some refactoring to make this a nice class.

02/terraform.md

@@ -57,7 +57,7 @@ Once it is created you can export the base64 version of that key with:
 ```
 gpg --export [email protected] | base64 | pbcopy 
 ```
-This can be put inside the [terraform/iam/vars.tf](./terraform/iam/vars.tf) file.
+This can be put inside the [terraform/iam/vars.tf](../terraform/iam/vars.tf) file.
 
 ## Create IAM resources with Terraform
 
@@ -81,7 +81,7 @@ We created the user with our `iam.tf` and we can use the output to log in as the
 Get the User Password for Console Sign in 
 
 ```
-cd 02/iam
+cd terraform/iam
 export GPG_TTY=$(tty) # just to be sure. 
 terraform output -raw password | base64 --decode  | gpg --decrypt | pbcopy
 ```
@@ -119,19 +119,22 @@ aws eks list-clusters
 
 
 
-## Create Network with Terraform 
+## (Optional) More with Terraform 
 
-Do this as the `eksdude` user. 
+As the `eksdude` we can continue on in Terraform and start up the EKS cluster.  However, at this point, we should instead move over to terragrunt as there are more capabilities we get from it.  If you decide to do this portion, you may want to destroy it before moving on to Terragrunt at the end.  (e.g: make the cluster but then destroy it when done.)
+
+
+### Terraform the Network
 
 ```
 
-cd 02/terraform/network
+cd terraform/network
 terraform init
 terraform plan 
 terraform apply
 ```
 
-## Create EKS with Terraform
+### Create EKS with Terraform
 
 ```
 cd 02/terraform/eks
@@ -140,19 +143,19 @@ terraform plan
 terraform apply
 ```
 
-## Log into EKS Cluster
+### Log into EKS Cluster
 
 We created the EKS cluster with a role rather than a user.  Users may come and go in our system but we gave the user `eksdude` permissions to access the role that created the cluster.  
 
-### 1. Update `~/.kube/config`
+#### 1. Update `~/.kube/config`
 
 We add the cluster login permissions to the `config` file automatically by running:  
 
 ```
 aws eks update-kubeconfig --name eks-stage --alias eks-stage --role-arn arn:aws:iam::188966951897:role/eks_dude_role
 ```
 
-### 2. Add the role
+#### 2. Add the role
 
 The above command adds the bottom role information to the kube config file. You will see lines similar to below: 
 
@@ -163,7 +166,7 @@ The above command adds the bottom role information to the kube config file. You
 
 To the `args:` list at the very end of the file.  (Note:  The account ID is my account ID and will need to be changed to match your account ID.)
 
-### 3. Login
+#### 3. Login
 
 We can now log in: 
 
@@ -173,6 +176,17 @@ kubectl get pods -n kube-system
 
 This is a very basic use case of Terraform.  Let's see how to do a few more advanced moves using Terragrunt in [our next section](./terragrunt.md)
 
+### Delete the Cluster and Network
+
+The previous network and EKS cluster should be deleted so we don't get charged for it!  You can do this by doing the following: 
+
+```
+cd terraform/eks
+terraform destroy
+cd terraform/network
+terraform destroy
+```
+
 
 
 # Appendix: Deleting parts of the Terraform plan

02/terragrunt.md

@@ -1,10 +1,41 @@
 # Terragrunt
 
-For removing DRY issues!
+[Terragrunt](https://terragrunt.gruntwork.io/) gives us the ability to reuse multiple modules and keep our environments [DRY](https://en.wikipedia.org/wiki/Don%27t_repeat_yourself). This is useful for the following reasons: 
 
+1. We can create reusable modules for production and stage environments. 
+2. We can string dependencies together.  For example: EKS requires a network, so we can ensure the network is created first and then EKS. 
+3. One command to destroy and create all of the different modules.  
 
+In short, Terragrunt can be thought of as an even higher order infrastructure creation tool than Terraform.  It is a wrapper around Terraform and it allows us to organize Terraform into "stacks" of things we want to create. 
+
+
+Let's create the entire infrastructure as follows: 
 
 ```
+cd terragrunt/stacks/stage
+terragrunt run-all init
 terragrunt run-all plan
 terragrunt run-all destroy
 ```
+
+That's it!  
+
+But what are we doing?  In my class I explain these different components in the `stacks` directory and the `modules` directory.  You can also read the Terragrunt documentation to see how it should be organized.  
+
+## Log into the EKS cluster
+
+```
+aws eks update-kubeconfig --name eks-stage --alias eks-stage --role-arn arn:aws:iam::188966951897:role/eks_dude_role
+```
+
+## Don't Type so much!
+
+Edit `~/.profile` to contain: 
+
+```
+alias k='kubectl'
+```
+
+Now instead of `kubectl` we can just type `k`. 
+
+

03/README.md

@@ -75,6 +75,7 @@ An internal DNS service that allows pods to communicate.  For example, suppose w
 Let's create 2 pods and a service: 
 
 ```
+cd 03/
 kubectl apply -f bb8.yaml
 kubectl apply -f ngx.yaml
 ```

03/bb8.yaml

@@ -5,7 +5,7 @@ metadata:
     run: bb8
   name: bb8
 spec:
-  replicas: 2
+  replicas: 1
   selector:
     matchLabels:
       run: bb8

04/Ingress.md

@@ -22,6 +22,16 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/cont
 ```
 This will create resources in the `ingress-nginx` name space. 
 
+We've updated the configMap to make it compress the output for better performance of our applications.  The configMap has this now: 
+
+```
+data:
+  use-gzip: "true"
+  gzip-level: "7"
+  enable-brotli: "true"
+  brotli-level: "7"
+```
+
 Running: 
 
 ```
@@ -51,7 +61,8 @@ This `yaml` file creates a deployment of an application called `kuard` which jus
 We have a domain called [castlerock.ai](https://castlerock.ai) that we can use for this service.  Let's create an ingress rule.  The file in this directory called `ngx-ing.yaml` has the information below: 
 
 ```
-apiVersion: extensions/v1beta1
+---
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   annotations:
@@ -62,9 +73,14 @@ spec:
     - host: k8s.castlerock.ai
       http:
         paths:
-        - backend:
-            serviceName: ngx
-            servicePort: 80
+          - path: "/"
+            pathType: Prefix
+            backend:
+              service:
+                name: ngx
+                port: 
+                  number: 80
+
 ```
 
 The rule here shows that anytime the host is `k8s.castlerock.ai` it will route to our ngx service.  

04/PV.md

@@ -43,6 +43,14 @@ There are other storage classes we could make too if we needed faster speed or n
 
 To take advantage of this storage class, we can create a persistent volume claim. 
 
+## Adding the EBS CSI Driver
+
+Before Kubernetes 1.23 the AWS block storage driver was part of Kubernetes, or it was "in-tree".  Well, times have changed and now we have to install it ourselves. The official documentation is [here](https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html)
+
+I've already included this in as part of the Terraform module but you may need to change the OIDC thumbprint if there are issues.  See [this documentation](https://aws.amazon.com/premiumsupport/knowledge-center/eks-error-invalid-identity-token/) on how this is done!
+
+
+
 ## Persistent Volume Claims
 
 We can request storage to be provisioned for us automatically with the persistent volume claim.  This is a yaml file that looks as follows: 

04/TLS.md

@@ -9,7 +9,7 @@ Let's Encrypt provides free automated TLS certificates for all of our applicatio
 To install its as simple as: 
 
 ```
-$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml
+$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.10.0/cert-manager.yaml
 ```
 
 To see what was installed run: 
@@ -51,7 +51,7 @@ Now to create the TLS certificate on our application we just modify the ingress
 Take a look at `ngx-ing.yaml` in the same directory.  You will see a few small changes: 
 
 ```
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   annotations:
@@ -68,9 +68,14 @@ spec:
     - host: k8s.castlerock.ai
       http:
         paths:
-        - backend:
-            serviceName: ngx
-            servicePort: 80
+          - path: "/"
+            pathType: Prefix
+            backend:
+              service:
+                name: ngx
+                port:
+                  number: 80
+
 ```
 
 The changes are: