docs: update GS Azure tutorials (#4055)

* docs: update cluster profile, cluster, update tutorials

* docs: update terraform tutorial

* docs: bump terraform container version

* docs: update scale secure tutorial DOC-1395

* Optimised images with calibre/image-actions

* Optimised images with calibre/image-actions

* Optimised images with calibre/image-actions

* docs: update table DOC-395

---------

Co-authored-by: vault-token-factory-spectrocloud[bot] <133815545+vault-token-factory-spectrocloud[bot]@users.noreply.github.com>
Co-authored-by: addetz <[email protected]>

_partials/getting-started/_cluster_profile_import_azure.mdx

@@ -37,7 +37,7 @@ partial_name: import-hello-uni-azure
           "name": "kubernetes",
           "type": "oci",
           "layer": "k8s",
-          "version": "1.27.15",
+          "version": "1.27.16",
           "tag": "1.27.x",
           "values": "# spectrocloud.com/enabled-presets: Kube Controller Manager:loopback-ctrlmgr,Kube Scheduler:loopback-scheduler\npack:\n  content:\n    images:\n      - image: registry.k8s.io/coredns/coredns:v1.10.1\n      - image: registry.k8s.io/etcd:3.5.12-0\n      - image: registry.k8s.io/kube-apiserver:v1.27.15\n      - image: registry.k8s.io/kube-controller-manager:v1.27.15\n      - image: registry.k8s.io/kube-proxy:v1.27.15\n      - image: registry.k8s.io/kube-scheduler:v1.27.15\n      - image: registry.k8s.io/pause:3.9\n      - image: registry.k8s.io/pause:3.8\n  #CIDR Range for Pods in cluster\n  # Note : This must not overlap with any of the host or service network\n  podCIDR: \"192.168.0.0/16\"\n  #CIDR notation IP range from which to assign service cluster IPs\n  # Note : This must not overlap with any IP ranges assigned to nodes for pods.\n  serviceClusterIpRange: \"10.96.0.0/12\"\n  # serviceDomain: \"cluster.local\"\n\nkubeadmconfig:\n  apiServer:\n    extraArgs:\n      # Note : secure-port flag is used during kubeadm init. Do not change this flag on a running cluster\n      secure-port: \"6443\"\n      anonymous-auth: \"true\"\n      profiling: \"false\"\n      disable-admission-plugins: \"AlwaysAdmit\"\n      default-not-ready-toleration-seconds: \"60\"\n      default-unreachable-toleration-seconds: \"60\"\n      enable-admission-plugins: \"AlwaysPullImages,NamespaceLifecycle,ServiceAccount,NodeRestriction,PodSecurity\"\n      admission-control-config-file: \"/etc/kubernetes/pod-security-standard.yaml\"\n      audit-log-path: /var/log/apiserver/audit.log\n      audit-policy-file: /etc/kubernetes/audit-policy.yaml\n      audit-log-maxage: \"30\"\n      audit-log-maxbackup: \"10\"\n      audit-log-maxsize: \"100\"\n      authorization-mode: RBAC,Node\n      tls-cipher-suites: \"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256\"\n    extraVolumes:\n      - name: audit-log\n        hostPath: /var/log/apiserver\n        mountPath: /var/log/apiserver\n        pathType: DirectoryOrCreate\n      - name: audit-policy\n        hostPath: /etc/kubernetes/audit-policy.yaml\n        mountPath: /etc/kubernetes/audit-policy.yaml\n        readOnly: true\n        pathType: File\n      - name: pod-security-standard\n        hostPath: /etc/kubernetes/pod-security-standard.yaml\n        mountPath: /etc/kubernetes/pod-security-standard.yaml\n        readOnly: true\n        pathType: File\n  controllerManager:\n    extraArgs:\n      profiling: \"false\"\n      terminated-pod-gc-threshold: \"25\"\n      use-service-account-credentials: \"true\"\n      feature-gates: \"RotateKubeletServerCertificate=true\"\n  scheduler:\n    extraArgs:\n      profiling: \"false\"\n  kubeletExtraArgs:\n    read-only-port : \"0\"\n    event-qps: \"0\"\n    feature-gates: \"RotateKubeletServerCertificate=true\"\n    protect-kernel-defaults: \"true\"\n    rotate-server-certificates: \"true\"\n    tls-cipher-suites: \"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256\"\n  files:\n    - path: hardening/audit-policy.yaml\n      targetPath: /etc/kubernetes/audit-policy.yaml\n      targetOwner: \"root:root\"\n      targetPermissions: \"0600\"\n    - path: hardening/90-kubelet.conf\n      targetPath: /etc/sysctl.d/90-kubelet.conf\n      targetOwner: \"root:root\"\n      targetPermissions: \"0600\"\n    - targetPath: /etc/kubernetes/pod-security-standard.yaml\n      targetOwner: \"root:root\"\n      targetPermissions: \"0600\"\n      content: |\n        apiVersion: apiserver.config.k8s.io/v1\n        kind: AdmissionConfiguration\n        plugins:\n        - name: PodSecurity\n          configuration:\n            apiVersion: pod-security.admission.config.k8s.io/v1\n            kind: PodSecurityConfiguration\n            defaults:\n              enforce: \"baseline\"\n              enforce-version: \"v1.27\"\n              audit: \"baseline\"\n              audit-version: \"v1.27\"\n              warn: \"restricted\"\n              warn-version: \"v1.27\"\n              audit: \"restricted\"\n              audit-version: \"v1.27\"\n            exemptions:\n              # Array of authenticated usernames to exempt.\n              usernames: []\n              # Array of runtime class names to exempt.\n              runtimeClasses: []\n              # Array of namespaces to exempt.\n              namespaces: [kube-system]\n\n  preKubeadmCommands:\n    # For enabling 'protect-kernel-defaults' flag to kubelet, kernel parameters changes are required\n    - 'echo \"====> Applying kernel parameters for Kubelet\"'\n    - 'sysctl -p /etc/sysctl.d/90-kubelet.conf'\n  postKubeadmCommands:\n    - 'chmod 600 /var/lib/kubelet/config.yaml'\n    #- 'echo \"List of post kubeadm commands to be executed\"'\n\n# Client configuration to add OIDC based authentication flags in kubeconfig\n#clientConfig:\n  #oidc-issuer-url: \"{{ .spectro.pack.kubernetes.kubeadmconfig.apiServer.extraArgs.oidc-issuer-url }}\"\n  #oidc-client-id: \"{{ .spectro.pack.kubernetes.kubeadmconfig.apiServer.extraArgs.oidc-client-id }}\"\n  #oidc-client-secret: 1gsranjjmdgahm10j8r6m47ejokm9kafvcbhi3d48jlc3rfpprhv\n  #oidc-extra-scope: profile,email",
           "registry": {
@@ -88,9 +88,9 @@ partial_name: import-hello-uni-azure
           "name": "hello-universe",
           "type": "oci",
           "layer": "addon",
-          "version": "1.1.3",
-          "tag": "1.1.3",
-          "values": "# spectrocloud.com/enabled-presets: Backend:disable-api\npack:\n  content:\n    images:\n      - image: ghcr.io/spectrocloud/hello-universe:1.1.3\n  spectrocloud.com/install-priority: 0\n\nmanifests:\n  hello-universe:\n    images:\n      hellouniverse: ghcr.io/spectrocloud/hello-universe:1.1.3\n    apiEnabled: false\n    namespace: hello-universe\n    port: 8080\n    replicas: 1",
+          "version": "1.2.0",
+          "tag": "1.2.0",
+          "values": "# spectrocloud.com/enabled-presets: Backend:disable-api\npack:\n  content:\n    images:\n      - image: ghcr.io/spectrocloud/hello-universe:1.2.0\n  spectrocloud.com/install-priority: 0\n\nmanifests:\n  hello-universe:\n    images:\n      hellouniverse: ghcr.io/spectrocloud/hello-universe:1.2.0\n    apiEnabled: false\n    namespace: hello-universe\n    port: 8080\n    replicas: 1",
           "registry": {
             "metadata": {
               "uid": "64eaff5630402973c4e1856a",

_partials/getting-started/_getting-started_create-cluster-profile_spacetastic-end.mdx

@@ -8,7 +8,7 @@ in good spirits, as the process has gone smoothly.
 
 > "The visual representation of cluster profiles in Palette is much clearer than our whiteboard." says Kai, glancing
 > back at the list they have created. "I can keep track of which versions we are using in production just by reviewing
-> the profile. What are your thoughts, Wren? Have you remained a Palette sceptic?"
+> the profile. What are your thoughts, Wren? Have you remained a Palette skeptic?"
 >
 > Wren laughs. "Yes, I admit cluster profiles are very convenient. I'm not convinced yet, but I am already starting to
 > understand how Palette could make us more productive. Let's keep exploring and get something deployed with it!"

_partials/getting-started/_getting-started_deploy-cluster_spacetastic-end.mdx

@@ -10,7 +10,7 @@ impressed by how streamlined the process was and how the cluster profiles provid
 > take care of our Kubernetes infrastructure and free us up to deliver more educational features. I definitely think
 > that Palette has the capabilities to take care of all the Kubernetes heavy lifting for us."
 >
-> "I agree with you and I'm glad to hear you're not as sceptical anymore." says Kai, nodding and laughing. "From a
+> "I agree with you and I'm glad to hear you're not as skeptical anymore." says Kai, nodding and laughing. "From a
 > platform engineering perspective, I can say that cluster profiles will provide us with reliable deployments across
 > environments and even clouds, so I'm much more confident about our testing and deployment strategy."
 >

docs/docs-content/getting-started/additional-capabilities/additional-capabilities.md

@@ -40,7 +40,7 @@ Started section to learn how they can grow with Palette and have a long-term rel
 > "You know, we might be able to make your dream happen!" says Wren, Founding Engineer. "Palette's edge capabilities
 > could make it possible for us to bring Spacetastic to many devices."
 >
-> "I can't believe my ears!" says Kai laughing. "Wren, our resident Palette sceptic, has well and truly embraced our new
+> "I can't believe my ears!" says Kai laughing. "Wren, our resident Palette skeptic, has well and truly embraced our new
 > platform solution."
 >
 > Wren laughs and quickly responds. "Oh and one more thing! Palette doesn't lock us into a single tech stack or cloud

docs/docs-content/getting-started/azure/create-cluster-profile.md

@@ -36,8 +36,6 @@ learn about in the Getting Started section are centered around a fictional case
 Log in to Palette and navigate to the left **Main Menu**. Select **Profiles** to view the cluster profile page. You can
 view the list of available cluster profiles. To create a cluster profile, click on **Add Cluster Profile**.
 
-![View of the cluster Profiles page](/getting-started/getting-started_create-cluster-profile_profile_list_view.webp)
-
 Follow the wizard to create a new profile.
 
 In the **Basic Information** section, assign the name **azure-profile**, a brief profile description, select the type as
@@ -56,7 +54,7 @@ For this tutorial, use the following packs:
 | Pack Name        | Version | Layer            |
 | ---------------- | ------- | ---------------- |
 | ubuntu-azure LTS | 22.4.x  | Operating System |
-| Kubernetes       | 1.27.x  | Kubernetes       |
+| Kubernetes       | 1.30.x  | Kubernetes       |
 | cni-calico-azure | 3.26.x  | Network          |
 | Azure Disk       | 1.28.x  | Storage          |
 
@@ -76,7 +74,7 @@ Navigate to the left **Main Menu** and select **Profiles**. Select the cluster p
 Click on **Add New Pack** at the top of the page.
 
 Select the **Palette Community Registry** from the **Registry** dropdown. Then, click on the latest **Hello Universe**
-pack with version **v1.1.2**.
+pack with version **v1.2.0**.
 
 ![Screenshot of hello universe pack](/getting-started/azure/getting-started_create-cluster-profile_add-pack.webp)
 

docs/docs-content/getting-started/azure/deploy-k8s-cluster.md

@@ -132,10 +132,10 @@ moments before clicking on the service URL to prevent the browser from caching a
 
 <br />
 
-![Image that shows the cluster overview of the Hello Universe Frontend Cluster](/getting-started/getting-started_deploy-k8s-cluster_hello-universe-with-api.webp)
+![Image that shows the cluster overview of the Hello Universe Frontend Cluster](/getting-started/azure/getting-started_deploy-k8s-cluster_hello-universe-with-api.webp)
 
-Welcome to Hello Universe, a demo application to help you learn more about Palette and its features. Feel free to click
-on the logo to increase the counter and for a fun image change.
+Welcome to Spacetastic's astronomy education platform. Feel free to explore the pages and learn more about space. The
+statistics page offers information on visitor counts on your deployed service.
 
 You have deployed your first application to a cluster managed by Palette. Your first application is a three-tier
 application with a frontend, API server, and Postgres database.

docs/docs-content/getting-started/azure/deploy-manage-k8s-cluster-tf.md

@@ -54,7 +54,7 @@ docker ps
 Next, download the tutorial image, start the container, and open a bash session into it.
 
 ```shell
-docker run --name tutorialContainer --interactive --tty ghcr.io/spectrocloud/tutorials:1.1.8 bash
+docker run --name tutorialContainer --interactive --tty ghcr.io/spectrocloud/tutorials:1.1.9 bash
 ```
 
 Navigate to the folder that contains the tutorial code.
@@ -90,7 +90,7 @@ podman info
 Next, download the tutorial image, start the container, and open a bash session into it.
 
 ```shell
-podman run --name tutorialContainer --interactive --tty ghcr.io/spectrocloud/tutorials:1.1.8 bash
+podman run --name tutorialContainer --interactive --tty ghcr.io/spectrocloud/tutorials:1.1.9 bash
 ```
 
 Navigate to the folder that contains the tutorial code.
@@ -124,7 +124,7 @@ cd tutorials/
 Check out the following git tag.
 
 ```shell
-git checkout v1.1.8
+git checkout v1.1.9
 ```
 
 Navigate to the folder that contains the tutorial code.
@@ -223,10 +223,10 @@ The table below displays the packs deployed in each version of the cluster profi
 | **Pack Type** | **Pack Name**      | **Version** | **Cluster Profile v1.0.0** | **Cluster Profile v1.1.0** |
 | ------------- | ------------------ | ----------- | -------------------------- | -------------------------- |
 | OS            | `ubuntu-azure`     | `22.04`     | :white_check_mark:         | :white_check_mark:         |
-| Kubernetes    | `kubernetes`       | `1.27.5`    | :white_check_mark:         | :white_check_mark:         |
+| Kubernetes    | `kubernetes`       | `1.30.4`    | :white_check_mark:         | :white_check_mark:         |
 | Network       | `cni-calico-azure` | `3.26.1`    | :white_check_mark:         | :white_check_mark:         |
 | Storage       | `csi-azure`        | `1.28.3`    | :white_check_mark:         | :white_check_mark:         |
-| App Services  | `hellouniverse`    | `1.1.2`     | :white_check_mark:         | :white_check_mark:         |
+| App Services  | `hellouniverse`    | `1.2.0`     | :white_check_mark:         | :white_check_mark:         |
 | App Services  | `cost-analyzer`    | `1.103.3`   | :x:                        | :white_check_mark:         |
 
 The Hello Universe pack has two configured [presets](../../glossary-all.md#presets). The first preset deploys a
@@ -303,12 +303,12 @@ Terraform. The Spectro Cloud Terraform provider exposes several data resources t
 dynamic. The data resource used in the cluster profile is `spectrocloud_pack`. This resource enables you to query
 Palette for information about a specific pack, such as its unique ID, registry ID, available versions, and YAML values.
 
-Below is the data resource used to query Palette for information about the Kubernetes pack for version `1.27.5`.
+Below is the data resource used to query Palette for information about the Kubernetes pack for version `1.30.4`.
 
 ```hcl
 data "spectrocloud_pack" "azure_k8s" {
   name         = "kubernetes"
-  version      = "1.27.5"
+  version      = "1.30.4"
   registry_uid = data.spectrocloud_registry.public_registry.id
 }
 ```
@@ -548,8 +548,8 @@ moments before clicking on the service URL to prevent the browser from caching a
 
 ![Deployed application](/getting-started/azure/getting-started_deploy-manage-k8s-cluster_hello-universe-w-api.webp)
 
-Welcome to Hello Universe, a demo application developed to help you learn more about Palette and its features. Feel free
-to click on the logo to increase the counter and for a fun image change.
+Welcome to Spacetastic's astronomy education platform. Feel free to explore the pages and learn more about space. The
+statistics page offers information on visitor counts on your deployed service.
 
 ## Version Cluster Profiles
 
@@ -726,7 +726,7 @@ the following command to stop and remove the container.
 
 ```shell
 docker stop tutorialContainer && \
-docker rmi --force ghcr.io/spectrocloud/tutorials:1.1.8
+docker rmi --force ghcr.io/spectrocloud/tutorials:1.1.9
 ```
 
 </TabItem>
@@ -735,7 +735,7 @@ docker rmi --force ghcr.io/spectrocloud/tutorials:1.1.8
 
 ```shell
 podman stop tutorialContainer && \
-podman rmi --force ghcr.io/spectrocloud/tutorials:1.1.8
+podman rmi --force ghcr.io/spectrocloud/tutorials:1.1.9
 ```
 
 </TabItem>

docs/docs-content/getting-started/azure/scale-secure-cluster.md

@@ -122,7 +122,7 @@ displays. The Palette UI confirms that the cluster profile was created in the sc
 Select the cluster profile to view its details. The cluster profile summary appears.
 
 This cluster profile deploys the [Hello Universe](https://github.com/spectrocloud/hello-universe) application using a
-pack. Click on the **hellouniverse 1.1.3** layer. The pack manifest editor appears.
+pack. Click on the **hellouniverse 1.2.0** layer. The pack manifest editor appears.
 
 Click on **Presets** on the right-hand side. You can learn more about the pack presets on the pack README, which is
 available in the Palette UI. Select the **Enable Hello Universe API** preset. The pack manifest changes accordingly.
@@ -339,8 +339,8 @@ worker node, which is the node that does not have the `control-plane` role. In t
 
 ```shell
 NAME                                   STATUS   ROLES           AGE   VERSION
-azure-cluster-cp-75841-bmt5v           Ready    control-plane   56m   v1.28.11
-azure-cluster-worker-pool-6058-7tk4b   Ready    <none>          42m   v1.28.11
+azure-cluster-cp-75841-bmt5v           Ready    control-plane   56m   v1.28.13
+azure-cluster-worker-pool-6058-7tk4b   Ready    <none>          42m   v1.28.13
 ```
 
 The Hello Universe pack deploys three pods in the `hello-universe` namespace. Execute the following command to verify
@@ -388,9 +388,9 @@ are the worker nodes.
 
 ```shell
 NAME                                     STATUS   ROLES           AGE    VERSION
-azure-cluster-cp-77030-5szc5             Ready    control-plane   114m   v1.28.11
-azure-cluster-worker-pool-2-6895-pbfnm   Ready    <none>          99m    v1.28.11
-azure-cluster-worker-pool-e54e-64fwj     Ready    <none>          102m   v1.28.11
+azure-cluster-cp-77030-5szc5             Ready    control-plane   114m   v1.28.13
+azure-cluster-worker-pool-2-6895-pbfnm   Ready    <none>          99m    v1.28.13
+azure-cluster-worker-pool-e54e-64fwj     Ready    <none>          102m   v1.28.13
 ```
 
 It is common to dedicate node pools to a particular type of workload. One way to specify this is through the use of
@@ -408,7 +408,7 @@ workloads execute on which nodes.
 Switch back to Palette in your web browser. Navigate to the left **Main Menu** and select **Profiles**. Select the
 cluster profile deployed to your cluster, named `azure-profile`. Ensure that the **1.1.0** version is selected.
 
-Click on the **hellouniverse 1.1.3** layer. The manifest editor appears. Set the
+Click on the **hellouniverse 1.2.0** layer. The manifest editor appears. Set the
 `manifests.hello-universe.ui.useTolerations` field on line 20 to `true`. Then, set the
 `manifests.hello-universe.ui.effect` field on line 22 to `NoExecute`. This toleration describes that the UI pods of
 Hello Universe will tolerate the taint with the key `app`, value `ui` and effect `NoExecute`. The tolerations of the UI

docs/docs-content/getting-started/azure/update-k8s-cluster.md

@@ -43,7 +43,7 @@ provisioned and in a healthy state.
 
 The cluster profile name is `azure-profile` and the cluster name is `azure-cluster`.
 
-![Cluster details page with service URL highlighted](/getting-started/azure/getting-started_deploy-k8s-cluster_service_url.webp)
+![Cluster details page](/getting-started/azure/getting-started_update-k8s-cluster_cluster-healthy.webp)
 
 ## Tag and Filter Clusters
 
@@ -167,7 +167,7 @@ visualization tools. Read more about
 [Navigating the Kubecost UI](https://docs.kubecost.com/using-kubecost/navigating-the-kubecost-ui) to make the most of
 the cost analyzer.
 
-![Image that shows the Kubecost UI](/getting-started/getting-started_update-k8s-cluster_kubecost-ui.webp)
+![Image that shows the Kubecost UI](/getting-started/azure/getting-started_update-k8s-cluster_kubecost-ui.webp)
 
 Once you are done exploring locally, you can stop the `kubectl port-forward` command by closing the terminal window it
 is executing from.
@@ -192,7 +192,7 @@ Click on **Save** to confirm your changes.
 Palette now makes the changes required for the cluster to return to the state specified in version **1.0.0** of your
 cluster profile. Once your changes have completed, Palette marks your layers with the green status indicator.
 
-![Cluster details page with service URL highlighted](/getting-started/azure/getting-started_deploy-k8s-cluster_service_url.webp)
+![Cluster details page with service URL highlighted](/getting-started/azure/getting-started_update-k8s-cluster_rollback.webp)
 
 ## Pending Updates