diff --git a/docs/01-prerequisites.md b/docs/01-prerequisites.md
index 01c4d13..34178be 100644
--- a/docs/01-prerequisites.md
+++ b/docs/01-prerequisites.md
@@ -16,7 +16,7 @@ Follow the Google Cloud SDK [documentation](https://cloud.google.com/sdk/) to in
 
 Verify the Google Cloud SDK version is 262.0.0 or higher:
 
-```
+```sh
 gcloud version
 ```
 
@@ -26,25 +26,25 @@ This tutorial assumes a default compute region and zone have been configured.
 
 If you are using the `gcloud` command-line tool for the first time `init` is the easiest way to do this:
 
-```
+```sh
 gcloud init
 ```
 
 Then be sure to authorize gcloud to access the Cloud Platform with your Google user credentials:
 
-```
+```sh
 gcloud auth login
 ```
 
 Next set a default compute region and compute zone:
 
-```
+```sh
 gcloud config set compute/region us-west1
 ```
 
 Set a default compute zone:
 
-```
+```sh
 gcloud config set compute/zone us-west1-c
 ```
 
diff --git a/docs/02-client-tools.md b/docs/02-client-tools.md
index 2252c96..03466d6 100644
--- a/docs/02-client-tools.md
+++ b/docs/02-client-tools.md
@@ -11,38 +11,38 @@ Download and install `cfssl` and `cfssljson`:
 
 ### OS X
 
-```
+```sh
 curl -o cfssl https://storage.googleapis.com/kubernetes-the-hard-way/cfssl/darwin/cfssl
 curl -o cfssljson https://storage.googleapis.com/kubernetes-the-hard-way/cfssl/darwin/cfssljson
 ```
 
-```
+```sh
 chmod +x cfssl cfssljson
 ```
 
-```
+```sh
 sudo mv cfssl cfssljson /usr/local/bin/
 ```
 
 Some OS X users may experience problems using the pre-built binaries in which case [Homebrew](https://brew.sh) might be a better option:
 
-```
+```sh
 brew install cfssl
 ```
 
 ### Linux
 
-```
+```sh
 wget -q --show-progress --https-only --timestamping \
   https://storage.googleapis.com/kubernetes-the-hard-way/cfssl/linux/cfssl \
   https://storage.googleapis.com/kubernetes-the-hard-way/cfssl/linux/cfssljson
 ```
 
-```
+```sh
 chmod +x cfssl cfssljson
 ```
 
-```
+```sh
 sudo mv cfssl cfssljson /usr/local/bin/
 ```
 
@@ -50,7 +50,7 @@ sudo mv cfssl cfssljson /usr/local/bin/
 
 Verify `cfssl` and `cfssljson` version 1.3.4 or higher is installed:
 
-```
+```sh
 cfssl version
 ```
 
@@ -62,7 +62,7 @@ Revision: dev
 Runtime: go1.13
 ```
 
-```
+```sh
 cfssljson --version
 ```
 ```
@@ -77,29 +77,29 @@ The `kubectl` command line utility is used to interact with the Kubernetes API S
 
 ### OS X
 
-```
+```sh
 curl -o kubectl https://storage.googleapis.com/kubernetes-release/release/v1.15.3/bin/darwin/amd64/kubectl
 ```
 
-```
+```sh
 chmod +x kubectl
 ```
 
-```
+```sh
 sudo mv kubectl /usr/local/bin/
 ```
 
 ### Linux
 
-```
+```sh
 wget https://storage.googleapis.com/kubernetes-release/release/v1.15.3/bin/linux/amd64/kubectl
 ```
 
-```
+```sh
 chmod +x kubectl
 ```
 
-```
+```sh
 sudo mv kubectl /usr/local/bin/
 ```
 
@@ -107,7 +107,7 @@ sudo mv kubectl /usr/local/bin/
 
 Verify `kubectl` version 1.15.3 or higher is installed:
 
-```
+```sh
 kubectl version --client
 ```
 
diff --git a/docs/03-compute-resources.md b/docs/03-compute-resources.md
index a30c520..233a725 100644
--- a/docs/03-compute-resources.md
+++ b/docs/03-compute-resources.md
@@ -16,7 +16,7 @@ In this section a dedicated [Virtual Private Cloud](https://cloud.google.com/com
 
 Create the `kubernetes-the-hard-way` custom VPC network:
 
-```
+```sh
 gcloud compute networks create kubernetes-the-hard-way --subnet-mode custom
 ```
 
@@ -24,7 +24,7 @@ A [subnet](https://cloud.google.com/compute/docs/vpc/#vpc_networks_and_subnets)
 
 Create the `kubernetes` subnet in the `kubernetes-the-hard-way` VPC network:
 
-```
+```sh
 gcloud compute networks subnets create kubernetes \
   --network kubernetes-the-hard-way \
   --range 10.240.0.0/24
@@ -36,7 +36,7 @@ gcloud compute networks subnets create kubernetes \
 
 Create a firewall rule that allows internal communication across all protocols:
 
-```
+```sh
 gcloud compute firewall-rules create kubernetes-the-hard-way-allow-internal \
   --allow tcp,udp,icmp \
   --network kubernetes-the-hard-way \
@@ -45,7 +45,7 @@ gcloud compute firewall-rules create kubernetes-the-hard-way-allow-internal \
 
 Create a firewall rule that allows external SSH, ICMP, and HTTPS:
 
-```
+```sh
 gcloud compute firewall-rules create kubernetes-the-hard-way-allow-external \
   --allow tcp:22,tcp:6443,icmp \
   --network kubernetes-the-hard-way \
@@ -56,7 +56,7 @@ gcloud compute firewall-rules create kubernetes-the-hard-way-allow-external \
 
 List the firewall rules in the `kubernetes-the-hard-way` VPC network:
 
-```
+```sh
 gcloud compute firewall-rules list --filter="network:kubernetes-the-hard-way"
 ```
 
@@ -72,14 +72,14 @@ kubernetes-the-hard-way-allow-internal  kubernetes-the-hard-way  INGRESS    1000
 
 Allocate a static IP address that will be attached to the external load balancer fronting the Kubernetes API Servers:
 
-```
+```sh
 gcloud compute addresses create kubernetes-the-hard-way \
   --region $(gcloud config get-value compute/region)
 ```
 
 Verify the `kubernetes-the-hard-way` static IP address was created in your default compute region:
 
-```
+```sh
 gcloud compute addresses list --filter="name=('kubernetes-the-hard-way')"
 ```
 
@@ -98,7 +98,7 @@ The compute instances in this lab will be provisioned using [Ubuntu Server](http
 
 Create three compute instances which will host the Kubernetes control plane:
 
-```
+```sh
 for i in 0 1 2; do
   gcloud compute instances create controller-${i} \
     --async \
@@ -122,7 +122,7 @@ Each worker instance requires a pod subnet allocation from the Kubernetes cluste
 
 Create three compute instances which will host the Kubernetes worker nodes:
 
-```
+```sh
 for i in 0 1 2; do
   gcloud compute instances create worker-${i} \
     --async \
@@ -143,7 +143,7 @@ done
 
 List the compute instances in your default compute zone:
 
-```
+```sh
 gcloud compute instances list
 ```
 
@@ -165,7 +165,7 @@ SSH will be used to configure the controller and worker instances. When connecti
 
 Test SSH access to the `controller-0` compute instances:
 
-```
+```sh
 gcloud compute ssh controller-0
 ```
 
@@ -216,7 +216,7 @@ Last login: Sun Sept 14 14:34:27 2019 from XX.XXX.XXX.XX
 
 Type `exit` at the prompt to exit the `controller-0` compute instance:
 
-```
+```sh
 $USER@controller-0:~$ exit
 ```
 > output
diff --git a/docs/04-certificate-authority.md b/docs/04-certificate-authority.md
index 1510993..515d469 100644
--- a/docs/04-certificate-authority.md
+++ b/docs/04-certificate-authority.md
@@ -8,7 +8,7 @@ In this section you will provision a Certificate Authority that can be used to g
 
 Generate the CA configuration file, certificate, and private key:
 
-```
+```sh
 {
 
 cat > ca-config.json <<EOF
@@ -66,7 +66,7 @@ In this section you will generate client and server certificates for each Kubern
 
 Generate the `admin` client certificate and private key:
 
-```
+```sh
 {
 
 cat > admin-csr.json <<EOF
@@ -111,7 +111,7 @@ Kubernetes uses a [special-purpose authorization mode](https://kubernetes.io/doc
 
 Generate a certificate and private key for each Kubernetes worker node:
 
-```
+```sh
 for instance in worker-0 worker-1 worker-2; do
 cat > ${instance}-csr.json <<EOF
 {
@@ -163,7 +163,7 @@ worker-2.pem
 
 Generate the `kube-controller-manager` client certificate and private key:
 
-```
+```sh
 {
 
 cat > kube-controller-manager-csr.json <<EOF
@@ -207,7 +207,7 @@ kube-controller-manager.pem
 
 Generate the `kube-proxy` client certificate and private key:
 
-```
+```sh
 {
 
 cat > kube-proxy-csr.json <<EOF
@@ -250,7 +250,7 @@ kube-proxy.pem
 
 Generate the `kube-scheduler` client certificate and private key:
 
-```
+```sh
 {
 
 cat > kube-scheduler-csr.json <<EOF
@@ -296,7 +296,7 @@ The `kubernetes-the-hard-way` static IP address will be included in the list of
 
 Generate the Kubernetes API Server certificate and private key:
 
-```
+```sh
 {
 
 KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe kubernetes-the-hard-way \
@@ -350,7 +350,7 @@ The Kubernetes Controller Manager leverages a key pair to generate and sign serv
 
 Generate the `service-account` certificate and private key:
 
-```
+```sh
 {
 
 cat > service-account-csr.json <<EOF
@@ -394,7 +394,7 @@ service-account.pem
 
 Copy the appropriate certificates and private keys to each worker instance:
 
-```
+```sh
 for instance in worker-0 worker-1 worker-2; do
   gcloud compute scp ca.pem ${instance}-key.pem ${instance}.pem ${instance}:~/
 done
@@ -402,7 +402,7 @@ done
 
 Copy the appropriate certificates and private keys to each controller instance:
 
-```
+```sh
 for instance in controller-0 controller-1 controller-2; do
   gcloud compute scp ca.pem ca-key.pem kubernetes-key.pem kubernetes.pem \
     service-account-key.pem service-account.pem ${instance}:~/
diff --git a/docs/05-kubernetes-configuration-files.md b/docs/05-kubernetes-configuration-files.md
index 7275597..860b25b 100644
--- a/docs/05-kubernetes-configuration-files.md
+++ b/docs/05-kubernetes-configuration-files.md
@@ -12,7 +12,7 @@ Each kubeconfig requires a Kubernetes API Server to connect to. To support high
 
 Retrieve the `kubernetes-the-hard-way` static IP address:
 
-```
+```sh
 KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe kubernetes-the-hard-way \
   --region $(gcloud config get-value compute/region) \
   --format 'value(address)')
@@ -26,7 +26,7 @@ When generating kubeconfig files for Kubelets the client certificate matching th
 
 Generate a kubeconfig file for each worker node:
 
-```
+```sh
 for instance in worker-0 worker-1 worker-2; do
   kubectl config set-cluster kubernetes-the-hard-way \
     --certificate-authority=ca.pem \
@@ -61,7 +61,7 @@ worker-2.kubeconfig
 
 Generate a kubeconfig file for the `kube-proxy` service:
 
-```
+```sh
 {
   kubectl config set-cluster kubernetes-the-hard-way \
     --certificate-authority=ca.pem \
@@ -94,7 +94,7 @@ kube-proxy.kubeconfig
 
 Generate a kubeconfig file for the `kube-controller-manager` service:
 
-```
+```sh
 {
   kubectl config set-cluster kubernetes-the-hard-way \
     --certificate-authority=ca.pem \
@@ -128,7 +128,7 @@ kube-controller-manager.kubeconfig
 
 Generate a kubeconfig file for the `kube-scheduler` service:
 
-```
+```sh
 {
   kubectl config set-cluster kubernetes-the-hard-way \
     --certificate-authority=ca.pem \
@@ -161,7 +161,7 @@ kube-scheduler.kubeconfig
 
 Generate a kubeconfig file for the `admin` user:
 
-```
+```sh
 {
   kubectl config set-cluster kubernetes-the-hard-way \
     --certificate-authority=ca.pem \
@@ -191,13 +191,13 @@ admin.kubeconfig
 ```
 
 
-## 
+##
 
 ## Distribute the Kubernetes Configuration Files
 
 Copy the appropriate `kubelet` and `kube-proxy` kubeconfig files to each worker instance:
 
-```
+```sh
 for instance in worker-0 worker-1 worker-2; do
   gcloud compute scp ${instance}.kubeconfig kube-proxy.kubeconfig ${instance}:~/
 done
@@ -205,7 +205,7 @@ done
 
 Copy the appropriate `kube-controller-manager` and `kube-scheduler` kubeconfig files to each controller instance:
 
-```
+```sh
 for instance in controller-0 controller-1 controller-2; do
   gcloud compute scp admin.kubeconfig kube-controller-manager.kubeconfig kube-scheduler.kubeconfig ${instance}:~/
 done
diff --git a/docs/06-data-encryption-keys.md b/docs/06-data-encryption-keys.md
index 233bce2..ef371f9 100644
--- a/docs/06-data-encryption-keys.md
+++ b/docs/06-data-encryption-keys.md
@@ -8,7 +8,7 @@ In this lab you will generate an encryption key and an [encryption config](https
 
 Generate an encryption key:
 
-```
+```sh
 ENCRYPTION_KEY=$(head -c 32 /dev/urandom | base64)
 ```
 
@@ -16,7 +16,7 @@ ENCRYPTION_KEY=$(head -c 32 /dev/urandom | base64)
 
 Create the `encryption-config.yaml` encryption config file:
 
-```
+```sh
 cat > encryption-config.yaml <<EOF
 kind: EncryptionConfig
 apiVersion: v1
@@ -34,7 +34,7 @@ EOF
 
 Copy the `encryption-config.yaml` encryption config file to each controller instance:
 
-```
+```sh
 for instance in controller-0 controller-1 controller-2; do
   gcloud compute scp encryption-config.yaml ${instance}:~/
 done
diff --git a/docs/07-bootstrapping-etcd.md b/docs/07-bootstrapping-etcd.md
index 26f751f..08a5669 100644
--- a/docs/07-bootstrapping-etcd.md
+++ b/docs/07-bootstrapping-etcd.md
@@ -6,7 +6,7 @@ Kubernetes components are stateless and store cluster state in [etcd](https://gi
 
 The commands in this lab must be run on each controller instance: `controller-0`, `controller-1`, and `controller-2`. Login to each controller instance using the `gcloud` command. Example:
 
-```
+```sh
 gcloud compute ssh controller-0
 ```
 
@@ -20,14 +20,14 @@ gcloud compute ssh controller-0
 
 Download the official etcd release binaries from the [etcd](https://github.com/etcd-io/etcd) GitHub project:
 
-```
+```sh
 wget -q --show-progress --https-only --timestamping \
   "https://github.com/etcd-io/etcd/releases/download/v3.4.0/etcd-v3.4.0-linux-amd64.tar.gz"
 ```
 
 Extract and install the `etcd` server and the `etcdctl` command line utility:
 
-```
+```sh
 {
   tar -xvf etcd-v3.4.0-linux-amd64.tar.gz
   sudo mv etcd-v3.4.0-linux-amd64/etcd* /usr/local/bin/
@@ -36,7 +36,7 @@ Extract and install the `etcd` server and the `etcdctl` command line utility:
 
 ### Configure the etcd Server
 
-```
+```sh
 {
   sudo mkdir -p /etc/etcd /var/lib/etcd
   sudo cp ca.pem kubernetes-key.pem kubernetes.pem /etc/etcd/
@@ -45,20 +45,20 @@ Extract and install the `etcd` server and the `etcdctl` command line utility:
 
 The instance internal IP address will be used to serve client requests and communicate with etcd cluster peers. Retrieve the internal IP address for the current compute instance:
 
-```
+```sh
 INTERNAL_IP=$(curl -s -H "Metadata-Flavor: Google" \
   http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip)
 ```
 
 Each etcd member must have a unique name within an etcd cluster. Set the etcd name to match the hostname of the current compute instance:
 
-```
+```sh
 ETCD_NAME=$(hostname -s)
 ```
 
 Create the `etcd.service` systemd unit file:
 
-```
+```sh
 cat <<EOF | sudo tee /etc/systemd/system/etcd.service
 [Unit]
 Description=etcd
@@ -94,7 +94,7 @@ EOF
 
 ### Start the etcd Server
 
-```
+```sh
 {
   sudo systemctl daemon-reload
   sudo systemctl enable etcd
@@ -108,7 +108,7 @@ EOF
 
 List the etcd cluster members:
 
-```
+```sh
 sudo ETCDCTL_API=3 etcdctl member list \
   --endpoints=https://127.0.0.1:2379 \
   --cacert=/etc/etcd/ca.pem \
diff --git a/docs/08-bootstrapping-kubernetes-controllers.md b/docs/08-bootstrapping-kubernetes-controllers.md
index 3d0cbca..5bad8c9 100644
--- a/docs/08-bootstrapping-kubernetes-controllers.md
+++ b/docs/08-bootstrapping-kubernetes-controllers.md
@@ -6,7 +6,7 @@ In this lab you will bootstrap the Kubernetes control plane across three compute
 
 The commands in this lab must be run on each controller instance: `controller-0`, `controller-1`, and `controller-2`. Login to each controller instance using the `gcloud` command. Example:
 
-```
+```sh
 gcloud compute ssh controller-0
 ```
 
@@ -18,7 +18,7 @@ gcloud compute ssh controller-0
 
 Create the Kubernetes configuration directory:
 
-```
+```sh
 sudo mkdir -p /etc/kubernetes/config
 ```
 
@@ -26,7 +26,7 @@ sudo mkdir -p /etc/kubernetes/config
 
 Download the official Kubernetes release binaries:
 
-```
+```sh
 wget -q --show-progress --https-only --timestamping \
   "https://storage.googleapis.com/kubernetes-release/release/v1.15.3/bin/linux/amd64/kube-apiserver" \
   "https://storage.googleapis.com/kubernetes-release/release/v1.15.3/bin/linux/amd64/kube-controller-manager" \
@@ -36,7 +36,7 @@ wget -q --show-progress --https-only --timestamping \
 
 Install the Kubernetes binaries:
 
-```
+```sh
 {
   chmod +x kube-apiserver kube-controller-manager kube-scheduler kubectl
   sudo mv kube-apiserver kube-controller-manager kube-scheduler kubectl /usr/local/bin/
@@ -45,7 +45,7 @@ Install the Kubernetes binaries:
 
 ### Configure the Kubernetes API Server
 
-```
+```sh
 {
   sudo mkdir -p /var/lib/kubernetes/
 
@@ -57,14 +57,14 @@ Install the Kubernetes binaries:
 
 The instance internal IP address will be used to advertise the API Server to members of the cluster. Retrieve the internal IP address for the current compute instance:
 
-```
+```sh
 INTERNAL_IP=$(curl -s -H "Metadata-Flavor: Google" \
   http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip)
 ```
 
 Create the `kube-apiserver.service` systemd unit file:
 
-```
+```sh
 cat <<EOF | sudo tee /etc/systemd/system/kube-apiserver.service
 [Unit]
 Description=Kubernetes API Server
@@ -112,13 +112,13 @@ EOF
 
 Move the `kube-controller-manager` kubeconfig into place:
 
-```
+```sh
 sudo mv kube-controller-manager.kubeconfig /var/lib/kubernetes/
 ```
 
 Create the `kube-controller-manager.service` systemd unit file:
 
-```
+```sh
 cat <<EOF | sudo tee /etc/systemd/system/kube-controller-manager.service
 [Unit]
 Description=Kubernetes Controller Manager
@@ -150,13 +150,13 @@ EOF
 
 Move the `kube-scheduler` kubeconfig into place:
 
-```
+```sh
 sudo mv kube-scheduler.kubeconfig /var/lib/kubernetes/
 ```
 
 Create the `kube-scheduler.yaml` configuration file:
 
-```
+```sh
 cat <<EOF | sudo tee /etc/kubernetes/config/kube-scheduler.yaml
 apiVersion: kubescheduler.config.k8s.io/v1alpha1
 kind: KubeSchedulerConfiguration
@@ -169,7 +169,7 @@ EOF
 
 Create the `kube-scheduler.service` systemd unit file:
 
-```
+```sh
 cat <<EOF | sudo tee /etc/systemd/system/kube-scheduler.service
 [Unit]
 Description=Kubernetes Scheduler
@@ -189,7 +189,7 @@ EOF
 
 ### Start the Controller Services
 
-```
+```sh
 {
   sudo systemctl daemon-reload
   sudo systemctl enable kube-apiserver kube-controller-manager kube-scheduler
@@ -207,12 +207,12 @@ A [Google Network Load Balancer](https://cloud.google.com/compute/docs/load-bala
 
 Install a basic web server to handle HTTP health checks:
 
-```
+```sh
 sudo apt-get update
 sudo apt-get install -y nginx
 ```
 
-```
+```sh
 cat > kubernetes.default.svc.cluster.local <<EOF
 server {
   listen      80;
@@ -226,7 +226,7 @@ server {
 EOF
 ```
 
-```
+```sh
 {
   sudo mv kubernetes.default.svc.cluster.local \
     /etc/nginx/sites-available/kubernetes.default.svc.cluster.local
@@ -235,17 +235,17 @@ EOF
 }
 ```
 
-```
+```sh
 sudo systemctl restart nginx
 ```
 
-```
+```sh
 sudo systemctl enable nginx
 ```
 
 ### Verification
 
-```
+```sh
 kubectl get componentstatuses --kubeconfig admin.kubeconfig
 ```
 
@@ -260,7 +260,7 @@ etcd-1               Healthy   {"health": "true"}
 
 Test the nginx HTTP health check proxy:
 
-```
+```sh
 curl -H "Host: kubernetes.default.svc.cluster.local" -i http://127.0.0.1/healthz
 ```
 
@@ -286,13 +286,13 @@ In this section you will configure RBAC permissions to allow the Kubernetes API
 
 The commands in this section will effect the entire cluster and only need to be run once from one of the controller nodes.
 
-```
+```sh
 gcloud compute ssh controller-0
 ```
 
 Create the `system:kube-apiserver-to-kubelet` [ClusterRole](https://kubernetes.io/docs/admin/authorization/rbac/#role-and-clusterrole) with permissions to access the Kubelet API and perform most common tasks associated with managing pods:
 
-```
+```sh
 cat <<EOF | kubectl apply --kubeconfig admin.kubeconfig -f -
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
@@ -320,7 +320,7 @@ The Kubernetes API Server authenticates to the Kubelet as the `kubernetes` user
 
 Bind the `system:kube-apiserver-to-kubelet` ClusterRole to the `kubernetes` user:
 
-```
+```sh
 cat <<EOF | kubectl apply --kubeconfig admin.kubeconfig -f -
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
@@ -349,7 +349,7 @@ In this section you will provision an external load balancer to front the Kubern
 
 Create the external load balancer network resources:
 
-```
+```sh
 {
   KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe kubernetes-the-hard-way \
     --region $(gcloud config get-value compute/region) \
@@ -385,7 +385,7 @@ Create the external load balancer network resources:
 
 Retrieve the `kubernetes-the-hard-way` static IP address:
 
-```
+```sh
 KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe kubernetes-the-hard-way \
   --region $(gcloud config get-value compute/region) \
   --format 'value(address)')
@@ -393,13 +393,13 @@ KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe kubernetes-the-har
 
 Make a HTTP request for the Kubernetes version info:
 
-```
+```sh
 curl --cacert ca.pem https://${KUBERNETES_PUBLIC_ADDRESS}:6443/version
 ```
 
 > output
 
-```
+```json
 {
   "major": "1",
   "minor": "15",
diff --git a/docs/09-bootstrapping-kubernetes-workers.md b/docs/09-bootstrapping-kubernetes-workers.md
index 6dd752d..6f1042e 100644
--- a/docs/09-bootstrapping-kubernetes-workers.md
+++ b/docs/09-bootstrapping-kubernetes-workers.md
@@ -6,7 +6,7 @@ In this lab you will bootstrap three Kubernetes worker nodes. The following comp
 
 The commands in this lab must be run on each worker instance: `worker-0`, `worker-1`, and `worker-2`. Login to each worker instance using the `gcloud` command. Example:
 
-```
+```sh
 gcloud compute ssh worker-0
 ```
 
@@ -18,7 +18,7 @@ gcloud compute ssh worker-0
 
 Install the OS dependencies:
 
-```
+```sh
 {
   sudo apt-get update
   sudo apt-get -y install socat conntrack ipset
@@ -33,13 +33,13 @@ By default the kubelet will fail to start if [swap](https://help.ubuntu.com/comm
 
 Verify if swap is enabled:
 
-```
+```sh
 sudo swapon --show
 ```
 
 If output is empthy then swap is not enabled. If swap is enabled run the following command to disable swap immediately:
 
-```
+```sh
 sudo swapoff -a
 ```
 
@@ -47,7 +47,7 @@ sudo swapoff -a
 
 ### Download and Install Worker Binaries
 
-```
+```sh
 wget -q --show-progress --https-only --timestamping \
   https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.15.0/crictl-v1.15.0-linux-amd64.tar.gz \
   https://github.com/opencontainers/runc/releases/download/v1.0.0-rc8/runc.amd64 \
@@ -60,7 +60,7 @@ wget -q --show-progress --https-only --timestamping \
 
 Create the installation directories:
 
-```
+```sh
 sudo mkdir -p \
   /etc/cni/net.d \
   /opt/cni/bin \
@@ -72,14 +72,14 @@ sudo mkdir -p \
 
 Install the worker binaries:
 
-```
+```sh
 {
   mkdir containerd
   tar -xvf crictl-v1.15.0-linux-amd64.tar.gz
   tar -xvf containerd-1.2.9.linux-amd64.tar.gz -C containerd
   sudo tar -xvf cni-plugins-linux-amd64-v0.8.2.tgz -C /opt/cni/bin/
   sudo mv runc.amd64 runc
-  chmod +x crictl kubectl kube-proxy kubelet runc 
+  chmod +x crictl kubectl kube-proxy kubelet runc
   sudo mv crictl kubectl kube-proxy kubelet runc /usr/local/bin/
   sudo mv containerd/bin/* /bin/
 }
@@ -89,14 +89,14 @@ Install the worker binaries:
 
 Retrieve the Pod CIDR range for the current compute instance:
 
-```
+```sh
 POD_CIDR=$(curl -s -H "Metadata-Flavor: Google" \
   http://metadata.google.internal/computeMetadata/v1/instance/attributes/pod-cidr)
 ```
 
 Create the `bridge` network configuration file:
 
-```
+```sh
 cat <<EOF | sudo tee /etc/cni/net.d/10-bridge.conf
 {
     "cniVersion": "0.3.1",
@@ -118,7 +118,7 @@ EOF
 
 Create the `loopback` network configuration file:
 
-```
+```sh
 cat <<EOF | sudo tee /etc/cni/net.d/99-loopback.conf
 {
     "cniVersion": "0.3.1",
@@ -132,11 +132,11 @@ EOF
 
 Create the `containerd` configuration file:
 
-```
+```sh
 sudo mkdir -p /etc/containerd/
 ```
 
-```
+```sh
 cat << EOF | sudo tee /etc/containerd/config.toml
 [plugins]
   [plugins.cri.containerd]
@@ -150,7 +150,7 @@ EOF
 
 Create the `containerd.service` systemd unit file:
 
-```
+```sh
 cat <<EOF | sudo tee /etc/systemd/system/containerd.service
 [Unit]
 Description=containerd container runtime
@@ -176,7 +176,7 @@ EOF
 
 ### Configure the Kubelet
 
-```
+```sh
 {
   sudo mv ${HOSTNAME}-key.pem ${HOSTNAME}.pem /var/lib/kubelet/
   sudo mv ${HOSTNAME}.kubeconfig /var/lib/kubelet/kubeconfig
@@ -186,7 +186,7 @@ EOF
 
 Create the `kubelet-config.yaml` configuration file:
 
-```
+```sh
 cat <<EOF | sudo tee /var/lib/kubelet/kubelet-config.yaml
 kind: KubeletConfiguration
 apiVersion: kubelet.config.k8s.io/v1beta1
@@ -210,11 +210,11 @@ tlsPrivateKeyFile: "/var/lib/kubelet/${HOSTNAME}-key.pem"
 EOF
 ```
 
-> The `resolvConf` configuration is used to avoid loops when using CoreDNS for service discovery on systems running `systemd-resolved`. 
+> The `resolvConf` configuration is used to avoid loops when using CoreDNS for service discovery on systems running `systemd-resolved`.
 
 Create the `kubelet.service` systemd unit file:
 
-```
+```sh
 cat <<EOF | sudo tee /etc/systemd/system/kubelet.service
 [Unit]
 Description=Kubernetes Kubelet
@@ -242,13 +242,13 @@ EOF
 
 ### Configure the Kubernetes Proxy
 
-```
+```sh
 sudo mv kube-proxy.kubeconfig /var/lib/kube-proxy/kubeconfig
 ```
 
 Create the `kube-proxy-config.yaml` configuration file:
 
-```
+```sh
 cat <<EOF | sudo tee /var/lib/kube-proxy/kube-proxy-config.yaml
 kind: KubeProxyConfiguration
 apiVersion: kubeproxy.config.k8s.io/v1alpha1
@@ -261,7 +261,7 @@ EOF
 
 Create the `kube-proxy.service` systemd unit file:
 
-```
+```sh
 cat <<EOF | sudo tee /etc/systemd/system/kube-proxy.service
 [Unit]
 Description=Kubernetes Kube Proxy
@@ -280,7 +280,7 @@ EOF
 
 ### Start the Worker Services
 
-```
+```sh
 {
   sudo systemctl daemon-reload
   sudo systemctl enable containerd kubelet kube-proxy
@@ -296,7 +296,7 @@ EOF
 
 List the registered Kubernetes nodes:
 
-```
+```sh
 gcloud compute ssh controller-0 \
   --command "kubectl get nodes --kubeconfig admin.kubeconfig"
 ```
diff --git a/docs/10-configuring-kubectl.md b/docs/10-configuring-kubectl.md
index c64a434..a846d08 100644
--- a/docs/10-configuring-kubectl.md
+++ b/docs/10-configuring-kubectl.md
@@ -10,7 +10,7 @@ Each kubeconfig requires a Kubernetes API Server to connect to. To support high
 
 Generate a kubeconfig file suitable for authenticating as the `admin` user:
 
-```
+```sh
 {
   KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe kubernetes-the-hard-way \
     --region $(gcloud config get-value compute/region) \
@@ -37,7 +37,7 @@ Generate a kubeconfig file suitable for authenticating as the `admin` user:
 
 Check the health of the remote Kubernetes cluster:
 
-```
+```sh
 kubectl get componentstatuses
 ```
 
@@ -54,7 +54,7 @@ etcd-0               Healthy   {"health":"true"}
 
 List the nodes in the remote Kubernetes cluster:
 
-```
+```sh
 kubectl get nodes
 ```
 
diff --git a/docs/11-pod-network-routes.md b/docs/11-pod-network-routes.md
index c9f0b6a..9fac7d1 100644
--- a/docs/11-pod-network-routes.md
+++ b/docs/11-pod-network-routes.md
@@ -12,7 +12,7 @@ In this section you will gather the information required to create routes in the
 
 Print the internal IP address and Pod CIDR range for each worker instance:
 
-```
+```sh
 for instance in worker-0 worker-1 worker-2; do
   gcloud compute instances describe ${instance} \
     --format 'value[separator=" "](networkInterfaces[0].networkIP,metadata.items[0].value)'
@@ -31,7 +31,7 @@ done
 
 Create network routes for each worker instance:
 
-```
+```sh
 for i in 0 1 2; do
   gcloud compute routes create kubernetes-route-10-200-${i}-0-24 \
     --network kubernetes-the-hard-way \
@@ -42,7 +42,7 @@ done
 
 List the routes in the `kubernetes-the-hard-way` VPC network:
 
-```
+```sh
 gcloud compute routes list --filter "network: kubernetes-the-hard-way"
 ```
 
diff --git a/docs/12-dns-addon.md b/docs/12-dns-addon.md
index f7a5d43..acfbabd 100644
--- a/docs/12-dns-addon.md
+++ b/docs/12-dns-addon.md
@@ -6,7 +6,7 @@ In this lab you will deploy the [DNS add-on](https://kubernetes.io/docs/concepts
 
 Deploy the `coredns` cluster add-on:
 
-```
+```sh
 kubectl apply -f https://storage.googleapis.com/kubernetes-the-hard-way/coredns.yaml
 ```
 
@@ -23,7 +23,7 @@ service/kube-dns created
 
 List the pods created by the `kube-dns` deployment:
 
-```
+```sh
 kubectl get pods -l k8s-app=kube-dns -n kube-system
 ```
 
@@ -39,13 +39,13 @@ coredns-699f8ddd77-gtcgb   1/1     Running   0          20s
 
 Create a `busybox` deployment:
 
-```
+```sh
 kubectl run --generator=run-pod/v1 busybox --image=busybox:1.28 --command -- sleep 3600
 ```
 
 List the pod created by the `busybox` deployment:
 
-```
+```sh
 kubectl get pods -l run=busybox
 ```
 
@@ -58,13 +58,13 @@ busybox   1/1     Running   0          3s
 
 Retrieve the full name of the `busybox` pod:
 
-```
+```sh
 POD_NAME=$(kubectl get pods -l run=busybox -o jsonpath="{.items[0].metadata.name}")
 ```
 
 Execute a DNS lookup for the `kubernetes` service inside the `busybox` pod:
 
-```
+```sh
 kubectl exec -ti $POD_NAME -- nslookup kubernetes
 ```
 
diff --git a/docs/13-smoke-test.md b/docs/13-smoke-test.md
index ed90844..62de18f 100644
--- a/docs/13-smoke-test.md
+++ b/docs/13-smoke-test.md
@@ -8,14 +8,14 @@ In this section you will verify the ability to [encrypt secret data at rest](htt
 
 Create a generic secret:
 
-```
+```sh
 kubectl create secret generic kubernetes-the-hard-way \
   --from-literal="mykey=mydata"
 ```
 
 Print a hexdump of the `kubernetes-the-hard-way` secret stored in etcd:
 
-```
+```sh
 gcloud compute ssh controller-0 \
   --command "sudo ETCDCTL_API=3 etcdctl get \
   --endpoints=https://127.0.0.1:2379 \
@@ -53,13 +53,13 @@ In this section you will verify the ability to create and manage [Deployments](h
 
 Create a deployment for the [nginx](https://nginx.org/en/) web server:
 
-```
+```sh
 kubectl create deployment nginx --image=nginx
 ```
 
 List the pod created by the `nginx` deployment:
 
-```
+```sh
 kubectl get pods -l app=nginx
 ```
 
@@ -76,13 +76,13 @@ In this section you will verify the ability to access applications remotely usin
 
 Retrieve the full name of the `nginx` pod:
 
-```
+```sh
 POD_NAME=$(kubectl get pods -l app=nginx -o jsonpath="{.items[0].metadata.name}")
 ```
 
 Forward port `8080` on your local machine to port `80` of the `nginx` pod:
 
-```
+```sh
 kubectl port-forward $POD_NAME 8080:80
 ```
 
@@ -95,7 +95,7 @@ Forwarding from [::1]:8080 -> 80
 
 In a new terminal make an HTTP request using the forwarding address:
 
-```
+```sh
 curl --head http://127.0.0.1:8080
 ```
 
@@ -128,7 +128,7 @@ In this section you will verify the ability to [retrieve container logs](https:/
 
 Print the `nginx` pod logs:
 
-```
+```sh
 kubectl logs $POD_NAME
 ```
 
@@ -144,7 +144,7 @@ In this section you will verify the ability to [execute commands in a container]
 
 Print the nginx version by executing the `nginx -v` command in the `nginx` container:
 
-```
+```sh
 kubectl exec -ti $POD_NAME -- nginx -v
 ```
 
@@ -160,7 +160,7 @@ In this section you will verify the ability to expose applications using a [Serv
 
 Expose the `nginx` deployment using a [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) service:
 
-```
+```sh
 kubectl expose deployment nginx --port 80 --type NodePort
 ```
 
@@ -168,14 +168,14 @@ kubectl expose deployment nginx --port 80 --type NodePort
 
 Retrieve the node port assigned to the `nginx` service:
 
-```
+```sh
 NODE_PORT=$(kubectl get svc nginx \
   --output=jsonpath='{range .spec.ports[0]}{.nodePort}')
 ```
 
 Create a firewall rule that allows remote access to the `nginx` node port:
 
-```
+```sh
 gcloud compute firewall-rules create kubernetes-the-hard-way-allow-nginx-service \
   --allow=tcp:${NODE_PORT} \
   --network kubernetes-the-hard-way
@@ -183,14 +183,14 @@ gcloud compute firewall-rules create kubernetes-the-hard-way-allow-nginx-service
 
 Retrieve the external IP address of a worker instance:
 
-```
+```sh
 EXTERNAL_IP=$(gcloud compute instances describe worker-0 \
   --format 'value(networkInterfaces[0].accessConfigs[0].natIP)')
 ```
 
 Make an HTTP request using the external IP address and the `nginx` node port:
 
-```
+```sh
 curl -I http://${EXTERNAL_IP}:${NODE_PORT}
 ```
 
diff --git a/docs/14-cleanup.md b/docs/14-cleanup.md
index 07be407..f630e73 100644
--- a/docs/14-cleanup.md
+++ b/docs/14-cleanup.md
@@ -6,7 +6,7 @@ In this lab you will delete the compute resources created during this tutorial.
 
 Delete the controller and worker compute instances:
 
-```
+```sh
 gcloud -q compute instances delete \
   controller-0 controller-1 controller-2 \
   worker-0 worker-1 worker-2 \
@@ -17,7 +17,7 @@ gcloud -q compute instances delete \
 
 Delete the external load balancer network resources:
 
-```
+```sh
 {
   gcloud -q compute forwarding-rules delete kubernetes-forwarding-rule \
     --region $(gcloud config get-value compute/region)
@@ -32,7 +32,7 @@ Delete the external load balancer network resources:
 
 Delete the `kubernetes-the-hard-way` firewall rules:
 
-```
+```sh
 gcloud -q compute firewall-rules delete \
   kubernetes-the-hard-way-allow-nginx-service \
   kubernetes-the-hard-way-allow-internal \
@@ -42,7 +42,7 @@ gcloud -q compute firewall-rules delete \
 
 Delete the `kubernetes-the-hard-way` network VPC:
 
-```
+```sh
 {
   gcloud -q compute routes delete \
     kubernetes-route-10-200-0-0-24 \