Docker and Kubernetes Training Course Videos

Visit the Docker and Kubernetes Training Course course recordings page

United Arab Emirates - Docker and Kubernetes on AWS

                WEBVTT

00:00:20.200 --> 00:00:22.800
Now try to delete one of these pods.

00:00:22.800 --> 00:00:33.340
Delete a pod and observe what happens.

00:00:37.100 --> 00:00:45.460
Now it get a new pod immediately. This is what happens. Now describe the pod

00:00:47.620 --> 00:00:50.480
and see how does it look.

00:00:57.840 --> 00:01:05.520
So when you destroy the pod, you can see that it is controlled by demon set.

00:01:07.140 --> 00:01:11.000
So in your deployments when you create it was controlled by your replica set.

00:01:12.280 --> 00:01:13.740
It's controlled by your demon set.

00:01:14.080 --> 00:01:21.180
So these are very important for agents like monitoring agent or could be a logging agent

00:01:21.180 --> 00:01:27.500
because these must be up and running anytime. So if you can still monitor it but it takes

00:01:27.500 --> 00:01:33.060
some time for it to monitor it, it goes down again to start it. So this is very important

00:01:33.060 --> 00:01:38.820
because you need these to be running on every node and hence it's a good practice

00:01:38.820 --> 00:01:42.800
your demon set wherein they will come up automatically even if they go down.

00:01:42.960 --> 00:01:49.580
In this very similarly how you did updates, loading updates, revision history those things

00:01:49.580 --> 00:01:52.280
you can do in a demon set very similar to what you do in deployment.

00:01:54.880 --> 00:01:59.380
Now next task in your demon set.

00:02:01.740 --> 00:02:05.280
I want you to see the task two. I'm going to explain the task two.

00:02:05.400 --> 00:02:13.640
My use case right now is I have three worker nodes, example four, one, two, three, four.

00:02:14.380 --> 00:02:17.340
And this is using SSD.

00:02:18.860 --> 00:02:20.160
This is using SSD.

00:02:21.660 --> 00:02:23.760
And these are using HDD.

00:02:24.400 --> 00:02:31.020
This is HDD service. Now I want to install demon set, which is running on SSD because I

00:02:31.020 --> 00:02:35.360
want to have I want to install different storage agent because the SSD again use case,

00:02:35.500 --> 00:02:36.800
second use case. I'm getting it everyone.

00:02:36.960 --> 00:02:40.400
So what is what you do is you go and add a label.

00:02:41.740 --> 00:02:43.160
On which node you want.

00:02:45.080 --> 00:02:51.560
And the demon set would run only on that particular node, which has the label as simple as it.

00:02:52.520 --> 00:02:54.220
So the term is node selector.

00:02:55.580 --> 00:03:03.980
So what happens scheduler would go ahead and search for a node which has this particular label.

00:03:03.980 --> 00:03:10.360
And once it decides on which node, QBlet would go ahead and create a demon set with that copy.

00:03:11.480 --> 00:03:12.540
Do this now.

00:03:14.640 --> 00:03:16.060
Task two. So we can.

00:03:24.660 --> 00:03:26.240
Add a label.

00:03:34.920 --> 00:03:37.420
Check the label got added. Do a get nodes.

00:03:40.820 --> 00:03:42.100
Show labels.

00:03:45.800 --> 00:03:46.300
Commanders.

00:03:51.060 --> 00:03:52.240
Show labels.

00:03:55.020 --> 00:03:59.040
It shows the labels of all your worker nodes on master. We have master.

00:04:00.540 --> 00:04:02.460
These are your label and the values.

00:04:03.980 --> 00:04:07.240
For worker one, these are your keys and the values.

00:04:08.780 --> 00:04:14.380
And worker two, these are keys. So now under worker one, you see that a new label got added.

00:04:15.820 --> 00:04:18.580
So you can add the same label on multiple nodes.

00:04:23.100 --> 00:04:26.080
Yep. So now I want to run only on this now.

00:04:26.800 --> 00:04:30.220
That's my use case. So now create a YAML file.

00:04:35.000 --> 00:04:42.760
And run that YAML file.

00:04:47.080 --> 00:04:49.200
And I saved.

00:04:51.120 --> 00:04:51.580
Now apply.

00:05:03.980 --> 00:05:06.420
And now do a ds move wide.

00:05:07.480 --> 00:05:09.380
You see 21.

00:05:10.700 --> 00:05:11.580
Has gone to.

00:05:12.800 --> 00:05:13.480
SST.

00:05:15.140 --> 00:05:16.760
So now get pods.

00:05:17.840 --> 00:05:32.760
I can own wide and you see working on worker one. So this is how you can define a specific application or a version to get created on a specific node. So go on a specific label names.

00:05:34.140 --> 00:05:35.500
Are we good?

00:05:36.180 --> 00:05:38.540
Everyone. The second use case.

00:05:40.140 --> 00:05:46.160
So you can use any labels, either the label like SSD or you can use it. You can also use the existing labels.

00:05:47.820 --> 00:05:58.840
Or you can create any labels as required. So same syntax, for example, you can do like this. You can also go and do the same label for other nodes also.

00:06:00.720 --> 00:06:03.160
Now let's delete the demon set.

00:06:07.620 --> 00:06:08.440
It's gone.

00:06:10.620 --> 00:06:23.480
Now the next scenario. Can we do on the master? Let's do this. The big one, but interesting. So access the link. I'll explain this. So my use case here is we talked about your master has a taint.

00:06:24.980 --> 00:06:26.740
So the taint.

00:06:27.200 --> 00:06:32.480
This will look something like this. Correct. Let me go back. Let me show you.

00:06:32.480 --> 00:06:35.220
So if I do a describe.

00:06:39.400 --> 00:06:41.180
So this so now.

00:06:42.440 --> 00:06:54.260
I can override this on a specific part by mentioning this label name. So for example, let's consider that you go for a movie.

00:06:55.520 --> 00:06:58.000
Without a ticket, they don't allow you.

00:06:58.800 --> 00:07:15.200
But if you have the ticket, you can you'll be allowed. So similarly, this would be referred in the pod. For example, since I'm referring something like this, you see control plane or they're using a master.

00:07:16.240 --> 00:07:18.640
So you modify something like this.

00:07:20.120 --> 00:07:38.060
And you would use. So they're using a first one. So they have two masters. One master, you see, this is your label. Exist, no schedule. So this is what I'm talking about. This is a label. For colon, they're using the word exist and then is your no schedule effect.

00:07:39.540 --> 00:07:46.140
Now once you run this, the fluency is going to run it on the even the master because you have an exception. Please run this.

00:07:46.900 --> 00:07:51.780
Next copy this and see does this get positive the master now.

00:08:13.660 --> 00:08:20.000
So it's a separate namespace. See which namespace is it. They're doing cube system.

00:08:20.000 --> 00:08:22.800
They're checking cube system namespace.

00:08:31.220 --> 00:08:31.840
And you see.

00:08:34.460 --> 00:08:36.260
So get parts.

00:08:37.140 --> 00:09:01.540
I have an O wide and namespaces cube system and you see it is having is running all the fluency on your master worker one and worker two because we had mentioned a condition to tolerate taint money for this use case exception. Not a good use case to untaint it because master is meant for

00:09:02.940 --> 00:09:03.660
management.

00:09:05.420 --> 00:09:07.100
Don't untaint it completely.

00:09:07.260 --> 00:09:18.160
The third use case where where you can create the deployments. Now the fourth one, the one you can do it or just observe. So now how do you update and roll back.

00:09:19.000 --> 00:09:24.040
So I have an application running a demand set. I want to update this to a new version.

00:09:25.540 --> 00:09:27.980
Like what did for your

00:09:28.820 --> 00:09:29.340
deployments.

00:09:30.800 --> 00:09:47.220
So it supports both on delete. It means you delete and then create a new version. Rolling updater. It creates a new version. It doesn't have any downtime. So both we can do. So example. This is how it looks.

00:09:48.480 --> 00:09:49.740
The default is rolling update.

00:09:51.060 --> 00:09:57.860
So you can create this, for example, and the version is two point five point two and then

00:09:59.020 --> 00:10:12.260
You say apply it gets created. Now what you do is you update the template or you can start from here also. So I think start from here. Update this. First YAML file is with two point five point two.

00:10:13.440 --> 00:10:18.560
I want to update this version in this. So what I do, I can either edit.

00:10:19.820 --> 00:10:22.600
And modify the version to different version.

00:10:23.520 --> 00:10:30.560
Or we can use the set image which used before and using this will modify the version to a different version.

00:10:32.220 --> 00:10:35.420
And see how does it get updated in your version.

00:10:36.640 --> 00:10:39.180
Let's do this. The link which I gave it to you.

00:10:40.740 --> 00:10:43.260
Go down and do these start from here.

00:10:45.660 --> 00:10:48.560
So before we start delete the existing one.

00:11:20.820 --> 00:11:25.100
We're talking about this YAML file. I'm not saying it because it's a big, very big file. Okay, paste it.

00:11:33.040 --> 00:11:33.580
And add on it.

00:11:45.260 --> 00:11:52.100
Same. See which namespace it belongs to. Namespace again at cube system.

00:11:57.480 --> 00:12:04.640
You see this. And again you come to do a word wide and you see the version number.

00:12:09.120 --> 00:12:10.180
The parts.

00:12:13.180 --> 00:12:20.720
At two point five point two. Okay, see in your Elastic DS. So now I want to update this to

00:12:21.680 --> 00:12:29.120
other version. So either you can do edit method and manually modify this or

00:12:30.160 --> 00:12:37.280
we would go ahead and do the set image property. Let's use this method and see what happens.

00:12:44.120 --> 00:12:49.460
This is going to update the new version immediately to 2.6.

00:12:52.480 --> 00:12:59.980
It is done. So now let's go ahead and on the previous command. You see the beta 2.6.

00:13:02.240 --> 00:13:03.640
And get the parts.

00:13:08.840 --> 00:13:10.540
You can do a display with the part.

00:13:24.100 --> 00:13:27.520
And you can do a grep.

00:13:29.260 --> 00:13:34.240
And then say fluency.

00:14:08.560 --> 00:14:12.040
Let me see what I'm doing.

00:14:12.600 --> 00:14:30.920
Describe the part 2.1d-elastic-search-4s64inset. Describe the part 2.1d.

00:14:36.600 --> 00:14:37.780
I will do the script.

00:14:56.780 --> 00:15:00.040
I'm good. I have to do it for some reasons. I'm not sure.

00:15:19.980 --> 00:15:28.480
I'm not sure why it's not coming.

00:15:29.120 --> 00:15:33.360
So now when you check for other one, you see it is your demon set.

00:15:34.300 --> 00:15:42.800
And you can see also version number in here. Part. So it is using version number 2.6.0.

00:15:48.420 --> 00:15:49.120
Are we good?

00:15:53.060 --> 00:15:57.900
So similarly, you can also record. So to make some changes, you can record

00:15:58.920 --> 00:16:03.980
and you can revert back to previous versions. So in case you make any change,

00:16:04.280 --> 00:16:10.560
you might want to record the change, the revision history, and then you can revert back.

00:16:12.540 --> 00:16:14.460
This is what we say. Same what we did before.

00:16:15.360 --> 00:16:17.460
You want to do it or you're good.

00:16:18.120 --> 00:16:19.780
If you want, you can do it last one.

00:16:22.500 --> 00:16:28.640
Try to make some change, record it, and see if we can revert back to previous changes,

00:16:28.880 --> 00:16:34.000
previous division. Confirm once done. Once you're done, you can delete the demon set.

00:16:55.200 --> 00:16:58.620
Play around. Confirm once you're done.

00:17:09.080 --> 00:17:09.800
Any questions?

00:17:09.980 --> 00:17:10.760
I see many questions.

00:17:11.880 --> 00:17:16.720
They're good. Okay. Now next topic is your state foot sets.

00:17:17.780 --> 00:17:21.700
What do you mean by stateful? What do you mean by stateless?

00:17:21.820 --> 00:17:27.300
What do you mean by stateless? And what could be mean by stateful?

00:17:27.500 --> 00:17:28.560
Yes. Any example?

00:17:31.340 --> 00:17:36.460
Okay. For example, your deployments are stateless or stateful?

00:17:39.160 --> 00:17:42.280
Deployments are stateless or stateful.

00:17:44.440 --> 00:17:46.200
Okay. Why did you say that?

00:17:52.520 --> 00:17:55.940
Okay. Got it. So what is stateless to summarize?

00:17:56.560 --> 00:18:01.220
So in your deployment, when you delete the deployment or delete the pod,

00:18:02.140 --> 00:18:07.260
it is creating a new pod, but you are losing the content of the existing pod.

00:18:08.440 --> 00:18:12.720
So the new pod comes up. It doesn't get the same data as what was there in the previous

00:18:12.720 --> 00:18:19.440
stateful. If the pod goes down and comes back, it will have in the same data, what was there before.

00:18:21.020 --> 00:18:24.880
This was stateful. So stateful will have the data preserved.

00:18:25.520 --> 00:18:29.600
Stateless will not have the data preserved. Will not. Stateful is yes.

00:18:30.940 --> 00:18:36.700
Yeah. So now stateful. So we have a topic called stateful sets

00:18:36.700 --> 00:18:45.040
in which it preserves multiple things. So it can preserve the data.

00:18:46.280 --> 00:18:52.740
So simple example of where we can use this is for example, let's consider that you're

00:18:52.740 --> 00:19:01.960
playing a game, online game. It could be a football game. So when the power goes off,

00:19:01.960 --> 00:19:06.500
it comes back or something happens, internet goes down. You'll be back

00:19:06.500 --> 00:19:08.980
to the same screen where you were. That's the stateful.

00:19:10.400 --> 00:19:14.400
And in case you restart and start, it means it is stateless, something like this.

00:19:14.520 --> 00:19:18.840
So it preserves the exact screen or snapshot of what exactly you're doing.

00:19:19.920 --> 00:19:23.940
That is what is your stateful set being used for. So it preserves the data.

00:19:24.980 --> 00:19:31.460
It also preserves the hostname of the existing ones. They go down, come back.

00:19:31.960 --> 00:19:36.180
And also ordering. Let's see all these things with examples. These are the main

00:19:36.180 --> 00:19:41.760
use cases. Preserve data. Preserve ordering. Or you can ordering of creation

00:19:43.440 --> 00:19:47.560
and termination. And these are very important when you talk about databases

00:19:48.160 --> 00:19:52.960
or big data because they require these data to be highly preserved.

00:19:53.120 --> 00:19:56.980
All these challenges. Yeah. We'll talk about now about stateful sets.

00:19:56.980 --> 00:20:03.500
This is an example of a stateful set. So in this now, I have a cluster of database.

00:20:03.680 --> 00:20:07.780
My use case is this is my primary. So it has to first create the primary

00:20:08.640 --> 00:20:12.520
and after that, it has to create a second tree. So it means that it has to do

00:20:12.520 --> 00:20:18.700
follow orders 0, 1, and 2. And these also will read replicas.

00:20:19.000 --> 00:20:26.600
It means any read this is applications. So any write operations has to go into here.

00:20:27.140 --> 00:20:32.380
And any read has to go into here. So these are read replicas.

00:20:32.600 --> 00:20:37.920
And we're using to preserve the configuration using config maps.

00:20:38.120 --> 00:20:45.080
We also have the DNS names getting stored. So this is what we're talking about in lab.

00:20:45.700 --> 00:20:52.440
This is my use case. Open this. We'll go demo of this. We cannot do it because it requires

00:20:52.440 --> 00:20:59.100
kops. It requires a dynamic story class. We'll observe what exactly is happening.

00:20:59.680 --> 00:21:02.740
So this diagram, what they're doing here is to understand this diagram.

00:21:02.860 --> 00:21:08.500
We have a config map, which is having data of MySQL primary and secondary.

00:21:09.460 --> 00:21:13.820
Second, you can classify in a config map like something like this.

00:21:15.660 --> 00:21:18.820
And then they're talking to create a service.

00:21:18.820 --> 00:21:23.160
You see, they're using a service. They say cluster IP is none.

00:21:23.940 --> 00:21:29.740
This is called headless service. Headless service would remember the host names

00:21:29.740 --> 00:21:37.380
of your parts or what are you creating yet. And then we're using also a service

00:21:38.660 --> 00:21:45.300
which is going to use for your cluster IP. If it don't mention any specific

00:21:45.940 --> 00:21:50.940
type of service, we're going to create a cluster service. This is for internal communication.

00:21:52.520 --> 00:21:58.380
And we also have stateful sets like MySQL, three copies.

00:22:00.220 --> 00:22:04.720
But the database takes a very long time to get created. And hence we're using engine X for

00:22:04.720 --> 00:22:12.620
the example. So zero, one, and two. And each of them are having unit containers.

00:22:12.620 --> 00:22:17.240
First, create these. And then your actual project gets created.

00:22:18.180 --> 00:22:21.260
All this will happen in the packet. You see health checks.

00:22:23.180 --> 00:22:28.640
So in enterprises, you do all you need to create stateful set, services, health checks,

00:22:28.840 --> 00:22:33.600
all this will be part of your YAML files. Very big one. Volumes and all.

00:22:34.060 --> 00:22:38.360
And you see it is also using your dynamic storage class.

00:22:39.480 --> 00:22:44.000
So when you do something like this, it creates a copy like zero, one, and two.

00:22:44.960 --> 00:22:49.560
And you see here, it will follow the order list. This will get created first,

00:22:49.660 --> 00:22:53.540
next, this ordering happening. The proper order.

00:22:55.060 --> 00:22:59.300
And you can also make some changes. You find an IP address. I'm just going here.

00:22:59.820 --> 00:23:02.440
So then we'll come back to this again. I just want to show you this.

00:23:02.940 --> 00:23:06.060
So when you want something like this in which you want to create,

00:23:06.060 --> 00:23:11.180
you want to have an ordering and all these things, then your answer is stateful sets.

00:23:12.540 --> 00:23:15.420
So stateful sets are used for proper ordering while creating.

00:23:16.780 --> 00:23:19.820
You create zero, one, and two. If you terminate, delete the two,

00:23:19.860 --> 00:23:23.120
one, and two contours. And I want to have these other data.

00:23:23.920 --> 00:23:26.940
I want to present the host names for these views.

00:23:27.920 --> 00:23:32.300
The headless service is a service which is going to remember the host names

00:23:32.860 --> 00:23:37.340
when something happens. And also, you have a pod with the storage.

00:23:38.200 --> 00:23:41.360
So when they come up again, they'll have the same claim attached to it.

00:23:41.360 --> 00:23:48.240
We use this for databases, for big data. All these are use cases where stateful sets are

00:23:48.240 --> 00:23:52.360
preserved because these are very important for your applications of databases,

00:23:52.760 --> 00:23:56.020
data warehouse for those. Now, same, you can do on delete,

00:23:56.280 --> 00:23:59.460
rolling update, you can do. Yeah, same syntax.

00:24:00.180 --> 00:24:02.160
Did I understand the use cases of stateful sets everywhere?

00:24:02.160 --> 00:24:05.780
Why stateful sets? What are stateful sets?

00:24:07.740 --> 00:24:12.120
Okay, we'll not be doing this because it requires dynamic.

00:24:13.220 --> 00:24:18.460
So I had written that demo. So you install the kops method.

00:24:19.220 --> 00:24:22.440
So what you get first with a service. And this would be headless service.

00:24:22.520 --> 00:24:27.520
And then we map it to a stateful set. I'm using two copies of them.

00:24:28.650 --> 00:24:31.930
The next STS, for example. This is your claim.

00:24:33.610 --> 00:24:37.990
The PVC. Create it, it'll create 0 and 1.

00:24:38.010 --> 00:24:41.110
Then you log into each of the pods and get the host names.

00:24:41.190 --> 00:24:46.910
Create a test pod. And from the test pod, you go inside it

00:24:47.530 --> 00:24:50.690
and do an endless lookup. You're trying to resolve.

00:24:51.790 --> 00:24:54.910
And they get resolved to an IP address. So this is your DNS server.

00:24:54.910 --> 00:25:00.710
They get the resolve to the IPs, like 72, 0.3, or 0.21.

00:25:00.890 --> 00:25:04.070
Yeah, you're going to see a 03. So now 04.

00:25:04.870 --> 00:25:10.210
These are IPs of your VMs. Now what you do is, you delete the pod.

00:25:11.830 --> 00:25:15.130
They come back again. And when they create it,

00:25:15.270 --> 00:25:18.930
or determine, you can see, when they create, they get the proper order.

00:25:19.610 --> 00:25:23.590
01. And then again, you go and check they have the same host names.

00:25:23.590 --> 00:25:29.190
Now if you want to create a pod, go inside it, and again try to resolve it.

00:25:30.930 --> 00:25:35.170
It'll have dissolved the same IPs. Now you're going to scale up.

00:25:35.190 --> 00:25:40.550
For example, you scale up. You see 0, 1, 2, 3, 4, 5.

00:25:40.570 --> 00:25:43.530
It'll go in the proper order. And they'll have all the VPCs,

00:25:43.630 --> 00:25:45.810
PVG. These were very old, 23 minutes.

00:25:47.110 --> 00:25:50.450
They'll still be having the same PVC, TV, data, and the packet.

00:25:50.450 --> 00:25:53.630
They can roll down. They can do all the operations.

00:25:54.150 --> 00:25:59.290
They terminate in the reverse order. They can roll back to make a scale to less.

00:25:59.570 --> 00:26:04.310
And even if you roll back or delete anything, it'll still preserve your PVCs.

00:26:05.610 --> 00:26:12.150
It'll not delete it. So you have to manually delete the PVCs if you want to do it.

00:26:13.690 --> 00:26:16.730
And any updates in here, for example, you have straight-foot sets.

00:26:16.790 --> 00:26:20.070
You modify the template to a different version, like internet latest now.

00:26:21.390 --> 00:26:25.730
It'll also update in the proper order. First, it'll be your primary.

00:26:26.570 --> 00:26:29.570
In a second, they get updated. And you can delete the straight-foot set.

00:26:30.950 --> 00:26:34.370
When you try to do, let's try to do, but you can observe what happens.

00:26:34.430 --> 00:26:36.990
Let's try to run this. It gets stuck.

00:26:36.990 --> 00:26:40.770
It doesn't understand the three ones. So let's, for example,

00:26:40.770 --> 00:26:46.930
copy this. You copy and you paste it.

00:26:52.670 --> 00:26:57.310
And then you apply.

00:27:02.670 --> 00:27:09.010
Get STF and get the service.

00:27:11.010 --> 00:27:17.890
Okay. Now get pods, hypernode, y2. So it gets stuck.

00:27:20.030 --> 00:27:22.850
So let's create, because it's not, you can do a describe.

00:27:24.690 --> 00:27:32.290
The pod and says it requires a stateful, that is, it requires your

00:27:33.010 --> 00:27:34.790
dynamic storage class.

00:27:36.950 --> 00:27:39.510
Immediately looking for. We don't have that.

00:27:40.750 --> 00:27:42.910
And we cannot do it in your kube-adm.

00:27:44.650 --> 00:27:48.350
Okay. Now let's see what's happening in the back in PVC.

00:27:48.970 --> 00:27:52.270
You see this? You try to create a PVC automatically.

00:27:53.990 --> 00:27:55.810
It'll also create a PV, try to create a PV.

00:27:59.630 --> 00:28:03.230
Now let's do a scale up. So I'm going to say scale up your

00:28:03.230 --> 00:28:05.130
pod. Luckily, we can see what's happening.

00:28:05.350 --> 00:28:07.150
So we'll do a scale up for a pod.

00:28:26.210 --> 00:28:33.210
So now I do STS.

00:28:34.670 --> 00:28:38.410
Fine. So it's trying to create a back end and it'll be stuck

00:28:38.410 --> 00:28:40.590
because it's not working. Okay. Are we good?

00:28:40.670 --> 00:28:42.470
It'll not run, but this is your process.

00:28:43.390 --> 00:28:46.290
So concept is more important of stateful states.

00:28:47.730 --> 00:28:50.310
So now when you see this, the YAML files, observe this.

00:28:50.710 --> 00:28:54.190
So when you work in enterprises, you need to do all these things.

00:28:54.330 --> 00:28:57.190
You see this YAML file is just for stateful state, which I gave it to you.

00:28:57.550 --> 00:28:59.670
So you'll be using services.

00:29:01.050 --> 00:29:03.830
Internal, you'll be using services, which is headless.

00:29:05.090 --> 00:29:07.610
You'll be creating like they are stateful sets.

00:29:08.750 --> 00:29:11.030
And you will be using some volume mounts.

00:29:12.830 --> 00:29:13.950
You'll be unique containers.

00:29:15.410 --> 00:29:17.770
What do you want? All these, you can mention resources.

00:29:18.330 --> 00:29:19.270
How much resources you want.

00:29:19.510 --> 00:29:22.390
You can say this much you want.

00:29:22.530 --> 00:29:26.130
You define probing readiness probe.

00:29:26.130 --> 00:29:31.810
This example is giving you lots of all what you learned about in one single file.

00:29:34.350 --> 00:29:35.410
Let's go ahead and delete it.

00:29:43.670 --> 00:29:47.630
Now the last topic, security.

00:29:50.010 --> 00:29:53.770
Now, next one is Kubernetes security.

00:29:54.850 --> 00:29:58.050
Now let's consider that you're working for a company.

00:29:58.750 --> 00:30:01.850
And your administrator needs to provide access for you all.

00:30:01.890 --> 00:30:07.830
For example, they want to provide for Gene, might be for CK, you are the users.

00:30:09.250 --> 00:30:16.350
So based on what you are supposed to work on the project, they are supposed to provide you proper access.

00:30:17.470 --> 00:30:23.190
So they provide a mechanism that you can log in using a password or you can log in using a token.

00:30:23.950 --> 00:30:26.690
Or SSO, signal sign-off as authentication.

00:30:27.550 --> 00:30:29.590
Once you're logged in, what you can do.

00:30:31.550 --> 00:30:34.370
So they give you a modify access for your part.

00:30:35.150 --> 00:30:41.770
Might be read access for databases, parts, and to what level you can go.

00:30:41.870 --> 00:30:46.650
So if you are having a part, they can restrict that you can go only to TMP.

00:30:47.430 --> 00:30:48.410
Not more than this.

00:30:49.430 --> 00:30:52.230
You can go into like a wire folder, not more than this.

00:30:53.190 --> 00:30:56.390
And how many parts you can create and create.

00:30:58.010 --> 00:30:58.650
That's what admission.

00:30:59.150 --> 00:31:01.350
Authentication means how the users can log in.

00:31:02.290 --> 00:31:04.490
And once the users log in, what they can do.

00:31:05.830 --> 00:31:07.510
And to what level they can go.

00:31:07.970 --> 00:31:11.330
And what they can create or do that is called as admission controls.

00:31:12.590 --> 00:31:16.610
And this could be either given for you or for applications.

00:31:17.610 --> 00:31:21.150
So example, some of the application wants to communicate to cluster.

00:31:21.330 --> 00:31:21.830
How do they?

00:31:21.830 --> 00:31:24.830
We can define for users.

00:31:25.350 --> 00:31:27.190
We talk about groups.

00:31:28.510 --> 00:31:31.890
And we talk about some application communication normal talker service accounts.

00:31:33.190 --> 00:31:39.930
So for all these three, we can define policies, access controls, and all these things.

00:31:41.410 --> 00:31:44.690
So authentication is how they log in.

00:31:45.090 --> 00:31:48.110
Authentication means what access they get in.

00:31:48.810 --> 00:31:50.570
Admission control is to what level they can go.

00:31:50.570 --> 00:31:53.050
What they can do, all the admission controls.

00:31:53.310 --> 00:31:54.950
Normal users are you all.

00:31:54.990 --> 00:31:57.370
For working on the cluster, you are helping your customers.

00:31:58.190 --> 00:32:00.590
And service accounts are different like POD.

00:32:01.170 --> 00:32:02.310
Communicate with API.

00:32:02.370 --> 00:32:03.670
Using service account in the background.

00:32:04.230 --> 00:32:05.390
So example, you can see this.

00:32:05.710 --> 00:32:07.290
So when you have any PODs.

00:32:09.570 --> 00:32:10.230
Let me see.

00:32:10.630 --> 00:32:11.070
POD.

00:32:13.530 --> 00:32:14.090
Example.

00:32:16.570 --> 00:32:19.130
I do a describe the POD.

00:32:20.570 --> 00:32:25.450
And example, you see they use service account in the mouse.

00:32:28.490 --> 00:32:31.470
So they use service account for communication.

00:32:32.590 --> 00:32:35.730
Service accounts are not used in POD, API, or other services.

00:32:35.910 --> 00:32:36.930
They use service accounts.

00:32:40.310 --> 00:32:45.370
Now, how do we get started for giving access control?

00:32:46.750 --> 00:32:47.430
To authentication.

00:32:47.430 --> 00:32:51.070
So you can get authenticated using client certificates.

00:32:51.970 --> 00:32:52.670
Token files.

00:32:53.450 --> 00:32:53.930
Passwords.

00:32:54.290 --> 00:32:55.010
Account token.

00:32:55.310 --> 00:32:55.850
Open any.

00:32:56.030 --> 00:32:56.750
Lots of methods.

00:32:56.850 --> 00:32:57.890
So let's see this method.

00:32:58.830 --> 00:33:01.530
So users can authenticate by using certificates.

00:33:01.770 --> 00:33:03.050
Or do a lab using certificates.

00:33:04.090 --> 00:33:05.130
And then tokens.

00:33:05.290 --> 00:33:08.250
You can allow users to also log into SSO.

00:33:08.990 --> 00:33:10.150
We all know what is SSO.

00:33:10.650 --> 00:33:11.930
Do we know SSO?

00:33:11.990 --> 00:33:12.730
How does it work?

00:33:13.050 --> 00:33:13.370
Yes.

00:33:13.410 --> 00:33:13.590
No.

00:33:13.730 --> 00:33:15.550
For example, we all use SSO.

00:33:15.550 --> 00:33:17.510
Example, when you log into any website,

00:33:18.270 --> 00:33:20.870
they say that log in with a LinkedIn or Google.

00:33:21.830 --> 00:33:26.210
It means you are authenticating using a Google account,

00:33:26.610 --> 00:33:28.410
but you're logging on a different account.

00:33:29.210 --> 00:33:31.790
This is called as a federation or SSO.

00:33:33.050 --> 00:33:36.930
So you can either use some other websites federation

00:33:36.930 --> 00:33:41.130
or your office domain login, using which you can log on

00:33:41.130 --> 00:33:44.310
to Kubernetes without having an account in Kubernetes.

00:33:45.690 --> 00:33:47.310
That is what SSO is talking about.

00:33:48.330 --> 00:33:50.830
So in this example, if you want to do this,

00:33:51.150 --> 00:33:55.170
you need to have a connection like OpenID or OAuth.

00:33:55.210 --> 00:33:57.270
These must be configured and on premises.

00:33:58.730 --> 00:34:01.630
And these are providers who help for SSO.

00:34:02.750 --> 00:34:06.570
Once these are configured and you would get a URL

00:34:06.570 --> 00:34:08.110
provided by your administrator.

00:34:09.190 --> 00:34:11.650
You log in to your identity protocol.

00:34:11.830 --> 00:34:13.290
It means you log into your domain,

00:34:13.290 --> 00:34:16.290
which will hit your AD or LDAP domain.

00:34:17.350 --> 00:34:20.610
Once you log in, you get authenticated your office domain.

00:34:21.950 --> 00:34:24.290
On the other side, the OpenNorth Connect,

00:34:24.410 --> 00:34:26.170
it'll understand that you're authenticated.

00:34:26.270 --> 00:34:28.150
That will help you to go to the other end

00:34:28.150 --> 00:34:31.810
and gives you a token, which is JSON Web Token.

00:34:33.110 --> 00:34:35.330
And the token will have some duration.

00:34:35.770 --> 00:34:37.630
During that, you'll have some permissions

00:34:37.630 --> 00:34:39.210
to do some work in your Kubernetes.

00:34:40.550 --> 00:34:42.890
So the token would have permissions, the time duration.

00:34:43.290 --> 00:34:45.670
Using which you can start doing the work there.

00:34:45.950 --> 00:34:47.930
So part API, they communicate.

00:34:48.210 --> 00:34:49.690
All these will happen during that time

00:34:49.690 --> 00:34:52.070
and you get access to do the work.

00:34:52.810 --> 00:34:55.510
So log in, you get authenticated.

00:34:56.690 --> 00:34:58.330
The OpenID or OAuth will help you

00:34:58.330 --> 00:34:59.650
to generate a token in the backend.

00:35:00.430 --> 00:35:02.110
And then you can start doing the work

00:35:02.110 --> 00:35:03.810
based on the access given for you.

00:35:04.570 --> 00:35:08.510
So this is how we can restrict for users

00:35:08.510 --> 00:35:10.970
with outside or temporary access

00:35:10.970 --> 00:35:14.630
or even for applications, we can give this access.

00:35:15.290 --> 00:35:16.930
This is what is called as access.

00:35:16.990 --> 00:35:17.970
So you want to configure this,

00:35:18.030 --> 00:35:20.390
we're going to configure all these

00:35:20.390 --> 00:35:22.570
and then we provide access.

00:35:24.810 --> 00:35:26.770
So like this, we provide different mechanism

00:35:26.770 --> 00:35:28.230
for authentication.

00:35:29.150 --> 00:35:33.210
Now, once they are in, what they can do,

00:35:33.690 --> 00:35:35.330
that is called as authorization.

00:35:36.770 --> 00:35:38.910
Authorization means what the users can do,

00:35:38.950 --> 00:35:40.090
what the groups can do,

00:35:40.090 --> 00:35:41.990
what the service accounts can do,

00:35:42.170 --> 00:35:44.950
to what read, write and all.

00:35:45.750 --> 00:35:49.350
So example, we can define permissions for users.

00:35:50.530 --> 00:35:52.730
We can define permissions for groups.

00:35:53.850 --> 00:35:56.110
We can define which level they can go

00:35:56.110 --> 00:35:57.330
under which API resource.

00:35:58.370 --> 00:36:00.430
The permissions are get, list, create.

00:36:00.710 --> 00:36:02.130
Get and list are very, very minimal.

00:36:03.690 --> 00:36:06.510
Create, update, patch, watch, delete.

00:36:07.830 --> 00:36:09.090
You can mention which resource.

00:36:10.090 --> 00:36:13.210
And this sub resource, which namespace

00:36:13.210 --> 00:36:15.170
and which group they belong to.

00:36:15.590 --> 00:36:18.530
And you can use your API.

00:36:18.690 --> 00:36:21.190
If you're a developer, you can use API methods

00:36:21.190 --> 00:36:24.130
like put, get, host methods.

00:36:24.310 --> 00:36:26.590
Now, in here, we have different option again,

00:36:26.610 --> 00:36:27.390
always allow.

00:36:27.850 --> 00:36:29.750
It means complete open access.

00:36:31.270 --> 00:36:34.070
We also have always deny, complete deny access.

00:36:34.170 --> 00:36:36.590
And we have a method called as attribute control.

00:36:36.850 --> 00:36:39.890
Attribute base is wherein a single policy

00:36:39.890 --> 00:36:43.430
will have the permissions as well as the users

00:36:43.430 --> 00:36:45.070
and the group in a single policy.

00:36:46.750 --> 00:36:49.650
So example, this is your ABAC permissions.

00:36:49.830 --> 00:36:50.230
Alice.

00:36:50.910 --> 00:36:52.750
So giving access, Alice permission

00:36:52.750 --> 00:36:53.790
for doing the work.

00:36:53.970 --> 00:36:55.610
So do anything to all resources.

00:36:55.770 --> 00:36:56.930
We can complete access.

00:36:57.330 --> 00:37:00.270
So API version, ABAC, time policy,

00:37:00.610 --> 00:37:04.930
specification user, Alice to all and resources.

00:37:05.970 --> 00:37:08.150
So you're mixing both the permission

00:37:08.150 --> 00:37:11.170
and the user the same, which is not good.

00:37:11.350 --> 00:37:13.450
It's always good practice to separate the users,

00:37:13.570 --> 00:37:14.590
groups, and the policies.

00:37:15.730 --> 00:37:17.450
They can define for a cubelet, for example,

00:37:17.650 --> 00:37:21.010
for parts you're giving that they can do only read one lead.

00:37:22.510 --> 00:37:24.230
Now, cubelet want to give access.

00:37:24.310 --> 00:37:28.030
You say kind, policy, specification, users, cubelet,

00:37:28.430 --> 00:37:30.930
namespace, all namespaces, resource, events.

00:37:32.030 --> 00:37:33.830
So we are not separating these.

00:37:35.170 --> 00:37:39.910
So we want to have a better use case of how you manage it.

00:37:40.070 --> 00:37:43.690
That is where we use something called as a role-based access

00:37:43.690 --> 00:37:45.970
control, which is more preferred.

00:37:47.850 --> 00:37:49.470
So role-based access means example,

00:37:49.570 --> 00:37:51.950
you're a developer, you need to get only very minimal

00:37:51.950 --> 00:37:54.650
access, especially back ends.

00:37:55.210 --> 00:37:56.830
The administrative want to give full access.

00:37:57.690 --> 00:38:00.510
That is called as a roles and role bindings.

00:38:01.090 --> 00:38:04.890
So roles is a set of permissions,

00:38:06.250 --> 00:38:07.950
which is for a specific namespace.

00:38:09.510 --> 00:38:11.690
Cluster role is for the complete cluster.

00:38:13.950 --> 00:38:17.390
So the administrator will first create permissions like this.

00:38:17.810 --> 00:38:20.610
Roles, they want to give a read access.

00:38:20.930 --> 00:38:24.450
They define which level, API group, parts, get watch and list.

00:38:24.830 --> 00:38:27.930
So like this, they create different permissions

00:38:27.930 --> 00:38:30.490
for different namespaces.

00:38:31.310 --> 00:38:36.190
And then they bind this to a user or a group or a service account.

00:38:37.790 --> 00:38:39.130
Now for cluster roles, for example,

00:38:39.230 --> 00:38:42.130
you see that it doesn't have a namespace.

00:38:42.710 --> 00:38:44.130
This is for the complete cluster.

00:38:45.190 --> 00:38:46.750
So we can define for secrets.

00:38:48.270 --> 00:38:49.190
So they were on the same level.

00:38:50.210 --> 00:38:53.190
So now if you want to bind this, you have to bind it

00:38:53.190 --> 00:38:57.350
and say that role binding and kind could be user

00:38:57.350 --> 00:39:00.110
or a group or a service account you mentioned.

00:39:00.730 --> 00:39:03.930
And you mentioned the role and a role reference.

00:39:06.110 --> 00:39:09.570
So they get the access was defined in this particular role name.

00:39:10.170 --> 00:39:12.430
So the user Jane, we're going to read access.

00:39:12.490 --> 00:39:14.890
We can do the same for cluster roles in which you can mention.

00:39:15.030 --> 00:39:15.850
So that's what I'm saying.

00:39:17.250 --> 00:39:18.310
We don't mention namespace.

00:39:18.370 --> 00:39:21.690
Like this, we can define for multiple resources.

00:39:22.010 --> 00:39:24.350
Example, I can restrict to what level they can go.

00:39:24.370 --> 00:39:26.570
You can define it for config maps, for example.

00:39:26.630 --> 00:39:29.550
This complete domain, you can give access cluster roles.

00:39:30.190 --> 00:39:33.010
So now all these are on the same level in API.

00:39:33.450 --> 00:39:37.110
So I can mix one permission with all of these.

00:39:37.270 --> 00:39:40.690
All these are examples using which you can create roles

00:39:41.470 --> 00:39:43.190
and then bind with your backends.

00:39:43.350 --> 00:39:44.170
Are we good, everyone?

00:39:46.010 --> 00:39:47.210
What is authentication?

00:39:48.370 --> 00:39:49.750
What is authorization?

00:39:50.810 --> 00:39:53.430
And what are roles and role bindings?

00:39:54.450 --> 00:39:58.830
So role, bind it to users or to a group

00:39:58.830 --> 00:40:01.590
or service account, just through a namespace.

00:40:02.950 --> 00:40:05.730
Threshold binding is for across the cluster

00:40:05.730 --> 00:40:09.250
for users, service accounts and groups.

00:40:09.450 --> 00:40:10.030
Are we good?

00:40:12.330 --> 00:40:14.970
Okay, now by doing this,

00:40:15.130 --> 00:40:18.570
you need to assign certificate for the users or the groups.

00:40:18.690 --> 00:40:20.730
So you need to use certificates.

00:40:21.070 --> 00:40:22.790
Either you can use a third party certificate

00:40:23.430 --> 00:40:25.290
and the users logs in.

00:40:25.290 --> 00:40:26.610
They can authenticate in the backend.

00:40:26.910 --> 00:40:31.490
They exchange the keys, public and private keys

00:40:32.450 --> 00:40:34.910
and any communication between user and this.

00:40:34.950 --> 00:40:36.470
So you have to create a certificate

00:40:37.110 --> 00:40:40.510
and you have to bind the certificate to the user.

00:40:43.350 --> 00:40:44.130
So you get certificate

00:40:44.130 --> 00:40:47.230
and you have to bind the certificate to the user.

00:40:48.970 --> 00:40:51.770
And now when the user tried to access from the laptop,

00:40:52.530 --> 00:40:54.810
the traffic to other side goes in,

00:40:55.050 --> 00:40:56.930
it'll understand that the secure user

00:40:57.950 --> 00:41:00.490
and they allow communication between them.

00:41:01.950 --> 00:41:03.250
So client sent, hello.

00:41:04.270 --> 00:41:05.210
And this will confirm.

00:41:07.110 --> 00:41:09.210
They have the proper keys, private and all.

00:41:09.610 --> 00:41:10.770
And then they communicate.

00:41:12.730 --> 00:41:14.590
If you have own data certificate,

00:41:14.730 --> 00:41:16.030
you have to download those tools.

00:41:16.650 --> 00:41:20.890
You have to ask for that I need a certificate request.

00:41:22.270 --> 00:41:23.930
The certificate to approve it.

00:41:25.550 --> 00:41:27.690
And then once approved, you have a duration.

00:41:28.450 --> 00:41:30.010
You'd mentioned with the name,

00:41:30.510 --> 00:41:32.130
your company, the domain, everything.

00:41:32.210 --> 00:41:33.210
And then you download it.

00:41:34.330 --> 00:41:37.210
And then you start using it with the users,

00:41:37.790 --> 00:41:38.350
with the process.

00:41:38.410 --> 00:41:42.930
So for doing this, we have a policy,

00:41:43.370 --> 00:41:44.310
easier method to do it.

00:41:44.490 --> 00:41:45.670
We have open SSL.

00:41:46.150 --> 00:41:48.070
So open SSL is a free,

00:41:48.950 --> 00:41:52.770
but you can use it for playing around with certificates.

00:41:53.870 --> 00:41:58.330
So example, I first create a key, the key size.

00:41:59.350 --> 00:42:03.310
Using the key, we will create a certificate signing request.

00:42:05.110 --> 00:42:07.010
Then you want to approve it.

00:42:07.030 --> 00:42:09.090
So you say open SSL, X five zero nine,

00:42:09.270 --> 00:42:11.370
which is the certificate requirement.

00:42:11.810 --> 00:42:15.430
You mentioned this syntax and this is your certificate.

00:42:16.190 --> 00:42:16.770
There's a PKI.

00:42:16.770 --> 00:42:19.910
All these are the back end, what do you call it?

00:42:19.930 --> 00:42:21.330
Public key infrastructure we're talking about.

00:42:22.230 --> 00:42:23.050
And there's a certificate.

00:42:24.010 --> 00:42:25.170
And you mentioned the duration.

00:42:27.090 --> 00:42:30.430
And for doing this, it requires the details of your key also.

00:42:30.470 --> 00:42:34.990
So now once you did the certificate,

00:42:35.230 --> 00:42:37.430
you assign the certificate to the user.

00:42:38.110 --> 00:42:40.170
User one, client certificate.

00:42:40.250 --> 00:42:43.350
You mentioned the root is the one dot CRT.

00:42:43.390 --> 00:42:45.910
They look into where the certificate is and the key.

00:42:45.910 --> 00:42:48.850
So both the public certificate talking about

00:42:48.850 --> 00:42:50.630
and the public key, both must be there.

00:42:51.790 --> 00:42:54.410
Using this, the user's traffic will be encrypted.

00:42:55.530 --> 00:42:58.950
So now what we do is create a role, same what you saw.

00:43:00.230 --> 00:43:01.430
And create a role binding.

00:43:03.210 --> 00:43:05.150
So you can do, I have not mentioned here,

00:43:05.210 --> 00:43:06.730
how to do some step on this.

00:43:06.990 --> 00:43:09.150
So you want to say kubectl, apply.

00:43:09.290 --> 00:43:09.970
I think I missed it.

00:43:10.090 --> 00:43:13.010
Apply-role.yml.

00:43:13.130 --> 00:43:14.090
This step was missing.

00:43:15.150 --> 00:43:19.850
Then you say kubectl, get roles.

00:43:20.290 --> 00:43:20.890
Same, do the same.

00:43:21.850 --> 00:43:25.550
Do kubectl, describe the role.

00:43:25.650 --> 00:43:27.410
Name the role is what I can read.

00:43:28.850 --> 00:43:30.150
So now you have the roles.

00:43:30.830 --> 00:43:31.850
Now to bind it.

00:43:32.270 --> 00:43:35.790
So now you bind it by mentioning the user,

00:43:35.810 --> 00:43:36.970
what you created, user one.

00:43:37.830 --> 00:43:43.090
And say refer the particular user and apply it.

00:43:44.090 --> 00:43:46.070
So now the user will get an access.

00:43:46.710 --> 00:43:49.150
Now how can the administrator be very sure

00:43:49.150 --> 00:43:50.770
that they're given proper access?

00:43:51.930 --> 00:43:54.170
So we can use utility call as authcanine.

00:43:55.430 --> 00:43:56.910
So they can go ahead and test,

00:43:56.970 --> 00:43:59.210
authcanine get pods namespace user one.

00:44:00.210 --> 00:44:01.670
Yes, because they gave access.

00:44:02.530 --> 00:44:04.810
I will do delete now, it will be answer is no.

00:44:05.670 --> 00:44:07.630
So you can use different verbs

00:44:07.630 --> 00:44:09.630
or you can use different namespace

00:44:09.630 --> 00:44:11.670
or you can use different usernames.

00:44:12.390 --> 00:44:14.810
Whatever has been properly provided,

00:44:15.210 --> 00:44:16.250
only that would say yes.

00:44:16.310 --> 00:44:17.310
Others will be saying no.

00:44:17.950 --> 00:44:19.710
So this is how they can simulate

00:44:19.710 --> 00:44:22.790
the permissions before they want to give access.

00:44:23.410 --> 00:44:25.510
So once they simulate it, once they're confident,

00:44:26.010 --> 00:44:28.450
then they share these details to the users.

00:44:29.710 --> 00:44:30.830
This is how to do your roles.

00:44:31.390 --> 00:44:33.790
Similarly, we can create a cluster role

00:44:33.790 --> 00:44:36.470
in which we don't mention the namespace.

00:44:37.470 --> 00:44:38.510
The namespace is missing.

00:44:39.310 --> 00:44:42.930
And we can go ahead and create a similarly binding

00:44:42.930 --> 00:44:48.850
and then we bind the permissions and then bc test.

00:44:49.110 --> 00:44:49.890
Are we good everyone?

00:44:50.650 --> 00:44:52.590
Okay, let's do this lab now.

00:44:54.010 --> 00:44:55.190
So do the lab one.

00:45:15.210 --> 00:45:15.950
Copy and paste.

00:45:18.810 --> 00:45:21.690
And also, if you want, you can do a cat

00:45:21.690 --> 00:45:22.350
and see the keys.

00:45:23.790 --> 00:45:26.010
What I created, you can see this.

00:45:29.510 --> 00:45:30.690
For the default country and all,

00:45:30.770 --> 00:45:32.510
you can use default, just press enter.

00:45:34.370 --> 00:45:36.110
For the user key, we ask for anything,

00:45:36.690 --> 00:45:38.490
country name and all, just press enter or default.

00:45:38.510 --> 00:45:41.250
If you want, you can do it, but just doing default.

00:45:41.830 --> 00:45:44.510
Just press enter, enter, enter.

00:45:45.930 --> 00:45:46.910
All the default.

00:45:55.170 --> 00:45:57.110
Yeah, now do yourself.

00:45:57.250 --> 00:45:58.770
I'll give you an idea about how to do it.

00:45:58.890 --> 00:46:03.950
Any question you can ask me.

00:46:06.050 --> 00:46:06.930
Second chance.

00:46:07.050 --> 00:46:09.590
You're not copy the Amazon properly copied additional

00:46:09.590 --> 00:46:10.690
characters to the Amazon file.

00:46:10.690 --> 00:46:12.030
Can you open the Amazon file again?

00:46:12.170 --> 00:46:13.410
See those lines are not prepared.

00:46:13.410 --> 00:46:15.750
You see that you copied apply and those things.

00:46:16.230 --> 00:46:17.950
Yeah, do insert mode.

00:46:19.410 --> 00:46:21.470
I and do a bass bass remote.

00:46:21.590 --> 00:46:22.370
Press I first.

00:46:22.510 --> 00:46:23.810
Yeah, remove all the white ones.

00:46:24.110 --> 00:46:26.970
Yes, yes, yes.

00:46:27.150 --> 00:46:29.130
Now save it and proceed.

00:46:29.230 --> 00:46:30.370
Do apply a team.

00:46:30.510 --> 00:46:31.570
There are some commands missed.

00:46:31.630 --> 00:46:33.930
So do apply and miss that is not there.

00:46:33.930 --> 00:46:37.450
Apply of your roles describe and then proceed.

00:46:39.430 --> 00:46:41.630
Apply was not there after the yaml creation.

00:46:41.870 --> 00:46:47.510
Do apply get describe and then proceed.

00:46:48.290 --> 00:46:49.130
Did I play it?

00:46:49.750 --> 00:46:50.310
Sharks.

00:46:51.430 --> 00:46:52.310
Again, chat.

00:46:55.330 --> 00:46:56.730
For your role, you had to apply.

00:46:56.950 --> 00:46:57.710
The step was missing.

00:46:57.730 --> 00:46:58.390
Again, the chat.

00:47:08.570 --> 00:47:10.370
I'll read the lab once again.

00:47:10.370 --> 00:47:11.210
Who's talking now?

00:47:11.370 --> 00:47:12.030
Tell me, Charles.

00:47:12.190 --> 00:47:12.530
Is it out?

00:47:12.770 --> 00:47:13.210
Yes.

00:47:13.490 --> 00:47:14.070
Do a cat.

00:47:14.610 --> 00:47:16.350
Do a cat for this file.

00:47:17.070 --> 00:47:18.050
I think miss something.

00:47:19.290 --> 00:47:19.550
Enter.

00:47:22.350 --> 00:47:23.590
See what you have pasted.

00:47:24.410 --> 00:47:26.750
The first line API version missing is not there.

00:47:26.970 --> 00:47:27.650
I understand the mistake.

00:47:27.930 --> 00:47:31.470
The API version line is missing from the API version.

00:47:31.490 --> 00:47:32.170
Is it there?

00:47:34.330 --> 00:47:35.450
Yes, yes.

00:47:36.590 --> 00:47:38.050
So what you can do is remove this file.

00:47:38.050 --> 00:47:39.930
Do rm role binding dot yaml.

00:47:40.830 --> 00:47:43.150
Rm and space the file name.

00:47:44.610 --> 00:47:46.110
And again, create a new one.

00:47:47.850 --> 00:47:48.670
You can give any names.

00:47:51.070 --> 00:47:53.610
But the API version line was missing.

00:47:54.110 --> 00:47:55.090
It says the errors.

00:47:55.350 --> 00:47:56.990
It says version not set.

00:47:57.250 --> 00:47:57.650
Yeah, good.

00:47:58.190 --> 00:48:01.810
Now escape colon wq and run this file.

00:48:01.870 --> 00:48:02.190
Good.

00:48:02.190 --> 00:48:02.710
OK.

00:48:03.830 --> 00:48:07.630
Are this gene, geneway, are this ck, I have tested?

00:48:08.070 --> 00:48:08.330
Is it working?

00:48:12.690 --> 00:48:17.610
So you see that there are so many rules of cluster role

00:48:17.610 --> 00:48:18.750
to see it.

00:48:19.130 --> 00:48:22.290
Because every component, they communicate

00:48:23.230 --> 00:48:24.390
using these rules.

00:48:24.810 --> 00:48:26.730
So if we just re-describe cluster rules

00:48:26.730 --> 00:48:29.390
in your cube system, for example, you see lots of rules.

00:48:59.490 --> 00:48:59.690
OK.

00:48:59.730 --> 00:48:59.910
Yes, chance.

00:49:00.050 --> 00:49:00.350
Are you good?

00:49:00.930 --> 00:49:01.130
OK.

00:49:01.290 --> 00:49:01.330
OK.

00:49:01.330 --> 00:49:02.150
Are we good?

00:49:02.470 --> 00:49:02.710
Yeah.

00:49:03.470 --> 00:49:07.050
So this is how enterprises, they provide access

00:49:07.050 --> 00:49:08.290
for the users.

00:49:08.850 --> 00:49:11.410
We can move for groups or service accounts.

00:49:12.610 --> 00:49:15.130
We still have so much to want to get in.

00:49:15.130 --> 00:49:16.410
So much is there in Kubernetes.

00:49:17.030 --> 00:49:19.330
But you're trying to cover what is possible in the three

00:49:19.330 --> 00:49:19.730
days.

00:49:21.890 --> 00:49:22.230
OK.

00:49:22.230 --> 00:49:24.370
So now what we do is we'll take a break now.

00:49:24.950 --> 00:49:26.870
And after the break, we look into net.

00:49:26.870 --> 00:49:28.030
We still have some topics.

00:49:28.190 --> 00:49:29.190
We have network policies.

00:49:29.190 --> 00:49:32.330
And then you have ingress and ingress controller.

00:49:34.310 --> 00:49:34.650
Yeah.

00:49:34.850 --> 00:49:36.130
So I think time is right now.

00:49:36.130 --> 00:49:37.490
It is 3 PM approximately.

00:49:37.770 --> 00:49:37.870
Correct?

00:49:38.050 --> 00:49:38.950
We'll take a break.

00:49:39.810 --> 00:49:41.810
So break till 3.20 PM.

00:49:59.190 --> 00:50:00.010
So that's the moment.

00:50:46.670 --> 00:50:48.510
I am back.

00:50:49.610 --> 00:50:49.890
OK.

00:50:49.890 --> 00:50:50.730
Now let's continue.

00:50:51.630 --> 00:50:55.330
The next topic in security is network policy.

00:50:55.550 --> 00:50:56.890
What is network policy?

00:50:56.890 --> 00:51:01.610
For example, now you have a cluster.

00:51:02.950 --> 00:51:04.330
And let me go reverse.

00:51:06.310 --> 00:51:07.990
Use cases can access this link.

00:51:08.210 --> 00:51:09.770
So the user use cases are these.

00:51:10.850 --> 00:51:13.250
So we can click any other use case or this.

00:51:14.170 --> 00:51:17.130
So when you go down, so in my cluster,

00:51:17.870 --> 00:51:19.550
I have different parts.

00:51:20.570 --> 00:51:24.590
And I can say the parts to communicate or not to

00:51:24.590 --> 00:51:25.090
communicate.

00:51:25.090 --> 00:51:29.270
So for this example, I have a namespace is default

00:51:29.270 --> 00:51:31.290
and had namespace foo.

00:51:31.290 --> 00:51:33.250
This is foo namespace.

00:51:33.290 --> 00:51:34.090
I have a part.

00:51:34.650 --> 00:51:37.210
I have a part in default namespace.

00:51:38.490 --> 00:51:43.330
So now in here, you're saying that allow any traffic

00:51:43.330 --> 00:51:46.450
from here to here, but not the other way around.

00:51:46.610 --> 00:51:49.430
So this cannot communicate, but this can communicate.

00:51:50.410 --> 00:51:52.870
Similarly, this cannot communicate with this,

00:51:52.930 --> 00:51:54.510
but this can communicate with this.

00:51:54.510 --> 00:51:56.710
It's the colors, the end.

00:51:57.850 --> 00:51:59.410
So I want to do something like this.

00:52:00.050 --> 00:52:05.330
So you can do within a cluster or outside if you're

00:52:05.330 --> 00:52:08.150
having traffic or within your cluster.

00:52:08.630 --> 00:52:12.090
For all these use cases, if you want to allow

00:52:12.090 --> 00:52:15.650
the strict access, we define or do something

00:52:15.650 --> 00:52:17.030
called the network policies.

00:52:18.650 --> 00:52:22.650
Network policies are used to define deny traffic

00:52:22.650 --> 00:52:26.810
like these within a namespace across namespaces,

00:52:28.670 --> 00:52:30.250
which is the layer three and layer four.

00:52:32.390 --> 00:52:34.590
So you're talking about this one next.

00:52:36.610 --> 00:52:39.050
So network policies are all about how you can

00:52:39.050 --> 00:52:43.210
restrict access between the layer three and four,

00:52:43.970 --> 00:52:46.530
between the parts and within the parts

00:52:46.530 --> 00:52:47.590
or outside the world.

00:52:49.110 --> 00:52:52.630
And for doing this, we can use example like this.

00:52:53.810 --> 00:52:55.690
This has all the scenarios.

00:52:56.710 --> 00:52:58.850
So now in this scenario, you have network policies

00:52:59.730 --> 00:53:02.190
and you're defining the network policies

00:53:02.190 --> 00:53:05.870
for a part which has this role name.

00:53:06.690 --> 00:53:09.730
So any parts which has the label of this,

00:53:10.570 --> 00:53:12.190
we're defining policies for that.

00:53:13.310 --> 00:53:16.210
So defining what policy for that, both ingress means

00:53:16.210 --> 00:53:18.630
inbound and ingress means outbound.

00:53:18.830 --> 00:53:21.250
You mean what traffic can reach that it DB parts

00:53:21.250 --> 00:53:24.530
and what traffic can go out of these parts outside world.

00:53:26.110 --> 00:53:28.190
So ingress from, you're defining which range.

00:53:29.930 --> 00:53:34.170
And in this range, you can say that not to allow

00:53:34.170 --> 00:53:37.090
this particular range, like a sub-range.

00:53:38.830 --> 00:53:40.730
And in that IP range, you can say that

00:53:40.730 --> 00:53:42.550
which namespace that must come from,

00:53:43.390 --> 00:53:46.370
which parts names and from which port they can come in.

00:53:47.590 --> 00:53:49.630
Similarly, you can define where the traffic

00:53:49.630 --> 00:53:51.330
can go out from DB.

00:53:51.570 --> 00:53:55.510
It can go out to this IP range through this port.

00:53:56.650 --> 00:54:00.770
So like this, we can define multiple policies.

00:54:02.910 --> 00:54:06.910
Yeah, we're talking about specifications.

00:54:07.210 --> 00:54:08.710
We can use for selectors.

00:54:10.050 --> 00:54:12.350
You can use ingress, ingress.

00:54:12.410 --> 00:54:14.750
Ingress is what traffic is allowed to go out

00:54:14.750 --> 00:54:16.030
and I can see isolates.

00:54:17.650 --> 00:54:21.070
For this part in the default namespace,

00:54:21.730 --> 00:54:24.870
defining policy for both ingress and ingress.

00:54:25.990 --> 00:54:27.950
Ingress means what traffic is allowed,

00:54:28.050 --> 00:54:29.430
which namespace you're talking about.

00:54:30.070 --> 00:54:32.990
In that namespace, what is your labels must be the part.

00:54:33.810 --> 00:54:35.490
And they must be in the range of this

00:54:35.490 --> 00:54:36.570
because they're saying not this.

00:54:36.610 --> 00:54:38.650
So this is blocked here.

00:54:39.670 --> 00:54:40.970
In ingress, so like this,

00:54:41.130 --> 00:54:44.910
we can define options, labels, all these are examples.

00:54:44.910 --> 00:54:48.190
Default policies, this is going to deny completely.

00:54:48.710 --> 00:54:50.290
So you have a closed practice.

00:54:51.090 --> 00:54:53.530
It means no inbound traffic could be done.

00:54:53.570 --> 00:54:57.330
You can allow completely in which you will have an open basis.

00:54:58.510 --> 00:55:00.690
So any inbound traffic could be done

00:55:00.690 --> 00:55:02.450
through the existing which you allow.

00:55:03.930 --> 00:55:06.770
So they can say deny all traffic, close it.

00:55:07.910 --> 00:55:12.390
And you want to allow all traffic, you say make open basis.

00:55:13.490 --> 00:55:17.530
So all these are the default, either completely deny it or behind.

00:55:17.950 --> 00:55:20.390
So together we can also mix it like these rewrite policies.

00:55:22.090 --> 00:55:24.450
So this is uses in the backend talk for CNIs,

00:55:24.610 --> 00:55:28.970
the network like QProp3, the VNet, all these,

00:55:28.970 --> 00:55:33.030
they work together and allow the proper communicate to be done.

00:55:33.330 --> 00:55:34.410
So one more example.

00:55:35.190 --> 00:55:40.290
So defining for ingress policy for a part which has a label of DB.

00:55:40.290 --> 00:55:47.890
Now they can go to this network from the outbound port number is 3000.

00:55:48.170 --> 00:55:50.930
And where they can go, they can go to this port number on the other side.

00:55:50.990 --> 00:55:51.730
Are we good?

00:55:55.470 --> 00:55:57.210
In this hit, I think not the input number,

00:55:57.270 --> 00:55:59.610
I think talking about the range of port numbers.

00:56:00.890 --> 00:56:05.350
In this example, they're talking about between these port numbers, the start and end.

00:56:05.370 --> 00:56:08.070
Now let's do a small example for this.

00:56:08.710 --> 00:56:11.910
So that is good practice first to deny it and then we allow it.

00:56:13.070 --> 00:56:16.210
By default, the traffic is allowed completely.

00:56:17.770 --> 00:56:20.390
They can communicate in the namespace, they can communicate easily.

00:56:21.110 --> 00:56:22.550
So we'll deny it.

00:56:23.530 --> 00:56:26.690
Let's see the example of that.

00:56:26.930 --> 00:56:28.350
So this we're going to create a port.

00:56:29.710 --> 00:56:30.410
This is your backend.

00:56:31.910 --> 00:56:34.170
So I'm going to get a port with your service.

00:56:34.170 --> 00:56:38.850
So as I talked about, and you're going to create a frontend port and reach it.

00:56:39.810 --> 00:56:43.990
So what I'm saying here is you're trying to create a backend port first.

00:56:44.010 --> 00:56:45.330
This is your backend port.

00:56:46.470 --> 00:56:47.950
It could be like a database example.

00:56:48.790 --> 00:56:50.490
And you're mapping this to a service.

00:56:50.590 --> 00:56:53.210
As you learn more before that, it's not a good practice.

00:56:53.410 --> 00:56:54.530
I feel like my service.

00:56:55.690 --> 00:57:01.030
So now I want some other port to communicate to these.

00:57:01.030 --> 00:57:04.150
So you allow the communication in the service.

00:57:07.190 --> 00:57:08.870
That's what I'm doing.

00:57:09.770 --> 00:57:12.690
So trying to create a first backend port.

00:57:13.570 --> 00:57:17.090
The mapping and you're checking if they're able to reach for the service.

00:57:17.350 --> 00:57:18.210
That's your second step.

00:57:18.510 --> 00:57:22.970
Now what I'm trying to do is now you're trying to check whether you can reach.

00:57:23.070 --> 00:57:28.390
So now what you do is create a port and they try to reach the backend.

00:57:29.130 --> 00:57:30.590
You're in the service with IP.

00:57:31.970 --> 00:57:33.450
Some port, random port, able to reach.

00:57:33.490 --> 00:57:37.870
Because in default, in a namespace, all the ports can communicate to the backend.

00:57:37.950 --> 00:57:38.910
And good practice.

00:57:38.950 --> 00:57:39.890
So I won't deny it.

00:57:39.890 --> 00:57:43.190
So what I'm going to do is I'm going to deny policy, close, no open.

00:57:44.970 --> 00:57:48.550
Now I'll create again a test port and it tries to access the backend.

00:57:48.630 --> 00:57:50.050
It cannot because it denied it.

00:57:50.070 --> 00:57:52.030
But there was someone to communicate.

00:57:52.230 --> 00:57:53.650
So you need to allow someone to communicate.

00:57:53.750 --> 00:57:57.390
So what we now do is we modify the rule wherein I want some port to get

00:57:57.390 --> 00:57:58.450
a frontend port.

00:57:59.350 --> 00:58:01.310
So I'll modify that.

00:58:01.310 --> 00:58:08.430
Allow traffic from a port in the default namespace,

00:58:09.450 --> 00:58:10.990
which has the label as frontend.

00:58:10.990 --> 00:58:11.310
Apply.

00:58:11.410 --> 00:58:12.070
I confirm.

00:58:12.070 --> 00:58:12.870
I see the policy.

00:58:12.970 --> 00:58:14.490
Now what I do is I do a test.

00:58:14.710 --> 00:58:17.390
I create a port with the label name, frontend.

00:58:18.450 --> 00:58:22.750
And this rm high 5d means when you exit from the port,

00:58:23.630 --> 00:58:25.150
this test port will get deleted.

00:58:25.330 --> 00:58:26.450
That's the purpose of rm.

00:58:26.450 --> 00:58:31.610
We're going to create a port with this image, with this label.

00:58:32.430 --> 00:58:34.790
And once you come out of the port, the port will get deleted

00:58:34.790 --> 00:58:37.210
for testing because we don't want to do a manual.

00:58:37.730 --> 00:58:40.230
So now it will work because the label is matching.

00:58:41.850 --> 00:58:42.810
And you can see it.

00:58:43.750 --> 00:58:44.570
So you have to replace.

00:58:45.010 --> 00:58:45.950
These are the exact.

00:58:46.010 --> 00:58:47.210
You need to replace the service.

00:58:47.370 --> 00:58:52.510
Now we try to do a different one without a port label.

00:58:52.510 --> 00:58:57.150
It will not work because we're not defined the label.

00:58:57.690 --> 00:59:00.030
It has to match the frontend port label.

00:59:01.770 --> 00:59:04.210
This is how we can test it.

00:59:04.730 --> 00:59:08.990
So initially we are observing that with any port can communicate.

00:59:09.090 --> 00:59:10.550
Yes, they can communicate by default.

00:59:11.390 --> 00:59:12.610
Then you do a deny.

00:59:13.030 --> 00:59:15.490
They cannot communicate because denied it.

00:59:15.950 --> 00:59:20.130
Then you allow basic that they always allow the least privilege

00:59:20.130 --> 00:59:24.130
and able to see that the labels port is able to access it.

00:59:26.290 --> 00:59:26.850
Are we good?

00:59:29.630 --> 00:59:31.030
Yeah, let's start.

00:59:33.650 --> 00:59:45.470
So first step, delete any ports was created

00:59:46.790 --> 00:59:49.390
and observe the static IP and check to reach.

00:59:56.010 --> 01:00:00.330
So this is my static IP.

01:00:00.350 --> 01:00:01.390
It's getting created.

01:00:02.870 --> 01:00:06.750
This is your static IP.

01:00:07.170 --> 01:00:09.230
And this is my part.

01:00:21.990 --> 01:00:23.550
It's getting a part.

01:00:28.610 --> 01:00:30.050
The part created.

01:00:36.730 --> 01:00:37.750
Slow for me.

01:01:09.370 --> 01:01:11.410
Slow at your end.

01:01:11.590 --> 01:01:11.870
I will do it.

01:01:13.970 --> 01:01:15.070
Okay, let's proceed.

01:01:15.170 --> 01:01:16.490
You can proceed to the lab.

01:01:53.450 --> 01:01:53.890
Sorry.

01:01:55.330 --> 01:01:56.330
He's not getting it.

01:01:56.370 --> 01:01:57.650
Sorry, it's created now back.

01:01:58.390 --> 01:01:59.170
What's the doubt?

01:02:00.510 --> 01:02:01.250
Okay, same.

01:02:02.830 --> 01:02:04.310
Okay, delete it.

01:02:05.310 --> 01:02:06.210
June, I will do it.

01:02:06.210 --> 01:02:07.230
It's working for you.

01:02:07.410 --> 01:02:08.330
Same problem they're having.

01:02:08.610 --> 01:02:09.390
Why is that?

01:02:09.630 --> 01:02:10.570
Okay, let me check.

01:02:10.670 --> 01:02:11.710
I think the storage problem.

01:02:11.710 --> 01:02:12.430
Let me see.

01:02:27.990 --> 01:02:28.650
So.

01:02:28.790 --> 01:02:29.830
Create a normal part.

01:02:29.830 --> 01:02:33.530
Correct a normal part.

01:02:37.830 --> 01:02:38.390
What happens?

01:02:45.610 --> 01:02:50.850
It's working now.

01:02:54.890 --> 01:02:55.870
And do get parts.

01:02:56.090 --> 01:02:56.910
Okay, getting error, correct.

01:02:59.030 --> 01:03:00.050
Okay, not sure.

01:03:03.710 --> 01:03:04.970
Let me check the back-end team.

01:03:05.130 --> 01:03:07.030
Give me a minute.

01:03:08.390 --> 01:03:08.930
Hi, Raghav.

01:03:09.810 --> 01:03:10.250
Same.

01:03:10.690 --> 01:03:11.790
We're getting all of them.

01:03:11.830 --> 01:03:16.330
All of a sudden, we are getting some network issues and errors.

01:03:17.650 --> 01:03:18.250
All of a sudden.

01:03:19.210 --> 01:03:20.310
Yes, we're not able to create it.

01:03:20.310 --> 01:03:21.970
It is getting some error.

01:03:23.830 --> 01:03:24.750
Nobody is able to create.

01:03:24.750 --> 01:03:26.010
Yeah, yeah, at least.

01:03:33.930 --> 01:03:34.810
No problem.

01:03:34.970 --> 01:03:36.850
But why is it happening all of a sudden?

01:03:37.210 --> 01:03:38.470
See, till now 130 is good.

01:03:38.530 --> 01:03:40.210
Now all of a sudden, we're not able to create any part.

01:03:40.490 --> 01:03:40.970
Why is that?

01:03:42.310 --> 01:03:42.970
What can we do?

01:03:45.810 --> 01:03:47.990
Yeah, that's the photo of everyone.

01:03:48.370 --> 01:03:53.670
I can just send you the snapshot of the complete itself for everyone.

01:03:54.470 --> 01:04:02.350
So if I open any session of my user, let me show you the logs.

01:04:06.230 --> 01:04:09.410
Okay, this is what is happening.

01:04:09.590 --> 01:04:10.210
I send the logs.

01:04:10.650 --> 01:04:13.430
It's a common log for me and others also.

01:04:13.430 --> 01:04:20.710
So it is happening on the proxy error.

01:04:25.070 --> 01:04:26.110
We've met.

01:04:26.590 --> 01:04:26.710
No problem.

01:04:30.490 --> 01:04:31.630
Let me just check.

01:04:31.990 --> 01:04:33.610
Gene, is it the same still?

01:04:33.930 --> 01:04:34.790
Gene is working now.

01:04:44.670 --> 01:04:45.910
I did all the parts.

01:04:46.110 --> 01:04:46.830
Is that solution?

01:04:47.470 --> 01:04:48.030
Let's see.

01:04:58.770 --> 01:05:00.010
I want to have water in speak.

01:05:00.370 --> 01:05:00.930
Yeah, yeah, tell me.

01:05:01.090 --> 01:05:01.850
No, why is this happening?

01:05:02.390 --> 01:05:03.710
We should have some issues.

01:05:04.550 --> 01:05:05.870
We are having this all of a sudden.

01:05:07.710 --> 01:05:09.050
I'm not sure.

01:05:14.910 --> 01:05:18.490
Okay, one minute.

01:05:18.670 --> 01:05:19.550
Yes, Gene, does it work?

01:05:19.850 --> 01:05:20.170
Gene, does it work?

01:05:23.370 --> 01:05:25.210
Yeah, it didn't get you.

01:05:25.970 --> 01:05:26.910
So do a get pods.

01:05:27.070 --> 01:05:27.890
Do a get pods.

01:05:28.050 --> 01:05:28.950
Qt will get pods.

01:05:29.110 --> 01:05:29.330
Enter.

01:05:29.550 --> 01:05:30.510
Is it not going next comment?

01:05:31.670 --> 01:05:32.610
Yeah, it's got stuck.

01:05:33.170 --> 01:05:33.350
Okay.

01:05:33.350 --> 01:05:35.130
Can you do a service system CTL?

01:05:38.650 --> 01:05:42.470
System CTL, restart, space restart, QTL.

01:05:44.630 --> 01:05:46.790
Yeah, let's check for other same issue.

01:05:46.930 --> 01:05:48.870
Can you describe, okay, give me a minute.

01:05:48.950 --> 01:05:50.570
I'm taking the backend team, give me a minute.

01:05:52.730 --> 01:05:53.870
Yes, sorry, I got disconnected.

01:05:54.210 --> 01:05:55.570
Yeah, for everyone, automatically.

01:05:55.870 --> 01:05:56.150
I understand.

01:05:56.330 --> 01:05:57.390
Yeah, I do understand.

01:05:57.810 --> 01:06:00.650
See, it is not able to reach the network.

01:06:02.350 --> 01:06:05.110
So what is the reason I'm asking this?

01:06:05.110 --> 01:06:07.550
You said all the same, we increase the storage.

01:06:07.910 --> 01:06:08.090
It worked.

01:06:08.770 --> 01:06:09.730
So what is happening?

01:06:10.030 --> 01:06:10.150
I'm not.

01:06:10.310 --> 01:06:12.850
For example, if I don't mind, this thing will work.

01:06:12.910 --> 01:06:14.150
I'm not sure what to do now.

01:06:14.410 --> 01:06:15.390
See, I will use somewhere.

01:06:15.590 --> 01:06:17.230
See, there is something in the backend.

01:06:17.670 --> 01:06:19.770
See, example, if I'm using my own laptop,

01:06:19.910 --> 01:06:21.730
one account, it was fine.

01:06:22.010 --> 01:06:24.230
But when India buys ATVs more than enough current,

01:06:24.270 --> 01:06:26.170
why are we having the common storage we have right now?

01:06:26.310 --> 01:06:26.710
The backend.

01:06:28.530 --> 01:06:29.590
Now, it doesn't take so much.

01:06:29.730 --> 01:06:32.250
There is something somewhere we're putting a shared storage.

01:06:33.010 --> 01:06:35.330
We're using somewhere building a shared storage.

01:06:36.630 --> 01:06:38.510
Are we somewhere using a shared storage at the end of it?

01:06:38.830 --> 01:06:39.190
OK.

01:06:39.190 --> 01:06:39.750
So what to do?

01:06:39.870 --> 01:06:41.330
We have to consider what is the challenge now.

01:06:41.450 --> 01:06:43.390
So I can still do a restart.

01:06:43.550 --> 01:06:44.610
I can do all these things.

01:06:45.270 --> 01:06:48.510
But if we, for example, did this serve the error message?

01:06:52.630 --> 01:06:54.910
Did it serve the error message somewhere in the backend?

01:07:00.250 --> 01:07:03.930
So it means, so understand, so what could be the problem?

01:07:04.930 --> 01:07:07.710
It means some network coming in, correct?

01:07:12.310 --> 01:07:13.110
So what?

01:07:13.270 --> 01:07:13.670
Understand.

01:07:13.870 --> 01:07:14.730
So what is the solution now?

01:07:14.790 --> 01:07:15.750
So where is the mistake now?

01:07:16.050 --> 01:07:21.250
See, all of a sudden, this is going down.

01:07:21.470 --> 01:07:23.670
I'm not sure how is it going down.

01:07:24.330 --> 01:07:26.150
I'm checking the error message also.

01:07:27.910 --> 01:07:29.370
All of a sudden, it doesn't go like this.

01:07:29.410 --> 01:07:30.830
I'm quite surprised by what's happening.

01:07:31.030 --> 01:07:33.010
When I search this, I figure it out.

01:07:33.290 --> 01:07:35.350
OK, team, let's do something.

01:07:36.650 --> 01:07:38.710
So can you go and check the status of the pods, everyone?

01:07:38.750 --> 01:07:40.210
Let's do it like this.

01:07:40.730 --> 01:07:52.710
Let's go to K, get pods, all namespaces.

01:07:53.670 --> 01:07:55.110
Type in O and wide.

01:07:58.050 --> 01:08:01.490
So WeaveNet, can we add the WeaveNet again, everyone?

01:08:04.630 --> 01:08:05.650
Team, are you good?

01:08:07.170 --> 01:08:08.130
Are you with me?

01:08:09.010 --> 01:08:10.830
For some reason, the WeaveNet is gone.

01:08:10.830 --> 01:08:11.770
You see this?

01:08:12.830 --> 01:08:15.190
OK, animal proxy is gone.

01:08:18.070 --> 01:08:20.850
That reason, you see a key proxy, both are gone.

01:08:23.030 --> 01:08:24.070
Why is that?

01:08:24.370 --> 01:08:25.110
I'm thinking, OK.

01:08:25.430 --> 01:08:32.670
So to resolve it, what we'll do is let's do a kubeadm, OK?

01:08:33.250 --> 01:08:36.270
Reset hyphen force, OK?

01:08:36.270 --> 01:08:40.570
Let me just resolve it, and I'm

01:08:40.570 --> 01:08:42.750
going to do a kubeadm space in it.

01:09:07.090 --> 01:09:12.130
Yeah, do the same, and I'm now going to do the next step.

01:09:18.490 --> 01:09:19.890
OK.

01:09:23.050 --> 01:09:23.350
Rest.

01:09:25.970 --> 01:09:26.430
Yes.

01:09:43.190 --> 01:09:53.530
OK, let's see kubectl, OK?

01:10:00.210 --> 01:10:02.010
OK, this is coming up.

01:10:03.210 --> 01:10:04.350
Can you do the same, everyone?

01:10:08.010 --> 01:10:08.670
Yeah, reset.

01:10:09.870 --> 01:10:11.910
Sorry, you're going to come and reset?

01:10:14.590 --> 01:10:15.470
Yeah, do a init.

01:10:16.990 --> 01:10:17.790
Do a init.

01:10:19.430 --> 01:10:26.470
So do a reset on all the nodes and then join the token.

01:10:32.510 --> 01:10:33.810
Is this working for you?

01:10:35.010 --> 01:10:35.830
OK, then good.

01:10:35.970 --> 01:10:36.790
Who's not working?

01:10:37.550 --> 01:10:38.210
Do a reset.

01:10:38.670 --> 01:10:44.670
And get in a new token and join that.

01:10:49.090 --> 01:11:05.430
So I go to the master, get the token, run the token.

01:11:22.810 --> 01:11:25.070
And the token, paste it.

01:11:27.730 --> 01:11:31.550
OK, do the same for other node also.

01:11:36.350 --> 01:11:37.750
OK.

01:11:39.750 --> 01:11:40.550
OK.

01:11:40.550 --> 01:11:41.570
And next.

01:11:58.270 --> 01:11:59.130
OK, all good now.

01:11:59.930 --> 01:12:01.810
So now shut the lab.

01:12:02.950 --> 01:12:03.370
Let's see.

01:12:03.530 --> 01:12:07.530
Let me do this first.

01:12:14.910 --> 01:12:15.010
OK.

01:12:24.710 --> 01:12:25.430
Yeah, all good.

01:12:25.610 --> 01:12:26.430
Yes, Gene, all good.

01:12:26.430 --> 01:12:31.230
Others, do a reset and join and continue.

01:12:33.250 --> 01:12:35.130
After joining in, are you able to get a part?

01:12:35.370 --> 01:12:39.850
After you do a reset, do a get nodes and check if everything is ready.

01:12:40.450 --> 01:12:42.850
And see all the parts, props, everything is ready.

01:12:44.070 --> 01:12:45.270
Let me check for you.

01:12:45.650 --> 01:12:47.530
Did you do a reset on worker one, worker two also?

01:12:47.710 --> 01:12:48.610
No, no, do a get nodes.

01:12:48.930 --> 01:12:50.230
No, no, no.

01:12:50.390 --> 01:12:50.910
Just nodes.

01:12:50.950 --> 01:12:51.710
No, they're not joined.

01:12:51.830 --> 01:12:52.630
Not out of the network.

01:12:53.010 --> 01:12:54.090
Apply hyphen f.

01:12:54.530 --> 01:12:55.410
One command is there, correct?

01:12:56.130 --> 01:13:00.690
Did you run those three commands of kubelet, kubectl?

01:13:02.510 --> 01:13:03.810
Are you understanding?

01:13:04.710 --> 01:13:05.470
No, no, not these.

01:13:05.630 --> 01:13:08.090
The mkdir, I'll give you those.

01:13:09.250 --> 01:13:12.430
So run these three commands.

01:13:13.550 --> 01:13:13.910
Understood?

01:13:14.110 --> 01:13:15.070
I'm giving the list here.

01:13:15.770 --> 01:13:18.130
So run these three commands at once.

01:13:18.270 --> 01:13:21.490
Run these three commands and then add the network.

01:13:21.490 --> 01:13:22.330
Network, apply.

01:13:22.430 --> 01:13:23.110
No, no, no.

01:13:24.650 --> 01:13:26.030
You're not copying properly.

01:13:26.290 --> 01:13:27.670
Run each command properly, please.

01:13:28.550 --> 01:13:29.490
Run each command properly.

01:13:29.610 --> 01:13:30.450
You're not running the command properly.

01:13:30.570 --> 01:13:32.050
Run the mkdir first.

01:13:32.350 --> 01:13:33.230
Run each one completely.

01:13:33.470 --> 01:13:33.850
Enter.

01:13:34.430 --> 01:13:34.650
Wait, wait.

01:13:34.790 --> 01:13:36.030
Choose yes, wine.

01:13:36.670 --> 01:13:37.290
Choose wine.

01:13:37.950 --> 01:13:38.910
Yeah, run the next.

01:13:39.690 --> 01:13:41.530
Now run the next command we've given you.

01:13:41.530 --> 01:13:42.510
Apply command.

01:13:43.070 --> 01:13:43.530
The chat.

01:13:43.650 --> 01:13:43.770
Enter.

01:13:43.990 --> 01:13:44.250
Yes.

01:13:44.830 --> 01:13:47.110
Now, now type in kubectl get nodes.

01:13:47.470 --> 01:13:48.530
Get it assigned.

01:13:48.850 --> 01:13:49.410
I think, yeah.

01:13:49.790 --> 01:13:50.310
Net nodes.

01:13:51.350 --> 01:13:51.890
Yeah, do it.

01:13:52.590 --> 01:13:53.330
Type in yes.

01:13:55.450 --> 01:13:56.790
Enter, enter, enter, enter.

01:13:56.890 --> 01:13:57.250
First enter.

01:13:58.470 --> 01:13:58.850
Fine.

01:13:59.630 --> 01:14:00.810
Now kubectl get nodes.

01:14:01.450 --> 01:14:02.490
kubectl get pods.

01:14:02.570 --> 01:14:14.490
k get pods hyphen hyphen hyphen hyphen all hyphen main spaces space space hyphen o

01:14:14.490 --> 01:14:15.130
space wide.

01:14:15.730 --> 01:14:16.150
Yeah, enter.

01:14:16.310 --> 01:14:17.070
Yeah, all are good now.

01:14:17.250 --> 01:14:17.470
Proceed.

01:14:18.070 --> 01:14:19.510
Others, others, they will do it.

01:14:19.510 --> 01:14:20.510
Who's done with the lab?

01:14:20.510 --> 01:14:21.210
You're done.

01:14:21.210 --> 01:14:22.050
So I didn't get you.

01:14:22.090 --> 01:14:24.110
Yeah, do a restart of this one.

01:14:25.450 --> 01:14:25.850
Initialize.

01:14:26.470 --> 01:14:26.730
Okay.

01:14:26.950 --> 01:14:28.230
Gene, are you able to proceed now?

01:14:28.310 --> 01:14:28.730
Is it working?

01:14:29.570 --> 01:14:29.870
The pod?

01:14:30.150 --> 01:14:31.250
Okay, please do the lab now.

01:14:31.710 --> 01:14:32.650
Yes, Charles, what's happening?

01:14:35.090 --> 01:14:37.630
See, one second, one second, one second.

01:14:37.770 --> 01:14:38.730
You're not doing the step properly.

01:14:38.850 --> 01:14:40.650
Can you again copy those three commands?

01:14:41.210 --> 01:14:43.610
The mkdir, the three commands, not all the four.

01:14:43.870 --> 01:14:44.590
The first three, mkdir.

01:14:46.410 --> 01:14:47.290
Paste the three commands.

01:14:47.470 --> 01:14:47.710
Yes.

01:14:47.850 --> 01:14:47.910
Wait.

01:14:48.310 --> 01:14:48.810
Don't do anything.

01:14:49.010 --> 01:14:50.310
This will be a minute.

01:14:50.310 --> 01:14:50.790
Choose why.

01:14:51.830 --> 01:14:52.690
So you have to wait.

01:14:53.570 --> 01:14:54.730
You have to wait for response.

01:14:54.890 --> 01:14:55.190
Choose why.

01:14:56.630 --> 01:14:57.090
Press enter.

01:14:57.170 --> 01:14:58.610
Now copy the apply command.

01:15:00.110 --> 01:15:01.530
So for every command, you have to wait.

01:15:02.790 --> 01:15:03.590
Yes, enter.

01:15:04.890 --> 01:15:06.410
Now do ClueCTL get nodes.

01:15:06.610 --> 01:15:07.610
ClueCTL get nodes.

01:15:09.070 --> 01:15:12.070
So did you run on the other worker also?

01:15:13.930 --> 01:15:14.410
That's fine.

01:15:14.450 --> 01:15:14.810
That's fine.

01:15:14.890 --> 01:15:15.390
Just proceed.

01:15:15.570 --> 01:15:16.090
Do this one.

01:15:16.290 --> 01:15:16.490
That's fine.

01:15:16.530 --> 01:15:17.450
Just proceed on this.

01:15:17.750 --> 01:15:18.150
Proceed.

01:15:18.330 --> 01:15:18.750
Do next step.

01:15:18.750 --> 01:15:19.950
Do next step.

01:15:19.970 --> 01:15:20.330
Part.

01:15:26.710 --> 01:15:32.690
So now you have to exactly copy the direct command and replace that with your service IP.

01:15:35.850 --> 01:15:37.630
So you have the service IP.

01:15:37.990 --> 01:15:42.690
Replace service with IP what you have so that you don't make a mistake.

01:15:42.970 --> 01:15:47.550
So you want to copy that command to a node path.

01:15:48.330 --> 01:15:50.510
Copy this to a node path from wget.

01:15:50.510 --> 01:15:51.150
Copy this.

01:15:52.530 --> 01:15:54.410
And replace the service with IP.

01:15:54.570 --> 01:15:57.530
One with this IP with yours.

01:15:59.230 --> 01:16:01.090
So example like this.

01:16:01.270 --> 01:16:01.970
This is my IP.

01:16:02.050 --> 01:16:03.190
I have to copy this.

01:16:06.010 --> 01:16:07.310
And do that.

01:16:07.330 --> 01:16:10.290
Have a separate because every time they're really difficult for copy and paste.

01:16:11.090 --> 01:16:12.550
So be careful.

01:16:14.310 --> 01:16:16.370
1097.118.12.

01:16:19.490 --> 01:16:23.730
And replace that where in wget replace with that where you don't have confusion data.

01:16:23.790 --> 01:16:25.050
And proceed.

01:16:35.730 --> 01:16:36.870
It's working.

01:16:37.550 --> 01:16:39.650
So now we'll deny it.

01:17:07.090 --> 01:17:09.010
Then create one more test pod.

01:17:37.570 --> 01:17:37.890
Okay.

01:17:37.890 --> 01:17:39.990
Are they doing good, Charles?

01:17:40.430 --> 01:17:42.370
Gene, everyone is working fine.

01:17:42.930 --> 01:17:43.670
You see that?

01:17:44.610 --> 01:17:45.370
Yeah, do slowly.

01:17:45.510 --> 01:17:45.890
It'll work.

01:17:46.210 --> 01:17:48.690
Either you can copy and paste or up to you.

01:17:50.350 --> 01:17:52.710
I think if you copy a notepad and paste it,

01:17:52.710 --> 01:17:53.970
Gene, it'll be quite difficult.

01:17:54.130 --> 01:17:54.750
Don't do this.

01:17:56.830 --> 01:18:02.310
Copy the complete line itself to a notepad, the wget line.

01:18:02.510 --> 01:18:05.410
So for example, this is my wget line.

01:18:06.210 --> 01:18:08.890
And update it inside this itself.

01:18:11.270 --> 01:18:13.010
Update, copy and paste.

01:18:13.490 --> 01:18:13.930
Yeah, yeah.

01:18:14.150 --> 01:18:16.510
Copy the notepad, update the document itself

01:18:16.510 --> 01:18:19.690
so that every time you don't do what you do, Charles.

01:18:21.710 --> 01:18:23.550
It's NET QOL.

01:18:23.930 --> 01:18:26.210
It's a single O, not two O. And you're

01:18:26.210 --> 01:18:28.410
re-scrolling a space, additional space

01:18:28.410 --> 01:18:33.190
is there after F and N. Yeah.

01:18:37.530 --> 01:18:37.970
Proceed.

01:18:39.910 --> 01:18:40.630
Are we good?

01:18:41.110 --> 01:18:41.270
OK.

01:18:41.270 --> 01:18:43.810
You can do the next lab, egress,

01:18:44.130 --> 01:18:49.170
in which how you can disallow the traffic to outbound.

01:18:50.830 --> 01:18:52.630
They cannot access the internet in the next lab,

01:18:52.790 --> 01:18:53.370
the egress lab.

01:18:53.490 --> 01:18:53.830
They're good.

01:18:53.850 --> 01:18:54.710
It's working now.

01:18:55.010 --> 01:18:55.210
OK.

01:18:55.210 --> 01:18:55.930
Gene, what's the doubt?

01:18:55.970 --> 01:18:56.430
They're good?

01:18:57.490 --> 01:18:58.290
Yeah, it's good.

01:18:58.370 --> 01:18:59.330
It means it doesn't work.

01:18:59.790 --> 01:19:00.190
OK.

01:19:00.230 --> 01:19:00.770
What's the next step?

01:19:00.810 --> 01:19:01.490
All steps done?

01:19:02.150 --> 01:19:02.790
Oh, you're good.

01:19:03.330 --> 01:19:03.590
Yeah.

01:19:03.590 --> 01:19:05.530
So it means that your lab is good.

01:19:06.950 --> 01:19:07.270
Fine.

01:19:07.330 --> 01:19:07.890
Good.

01:19:08.490 --> 01:19:12.270
So the next lab, OK, you can do yourself also.

01:19:13.050 --> 01:19:13.270
Outbound.

01:19:13.710 --> 01:19:17.530
So you are blocking outbound traffic.

01:19:18.230 --> 01:19:19.070
No outbound traffic.

01:19:19.210 --> 01:19:25.290
You're creating a pod and then defining a policy

01:19:25.290 --> 01:19:27.150
denying the outbound.

01:19:28.370 --> 01:19:32.990
So when you log into the pod and try to access any website,

01:19:32.990 --> 01:19:38.110
they cannot access it because it is blocked.

01:19:38.910 --> 01:19:42.370
Either you can refer that your service name using your name,

01:19:42.610 --> 01:19:45.930
like a web, or you can also refer using your IP.

01:19:46.130 --> 01:19:47.230
Both the names we can use.

01:19:47.290 --> 01:19:50.810
For services, either we can use a name

01:19:51.990 --> 01:19:55.790
or we can also refer it using your service IP.

01:19:56.170 --> 01:19:57.570
We're trying to use your web IP.

01:19:57.770 --> 01:19:58.410
Yeah, please go ahead.

01:19:58.630 --> 01:19:59.030
Step three.

01:20:01.910 --> 01:20:03.470
I'm back at blocking, Charles.

01:20:03.590 --> 01:20:04.570
You're able to understand the lab?

01:20:04.710 --> 01:20:05.150
OK.

01:20:05.210 --> 01:20:05.650
OK.

01:20:06.070 --> 01:20:08.010
So you're modifying one of the outbound rules,

01:20:08.190 --> 01:20:09.390
not the inbound rules.

01:20:10.870 --> 01:20:11.730
That's what it thinks.

01:20:12.230 --> 01:20:13.830
So now try to log into the pod

01:20:13.830 --> 01:20:17.530
and try to access any website or access to the lab.

01:20:18.530 --> 01:20:20.950
You cannot because your outbound is blocked.

01:20:22.050 --> 01:20:22.190
Yes.

01:20:22.270 --> 01:20:22.710
Are we good?

01:20:23.030 --> 01:20:24.130
Dean, does it work for you?

01:20:24.350 --> 01:20:24.790
OK.

01:20:25.710 --> 01:20:26.050
Junvi?

01:20:26.170 --> 01:20:26.650
OK, team.

01:20:27.190 --> 01:20:29.010
So this is how you can log into the pod.

01:20:29.590 --> 01:20:30.890
We could work.

01:20:31.090 --> 01:20:31.670
So hope you got.

01:20:31.850 --> 01:20:33.970
We learned both about inbound and outbound.

01:20:34.250 --> 01:20:34.290
Correct?

01:20:34.610 --> 01:20:34.850
OK.

01:20:35.630 --> 01:20:36.230
Charles, are we good?

01:20:36.250 --> 01:20:36.490
OK.

01:20:36.890 --> 01:20:37.550
OK, do that.

01:20:37.610 --> 01:20:38.090
Let's wait.

01:20:38.250 --> 01:20:38.870
Can you finish?

01:20:39.110 --> 01:20:39.850
And then let's proceed.

01:20:40.470 --> 01:20:41.750
Do a test of the outbound.

01:20:41.810 --> 01:20:44.330
Now, we're not doing that for testing.

01:20:44.790 --> 01:20:46.130
We're trying to reach a website.

01:20:47.690 --> 01:20:48.290
That's fine.

01:20:48.470 --> 01:20:48.930
That's fine.

01:20:49.070 --> 01:20:49.370
OK.

01:20:49.790 --> 01:20:50.490
It's getting a web.

01:20:52.390 --> 01:20:53.670
We're not doing that.

01:20:54.090 --> 01:20:54.670
Use the apparel.

01:20:54.770 --> 01:20:55.610
Use the apparel.

01:20:55.810 --> 01:20:58.410
And after you have to use a port 80, it's fine.

01:20:58.410 --> 01:20:59.310
Use web.

01:20:59.310 --> 01:20:59.870
Use web.

01:21:00.030 --> 01:21:00.430
Give web.

01:21:00.550 --> 01:21:01.190
Name as web.

01:21:01.390 --> 01:21:02.530
Remove the IP.

01:21:02.850 --> 01:21:03.310
Put as web.

01:21:03.850 --> 01:21:05.810
And colon 80 for slash.

01:21:06.330 --> 01:21:06.930
Yes, yeah.

01:21:07.330 --> 01:21:07.510
Enter.

01:21:07.790 --> 01:21:07.890
Press enter.

01:21:07.910 --> 01:21:09.730
So it will not understand 80.

01:21:10.950 --> 01:21:13.470
It's going to give a message that it cannot understand 80

01:21:13.470 --> 01:21:15.530
because it's not going to port number 80.

01:21:15.630 --> 01:21:16.070
That's it.

01:21:16.150 --> 01:21:17.430
It means it's not going out.

01:21:17.570 --> 01:21:17.750
Understood?

01:21:17.850 --> 01:21:18.890
Thank you.

01:21:19.150 --> 01:21:19.530
OK.

01:21:20.730 --> 01:21:23.150
This is about your networking security.

01:21:23.330 --> 01:21:25.870
The last one, which is your ingress.

01:21:25.930 --> 01:21:26.970
Let me talk about this.

01:21:27.930 --> 01:21:29.470
Let's come back.

01:21:29.650 --> 01:21:31.090
This is the last topic.

01:21:32.130 --> 01:21:32.970
So how do you institute?

01:21:33.290 --> 01:21:35.050
We would use TLS.

01:21:36.970 --> 01:21:39.390
Control access or restrict access to a database.

01:21:41.070 --> 01:21:42.250
Enable audit logging.

01:21:43.250 --> 01:21:44.250
Rotate credentials.

01:21:45.070 --> 01:21:45.990
Encrypt data.

01:21:46.890 --> 01:21:49.910
And you want to get alerts and notification

01:21:49.910 --> 01:21:53.030
as soon as there are some vulnerabilities or incidents.

01:21:53.030 --> 01:21:56.390
This has the best practice to be followed.

01:21:58.190 --> 01:21:59.710
Now, what is ingress and ingress controller?

01:21:59.890 --> 01:22:01.570
Now, let me give an example.

01:22:01.770 --> 01:22:03.710
So have you all worked on load balancers before?

01:22:03.770 --> 01:22:05.070
Have you worked on load balancers?

01:22:05.250 --> 01:22:05.590
OK.

01:22:06.150 --> 01:22:07.630
Now, let me give an example.

01:22:08.490 --> 01:22:10.930
In Amazon, have you all worked on application load

01:22:10.930 --> 01:22:11.410
balancers?

01:22:11.610 --> 01:22:12.030
Everyone?

01:22:13.370 --> 01:22:13.930
Or any of you?

01:22:14.130 --> 01:22:18.210
This is Charles, ALB Charles, who said yes right now.

01:22:18.330 --> 01:22:20.370
Gene, have you worked on load balancer ALB?

01:22:20.890 --> 01:22:23.370
Let me give a small example of how it works.

01:22:23.910 --> 01:22:26.530
So now, for example, let's consider

01:22:26.530 --> 01:22:28.890
that we have a load balancer.

01:22:29.090 --> 01:22:31.510
And this load balancer is going

01:22:31.510 --> 01:22:33.470
to support different use cases.

01:22:33.530 --> 01:22:38.350
For example, it could be people can reach amazon.com.

01:22:39.030 --> 01:22:43.070
Or it can get the traffic amazon.com slash in.

01:22:44.790 --> 01:22:50.050
And it can get the traffic amazon.com slash US.

01:22:50.050 --> 01:22:56.710
Or it could be x.amazon.com, y.amazon.com.

01:22:58.310 --> 01:23:00.390
So you see here, you have the same domain,

01:23:00.690 --> 01:23:03.110
but multiple endpoints, something like this.

01:23:03.930 --> 01:23:07.070
So these are called as context-based routing.

01:23:07.870 --> 01:23:09.890
So same domain, but different endpoints.

01:23:11.490 --> 01:23:15.190
Now, the load balancer, we need to accordingly

01:23:15.190 --> 01:23:16.970
route the traffic to the back ends.

01:23:17.570 --> 01:23:19.190
So what does it do?

01:23:20.230 --> 01:23:25.370
You would be having in Amazon, call it listener.

01:23:26.670 --> 01:23:31.430
And in the listener, you write in the rule as to where to go.

01:23:32.110 --> 01:23:34.250
So in the back end, we call it target groups.

01:23:34.730 --> 01:23:38.610
So you'll have one group in which you

01:23:38.610 --> 01:23:41.050
will have instances, one and two.

01:23:41.530 --> 01:23:44.310
And this would point out to amazon.com.

01:23:44.310 --> 01:23:45.970
You will have one more group, which

01:23:45.970 --> 01:23:49.530
is tg2, in which you have instances three and four.

01:23:50.150 --> 01:23:54.210
This will point out to amazon.com slash in.

01:23:54.250 --> 01:23:56.890
So the listener would have some rules stating

01:23:56.890 --> 01:24:00.410
that if someone hits amazon.com.in,

01:24:00.710 --> 01:24:02.670
send the traffic to group two.

01:24:03.170 --> 01:24:03.770
Getting it?

01:24:04.810 --> 01:24:11.130
If someone hits group three of this, send it to group three.

01:24:11.130 --> 01:24:12.930
Are we good?

01:24:16.350 --> 01:24:16.450
Everyone?

01:24:18.710 --> 01:24:19.250
OK.

01:24:20.030 --> 01:24:24.170
So now, very similarly, in Kubernetes, we can do.

01:24:24.490 --> 01:24:27.390
So in Kubernetes, the same one, what we do first do is,

01:24:27.890 --> 01:24:29.110
you create my use cases.

01:24:29.930 --> 01:24:33.750
Simple example, I'm going to route amazon.com

01:24:33.750 --> 01:24:36.510
and some amazon.com slash in.

01:24:36.790 --> 01:24:38.910
This is my use case, using a load balancer in Kubernetes.

01:24:39.750 --> 01:24:43.250
So what I do, I create a deployment.

01:24:44.570 --> 01:24:49.370
So this is for amazon.com, in which I have two pods,

01:24:50.230 --> 01:24:52.850
pod one and pod two.

01:24:53.710 --> 01:24:55.910
This is pointing out to amazon.com.

01:24:56.590 --> 01:25:02.030
And I also have pod three and pod four.

01:25:02.830 --> 01:25:08.870
These are pointing out to amazon.com slash in.

01:25:10.730 --> 01:25:13.070
And I map it to a service.

01:25:13.650 --> 01:25:18.210
Service one would reach to these.

01:25:19.390 --> 01:25:23.750
And service two would reach to this.

01:25:23.910 --> 01:25:24.150
Clear?

01:25:24.430 --> 01:25:24.570
Till now?

01:25:24.590 --> 01:25:25.450
I have a deployment.

01:25:26.830 --> 01:25:27.910
One, you have two pods.

01:25:28.530 --> 01:25:30.350
And a deployment two, I have two pods.

01:25:30.350 --> 01:25:32.010
I map it to a cluster service.

01:25:32.170 --> 01:25:32.290
Clear?

01:25:32.630 --> 01:25:33.030
No.

01:25:33.250 --> 01:25:35.050
Checking deployment, two pods, a cluster service.

01:25:35.090 --> 01:25:35.550
This is done.

01:25:35.650 --> 01:25:37.790
So now, we have a load balancer.

01:25:37.910 --> 01:25:40.730
The user trying to reach to this website.

01:25:40.950 --> 01:25:43.570
So when they hit amazon.com, for example,

01:25:45.190 --> 01:25:47.970
now the load balancer needs to send the traffic to where?

01:25:48.790 --> 01:25:49.390
To this service.

01:25:49.450 --> 01:25:49.830
Do you agree?

01:25:49.970 --> 01:25:50.210
Getting it?

01:25:50.330 --> 01:25:52.310
When some user is using amazon.com load balancer,

01:25:52.430 --> 01:25:54.090
someone has to send the traffic to this service.

01:25:54.110 --> 01:25:54.610
Do you agree?

01:25:54.930 --> 01:26:00.190
So it reaches this where we use two components.

01:26:00.190 --> 01:26:04.390
So load balancer need to have an ingress controller.

01:26:05.930 --> 01:26:08.490
And it also uses the ingress rules.

01:26:09.910 --> 01:26:15.270
So ingress rules would allow it to reach to this one.

01:26:15.910 --> 01:26:18.130
So you would have written something

01:26:18.130 --> 01:26:21.950
like a default rule sent to this.

01:26:22.470 --> 01:26:28.090
If they hit slash in, you have written a rule stating

01:26:28.090 --> 01:26:33.150
that if someone hits slash in, send traffic to this.

01:26:33.390 --> 01:26:36.270
This rule is called as ingress rules.

01:26:37.610 --> 01:26:38.170
Are we clear?

01:26:38.310 --> 01:26:38.350
Yeah.

01:26:38.350 --> 01:26:38.850
Getting it?

01:26:39.270 --> 01:26:40.290
I'll repeat again.

01:26:40.770 --> 01:26:44.770
So for example, if this is your backend service,

01:26:46.290 --> 01:26:49.590
and this backend is where we're talking about, amazon.com.

01:26:50.870 --> 01:26:52.490
So you need load balancer.

01:26:52.570 --> 01:26:55.050
The load balancer doesn't understand

01:26:55.050 --> 01:26:56.190
to work ingress rules.

01:26:56.190 --> 01:26:58.490
It needs another component called ingress controller.

01:26:59.290 --> 01:27:01.090
And this controller and this works together,

01:27:01.090 --> 01:27:02.550
and then they use the ingress.

01:27:04.010 --> 01:27:06.890
That is what we do for normal load balancers.

01:27:07.590 --> 01:27:11.090
But we also have open source ingress controller,

01:27:11.310 --> 01:27:16.810
which is in the next, which acts both as a load balancer

01:27:16.810 --> 01:27:18.170
and the ingress controller.

01:27:19.790 --> 01:27:21.310
So if you use amazon load balancer,

01:27:21.470 --> 01:27:24.670
you have to additionally install ingress controller component

01:27:24.670 --> 01:27:26.510
along with the amazon load balancer

01:27:26.510 --> 01:27:28.010
and then define the rules.

01:27:28.630 --> 01:27:31.030
But in case if you go for IngenX controller,

01:27:31.090 --> 01:27:32.990
it has both of the components.

01:27:33.810 --> 01:27:34.210
The same.

01:27:34.850 --> 01:27:37.010
And you now try to write ingress rules.

01:27:37.890 --> 01:27:39.870
You go to this, or you go to this, go to this,

01:27:39.910 --> 01:27:40.670
go to this.

01:27:40.690 --> 01:27:41.150
That's it.

01:27:42.370 --> 01:27:45.390
So this will point out to, like amazon.com,

01:27:45.630 --> 01:27:49.090
it will point out to slash in, slash us, slash uk.

01:27:49.210 --> 01:27:49.530
Are we good?

01:27:49.610 --> 01:27:51.770
Ingress controller part would get created

01:27:52.410 --> 01:27:57.370
in case if you use in amazon, for example, ingress controller

01:27:57.370 --> 01:28:00.930
of IngenX, it will create the controller part

01:28:00.930 --> 01:28:02.230
in one of the nodes.

01:28:04.290 --> 01:28:06.990
And through that, the traffic goes to the back end.

01:28:07.970 --> 01:28:09.850
So when you use ingress controller,

01:28:10.010 --> 01:28:12.110
it will create ingress controller one of the nodes.

01:28:12.570 --> 01:28:14.610
And through that, the traffic goes to the back end.

01:28:15.710 --> 01:28:17.010
That is what is ingress controller.

01:28:17.210 --> 01:28:17.670
Are we good?

01:28:17.710 --> 01:28:18.830
OK, let's do a small lab.

01:28:18.830 --> 01:28:19.450
We have four.

01:28:20.690 --> 01:28:23.310
For networking, we don't have labs for monitoring.

01:28:25.810 --> 01:28:28.190
So now what we are going to do is we are going to deploy

01:28:28.190 --> 01:28:29.130
ingress controller.

01:28:29.150 --> 01:28:30.230
Let's run this.

01:28:31.150 --> 01:28:33.990
Everyone, create this YAML file in your master.

01:28:35.290 --> 01:28:35.890
Sorry.

01:28:40.030 --> 01:28:46.070
So put the YAML file in the master and apply it.

01:28:46.990 --> 01:28:50.510
So this will get created in a separate namespace called

01:28:50.510 --> 01:28:52.710
ingress-ingenx.

01:28:53.670 --> 01:29:02.150
So you can go and say get all in ingress-ingenx namespace.

01:29:05.290 --> 01:29:07.630
So once you apply it, go ahead and check

01:29:07.630 --> 01:29:11.690
what got created under ingress-ingenx.

01:29:12.590 --> 01:29:17.330
The ingress controller needs to separate namespace.

01:29:17.970 --> 01:29:19.290
And it will take some time.

01:29:21.890 --> 01:29:23.570
And it will get created in a minute.

01:29:25.050 --> 01:29:27.570
You see, it's creating the services.

01:29:30.750 --> 01:29:31.710
Go to node port.

01:29:31.750 --> 01:29:33.070
It will put load banser right now.

01:29:33.070 --> 01:29:33.530
It's fine.

01:29:33.590 --> 01:29:33.910
Let's see.

01:29:33.990 --> 01:29:35.010
I'll tell you what to do.

01:29:35.370 --> 01:29:36.490
It's creating your jobs.

01:29:36.750 --> 01:29:38.590
It's creating all your components of ingress

01:29:38.590 --> 01:29:39.090
controller.

01:29:43.810 --> 01:29:44.250
OK?

01:29:44.430 --> 01:29:44.990
Are we good?

01:29:45.930 --> 01:29:49.090
So now next step is it takes some time

01:29:49.090 --> 01:29:50.650
for load banser to be up and running.

01:29:51.070 --> 01:29:51.590
Let it wait.

01:29:51.650 --> 01:29:54.030
So now what we'll do next, let's go ahead

01:29:54.030 --> 01:29:56.350
and create our back end service, the deployment.

01:29:56.550 --> 01:29:57.330
This is my deployment.

01:29:58.450 --> 01:29:59.890
And I map it to a cluster service.

01:30:01.550 --> 01:30:06.110
So write the deployment of hello app.

01:30:13.050 --> 01:30:14.470
It got created.

01:30:15.330 --> 01:30:17.110
Now map this to a cluster service.

01:30:17.250 --> 01:30:19.330
We're going to map it to a cluster service.

01:30:25.270 --> 01:30:27.390
Now do a cube so it will get service.

01:30:29.710 --> 01:30:31.950
You see a new service got created, which is hello server.

01:30:32.070 --> 01:30:35.630
You can do a curl, get IP, and check

01:30:35.630 --> 01:30:38.030
if you're able to reach your internal application.

01:30:38.530 --> 01:30:39.930
So it is coming hello server.

01:30:41.090 --> 01:30:42.590
So we have a deployment.

01:30:43.390 --> 01:30:44.870
We have a cluster service.

01:30:46.250 --> 01:30:48.910
And we have in the load balancer ingress controller.

01:30:49.890 --> 01:30:51.830
Now we have to define the ingress rule.

01:30:53.250 --> 01:30:54.530
Are we good till now?

01:30:56.870 --> 01:30:59.150
So now for doing that, we'll create an ingress file.

01:31:00.170 --> 01:31:01.710
So go ahead and create an ingress rule.

01:31:02.310 --> 01:31:06.270
Then you say that if any traffic goes forward slash

01:31:06.270 --> 01:31:10.250
hello, then it must reach your back end service.

01:31:10.250 --> 01:31:10.950
Write in a rule.

01:31:11.050 --> 01:31:15.870
So we'll say ingress.yml, insert mode.

01:31:16.010 --> 01:31:25.950
And you go and paste that ingress file and apply it.

01:31:38.850 --> 01:31:39.870
So it got created.

01:31:40.850 --> 01:31:42.430
So you can also do a get ingress.

01:31:44.530 --> 01:31:45.530
And you see it got.

01:31:45.830 --> 01:31:47.710
And you can do describe ingress.

01:31:49.790 --> 01:31:52.230
And it will have in the rule hello.

01:31:53.490 --> 01:31:55.590
So if you say hello slash hello,

01:31:56.170 --> 01:31:59.090
it will reach your hello server service.

01:32:00.070 --> 01:32:02.030
And that will reach your back end port.

01:32:03.770 --> 01:32:04.770
Are we good till now?

01:32:05.290 --> 01:32:06.090
Please confirm.

01:32:06.270 --> 01:32:07.610
OK, Gene, the next step.

01:32:07.890 --> 01:32:10.790
Go ahead and create.

01:32:11.110 --> 01:32:11.570
OK, good.

01:32:12.030 --> 01:32:14.370
So now what do we do?

01:32:15.030 --> 01:32:16.590
The next step is now what happens

01:32:16.590 --> 01:32:21.710
is in our use case, the load balancer would not work.

01:32:21.750 --> 01:32:25.210
So we are going to modify the load balancer node port

01:32:25.210 --> 01:32:25.730
method.

01:32:26.390 --> 01:32:28.210
And we are going to say public IP

01:32:28.210 --> 01:32:29.850
called node port slash hello.

01:32:31.090 --> 01:32:32.710
And we must be able to see the output.

01:32:33.610 --> 01:32:34.330
Yeah.

01:32:34.770 --> 01:32:36.590
So now what we do, go back to your server

01:32:36.590 --> 01:32:41.190
and run the command kubectl get service.

01:32:44.750 --> 01:32:51.050
And then of this, get svc hyphen fn namespace

01:32:51.050 --> 01:32:53.890
or hyphen n ingress hyphen nginx.

01:32:55.830 --> 01:32:56.690
So it is pending.

01:32:57.850 --> 01:32:59.190
So now let us modify it.

01:32:59.190 --> 01:33:04.950
So we say edit svc, type in that name.

01:33:10.850 --> 01:33:12.950
This modifies edit inside otherwise.

01:33:17.370 --> 01:33:22.570
So kubectl edit svc, the service name,

01:33:22.650 --> 01:33:23.610
and the namespace.

01:33:25.130 --> 01:33:26.110
We go inside.

01:33:27.370 --> 01:33:29.010
Now go inside.

01:33:30.090 --> 01:33:33.110
And when you say last but one line,

01:33:33.270 --> 01:33:34.770
you see a type is load balancer.

01:33:36.010 --> 01:33:40.310
So we would modify this to node port, ns caps, ps caps.

01:33:42.390 --> 01:33:44.450
So remove the word load balancer.

01:33:46.490 --> 01:33:50.870
And in there, type in node port, n caps, p caps.

01:33:51.870 --> 01:33:54.230
ns capitals, ps capitals.

01:33:54.630 --> 01:33:55.790
And save this file.

01:34:02.450 --> 01:34:04.590
ns capitals, ps capitals.

01:34:04.870 --> 01:34:05.730
Yeah, good.

01:34:06.090 --> 01:34:07.490
Save this.

01:34:07.950 --> 01:34:09.390
Junvi, yeah.

01:34:10.190 --> 01:34:10.750
You want help?

01:34:11.350 --> 01:34:18.030
Now kubectl edit svc, edit edit.

01:34:18.030 --> 01:34:21.070
So get do edit, edit svc.

01:34:21.430 --> 01:34:23.710
In the end of the command, type in edit first.

01:34:23.930 --> 01:34:24.750
So clear, please.

01:34:24.950 --> 01:34:26.210
Do clear, type in clear.

01:34:27.610 --> 01:34:34.530
Yeah, k edit, k edit, svc, edit edit,

01:34:35.390 --> 01:34:40.790
edit, edit, space, service hyphen,

01:34:41.630 --> 01:34:43.490
the name of the service name.

01:34:45.630 --> 01:34:51.670
Ingress hyphen, ingress hyphen, nginx.

01:34:52.270 --> 01:34:54.210
OK, we'll be in the command a chat, please.

01:34:54.250 --> 01:34:56.170
We're not going properly making mistakes.

01:35:05.390 --> 01:35:06.690
Yeah, paste this command.

01:35:06.770 --> 01:35:08.830
Right-hand side of the command, paste that.

01:35:10.050 --> 01:35:12.090
Yeah, now go to last but one line,

01:35:12.090 --> 01:35:13.470
the last but one line.

01:35:13.690 --> 01:35:14.950
Go down, complete down.

01:35:15.510 --> 01:35:16.910
Yes, go up.

01:35:17.230 --> 01:35:18.690
Where is the load balancer now?

01:35:19.010 --> 01:35:20.170
Go up, yes.

01:35:20.450 --> 01:35:21.830
Go to insert mode, delete it.

01:35:21.950 --> 01:35:23.350
Press i.

01:35:23.750 --> 01:35:25.190
Press i, delete that word.

01:35:25.270 --> 01:35:28.690
Replace it with a node port, n caps, n capitals,

01:35:28.810 --> 01:35:41.410
n o d e node, p capitals, node port, n o d e p o r t,

01:35:41.410 --> 01:35:42.810
escape colon, save.

01:35:43.990 --> 01:35:44.810
OK, now we're done.

01:35:45.170 --> 01:35:49.110
So now, again, do a get service with the same command

01:35:49.110 --> 01:35:53.050
now, not edit, get service.

01:35:53.290 --> 01:35:55.790
You see the exposed to the port number,

01:35:55.950 --> 01:35:57.210
the first you see on port 80,

01:35:57.430 --> 01:35:58.470
supposed to access this.

01:35:59.430 --> 01:36:04.170
So access the public IP, colon the node port number,

01:36:04.970 --> 01:36:07.370
colon that node port number,

01:36:09.850 --> 01:36:11.150
forward slash hello.

01:36:11.530 --> 01:36:13.150
It takes some time.

01:36:13.910 --> 01:36:16.910
Do it on the node of worker one and worker two.

01:36:16.970 --> 01:36:18.670
Is it working on worker one for me?

01:36:19.810 --> 01:36:22.370
It will normally get created on the node

01:36:22.370 --> 01:36:24.770
where the controller got created, it hit from there.

01:36:26.730 --> 01:36:28.870
Where the controller got created, it hit from there.

01:36:29.330 --> 01:36:30.630
Others, it may not work.

01:36:30.750 --> 01:36:31.930
It will hit from your controller

01:36:31.930 --> 01:36:33.370
where it got created in the back end.

01:36:34.730 --> 01:36:36.650
OK, so since my controller got created

01:36:36.650 --> 01:36:39.450
on my worker one, I'm able to see it on worker one.

01:36:44.710 --> 01:36:45.130
Are we clear?

01:36:48.450 --> 01:36:52.650
So the controller got created on worker one

01:36:52.650 --> 01:36:55.030
and hence it is working for me.

01:37:06.650 --> 01:37:10.250
So we see my port, worker one.

01:37:16.490 --> 01:37:17.730
Or worker two.

01:37:18.510 --> 01:37:19.130
See mine is worker two.

01:37:19.690 --> 01:37:22.090
I got a worker two, working for me, worker two.

01:37:22.850 --> 01:37:24.170
Is it running for you all?

01:37:27.810 --> 01:37:29.630
Yes, Gene, does it work?

01:37:30.730 --> 01:37:31.350
No, no, it's wrong.

01:37:31.550 --> 01:37:34.470
Public IP, public with the public IP,

01:37:34.470 --> 01:37:36.250
not the private IP.

01:37:36.490 --> 01:37:41.570
The IP, the IP which is not the master one.

01:37:42.470 --> 01:37:44.570
Is the master machine, which machine is this?

01:37:45.330 --> 01:37:47.970
Now, paste the private of your worker one.

01:37:48.030 --> 01:37:50.770
Paste the other worker one, other node, node, other worker.

01:37:50.890 --> 01:37:51.350
No, no, no.

01:37:51.350 --> 01:37:54.990
What I'm saying is on which node it got created.

01:37:55.070 --> 01:37:58.310
Put a master, not like that.

01:38:00.890 --> 01:38:08.510
K, K, kubectl get all, get all, all, space all, hyphen n, hyphen space hyphen n,

01:38:09.670 --> 01:38:13.770
ingress hyphen nginx, nginx, nginx, yeah.

01:38:14.010 --> 01:38:14.350
Enter.

01:38:15.070 --> 01:38:19.430
Again, can use a hyphen o, y, use apparo and use the n, hyphen o, y.

01:38:19.530 --> 01:38:19.750
Enter.

01:38:20.410 --> 01:38:21.830
So the controller got created.

01:38:21.990 --> 01:38:26.350
You see the port got created on worker two, but above that, above that.

01:38:26.530 --> 01:38:27.650
Yeah, yeah, above that.

01:38:27.650 --> 01:38:30.590
Wait, the worker two, what is the worker two public IP, please?

01:38:32.030 --> 01:38:33.070
What's the worker two public IP?

01:38:34.430 --> 01:38:35.550
Yeah, that's it, understood?

01:38:37.370 --> 01:38:40.050
So this is the third one, the third one, ingress controller, third one.

01:38:40.090 --> 01:38:40.730
That's below that.

01:38:40.790 --> 01:38:42.390
Yes, the dh, yes.

01:38:43.210 --> 01:38:45.250
This is what the node is going to worker two.

01:38:45.410 --> 01:38:46.690
See, in the right side you can see worker two.

01:38:47.750 --> 01:38:53.450
So it goes to worker two, that controller, and then it reaches their back end application.

01:38:55.250 --> 01:38:55.570
Service.

01:38:55.570 --> 01:38:56.810
Okay, others?

01:38:57.790 --> 01:38:58.210
Are we good?

01:38:58.470 --> 01:38:59.110
Sorry, one second.

01:38:59.250 --> 01:38:59.890
That will do.

01:39:00.110 --> 01:39:00.830
Type in clear?

01:39:02.270 --> 01:39:02.630
Type clear?

01:39:02.690 --> 01:39:03.110
Clear, clear.

01:39:03.270 --> 01:39:15.070
Okay, now, do a k, get, k, get, svc, hyphen space hyphen n, space, no, one,

01:39:15.370 --> 01:39:18.570
one, n, n, n for Nancy, n, n, n, n.

01:39:19.630 --> 01:39:19.950
Yes.

01:39:21.650 --> 01:39:23.870
Space ingress hyphen nginx.

01:39:24.010 --> 01:39:24.290
Enter.

01:39:24.290 --> 01:39:25.450
Press enter.

01:39:26.030 --> 01:39:27.410
Okay, fine, fine.

01:39:28.170 --> 01:39:34.790
Now, what is your, can you give me the IP of your worker one, yeah, worker one public,

01:39:34.930 --> 01:39:37.950
so it is three, can you give worker one IP?

01:39:38.290 --> 01:39:39.210
Worker one, public IP.

01:39:39.430 --> 01:39:40.350
You're doing worker three, correct?

01:39:40.510 --> 01:39:42.370
Sorry, worker three and worker four.

01:39:42.510 --> 01:39:43.630
Okay, let me show you one.

01:39:44.370 --> 01:39:44.830
Yes.

01:39:45.750 --> 01:39:48.530
Let me, yeah, let me give you the output.

01:39:48.830 --> 01:39:50.530
How about you just test it, yeah.

01:39:51.290 --> 01:39:53.090
So, I'm doing this.

01:39:53.090 --> 01:39:59.890
The other one, other worker machine, 54, 54, 179, correct?

01:39:59.910 --> 01:40:00.930
That's what I'm trying now.

01:40:01.010 --> 01:40:03.010
I'm trying the 54 now, 22.

01:40:04.610 --> 01:40:05.370
193 is over.

01:40:05.630 --> 01:40:07.870
Do you have, 227 you have, correct?

01:40:09.650 --> 01:40:11.230
Yeah, I'm trying 227 now.

01:40:11.390 --> 01:40:12.750
Okay, try this now in the browser.

01:40:12.810 --> 01:40:13.730
Try this in your browser.

01:40:13.790 --> 01:40:14.630
It will work like this.

01:40:14.710 --> 01:40:15.070
Are we good?

01:40:15.530 --> 01:40:16.570
Again, again the chat.

01:40:16.990 --> 01:40:18.030
Say you're there in the browser.

01:40:20.570 --> 01:40:22.030
HTTP double slash HTTP.

01:40:22.810 --> 01:40:24.290
Chat I've given you.

01:40:24.530 --> 01:40:25.210
Just paste that.

01:40:25.550 --> 01:40:26.530
HTTP colon double slash.

01:40:26.610 --> 01:40:27.730
The chat I've given to you.

01:40:27.830 --> 01:40:28.730
Are you pasting that?

01:40:29.570 --> 01:40:30.010
HTTP.

01:40:30.730 --> 01:40:31.470
Type in HTTP.

01:40:31.650 --> 01:40:32.230
I'll tell you.

01:40:32.290 --> 01:40:35.630
Colon double slash 54.

01:40:36.830 --> 01:40:37.030
Yeah.

01:40:37.330 --> 01:40:39.130
No, the end goes hello.

01:40:39.450 --> 01:40:42.190
The end after forward slash type in hello.

01:40:42.410 --> 01:40:42.830
Hello.

01:40:43.110 --> 01:40:43.530
Type in hello.

01:40:43.630 --> 01:40:44.330
H-E-L-L-O.

01:40:44.390 --> 01:40:44.570
Enter.

01:40:45.810 --> 01:40:46.130
Enter.

01:40:46.130 --> 01:40:47.150
It is 3099.

01:40:47.230 --> 01:40:47.770
That is okay.

01:40:47.770 --> 01:40:48.770
Sorry, 3096.

01:40:49.850 --> 01:40:50.310
30996.

01:40:50.890 --> 01:40:51.170
That's it.

01:40:51.290 --> 01:40:52.110
Okay, team.

01:40:52.370 --> 01:40:53.090
Are we good, everyone?

01:40:54.710 --> 01:40:56.670
It's a simple example of how it can.

01:40:56.730 --> 01:40:58.550
So you can do any part.

01:40:58.810 --> 01:41:00.050
This is a hello example.

01:41:00.490 --> 01:41:01.750
You can give any part.

01:41:01.890 --> 01:41:03.230
You can have multiple parts.

01:41:03.890 --> 01:41:06.710
You have to create multiple services and you can map it to a.

01:41:08.310 --> 01:41:08.710
Yeah.

01:41:09.510 --> 01:41:10.910
The last one, monitoring.

01:41:12.250 --> 01:41:14.630
So we use Prometheus.

01:41:14.630 --> 01:41:17.890
We have very less tools for monitoring in Kubernetes.

01:41:18.750 --> 01:41:23.470
We can either use the probing which we talked about via metric server.

01:41:23.550 --> 01:41:25.430
The metric server is not very good.

01:41:26.350 --> 01:41:28.810
We have to use Prometheus.

01:41:29.710 --> 01:41:33.410
We can use Dashboard, but not very good, not secure in Kubernetes.

01:41:34.510 --> 01:41:38.390
So we use Prometheus, which gets the data.

01:41:38.530 --> 01:41:40.110
So you can install Prometheus.

01:41:41.230 --> 01:41:42.690
This gets the data.

01:41:43.770 --> 01:41:44.990
To the back ends.

01:41:45.050 --> 01:41:45.890
So how does it work?

01:41:46.290 --> 01:41:49.090
So once you install Prometheus.

01:41:49.570 --> 01:41:50.050
Okay.

01:41:50.430 --> 01:41:52.990
So it will have all these components of Prometheus.

01:41:53.050 --> 01:41:54.710
In a server, it will have alerts.

01:41:55.210 --> 01:41:57.410
So once you install Prometheus, it will have all the components.

01:41:57.910 --> 01:41:59.230
You see the exporters.

01:42:00.310 --> 01:42:05.970
So these exporters run in every node, including a master and every node it gets in.

01:42:06.730 --> 01:42:09.890
It gets the data from the back end and stores it in a server.

01:42:10.450 --> 01:42:12.690
So you want to monitor your cluster.

01:42:13.490 --> 01:42:15.510
You need to configure Prometheus.

01:42:16.070 --> 01:42:19.110
It will have these components that get the information and store it in your server.

01:42:19.950 --> 01:42:20.630
And then what do you do?

01:42:20.630 --> 01:42:21.790
You install Grafana.

01:42:22.830 --> 01:42:26.110
And Grafana will say that get the information from this Prometheus.

01:42:27.290 --> 01:42:30.390
So you would add a plug-in in Grafana.

01:42:31.610 --> 01:42:33.510
And the data comes from Prometheus.

01:42:35.150 --> 01:42:39.690
So you have to define what you want all these Prometheus and get the data from the back.

01:42:39.770 --> 01:42:40.450
Let me show you this.

01:42:40.610 --> 01:42:42.630
So I go to Prometheus.

01:42:43.350 --> 01:42:45.950
So Prometheus, there are lots of monitoring tools we have.

01:42:46.270 --> 01:42:47.610
Prometheus, DataDoc.

01:42:48.190 --> 01:42:50.010
We can use Plunk, all these tools.

01:42:50.530 --> 01:42:57.490
This is an open source tool, which is highly customizable visualization, but they don't have a proper dashboard.

01:42:58.390 --> 01:43:01.870
So if you want to install it, you can download.

01:43:02.610 --> 01:43:06.370
And you extract like this the software.

01:43:07.430 --> 01:43:11.870
And then you are supposed to write a file called as Prometheus.yml.

01:43:13.270 --> 01:43:20.950
In which you define what you want to extract, what data, what time interval.

01:43:21.910 --> 01:43:24.770
You define all those things in Prometheus.yml.

01:43:25.310 --> 01:43:27.370
And Prometheus works on port 1990.

01:43:28.510 --> 01:43:33.790
You can get in some information from the dashboard, probably extracts it.

01:43:34.470 --> 01:43:36.350
You define what you want, all these.

01:43:36.530 --> 01:43:41.050
And this information would be gotten a component called exporter.

01:43:41.510 --> 01:43:47.050
So exporter would go ahead and get all these components on the master, worker nodes and all.

01:43:47.450 --> 01:43:50.250
And it saves this information on your Prometheus server.

01:43:50.270 --> 01:43:51.730
Then what do you do?

01:43:53.090 --> 01:43:54.230
We use Grafana.

01:43:55.570 --> 01:44:01.190
So Grafana is an open source dashboard tool, which could be used for any tools you can integrate.

01:44:01.330 --> 01:44:04.410
For example, you can integrate with any cloud, on-premises.

01:44:04.570 --> 01:44:06.210
It's a free open source.

01:44:06.330 --> 01:44:07.770
It's more of a dashboard tools.

01:44:09.170 --> 01:44:12.490
So you can go inside this once it is configured.

01:44:13.690 --> 01:44:14.750
We have in plugins.

01:44:16.190 --> 01:44:18.550
So now I click on the plugins.

01:44:18.550 --> 01:44:23.210
And then I say that I want to install Prometheus.

01:44:24.290 --> 01:44:27.830
You get an option to integrate once you deploy it.

01:44:28.050 --> 01:44:30.470
And the data would start coming from a Prometheus.

01:44:31.030 --> 01:44:33.030
So you have to install Prometheus.

01:44:33.750 --> 01:44:35.470
You get a URL for the Prometheus.

01:44:35.990 --> 01:44:38.810
And you have to refer that data source in your Grafana.

01:44:39.750 --> 01:44:42.990
And they get the data in the front.

01:44:44.170 --> 01:44:46.870
So Grafana is an open source dashboard tool.

01:44:48.290 --> 01:44:50.310
In which you can create multiple.

01:44:50.690 --> 01:44:51.990
There is a plugin option.

01:44:52.370 --> 01:44:55.690
You choose the plugin and choose Prometheus, the URL.

01:44:56.150 --> 01:44:58.630
It will start getting the data in your dashboard.

01:45:00.350 --> 01:45:01.590
It looks something like this.

01:45:02.730 --> 01:45:04.150
Very brief about.

01:45:04.570 --> 01:45:07.110
So Prometheus is your extracting tool.

01:45:07.450 --> 01:45:08.490
You can install it.

01:45:08.770 --> 01:45:09.910
It has the components.

01:45:11.390 --> 01:45:12.610
And these are components.

01:45:12.910 --> 01:45:15.990
It can integrate with Grafana or other tools.

01:45:17.130 --> 01:45:20.530
In Grafana, once you install it, you can get information.

01:45:21.630 --> 01:45:22.970
And we are not talking about one more topic.

01:45:23.110 --> 01:45:23.670
Help charts.

01:45:24.570 --> 01:45:25.650
So you can look into it.

01:45:25.650 --> 01:45:28.930
You can easily install all these things using help charts.

01:45:29.030 --> 01:45:30.330
It is a package management tool.

01:45:30.650 --> 01:45:33.850
Using which you can install Grafana, Prometheus, all these quite easily.

01:45:34.690 --> 01:45:35.870
And you can play around with this.

01:45:36.050 --> 01:45:36.610
Next thing.

01:45:36.970 --> 01:45:38.050
Very brief about monitoring.

01:45:38.050 --> 01:45:39.890
Do you work on monitoring tools?

01:45:40.570 --> 01:45:40.750
Or no?

01:45:40.830 --> 01:45:42.070
Do you work on monitoring tools?

01:45:43.490 --> 01:45:44.550
Any monitoring tool you work?

01:45:45.130 --> 01:45:45.530
Which one?

01:45:45.650 --> 01:45:46.630
Oh, you are aware of this.

01:45:47.470 --> 01:45:48.590
Okay, good, good.

01:45:49.790 --> 01:45:51.090
Everyone is aware of this?

01:45:51.350 --> 01:45:51.530
The team?

01:45:51.970 --> 01:45:52.570
Okay, not sure.

01:45:52.590 --> 01:45:52.910
Silent.

01:45:53.350 --> 01:45:54.190
Yes, the same.

01:45:54.370 --> 01:45:55.830
So Prometheus is your scraping tool.

01:45:56.250 --> 01:45:57.170
From which you get the data.

01:45:57.590 --> 01:45:59.370
You have to configure the programs at YAML.

01:45:59.750 --> 01:46:03.250
And then integrate your Grafana, which you will see the details in this dashboard.

01:46:03.310 --> 01:46:03.770
Yes, team.

01:46:04.070 --> 01:46:06.690
So this is all about the topics.

01:46:06.690 --> 01:46:09.510
I think we exactly covered it.

01:46:09.510 --> 01:46:09.930
Exactly.

01:46:09.930 --> 01:46:11.170
This is three minutes.

01:46:12.650 --> 01:46:16.210
I hope you learned new things in this training.

01:46:17.010 --> 01:46:17.410
Everyone.

01:46:18.810 --> 01:46:21.230
You're happy with what objective you had.

01:46:21.750 --> 01:46:22.610
Is your objectives met?

01:46:22.890 --> 01:46:25.350
CK, Junvi, Gene.

01:46:26.330 --> 01:46:28.550
Are you happy with what you learned?

01:46:28.870 --> 01:46:29.110
Okay.

01:46:29.370 --> 01:46:32.610
So if you want to remember what you're supposed to do every day.

01:46:32.970 --> 01:46:33.250
Yes.

01:46:34.150 --> 01:46:36.150
You're supposed to practice.

01:46:36.790 --> 01:46:36.970
Right?

01:46:37.390 --> 01:46:41.410
So what you can do is you can also create own free account of AWS.

01:46:41.590 --> 01:46:43.330
I'm sure that your company will also provide you.

01:46:43.810 --> 01:46:46.250
And you can practice this labs anytime.

01:46:47.130 --> 01:46:48.670
It is not that you had to practice money.

01:46:48.850 --> 01:46:51.010
Now, anytime, keep on practicing.

01:46:51.770 --> 01:46:53.090
Practice makes you perfect.

01:46:54.290 --> 01:46:57.770
And practice will also give you solutions about how I can learn more.

01:46:57.850 --> 01:46:58.810
How to troubleshoot.

01:46:59.530 --> 01:47:03.490
But if you don't practice, the theory would not help for Kubernetes.

01:47:04.190 --> 01:47:05.870
You have to practice the same labs.

01:47:06.130 --> 01:47:10.050
Try to experiment and see how you can learn more.

01:47:11.050 --> 01:47:11.270
Yeah.

01:47:12.510 --> 01:47:13.090
Any questions?

01:47:13.310 --> 01:47:13.510
Yes.

01:47:13.690 --> 01:47:14.610
Any questions?

01:47:14.930 --> 01:47:16.050
Any group photo or something?

01:47:17.730 --> 01:47:17.890
No.

01:47:19.690 --> 01:47:20.070
Any.

01:47:20.730 --> 01:47:21.930
Do you take any group photo?

01:47:22.090 --> 01:47:25.010
Do you take any group photo?

01:47:25.470 --> 01:47:26.590
Do you do that normally?

01:47:26.670 --> 01:47:27.170
I'm not sure.

01:47:27.170 --> 01:47:27.250
I don't think so.

01:47:27.250 --> 01:47:30.150
But that was asking you in case you don't know issues, we can also.

01:47:30.550 --> 01:47:31.330
What are the problem?

01:47:32.530 --> 01:47:33.370
Who is it?

01:47:33.410 --> 01:47:34.050
Thank you.

01:47:34.250 --> 01:47:35.710
All the best.

01:47:36.190 --> 01:47:38.690
Joe and I have sent the email to Alex with the Google.

01:47:38.890 --> 01:47:39.590
I think.

01:47:41.170 --> 01:47:41.490
Yes.

01:47:41.690 --> 01:47:42.170
I sent it.

01:47:42.210 --> 01:47:43.750
Thank you.

01:47:44.130 --> 01:47:44.730
Looking forward.

01:47:45.910 --> 01:47:46.830
Bye bye.

01:47:47.130 --> 01:47:47.490
Bye bye.