From 5a1e704652757b77a3eb186d9d4409346913c63f Mon Sep 17 00:00:00 2001
From: Kelsey Hightower <kelsey.hightower@gmail.com>
Date: Sat, 12 May 2018 16:54:18 +0000
Subject: [PATCH] kubernetes 1.10.2

---
 README.md                                     |  6 +-
 docs/01-prerequisites.md                      |  2 +-
 docs/02-client-tools.md                       |  8 +--
 docs/03-compute-resources.md                  |  4 +-
 docs/07-bootstrapping-etcd.md                 |  6 +-
 ...08-bootstrapping-kubernetes-controllers.md | 18 ++---
 docs/09-bootstrapping-kubernetes-workers.md   | 65 ++++++++++++++-----
 docs/10-configuring-kubectl.md                | 14 ++--
 docs/13-smoke-test.md                         | 42 ++++++------
 9 files changed, 100 insertions(+), 65 deletions(-)

diff --git a/README.md b/README.md
index 33836d3..7171f19 100644
--- a/README.md
+++ b/README.md
@@ -14,10 +14,10 @@ The target audience for this tutorial is someone planning to support a productio
 
 Kubernetes The Hard Way guides you through bootstrapping a highly available Kubernetes cluster with end-to-end encryption between components and RBAC authentication.
 
-* [Kubernetes](https://github.com/kubernetes/kubernetes) 1.9.0
-* [cri-containerd Container Runtime](https://github.com/kubernetes-incubator/cri-containerd) 1.0.0-beta.0
+* [Kubernetes](https://github.com/kubernetes/kubernetes) 1.10.2
+* [containerd Container Runtime](https://github.com/containerd/containerd) 1.1.0
 * [CNI Container Networking](https://github.com/containernetworking/cni) 0.6.0
-* [etcd](https://github.com/coreos/etcd) 3.2.11
+* [etcd](https://github.com/coreos/etcd) 3.3.5
 
 ## Labs
 
diff --git a/docs/01-prerequisites.md b/docs/01-prerequisites.md
index 79ff65a..d8804e4 100644
--- a/docs/01-prerequisites.md
+++ b/docs/01-prerequisites.md
@@ -14,7 +14,7 @@ This tutorial leverages the [Google Cloud Platform](https://cloud.google.com/) t
 
 Follow the Google Cloud SDK [documentation](https://cloud.google.com/sdk/) to install and configure the `gcloud` command line utility.
 
-Verify the Google Cloud SDK version is 183.0.0 or higher:
+Verify the Google Cloud SDK version is 200.0.0 or higher:
 
 ```
 gcloud version
diff --git a/docs/02-client-tools.md b/docs/02-client-tools.md
index e6b728d..c19b3df 100644
--- a/docs/02-client-tools.md
+++ b/docs/02-client-tools.md
@@ -69,7 +69,7 @@ The `kubectl` command line utility is used to interact with the Kubernetes API S
 ### OS X
 
 ```
-curl -o kubectl https://storage.googleapis.com/kubernetes-release/release/v1.9.0/bin/darwin/amd64/kubectl
+curl -o kubectl https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/darwin/amd64/kubectl
 ```
 
 ```
@@ -83,7 +83,7 @@ sudo mv kubectl /usr/local/bin/
 ### Linux
 
 ```
-wget https://storage.googleapis.com/kubernetes-release/release/v1.9.0/bin/linux/amd64/kubectl
+wget https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/linux/amd64/kubectl
 ```
 
 ```
@@ -96,7 +96,7 @@ sudo mv kubectl /usr/local/bin/
 
 ### Verification
 
-Verify `kubectl` version 1.9.0 or higher is installed:
+Verify `kubectl` version 1.10.2 or higher is installed:
 
 ```
 kubectl version --client
@@ -105,7 +105,7 @@ kubectl version --client
 > output
 
 ```
-Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.0", GitCommit:"925c127ec6b946659ad0fd596fa959be43f0cc05", GitTreeState:"clean", BuildDate:"2017-12-15T21:07:38Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"darwin/amd64"}
+Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:22:21Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
 ```
 
 Next: [Provisioning Compute Resources](03-compute-resources.md)
diff --git a/docs/03-compute-resources.md b/docs/03-compute-resources.md
index 16f1b7f..d27771a 100644
--- a/docs/03-compute-resources.md
+++ b/docs/03-compute-resources.md
@@ -104,7 +104,7 @@ for i in 0 1 2; do
     --async \
     --boot-disk-size 200GB \
     --can-ip-forward \
-    --image-family ubuntu-1604-lts \
+    --image-family ubuntu-1804-lts \
     --image-project ubuntu-os-cloud \
     --machine-type n1-standard-1 \
     --private-network-ip 10.240.0.1${i} \
@@ -128,7 +128,7 @@ for i in 0 1 2; do
     --async \
     --boot-disk-size 200GB \
     --can-ip-forward \
-    --image-family ubuntu-1604-lts \
+    --image-family ubuntu-1804-lts \
     --image-project ubuntu-os-cloud \
     --machine-type n1-standard-1 \
     --metadata pod-cidr=10.200.${i}.0/24 \
diff --git a/docs/07-bootstrapping-etcd.md b/docs/07-bootstrapping-etcd.md
index 93ad388..7f22ea1 100644
--- a/docs/07-bootstrapping-etcd.md
+++ b/docs/07-bootstrapping-etcd.md
@@ -18,17 +18,17 @@ Download the official etcd release binaries from the [coreos/etcd](https://githu
 
 ```
 wget -q --show-progress --https-only --timestamping \
-  "https://github.com/coreos/etcd/releases/download/v3.2.11/etcd-v3.2.11-linux-amd64.tar.gz"
+  "https://github.com/coreos/etcd/releases/download/v3.3.5/etcd-v3.3.5-linux-amd64.tar.gz"
 ```
 
 Extract and install the `etcd` server and the `etcdctl` command line utility:
 
 ```
-tar -xvf etcd-v3.2.11-linux-amd64.tar.gz
+tar -xvf etcd-v3.3.5-linux-amd64.tar.gz
 ```
 
 ```
-sudo mv etcd-v3.2.11-linux-amd64/etcd* /usr/local/bin/
+sudo mv etcd-v3.3.5-linux-amd64/etcd* /usr/local/bin/
 ```
 
 ### Configure the etcd Server
diff --git a/docs/08-bootstrapping-kubernetes-controllers.md b/docs/08-bootstrapping-kubernetes-controllers.md
index 06012d9..43c852e 100644
--- a/docs/08-bootstrapping-kubernetes-controllers.md
+++ b/docs/08-bootstrapping-kubernetes-controllers.md
@@ -18,10 +18,10 @@ Download the official Kubernetes release binaries:
 
 ```
 wget -q --show-progress --https-only --timestamping \
-  "https://storage.googleapis.com/kubernetes-release/release/v1.9.0/bin/linux/amd64/kube-apiserver" \
-  "https://storage.googleapis.com/kubernetes-release/release/v1.9.0/bin/linux/amd64/kube-controller-manager" \
-  "https://storage.googleapis.com/kubernetes-release/release/v1.9.0/bin/linux/amd64/kube-scheduler" \
-  "https://storage.googleapis.com/kubernetes-release/release/v1.9.0/bin/linux/amd64/kubectl"
+  "https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/linux/amd64/kube-apiserver" \
+  "https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/linux/amd64/kube-controller-manager" \
+  "https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/linux/amd64/kube-scheduler" \
+  "https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/linux/amd64/kubectl"
 ```
 
 Install the Kubernetes binaries:
@@ -301,12 +301,12 @@ curl --cacert ca.pem https://${KUBERNETES_PUBLIC_ADDRESS}:6443/version
 ```
 {
   "major": "1",
-  "minor": "9",
-  "gitVersion": "v1.9.0",
-  "gitCommit": "925c127ec6b946659ad0fd596fa959be43f0cc05",
+  "minor": "10",
+  "gitVersion": "v1.10.2",
+  "gitCommit": "81753b10df112992bf51bbc2c2f85208aad78335",
   "gitTreeState": "clean",
-  "buildDate": "2017-12-15T20:55:30Z",
-  "goVersion": "go1.9.2",
+  "buildDate": "2018-04-27T09:10:24Z",
+  "goVersion": "go1.9.3",
   "compiler": "gc",
   "platform": "linux/amd64"
 }
diff --git a/docs/09-bootstrapping-kubernetes-workers.md b/docs/09-bootstrapping-kubernetes-workers.md
index a4e8624..1548c7e 100644
--- a/docs/09-bootstrapping-kubernetes-workers.md
+++ b/docs/09-bootstrapping-kubernetes-workers.md
@@ -15,7 +15,7 @@ gcloud compute ssh worker-0
 Install the OS dependencies:
 
 ```
-sudo apt-get -y install socat
+sudo apt-get -y install socat conntrack
 ```
 
 > The socat binary enables support for the `kubectl port-forward` command.
@@ -24,11 +24,12 @@ sudo apt-get -y install socat
 
 ```
 wget -q --show-progress --https-only --timestamping \
+  https://github.com/opencontainers/runc/releases/download/v1.0.0-rc5/runc.amd64 \
   https://github.com/containernetworking/plugins/releases/download/v0.6.0/cni-plugins-amd64-v0.6.0.tgz \
-  https://github.com/containerd/cri-containerd/releases/download/v1.0.0-beta.1/cri-containerd-1.0.0-beta.1.linux-amd64.tar.gz \
-  https://storage.googleapis.com/kubernetes-release/release/v1.9.0/bin/linux/amd64/kubectl \
-  https://storage.googleapis.com/kubernetes-release/release/v1.9.0/bin/linux/amd64/kube-proxy \
-  https://storage.googleapis.com/kubernetes-release/release/v1.9.0/bin/linux/amd64/kubelet
+  https://github.com/containerd/containerd/releases/download/v1.1.0/containerd-1.1.0.linux-amd64.tar.gz \
+  https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/linux/amd64/kubectl \
+  https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/linux/amd64/kube-proxy \
+  https://storage.googleapis.com/kubernetes-release/release/v1.10.2/bin/linux/amd64/kubelet
 ```
 
 Create the installation directories:
@@ -45,12 +46,20 @@ sudo mkdir -p \
 
 Install the worker binaries:
 
+```
+chmod +x runc.amd64
+```
+
+```
+sudo mv runc.amd64 /usr/local/bin/runc
+```
+
 ```
 sudo tar -xvf cni-plugins-amd64-v0.6.0.tgz -C /opt/cni/bin/
 ```
 
 ```
-sudo tar -xvf cri-containerd-1.0.0-beta.1.linux-amd64.tar.gz -C /
+sudo tar -xvf containerd-1.1.0.linux-amd64.tar.gz -C /
 ```
 
 ```
@@ -109,6 +118,32 @@ Move the network configuration files to the CNI configuration directory:
 sudo mv 10-bridge.conf 99-loopback.conf /etc/cni/net.d/
 ```
 
+### Configure containerd
+
+```
+cat > containerd.service <<EOF
+[Unit]
+Description=containerd container runtime
+Documentation=https://containerd.io
+After=network.target
+
+[Service]
+ExecStartPre=/sbin/modprobe overlay
+ExecStart=/bin/containerd
+Restart=always
+RestartSec=5
+Delegate=yes
+KillMode=process
+OOMScoreAdjust=-999
+LimitNOFILE=1048576
+LimitNPROC=infinity
+LimitCORE=infinity
+
+[Install]
+WantedBy=multi-user.target
+EOF
+```
+
 ### Configure the Kubelet
 
 ```
@@ -130,8 +165,8 @@ cat > kubelet.service <<EOF
 [Unit]
 Description=Kubernetes Kubelet
 Documentation=https://github.com/kubernetes/kubernetes
-After=cri-containerd.service
-Requires=cri-containerd.service
+After=containerd.service
+Requires=containerd.service
 
 [Service]
 ExecStart=/usr/local/bin/kubelet \\
@@ -143,7 +178,7 @@ ExecStart=/usr/local/bin/kubelet \\
   --cluster-dns=10.32.0.10 \\
   --cluster-domain=cluster.local \\
   --container-runtime=remote \\
-  --container-runtime-endpoint=unix:///var/run/cri-containerd.sock \\
+  --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock \\
   --image-pull-progress-deadline=2m \\
   --kubeconfig=/var/lib/kubelet/kubeconfig \\
   --network-plugin=cni \\
@@ -192,7 +227,7 @@ EOF
 ### Start the Worker Services
 
 ```
-sudo mv kubelet.service kube-proxy.service /etc/systemd/system/
+sudo mv containerd.service kubelet.service kube-proxy.service /etc/systemd/system/
 ```
 
 ```
@@ -200,11 +235,11 @@ sudo systemctl daemon-reload
 ```
 
 ```
-sudo systemctl enable containerd cri-containerd kubelet kube-proxy
+sudo systemctl enable containerd kubelet kube-proxy
 ```
 
 ```
-sudo systemctl start containerd cri-containerd kubelet kube-proxy
+sudo systemctl start containerd kubelet kube-proxy
 ```
 
 > Remember to run the above commands on each worker node: `worker-0`, `worker-1`, and `worker-2`.
@@ -227,9 +262,9 @@ kubectl get nodes
 
 ```
 NAME       STATUS    ROLES     AGE       VERSION
-worker-0   Ready     <none>    18s       v1.9.0
-worker-1   Ready     <none>    18s       v1.9.0
-worker-2   Ready     <none>    18s       v1.9.0
+worker-0   Ready     <none>    20s       v1.10.2
+worker-1   Ready     <none>    20s       v1.10.2
+worker-2   Ready     <none>    20s       v1.10.2
 ```
 
 Next: [Configuring kubectl for Remote Access](10-configuring-kubectl.md)
diff --git a/docs/10-configuring-kubectl.md b/docs/10-configuring-kubectl.md
index 3d63825..ee78b30 100644
--- a/docs/10-configuring-kubectl.md
+++ b/docs/10-configuring-kubectl.md
@@ -52,12 +52,12 @@ kubectl get componentstatuses
 > output
 
 ```
-NAME                 STATUS    MESSAGE              ERROR
+NAME                 STATUS    MESSAGE             ERROR
 controller-manager   Healthy   ok
 scheduler            Healthy   ok
-etcd-2               Healthy   {"health": "true"}
-etcd-0               Healthy   {"health": "true"}
-etcd-1               Healthy   {"health": "true"}
+etcd-1               Healthy   {"health":"true"}
+etcd-2               Healthy   {"health":"true"}
+etcd-0               Healthy   {"health":"true"}
 ```
 
 List the nodes in the remote Kubernetes cluster:
@@ -70,9 +70,9 @@ kubectl get nodes
 
 ```
 NAME       STATUS    ROLES     AGE       VERSION
-worker-0   Ready     <none>    1m        v1.9.0
-worker-1   Ready     <none>    1m        v1.9.0
-worker-2   Ready     <none>    1m        v1.9.0
+worker-0   Ready     <none>    1m        v1.10.2
+worker-1   Ready     <none>    1m        v1.10.2
+worker-2   Ready     <none>    1m        v1.10.2
 ```
 
 Next: [Provisioning Pod Network Routes](11-pod-network-routes.md)
diff --git a/docs/13-smoke-test.md b/docs/13-smoke-test.md
index 7e91805..4b87dff 100644
--- a/docs/13-smoke-test.md
+++ b/docs/13-smoke-test.md
@@ -27,17 +27,17 @@ gcloud compute ssh controller-0 \
 00000010  73 2f 64 65 66 61 75 6c  74 2f 6b 75 62 65 72 6e  |s/default/kubern|
 00000020  65 74 65 73 2d 74 68 65  2d 68 61 72 64 2d 77 61  |etes-the-hard-wa|
 00000030  79 0a 6b 38 73 3a 65 6e  63 3a 61 65 73 63 62 63  |y.k8s:enc:aescbc|
-00000040  3a 76 31 3a 6b 65 79 31  3a ea 7c 76 32 43 62 6f  |:v1:key1:.|v2Cbo|
-00000050  44 02 02 8c b7 ca fe 95  a5 33 f6 a1 18 6c 3d 53  |D........3...l=S|
-00000060  e7 9c 51 ee 32 f6 e4 17  ea bb 11 d5 2f e2 40 00  |..Q.2......./.@.|
-00000070  ae cf d9 e7 ba 7f 68 18  d3 c1 10 10 93 43 35 bd  |......h......C5.|
-00000080  24 dd 66 b4 f8 f9 82 77  4a d5 78 03 19 41 1e bc  |$.f....wJ.x..A..|
-00000090  94 3f 17 41 ad cc 8c ba  9f 8f 8e 56 97 7e 96 fb  |.?.A.......V.~..|
-000000a0  8f 2e 6a a5 bf 08 1f 0b  c3 4b 2b 93 d1 ec f8 70  |..j......K+....p|
-000000b0  c1 e4 1d 1a d2 0d f8 74  3a a1 4f 3c e0 c9 6d 3f  |.......t:.O<..m?|
-000000c0  de a3 f5 fd 76 aa 5e bc  27 d9 3c 6b 8f 54 97 45  |....v.^.'.<k.T.E|
-000000d0  31 25 ff 23 90 a4 2a f2  db 78 b1 3b ca 21 f3 6b  |1%.#..*..x.;.!.k|
-000000e0  dd fb 8e 53 c6 23 0d 35  c8 0a                    |...S.#.5..|
+00000040  3a 76 31 3a 6b 65 79 31  3a 7b 8e 59 78 0f 59 09  |:v1:key1:{.Yx.Y.|
+00000050  e2 6a ce cd f4 b6 4e ec  bc 91 aa 87 06 29 39 8d  |.j....N......)9.|
+00000060  70 e8 5d c4 b1 66 69 49  60 8f c0 cc 55 d3 69 2b  |p.]..fiI`...U.i+|
+00000070  49 bb 0e 7b 90 10 b0 85  5b b1 e2 c6 33 b6 b7 31  |I..{....[...3..1|
+00000080  25 99 a1 60 8f 40 a9 e5  55 8c 0f 26 ae 76 dc 5b  |%..`.@..U..&.v.[|
+00000090  78 35 f5 3e c1 1e bc 21  bb 30 e2 0c e3 80 1e 33  |x5.>...!.0.....3|
+000000a0  90 79 46 6d 23 d8 f9 a2  d7 5d ed 4d 82 2e 9a 5e  |.yFm#....].M...^|
+000000b0  5d b6 3c 34 37 51 4b 83  de 99 1a ea 0f 2f 7c 9b  |].<47QK....../|.|
+000000c0  46 15 93 aa ba 72 ba b9  bd e1 a3 c0 45 90 b1 de  |F....r......E...|
+000000d0  c4 2e c8 d0 94 ec 25 69  7b af 08 34 93 12 3d 1c  |......%i{..4..=.|
+000000e0  fd 23 9b ba e8 d1 25 56  f4 0a                    |.#....%V..|
 000000ea
 ```
 
@@ -99,13 +99,13 @@ curl --head http://127.0.0.1:8080
 
 ```
 HTTP/1.1 200 OK
-Server: nginx/1.13.7
-Date: Mon, 18 Dec 2017 14:50:36 GMT
+Server: nginx/1.13.12
+Date: Sat, 12 May 2018 16:50:33 GMT
 Content-Type: text/html
 Content-Length: 612
-Last-Modified: Tue, 21 Nov 2017 14:28:04 GMT
+Last-Modified: Mon, 09 Apr 2018 16:01:09 GMT
 Connection: keep-alive
-ETag: "5a1437f4-264"
+ETag: "5acb8e45-264"
 Accept-Ranges: bytes
 ```
 
@@ -131,7 +131,7 @@ kubectl logs $POD_NAME
 > output
 
 ```
-127.0.0.1 - - [18/Dec/2017:14:50:36 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.54.0" "-"
+127.0.0.1 - - [12/May/2018:16:50:33 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.52.1" "-"
 ```
 
 ### Exec
@@ -147,7 +147,7 @@ kubectl exec -ti $POD_NAME -- nginx -v
 > output
 
 ```
-nginx version: nginx/1.13.7
+nginx version: nginx/1.13.12
 ```
 
 ## Services
@@ -194,13 +194,13 @@ curl -I http://${EXTERNAL_IP}:${NODE_PORT}
 
 ```
 HTTP/1.1 200 OK
-Server: nginx/1.13.7
-Date: Mon, 18 Dec 2017 14:52:09 GMT
+Server: nginx/1.13.12
+Date: Sat, 12 May 2018 16:52:34 GMT
 Content-Type: text/html
 Content-Length: 612
-Last-Modified: Tue, 21 Nov 2017 14:28:04 GMT
+Last-Modified: Mon, 09 Apr 2018 16:01:09 GMT
 Connection: keep-alive
-ETag: "5a1437f4-264"
+ETag: "5acb8e45-264"
 Accept-Ranges: bytes
 ```