1
00:00:02,150 --> 00:00:04,070
So, were you successful?

2
00:00:04,070 --> 00:00:05,790
Let's add it together.

3
00:00:05,790 --> 00:00:08,590
And for that, I'll add a tasks.yaml file

4
00:00:08,590 --> 00:00:10,450
which will hold all the resources

5
00:00:10,450 --> 00:00:12,463
this tasks deployment needs.

6
00:00:13,400 --> 00:00:16,810
And actually, here, we got two resources we wanna add,

7
00:00:16,810 --> 00:00:19,920
a deployment and a service.

8
00:00:19,920 --> 00:00:22,830
So I'll start with the deployment,

9
00:00:22,830 --> 00:00:26,680
and here the apiVersion should be apps/v1,

10
00:00:26,680 --> 00:00:28,763
and the kind of course is deployment.

11
00:00:29,910 --> 00:00:32,340
Now we add metadata and give it a name,

12
00:00:32,340 --> 00:00:35,660
just as we provide a name to all the resources

13
00:00:35,660 --> 00:00:37,490
we create with Kubernetes,

14
00:00:37,490 --> 00:00:40,303
and I'll name it tasks-deployment.

15
00:00:41,530 --> 00:00:44,980
Next we add the specification for this deployment

16
00:00:44,980 --> 00:00:48,250
and here, we therefore specify the number of replicas,

17
00:00:48,250 --> 00:00:51,820
and I'll go with one here, you could of course go with more.

18
00:00:51,820 --> 00:00:56,040
And I will also define the template for the ports

19
00:00:56,040 --> 00:00:58,040
that should be added to this deployment.

20
00:00:59,080 --> 00:01:02,040
And actually, I will already add a selector here

21
00:01:02,040 --> 00:01:04,310
with the matchLabels key

22
00:01:04,310 --> 00:01:09,100
and match by the app label with a value of task.

23
00:01:11,400 --> 00:01:14,210
And then, here, in the template for this deployment,

24
00:01:14,210 --> 00:01:17,850
so the template for the parts of this deployment,

25
00:01:17,850 --> 00:01:22,850
I will add the metadata field and add the labels here,

26
00:01:23,250 --> 00:01:26,180
and here add this task label

27
00:01:26,180 --> 00:01:29,460
so app is the label name, task is the value

28
00:01:29,460 --> 00:01:33,000
so that this selector is able to match these parts

29
00:01:33,000 --> 00:01:34,823
created by this deployment.

30
00:01:35,860 --> 00:01:40,440
Now, besides the metadata, just as in the other deployments,

31
00:01:40,440 --> 00:01:43,140
like here, the users.yaml file,

32
00:01:43,140 --> 00:01:45,740
we of course also need to add a spec here

33
00:01:46,810 --> 00:01:51,200
to the template for the ports, so let's do that.

34
00:01:51,200 --> 00:01:55,190
And now define how the port should be configured.

35
00:01:55,190 --> 00:01:56,600
Now it's here where we wanted

36
00:01:56,600 --> 00:01:59,350
to find the containers we plan on using.

37
00:01:59,350 --> 00:02:03,230
So nested below spec in the template part,

38
00:02:03,230 --> 00:02:04,850
I will add containers,

39
00:02:04,850 --> 00:02:08,389
and then give every container a name like task.

40
00:02:08,389 --> 00:02:11,690
So just as we did it before for the users-api,

41
00:02:11,690 --> 00:02:16,483
actually to be in line I will therefore name it, tasks-api.

42
00:02:17,940 --> 00:02:21,780
Then define the image which I have yet to create and push,

43
00:02:21,780 --> 00:02:25,920
but I will name it kub-dep-tasks like this

44
00:02:25,920 --> 00:02:27,913
on my academind repository.

45
00:02:29,390 --> 00:02:31,950
And then I got some environment variables

46
00:02:31,950 --> 00:02:34,760
and actually, we can grab the environment variables

47
00:02:34,760 --> 00:02:37,290
from users.yaml because I will use

48
00:02:37,290 --> 00:02:39,830
exactly the same environment variables

49
00:02:39,830 --> 00:02:44,830
with exactly the same values here for this tasks setup.

50
00:02:45,500 --> 00:02:49,290
So therefore, here, below image on the same level as image,

51
00:02:49,290 --> 00:02:52,440
we add the environment variables for this container,

52
00:02:52,440 --> 00:02:54,620
and there I got the MONGODB_CONNECTION_URI

53
00:02:55,490 --> 00:02:58,950
environment variable and the AUTH_API_ADDRESS

54
00:02:58,950 --> 00:03:00,250
environment variable.

55
00:03:00,250 --> 00:03:03,763
Again, just as we had it in the users.yaml file.

56
00:03:05,000 --> 00:03:07,723
And that's the configuration for this deployment.

57
00:03:08,720 --> 00:03:10,780
Next, let's add the service,

58
00:03:10,780 --> 00:03:13,380
maybe here above the deployment.

59
00:03:13,380 --> 00:03:15,983
And here we got a apiVersion of just v1,

60
00:03:17,580 --> 00:03:22,480
set the kind to Service, and of course,

61
00:03:22,480 --> 00:03:25,760
give that service a name by adding a metadata here

62
00:03:25,760 --> 00:03:29,670
and giving it a name of tasks-service,

63
00:03:29,670 --> 00:03:33,370
and then add the specification for this service.

64
00:03:33,370 --> 00:03:36,510
And here, as always, we need to select which parts

65
00:03:36,510 --> 00:03:38,930
should be managed by this service.

66
00:03:38,930 --> 00:03:42,740
We need to set up the type of service if we don't wanna go

67
00:03:42,740 --> 00:03:45,690
with the default, which would be cluster IP,

68
00:03:45,690 --> 00:03:48,550
and we of course, also needs to, well,

69
00:03:48,550 --> 00:03:50,420
provide some information about the ports

70
00:03:50,420 --> 00:03:53,380
which should be exposed by the service.

71
00:03:53,380 --> 00:03:55,250
So let's start with the selector

72
00:03:55,250 --> 00:03:59,390
and here, I'll of course select by the app key here

73
00:03:59,390 --> 00:04:04,390
and look for a value of tasks, actually singular task.

74
00:04:05,940 --> 00:04:08,680
Then, set the type here to LoadBalancer

75
00:04:08,680 --> 00:04:11,580
because this service should be reachable

76
00:04:11,580 --> 00:04:15,290
from the outside world, just like the user's service.

77
00:04:15,290 --> 00:04:17,660
Because this will be a service I wanna

78
00:04:17,660 --> 00:04:21,160
send requests to with postman.

79
00:04:21,160 --> 00:04:23,013
And then for the ports,

80
00:04:24,400 --> 00:04:28,943
just like on users.yaml, I wanna add one port.

81
00:04:29,980 --> 00:04:34,120
So add one dash here with a protocol of TCP

82
00:04:34,120 --> 00:04:38,310
and set the port for the outside world to 80, maybe,

83
00:04:38,310 --> 00:04:42,560
but set the port that is targeted in the container

84
00:04:42,560 --> 00:04:44,770
to the port I'm listening on.

85
00:04:44,770 --> 00:04:49,660
So in the tasks-app.js file, I'm listening on port 3000,

86
00:04:49,660 --> 00:04:52,993
so therefore, that's my target port here.

87
00:04:54,520 --> 00:04:57,190
And that's the service and the deployment.

88
00:04:57,190 --> 00:05:00,440
Now we don't need to add anything else here for the tasks

89
00:05:00,440 --> 00:05:02,230
because in the code here,

90
00:05:02,230 --> 00:05:05,490
I'm not doing anything which would require a volume,

91
00:05:05,490 --> 00:05:08,420
and therefore, we should be good like that.

92
00:05:08,420 --> 00:05:11,330
Hence, now I need to build and push this image

93
00:05:11,330 --> 00:05:13,610
so that we can then launch the deployment

94
00:05:13,610 --> 00:05:15,870
which of course needs that image.

95
00:05:15,870 --> 00:05:20,000
So go into that tasks-api folder and build the image

96
00:05:20,000 --> 00:05:24,780
and give it a tag, in my case, academind/kub-dep-tasks

97
00:05:26,520 --> 00:05:29,150
and then, also make sure you create a repository

98
00:05:29,150 --> 00:05:32,840
on docker hub, so there, create a new repository

99
00:05:32,840 --> 00:05:36,780
and give it that same name you just gave

100
00:05:36,780 --> 00:05:41,663
to your image which you built so in my case, kub-dep-tasks,

101
00:05:43,467 --> 00:05:46,033
create that repository on docker hub,

102
00:05:47,470 --> 00:05:51,880
and then, of course, push the image you just built

103
00:05:52,730 --> 00:05:56,233
to docker hub, like this.

104
00:05:57,310 --> 00:06:00,210
Now, let's wait until this is pushed

105
00:06:00,210 --> 00:06:03,050
and once it is, we can of course try

106
00:06:03,050 --> 00:06:06,170
using our brand new tasks.yaml file

107
00:06:06,170 --> 00:06:09,313
and try applying it to our EKS cluster.

108
00:06:11,620 --> 00:06:16,143
So here we go, now, navigate into the Kubernetes folder,

109
00:06:18,510 --> 00:06:23,510
like this and there, run kubectl apply-f=tasks.yaml

110
00:06:25,390 --> 00:06:27,950
and that should create the new deployment

111
00:06:27,950 --> 00:06:30,610
and the new service.

112
00:06:30,610 --> 00:06:34,110
And therefore, also automatically here on AWS,

113
00:06:34,110 --> 00:06:37,093
a brand new LoadBalancer for that service.

114
00:06:38,140 --> 00:06:41,640
Actually, as I mentioned, I also did tweak the source code

115
00:06:41,640 --> 00:06:45,940
in the other folders auth-api and users-api,

116
00:06:45,940 --> 00:06:48,310
so therefore, definitely also make sure

117
00:06:48,310 --> 00:06:50,325
you rebuilt all these images,

118
00:06:50,325 --> 00:06:54,910
therefore, I will actually go into these folders as well

119
00:06:54,910 --> 00:06:57,933
and rebuild the images in these folders,

120
00:06:58,860 --> 00:07:00,740
as well as the other image.

121
00:07:00,740 --> 00:07:05,740
So all the rebuilt the kub-dep-auth image

122
00:07:05,780 --> 00:07:08,110
based on the auth-api folder

123
00:07:08,110 --> 00:07:10,963
and then of course also push that image,

124
00:07:12,720 --> 00:07:16,290
and once that is pushed, I'll do the same for the users-api

125
00:07:16,290 --> 00:07:18,070
because the code in there changed,

126
00:07:18,070 --> 00:07:21,720
and of course, all the latest code should be on docker hub,

127
00:07:21,720 --> 00:07:25,000
so that our deployments on EKS

128
00:07:25,000 --> 00:07:27,153
pick up the latest image versions.

129
00:07:28,050 --> 00:07:31,380
Let's go into the users-api folder

130
00:07:31,380 --> 00:07:33,960
and build the image there as well,

131
00:07:33,960 --> 00:07:37,230
with the appropriate tag, of course, like this

132
00:07:39,170 --> 00:07:43,593
and now that it was built, also push it like this

133
00:07:45,380 --> 00:07:47,450
and now, once that is pushed,

134
00:07:47,450 --> 00:07:52,450
I will reapply the auth and the users.yaml file

135
00:07:54,030 --> 00:07:56,620
and delete the existing deployments first,

136
00:07:56,620 --> 00:07:58,993
so that the new images are picked up.

137
00:08:00,170 --> 00:08:03,490
So let's go into the Kubernetes folder,

138
00:08:03,490 --> 00:08:08,120
and run kubectl delete deployment users-deployment,

139
00:08:11,870 --> 00:08:16,720
and then do the same for the auth-deployment

140
00:08:16,720 --> 00:08:20,050
so that these deployments and ports are cleared

141
00:08:20,050 --> 00:08:23,010
and then, also apply these files again,

142
00:08:23,010 --> 00:08:27,203
so users.yaml and the auth.yaml file.

143
00:08:28,090 --> 00:08:32,100
And with that, we will have applied all these changes.

144
00:08:32,100 --> 00:08:33,840
If we now get our deployments,

145
00:08:33,840 --> 00:08:36,440
we should have three deployments

146
00:08:36,440 --> 00:08:38,039
and eventually, the user's deployment

147
00:08:38,039 --> 00:08:39,539
should also be up and running.

148
00:08:41,549 --> 00:08:43,980
Yes, here it is, and we got our various

149
00:08:43,980 --> 00:08:46,310
ports up and running here as well.

150
00:08:46,310 --> 00:08:48,730
Old ports are still shutting down,

151
00:08:48,730 --> 00:08:52,563
and with that, we can now give this a try again.

152
00:08:53,410 --> 00:08:57,080
And for that, I'll first of all get my services again,

153
00:08:57,080 --> 00:08:59,670
to get all these external IP addresses.

154
00:08:59,670 --> 00:09:03,110
And now we got two services with an external IP

155
00:09:03,110 --> 00:09:05,960
because the tasks-service was also launched

156
00:09:05,960 --> 00:09:07,573
with type LoadBalancer.

157
00:09:08,440 --> 00:09:11,900
And therefore, on AWS, a new LoadBalancer

158
00:09:11,900 --> 00:09:14,010
was created for it.

159
00:09:14,010 --> 00:09:16,200
So let's give this a try now.

160
00:09:16,200 --> 00:09:18,650
For this, I'll grab this address

161
00:09:18,650 --> 00:09:21,920
of the new tasks service LoadBalancer,

162
00:09:21,920 --> 00:09:26,770
and I'll head over to Postman and here on Postman,

163
00:09:26,770 --> 00:09:29,420
I now try to get my tasks

164
00:09:29,420 --> 00:09:32,930
by sending a get request to this URL,

165
00:09:32,930 --> 00:09:36,860
so the URL I just grabbed slash tasks.

166
00:09:36,860 --> 00:09:39,260
And for the moment, I'll not add anything else,

167
00:09:39,260 --> 00:09:44,133
no extra header, no body, just a get request to this URL.

168
00:09:45,140 --> 00:09:47,860
If we try this, we should get back a response,

169
00:09:47,860 --> 00:09:50,210
which is good, but the response tells us

170
00:09:50,210 --> 00:09:53,150
that we could not authenticate that user.

171
00:09:53,150 --> 00:09:55,430
And that makes sense because actually this

172
00:09:55,430 --> 00:09:59,350
is a request which requires authentication.

173
00:09:59,350 --> 00:10:03,150
It needs token attached to the outgoing request

174
00:10:03,150 --> 00:10:06,257
so that the API is able to verify whether

175
00:10:06,257 --> 00:10:08,993
this request comes from a logged in user.

176
00:10:09,880 --> 00:10:14,680
Now to get such a token, we need to send a log in request

177
00:10:14,680 --> 00:10:17,440
to the other load balancers address

178
00:10:17,440 --> 00:10:21,973
so the users services address, so this address here,

179
00:10:23,090 --> 00:10:26,830
we send the request to that address, slash login,

180
00:10:26,830 --> 00:10:30,370
and add a body with a email and password field

181
00:10:30,370 --> 00:10:35,370
in JSON format and if we do that, with a valid password,

182
00:10:36,920 --> 00:10:39,223
we actually get back such a token,

183
00:10:40,400 --> 00:10:43,520
we can then grab this token, and of course for that,

184
00:10:43,520 --> 00:10:46,750
by the way, you need that user, if you don't have that user,

185
00:10:46,750 --> 00:10:50,520
send a signup request first with some user data

186
00:10:50,520 --> 00:10:53,160
but once you have that, once you had did login,

187
00:10:53,160 --> 00:10:56,860
grab that token, and then go back to the GET requests

188
00:10:56,860 --> 00:11:01,850
from before to slash tasks, and add a header authorization,

189
00:11:03,250 --> 00:11:07,830
and for the header, a value of bearer whitespace

190
00:11:07,830 --> 00:11:11,400
and then that token, just copy and paste it in

191
00:11:11,400 --> 00:11:13,530
and make sure this header is added

192
00:11:13,530 --> 00:11:17,720
to the outgoing GET request and if you send this now,

193
00:11:17,720 --> 00:11:21,743
you should get back a response with an empty list of tasks.

194
00:11:22,680 --> 00:11:26,240
Now to change that, and to make that not empty anymore,

195
00:11:26,240 --> 00:11:30,690
you can send a POST request to that URL/tasks.

196
00:11:30,690 --> 00:11:34,400
So the URL for the tasks service with that

197
00:11:34,400 --> 00:11:39,030
authorization header added as well, so that same header,

198
00:11:39,030 --> 00:11:42,110
we added with the same value, on the get request

199
00:11:42,110 --> 00:11:46,960
so authorization with bearer whitespace and then that token,

200
00:11:46,960 --> 00:11:49,590
and since it's a POST requests, add a body,

201
00:11:49,590 --> 00:11:51,940
which should be JSON data,

202
00:11:51,940 --> 00:11:55,870
where you can add a title like learn Docker,

203
00:11:55,870 --> 00:12:00,870
and then a text field for the title, learn it in depth.

204
00:12:01,390 --> 00:12:03,570
So make sure you add this JSON data to

205
00:12:03,570 --> 00:12:06,603
this post request, click Send,

206
00:12:07,480 --> 00:12:10,820
and this task will be created.

207
00:12:10,820 --> 00:12:13,960
And here you get the task which was sent back.

208
00:12:13,960 --> 00:12:16,290
And if you now send the get request, again,

209
00:12:16,290 --> 00:12:20,593
with the same token attached, you should see that task here.

210
00:12:21,970 --> 00:12:25,730
If you log in with a different user, so here, for example,

211
00:12:25,730 --> 00:12:28,930
with the test two user, which I also created,

212
00:12:28,930 --> 00:12:32,400
you get a new token, and if you use that token

213
00:12:32,400 --> 00:12:36,630
on the get request, as a value after bearer,

214
00:12:36,630 --> 00:12:39,150
you will see that you get an empty list of tasks,

215
00:12:39,150 --> 00:12:41,340
because this is a different user

216
00:12:41,340 --> 00:12:43,573
and this user has no tasks yet.

217
00:12:45,260 --> 00:12:47,700
Now we can also delete a task, and for this,

218
00:12:47,700 --> 00:12:50,480
we need the ID of the task, which you for example,

219
00:12:50,480 --> 00:12:53,680
got back when you created that task.

220
00:12:53,680 --> 00:12:58,680
And then you can send a delete request here to this URL.

221
00:13:00,490 --> 00:13:04,163
So the load balancer URL/tasks.

222
00:13:05,370 --> 00:13:10,370
Also add your authorization header there

223
00:13:10,570 --> 00:13:12,980
with that bearer token value.

224
00:13:12,980 --> 00:13:16,840
So make sure you add that here as well on the Delete request

225
00:13:16,840 --> 00:13:20,890
and then in the URL after slash tasks,

226
00:13:20,890 --> 00:13:24,330
also add the ID of the task you wanna delete, for example,

227
00:13:24,330 --> 00:13:29,250
this task here, which we just created and if you sent this,

228
00:13:29,250 --> 00:13:32,040
you will get back that you're not authorized

229
00:13:32,040 --> 00:13:34,640
if you're sending this from the wrong user.

230
00:13:34,640 --> 00:13:37,150
But if I do log in with the first user, again,

231
00:13:37,150 --> 00:13:39,373
who is the user that created the task,

232
00:13:40,210 --> 00:13:44,610
and I use this user's token, like this,

233
00:13:44,610 --> 00:13:49,610
and add this here, as a value for the bearer token,

234
00:13:50,530 --> 00:13:54,200
then you will see that the task is deleted

235
00:13:54,200 --> 00:13:59,200
and therefore, if I try to get my task again for that user,

236
00:13:59,810 --> 00:14:02,100
I also get an empty list here.

237
00:14:02,100 --> 00:14:05,190
And that is the challenge solved.

238
00:14:05,190 --> 00:14:08,900
Now we got three main API's deployed

239
00:14:08,900 --> 00:14:12,800
in our Kubernetes cluster, we got the auth-api,

240
00:14:12,800 --> 00:14:14,690
which is cluster internal,

241
00:14:14,690 --> 00:14:17,630
and we got two public facing API's

242
00:14:17,630 --> 00:14:21,390
because their services use the load balancer type.

243
00:14:21,390 --> 00:14:26,390
And all these services and ports are managed by Kubernetes.

244
00:14:26,430 --> 00:14:30,210
And with help of EKS, this AWS service,

245
00:14:30,210 --> 00:14:32,670
which gave us this Kubernetes cluster,

246
00:14:32,670 --> 00:14:35,350
they can talk to each other we got a volume,

247
00:14:35,350 --> 00:14:37,680
and therefore we applied everything we learned

248
00:14:37,680 --> 00:14:41,410
over the last core section, in a real example,

249
00:14:41,410 --> 00:14:45,253
on a real cluster, on a real cloud provider.