IBM
diff --git a/‎Lab 0/README.md‎
Lines changed: 16 additions & 19 deletions b/‎Lab 0/README.md‎
Lines changed: 16 additions & 19 deletions
diff --git a/‎Lab 4/README.md‎
Lines changed: 8 additions & 8 deletions b/‎Lab 4/README.md‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎Lab 5/README.md‎
Lines changed: 45 additions & 35 deletions b/‎Lab 5/README.md‎
Lines changed: 45 additions & 35 deletions
@@ -1,30 +1,27 @@
 # Lab 0: Getting the IBM Cloud Container Service
 
 
-Before you begin learning, you will need to install the required CLIs to create and manage your Kubernetes clusters in IBM Cloud Container Service, and to deploy containerized apps to your cluster.
+Before you begin learning, you need to install the required CLIs to create and manage your Kubernetes clusters in IBM Cloud Container Service and to deploy containerized apps to your cluster.
 
 This lab includes the information for installing these CLIs and plug-ins:
 
 
 ``` txt
 IBM Cloud CLI version 0.5.0 or later
 IBM Cloud Container Service plug-in
-Kubernetes CLI version 1.5.6 or later
+Kubernetes CLI version 1.7.4 or later
 Optional: IBM Cloud Container Registry plug-in
 Optional: Docker version 1.9. or later
 ```
 
 If you have the CLIs and plug-ins, you can skip this lab and proceed to the next one.
 
-
 To install the CLIs:
 
 As a prerequisite for the IBM Cloud Container Service plug-in, install the IBM Cloud command-line interface, located at https://clis.ng.bluemix.net/ui/home.html. Once installed, you can access IBM Cloud from your command-line with the prefix `bx`.
 
 Log in to the IBM Cloud CLI with `bx login`. Enter your IBM Cloud credentials when prompted.
 
-
-
 Note: If you have a federated ID, use `bx login --sso` to log in to the IBM Cloud CLI. Enter your user name and use the provided URL in your CLI output to retrieve your one-time passcode. You know you have a federated ID when the login fails without the `--sso` and succeeds with the `--sso` option.
 
 # Install the IBM Cloud Container Service plug-in
@@ -41,31 +38,31 @@ The IBM Cloud Container Service plug-in is displayed in the results as `containe
 
 To view a local version of the Kubernetes dashboard and to deploy apps into your clusters, you will need to install the Kubernetes CLI. The following links will install the CLI. Simply click the link corresponding to your operating system:
 
-OS X: https://storage.googleapis.com/kubernetes-release/release/v1.5.6/bin/darwin/amd64/kubectl
-Linux: https://storage.googleapis.com/kubernetes-release/release/v1.5.6/bin/linux/amd64/kubectl
-Windows: https://storage.googleapis.com/kubernetes-release/release/v1.5.6/bin/windows/amd64/kubectl.exe
+OS X: https://storage.googleapis.com/kubernetes-release/release/v1.7.4/bin/darwin/amd64/kubectl
+Linux: https://storage.googleapis.com/kubernetes-release/release/v1.7.4/bin/linux/amd64/kubectl
+Windows: https://storage.googleapis.com/kubernetes-release/release/v1.7.4/bin/windows/amd64/kubectl.exe
 
 Tip: If you are using Windows, install the Kubernetes CLI in the same directory as the IBM Cloud CLI. This setup saves you some filepath changes when you run commands later.
 
-For OSX and Linux users, complete the following steps.
+For OSX and Linux users, complete the following steps:
 
-Move the executable file to the `/usr/local/bin` directory with `mv /<path_to_file>/kubectl /usr/local/bin/kubectl` .
+1. Move the executable file to the `/usr/local/bin` directory with `mv /<path_to_file>/kubectl /usr/local/bin/kubectl` .
 
-Make sure that `/usr/local/bin` is listed in your PATH system variable.
+2. Make sure that `/usr/local/bin` is listed in your PATH system variable.
 
-```txt
-echo $PATH
-/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
-```
-Convert the binary file to an executable. `chmod +x /usr/local/bin/kubectl`
+ ```txt
+ echo $PATH
+ /usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
+ ```
 
-# Download the Container Registry Plugin
+3. Convert the binary file to an executable. `chmod +x /usr/local/bin/kubectl`
 
-To manage a private image repository, install the Cloud Container Registry plug-in. Use this plug-in to set up your own namespace in a multi-tenant, highly available, and scalable private image registry that is hosted by IBM, and to store and share Docker images with other users. Docker images are required to deploy containers into a cluster. The prefix for running registry commands is bx cr.
+# Download the IBM Cloud Container Registry plug-in
 
+To manage a private image repository, install the IBM Cloud Container Registry plug-in. Use this plug-in to set up your own namespace in a multi-tenant, highly available, and scalable private image registry that is hosted by IBM, and to store and share Docker images with other users. Docker images are required to deploy containers into a cluster. The prefix for running registry commands is `bx cr`.
 
 `bx plugin install container-registry -r Bluemix`
 To verify that the plug-in is installed properly, run`bx plugin list`
 The plug-in is displayed in the results as `container-registry`.
 
-To build images locally and push them to your registry namespace, install Docker If you are using Windows 8 or earlier, you can install the Docker Toolbox External link icon instead. The Docker CLI is used to build apps into images. The prefix for running commands by using the Docker CLI is docker.
+To build images locally and push them to your registry namespace, [install Docker](https://www.docker.com/community-edition#/download). The Docker CLI is used to build apps into images. The prefix for running commands by using the Docker CLI is `docker`.
@@ -1,14 +1,14 @@
-# Highly Available Deployments with IBM Cloud Container Service
+# Highly available deployments with IBM Cloud Container Service
 
-The goal of this lab is to begin to understand how to deploy a highly available application. It's easier than many think, but can be expensive if deploying across multiple AZs. The example in this lab shows how to deploy an application across two worker nodes in the same AZ (a basic level of high availability, to explore the concepts).
+The goal of this lab is to learn how to deploy a highly available application. It's easier than many think but can be expensive if deploying across multiple availability zones. In order to explore the concepts, this lab shows how to deploy an application across two worker nodes in the same availability zone, which is a basic level of high availability.
 
-# Federated Kubernetes Cluster: Two Worker Nodes Running the Same Application
+# Federated Kubernetes cluster: Two clusters running the same application
 
-To get started, create a paid cluster with two workers and wait for it to provision.
+To get started, create a paid cluster with two workers and wait for it to provision. If this is your first paid cluster, then you do not need to specify the public vlan and the private vlan.
 
-`bx cs cluster-create --name Cluster02 --machine-type b1c.4x16 --location dal10 --workers 2 --public-vlan 1900401 --private-vlan 1900403 --location dal10`
+`bx cs cluster-create --name <cluster-name> --machine-type b2c.4x16 --location <location> --workers 2 --public-vlan <public-vlan> --private-vlan <private-vlan>`
 
-While waiting, you need to download kubefed, which will allow you to set up a kubernetes federated cluster.
+While waiting, you need to download kubefed, which will allow you to set up a Kubernetes federated cluster.
 As this is for lab purposes only, we will be using an IBM liberty image as a basic template for an imaged application.
 
 Download the kubefed tarfile using curl:
@@ -44,7 +44,7 @@ You’ll need to provide the kubeconfig context (called name in the entry above)
 
 At this time, export the kubeconfig file for the admin user of the cluster using `bx cs cluster-config <nameOfCluster> --admin`, make a note of it for error handling later.
 
-# Deploy a Federation Control Plane
+# Deploy a federation control plane
 
 To deploy a federation control plane on your host cluster, run `kubefed init` command. When you use `kubefed init`, you must provide the following:
 
@@ -150,7 +150,7 @@ Creating a namespace federation-system for federation system components... done
 Creating federation control plane service......
 ```
 
-# Deploying an Application to a Federated Cluster
+# Deploying an application to a federated cluster
 
 
 The API for Federated Deployment is compatible with the API for traditional Kubernetes Deployment. You can create a Deployment by sending a request to the federation data layer.
 
@@ -1,23 +1,22 @@
 # Security with IBM Cloud Container Service
 
+This lab is intended to introduce a user to Kubernetes-specific security features used to limit the attack surface and harden your cluster against network threats. You can use built-in security features for risk analysis and security protection. These features help you protect your cluster infrastructure and network communication, isolate your compute resources, and ensure security compliance across your infrastructure components and container deployments.
 
-This lab is intended to introduce a user to kubernetes-specific security features used to limit the attack surface and harden your cluster against network threats. You can use built-in security features for risk analysis and security protection. These features help you to protect your cluster infrastructure and network communication, isolate your compute resources, and ensure security compliance across your infrastructure components and container deployments.
-
-# Network Policies and Kubernetes: Adding network policies
-In most cases, the default policies do not need to be changed. Only advanced security scenarios might require changes. If you find that you must make changes, install the Calico CLI and create your own network policies
+# Network policies and Kubernetes: Adding network policies
+In most cases, the default policies do not need to be changed. Only advanced security scenarios might require changes. If you find that you must make changes, install the Calico CLI and create your own network policies.
 
 Before you begin:
 
-Target the Kubernetes CLI to the cluster. Include the --admin option with the bx cs cluster-config command, which is used to download the certificates and permission files. This download also includes the keys for the Administrator rbac role, which you need to run Calico commands.
+Target the Kubernetes CLI to the cluster. Include the --admin option with the bx cs cluster-config command, which is used to download the certificates and permission files. This download also includes the keys for the Administrator RBAC role, which you need to run Calico commands.
 
 
 `bx cs cluster-config <cluster_name> --admin`
 
-Note: Calico CLI version 1.4.0 is supported.
+Note: Calico CLI version 1.6.1 is supported.
 
 To add network policies:
 
-Install the Calico CLI, from here: https://github.com/projectcalico/calicoctl/releases/tag/v1.4.0?cm_mc_uid=63538519175715059979315&cm_mc_sid_50200000=1506013543
+Install the Calico CLI, from here: https://github.com/projectcalico/calicoctl/releases/tag/v1.6.1
 
 Tip: If you are using Windows, install the Calico CLI in the same directory as the IBM Cloud CLI. This setup saves you some filepath changes when you run commands later.
 
@@ -33,13 +32,13 @@ OSX:
 `mv /<path_to_file>/calico-darwin-amd64 /usr/local/bin/calicoctl`
 
 
-Next, Convert the binary file to an executable.
+Next, convert the binary file to an executable.
 
 
 `chmod +x /usr/local/bin/calicoctl`
 
 
-Verify that the calico commands ran properly by checking the Calico CLI client version. Use `calicoctl version`
+Verify that the Calico commands run properly by checking the Calico CLI client version. Use `calicoctl version`
 
 
 # Configure the Calico CLI.
@@ -48,6 +47,7 @@ For Linux and OS X, create the '/etc/calico' directory. For Windows, any directo
 
 
 `mkdir -p /etc/calico/`
+
 Create a 'calicoctl.cfg' file.
 
 Linux and OS X:
@@ -89,13 +89,16 @@ Linux and OS X:
 
 
 `dirname $KUBECONFIG`
+
 Output example:
 
 `/home/sysadmin/.bluemix/plugins/container-service/clusters/<cluster_name>-admin/`
+
 Windows:
 
 
 `echo %KUBECONFIG%`
+
 Output example:
 
 `C:/Users/<user>/.bluemix/plugins/container-service/<cluster_name>-admin/kube-config-prod-<location>-<cluster_name>.yml`
@@ -113,7 +116,9 @@ Windows:
 Open the directory you retrieved in the last step.
 
 `C:\Users\.bluemix\plugins\container-service\<cluster_name>-admin\`
+
 Locate the `ca-*pem_file` file.
+
 Verify that the Calico configuration is working correctly.
 
 Linux and OS X:
@@ -136,55 +141,56 @@ Examine the existing network policies.
 
 View the Calico host endpoint.
 
-
 `calicoctl get hostendpoint -o yaml`
-View all of the Calico and Kubernetes network policies that were created for the cluster. This list includes policies that might not be applied to any pods or hosts yet. For a network policy to be enforced, it must find a Kubernetes resource that matches the selector that was defined in the Calico network policy.
 
+View all of the Calico and Kubernetes network policies that were created for the cluster. This list includes policies that might not be applied to any pods or hosts yet. For a network policy to be enforced, it must find a Kubernetes resource that matches the selector that was defined in the Calico network policy.
 
 `calicoctl get policy -o wide`
-View details for a network policy.
 
+View details for a network policy.
 
 `calicoctl get policy -o yaml <policy_name>`
-View the details of all network policies for the cluster.
 
+View the details of all network policies for the cluster.
 
 `calicoctl get policy -o yaml`
-Create the Calico network policies to allow or block traffic.
 
 # Lab Test: Define a Calico network policy
 
-Defining a calico network policy for kubernetes clusters is simple once the calico cli is installed.  
+Defining a Calico network policy for Kubernetes clusters is simple once the Calico CLI is installed.  
 This part of the lab walks through using the Calico APIs directly in conjunction with Kubernetes `NetworkPolicy` in order to define more complex network policies.
 
-Begin by creating a network policy object:
+Begin by creating a namespace in your Kubernetes cluster:
 
 `kubectl create ns advanced-policy-demo`
-And then enable isolation on the Namespace.
+
+And then enable isolation on the namespace.
 
 `kubectl annotate ns advanced-policy-demo "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"`
-Run an nginx Service
 
-We’ll run an nginx Service in the Namespace.
-```
-kubectl run --namespace=advanced-policy-demo nginx --replicas=2 --image=nginx
-kubectl expose --namespace=advanced-policy-demo deployment nginx --port=80
-```
-Check using calicoctl
+Now, run an nginx service in the namespace that you created.
+
+`kubectl run --namespace=advanced-policy-demo nginx --replicas=2 --image=nginx`
+`kubectl expose --namespace=advanced-policy-demo deployment nginx --port=80`
+
+Now that we’ve created a namespace and a set of pods, we should see those objects show up in the Calico API using calicoctl.
+
+We can see that the namespace has a corresponding network profile.
 
-Now that we’ve created a Namespace and a set of pods, we should see those objects show up in the Calico API using calicoctl.
+`calicoctl get profile -o wide`
 
-We can see that the Namespace has a corresponding Profile.
 ```
-$ calicoctl get profile -o wide
 NAME                          TAGS
 k8s_ns.advanced-policy-demo   k8s_ns.advanced-policy-demo
 k8s_ns.default                k8s_ns.default
 k8s_ns.kube-system            k8s_ns.kube-system
 ```
-Because we’ve enabled isolation on the Namespace, the profile denies all ingress traffic and allows all egress traffic.
+
+Because we’ve enabled isolation on the namespace, the profile denies all ingress traffic and allows all egress traffic. Inspect the YAML file to verify.
+
+`calicoctl get profile k8s_ns.advanced-policy-demo -o yaml`
+
 ```
-$ calicoctl get profile k8s_ns.advanced-policy-demo -o yaml
 - apiVersion: v1
   kind: profile
   metadata:
@@ -201,18 +207,19 @@ $ calicoctl get profile k8s_ns.advanced-policy-demo -o yaml
       destination: {}
       source: {}
 ```
-We can see that this is the case by running another pod in the Namespace and attempting to access the nginx Service.
+We can see that this is the case by running another pod in the namespace and attempting to access the nginx service.
+
 ```
 $ kubectl run --namespace=advanced-policy-demo access --rm -ti --image busybox /bin/sh
 Waiting for pod advanced-policy-demo/access-472357175-y0m47 to be running, status is Pending, pod ready: false
-```
 If you don't see a command prompt, try pressing enter.
-```
 / # wget -q --timeout=5 nginx -O -
 wget: download timed out
 / #
 ```
+
 We can also see that the two nginx pods are represented as WorkloadEndpoints in the Calico API.
+
 ```
 calicoctl get workloadendpoint
 
@@ -221,7 +228,9 @@ k8s-node-01   k8s            advanced-policy-demo.nginx-701339712-x1uqe   eth0
 k8s-node-02   k8s            advanced-policy-demo.nginx-701339712-xeeay   eth0
 k8s-node-01   k8s            kube-system.kube-dns-v19-mjd8x               eth0
 ```
-Taking a closer look, we can see that they reference the correct profile for the Namespace, and that the correct label information has been filled in. Notice that the endpoint also includes a special label calico/k8s_ns, which is automatically populated with the pod’s Kubernetes Namespace.
+
+Taking a closer look, we can see that they reference the correct profile for the namespace, and that the correct label information has been filled in. Notice that the endpoint also includes a special label calico/k8s_ns, which is automatically populated with the pod’s Kubernetes namespace.
+
 ```
 $ calicoctl get wep --workload advanced-policy-demo.nginx-701339712-x1uqe -o yaml
 - apiVersion: v1
@@ -244,7 +253,8 @@ $ calicoctl get wep --workload advanced-policy-demo.nginx-701339712-x1uqe -o yam
     - k8s_ns.advanced-policy-demo
 
 ```
-Now, Simply create a new kubernetes config yaml file, this time with `kind: NetworkPolicy`. The sample below shows an example network policy which allows traffic.
+
+Now, create a new Kubernetes config yaml file, this time with `kind: NetworkPolicy`. The sample below shows an example network policy which allows traffic.
 
 Create a file named `networkpol.yaml`, and enter the following information into the file:
 
@@ -270,7 +280,7 @@ Linux and OS X:
 
 `calicoctl apply -f networkpol.yaml`
 
-It now shows up as a Policy object in the Calico API.
+It now shows up as a policy object in the Calico API.
 
 ```
 $ calicoctl get policy -o wide