Update for leanpub preview

manuscript/kubernetes/diycluster.md

@@ -23,7 +23,6 @@ If you want to use minikube, there is a guide below but again, I recommend using
 1. A Fresh Linux Machine
 2. Some basic Linux knowledge (or can just copy-paste)
 
-!!! note
     Make sure you are running a SystemD based distro like Ubuntu.  
     Although minikube will run on macOS and Windows,
     they add in additional complexities to the installation as they
@@ -56,7 +55,6 @@ sudo minikube config set vm-driver none #Set our default vm driver to none
 
 You are now set up with minikube!
 
-!!! warning
     MiniKube is not a production-grade method of deploying Kubernetes
 
 ## K3S
@@ -80,7 +78,6 @@ Ubuntu ticks all the boxes for k3s to run on and allows you to follow lots of ot
 Firstly, download yourself a version of Ubuntu Server from [here](https://ubuntu.com/download/server) (Whatever is latest)
 Then spin yourself up as many systems as you need with the following guide
 
-!!! note
     I am running a 3 node cluster, with nodes running on Ubuntu 19.04, all virtualized with VMWare ESXi  
     Your setup doesn't need to be as complex as mine, you can use 3 old Dell OptiPlex if you really want 
 
@@ -146,14 +143,12 @@ Number of key(s) added: 1
 
 You will want to do this once for every machine, replacing the hostname with the other next nodes hostname each time.
 
-!!! note
     If your hostnames aren't resolving correct, try adding them to your `/etc/hosts` file
 
 ### Installation
 
 If you have access to the premix repository, you can download the ansible-playbook and follow the steps contained in there, if not sit back and prepare to do it manually.
 
-!!! tip
     Becoming a patron will allow you to get the ansible-playbook to setup k3s on your own hosts. For as little as 5$/m you can get access to the ansible playbooks for this recipe, and more!  
     See [funkypenguin's Patreon](https://www.patreon.com/funkypenguin) for more!
     <!---
@@ -260,7 +255,6 @@ users:
 
 Make sure to change `clusters.cluster.server` to have the master node's name instead of `127.0.0.1`, in my case making it `https://thomas-k3s-node1:6443`
 
-!!! warning
     This kubeconfig file can grant full access to your Kubernetes installation, I recommend you protect this file just as well as you protect your passwords
 
 You will probably want to save this kubeconfig file into a file on your local machine, say `my-k3s-cluster.yml` or `where-8-hours-of-my-life-went.yml`.  

manuscript/kubernetes/helm.md

@@ -4,7 +4,6 @@
 
 ![Kubernetes Snapshots](https://geek-cookbook.funkypenguin.co.nz/images/kubernetes-helm.png)
 
-!!! note
     Given enough interest, I may provide a helm-compatible version of the pre-mix repository for [supporters](https://geek-cookbook.funkypenguin.co.nz/support/). [Hit me up](https://geek-cookbook.funkypenguin.co.nz/whoami/#contact-me) if you're interested!
 
 ## Ingredients

manuscript/kubernetes/loadbalancer.md

@@ -23,7 +23,6 @@ This recipe details a simple design to permit the exposure of as many ports as y
 
 ### Create LetsEncrypt certificate
 
-!!! warning
     Safety first, folks. You wouldn't run a webhook exposed to the big bad ol' internet without first securing it with a valid SSL certificate? Of course not, I didn't think so!
 
 Use whatever method you prefer to generate (and later, renew) your LetsEncrypt cert. The example below uses the CertBot docker image for CloudFlare DNS validation, since that's what I've used elsewhere.
@@ -43,7 +42,6 @@ cd /etc/webhook/
 docker run -ti --rm -v "$(pwd)"/letsencrypt:/etc/letsencrypt certbot/dns-cloudflare --preferred-challenges dns certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini -d ''*.funkypenguin.co.nz'
 ```
 
-!!! question
     Why use a wildcard cert? So my enemies can't examine my certs to enumerate my various services and discover my weaknesses, of course!
 
 I add the following as a cron command to renew my certs every day:
@@ -112,12 +110,10 @@ echo << EOF > /etc/webhook/hooks.json
 EOF
 ```
 
-!!! note
     Note that to avoid any bozo from calling our we're matching on a token header in the request called ```X-Funkypenguin-Token```. Webhook will **ignore** any request which doesn't include a matching token in the request header.
 
 ### Update systemd for webhook
 
-!!! note
     This section is particular to Debian Stretch and its webhook package. If you're using another OS for your VM, just ensure that you can start webhook with a config similar to the one illustrated below.
 
 Since we want to force webhook to run in secure mode (_no point having a token if it can be extracted from a simple packet capture!_) I ran ```systemctl edit webhook```, and pasted in the following:

manuscript/kubernetes/snapshots.md

@@ -26,7 +26,6 @@ If you're running GKE, run the following to create a RoleBinding, allowing your
 ```kubectl create clusterrolebinding your-user-cluster-admin-binding \
  --clusterrole=cluster-admin --user=<your user@yourdomain>```
 
-!!! question
     Why do we have to do this? Check [this blog post](https://www.funkypenguin.co.nz/workaround-blocked-attempt-to-grant-extra-privileges-on-gke/) for details
 
 ### Apply RBAC
@@ -158,7 +157,6 @@ spec:
 EOF
 ```
 
-!!! note
     Example syntaxes for the SnapshotRule for different providers can be found at https://github.com/miracle2k/k8s-snapshots/tree/master/examples
 
 ## Move on..

manuscript/kubernetes/traefik.md

@@ -90,7 +90,6 @@ metrics:
     enabled: true
 ```
 
-!!! note
     The helm chart doesn't enable the Traefik dashboard by default. I intend to add an oauth_proxy pod to secure this, in a future recipe update.
 
 ### Prepare phone-home pod
@@ -146,7 +145,6 @@ echo -n "imtoosecretformyshorts" > webhook_token.secret
 kubectl create secret generic traefik-credentials --from-file=webhook_token.secret
 ```
 
-!!! warning
     Yes, the "-n" in the echo statement is needed. [Read here for why](https://www.funkypenguin.co.nz/beware-the-hidden-newlines-in-kubernetes-secrets/).
 
 ## Serving