update md files

docs/02-kubelet.md

@@ -23,8 +23,7 @@ So, let's begin.
 First of all, we need to download kubelet.
 ```bash
 wget -q --show-progress --https-only --timestamping \
-  https://dl.k8s.io/v1.32.3/kubernetes-node-linux-amd64.tar.gz
+  https://dl.k8s.io/v1.32.3/bin/linux/amd64/kubelet
-
 tar -xvzf kubernetes-node-linux-amd64.tar.gz
 ```
 

docs/04-etcd.md

@@ -38,7 +38,7 @@ After the tools are installed successfully, we need to generate ca certificate.
 A ca (Certificate Authority) certificate, also known as a root certificate or a trusted root certificate, is a digital certificate that is used to verify the authenticity of other certificates.
 ```bash
 {
-cat > ca-config.json <<EOF
+cat <<EOF | tee ca-config.json 
 {
   "signing": {
     "default": {
@@ -54,7 +54,7 @@ cat > ca-config.json <<EOF
 }
 EOF
 
-cat > ca-csr.json <<EOF
+cat <<EOF | tee ca-csr.json
 {
   "CN": "Kubernetes",
   "key": {
@@ -92,7 +92,7 @@ Now, we can create certificate files signed by our ca file.
 HOST_NAME=$(hostname -a)
 KUBERNETES_HOSTNAMES=kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster,kubernetes.svc.cluster.local
 
-cat > kubernetes-csr.json <<EOF
+cat <<EOF | tee kubernetes-csr.json 
 {
   "CN": "kubernetes",
   "key": {

docs/05-apiserver.md

@@ -13,7 +13,7 @@ As you can see from the description, api server is a central (not the main) comp
 Before we begin with the configuration of the api server, we need to create certificates for kubernetes that will be used to sign service account tokens.
 ```bash
 {
-cat > service-account-csr.json <<EOF
+cat <<EOF | tee service-account-csr.json 
 {
   "CN": "service-accounts",
   "key": {
@@ -43,14 +43,11 @@ cfssl gencert \
 
 Now, we need to distribute certificates to the api server configuration folder
 ```bash
-{
+mkdir -p /var/lib/kubernetes/ \
-  mkdir /var/lib/kubernetes/
+  && cp \
-  sudo cp \
+    ca.pem kubernetes.pem kubernetes-key.pem \
-    ca.pem \
-    kubernetes.pem kubernetes-key.pem \
     service-account-key.pem service-account.pem \
     /var/lib/kubernetes/
-}
 ```
 
 As you can see, in addition to the generated service-account certificate file, we also distributed the certificate generated in the [previous](./04-etcd.md) section. We will use that certificate for communication between 
@@ -89,19 +86,21 @@ Now, when all required configuration/certificate files are created and distribut
 
 First of all, we need to download and install api server binaries
 
+https://kubernetes.io/releases/download/
 ```bash
-{
 wget -q --show-progress --https-only --timestamping \
-    "https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kube-apiserver"
+  "https://dl.k8s.io/v1.32.3/bin/linux/amd64/kube-apiserver"
-    chmod +x kube-apiserver
+```
-  sudo mv kube-apiserver /usr/local/bin/
+
-}
+```bash
+chmod +x kube-apiserver \
+  && mv kube-apiserver /usr/local/bin/
 ```
 
 And create the service configuration file
 
 ```bash
-cat <<EOF | sudo tee /etc/systemd/system/kube-apiserver.service
+cat <<EOF | tee /etc/systemd/system/kube-apiserver.service
 [Unit]
 Description=Kubernetes API Server
 Documentation=https://github.com/kubernetes/kubernetes
@@ -149,16 +148,14 @@ Configuration options I want to highlight:
 
 Now, when api-server service is configured, we can start it
 ```bash
-{
+systemctl daemon-reload \
-  sudo systemctl daemon-reload
+  && systemctl enable kube-apiserver \
-  sudo systemctl enable kube-apiserver
+  && systemctl start kube-apiserver
-  sudo systemctl start kube-apiserver
-}
 ```
 
 And check the service status
 ```bash
-sudo systemctl status kube-apiserver
+systemctl status kube-apiserver
 ```
 
 Output:
@@ -180,9 +177,9 @@ Now, when our server is up and running, we want to communicate with it. To do th
 
 ```bash
 wget -q --show-progress --https-only --timestamping \
-  https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl \
+  https://dl.k8s.io/v1.32.3/bin/linux/386/kubectl \
   && chmod +x kubectl \
-  && sudo mv kubectl /usr/local/bin/
+  && mv kubectl /usr/local/bin/
 ```
 
 As the api server is configured in more or less secure mode, we need to provide some credentials when accessing it. We will use certificate files as the credentials. That is why we need to generate a proper certificate file that will allow us to access api server with administrator privileges
@@ -252,7 +249,7 @@ As already mentioned, api-server is the central kubernetes component, that store
 It means that we can create a pod, even when other components (kubelet, scheduler, controller manager) are not configured
 ```bash
 {
-HOST_NAME=$(hostname -a)
+HOST_NAME=$(cat /etc/hostname)
 
 cat <<EOF> pod.yaml
 apiVersion: v1
@@ -261,6 +258,7 @@ metadata:
   name: hello-world
 spec:
   serviceAccountName: hello-world
+  terminationGracePeriodSeconds: 1
   containers:
     - name: hello-world-container
       image: busybox

docs/06-apiserver-kubelet.md

@@ -10,8 +10,8 @@ Again we will start this part with the creation of the certificates which will b
 
 ```bash
 {
-HOST_NAME=$(hostname -a)
+HOST_NAME=$(cat /etc/hostname)
-cat > kubelet-csr.json <<EOF
+cat <<EOF | tee kubelet-csr.json 
 {
   "CN": "system:node:${HOST_NAME}",
   "key": {
@@ -56,10 +56,8 @@ We specified "system:nodes" in the organization. It says api server that the cli
 Now we need to distribute certificates generated.
 
 ```bash
-{
+cp kubelet-key.pem kubelet.pem /var/lib/kubelet/ \
-  sudo cp kubelet-key.pem kubelet.pem /var/lib/kubelet/
+  && cp ca.pem /var/lib/kubernetes/
-  sudo cp ca.pem /var/lib/kubernetes/
-}
 ```
 
 ## service configuration
@@ -68,7 +66,7 @@ After certificates configured and distributed, we need to prepare configuration
 
 ```bash
 {
-HOST_NAME=$(hostname -a)
+HOST_NAME=$(cat /etc/hostname)
 kubectl config set-cluster kubernetes-the-hard-way \
     --certificate-authority=ca.pem \
     --embed-certs=true \
@@ -95,29 +93,24 @@ We created kubernetes configuration file, which says kubelet where api server is
 And now, move all our configuration settings to the proper folders
 
 ```bash
-sudo cp kubelet.kubeconfig /var/lib/kubelet/kubeconfig
+cp kubelet.kubeconfig /var/lib/kubelet/kubeconfig
 ```
 
 Also, we need to create KubeletConfiguration
 ```bash
-cat <<EOF | sudo tee /var/lib/kubelet/kubelet-config.yaml
+cat <<EOF | tee /var/lib/kubelet/kubelet-config.yaml
-kind: KubeletConfiguration
 apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration
 authentication:
   anonymous:
-    enabled: false
-  webhook:
     enabled: true
-  x509:
+  webhook:
-    clientCAFile: "/var/lib/kubernetes/ca.pem"
+    enabled: false
 authorization:
-  mode: Webhook
+  mode: AlwaysAllow
-clusterDomain: "cluster.local"
+networkPlugin: "cni"
-clusterDNS:
+cniConfDir: "/etc/cni/net.d"
-  - "10.32.0.10"
+cniBinDir: "/opt/cni/bin"
-podCIDR: "10.240.1.0/24"
-resolvConf: "/run/systemd/resolve/resolv.conf"
-runtimeRequestTimeout: "15m"
 tlsCertFile: "/var/lib/kubelet/kubelet.pem"
 tlsPrivateKeyFile: "/var/lib/kubelet/kubelet-key.pem"
 EOF
@@ -131,7 +124,7 @@ Configuration options I want to highlight:
 
 And the last step - we need to update service configuration file
 ```bash
-cat <<EOF | sudo tee /etc/systemd/system/kubelet.service
+cat <<EOF | tee /etc/systemd/system/kubelet.service
 [Unit]
 Description=Kubernetes Kubelet
 Documentation=https://github.com/kubernetes/kubernetes
@@ -140,14 +133,13 @@ Requires=containerd.service
 
 [Service]
 ExecStart=/usr/local/bin/kubelet \\
-  --config=/var/lib/kubelet/kubelet-config.yaml \\
-  --container-runtime=remote \\
   --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock \\
-  --image-pull-progress-deadline=2m \\
+  --file-check-frequency=10s \\
+  --config=/var/lib/kubelet/kubelet-config.yaml \\
+  --pod-manifest-path='/etc/kubernetes/manifests/' \\
   --kubeconfig=/var/lib/kubelet/kubeconfig \\
-  --network-plugin=cni \\
   --register-node=true \\
-  --v=2
+  --v=10
 Restart=on-failure
 RestartSec=5
 
@@ -159,18 +151,16 @@ EOF
 And reload it
 
 ```bash
-{
+systemctl daemon-reload \
-  sudo systemctl daemon-reload
+  && systemctl enable kubelet \
-  sudo systemctl enable kubelet
+  && systemctl restart kubelet
-  sudo systemctl restart kubelet
-}
 ```
 
 ## verification
 
 And check service status
 ```bash
-sudo systemctl status kubelet
+systemctl status kubelet
 ```
 
 Output:

docs/07-scheduler.md

@@ -23,6 +23,7 @@ metadata:
   name: hello-world
 spec:
   serviceAccountName: hello-world
+  terminationGracePeriodSeconds: 1
   containers:
     - name: hello-world-container
       image: busybox
@@ -121,16 +122,16 @@ We created kubernetes configuration file, which says scheduler where api server
 Now, we can distribute created configuration file.
 
 ```bash
-sudo mv kube-scheduler.kubeconfig /var/lib/kubernetes/
+mv kube-scheduler.kubeconfig /var/lib/kubernetes/
 ```
 
 In addition to this file, we will create one more configuration file for scheduler
 
 ```bash
 {
-mkdir /etc/kubernetes/config
+mkdir -p /etc/kubernetes/config
-cat <<EOF | sudo tee /etc/kubernetes/config/kube-scheduler.yaml
+cat <<EOF | tee /etc/kubernetes/config/kube-scheduler.yaml
-apiVersion: kubescheduler.config.k8s.io/v1beta1
+apiVersion: kubescheduler.config.k8s.io/v1
 kind: KubeSchedulerConfiguration
 clientConnection:
   kubeconfig: "/var/lib/kubernetes/kube-scheduler.kubeconfig"
@@ -144,21 +145,19 @@ After all configuration files created, we need to download scheduler binaries.
 
 ```bash
 wget -q --show-progress --https-only --timestamping \
-  "https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kube-scheduler"
+  "https://dl.k8s.io/v1.32.3/bin/linux/amd64/kube-scheduler"
 ```
 
 And install it
 
 ```bash
-{
+chmod +x kube-scheduler \
-  chmod +x kube-scheduler
+  && mv kube-scheduler /usr/local/bin/
-  sudo mv kube-scheduler /usr/local/bin/
-}
 ```
 
 Now, we can create configuration file for scheduler service
 ```bash
-cat <<EOF | sudo tee /etc/systemd/system/kube-scheduler.service
+cat <<EOF | tee /etc/systemd/system/kube-scheduler.service
 [Unit]
 Description=Kubernetes Scheduler
 Documentation=https://github.com/kubernetes/kubernetes
@@ -178,17 +177,15 @@ EOF
 After configuration file created, we need to run it
 
 ```bash
-{
+systemctl daemon-reload \
-  sudo systemctl daemon-reload
+  && systemctl enable kube-scheduler \
-  sudo systemctl enable kube-scheduler
+  && systemctl start kube-scheduler
-  sudo systemctl start kube-scheduler
-}
 ```
 
 And finally we check scheduler status
 
 ```bash
-sudo systemctl status kube-scheduler
+systemctl status kube-scheduler
 ```
 
 Output:
@@ -235,7 +232,7 @@ May 21 20:52:25 example-server kube-scheduler[91664]: I0521 20:52:25.471604   91
 
 As we can see our pod wasn't assigned to the node because node has some taint, lets check our node taints.
 ```bash
-kubectl get nodes $(hostname -a) -o jsonpath='{.spec.taints}'
+kubectl get nodes $(cat /etc/hostname) -o jsonpath='{.spec.taints}'
 ```
 
 Output:
@@ -246,7 +243,7 @@ Output:
 As you can see, our node has taint with efect no schedule.
 Lets fix this.
 ```bash
-kubectl taint nodes $(hostname -a) node.kubernetes.io/not-ready:NoSchedule-
+kubectl taint nodes $(cat /etc/hostname) node.kubernetes.io/not-ready:NoSchedule-
 ```
 
 And check our pods list again

docs/08-controller-manager.md

@@ -102,7 +102,7 @@ We specified "system:kube-controller-manager" in the organization. It says api s
 
 Now, we will distribute ca certificate, this ????
 ```bash
-sudo cp ca-key.pem /var/lib/kubernetes/
+cp ca-key.pem /var/lib/kubernetes/
 ```
 
 ## configuration
@@ -136,26 +136,24 @@ We created kubernetes configuration file, which says controller manager where ap
 
 Now, we can distribute created configuration file.
 ```bash
-sudo mv kube-controller-manager.kubeconfig /var/lib/kubernetes/
+mv kube-controller-manager.kubeconfig /var/lib/kubernetes/
 ```
 
 After all required configuration file created, we need to download controller manager binaries.
 ```bash
 wget -q --show-progress --https-only --timestamping \
-  "https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kube-controller-manager"
+  "https://dl.k8s.io/v1.32.3/bin/linux/amd64/kube-controller-manager"
 ```
 
 And install it
 ```bash
-{
+chmod +x kube-controller-manager \
-  chmod +x kube-controller-manager
+  && mv kube-controller-manager /usr/local/bin/
-  sudo mv kube-controller-manager /usr/local/bin/
-}
 ```
 
 Now, we can create configuration file for controller manager service
 ```bash
-cat <<EOF | sudo tee /etc/systemd/system/kube-controller-manager.service
+cat <<EOF | tee /etc/systemd/system/kube-controller-manager.service
 [Unit]
 Description=Kubernetes Controller Manager
 Documentation=https://github.com/kubernetes/kubernetes
@@ -184,16 +182,14 @@ EOF
 
 After configuration file created, we can start controller manager
 ```bash
-{
+systemctl daemon-reload \
-  sudo systemctl daemon-reload
+  && systemctl enable kube-controller-manager \
-  sudo systemctl enable kube-controller-manager
+  && systemctl start kube-controller-manager
-  sudo systemctl start kube-controller-manager
-}
 ```
 
 And finaly we can check controller manadger status
 ```bash
-sudo systemctl status kube-controller-manager
+systemctl status kube-controller-manager
 ```
 
 Output:

docs/09-kubeproxy.md

@@ -9,7 +9,7 @@ In this section we will configure kupe-proxy.
 Before we will start, lets clarify the reason why do we need it. To do that, we will create deployment with nginx.
 ```bash
 {
-cat <<EOF> nginx-deployment.yml
+cat <<EOF | tee nginx-deployment.yml
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -71,7 +71,7 @@ nginx-deployment-db9778f94-twx78   1/1     Running   0          63s   10.240.1.1
 As you an see, we created 3 pods (each has its own ip address). Now, we will run busybox container and will try to access our pods from other container
 ```bash
 {
-cat <<EOF> pod.yaml
+cat <<EOF | tee pod.yaml
 apiVersion: v1
 kind: Pod
 metadata:
@@ -100,7 +100,7 @@ error: unable to upgrade connection: Forbidden (user=kubernetes, verb=create, re
 This error occured, because api server has no access to execute commands. We will fix this issue, by creating cluster role and assigning it role to kubernetes user. 
 ```bash
 {
-cat <<EOF> rbac-create.yml
+cat <<EOF | tee rbac-create.yml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -149,7 +149,7 @@ Note: it take some time to apply user permission. During this you can steel see
 As you can see, we successfully received the response from the nginx. But to do that we used the IP address of the pod. To solve service discovery issue, kubernetes has special component - service. Now we will create it.
 ```bash
 {
-cat <<EOF> nginx-service.yml
+cat <<EOF | tee nginx-service.yml
 apiVersion: v1
 kind: Service
 metadata:
@@ -192,7 +192,7 @@ As you remeber we configured our API server to use client certificate to authent
 So, lets create proper certificate for the kube-proxy
 ```bash
 {
-cat > kube-proxy-csr.json <<EOF
+cat <<EOF | tee kube-proxy-csr.json 
 {
   "CN": "system:kube-proxy",
   "key": {
@@ -257,30 +257,26 @@ We created kubernetes configuration file, which says kube-proxy where api server
 Now, we can distribute created configuration file.
 
 ```bash
-{
+mkdir -p /var/lib/kube-proxy \
-  sudo mkdir -p /var/lib/kube-proxy
+  && mv kube-proxy.kubeconfig /var/lib/kube-proxy/kubeconfig
-  sudo mv kube-proxy.kubeconfig /var/lib/kube-proxy/kubeconfig
-}
 ```
 
 After all required configuration file created, we need to download kube-proxy binaries.
 
 ```bash
 wget -q --show-progress --https-only --timestamping \
-  https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kube-proxy
+  https://dl.k8s.io/v1.32.3/bin/linux/amd64/kube-proxy
 ```
 
 And install it
 ```bash
-{    
+chmod +x kube-proxy \
-  chmod +x kube-proxy 
+  && mv kube-proxy /usr/local/bin/
-  sudo mv kube-proxy /usr/local/bin/
-}
 ```
 
 Now, we can create configuration file for kube-proxy
 ```bash
-cat <<EOF | sudo tee /var/lib/kube-proxy/kube-proxy-config.yaml
+cat <<EOF | tee /var/lib/kube-proxy/kube-proxy-config.yaml
 kind: KubeProxyConfiguration
 apiVersion: kubeproxy.config.k8s.io/v1alpha1
 clientConnection:
@@ -292,7 +288,7 @@ EOF
 
 Service configuration file
 ```bash
-cat <<EOF | sudo tee /etc/systemd/system/kube-proxy.service
+cat <<EOF | tee /etc/systemd/system/kube-proxy.service
 [Unit]
 Description=Kubernetes Kube Proxy
 Documentation=https://github.com/kubernetes/kubernetes
@@ -310,16 +306,14 @@ EOF
 
 Start service
 ```bash
-{
+systemctl daemon-reload \
-  sudo systemctl daemon-reload
+  && systemctl enable kube-proxy \
-  sudo systemctl enable kube-proxy
+  && systemctl start kube-proxy
-  sudo systemctl start kube-proxy
-}
 ```
 
 And check its status
 ```bash
-sudo systemctl status kube-proxy
+systemctl status kube-proxy
 ```
 
 Output:

docs/10-dns.md

@@ -11,7 +11,7 @@ If you remember, in previous section we accessed service by using its IP address
 Befire we will configure it, we can check if we can access our service (created in previuos section) by its name.
 
 ```bash
-kubectl exec busy-box -- wget -O - nginx-service
+kubectl exec busy-box -- wget -O - nginx-service.default.svc.cluster.local.
 ```
 
 And nothing happen. The reason of this befaviour - pod can't resolve IP address of the domain name requested as DNS server is not configured in our cluster. 
@@ -31,7 +31,7 @@ kubectl apply -f https://raw.githubusercontent.com/ruslansavchuk/kubernetes-the-
 
 After our DNS server is up and running, we can try to repeat the call once again
 ```bash
-kubectl exec busy-box -- wget -O - nginx-service
+kubectl exec busy-box -- wget -O - nginx-service.default.svc.cluster.local.
 ```
 
 Output: