doc review + updates

README.md

@@ -6,6 +6,8 @@ This tutorial is optimized for learning, which means taking the long route to he
 
 * [Google Compute Engine](https://cloud.google.com/compute)
 * [Amazon EC2](https://aws.amazon.com/ec2)
+* [Microsoft Azure](https://azure.microsoft.com)
+
 
 > The results of this tutorial should not be viewed as production ready, and may receive limited support from the community, but don't let that prevent you from learning!
 
@@ -46,16 +48,21 @@ AWS
 
 * The us-west-2 region will be used
 
+AWS
+
+* The "west us" region will be used
+
 ## Platforms
 
 This tutorial assumes you have access to one of the following:
 
 * [Google Cloud Platform](https://cloud.google.com) and the [Google Cloud SDK](https://cloud.google.com/sdk/) (125.0.0+)
 * [Amazon Web Services](https://aws.amazon.com), the [AWS CLI](https://aws.amazon.com/cli) (1.10.63+), and [jq](https://stedolan.github.io/jq) (1.5+)
+* [Microsoft Azure](https://azure.microsoft.com), the [Azure CLI](https://azure.microsoft.com/en-us/documentation/articles/xplat-cli-install/) (0.10.1+), and [jq](https://stedolan.github.io/jq) (1.5+)
 
 ## Labs
 
-While GCP or AWS will be used for basic infrastructure needs, the things learned in this tutorial apply to every platform.
+While GCP, AWS or Azure will be used for basic infrastructure needs, the things learned in this tutorial apply to every platform.
 
 * [Cloud Infrastructure Provisioning](docs/01-infrastructure.md)
 * [Setting up a CA and TLS Cert Generation](docs/02-certificate-authority.md)

docs/01-infrastructure-azure.md

@@ -3,35 +3,39 @@ This lab will walk you through provisioning the compute instances required for r
 
 The guide assumes you'll be creating resources in the `West Us` region as a single Azure Resource Manager resource group.
 
-After completing this guide you should have the following compute instances:
 
-##### add screen shot ####
+> All machines will be provisioned with fixed private IP addresses to simplify the bootstrap process.
 
-> All machines and load balancers will be provisioned with fixed private IP addresses to simplify the bootstrap process.
+The cluster VNs are only accessible via a jump box (a VM with publicly accessible ssh endpoint). The workers machines are exposed via external load balancer that carries both an public IP and public FQDN. 
-
-The control plane machines are only accessible via a jump box (a VM with publically accessable ssh). The workers machines are exposed via external load balancer that carries both an public IP and public addressable dns FQDN. 
 
 
 ## Variables
 
-```
+Change the following values as needed. 
-#change the following values as needed. 
 
+```
 # dns for jumpbox is <jumpboxDnsLabel>.westus.cloudapp.azure.com
 jumpboxDnsLabel="the-hard-way-jumpbox" 
+```
 
+```
 # dns for workers is <workersDnsLabel>.westus.cloudapp.azure.com
 workersDnsLabel="the-hard-way" 
+```
 
+```
 #storage account used by jumpbox + controllers + Etcd VMs
 controlPlaneStorageAccount="thehardwaycsa"
+```
 
+```
 #storage account used by workers VMs
 workersStorageAccount="thehardwaywsa"
+```
 
+```
 # all vms are using ubunut 16.4 LTS 
 imageUrn="Canonical:UbuntuServer:16.04.0-LTS:latest"
-
 ```
 
 ## Create Resource Group
@@ -63,7 +67,7 @@ azure network nsg create \
 ```
 
 
-Create NSG Rule Allowing SSH to Our Jump Box
+Create NSG rule allowing SSH to the jumpbox
 
 ```
 azure network nsg rule create \
@@ -90,12 +94,11 @@ azure network vnet create \
 	--location "West Us"
 ```
 
-Create Subnets
+Create subnets
 
 ```
-# Azure UDR routes traffic going outside 
+# Azure UDR routes traffic subnet's eggress
-# the subnet
+# workers & pod ips have to be 2 separate subnets
-# workers have to be on their own subnet
 
 azure network vnet subnet create \
 	--resource-group the-hard-way \
@@ -146,7 +149,7 @@ azure network public-ip create \
 
 ## Virtual Machines
 
-Create SSH Key (Used by All VMs)
+Create SSH keys (Used by All VMs)
 
 ```
 mkdir keys
@@ -165,7 +168,7 @@ azure storage account create $controlPlaneStorageAccount \
 	--location "West Us"
 ```
 
-Create storage account for works VMs
+Create storage account for workers VMs
 
 ```
 azure storage account create $workersStorageAccount \
@@ -179,7 +182,7 @@ azure storage account create $workersStorageAccount \
 
 ### Jump Box
 
-#### Create Nic (Private IP + Public IP)
+#### Create Nic (Private IP + Public IP + FQDN)
 
 ```
 azure network nic create \
@@ -320,8 +323,7 @@ azure vm create \
 
 #### Controllers Internal Load Balancer 
 
-
+Create load balancer 
-Create controllers internal load balancer 
 
 ```
 azure network lb create \
@@ -495,7 +497,7 @@ azure network lb create \
 	--location "West Us"
 ```
 
-Assign the front-end public IP to the load balancer
+Assign the front-end public IP + FQDN to the load balancer
 
 ```
 azure network lb frontend-ip create \
@@ -670,7 +672,7 @@ ssh -i ./keys/cluster \
 	thehardway@$jumpboxDnsLabel.westus.cloudapp.azure.com
 ```
 
-### Copy the cluster private key to Jumpbox 
+### Copy the cluster private key to jumpbox 
 
 ```
 scp -i ./keys/cluster \

docs/02-certificate-authority.md

@@ -270,14 +270,15 @@ If you used a different machine
 
 ```
 
-#Get jumpbox address
+# Get jumpbox address
 
 KUBERNETES_JUMPBOX_ADDRESS=$(azure network public-ip show \
   --resource-group the-hard-way \
   --name the-hard-way-jumpbox \
   --json | jq -r '.dnsSettings.fqdn')
 
-#Copy files to jumpbox 
+# Copy files to jumpbox 
+
 scp -i ./keys/cluster \
   ca.pem \
   kubernetes-key.pem \
@@ -295,5 +296,4 @@ ssh -i ./keys/cluster \
   done
   
 EOF
-
 ```

docs/06-kubectl.md

@@ -40,10 +40,10 @@ KUBERNETES_PUBLIC_ADDRESS=$(aws elb describe-load-balancers \
 ### Azure 
 
 ```
-# for this work, we are configuring kubectl on jumpbox
+# we are configuring kubectl on jumpbox
 # The controllers are exposed via internal load balancer
 # access is only allowed within the VNET 
-# (or ssh -L ... port 6443 .. from jumpbox to internal lb) 
+# (outside the vnet ssh -L ... port 6443 .. from jumpbox to internal lb) 
 KUBERNETES_PUBLIC_ADDRESS=$(azure network lb show \
   --resource-group the-hard-way \
   --name the-hard-way-clb \

docs/09-smoke-test.md

@@ -89,7 +89,7 @@ NODE_PUBLIC_IP=$(azure network public-ip show \
   --name the-hard-way-workers \
   --json | jq -r '.dnsSettings.fqdn')
 
-# Add NSG rule to enable traffic to node ports
+# Add NSG rule to enable traffic to workers' node ports
 
 azure network nsg rule create \
 	--resource-group the-hard-way \
@@ -103,7 +103,7 @@ azure network nsg rule create \
 	--priority 110 \
 	--direction inbound
 
-# Create balancing rules NODE_PORT:NODE_PORT on the load balancer
+# Create load balancer rule NODE_PORT:NODE_PORT on the load balancer
 
 azure network lb probe create \
   --resource-group the-hard-way \