From c2aed5eeba3a47e49a1cdfa237e6f1cf11b847c4 Mon Sep 17 00:00:00 2001
From: Xander Grzywinski <xanderg@microsoft.com>
Date: Thu, 30 May 2019 11:28:54 -0700
Subject: [PATCH] clean up smoke test chapter

---
 docs/04-certificate-authority.md          | 48 ++++++-----------------
 docs/05-kubernetes-configuration-files.md |  8 ----
 docs/11-pod-network-routes.md             | 20 +++++-----
 docs/13-smoke-test.md                     | 26 ++++++------
 4 files changed, 35 insertions(+), 67 deletions(-)

diff --git a/docs/04-certificate-authority.md b/docs/04-certificate-authority.md
index 565de75..045aad2 100644
--- a/docs/04-certificate-authority.md
+++ b/docs/04-certificate-authority.md
@@ -9,8 +9,6 @@ In this section you will provision a Certificate Authority that can be used to g
 Generate the CA configuration file, certificate, and private key:
 
 ```
-{
-
 cat > ca-config.json <<EOF
 {
   "signing": {
@@ -47,8 +45,6 @@ cat > ca-csr.json <<EOF
 EOF
 
 cfssl gencert -initca ca-csr.json | cfssljson -bare ca
-
-}
 ```
 
 Results:
@@ -67,8 +63,6 @@ In this section you will generate client and server certificates for each Kubern
 Generate the `admin` client certificate and private key:
 
 ```
-{
-
 cat > admin-csr.json <<EOF
 {
   "CN": "admin",
@@ -87,15 +81,14 @@ cat > admin-csr.json <<EOF
   ]
 }
 EOF
-
+```
+```
 cfssl gencert \
   -ca=ca.pem \
   -ca-key=ca-key.pem \
   -config=ca-config.json \
   -profile=kubernetes \
   admin-csr.json | cfssljson -bare admin
-
-}
 ```
 
 Results:
@@ -133,7 +126,6 @@ cat > ${instance}-csr.json <<EOF
 EOF
 
 EXTERNAL_IP=$(az vm show --show-details -g kubernetes-the-hard-way -n ${instance} --output tsv | cut -f19)
-
 INTERNAL_IP=$(az vm show --show-details -g kubernetes-the-hard-way -n ${instance} --output tsv | cut -f16)
 
 cfssl gencert \
@@ -162,8 +154,6 @@ worker-2.pem
 Generate the `kube-controller-manager` client certificate and private key:
 
 ```
-{
-
 cat > kube-controller-manager-csr.json <<EOF
 {
   "CN": "system:kube-controller-manager",
@@ -181,16 +171,14 @@ cat > kube-controller-manager-csr.json <<EOF
     }
   ]
 }
-EOF
-
+```
+```
 cfssl gencert \
   -ca=ca.pem \
   -ca-key=ca-key.pem \
   -config=ca-config.json \
   -profile=kubernetes \
   kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager
-
-}
 ```
 
 Results:
@@ -206,8 +194,6 @@ kube-controller-manager.pem
 Generate the `kube-proxy` client certificate and private key:
 
 ```
-{
-
 cat > kube-proxy-csr.json <<EOF
 {
   "CN": "system:kube-proxy",
@@ -226,15 +212,14 @@ cat > kube-proxy-csr.json <<EOF
   ]
 }
 EOF
-
+```
+```
 cfssl gencert \
   -ca=ca.pem \
   -ca-key=ca-key.pem \
   -config=ca-config.json \
   -profile=kubernetes \
   kube-proxy-csr.json | cfssljson -bare kube-proxy
-
-}
 ```
 
 Results:
@@ -249,8 +234,6 @@ kube-proxy.pem
 Generate the `kube-scheduler` client certificate and private key:
 
 ```
-{
-
 cat > kube-scheduler-csr.json <<EOF
 {
   "CN": "system:kube-scheduler",
@@ -269,15 +252,14 @@ cat > kube-scheduler-csr.json <<EOF
   ]
 }
 EOF
-
+```
+```
 cfssl gencert \
   -ca=ca.pem \
   -ca-key=ca-key.pem \
   -config=ca-config.json \
   -profile=kubernetes \
   kube-scheduler-csr.json | cfssljson -bare kube-scheduler
-
-}
 ```
 
 Results:
@@ -295,8 +277,6 @@ The `kubernetes-the-hard-way` static IP address will be included in the list of
 Generate the Kubernetes API Server certificate and private key:
 
 ```
-{
-
 KUBERNETES_PUBLIC_ADDRESS=$(az network public-ip show -g kubernetes-the-hard-way -n kubernetes-the-hard-way-ip --output tsv | cut -f6)
 
 cat > kubernetes-csr.json <<EOF
@@ -317,7 +297,8 @@ cat > kubernetes-csr.json <<EOF
   ]
 }
 EOF
-
+```
+```
 cfssl gencert \
   -ca=ca.pem \
   -ca-key=ca-key.pem \
@@ -325,8 +306,6 @@ cfssl gencert \
   -hostname=10.32.0.1,10.240.0.10,10.240.0.11,10.240.0.12,${KUBERNETES_PUBLIC_ADDRESS},127.0.0.1,kubernetes.default \
   -profile=kubernetes \
   kubernetes-csr.json | cfssljson -bare kubernetes
-
-}
 ```
 
 Results:
@@ -343,8 +322,6 @@ The Kubernetes Controller Manager leverages a key pair to generate and sign serv
 Generate the `service-account` certificate and private key:
 
 ```
-{
-
 cat > service-account-csr.json <<EOF
 {
   "CN": "service-accounts",
@@ -363,15 +340,14 @@ cat > service-account-csr.json <<EOF
   ]
 }
 EOF
-
+```
+```
 cfssl gencert \
   -ca=ca.pem \
   -ca-key=ca-key.pem \
   -config=ca-config.json \
   -profile=kubernetes \
   service-account-csr.json | cfssljson -bare service-account
-
-}
 ```
 
 Results:
diff --git a/docs/05-kubernetes-configuration-files.md b/docs/05-kubernetes-configuration-files.md
index 145d068..8d91529 100644
--- a/docs/05-kubernetes-configuration-files.md
+++ b/docs/05-kubernetes-configuration-files.md
@@ -58,7 +58,6 @@ worker-2.kubeconfig
 Generate a kubeconfig file for the `kube-proxy` service:
 
 ```
-{
   kubectl config set-cluster kubernetes-the-hard-way \
     --certificate-authority=ca.pem \
     --embed-certs=true \
@@ -77,7 +76,6 @@ Generate a kubeconfig file for the `kube-proxy` service:
     --kubeconfig=kube-proxy.kubeconfig
 
   kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
-}
 ```
 
 Results:
@@ -91,7 +89,6 @@ kube-proxy.kubeconfig
 Generate a kubeconfig file for the `kube-controller-manager` service:
 
 ```
-{
   kubectl config set-cluster kubernetes-the-hard-way \
     --certificate-authority=ca.pem \
     --embed-certs=true \
@@ -110,7 +107,6 @@ Generate a kubeconfig file for the `kube-controller-manager` service:
     --kubeconfig=kube-controller-manager.kubeconfig
 
   kubectl config use-context default --kubeconfig=kube-controller-manager.kubeconfig
-}
 ```
 
 Results:
@@ -125,7 +121,6 @@ kube-controller-manager.kubeconfig
 Generate a kubeconfig file for the `kube-scheduler` service:
 
 ```
-{
   kubectl config set-cluster kubernetes-the-hard-way \
     --certificate-authority=ca.pem \
     --embed-certs=true \
@@ -144,7 +139,6 @@ Generate a kubeconfig file for the `kube-scheduler` service:
     --kubeconfig=kube-scheduler.kubeconfig
 
   kubectl config use-context default --kubeconfig=kube-scheduler.kubeconfig
-}
 ```
 
 Results:
@@ -158,7 +152,6 @@ kube-scheduler.kubeconfig
 Generate a kubeconfig file for the `admin` user:
 
 ```
-{
   kubectl config set-cluster kubernetes-the-hard-way \
     --certificate-authority=ca.pem \
     --embed-certs=true \
@@ -177,7 +170,6 @@ Generate a kubeconfig file for the `admin` user:
     --kubeconfig=admin.kubeconfig
 
   kubectl config use-context default --kubeconfig=admin.kubeconfig
-}
 ```
 
 Results:
diff --git a/docs/11-pod-network-routes.md b/docs/11-pod-network-routes.md
index 9223315..fdf8a76 100644
--- a/docs/11-pod-network-routes.md
+++ b/docs/11-pod-network-routes.md
@@ -13,7 +13,7 @@ In this section you will gather the information required to create routes in the
 Create the Azure route table
 
 ```
-az network route-table create --group kubernetes-the-hard-way --name kubernetes-the-hard-way-rt
+az network route-table create --resource-group kubernetes-the-hard-way --name kubernetes-the-hard-way-rt
 ```
 
 ## Routes
@@ -26,26 +26,26 @@ for i in 0 1 2; do
     --resource-group kubernetes-the-hard-way \
     --name kubernetes-the-hard-way-route-10-200-${i}-0-24 \
     --route-table-name kubernetes-the-hard-way-rt \
-    --next-hop-type VnetLocal
-    --next-hop-ip-address 10.240.0.2${i}
+    --next-hop-type VirtualAppliance \
+    --next-hop-ip-address 10.240.0.2${i} \
+    --address-prefix 10.200.${i}.0/24
 done
 ```
 
 List the routes in the `kubernetes-the-hard-way` VPC network:
 
 ```
-az network route-table route list --resource-group kubernetes-the-hard-way --route-table-name kubernetes-the-hard-way-rt
+az network route-table route list --resource-group kubernetes-the-hard-way --route-table-name kubernetes-the-hard-way-rt -o table
 ```
 
 > output
 
 ```
-NAME                            NETWORK                  DEST_RANGE     NEXT_HOP                  PRIORITY
-default-route-081879136902de56  kubernetes-the-hard-way  10.240.0.0/24  kubernetes-the-hard-way   1000
-default-route-55199a5aa126d7aa  kubernetes-the-hard-way  0.0.0.0/0      default-internet-gateway  1000
-kubernetes-route-10-200-0-0-24  kubernetes-the-hard-way  10.200.0.0/24  10.240.0.20               1000
-kubernetes-route-10-200-1-0-24  kubernetes-the-hard-way  10.200.1.0/24  10.240.0.21               1000
-kubernetes-route-10-200-2-0-24  kubernetes-the-hard-way  10.200.2.0/24  10.240.0.22               1000
+AddressPrefix    Name                                         NextHopIpAddress    NextHopType       ProvisioningState    ResourceGroup
+---------------  -------------------------------------------  ------------------  ----------------  -------------------  -----------------------
+10.200.0.0/24    kubernetes-the-hard-way-route-10-200-0-0-24  10.240.0.20         VirtualAppliance  Succeeded            kubernetes-the-hard-way
+10.200.1.0/24    kubernetes-the-hard-way-route-10-200-1-0-24  10.240.0.21         VirtualAppliance  Succeeded            kubernetes-the-hard-way
+10.200.2.0/24    kubernetes-the-hard-way-route-10-200-2-0-24  10.240.0.22         VirtualAppliance  Succeeded            kubernetes-the-hard-way
 ```
 
 Next: [Deploying the DNS Cluster Add-on](12-dns-addon.md)
diff --git a/docs/13-smoke-test.md b/docs/13-smoke-test.md
index 72b805d..8d69458 100644
--- a/docs/13-smoke-test.md
+++ b/docs/13-smoke-test.md
@@ -180,23 +180,22 @@ Create a firewall rule that allows remote access to the `nginx` node port:
 
 ```
 az network nsg rule create \
-  --resource-group kubernetes-the-hard-way
-  --nsg-name kubernetes-the-hard-way-nsg
-  --name nginx
-  --access Allow
-  --direction Inbound
-  --priority 101
-  --protocol Tcp
-  --source-address-prefix Any
-  --source-port-range "*"
-  --destination-port-ranges ${NODE_PORT}
+  --resource-group kubernetes-the-hard-way \
+  --nsg-name kubernetes-the-hard-way-nsg \
+  --name nginx \
+  --access Allow \
+  --direction Inbound \
+  --priority 101 \
+  --protocol Tcp \
+  --source-address-prefixes "*" \
+  --source-port-range "*" \
+  --destination-port-ranges ${NODE_PORT} \
 ```
 
 Retrieve the external IP address of a worker instance:
 
 ```
-EXTERNAL_IP=$(gcloud compute instances describe worker-0 \
-  --format 'value(networkInterfaces[0].accessConfigs[0].natIP)')
+EXTERNAL_IP=$(az vm show --show-details -g kubernetes-the-hard-way -n worker-0 --output tsv | cut -f19)
 ```
 
 Make an HTTP request using the external IP address and the `nginx` node port:
@@ -266,7 +265,8 @@ INSTANCE_NAME=$(kubectl get pod untrusted --output=jsonpath='{.spec.nodeName}')
 SSH into the worker node:
 
 ```
-gcloud compute ssh ${INSTANCE_NAME}
+EXTERNAL_IP=$(az vm show --show-details -g kubernetes-the-hard-way -n ${INSTANCE_NAME} --output tsv | cut -f19)
+ssh azureuser@${EXTERNAL_IP} 
 ```
 
 List the containers running under gVisor: