diff --git a/.travis.yml b/.travis.yml
index 3806e62..d2c24bb 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -48,6 +48,66 @@ matrix:
   fast_finish: true
   include:
 
+# https://github.com/appsecco/kubeseco
+    - name: "deploy kubeseco w snaps on bionic amd64"
+      dist: bionic
+      arch: amd64
+      addons:
+        snaps:
+          - name: kubectl
+            confinement: classic # or devmode
+            channel: latest/stable # will be passed to --channel flag
+          - name: helm
+            confinement: classic # or devmode
+            channel: latest/stable # will be passed to --channel flag      
+      language: python
+      # python: 3.7
+      before_install:
+        - pip3 install virtualenv
+        - virtualenv -p $(which python3) ~venvpy3
+        - source ~venvpy3/bin/activate
+        - pip install -r requirements.txt
+      script:
+        - sudo make deploy-kind
+        - sudo kind create cluster --name tutorial-cluster
+        - sudo kubectl config use-context kind-tutorial-cluster
+        - sudo make deploy-kubeseco
+        - sudo kind delete cluster --name tutorial-cluster        
+      after_success:
+        - deactivate
+
+# https://github.com/kubernetes/test-infra/tree/master/kubetest#installation
+    - name: "run kubetest cd  w snaps on bionic amd64"
+      dist: bionic
+      arch: amd64
+      addons:
+        snaps:
+          - name: kubectl
+            confinement: classic # or devmode
+            channel: latest/stable # will be passed to --channel flag
+          - name: helm
+            confinement: classic # or devmode
+            channel: latest/stable # will be passed to --channel flag      
+      language: python
+      # python: 3.7
+      before_install:
+        - pip3 install virtualenv
+        - virtualenv -p $(which python3) ~venvpy3
+        - source ~venvpy3/bin/activate
+        - pip install -r requirements.txt
+      script:
+        - sudo make deploy-kind
+        - sudo kind create cluster --name tutorial-cluster
+        - sudo kubectl config use-context kind-tutorial-cluster
+        - sudo git clone https://github.com/kubernetes/test-infra.git
+        - GO111MODULE=on go install ./kubetest
+        - kubetest --build --up --test --down
+        - sudo kind delete cluster --name tutorial-cluster        
+      after_success:
+        - deactivate
+
+
+        
       #https://docs.cilium.io/en/latest/gettingstarted/kind/
     # - name: "simulate Cluster Mesh in a sandbox cilium kind w snapped kubectl helm Python 3.7 on bionic" #OK
     #   dist: bionic
@@ -104,7 +164,121 @@ matrix:
     #   after_success:
     #     - deactivate
 
-    
+
+    # - name: "ELK kind w snapped kubectl helm Python 3.7 on bionic" #OK
+    #   dist: bionic
+    #   arch: amd64
+    #   addons:
+    #     snaps:
+    #       - name: kubectl
+    #         confinement: classic # or devmode
+    #         channel: latest/stable # will be passed to --channel flag
+    #       - name: helm
+    #         confinement: classic # or devmode
+    #         channel: latest/stable # will be passed to --channel flag
+    #   language: python
+    #   python: 3.7
+    #   before_install:
+    #     - pip3 install virtualenv
+    #     - virtualenv -p $(which python3) ~venvpy3
+    #     - source ~venvpy3/bin/activate
+    #     - pip install -r requirements.txt
+    #   script:
+    #     - sudo make deploy-kind
+    #     - sudo kind create cluster --name tutorial-cluster
+    #     - sudo kubectl config use-context kind-tutorial-cluster
+    #     - sudo make deploy-elk
+    #     - sudo kind delete cluster --name tutorial-cluster
+    #   after_success:
+    #     - deactivate
+
+
+    # - name: "ELK kind wo snaps Python 3.7 on bionic" #OK
+    #   dist: bionic
+    #   arch: amd64
+    #   # addons:
+    #   #   snaps:
+    #   #     - name: kubectl
+    #   #       confinement: classic # or devmode
+    #   #       channel: latest/stable # will be passed to --channel flag
+    #   #     - name: helm
+    #   #       confinement: classic # or devmode
+    #   #       channel: latest/stable # will be passed to --channel flag
+    #   language: python
+    #   python: 3.7
+    #   before_install:
+    #     - pip3 install virtualenv
+    #     - virtualenv -p $(which python3) ~venvpy3
+    #     - source ~venvpy3/bin/activate
+    #     - pip install -r requirements.txt
+    #   script:
+    #     - sudo make deploy-kind
+    #     - sudo kind create cluster --name tutorial-cluster
+    #     - sudo kubectl config use-context kind-tutorial-cluster
+    #     - sudo make provision-kubectl
+    #     - sudo make provision-helm        
+    #     - sudo make deploy-elk
+    #     - sudo kind delete cluster --name tutorial-cluster
+    #   after_success:
+    #     - deactivate
+
+
+    # - name: "EFK kind wo snaps Python 3.7 on bionic" #OK
+    #   dist: bionic
+    #   arch: amd64
+    #   # addons:
+    #   #   snaps:
+    #   #     - name: kubectl
+    #   #       confinement: classic # or devmode
+    #   #       channel: latest/stable # will be passed to --channel flag
+    #   #     - name: helm
+    #   #       confinement: classic # or devmode
+    #   #       channel: latest/stable # will be passed to --channel flag
+    #   language: python
+    #   python: 3.7
+    #   before_install:
+    #     - pip3 install virtualenv
+    #     - virtualenv -p $(which python3) ~venvpy3
+    #     - source ~venvpy3/bin/activate
+    #     - pip install -r requirements.txt
+    #   script:
+    #     - sudo make deploy-kind
+    #     - sudo kind create cluster --name tutorial-cluster
+    #     - sudo kubectl config use-context kind-tutorial-cluster
+    #     - sudo make provision-kubectl
+    #     - sudo make provision-helm        
+    #     - sudo make deploy-efk
+    #     - sudo kind delete cluster --name tutorial-cluster
+    #   after_success:
+    #     - deactivate
+
+    # - name: "EFK kind w snapped kubectl helm Python 3.7 on bionic" #OK
+    #   dist: bionic
+    #   arch: amd64
+    #   addons:
+    #     snaps:
+    #       - name: kubectl
+    #         confinement: classic # or devmode
+    #         channel: latest/stable # will be passed to --channel flag
+    #       - name: helm
+    #         confinement: classic # or devmode
+    #         channel: latest/stable # will be passed to --channel flag
+    #   language: python
+    #   python: 3.7
+    #   before_install:
+    #     - pip3 install virtualenv
+    #     - virtualenv -p $(which python3) ~venvpy3
+    #     - source ~venvpy3/bin/activate
+    #     - pip install -r requirements.txt
+    #   script:
+    #     - sudo make deploy-kind
+    #     - sudo kind create cluster --name tutorial-cluster
+    #     - sudo kubectl config use-context kind-tutorial-cluster
+    #     - sudo make deploy-efk
+    #     - sudo kind delete cluster --name tutorial-cluster
+    #   after_success:
+    #     - deactivate
+
     # - name: "microservices kind w snapped kubectl helm Python 3.7 on bionic" #OK
     #   dist: bionic
     #   arch: amd64
@@ -125,13 +299,102 @@ matrix:
     #     - pip install -r requirements.txt
     #   script:
     #     - sudo make deploy-kind
+    #     - sudo kind create cluster --name tutorial-cluster
+    #     - sudo kubectl config use-context kind-tutorial-cluster
+    #     - sudo make deploy-microservices
+    #     - sudo kind delete cluster --name tutorial-cluster
+    #   after_success:
+    #     - deactivate
+
+
+
+
+
+
+    # - name: "istio service mesh kind w snapped kubectl helm Python 3.7 on bionic" #OK
+    #   dist: bionic
+    #   arch: amd64
+    #   addons:
+    #     snaps:
+    #       - name: kubectl
+    #         confinement: classic # or devmode
+    #         channel: latest/stable # will be passed to --channel flag
+    #       - name: helm
+    #         confinement: classic # or devmode
+    #         channel: latest/stable # will be passed to --channel flag
+    #   language: python
+    #   python: 3.7
+    #   before_install:
+    #     - pip3 install virtualenv
+    #     - virtualenv -p $(which python3) ~venvpy3
+    #     - source ~venvpy3/bin/activate
+    #     - pip install -r requirements.txt
+    #   script:
+    #     - sudo make deploy-kind
     #     - sudo kind create cluster --config=app/kind-config.yaml
     #     - sudo kubectl cluster-info --context kind-kind
-    #     - sudo make deploy-microservices
+    #     - sudo make deploy-istio
+    #     # - sudo kind delete cluster --name cilium-testing
+    #   after_success:
+    #     - deactivate
+
+    #MOVED
+    # - name: "openfaas w snapped kubectl helm Python 3.7 on bionic" #OK
+    #   dist: bionic
+    #   arch: amd64
+    #   addons:
+    #     snaps:
+    #       - name: kubectl
+    #         confinement: classic # or devmode
+    #         channel: latest/stable # will be passed to --channel flag
+    #       - name: helm
+    #         confinement: classic # or devmode
+    #         channel: latest/stable # will be passed to --channel flag
+    #   language: python
+    #   python: 3.7
+    #   before_install:
+    #     - pip3 install virtualenv
+    #     - virtualenv -p $(which python3) ~venvpy3
+    #     - source ~venvpy3/bin/activate
+    #     - pip install -r requirements.txt
+    #   script:
+    #     - sudo make deploy-kind
+    #     - sudo kind create cluster --name openfaas-testing
+    #     - sudo kubectl config use-context kind-openfaas-testing
+    #     - sudo make deploy-openfaas
+    #     - sudo kind delete cluster --name openfaas-testing
     #   after_success:
     #     - deactivate
 
-    - name: "istio service mesh kind w snapped kubectl helm Python 3.7 on bionic" #OK
+    # - name: "kubesec w snapped kubectl helm Python 3.7 on bionic" #OK
+    #   dist: bionic
+    #   arch: amd64
+    #   addons:
+    #     snaps:
+    #       - name: kubectl
+    #         confinement: classic # or devmode
+    #         channel: latest/stable # will be passed to --channel flag
+    #       - name: helm
+    #         confinement: classic # or devmode
+    #         channel: latest/stable # will be passed to --channel flag
+    #   language: go
+    #   # before_install:
+    #   #   - pip3 install virtualenv
+    #   #   - virtualenv -p $(which python3) ~venvpy3
+    #   #   - source ~venvpy3/bin/activate
+    #   #   - pip install -r requirements.txt
+    #   script:
+    #     - sudo make deploy-kind
+    #     - sudo kind create cluster --name kubesec-testing
+    #     - sudo kubectl config use-context kind-kubesec-testing
+    #     - go version
+    #     - go get -u github.com/controlplaneio/kubesec/cmd/kubesec
+    #     - sudo make deploy-kubesec
+    #     - sudo kind delete cluster --name kubesec-testing
+    #   after_success:
+    #     - deactivate
+
+    - name: "voting-app  w snapped kubectl helm Python 3.7 on bionic amd64"
       dist: bionic
       arch: amd64
       addons:
@@ -151,14 +414,41 @@ matrix:
         - pip install -r requirements.txt
       script:
         - sudo make deploy-kind
-        - sudo kind create cluster --config=app/kind-config.yaml
-        - sudo kubectl cluster-info --context kind-kind
-        - sudo make deploy-istio
-        # - sudo kind delete cluster --name cilium-testing
+        - sudo kind create cluster --name tutorial-cluster
+        - sudo kubectl config use-context kind-tutorial-cluster
+        - sudo make deploy-voting-app
+        - sudo kind delete cluster --name tutorial-cluster
       after_success:
         - deactivate
 
-# ######################## OK #################################
+# ######################## TESTED OK STARTS #################################
+    # - name: "chaos mesh kind w snapped kubectl helm Python 3.7 on bionic amd64" #OK
+    #   dist: bionic
+    #   arch: amd64
+    #   addons:
+    #     snaps:
+    #       - name: kubectl
+    #         confinement: classic # or devmode
+    #         channel: latest/stable # will be passed to --channel flag
+    #       - name: helm
+    #         confinement: classic # or devmode
+    #         channel: latest/stable # will be passed to --channel flag
+    #   language: python
+    #   python: 3.7
+    #   before_install:
+    #     - pip3 install virtualenv
+    #     - virtualenv -p $(which python3) ~venvpy3
+    #     - source ~venvpy3/bin/activate
+    #     - pip install -r requirements.txt
+    #   script:
+    #     - sudo make deploy-kind
+    #     - sudo kind create cluster --name tutorial-cluster
+    #     - sudo kubectl config use-context kind-tutorial-cluster        
+    #     - sudo make deploy-chaosmesh
+    #     - sudo kind delete cluster --name tutorial-cluster
+    #   after_success:
+    #     - deactivate
+
     #
     #   #https://docs.cilium.io/en/latest/gettingstarted/kind/
     # - name: "cilium hubble local kind w snapped kubectl helm Python 3.7 on bionic" #OK
diff --git a/Makefile b/Makefile
index 52fa1d7..7172352 100644
--- a/Makefile
+++ b/Makefile
@@ -1,30 +1,69 @@
 IMAGE := alpine/fio
 APP:="app/deploy-openesb.sh"
 
+deploy-kubeseco:
+	bash app/deploy-kubeseco.sh
+
+deploy-voting-app:
+	bash app/deploy-voting-app.sh
+	
+deploy-chaosmesh:
+	bash app/deploy-chaosmesh.sh
+
+deploy-elk:
+	bash app/deploy-elk.sh
+
+deploy-efk:
+	bash app/deploy-efk.sh
+
+provision-helm:
+	bash app/provision-helm.sh
+
+provision-kubectl:
+	bash app/provision-kubectl.sh
+
+deploy-openfaas:
+	bash app/deploy-openfaas.sh
+
+deploy-kubesec:
+	bash app/deploy-kubesec.sh
+
 deploy-kind:
 	bash deploy-kind.sh
+
 deploy-microservices:
 	bash app/deploy-microservices.sh
+
 deploy-cilium-cluster-mesh:
 	bash app/deploy-cilium-cluster-mesh.sh
+
 deploy-cilium-hubble-dist:
 	bash app/deploy-cilium-hubble-dist.sh
+
 deploy-cilium-hubble-local:
 	bash app/deploy-cilium-hubble-local.sh
+
 deploy-cilium:
 	bash app/deploy-cilium.sh
+
 deploy-kubeflow:
 	bash app/deploy-kubeflow.sh
+
 deploy-openesb:
 	bash app/deploy-openesb.sh
+
 deploy-weavescope:
 	bash app/deploy-weavescope.sh
+
 deploy-istio:
 	bash app/deploy-istio.sh
+
 deploy-dashboard:
 	bash app/deploy-dashboard.sh
+
 deploy-dashboard-helm:
 	bash app/deploy-dashboard-helm.sh
+
 push-image:
 	docker push $(IMAGE)
 .PHONY: deploy-kind deploy-openesb deploy-dashboard deploy-dashboard-helm deploy-istio push-image
diff --git a/app/counter.yaml b/app/counter.yaml
new file mode 100644
index 0000000..cbcc8ef
--- /dev/null
+++ b/app/counter.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: counter
+spec:
+  containers:
+  - name: count
+    image: busybox
+    args: [/bin/sh, -c, 'i=0; while true; do echo "This is demo log $i: $(date)"; i=$((i+1)); sleep 1; done']
\ No newline at end of file
diff --git a/app/deploy-chaosmesh.sh b/app/deploy-chaosmesh.sh
new file mode 100644
index 0000000..2d173a6
--- /dev/null
+++ b/app/deploy-chaosmesh.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+set -o errexit
+set -o pipefail
+set -o nounset
+set -o xtrace
+# set -eox pipefail #safety for script
+
+# https://chaos-mesh.org/docs/installation/get_started_on_kind/
+echo "===============================Install Chaos Mesh==========================================================="
+
+/bin/sh -c 'curl -sSL https://raw.githubusercontent.com/chaos-mesh/chaos-mesh/master/install.sh | bash -s -- --local kind' 
+# curl -sSL https://raw.githubusercontent.com/chaos-mesh/chaos-mesh/master/install.sh | bash -s -- --local kind
+
+
+#Deploy the sample application
+kubectl get service --all-namespaces #list all services in all namespace
+kubectl get services #The application will start. As each pod becomes ready, the Istio sidecar will deploy along with it.
+kubectl get pods
+
+for i in {1..60}; do # Timeout after 5 minutes, 60x2=120 secs, 2 mins
+    if kubectl get pods --namespace=chaos-testing |grep Running ; then
+      break
+    fi
+    sleep 2
+done
+
+kubectl get service --all-namespaces #list all services in all namespace
+# Verify your installation
+kubectl get pod -n chaos-testing
diff --git a/app/deploy-cilium.sh b/app/deploy-cilium.sh
index 618c802..1026683 100644
--- a/app/deploy-cilium.sh
+++ b/app/deploy-cilium.sh
@@ -24,7 +24,7 @@ helm install cilium ./cilium \
    --set global.pullPolicy=IfNotPresent \
    --set config.ipam=kubernetes
 
-echo echo "Waiting for cilium to be ready ..."
+echo "Waiting for cilium to be ready ..."
 for i in {1..60}; do # Timeout after 3 minutes, 60x5=300 secs
      if kubectl get pods --namespace=kube-system  | grep ContainerCreating ; then
          sleep 5
diff --git a/app/deploy-efk.sh b/app/deploy-efk.sh
new file mode 100644
index 0000000..8a808b4
--- /dev/null
+++ b/app/deploy-efk.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+set -o errexit
+set -o pipefail
+set -o nounset
+set -o xtrace
+# set -eox pipefail #safety for script
+
+echo "=============================EFK Elastic Fluentd Kibana============================================================="
+
+helm install elasticsearch stable/elasticsearch
+sleep 10
+
+kubectl apply -f app/fluentd-daemonset-elasticsearch.yaml
+
+helm install kibana stable/kibana -f app/kibana-values.yaml
+
+kubectl apply -f app/counter.yaml
+
+# curl kibana dashboard
diff --git a/app/deploy-elk.sh b/app/deploy-elk.sh
new file mode 100644
index 0000000..4bb3216
--- /dev/null
+++ b/app/deploy-elk.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+set -o errexit
+set -o pipefail
+set -o nounset
+set -o xtrace
+# set -eox pipefail #safety for script
+
+echo "=============================ELK Elastic Kibana Logstash============================================================="
+
+kubectl create namespace elk
+kubectl apply --namespace=elk -f - <<"EOF"
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: mem-limit-range
+spec:
+  limits:
+  - default:
+      memory: 2000Mi
+      cpu: 2000m
+    defaultRequest:
+      memory: 1000Mi
+      cpu: 1000m
+    type: Container
+EOF
+echo "resource quotas applied to the namespace"
+
+helm install --name elastic-stack --namespace=elk stable/elastic-stack -f my-elastic-stack.yaml
+sleep 150
+kubectl get pods -n elk -l "release=elastic-stack"  
+
+helm install --name kube-state-metrics --namespace=elk stable/kube-state-metrics
+helm install --name elastic-metricbeat --namespace=elk stable/metricbeat -f my-elastic-metricbeat.yaml # metricbeat dashboard 
+kubectl --namespace=elk get pods -l "app=metricbeat,release=elastic-metricbeat"
+
+export POD_NAME=$(kubectl get pods -n elk -l "app=kibana,release=elastic-stack" -o jsonpath="{.items[0].metadata.name}");
+kubectl port-forward -n elk $POD_NAME 5601:5601
+
+# view dashoard 
+curl http://localhost:5601/ 
\ No newline at end of file
diff --git a/app/deploy-istio-kind.sh b/app/deploy-istio-kind.sh
new file mode 100644
index 0000000..e9ea597
--- /dev/null
+++ b/app/deploy-istio-kind.sh
@@ -0,0 +1,129 @@
+#!/bin/bash
+set -o errexit
+set -o pipefail
+set -o nounset
+set -o xtrace
+# set -eox pipefail #safety for script
+
+#https://kind.sigs.k8s.io/docs/user/quick-start/
+#https://istio.io/docs/setup/platform-setup/kind/
+echo "=============================kind istio============================================================="
+docker version
+curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.8.1/kind-$(uname)-amd64
+chmod +x ./kind
+sudo mv ./kind /usr/local/bin/kind
+kind get clusters #see the list of kind clusters
+kind create cluster --name istio-testing #Create a cluster,By default, the cluster will be given the name kind
+kind get clusters
+# - sudo snap install kubectl --classic
+kubectl config get-contexts #list the local Kubernetes contexts
+kubectl config use-context kind-istio-testing #run following command to set the current context for kubectl
+
+#https://istio.io/latest/docs/setup/getting-started/
+echo "===============================Install istio==========================================================="
+#Download Istio
+#/bin/sh -c 'curl -L https://istio.io/downloadIstio | sh -' #download and extract the latest release automatically (Linux or macOS)
+export ISTIORELEASE="1.6"
+export ISTIOVERSION="1.6.4"
+/bin/sh -c 'curl -L https://istio.io/downloadIstio | ISTIO_VERSION=$ISTIOVERSION sh -' #download a specific version
+
+cd istio-* #Move to the Istio package directory. For example, if the package is istio-1.6.0
+export PATH=$PWD/bin:$PATH #Add the istioctl client to your path, The istioctl client binary in the bin/ directory.
+#precheck inspects a Kubernetes cluster for Istio install requirements
+istioctl experimental precheck #https://istio.io/docs/reference/commands/istioctl/#istioctl-experimental-precheck
+istioctl version
+istioctl manifest apply --set profile=demo #Install Istio, use the demo configuration profile
+kubectl label namespace default istio-injection=enabled #Add a namespace label to instruct Istio to automatically inject Envoy sidecar proxies when you deploy your application later
+
+#Deploy the sample application
+kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml #Deploy the Bookinfo sample application:
+kubectl get service --all-namespaces #list all services in all namespace
+kubectl get services #The application will start. As each pod becomes ready, the Istio sidecar will deploy along with it.
+kubectl get pods
+for i in {1..60}; do # Timeout after 5 minutes, 60x2=120 secs, 2 mins
+    if kubectl get pods --namespace=istio-system |grep Running ; then
+      break
+    fi
+    sleep 2
+done
+kubectl get service --all-namespaces #list all services in all namespace
+
+# see if the app is running inside the cluster and serving HTML pages by checking for the page title in the response
+#error: unable to upgrade connection: container not found ("ratings")
+#kubectl exec $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
+#interactive shell
+#kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
+# - |
+#   kubectl exec -it $(kubectl get pod \
+#                -l app=ratings \
+#                -o jsonpath='{.items[0].metadata.name}') \
+#                -c ratings \
+#                -- curl productpage:9080/productpage | grep -o "<title>.*</title>" <title>Simple Bookstore App</title>
+
+
+#Open the application to outside traffic
+#The Bookinfo application is deployed but not accessible from the outside. To make it accessible, you need to create an Istio Ingress Gateway, which maps a path to a route at the edge of your mesh.
+kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml #Associate this application with the Istio gateway
+istioctl analyze #Ensure that there are no issues with the configuration
+
+#Other platforms
+#Determining the ingress IP and ports
+#If the EXTERNAL-IP value is set, your environment has an external load balancer that you can use for the ingress gateway.
+#If the EXTERNAL-IP value is <none> (or perpetually <pending>), your environment does not provide an external load balancer for the ingress gateway.
+#access the gateway using the service’s node port.
+kubectl get svc istio-ingressgateway -n istio-system #determine if your Kubernetes cluster is running in an environment that supports external load balancers
+
+#external load balancer
+# #Follow these instructions if you have determined that your environment has an external load balancer.
+# # If the EXTERNAL-IP value is <none> (or perpetually <pending>), your environment does not provide an external load balancer for the ingress gateway,access the gateway using the service’s node port.
+# - export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+# - export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
+# - export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
+
+# #In certain environments, the load balancer may be exposed using a host name, instead of an IP address.
+# #the ingress gateway’s EXTERNAL-IP value will not be an IP address, but rather a host name
+
+#failed to set the INGRESS_HOST environment variable, correct the INGRESS_HOST value
+ export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
+
+#Follow these instructions if your environment does not have an external load balancer and choose a node port instead
+#Set the ingress ports:
+export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}') #Set the ingress ports
+export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}') #Set the ingress ports
+
+#INGRESS_HOST: unbound variable
+export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT #Set GATEWAY_URL
+# echo $GATEWAY_URL #Ensure an IP address and port were successfully assigned to the environment variable
+# echo http://$GATEWAY_URL/productpage #Verify external access,retrieve the external address of the Bookinfo application
+# echo $(curl http://$GATEWAY_URL/productpage)
+
+#View the dashboard
+#istioctl dashboard kiali #optional dashboards installed by the demo installation,Access the Kiali dashboard. The default user name is admin and default password is admin
+#istioctl dashboard kiali # interactive shell
+
+
+#Uninstall
+#Cleanup #https://istio.io/latest/docs/examples/bookinfo/#cleanup
+#Delete the routing rules and terminate the application pods
+#samples/bookinfo/platform/kube/cleanup.sh
+# export ISTIORELEASE="1.6"
+# export NAMESPACE="default" #error: the path "/home/travis/build/githubfoam/kind-travisci/istio-1.6.4/bookinfo.yaml" does not exist
+# export NAMESPACE="istio-system" #error: the path "/home/travis/build/githubfoam/kind-travisci/istio-1.6.4/bookinfo.yaml" does not exist
+# /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/istio/istio/release-$ISTIORELEASE/samples/bookinfo/platform/kube/cleanup.sh)"
+#bash app/cleanup.sh #bash: app/cleanup.sh: No such file or directory
+# /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
+
+#Confirm shutdown
+# kubectl get virtualservices --namespace=istio-system   #-- there should be no virtual services
+# kubectl get destinationrules --namespace=istio-system  #-- there should be no destination rules
+# kubectl get gateway --namespace=istio-system           #-- there should be no gateway
+# kubectl get pods --namespace=istio-system              #-- the Bookinfo pods should be deleted
+
+
+# #The Istio uninstall deletes the RBAC permissions and all resources hierarchically under the istio-system namespace
+# #It is safe to ignore errors for non-existent resources because they may have been deleted hierarchically.
+# /bin/sh -eu -xv -c 'istioctl manifest generate --set profile=demo | kubectl delete -f -'
+
+#The istio-system namespace is not removed by default.
+#If no longer needed, use the following command to remove it
+ # kubectl delete namespace istio-system
diff --git a/app/deploy-istio.sh b/app/deploy-istio.sh
index e9ea597..035d0b7 100644
--- a/app/deploy-istio.sh
+++ b/app/deploy-istio.sh
@@ -7,17 +7,17 @@ set -o xtrace
 
 #https://kind.sigs.k8s.io/docs/user/quick-start/
 #https://istio.io/docs/setup/platform-setup/kind/
-echo "=============================kind istio============================================================="
-docker version
-curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.8.1/kind-$(uname)-amd64
-chmod +x ./kind
-sudo mv ./kind /usr/local/bin/kind
-kind get clusters #see the list of kind clusters
-kind create cluster --name istio-testing #Create a cluster,By default, the cluster will be given the name kind
-kind get clusters
-# - sudo snap install kubectl --classic
-kubectl config get-contexts #list the local Kubernetes contexts
-kubectl config use-context kind-istio-testing #run following command to set the current context for kubectl
+# echo "=============================kind istio============================================================="
+# docker version
+# curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.8.1/kind-$(uname)-amd64
+# chmod +x ./kind
+# sudo mv ./kind /usr/local/bin/kind
+# kind get clusters #see the list of kind clusters
+# kind create cluster --name istio-testing #Create a cluster,By default, the cluster will be given the name kind
+# kind get clusters
+# # - sudo snap install kubectl --classic
+# kubectl config get-contexts #list the local Kubernetes contexts
+# kubectl config use-context kind-istio-testing #run following command to set the current context for kubectl
 
 #https://istio.io/latest/docs/setup/getting-started/
 echo "===============================Install istio==========================================================="
diff --git a/app/deploy-kind-gardener.sh b/app/deploy-kind-gardener.sh
new file mode 100644
index 0000000..f63d83f
--- /dev/null
+++ b/app/deploy-kind-gardener.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+set -o errexit
+set -o pipefail
+set -o nounset
+set -o xtrace
+
+#https://istio.io/docs/setup/platform-setup/gardener/
+#https://github.com/gardener/gardener/blob/master/docs/development/local_setup.md
+echo "=============================kind istio============================================================="
+curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.8.1/kind-$(uname)-amd64
+chmod +x ./kind
+
+mv ./kind /usr/local/bin/kind
+kind get clusters #see the list of kind clusters
+kind create cluster --name istio-testing #Create a cluster,By default, the cluster will be given the name kind
+kind get clusters
+
+snap install kubectl --classic
+
+kubectl config get-contexts #list the local Kubernetes contexts
+kubectl config use-context kind-istio-testing #run following command to set the current context for kubectl
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml #deploy Dashboard
+
+echo "===============================Waiting for Dashboard to be ready==========================================================="
+for i in {1..150}; do # Timeout after 5 minutes, 150x2=300 secs
+              if kubectl get pods --namespace=kubernetes-dashboard | grep Running ; then
+                break
+              fi
+              sleep 2
+done
+
+kubectl get pod -n kubernetes-dashboard #Verify that Dashboard is deployed and running
+kubectl create clusterrolebinding default-admin --clusterrole cluster-admin --serviceaccount=default:default #Create a ClusterRoleBinding to provide admin access to the newly created cluster
+
+#To login to Dashboard, you need a Bearer Token. Use the following command to store the token in a variable
+token=$(kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode)
+echo $token #Display the token using the echo command and copy it to use for logging into Dashboard.
+kubectl proxy & # Access Dashboard using the kubectl command-line tool by running the following command, Starting to serve on 127.0.0.1:8001
+
+for i in {1..60}; do # Timeout after 1 mins, 60x1=60 secs
+              if nc -z -v 127.0.0.1 8001 2>&1 | grep succeeded ; then
+                break
+              fi
+              sleep 1
+done
+
+# - kind delete cluster --name istio-testing #delete the existing cluster
diff --git a/app/deploy-kubesec.sh b/app/deploy-kubesec.sh
new file mode 100644
index 0000000..8ae87bb
--- /dev/null
+++ b/app/deploy-kubesec.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+set -o errexit
+set -o pipefail
+set -o nounset
+set -o xtrace
+
+# echo "=============================install go============================================================="
+# export GOVERSION="1.14.4"
+# curl -O https://dl.google.com/go/go$GOVERSION.linux-amd64.tar.gz
+# tar -vf go$GOVERSION.linux-amd64.tar.gz
+# sudo mv go /usr/local
+# stat /usr/local/go
+# mkdir ~/work
+# echo "export GOPATH=$HOME/work" >> ~/.profile
+# echo "export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin" >> ~/.profile
+# source ~/.profile
+# go version
+
+echo "=============================kubesec============================================================="
+#https://github.com/controlplaneio/kubesec
+# go get -u github.com/controlplaneio/kubesec/cmd/kubesec
+
+#Command line usage
+cat <<EOF > kubesec-test.yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: kubesec-demo
+spec:
+  containers:
+  - name: kubesec-demo
+    image: gcr.io/google-samples/node-hello:1.0
+    securityContext:
+      readOnlyRootFilesystem: true
+EOF
+kubesec scan kubesec-test.yaml
+
+#Docker usage
+docker run -i kubesec/kubesec:512c5e0 scan /dev/stdin < kubesec-test.yaml
+
+# Kubesec HTTP Server
+kubesec http 8080 &
diff --git a/app/deploy-kubeseco.sh b/app/deploy-kubeseco.sh
new file mode 100644
index 0000000..ddd346f
--- /dev/null
+++ b/app/deploy-kubeseco.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+set -o errexit
+set -o pipefail
+set -o nounset
+set -o xtrace
+# set -eox pipefail #safety for script
+
+# https://github.com/appsecco/kubeseco
+echo "===============================deploy kubeseco==========================================================="
+
+# Clone This Repository
+git clone https://github.com/appsecco/kubeseco && cd kubeseco
+
+# Deploy Apps and Infra
+# setup the cluster
+./setup.sh
+
+# Expose API Service
+kubectl port-forward service/api-service 3000
+
+# Submit Scan
+curl -H "Content-Type: application/json" \
+-d '{"asset_type":"domain", "asset_value":"example.com"}' \
+http://localhost:3000/scans
+
+# Get Result
+# :scan_id is obtained after successful scan submission
+# curl http://localhost:3000/scans/:scan_id
+
+echo "===============================deploy kubeseco finished==========================================================="
diff --git a/app/deploy-microservices.sh b/app/deploy-microservices.sh
index eec5ade..2490d79 100644
--- a/app/deploy-microservices.sh
+++ b/app/deploy-microservices.sh
@@ -19,10 +19,19 @@ kind get clusters
 # - sudo snap install kubectl --classic
 kubectl config get-contexts #list the local Kubernetes contexts
 kubectl config use-context kind-istio-testing #run following command to set the current context for kubectl
+
+BASEDIR=`pwd` && echo $BASEDIR
+
+# Setup a Kubernetes Cluster
+
+# Create an environment variable to store the name of a namespace
 export NAMESPACE=tutorial
+# Create the namespace
 kubectl create namespace $NAMESPACE
 
 #https://istio.io/latest/docs/setup/getting-started/
+# https://istio.io/latest/docs/examples/microservices-istio/setup-kubernetes-cluster/
+# Install Istio using the demo profile.
 echo "===============================Install istio==========================================================="
 #Download Istio
 #/bin/sh -c 'curl -L https://istio.io/downloadIstio | sh -' #download and extract the latest release automatically (Linux or macOS)
@@ -35,76 +44,374 @@ export PATH=$PWD/bin:$PATH #Add the istioctl client to your path, The istioctl c
 #precheck inspects a Kubernetes cluster for Istio install requirements
 istioctl experimental precheck #https://istio.io/docs/reference/commands/istioctl/#istioctl-experimental-precheck
 istioctl version
-istioctl manifest apply --set profile=demo #Install Istio, use the demo configuration profile
-kubectl label namespace default istio-injection=enabled #Add a namespace label to instruct Istio to automatically inject Envoy sidecar proxies when you deploy your application later
-
-#Deploy the sample application
-kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml #Deploy the Bookinfo sample application:
-kubectl get service --all-namespaces #list all services in all namespace
-kubectl get services #The application will start. As each pod becomes ready, the Istio sidecar will deploy along with it.
-kubectl get pods
-for i in {1..60}; do # Timeout after 5 minutes, 60x2=120 secs, 2 mins
-    if kubectl get pods --namespace=istio-system |grep Running ; then
-      break
-    fi
-    sleep 2
-done
-kubectl get service --all-namespaces #list all services in all namespace
-
-# see if the app is running inside the cluster and serving HTML pages by checking for the page title in the response
-#error: unable to upgrade connection: container not found ("ratings")
-#kubectl exec $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
-#interactive shell
-#kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
-# - |
-#   kubectl exec -it $(kubectl get pod \
-#                -l app=ratings \
-#                -o jsonpath='{.items[0].metadata.name}') \
-#                -c ratings \
-#                -- curl productpage:9080/productpage | grep -o "<title>.*</title>" <title>Simple Bookstore App</title>
-
-
-#Open the application to outside traffic
-#The Bookinfo application is deployed but not accessible from the outside. To make it accessible, you need to create an Istio Ingress Gateway, which maps a path to a route at the edge of your mesh.
-kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml #Associate this application with the Istio gateway
-istioctl analyze #Ensure that there are no issues with the configuration
-
-#Other platforms
-#Determining the ingress IP and ports
-#If the EXTERNAL-IP value is set, your environment has an external load balancer that you can use for the ingress gateway.
-#If the EXTERNAL-IP value is <none> (or perpetually <pending>), your environment does not provide an external load balancer for the ingress gateway.
-#access the gateway using the service’s node port.
-kubectl get svc istio-ingressgateway -n istio-system #determine if your Kubernetes cluster is running in an environment that supports external load balancers
-
-#external load balancer
-# #Follow these instructions if you have determined that your environment has an external load balancer.
-# # If the EXTERNAL-IP value is <none> (or perpetually <pending>), your environment does not provide an external load balancer for the ingress gateway,access the gateway using the service’s node port.
-# - export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-# - export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
-# - export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
-
-# #In certain environments, the load balancer may be exposed using a host name, instead of an IP address.
-# #the ingress gateway’s EXTERNAL-IP value will not be an IP address, but rather a host name
-
-#failed to set the INGRESS_HOST environment variable, correct the INGRESS_HOST value
- export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
-
-#Follow these instructions if your environment does not have an external load balancer and choose a node port instead
-#Set the ingress ports:
-export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}') #Set the ingress ports
-export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}') #Set the ingress ports
-
-#INGRESS_HOST: unbound variable
-export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT #Set GATEWAY_URL
-# echo $GATEWAY_URL #Ensure an IP address and port were successfully assigned to the environment variable
-# echo http://$GATEWAY_URL/productpage #Verify external access,retrieve the external address of the Bookinfo application
-# echo $(curl http://$GATEWAY_URL/productpage)
-
-#View the dashboard
-#istioctl dashboard kiali #optional dashboards installed by the demo installation,Access the Kiali dashboard. The default user name is admin and default password is admin
-#istioctl dashboard kiali # interactive shell
-
-#Enable Envoy’s access logging.
-#https://istio.io/latest/docs/tasks/observability/logs/access-log/#before-you-begin
-#Deploy the sleep sample app to use as a test source for sending requests. 
+#Install Istio, use the demo configuration profile
+istioctl manifest apply --set profile=demo
+
+#Add a namespace label to instruct Istio to automatically inject Envoy sidecar proxies when you deploy your application later
+kubectl label namespace default istio-injection=enabled
+
+# #Deploy the sample application
+# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml #Deploy the Bookinfo sample application:
+# kubectl get service --all-namespaces #list all services in all namespace
+# kubectl get services #The application will start. As each pod becomes ready, the Istio sidecar will deploy along with it.
+# kubectl get pods
+# for i in {1..60}; do # Timeout after 5 minutes, 60x2=120 secs, 2 mins
+#     if kubectl get pods --namespace=istio-system |grep Running ; then
+#       break
+#     fi
+#     sleep 2
+# done
+# kubectl get service --all-namespaces #list all services in all namespace
+#
+# # see if the app is running inside the cluster and serving HTML pages by checking for the page title in the response
+# #error: unable to upgrade connection: container not found ("ratings")
+# #kubectl exec $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
+# #interactive shell
+# #kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
+# # - |
+# #   kubectl exec -it $(kubectl get pod \
+# #                -l app=ratings \
+# #                -o jsonpath='{.items[0].metadata.name}') \
+# #                -c ratings \
+# #                -- curl productpage:9080/productpage | grep -o "<title>.*</title>" <title>Simple Bookstore App</title>
+#
+#
+# #Open the application to outside traffic
+# #The Bookinfo application is deployed but not accessible from the outside. To make it accessible, you need to create an Istio Ingress Gateway, which maps a path to a route at the edge of your mesh.
+# kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml #Associate this application with the Istio gateway
+# istioctl analyze #Ensure that there are no issues with the configuration
+#
+# #Other platforms
+# #Determining the ingress IP and ports
+# #If the EXTERNAL-IP value is set, your environment has an external load balancer that you can use for the ingress gateway.
+# #If the EXTERNAL-IP value is <none> (or perpetually <pending>), your environment does not provide an external load balancer for the ingress gateway.
+# #access the gateway using the service’s node port.
+# kubectl get svc istio-ingressgateway -n istio-system #determine if your Kubernetes cluster is running in an environment that supports external load balancers
+#
+# #external load balancer
+# # #Follow these instructions if you have determined that your environment has an external load balancer.
+# # # If the EXTERNAL-IP value is <none> (or perpetually <pending>), your environment does not provide an external load balancer for the ingress gateway,access the gateway using the service’s node port.
+# # - export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+# # - export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
+# # - export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
+#
+# # #In certain environments, the load balancer may be exposed using a host name, instead of an IP address.
+# # #the ingress gateway’s EXTERNAL-IP value will not be an IP address, but rather a host name
+#
+# #failed to set the INGRESS_HOST environment variable, correct the INGRESS_HOST value
+#  export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
+#
+# #Follow these instructions if your environment does not have an external load balancer and choose a node port instead
+# #Set the ingress ports:
+# export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}') #Set the ingress ports
+# export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}') #Set the ingress ports
+#
+# #INGRESS_HOST: unbound variable
+# export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT #Set GATEWAY_URL
+# # echo $GATEWAY_URL #Ensure an IP address and port were successfully assigned to the environment variable
+# # echo http://$GATEWAY_URL/productpage #Verify external access,retrieve the external address of the Bookinfo application
+# # echo $(curl http://$GATEWAY_URL/productpage)
+#
+# #View the dashboard
+# #istioctl dashboard kiali #optional dashboards installed by the demo installation,Access the Kiali dashboard. The default user name is admin and default password is admin
+# #istioctl dashboard kiali # interactive shell
+#
+# #Enable Envoy’s access logging.
+# #https://istio.io/latest/docs/tasks/observability/logs/access-log/#before-you-begin
+# #Deploy the sleep sample app to use as a test source for sending requests.
+# kubectl apply -f samples/sleep/sleep.yaml
+
+
+# enable Envoy’s access logging
+# Skip the clean up and delete steps, because you need the sleep application
+# https://istio.io/latest/docs/examples/microservices-istio/setup-kubernetes-cluster/
+# https://istio.io/latest/docs/tasks/observability/logs/access-log/#before-you-begin
+echo "===============================Enable Envoy’s access logging.==========================================================="
+# Deploy the sleep sample app to use as a test source for sending requests.
+# If you have automatic sidecar injection enabled, run the following command to deploy the sample app
+
+# Otherwise, manually inject the sidecar before deploying the sleep application
+# kubectl apply -f <(istioctl kube-inject -f samples/sleep/sleep.yaml)
+
 kubectl apply -f samples/sleep/sleep.yaml
+# kubectl apply -f https://github.com/istio/istio/tree/release-1.6/samples/sleep
+
+# Set the SOURCE_POD environment variable to the name of your source pod:
+export SOURCE_POD=$(kubectl get pod -l app=sleep -o jsonpath={.items..metadata.name})
+
+# Start the httpbin sample.
+# If you have enabled automatic sidecar injection, deploy the httpbin service
+
+# Otherwise, you have to manually inject the sidecar before deploying the httpbin application
+# kubectl apply -f <(istioctl kube-inject -f samples/httpbin/httpbin.yaml)
+
+kubectl apply -f samples/httpbin/httpbin.yaml
+
+
+# Enable Envoy’s access logging
+# Install Istio using the demo profile.
+# replace demo with the name of the profile you used when you installed Istio
+istioctl install --set profile=demo --set meshConfig.accessLogFile="/dev/stdout"
+
+# Test the access log
+# connect to 10.110.95.100 port 8000 failed: Connection refused
+# kubectl exec -it $(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}') -c sleep -- curl -v httpbin:8000/status/418
+
+kubectl get pods --all-namespaces
+echo echo "Waiting for sleep and httpbin to be ready ..."
+for i in {1..150}; do # Timeout after 5 minutes, 60x5=300 secs
+      if kubectl get pods --namespace=default  | grep PodInitializing ; then
+        sleep 10
+      else
+        break
+      fi
+done
+echo echo "Waiting for kubernetes be ready ..."
+for i in {1..150}; do # Timeout after 5 minutes, 60x5=300 secs
+      if kubectl get pods --namespace=istio-system  | grep ContainerCreating ; then
+        sleep 10
+      else
+        break
+      fi
+done
+kubectl get pods --all-namespaces
+
+# Check sleep’s log
+kubectl logs -l app=sleep -c istio-proxy
+# Check httpbin’s log
+kubectl logs -l app=httpbin -c istio-proxy #2020-07-08T18:15:02.910663Z	info	Envoy proxy is ready
+
+
+# https://istio.io/latest/docs/examples/microservices-istio/setup-kubernetes-cluster/
+# Create a Kubernetes Ingress resource for these common Istio services using the kubectl
+# Grafana
+# Jaeger
+# Prometheus
+# Kiali
+# The kubectl command can accept an in-line configuration to create the Ingress resources for each service
+kubectl apply -f - <<EOF
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: istio-system
+  namespace: istio-system
+spec:
+  rules:
+  - host: my-istio-dashboard.io
+    http:
+      paths:
+      - path: /*
+        backend:
+          serviceName: grafana
+          servicePort: 3000
+  - host: my-istio-tracing.io
+    http:
+      paths:
+      - path: /*
+        backend:
+          serviceName: tracing
+          servicePort: 9411
+  - host: my-istio-logs-database.io
+    http:
+      paths:
+      - path: /*
+        backend:
+          serviceName: prometheus
+          servicePort: 9090
+  - host: my-kiali.io
+    http:
+      paths:
+      - path: /*
+        backend:
+          serviceName: kiali
+          servicePort: 20001
+EOF
+
+
+# Create a role to provide read access to the istio-system namespace.
+# This role is required to limit permissions of the participants
+kubectl apply -f - <<EOF
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: istio-system-access
+  namespace: istio-system
+rules:
+- apiGroups: ["", "extensions", "apps"]
+  resources: ["*"]
+  verbs: ["get", "list"]
+EOF
+
+# Create a service account for each participant
+kubectl apply -f - <<EOF
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ${NAMESPACE}-user
+  namespace: $NAMESPACE
+EOF
+
+
+# Limit each participant’s permissions.
+# participants only need to create resources in their namespace
+# and to read resources from istio-system namespace
+# avoid interfering with other namespaces in your cluster
+
+# Create a role to allow read-write access to each participant’s namespace
+# Bind the participant’s service account to this role
+# and to the role for reading resources from istio-system
+kubectl apply -f - <<EOF
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: ${NAMESPACE}-access
+  namespace: $NAMESPACE
+rules:
+- apiGroups: ["", "extensions", "apps", "networking.k8s.io", "networking.istio.io", "authentication.istio.io",
+              "rbac.istio.io", "config.istio.io"]
+  resources: ["*"]
+  verbs: ["*"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: ${NAMESPACE}-access
+  namespace: $NAMESPACE
+subjects:
+- kind: ServiceAccount
+  name: ${NAMESPACE}-user
+  namespace: $NAMESPACE
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ${NAMESPACE}-access
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: ${NAMESPACE}-istio-system-access
+  namespace: istio-system
+subjects:
+- kind: ServiceAccount
+  name: ${NAMESPACE}-user
+  namespace: $NAMESPACE
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: istio-system-access
+EOF
+
+
+
+# Each participant needs to use their own Kubernetes configuration file
+# This configuration file specifies the cluster details, the service account, the credentials and the namespace of the participant
+
+# Generate a Kubernetes configuration file for each participant
+# This command assumes your cluster is named tutorial-cluster.
+# If your cluster is named differently, replace all references with the name of your cluster.
+
+# export NAMESPACE=tutorial, tutorial-user-config.yaml
+echo $NAMESPACE
+
+# # Set the KUBECONFIG environment variable for the ${NAMESPACE}-user-config.yaml configuration file
+# # export KUBECONFIG=./${NAMESPACE}-user-config.yaml
+# export KUBECONFIG=$BASEDIR/${NAMESPACE}-user-config.yaml
+
+# # Verify that the configuration took effect by printing the current namespaces
+# # see the name of your namespace in the output
+# kubectl config view -o jsonpath="{.contexts[?(@.name==\"$(kubectl config current-context)\")].context.namespace}"
+
+
+
+# # Setup a Local Computer
+# # https://istio.io/latest/docs/examples/microservices-istio/setup-local-computer/
+# # verify istioctl
+# istioctl version
+
+
+# # Run a Microservice Locally
+# # https://istio.io/latest/docs/examples/microservices-istio/single/
+
+
+# # Download the service’s code and the package file into a separate directory
+# mkdir ratings && cd ratings
+# curl -s https://raw.githubusercontent.com/istio/istio/release-1.6/samples/bookinfo/src/ratings/ratings.js -o ratings.js
+# curl -s https://raw.githubusercontent.com/istio/istio/release-1.6/samples/bookinfo/src/ratings/package.json -o package.json
+
+
+#  # Install the dependencies of the ratings service in the same folder where you stored the service code and the package file
+#  npm install
+
+# # Run the service, passing 9080 as a parameter. The application then listens on port 9080
+# npm start 9080 &
+
+# # Open http://localhost:9080/ratings/7 in your browser
+# # curl localhost:9080/ratings/7
+
+
+# # Use the POST method of the curl command to set the ratings for the product to 1
+# curl -X POST localhost:9080/ratings/7 -d '{"Reviewer1":1,"Reviewer2":1}'
+
+# # Check the updated ratings
+# curl localhost:9080/ratings/7 &
+
+
+# # Run ratings in Docker
+# # how to package a single service into a container
+# # https://istio.io/latest/docs/examples/microservices-istio/package-service/
+
+
+# # Download the Dockerfile for the ratings microservice
+# curl -s https://raw.githubusercontent.com/istio/istio/release-1.6/samples/bookinfo/src/ratings/Dockerfile -o Dockerfile
+# # Observe the Dockerfile
+# cat Dockerfile
+# # Build a Docker image from the Dockerfile
+# # docker build -t $USER/ratings .
+# docker build -t . $USER/ratings
+
+#  # instructs Docker to expose port 9080 of the container to port 9081 of your computer,
+#  # allowing you to access the ratings microservice on port 9081.
+# docker run -d -p 9081:9080 $USER/ratings &
+
+# # Access http://localhost:9081/ratings/7 in your browser
+# # curl localhost:9081/ratings/7
+
+# # Observe the running container.
+# docker ps
+# # Stop the running containers
+# # docker stop <the container ID from the output of docker ps>
+
+
+
+# # Run Bookinfo with Kubernetes
+# # how to deploy the whole application to a Kubernetes cluster.
+# # https://istio.io/latest/docs/examples/microservices-istio/bookinfo-kubernetes/
+
+
+# # Deploy the application and a testing pod
+# # Set the MYHOST environment variable to hold the URL of the application
+# export MYHOST=$(kubectl config view -o jsonpath={.contexts..namespace}).bookinfo.com
+
+# # Deploy the application to your Kubernetes cluster
+# kubectl apply -l version!=v2,version!=v3 -f https://raw.githubusercontent.com/istio/istio/release-1.6/samples/bookinfo/platform/kube/bookinfo.yaml
+
+# # Check the status of the pods
+# kubectl get pods
+
+
+# # After the four services achieve the Running status, you can scale the deployment
+# # each version of each microservice run in three pods
+# kubectl scale deployments --all --replicas 3
+
+# # Check the status of the pods
+# kubectl get pods
+
+# # After the services achieve the Running status, deploy a testing pod, sleep, to use for sending requests to your microservices
+# kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.6/samples/sleep/sleep.yaml
+
+# # confirm that the Bookinfo application is running, send a request to it with a curl command from your testing pod:
+# # interactive shell
+# # kubectl exec -it $(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}') -c sleep -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
+
+
+# # Enable external access to the application
diff --git a/app/deploy-openfaas.sh b/app/deploy-openfaas.sh
new file mode 100644
index 0000000..d55faad
--- /dev/null
+++ b/app/deploy-openfaas.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+set -eox pipefail #safety for script
+
+# https://itnext.io/deploy-your-first-serverless-function-to-kubernetes-232307f7b0a9
+echo "============================OpenFaaS =============================================================="
+# `curl -sSLf https://cli.openfaas.com | sh` #install the OpenFaaS CLI
+# `curl -sSLf https://dl.get-arkade.dev | sh` #install arkade
+
+/bin/sh -c 'curl -sSLf https://cli.openfaas.com | sh' ##install the OpenFaaS CLI
+/bin/sh -c 'curl -sSLf https://dl.get-arkade.dev | sh' ##install arkade
+
+arkade install openfaas #use arkade to install OpenFaaS
+arkade info openfaas
+
+# Forward the gateway to your machine
+kubectl rollout status -n openfaas deploy/gateway
+kubectl port-forward -n openfaas svc/gateway 8080:8080 &
+
+# Now log in using the CLI
+# PASSWORD=$(kubectl get secret -n openfaas basic-auth -o jsonpath="{.data.basic-auth-password}" | base64 --decode; echo)
+# interactive shell
+# echo -n $PASSWORD | faas-cli login --username admin --password-stdin
+
+# faas-cli store deploy nodeinfo
+# Check to see "Ready" status
+# faas-cli describe nodeinfo# Invoke
+# echo | faas-cli invoke nodeinfo
+# echo | faas-cli invoke nodeinfo --async
+
+# curl http://localhost:8080
+# Get the password so you can open the UI
+# echo $PASSWORD
+
+# faas-cli template store list
+# Sign up for a Docker Hub account, so that you can store your functions for free.
+# export OPENFAAS_PREFIX="DOCKER_HUB_USERNAME"
+# export OPENFAAS_PREFIX=$DOCKER_USERNAME #travisci env var
+# faas-cli new --lang python3 serverless
diff --git a/app/deploy-voting-app.sh b/app/deploy-voting-app.sh
new file mode 100644
index 0000000..1cc0313
--- /dev/null
+++ b/app/deploy-voting-app.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+set -o errexit
+set -o pipefail
+set -o nounset
+set -o xtrace
+# set -eox pipefail #safety for script
+
+echo "===============================deploy voting app==========================================================="
+
+cd app/voting
+kubectl create namespace vote
+kubectl create -f deployments/
+kubectl create -f services/
+# minikube addons enable ingress
+kubectl apply -f demo-ingress.yaml
+kubectl --namespace=vote get ingress
+
+# Add the following line to the bottom of the /etc/hosts file 
+# <your-address> demo-kubernetes.info
+
+
+
+#Deploy the sample application
+kubectl get service --all-namespaces #list all services in all namespace
+kubectl get services #The application will start. As each pod becomes ready, the Istio sidecar will deploy along with it.
+kubectl get pods
+
+for i in {1..60}; do # Timeout after 5 minutes, 60x5=300 secs, 3 mins
+    if kubectl get pods --namespace=vote |grep ContainerCreating ; then
+      sleep 5
+    else
+        break
+    fi
+done
+
+kubectl get service --all-namespaces #list all services in all namespace
+# Verify your installation
+kubectl get pod -n vote
+
+kubectl delete namespace vote
\ No newline at end of file
diff --git a/app/fluentd-daemonset-elasticsearch.yaml b/app/fluentd-daemonset-elasticsearch.yaml
new file mode 100644
index 0000000..12873eb
--- /dev/null
+++ b/app/fluentd-daemonset-elasticsearch.yaml
@@ -0,0 +1,73 @@
+# src: https://github.com/fluent/fluentd-kubernetes-daemonset/blob/master/fluentd-daemonset-elasticsearch.yaml
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: fluentd
+  # namespace: kube-system
+  labels:
+    k8s-app: fluentd-logging
+    version: v1
+spec:
+  selector:
+    matchLabels:
+      k8s-app: fluentd-logging
+      version: v1
+  template:
+    metadata:
+      labels:
+        k8s-app: fluentd-logging
+        version: v1
+    spec:
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
+      containers:
+      - name: fluentd
+        image: fluent/fluentd-kubernetes-daemonset:v1-debian-elasticsearch
+        env:
+          - name:  FLUENT_ELASTICSEARCH_HOST
+            value: "elasticsearch-client"
+          - name:  FLUENT_ELASTICSEARCH_PORT
+            value: "9200"
+          - name: FLUENT_ELASTICSEARCH_SCHEME
+            value: "http"
+          # Option to configure elasticsearch plugin with self signed certs
+          # ================================================================
+          - name: FLUENT_ELASTICSEARCH_SSL_VERIFY
+            value: "false" # changed by me
+          # Option to configure elasticsearch plugin with tls
+          # ================================================================
+          - name: FLUENT_ELASTICSEARCH_SSL_VERSION
+            value: "TLSv1_2"
+          # X-Pack Authentication
+          # =====================
+          - name: FLUENT_ELASTICSEARCH_USER
+            value: "elastic"
+          - name: FLUENT_ELASTICSEARCH_PASSWORD
+            value: "changeme"
+          # Logz.io Authentication
+          # ======================
+          - name: LOGZIO_TOKEN
+            value: "ThisIsASuperLongToken"
+          - name: LOGZIO_LOGTYPE
+            value: "kubernetes"
+        resources:
+          limits:
+            memory: 200Mi
+          requests:
+            cpu: 100m
+            memory: 200Mi
+        volumeMounts:
+        - name: varlog
+          mountPath: /var/log
+        - name: varlibdockercontainers
+          mountPath: /var/lib/docker/containers
+          readOnly: true
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: varlog
+        hostPath:
+          path: /var/log
+      - name: varlibdockercontainers
+        hostPath:
+          path: /var/lib/docker/containers
\ No newline at end of file
diff --git a/app/kibana-values.yaml b/app/kibana-values.yaml
new file mode 100644
index 0000000..aaf6e48
--- /dev/null
+++ b/app/kibana-values.yaml
@@ -0,0 +1,10 @@
+files:
+  kibana.yml:
+    ## Default Kibana configuration from kibana-docker.
+    server.name: kibana
+    server.host: "0"
+    ## For kibana < 6.6, use elasticsearch.url instead
+    elasticsearch.hosts: http://elasticsearch-client:9200
+
+service:
+  type: LoadBalancer # ClusterIP
\ No newline at end of file
diff --git a/app/kind_gardener.sh b/app/kind_gardener.sh
new file mode 100644
index 0000000..4695f9d
--- /dev/null
+++ b/app/kind_gardener.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+set -o errexit
+set -o pipefail
+set -o nounset
+set -o xtrace
+
+#https://istio.io/docs/setup/platform-setup/gardener/
+#https://github.com/gardener/gardener/blob/master/docs/development/local_setup.md
+curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.8.1/kind-$(uname)-amd64
+chmod +x ./kind
+mv ./kind /usr/local/bin/kind
+kind get clusters #see the list of kind clusters
+kind create cluster --name istio-testing #Create a cluster,By default, the cluster will be given the name kind
+kind get clusters
+snap install kubectl --classic
+kubectl config get-contexts #list the local Kubernetes contexts
+kubectl config use-context kind-istio-testing #run following command to set the current context for kubectl
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml #deploy Dashboard
+echo "===============================Waiting for Dashboard to be ready==========================================================="
+|
+            for i in {1..150}; do # Timeout after 5 minutes, 150x2=300 secs
+              if kubectl get pods --namespace=kubernetes-dashboard | grep Running ; then
+                break
+              fi
+              sleep 2
+            done
+kubectl get pod -n kubernetes-dashboard #Verify that Dashboard is deployed and running
+kubectl create clusterrolebinding default-admin --clusterrole cluster-admin --serviceaccount=default:default #Create a ClusterRoleBinding to provide admin access to the newly created cluster
+          #To login to Dashboard, you need a Bearer Token. Use the following command to store the token in a variable
+token=$(kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode)
+echo $token #Display the token using the echo command and copy it to use for logging into Dashboard.
+kubectl proxy & # Access Dashboard using the kubectl command-line tool by running the following command, Starting to serve on 127.0.0.1:8001
+|
+            for i in {1..60}; do # Timeout after 1 mins, 60x1=60 secs
+              if nc -z -v 127.0.0.1 8001 2>&1 | grep succeeded ; then
+                break
+              fi
+              sleep 1
+            done
+          # - kind delete cluster --name istio-testing #delete the existing cluster
diff --git a/app/provision-helm.sh b/app/provision-helm.sh
new file mode 100644
index 0000000..b74c84c
--- /dev/null
+++ b/app/provision-helm.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+set -o errexit
+set -o pipefail
+set -o nounset
+set -o xtrace
+# set -eox pipefail #safety for script
+
+
+echo fetch and install helm...
+HELM_ARCHIVE=helm-v2.12.1-linux-amd64.tar.gz
+HELM_DIR=linux-amd64
+HELM_BIN=$HELM_DIR/helm
+curl -LsO https://storage.googleapis.com/kubernetes-helm/$HELM_ARCHIVE && tar -zxvf $HELM_ARCHIVE && chmod +x $HELM_BIN && cp $HELM_BIN /usr/local/bin
+rm $HELM_ARCHIVE
+rm -rf $HELM_DIR
+
+helm version
+
+echo setup tiller account...
+kubectl -n kube-system create sa tiller && kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
+
+echo initialize tiller...
+helm init --wait --skip-refresh --upgrade --service-account tiller
+echo tiller initialized
\ No newline at end of file
diff --git a/app/provision-kubectl.sh b/app/provision-kubectl.sh
new file mode 100644
index 0000000..e4f2c21
--- /dev/null
+++ b/app/provision-kubectl.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+set -o errexit
+set -o pipefail
+set -o nounset
+set -o xtrace
+# set -eox pipefail #safety for script
+
+echo fetch and install kubectl...
+curl -LsO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x kubectl && sudo mv kubectl /usr/local/bin/kubectl
+
+kubectl version --client
\ No newline at end of file
diff --git a/app/sample-elastic-metricbeat.yaml b/app/sample-elastic-metricbeat.yaml
new file mode 100644
index 0000000..22c5fd9
--- /dev/null
+++ b/app/sample-elastic-metricbeat.yaml
@@ -0,0 +1,30 @@
+image:
+  repository: docker.elastic.co/beats/metricbeat-oss
+daemonset:
+  config:
+    output.file: false
+    output.elasticsearch:
+      hosts: ["elastic-stack-elasticsearch-client:9200"]
+  modules:
+    kubernetes:
+      config:
+        - module: kubernetes
+          metricsets:
+            - node
+            - system
+            - pod
+            - container
+            - volume
+          period: 10s
+          host: ${NODE_NAME}
+          hosts: ["https://${HOSTNAME}:10250"]
+          bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+          ssl.verification_mode: "none"
+deployment:
+  config:
+    output.file: false
+    output.elasticsearch:
+      hosts: ["elastic-stack-elasticsearch-client:9200"]
+    setup.kibana:
+      host: "elastic-stack-kibana:443"
+    setup.dashboards.enabled: true
\ No newline at end of file
diff --git a/app/sample-elastic-stack.yaml b/app/sample-elastic-stack.yaml
new file mode 100644
index 0000000..03502dc
--- /dev/null
+++ b/app/sample-elastic-stack.yaml
@@ -0,0 +1,23 @@
+logstash:
+  enabled: true
+  elasticsearch:
+    host: elastic-stack-elasticsearch-client
+ 
+filebeat:
+  enabled: true
+  config:
+    input:
+      type: container
+      paths:
+        - /var/log/containers/*.log
+      processors:
+        - add_kubernetes_metadata:
+            host: ${NODE_NAME}
+            matchers:
+            - logs_path:
+                logs_path: "/var/log/containers/"  
+    output.file.enabled: false
+    output.logstash:
+      hosts: ["elastic-stack-logstash:5044"]
+  indexTemplateLoad:
+    - elastic-stack-elasticsearch-client:9200
\ No newline at end of file
diff --git a/app/voting/demo-ingress.yaml b/app/voting/demo-ingress.yaml
new file mode 100644
index 0000000..3c90565
--- /dev/null
+++ b/app/voting/demo-ingress.yaml
@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1beta1 
+kind: Ingress
+metadata:
+  name: demo-vote-ingress
+  namespace: vote
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/rewrite-target: /$1
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+        location ~ \.css {
+          add_header  Content-Type    text/css;
+        }
+        location ~ \.js {
+          add_header  Content-Type    application/x-javascript;
+        }
+spec:
+  rules:
+  - host: demo-kubernetes.info
+    http:
+      paths:
+      - path: /vote/*
+        backend:
+          serviceName: vote
+          servicePort: 5000
+      - path: /static/*
+        backend:
+          serviceName: vote
+          servicePort: 5000
\ No newline at end of file
diff --git a/app/voting/deployments/db-deployment.yaml b/app/voting/deployments/db-deployment.yaml
new file mode 100644
index 0000000..7fb0e9b
--- /dev/null
+++ b/app/voting/deployments/db-deployment.yaml
@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: db
+  name: db
+  namespace: vote
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: db
+  template:
+    metadata:
+      labels:
+        app: db
+    spec:
+      containers:
+      - image: postgres:9.4
+        name: postgres
+        env:
+        - name: POSTGRES_USER
+          value: postgres
+        - name: POSTGRES_PASSWORD
+          value: postgres
+        ports:
+        - containerPort: 5432
+          name: postgres
+        volumeMounts:
+        - mountPath: /var/lib/postgresql/data
+          name: db-data
+      volumes:
+      - name: db-data
+        emptyDir: {}
\ No newline at end of file
diff --git a/app/voting/deployments/nginx-deployment.yml b/app/voting/deployments/nginx-deployment.yml
new file mode 100644
index 0000000..e3b0a41
--- /dev/null
+++ b/app/voting/deployments/nginx-deployment.yml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+  namespace: vote
+spec:
+  replicas: 1 
+  selector:
+    matchLabels:
+      app: nginx
+  template: 
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.7.9
+        ports:
+        - containerPort: 80
\ No newline at end of file
diff --git a/app/voting/deployments/redis-deployment.yaml b/app/voting/deployments/redis-deployment.yaml
new file mode 100644
index 0000000..f2b695d
--- /dev/null
+++ b/app/voting/deployments/redis-deployment.yaml
@@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: redis
+  name: redis
+  namespace: vote
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: redis
+  template:
+    metadata:
+      labels:
+        app: redis
+    spec:
+      containers:
+      - image: redis:alpine
+        name: redis
+        ports:
+        - containerPort: 6379
+          name: redis
+        volumeMounts:
+        - mountPath: /data
+          name: redis-data
+      volumes:
+      - name: redis-data
+        emptyDir: {} 
\ No newline at end of file
diff --git a/app/voting/deployments/result-deployment.yaml b/app/voting/deployments/result-deployment.yaml
new file mode 100644
index 0000000..5f94703
--- /dev/null
+++ b/app/voting/deployments/result-deployment.yaml
@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: result
+  name: result
+  namespace: vote
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: result
+  template:
+    metadata:
+      labels:
+        app: result
+    spec:
+      containers:
+      - image: dockersamples/examplevotingapp_result:before
+        name: result
+        ports:
+        - containerPort: 80
+          name: result
\ No newline at end of file
diff --git a/app/voting/deployments/vote-deployment.yaml b/app/voting/deployments/vote-deployment.yaml
new file mode 100644
index 0000000..fb97cb3
--- /dev/null
+++ b/app/voting/deployments/vote-deployment.yaml
@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: vote
+  name: vote
+  namespace: vote
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: vote
+  template:
+    metadata:
+      labels:
+        app: vote
+    spec:
+      containers:
+      - image: dockersamples/examplevotingapp_vote
+        name: vote
+        ports:
+        - containerPort: 80
+          name: vote
\ No newline at end of file
diff --git a/app/voting/deployments/worker-deployment.yaml b/app/voting/deployments/worker-deployment.yaml
new file mode 100644
index 0000000..b785148
--- /dev/null
+++ b/app/voting/deployments/worker-deployment.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: worker
+  name: worker
+  namespace: vote
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: worker
+  template:
+    metadata:
+      labels:
+        app: worker
+    spec:
+      containers:
+      - image: dockersamples/examplevotingapp_worker
+        name: worker
\ No newline at end of file
diff --git a/app/voting/services/db-service.yaml b/app/voting/services/db-service.yaml
new file mode 100644
index 0000000..e12636f
--- /dev/null
+++ b/app/voting/services/db-service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: db
+  name: db
+  namespace: vote
+spec:
+  type: ClusterIP
+  ports:
+  - name: "db-service"
+    port: 5432
+    targetPort: 5432
+  selector:
+    app: db
\ No newline at end of file
diff --git a/app/voting/services/redis-service.yaml b/app/voting/services/redis-service.yaml
new file mode 100644
index 0000000..99071ba
--- /dev/null
+++ b/app/voting/services/redis-service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: redis
+  name: redis
+  namespace: vote
+spec:
+  type: ClusterIP
+  ports:
+  - name: "redis-service"
+    port: 6379
+    targetPort: 6379
+  selector:
+    app: redis
\ No newline at end of file
diff --git a/app/voting/services/result-service.yaml b/app/voting/services/result-service.yaml
new file mode 100644
index 0000000..6a5024e
--- /dev/null
+++ b/app/voting/services/result-service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: result
+  name: result
+  namespace: vote
+spec:
+  type: NodePort
+  ports:
+  - name: "result-service"
+    port: 5001
+    targetPort: 80
+    nodePort: 31001
+  selector:
+    app: result
\ No newline at end of file
diff --git a/app/voting/services/vote-service.yaml b/app/voting/services/vote-service.yaml
new file mode 100644
index 0000000..5034a72
--- /dev/null
+++ b/app/voting/services/vote-service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: vote
+  name: vote
+  namespace: vote
+spec:
+  type: NodePort
+  ports:
+  - name: "vote-service"
+    port: 5000
+    targetPort: 80
+    nodePort: 31000
+  selector:
+    app: vote
\ No newline at end of file
diff --git a/tutorial-user-config.yaml b/tutorial-user-config.yaml
new file mode 100644
index 0000000..6906254
--- /dev/null
+++ b/tutorial-user-config.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Config
+preferences: {}
+
+clusters:
+- cluster:
+    certificate-authority-data: $(kubectl get secret $(kubectl get sa ${NAMESPACE}-user -n $NAMESPACE -o jsonpath={.secrets..name}) -n $NAMESPACE -o jsonpath='{.data.ca\.crt}')
+    server: $(kubectl config view -o jsonpath="{.clusters[?(.name==\"$(kubectl config view -o jsonpath="{.contexts[?(.name==\"$(kubectl config current-context)\")].context.cluster}")\")].cluster.server}")
+  name: ${NAMESPACE}-cluster
+
+users:
+- name: ${NAMESPACE}-user
+  user:
+    as-user-extra: {}
+    client-key-data: $(kubectl get secret $(kubectl get sa ${NAMESPACE}-user -n $NAMESPACE -o jsonpath={.secrets..name}) -n $NAMESPACE -o jsonpath='{.data.ca\.crt}')
+    token: $(kubectl get secret $(kubectl get sa ${NAMESPACE}-user -n $NAMESPACE -o jsonpath={.secrets..name}) -n $NAMESPACE -o jsonpath={.data.token} | base64 --decode)
+
+contexts:
+- context:
+    cluster: ${NAMESPACE}-cluster
+    namespace: ${NAMESPACE}
+    user: ${NAMESPACE}-user
+  name: ${NAMESPACE}
+
+current-context: ${NAMESPACE}
+

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://github.com/githubfoam/kind-travisci/compare/master...dev.diff" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://github.com/githubfoam/kind-travisci/compare/master...dev.diff" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://github.com/githubfoam/kind-travisci/compare/master...dev.diff" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://github.com/githubfoam/kind-travisci/compare/master...dev.diff" target="_blank">pFad v4 Proxy</a></p></body>
</html>