51Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
-
-Notice that the server version is at v1.7.4. In this case, you need to explicitly enable API version `batch/v2alpha1` in Kubernetes cluster and perform a rolling-update. These steps are explained in link:../cluster-install#turn-on-an-api-version-for-your-cluster[Turn on an API version for your cluster].
+For Kubernetes cluster versions < 1.8, Cron Job can be created with API version `batch/v2alpha1`. You need to explicitly enable API version `batch/v2alpha1` in Kubernetes cluster and perform a rolling-update.
 
-NOTE: Once you switch API versions, you need to perform rolling-update of the cluster which generally takes 30 - 45 mins to complete for 3 master nodes and 5 worker nodes cluster.
+If you use *Amazon EKS* for provisioning your Kubernetes cluster, your version should be >= v1.10 and you can proceed without any changes. You can check the cluster version using this command,
 
-If you have cluster version >= 1.8, `batch/v2alpha1` API is deprecated for this version but you can switch to `batch/v1beta1` to create Cron Jobs
+    $ kubectl version
+    Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-28T20:16:17Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
+    Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-28T20:13:43Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
 
 === Create Cron Job
 
@@ -1578,7 +1561,7 @@ The error message indicates that a ResourceQuota is in effect, and that the Pod
 
 Update the configuration file to:
 
-	$ cat pod-memory.yaml
+	$ cat pod-cpu-memory.yaml
 	apiVersion: v1
 	kind: Pod
 	metadata:
@@ -1597,15 +1580,15 @@ Update the configuration file to:
 
 There is an explicity memory resource defined here. Now, try to create the pod:
 
-	$ kubectl apply -f pod-memory.yaml
+	$ kubectl apply -f pod-cpu-memory.yaml
 	pod "nginx-pod" created
 
 The Pod is successfully created.
 
 Get more details about the Pod:
 
 	$ kubectl get pod/nginx-pod -o jsonpath={.spec.containers[].resources}
-	map[requests:map[cpu:100m memory:100m]]
+	map[requests:map[cpu:1 memory:100m]
 
 Get more details about the ResourceQuota:
 

01-path-basics/103-kubernetes-concepts/templates/pod-memory.yaml renamed to 01-path-basics/103-kubernetes-concepts/templates/pod-cpu-memory.yaml

@@ -11,5 +11,6 @@ spec:
     resources:
       requests:
         memory: "100m"
+        cpu: 1        
     ports:
-    - containerPort: 80
+    - containerPort: 80

03-path-application-development/303-app-update/readme.adoc

@@ -16,7 +16,9 @@ For our usecase, the application initially uses the image `arungupta/app-upgrade
 
 In order to perform exercises in this chapter, you’ll need to deploy configurations to a Kubernetes cluster. To create an EKS-based Kubernetes cluster, use the link:../../01-path-basics/102-your-first-cluster#create-a-kubernetes-cluster-with-eks[AWS CLI] (recommended). If you wish to create a Kubernetes cluster without EKS, you can instead use link:../../01-path-basics/102-your-first-cluster#alternative-create-a-kubernetes-cluster-with-kops[kops].
 
-All configuration files for this chapter are in the `app-udpate` directory. Make sure you change to that directory before giving any commands in this chapter.
+All configuration files for this chapter are in the `app-update` directory. Make sure you change to that directory before giving any commands in this chapter.  If you are working in Cloud9, run:
+
+    cd ~/environment/aws-workshop-for-kubernetes/03-path-application-development/303-app-update/
 
 == Update and Rollback