Merge 78a9c6863a into b974042d95

docs/04-certificate-authority.md

@@ -8,9 +8,9 @@ In this section you will provision a Certificate Authority that can be used to g
 
 Generate the CA configuration file, certificate, and private key:
 
-```
+    Have in mind all of the following commands must be done on your terminal. 
-{
 
+```
 cat > ca-config.json <<EOF
 {
   "signing": {
@@ -26,7 +26,9 @@ cat > ca-config.json <<EOF
   }
 }
 EOF
+```
 
+```
 cat > ca-csr.json <<EOF
 {
   "CN": "Kubernetes",
@@ -45,13 +47,13 @@ cat > ca-csr.json <<EOF
   ]
 }
 EOF
-
-cfssl gencert -initca ca-csr.json | cfssljson -bare ca
-
-}
 ```
 
-Results:
+```
+cfssl gencert -initca ca-csr.json | cfssljson -bare ca
+```
+
+It should create two files:
 
 ```
 ca-key.pem
@@ -67,8 +69,6 @@ In this section you will generate client and server certificates for each Kubern
 Generate the `admin` client certificate and private key:
 
 ```
-{
-
 cat > admin-csr.json <<EOF
 {
   "CN": "admin",
@@ -87,18 +87,18 @@ cat > admin-csr.json <<EOF
   ]
 }
 EOF
+```
 
+```
 cfssl gencert \
   -ca=ca.pem \
   -ca-key=ca-key.pem \
   -config=ca-config.json \
   -profile=kubernetes \
   admin-csr.json | cfssljson -bare admin
-
-}
 ```
 
-Results:
+It should generate two additional files:
 
 ```
 admin-key.pem
@@ -164,8 +164,6 @@ worker-2.pem
 Generate the `kube-controller-manager` client certificate and private key:
 
 ```
-{
-
 cat > kube-controller-manager-csr.json <<EOF
 {
   "CN": "system:kube-controller-manager",
@@ -191,8 +189,6 @@ cfssl gencert \
   -config=ca-config.json \
   -profile=kubernetes \
   kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager
-
-}
 ```
 
 Results:
@@ -208,8 +204,6 @@ kube-controller-manager.pem
 Generate the `kube-proxy` client certificate and private key:
 
 ```
-{
-
 cat > kube-proxy-csr.json <<EOF
 {
   "CN": "system:kube-proxy",
@@ -236,7 +230,6 @@ cfssl gencert \
   -profile=kubernetes \
   kube-proxy-csr.json | cfssljson -bare kube-proxy
 
-}
 ```
 
 Results:
@@ -251,8 +244,6 @@ kube-proxy.pem
 Generate the `kube-scheduler` client certificate and private key:
 
 ```
-{
-
 cat > kube-scheduler-csr.json <<EOF
 {
   "CN": "system:kube-scheduler",
@@ -279,7 +270,6 @@ cfssl gencert \
   -profile=kubernetes \
   kube-scheduler-csr.json | cfssljson -bare kube-scheduler
 
-}
 ```
 
 Results:
@@ -297,8 +287,6 @@ The `kubernetes-the-hard-way` static IP address will be included in the list of
 Generate the Kubernetes API Server certificate and private key:
 
 ```
-{
-
 KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe kubernetes-the-hard-way \
   --region $(gcloud config get-value compute/region) \
   --format 'value(address)')
@@ -330,7 +318,6 @@ cfssl gencert \
   -profile=kubernetes \
   kubernetes-csr.json | cfssljson -bare kubernetes
 
-}
 ```
 
 Results:
@@ -347,8 +334,6 @@ The Kubernetes Controller Manager leverages a key pair to generate and sign serv
 Generate the `service-account` certificate and private key:
 
 ```
-{
-
 cat > service-account-csr.json <<EOF
 {
   "CN": "service-accounts",
@@ -374,8 +359,6 @@ cfssl gencert \
   -config=ca-config.json \
   -profile=kubernetes \
   service-account-csr.json | cfssljson -bare service-account
-
-}
 ```
 
 Results:

docs/05-kubernetes-configuration-files.md

@@ -60,7 +60,6 @@ worker-2.kubeconfig
 Generate a kubeconfig file for the `kube-proxy` service:
 
 ```
-{
 kubectl config set-cluster kubernetes-the-hard-way \
   --certificate-authority=ca.pem \
   --embed-certs=true \
@@ -79,7 +78,6 @@ Generate a kubeconfig file for the `kube-proxy` service:
   --kubeconfig=kube-proxy.kubeconfig
 
 kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
-}
 ```
 
 Results:
@@ -93,7 +91,6 @@ kube-proxy.kubeconfig
 Generate a kubeconfig file for the `kube-controller-manager` service:
 
 ```
-{
 kubectl config set-cluster kubernetes-the-hard-way \
   --certificate-authority=ca.pem \
   --embed-certs=true \
@@ -112,7 +109,6 @@ Generate a kubeconfig file for the `kube-controller-manager` service:
   --kubeconfig=kube-controller-manager.kubeconfig
 
 kubectl config use-context default --kubeconfig=kube-controller-manager.kubeconfig
-}
 ```
 
 Results:
@@ -127,7 +123,6 @@ kube-controller-manager.kubeconfig
 Generate a kubeconfig file for the `kube-scheduler` service:
 
 ```
-{
 kubectl config set-cluster kubernetes-the-hard-way \
   --certificate-authority=ca.pem \
   --embed-certs=true \
@@ -146,7 +141,6 @@ Generate a kubeconfig file for the `kube-scheduler` service:
   --kubeconfig=kube-scheduler.kubeconfig
 
 kubectl config use-context default --kubeconfig=kube-scheduler.kubeconfig
-}
 ```
 
 Results:
@@ -160,7 +154,6 @@ kube-scheduler.kubeconfig
 Generate a kubeconfig file for the `admin` user:
 
 ```
-{
 kubectl config set-cluster kubernetes-the-hard-way \
   --certificate-authority=ca.pem \
   --embed-certs=true \
@@ -179,7 +172,6 @@ Generate a kubeconfig file for the `admin` user:
   --kubeconfig=admin.kubeconfig
 
 kubectl config use-context default --kubeconfig=admin.kubeconfig
-}
 ```
 
 Results:

docs/07-bootstrapping-etcd.md

@@ -28,19 +28,15 @@ wget -q --show-progress --https-only --timestamping \
 Extract and install the `etcd` server and the `etcdctl` command line utility:
 
 ```
-{
 tar -xvf etcd-v3.3.5-linux-amd64.tar.gz
 sudo mv etcd-v3.3.5-linux-amd64/etcd* /usr/local/bin/
-}
 ```
 
 ### Configure the etcd Server
 
 ```
-{
 sudo mkdir -p /etc/etcd /var/lib/etcd
 sudo cp ca.pem kubernetes-key.pem kubernetes.pem /etc/etcd/
-}
 ```
 
 The instance internal IP address will be used to serve client requests and communicate with etcd cluster peers. Retrieve the internal IP address for the current compute instance:
@@ -94,11 +90,9 @@ EOF
 ### Start the etcd Server
 
 ```
-{
 sudo systemctl daemon-reload
 sudo systemctl enable etcd
 sudo systemctl start etcd
-}
 ```
 
 > Remember to run the above commands on each controller node: `controller-0`, `controller-1`, and `controller-2`.

docs/08-bootstrapping-kubernetes-controllers.md

@@ -37,22 +37,19 @@ wget -q --show-progress --https-only --timestamping \
 Install the Kubernetes binaries:
 
 ```
-{
 chmod +x kube-apiserver kube-controller-manager kube-scheduler kubectl
+
 sudo mv kube-apiserver kube-controller-manager kube-scheduler kubectl /usr/local/bin/
-}
 ```
 
 ### Configure the Kubernetes API Server
 
 ```
-{
 sudo mkdir -p /var/lib/kubernetes/
 
 sudo mv ca.pem ca-key.pem kubernetes-key.pem kubernetes.pem \
   service-account-key.pem service-account.pem \
   encryption-config.yaml /var/lib/kubernetes/
-}
 ```
 
 The instance internal IP address will be used to advertise the API Server to members of the cluster. Retrieve the internal IP address for the current compute instance:
@@ -191,11 +188,11 @@ EOF
 ### Start the Controller Services
 
 ```
-{
 sudo systemctl daemon-reload
+
 sudo systemctl enable kube-apiserver kube-controller-manager kube-scheduler
+
 sudo systemctl start kube-apiserver kube-controller-manager kube-scheduler
-}
 ```
 
 > Allow up to 10 seconds for the Kubernetes API Server to fully initialize.
@@ -227,12 +224,10 @@ EOF
 ```
 
 ```
-{
 sudo mv kubernetes.default.svc.cluster.local \
   /etc/nginx/sites-available/kubernetes.default.svc.cluster.local
 
 sudo ln -s /etc/nginx/sites-available/kubernetes.default.svc.cluster.local /etc/nginx/sites-enabled/
-}
 ```
 
 ```
@@ -347,7 +342,6 @@ In this section you will provision an external load balancer to front the Kubern
 Create the external load balancer network resources:
 
 ```
-{
 KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe kubernetes-the-hard-way \
   --region $(gcloud config get-value compute/region) \
   --format 'value(address)')
@@ -373,7 +367,6 @@ Create the external load balancer network resources:
   --ports 6443 \
   --region $(gcloud config get-value compute/region) \
   --target-pool kubernetes-target-pool
-}
 ```
 
 ### Verification

docs/09-bootstrapping-kubernetes-workers.md

@@ -19,10 +19,9 @@ gcloud compute ssh worker-0
 Install the OS dependencies:
 
 ```
-{
 sudo apt-get update
+
 sudo apt-get -y install socat conntrack ipset
-}
 ```
 
 > The socat binary enables support for the `kubectl port-forward` command.
@@ -56,14 +55,17 @@ sudo mkdir -p \
 Install the worker binaries:
 
 ```
-{
 chmod +x kubectl kube-proxy kubelet runc.amd64 runsc
+
 sudo mv runc.amd64 runc
+
 sudo mv kubectl kube-proxy kubelet runc runsc /usr/local/bin/
+
 sudo tar -xvf crictl-v1.0.0-beta.0-linux-amd64.tar.gz -C /usr/local/bin/
+
 sudo tar -xvf cni-plugins-amd64-v0.6.0.tgz -C /opt/cni/bin/
+
 sudo tar -xvf containerd-1.1.0.linux-amd64.tar.gz -C /
-}
 ```
 
 ### Configure CNI Networking
@@ -163,11 +165,11 @@ EOF
 ### Configure the Kubelet
 
 ```
-{
 sudo mv ${HOSTNAME}-key.pem ${HOSTNAME}.pem /var/lib/kubelet/
+
 sudo mv ${HOSTNAME}.kubeconfig /var/lib/kubelet/kubeconfig
+
 sudo mv ca.pem /var/lib/kubernetes/
-}
 ```
 
 Create the `kubelet-config.yaml` configuration file:
@@ -264,11 +266,11 @@ EOF
 ### Start the Worker Services
 
 ```
-{
 sudo systemctl daemon-reload
+
 sudo systemctl enable containerd kubelet kube-proxy
+
 sudo systemctl start containerd kubelet kube-proxy
-}
 ```
 
 > Remember to run the above commands on each worker node: `worker-0`, `worker-1`, and `worker-2`.

docs/10-configuring-kubectl.md

@@ -11,7 +11,6 @@ Each kubeconfig requires a Kubernetes API Server to connect to. To support high
 Generate a kubeconfig file suitable for authenticating as the `admin` user:
 
 ```
-{
 KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe kubernetes-the-hard-way \
   --region $(gcloud config get-value compute/region) \
   --format 'value(address)')
@@ -30,7 +29,6 @@ Generate a kubeconfig file suitable for authenticating as the `admin` user:
   --user=admin
 
 kubectl config use-context kubernetes-the-hard-way
-}
 ```
 
 ## Verification

docs/14-cleanup.md

@@ -17,7 +17,6 @@ gcloud -q compute instances delete \
 Delete the external load balancer network resources:
 
 ```
-{
 gcloud -q compute forwarding-rules delete kubernetes-forwarding-rule \
   --region $(gcloud config get-value compute/region)
 
@@ -26,7 +25,6 @@ Delete the external load balancer network resources:
 gcloud -q compute http-health-checks delete kubernetes
 
 gcloud -q compute addresses delete kubernetes-the-hard-way
-}
 ```
 
 Delete the `kubernetes-the-hard-way` firewall rules:
@@ -42,7 +40,6 @@ gcloud -q compute firewall-rules delete \
 Delete the `kubernetes-the-hard-way` network VPC:
 
 ```
-{
 gcloud -q compute routes delete \
   kubernetes-route-10-200-0-0-24 \
   kubernetes-route-10-200-1-0-24 \
@@ -51,5 +48,4 @@ Delete the `kubernetes-the-hard-way` network VPC:
 gcloud -q compute networks subnets delete kubernetes
 
 gcloud -q compute networks delete kubernetes-the-hard-way
-}
 ```