1
00:00:02,130 --> 00:00:04,260
Now, after the last lecture

2
00:00:04,260 --> 00:00:06,970
in the end we now got this version

3
00:00:06,970 --> 00:00:10,160
of our application implemented with Kubernetes.

4
00:00:10,160 --> 00:00:12,520
I mean, the tasks API is missing actually

5
00:00:12,520 --> 00:00:15,010
but for the Users and Auth API,

6
00:00:15,010 --> 00:00:17,560
we got those app and running in the same Pod

7
00:00:17,560 --> 00:00:19,700
they are able to talk to each other

8
00:00:19,700 --> 00:00:21,830
and we are able to send the request

9
00:00:21,830 --> 00:00:24,000
to the Users API.

10
00:00:24,000 --> 00:00:25,670
Now, however, of course

11
00:00:25,670 --> 00:00:28,180
I also want to deploy the Tasks API

12
00:00:28,180 --> 00:00:29,470
in a separate port

13
00:00:29,470 --> 00:00:32,580
and make sure that we can send requests there too.

14
00:00:32,580 --> 00:00:34,810
And now in addition,

15
00:00:34,810 --> 00:00:36,570
actually the Auth API

16
00:00:36,570 --> 00:00:39,290
should not be public-facing at all.

17
00:00:39,290 --> 00:00:40,920
And it kind of already is

18
00:00:40,920 --> 00:00:42,660
because we're not exposing its port

19
00:00:42,660 --> 00:00:44,300
on the service I guess,

20
00:00:44,300 --> 00:00:46,130
but I also wanna make sure

21
00:00:46,130 --> 00:00:48,470
and that's the thing which is missing at the moment

22
00:00:48,470 --> 00:00:50,490
that the Tasks API is able

23
00:00:50,490 --> 00:00:52,470
to talk to the Auth API

24
00:00:52,470 --> 00:00:55,360
because it also needs to do that in its code.

25
00:00:55,360 --> 00:00:57,460
But, and that's the key thing

26
00:00:57,460 --> 00:01:02,460
I still wanna have to Tasks API run in a separate port.

27
00:01:02,940 --> 00:01:04,700
And therefore the goal

28
00:01:04,700 --> 00:01:07,970
in the end is to create a brand new Pod

29
00:01:07,970 --> 00:01:12,060
and also a new deployment for the Users API.

30
00:01:12,060 --> 00:01:14,560
So that in the end we have three different kinds

31
00:01:14,560 --> 00:01:18,320
of ports and therefore three different deployments.

32
00:01:18,320 --> 00:01:22,380
And we ensure that these ports can communicate

33
00:01:22,380 --> 00:01:25,240
with each other as shown on this picture

34
00:01:26,100 --> 00:01:28,980
which means we'll also need multiple services.

35
00:01:28,980 --> 00:01:30,930
And for example, those service

36
00:01:30,930 --> 00:01:34,170
which manages the port for the Auth API,

37
00:01:34,170 --> 00:01:36,870
should not be public facing at all.

38
00:01:36,870 --> 00:01:39,070
It should be cluster-internal

39
00:01:39,070 --> 00:01:40,580
but it should be reachable

40
00:01:40,580 --> 00:01:42,710
by both the Users API.

41
00:01:42,710 --> 00:01:45,020
So the Pod containing data container

42
00:01:45,020 --> 00:01:47,220
and the Tasks API.

43
00:01:47,220 --> 00:01:50,010
So that's where we were going to move next.

44
00:01:50,010 --> 00:01:51,100
We're going to have a look

45
00:01:51,100 --> 00:01:55,460
at port to Pod communication inside of a cluster,

46
00:01:55,460 --> 00:01:58,233
and we will use multiple services for that.

47
00:01:59,400 --> 00:02:01,320
So to move on

48
00:02:01,320 --> 00:02:05,110
and to make sure that we implement our application

49
00:02:05,110 --> 00:02:07,170
as shown on the last slide.

50
00:02:07,170 --> 00:02:10,910
We obviously need to make a couple of changes.

51
00:02:10,910 --> 00:02:11,743
For example,

52
00:02:11,743 --> 00:02:12,960
we need a new deployment

53
00:02:12,960 --> 00:02:14,660
for the Auth API,

54
00:02:14,660 --> 00:02:17,110
so that the Auth and the user container

55
00:02:17,110 --> 00:02:20,060
no longer run in the same port.

56
00:02:20,060 --> 00:02:22,550
And that's actually what I'm going to start with.

57
00:02:22,550 --> 00:02:27,200
So we should add a new Auth deployment on Yaml file here.

58
00:02:27,200 --> 00:02:29,700
And we can basically copy

59
00:02:29,700 --> 00:02:33,450
the users deployment configuration I guess,

60
00:02:33,450 --> 00:02:35,580
but of course we'll tweak it a little bit.

61
00:02:35,580 --> 00:02:37,400
For the Auth deployment

62
00:02:37,400 --> 00:02:39,220
I will change the name of course,

63
00:02:39,220 --> 00:02:43,250
to Auth deployment change my selector here

64
00:02:43,250 --> 00:02:45,690
to app Auth and my label here

65
00:02:45,690 --> 00:02:47,390
for the port to app Auth

66
00:02:49,420 --> 00:02:52,280
remove the users container from that list

67
00:02:52,280 --> 00:02:54,710
and only leave the Auth container here

68
00:02:56,170 --> 00:02:59,210
so that our deployment looks like this.

69
00:02:59,210 --> 00:03:00,470
And then also go

70
00:03:00,470 --> 00:03:02,630
to the user's deployment Yaml file

71
00:03:02,630 --> 00:03:05,430
and there of course removed the auth container

72
00:03:05,430 --> 00:03:06,683
and leave it like this.

73
00:03:08,420 --> 00:03:09,253
So with that

74
00:03:09,253 --> 00:03:11,170
we now have two deployments

75
00:03:11,170 --> 00:03:14,120
and therefore two different kinds of ports

76
00:03:14,120 --> 00:03:15,990
which will be created.

77
00:03:15,990 --> 00:03:18,110
So the Auth and the user container,

78
00:03:18,110 --> 00:03:20,713
will no longer run in the same port.

79
00:03:22,030 --> 00:03:25,570
Now that of course has a couple of key implications

80
00:03:25,570 --> 00:03:27,980
for example, since the Auth deployment

81
00:03:27,980 --> 00:03:29,940
creates a brand new port

82
00:03:29,940 --> 00:03:32,870
this new Pod will not be reachable

83
00:03:32,870 --> 00:03:34,470
through a service,

84
00:03:34,470 --> 00:03:37,490
instead only inside Auth the cluster

85
00:03:37,490 --> 00:03:39,880
but even there, as I mentioned earlier

86
00:03:39,880 --> 00:03:41,630
because we're not having a service

87
00:03:41,630 --> 00:03:43,500
for this Auth deployment yet

88
00:03:43,500 --> 00:03:46,970
the IP address of that Pod could change all the time.

89
00:03:46,970 --> 00:03:49,520
If we scale it up or if it fails

90
00:03:49,520 --> 00:03:52,230
and it needs to be recreated for whatever reason

91
00:03:52,230 --> 00:03:54,330
and that's not ideal,

92
00:03:54,330 --> 00:03:58,720
hence I'll also add Auth service here

93
00:03:58,720 --> 00:04:01,700
and copy the user service configuration

94
00:04:01,700 --> 00:04:04,060
into the Auth service Yaml file.

95
00:04:04,060 --> 00:04:06,200
But of course, name it Auth service

96
00:04:06,200 --> 00:04:09,653
and select by the app Auth label,

97
00:04:10,540 --> 00:04:14,400
which is the label we gave our new Pod here

98
00:04:14,400 --> 00:04:16,493
in the Auth deployment Yaml file,

99
00:04:17,380 --> 00:04:20,890
and then I also want to use a different type

100
00:04:20,890 --> 00:04:22,960
and different ports.

101
00:04:22,960 --> 00:04:25,220
Now, when it comes to the ports,

102
00:04:25,220 --> 00:04:28,420
we have to look into the Auth API setup

103
00:04:28,420 --> 00:04:30,780
and we see that there it's port 80

104
00:04:30,780 --> 00:04:32,520
which has exposed,

105
00:04:32,520 --> 00:04:34,670
hence in the Auth service

106
00:04:34,670 --> 00:04:39,273
I will use port 80 as an outside and inside port.

107
00:04:40,140 --> 00:04:44,120
But the type is always important with load balancer,

108
00:04:44,120 --> 00:04:47,160
we would expose the Auth API

109
00:04:47,160 --> 00:04:48,440
to the public,

110
00:04:48,440 --> 00:04:50,580
and that's clearly not the goal here.

111
00:04:50,580 --> 00:04:52,800
It should not be public-facing,

112
00:04:52,800 --> 00:04:56,233
it should not be reachable from outset to cluster.

113
00:04:57,310 --> 00:05:00,320
Hence here will not use type load balancer

114
00:05:00,320 --> 00:05:01,850
for the Auth service,

115
00:05:01,850 --> 00:05:03,463
but cluster IP.

116
00:05:04,310 --> 00:05:07,200
This as I also mentioned briefly earlier

117
00:05:07,200 --> 00:05:12,200
we'll do some automatic load balancing done by Kubernetes

118
00:05:12,320 --> 00:05:14,960
but we're not getting exposed

119
00:05:14,960 --> 00:05:16,500
to the outside world.

120
00:05:16,500 --> 00:05:19,933
This will not be reachable from outside.

121
00:05:20,950 --> 00:05:22,880
And that's exactly what we want here

122
00:05:22,880 --> 00:05:25,820
only from inside our cluster

123
00:05:25,820 --> 00:05:27,820
this service can be reached

124
00:05:29,210 --> 00:05:30,900
and that of course then brings up

125
00:05:30,900 --> 00:05:32,810
another important question.

126
00:05:32,810 --> 00:05:34,300
How can we reach it?

127
00:05:34,300 --> 00:05:37,610
What should be our Auth address?

128
00:05:37,610 --> 00:05:41,270
It was a local host for requests sent

129
00:05:41,270 --> 00:05:43,750
to the Abra container when the container

130
00:05:43,750 --> 00:05:47,150
was in the same port as the users container.

131
00:05:47,150 --> 00:05:49,740
But that of course is not the case anymore

132
00:05:49,740 --> 00:05:52,183
so what should be the new address here?