diff --git a/topics/aws/README.md b/topics/aws/README.md
index 163ae68..ea01c1b 100644
--- a/topics/aws/README.md
+++ b/topics/aws/README.md
@@ -157,6 +157,7 @@ Failover | Route 53 | [Exercise](exercises/route_53_failover/exercise.md) | [Sol
|--------|--------|------|----|----|
| Hello Function | Lambda | [Exercise](exercises/hello_function/exercise.md) | [Solution](exercises/hello_function/solution.md) | |
| URL Function | Lambda | [Exercise](exercises/url_function/exercise.md) | [Solution](exercises/url_function/solution.md) | |
+| Web App with DB | Lambda, DynamoDB | [Exercise](exercises/web_app_dynamodb/exercise.md) | [Solution](exercises/web_app_dynamodb/solution.md) | |
### Elastic Beanstalk
@@ -1211,18 +1212,20 @@ Read more on it [here](https://aws.amazon.com/lambda)
True or False? In AWS Lambda, you are charged as long as a function exists, regardless of whether it's running or not
-False. Charges are being made when the code is executed.
+False. Charges are being made when the function is executed for the time it takes to execute and compute resources it uses.
Which of the following set of languages Lambda supports?
- R, Swift, Rust, Kotlin
-- Python, Ruby, Go
-- Python, Ruby, PHP
+- Python, Ruby, Go, Kotlin, Bash
+- Python, Ruby, PHP, PowerShell, C#, Perl
+- Python, Ruby, Go, Node.js, Groovy, C++
+- Python, Ruby, Go, Node.js, PowerShell, C#
-- Python, Ruby, Go
+- Python, Ruby, Go, Node.js, PowerShell, C#
@@ -3466,4 +3469,4 @@ More details are missing to determine for sure but it might be better to decoupl
ARN (Amazon Resources Names) used for uniquely identifying different AWS resources.
It is used when you would like to identify resource uniqely across all AWS infra.
-
\ No newline at end of file
+
diff --git a/topics/aws/exercises/web_app_lambda_dynamodb/exercise.md b/topics/aws/exercises/web_app_lambda_dynamodb/exercise.md
new file mode 100644
index 0000000..4d85293
--- /dev/null
+++ b/topics/aws/exercises/web_app_lambda_dynamodb/exercise.md
@@ -0,0 +1,11 @@
+# Web App with DB
+
+## Objectives
+
+Implement the following architecture:
+
+
+
+## Solution
+
+Click [here](solution.md) to view the solution
\ No newline at end of file
diff --git a/topics/aws/exercises/web_app_lambda_dynamodb/terraform/main.tf b/topics/aws/exercises/web_app_lambda_dynamodb/terraform/main.tf
new file mode 100644
index 0000000..391a934
--- /dev/null
+++ b/topics/aws/exercises/web_app_lambda_dynamodb/terraform/main.tf
@@ -0,0 +1,23 @@
+provider "aws" {
+ region = "us-west-1"
+}
+
+resource "aws_dynamodb_table" "users" {
+ name = "users"
+ hash_key = "id"
+
+ attribute {
+ name = "id"
+ type = "S"
+ }
+
+ attribute {
+ name = "login"
+ type = "S"
+ }
+
+ global_secondary_index {
+ hash_key =
+
+ }
+}
diff --git a/topics/kubernetes/README.md b/topics/kubernetes/README.md
index 03e12d0..0f88f04 100644
--- a/topics/kubernetes/README.md
+++ b/topics/kubernetes/README.md
@@ -1,35 +1,65 @@
# Kubernetes
+- [Kubernetes](#kubernetes)
+ - [Kubernetes Exercises](#kubernetes-exercises)
+ - [Pods](#pods)
+ - [Service](#service)
+ - [ReplicaSet](#replicaset)
+ - [Kubernetes Questions](#kubernetes-questions)
+ - [Kubernetes 101](#kubernetes-101)
+ - [Kubernetes - Hands-On Basics](#kubernetes---hands-on-basics)
+ - [Cluster](#cluster)
+ - [Pods](#pods-1)
+ - [Deployments](#deployments)
+ - [Services](#services)
+ - [Ingress](#ingress)
+ - [ReplicaSets](#replicasets)
+ - [Storage](#storage)
+ - [Network Policies](#network-policies)
+ - [Configuration File](#configuration-file)
+ - [etcd](#etcd)
+ - [Namespaces](#namespaces)
+ - [Operators](#operators)
+ - [Secrets](#secrets)
+ - [Volumes](#volumes)
+ - [Access Control](#access-control)
+ - [Patterns](#patterns)
+ - [CronJob](#cronjob)
+ - [Misc](#misc)
+ - [Gatekeeper](#gatekeeper)
+ - [Policy Testing](#policy-testing)
+ - [Helm](#helm)
+ - [Security](#security)
+ - [Troubleshooting Scenarios](#troubleshooting-scenarios)
+ - [Istio](#istio)
+ - [Scenarios](#scenarios)
+
## Kubernetes Exercises
+### Pods
+
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
| My First Pod | Pods | [Exercise](pods_01.md) | [Solution](solutions/pods_01_solution.md)
| "Killing" Containers | Pods | [Exercise](killing_containers.md) | [Solution](solutions/killing_containers.md)
+
+### Service
+
+|Name|Topic|Objective & Instructions|Solution|Comments|
+|--------|--------|------|----|----|
| Creating a Service | Service | [Exercise](services_01.md) | [Solution](solutions/services_01_solution.md)
+
+### ReplicaSet
+
+|Name|Topic|Objective & Instructions|Solution|Comments|
+|--------|--------|------|----|----|
| Creating a ReplicaSet | ReplicaSet | [Exercise](replicaset_01.md) | [Solution](solutions/replicaset_01_solution.md)
| Operating ReplicaSets | ReplicaSet | [Exercise](replicaset_02.md) | [Solution](solutions/replicaset_02_solution.md)
| ReplicaSets Selectors | ReplicaSet | [Exercise](replicaset_03.md) | [Solution](solutions/replicaset_03_solution.md)
## Kubernetes Questions
-- [Kubernetes](#kubernetes)
- - [Kubernetes Exercises](#kubernetes-exercises)
- - [Kubernetes Questions](#kubernetes-questions)
- - [Kubernetes 101](#kubernetes-101)
- - [Kubernetes - Hands-On Basics](#kubernetes---hands-on-basics)
- - [Kubernetes - Cluster](#kubernetes---cluster)
- - [Pods](#pods)
- - [Deployments](#deployments)
- - [Services](#services)
- - [Ingress](#ingress)
- - [Kubernetes - Security](#kubernetes---security)
- - [Kubernetes - Troubleshooting Scenarios](#kubernetes---troubleshooting-scenarios)
- - [Kubernetes - Submariner](#kubernetes---submariner)
- - [Kubernetes - Istio](#kubernetes---istio)
- - [Kubernetes - Scenarios](#kubernetes---scenarios)
-
-## Kubernetes 101
+### Kubernetes 101
What is Kubernetes? Why organizations are using it?
@@ -110,8 +140,7 @@ Becaused container is not a Kubernetes object. The smallest object unit in Kuber
- Always specify requests and limits to prevent situation where containers are using the entire cluster memory which may lead to OOM issue
-
-#### Kubernetes - Cluster
+### Cluster
What is a Kubernetes Cluster?
@@ -204,7 +233,7 @@ Apply requests and limits, especially on third party applications (where the unc
`kubectl api-resources`
-#### Pods
+### Pods
Explain what is a Pod
@@ -445,7 +474,7 @@ To make a Pod externally accessible, we need to use an object called Service in
`kubectl get pods -o wide`
-#### Deployments
+### Deployments
What is a "Deployment" in Kubernetes?
@@ -874,7 +903,7 @@ spec:
- hosts:
- some_app.com
secretName: someapp-secret-tls
-````
+```
@@ -1060,7 +1089,7 @@ A ReplicaSet's purpose is to maintain a stable set of replica Pods running at an
A DaemonSet ensures that all Nodes run a copy of a Pod.
-#### Kubernetes - Storage
+### Storage
What is a volume in regards to Kubernetes?
@@ -1081,7 +1110,7 @@ A directory accessible by the containers inside a certain Pod. The mechanism res
Ephemeral volume types have the lifetime of a pod as opposed to persistent volumes which exist beyond the lifetime of a Pod.
-#### Kubernetes - Network Policies
+### Network Policies
Explain Network Policies
@@ -1110,7 +1139,7 @@ False. By default pods are non-isolated.
Denied. Both source and destination policies has to allow traffic for it to be allowed.
-#### Kubernetes - Configuration File
+#### Configuration File
Which parts a configuration file has?
@@ -1139,7 +1168,7 @@ YAML
etcd
-#### Kubernetes - etcd
+### etcd
What is etcd?
@@ -1168,7 +1197,7 @@ True
Why etcd? Why not some SQL or NoSQL database?
-#### Kubernetes - Namespaces
+### Namespaces
What are namespaces?
@@ -1452,7 +1481,7 @@ False. CPU is a compressible resource while memory is a non compressible resourc
Explained [here](https://www.youtube.com/watch?v=i9V4oCa5f9I)
-#### Kubernetes - Operators
+### Operators
What is an Operator?
@@ -1537,7 +1566,7 @@ Use kubeconfig files to organize information about clusters, users, namespaces,
StatefulSet is the workload API object used to manage stateful applications. Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods.[Learn more](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/)
-#### Kubernetes - Secrets
+### Secrets
Explain Kubernetes Secrets
@@ -1609,7 +1638,7 @@ USER_PASSWORD environment variable will store the value from password key in the
In other words, you reference a value from a Kubernetes Secret.
-#### Kubernetes - Volumes
+### Volumes
True or False? Kubernetes provides data persistence out of the box, so when you restart a pod, data is saved
@@ -1692,7 +1721,7 @@ The main difference relies on the moment when you want to configure storage. For
* Delete
-#### Kubernetes - Access Control
+### Access Control
What is RBAC?
@@ -1744,7 +1773,7 @@ The pod is automatically assigned with the default service account (in the names
[kubernetes.io](https://kubernetes.io/docs/tasks/configure-pod-container/security-context): "A security context defines privilege and access control settings for a Pod or Container."
-#### Kubernetes - Patterns
+### Patterns
Explain the sidecar container pattern
@@ -1753,7 +1782,7 @@ The sidecar pattern is a single-node pattern made up of two containers. The firs
Without this container, the application would not exist. In addition to the application container, there is a sidecar container.
-#### Kubernetes - CronJob
+### CronJob
Explain what is CronJob and what is it used for
@@ -1813,7 +1842,7 @@ As a result this configuration isn't part of the cron job spec hence the cron jo
To fix it, these lines should placed in the spec of the cron job, above or under the "schedule" directive in the above example.
-#### Kubernetes - Misc
+### Misc
Explain Imperative Management vs. Declarative Management
@@ -1931,7 +1960,7 @@ Kubernetes labels are key-value pairs that can connect identifying metadata with
What is Kubeconfig?
-#### Kubernetes - Gatekeeper
+### Gatekeeper
What is Gatekeeper?
@@ -1945,7 +1974,7 @@ Kubernetes labels are key-value pairs that can connect identifying metadata with
On every request sent to the Kubernetes cluster, Gatekeeper sends the policies and the resources to OPA (Open Policy Agent) to check if it violates any policy. If it does, Gatekeeper will return the policy error message back. If it isn't violates any policy, the request will reach the cluster.
-#### Kubernetes - Policy Testing
+### Policy Testing
What is Conftest?
@@ -1960,7 +1989,7 @@ It is mostly used in testing environments such as CI pipelines or local hooks.
Same as Conftest, it is used for policy testing and enforcement. The difference is that it comes with built-in policies.
-#### Kubernetes - Helm
+### Helm
What is Helm?
@@ -2047,7 +2076,7 @@ Or directly on the command line: `helm install --set some_key=some_value`
Helm allows you to upgrade, remove and rollback to previous versions of charts. In version 2 of Helm it was with what is known as "Tiller". In version 3, it was removed due to security concerns.
-#### Kubernetes - Security
+### Security
What security best practices do you follow in regards to the Kubernetes cluster?
@@ -2061,7 +2090,7 @@ Helm allows you to upgrade, remove and rollback to previous versions of charts.
* Consider using tools (e.g. Falco) for monitoring threats
-#### Kubernetes - Troubleshooting Scenarios
+### Troubleshooting Scenarios
Running kubectl get pods you see Pods in "Pending" status. What would you do?
@@ -2083,26 +2112,7 @@ One possible path is to start with checking the Pod status.
TODO: finish this...
-#### Kubernetes - Submariner
-
-
-Explain what is Submariner and what is it used for
-
-"Submariner enables direct networking between pods and services in different Kubernetes clusters, either on premise or in the cloud."
-
-You can learn more [here](https://submariner-io.github.io)
-
-
-
-What each of the following components does?:
-
- * Lighthouse
- * Broker
- * Gateway Engine
- * Route Agent
-
-
-#### Kubernetes - Istio
+### Istio
What is Istio? What is it used for?
@@ -2110,7 +2120,7 @@ You can learn more [here](https://submariner-io.github.io)
Istio is an open source service mesh that helps organizations run distributed, microservices-based apps anywhere. Istio enables organizations to secure, connect, and monitor microservices, so they can modernize their enterprise apps more swiftly and securely.
-#### Kubernetes - Scenarios
+### Scenarios
An engineer form your organization told you he is interested only in seeing his team resources in Kubernetes. Instead, in reality, he sees resources of the whole organization, from multiple different teams. What Kubernetes concept can you use in order to deal with it?