{"id":91284,"date":"2025-09-12T14:32:35","date_gmt":"2025-09-12T07:32:35","guid":{"rendered":"https:\/\/itviec.com\/blog\/?p=91284"},"modified":"2025-09-12T15:44:28","modified_gmt":"2025-09-12T08:44:28","slug":"cau-hoi-phong-van-docker","status":"publish","type":"post","link":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/","title":{"rendered":"Top 30+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker t\u1eeb c\u01a1 b\u1ea3n \u0111\u1ebfn n\u00e2ng cao"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed9i dung b\u00e0i vi\u1ebft<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/#Cac_nhom_cau_hoi_phong_van_Docker_pho_bien\" >C\u00e1c nh\u00f3m c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker ph\u1ed5 bi\u1ebfn&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/#Cau_hoi_phong_van_Docker_co_ban_Beginner_Level\" >C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker c\u01a1 b\u1ea3n (Beginner Level)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/#Cau_hoi_phong_van_Docker_trung_cap_Intermediate_Level\" >C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker trung c\u1ea5p (Intermediate Level)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/#Cau_hoi_phong_van_Docker_nang_cao_Advanced_Level\" >C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker n\u00e2ng cao (Advanced Level)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/#Ket_luan\" >K\u1ebft lu\u1eadn<\/a><\/li><\/ul><\/nav><\/div>\n\n<p><strong><em>Trong k\u1ef7 nguy\u00ean c\u1ee7a \u0111i\u1ec7n to\u00e1n \u0111\u00e1m m\u00e2y v\u00e0 t\u1ef1 \u0111\u1ed9ng h\u00f3a, Docker \u0111\u00e3 tr\u1edf th\u00e0nh c\u00f4ng c\u1ee5 c\u1ed1t l\u00f5i gi\u00fap c\u00e1c k\u1ef9 s\u01b0 ph\u1ea7n m\u1ec1m x\u00e2y d\u1ef1ng, \u0111\u00f3ng g\u00f3i v\u00e0 tri\u1ec3n khai \u1ee9ng d\u1ee5ng m\u1ed9t c\u00e1ch linh ho\u1ea1t, nhanh ch\u00f3ng v\u00e0 \u0111\u1ed3ng nh\u1ea5t tr\u00ean nhi\u1ec1u m\u00f4i tr\u01b0\u1eddng kh\u00e1c nhau. Vi\u1ec7c hi\u1ec3u v\u00e0 th\u00e0nh th\u1ea1o Docker kh\u00f4ng ch\u1ec9 gi\u00fap n\u00e2ng cao hi\u1ec7u su\u1ea5t l\u00e0m vi\u1ec7c m\u00e0 c\u00f2n l\u00e0 ti\u00eau ch\u00ed tuy\u1ec3n d\u1ee5ng quan tr\u1ecdng trong c\u00e1c v\u1ecb tr\u00ed DevOps, Backend Developer, QA, hay System Administrator. Ch\u00ednh v\u00ec th\u1ebf, c\u00e1c c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker xu\u1ea5t hi\u1ec7n ng\u00e0y c\u00e0ng ph\u1ed5 bi\u1ebfn trong c\u00e1c bu\u1ed5i \u0111\u00e1nh gi\u00e1 k\u1ef9 thu\u1eadt.\u00a0<\/em><\/strong><\/p>\n\n\n\n<p>\u0110\u1ecdc b\u00e0i vi\u1ebft n\u00e0y \u0111\u1ec3 tham kh\u1ea3o c\u00e2u tr\u1ea3 l\u1eddi cho:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker c\u01a1 b\u1ea3n<\/li>\n\n\n\n<li>C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker trung c\u1ea5p<\/li>\n\n\n\n<li>C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker n\u00e2ng cao<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cac-nhom-cau-h\u1ecfi-ph\u1ecfng-v\u1ea5n-docker-ph\u1ed5-bi\u1ebfn-nbsp\"><span class=\"ez-toc-section\" id=\"Cac_nhom_cau_hoi_phong_van_Docker_pho_bien\"><\/span><strong>C\u00e1c nh\u00f3m c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker ph\u1ed5 bi\u1ebfn&nbsp;<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>T\u00f9y theo c\u1ea5p \u0111\u1ed9 kinh nghi\u1ec7m, nh\u00e0 tuy\u1ec3n d\u1ee5ng s\u1ebd khai th\u00e1c \u1ee9ng vi\u00ean theo nh\u1eefng nh\u00f3m ki\u1ebfn th\u1ee9c ch\u00ednh nh\u01b0:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Nh\u00f3m ki\u1ebfn th\u1ee9c c\u01a1 b\u1ea3n: Container l\u00e0 g\u00ec, s\u1ef1 kh\u00e1c bi\u1ec7t gi\u1eefa Image v\u00e0 Container, c\u00e1ch vi\u1ebft Dockerfile, s\u1eed d\u1ee5ng Volume, Network,&#8230;<\/li>\n\n\n\n<li>Nh\u00f3m thao t\u00e1c v\u00e0 v\u1eadn h\u00e0nh: ch\u1ea1y Container v\u1edbi tham s\u1ed1 c\u1ee5 th\u1ec3, d\u00f9ng Docker Compose, debug khi Container g\u1eb7p l\u1ed7i, gi\u1edbi h\u1ea1n t\u00e0i nguy\u00ean,&#8230;<\/li>\n\n\n\n<li>Nh\u00f3m n\u00e2ng cao &amp; th\u1ef1c chi\u1ebfn: tri\u1ec3n khai CI\/CD v\u1edbi Docker, b\u1ea3o m\u1eadt Container, s\u1eed d\u1ee5ng multi-stage build, ki\u1ec3m tra l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt trong Image,&#8230;<\/li>\n<\/ul>\n\n\n\n<p>Vi\u1ec7c chu\u1ea9n b\u1ecb k\u1ef9 c\u00e1c c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker kh\u00f4ng ch\u1ec9 gi\u00fap b\u1ea1n t\u1ef1 tin v\u01b0\u1ee3t qua v\u00f2ng ph\u1ecfng v\u1ea5n, m\u00e0 c\u00f2n trang b\u1ecb n\u1ec1n t\u1ea3ng v\u1eefng ch\u1eafc \u0111\u1ec3 l\u00e0m vi\u1ec7c trong c\u00e1c h\u1ec7 th\u1ed1ng hi\u1ec7n \u0111\u1ea1i, n\u01a1i Docker l\u00e0 m\u1ed9t ph\u1ea7n kh\u00f4ng th\u1ec3 thi\u1ebfu trong chu\u1ed7i DevOps.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cau-h\u1ecfi-ph\u1ecfng-v\u1ea5n-docker-c\u01a1-b\u1ea3n-beginner-level\"><span class=\"ez-toc-section\" id=\"Cau_hoi_phong_van_Docker_co_ban_Beginner_Level\"><\/span><strong>C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker c\u01a1 b\u1ea3n (Beginner Level)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-docker-la-gi-so-sanh-docker-va-may-\u1ea3o\"><strong>Docker l\u00e0 g\u00ec? So s\u00e1nh Docker v\u00e0 m\u00e1y \u1ea3o<\/strong><\/h3>\n\n\n\n<p>Docker l\u00e0 m\u1ed9t n\u1ec1n t\u1ea3ng m\u00e3 ngu\u1ed3n m\u1edf gi\u00fap \u0111\u00f3ng g\u00f3i, ph\u00e2n ph\u1ed1i v\u00e0 ch\u1ea1y \u1ee9ng d\u1ee5ng trong c\u00e1c Container nh\u1eb9. Thay v\u00ec t\u1ea1o m\u1ed9t m\u00e1y \u1ea3o ho\u00e0n ch\u1ec9nh, Docker s\u1eed d\u1ee5ng c\u01a1 ch\u1ebf \u1ea3o h\u00f3a \u1edf t\u1ea7ng h\u1ec7 \u0111i\u1ec1u h\u00e0nh (OS-level virtualization).<\/p>\n\n\n\n<p>C\u00e1c Container chia s\u1ebb kernel h\u1ec7 \u0111i\u1ec1u h\u00e0nh c\u1ee7a m\u00e1y ch\u1ee7, gi\u00fap kh\u1edfi \u0111\u1ed9ng nhanh v\u00e0 s\u1eed d\u1ee5ng t\u00e0i nguy\u00ean hi\u1ec7u qu\u1ea3 h\u01a1n so v\u1edbi VM. Docker th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 tri\u1ec3n khai \u1ee9ng d\u1ee5ng m\u1ed9t c\u00e1ch nh\u1ea5t qu\u00e1n tr\u00ean nhi\u1ec1u m\u00f4i tr\u01b0\u1eddng kh\u00e1c nhau, t\u1eeb m\u00e1y ch\u1ee7 local \u0111\u1ebfn c\u00e1c d\u1ecbch v\u1ee5 \u0111\u00e1m m\u00e2y.<\/p>\n\n\n\n<p>So s\u00e1nh Docker v\u00e0 m\u00e1y \u1ea3o (Virtual Machine):<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Ti\u00eau ch\u00ed<\/strong><\/td><td><strong>Docker Container<\/strong><\/td><td><strong>M\u00e1y \u1ea3o (Virtual Machine)<\/strong><\/td><\/tr><tr><td>M\u1ee9c \u0111\u1ed9 \u1ea3o h\u00f3a<\/td><td>\u1ea2o h\u00f3a t\u1ea7ng h\u1ec7 \u0111i\u1ec1u h\u00e0nh, chia s\u1ebb kernel v\u1edbi host<\/td><td>\u1ea2o h\u00f3a to\u00e0n b\u1ed9 ph\u1ea7n c\u1ee9ng b\u1eb1ng hypervisor, ch\u1ea1y OS ri\u00eang<\/td><\/tr><tr><td>Hi\u1ec7u n\u0103ng &amp; t\u1ed1c \u0111\u1ed9<\/td><td>Kh\u1edfi \u0111\u1ed9ng g\u1ea7n nh\u01b0 ngay l\u1eadp t\u1ee9c, s\u1eed d\u1ee5ng t\u00e0i nguy\u00ean khi c\u1ea7n<\/td><td>Kh\u1edfi \u0111\u1ed9ng l\u00e2u h\u01a1n, chi\u1ebfm t\u00e0i nguy\u00ean c\u1ed1 \u0111\u1ecbnh (CPU, RAM, disk)<\/td><\/tr><tr><td>K\u00edch th\u01b0\u1edbc<\/td><td>Nh\u1ecf g\u1ecdn (ch\u1ec9 bao g\u1ed3m th\u01b0 vi\u1ec7n v\u00e0 runtime c\u1ea7n thi\u1ebft)<\/td><td>L\u1edbn h\u01a1n nhi\u1ec1u do ch\u1ee9a c\u1ea3 h\u1ec7 \u0111i\u1ec1u h\u00e0nh \u0111\u1ea7y \u0111\u1ee7<\/td><\/tr><tr><td>\u0110\u1ed9 c\u00f4 l\u1eadp<\/td><td>T\u00e1ch bi\u1ec7t process level nh\u01b0ng d\u00f9ng chung kernel \u2192 \u0111\u1ed9 c\u00f4 l\u1eadp th\u1ea5p h\u01a1n<\/td><td>\u0110\u1ed9c l\u1eadp ho\u00e0n to\u00e0n qua kernel ri\u00eang \u2192 an to\u00e0n h\u01a1n<\/td><\/tr><tr><td>T\u00ednh di \u0111\u1ed9ng (Portability)<\/td><td>Ch\u1ea1y \u0111\u01b0\u1ee3c nhi\u1ec1u Container tr\u00ean nhi\u1ec1u host kh\u00e1c nhau m\u00e0 kh\u00f4ng thay \u0111\u1ed5i h\u1ec7 \u0111i\u1ec1u h\u00e0nh<\/td><td>VM ch\u1ea1y \u1ed5n \u0111\u1ecbnh tr\u00ean nhi\u1ec1u h\u1ec7 th\u1ed1ng, nh\u01b0ng y\u00eau c\u1ea7u hypervisor t\u01b0\u01a1ng th\u00edch<\/td><\/tr><tr><td>T\u00e0i nguy\u00ean d\u00f9ng<\/td><td>Ch\u1ec9 s\u1eed d\u1ee5ng t\u00e0i nguy\u00ean khi c\u1ea7n, r\u1ea5t linh ho\u1ea1t<\/td><td>C\u1ea7n c\u1ea5u h\u00ecnh c\u1ed1 \u0111\u1ecbnh t\u00e0i nguy\u00ean cho t\u1eebng VM<\/td><\/tr><tr><td>\u1ee8ng d\u1ee5ng ph\u00f9 h\u1ee3p<\/td><td>\u1ee8ng d\u1ee5ng microservices, CI\/CD, dev\/test m\u00f4i tr\u01b0\u1eddng nhanh nh\u1eb9<\/td><td>M\u00f4i tr\u01b0\u1eddng c\u1ea7n h\u1ec7 \u0111i\u1ec1u h\u00e0nh ri\u00eang bi\u1ec7t, \u1ee9ng d\u1ee5ng legacy, ph\u00e2n l\u1eadp cao<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-hay-gi\u1ea3i-thich-s\u1ef1-khac-bi\u1ec7t-gi\u1eefa-docker-image-va-docker-container\"><strong>H\u00e3y gi\u1ea3i th\u00edch s\u1ef1 kh\u00e1c bi\u1ec7t gi\u1eefa Docker Image v\u00e0 Docker Container<\/strong><\/h3>\n\n\n\n<p><strong><a href=\"https:\/\/itviec.com\/blog\/docker-image-la-gi\/\" target=\"_blank\" rel=\"noreferrer noopener\">Docker Image<\/a><\/strong> l\u00e0 m\u1ed9t b\u1ea3n m\u1eabu b\u1ea5t bi\u1ebfn (immutable blueprint) ch\u1ee9a t\u1ea5t c\u1ea3 nh\u1eefng th\u00e0nh ph\u1ea7n c\u1ea7n thi\u1ebft \u0111\u1ec3 ch\u1ea1y m\u1ed9t \u1ee9ng d\u1ee5ng, bao g\u1ed3m m\u00e3 ngu\u1ed3n, th\u01b0 vi\u1ec7n ph\u1ee5 thu\u1ed9c, runtime, v\u00e0 c\u00e1c thi\u1ebft l\u1eadp c\u1ea5u h\u00ecnh. Image \u0111\u01b0\u1ee3c t\u1ea1o ra t\u1eeb Dockerfile ho\u1eb7c t\u1ea3i t\u1eeb c\u00e1c kho l\u01b0u tr\u1eef nh\u01b0 Docker Hub v\u00e0 \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef d\u01b0\u1edbi d\u1ea1ng c\u00e1c layers (l\u1edbp) s\u1eed d\u1ee5ng Union File System. Tuy nhi\u00ean, Image kh\u00f4ng th\u1ec3 t\u1ef1 ch\u1ea1y \u0111\u01b0\u1ee3c, n\u00f3 ch\u1ec9 cung c\u1ea5p c\u01a1 s\u1edf \u0111\u1ec3 t\u1ea1o ra Docker Container.\u00a0<\/p>\n\n\n\n<p><strong><a href=\"https:\/\/itviec.com\/blog\/docker-container\/\" target=\"_blank\" rel=\"noreferrer noopener\">Docker Container<\/a><\/strong> l\u00e0 m\u1ed9t th\u1ec3 hi\u1ec7n (instance) \u0111ang ch\u1ea1y c\u1ee7a m\u1ed9t Docker Image. N\u00f3 l\u00e0 m\u00f4i tr\u01b0\u1eddng th\u1ef1c thi \u1ee9ng d\u1ee5ng ho\u00e0n ch\u1ec9nh, \u0111\u01b0\u1ee3c t\u00e1ch bi\u1ec7t v\u1edbi h\u1ec7 \u0111i\u1ec1u h\u00e0nh ch\u1ee7 (host OS) th\u00f4ng qua c\u00f4ng ngh\u1ec7 \u1ea3o h\u00f3a \u1edf c\u1ea5p h\u1ec7 \u0111i\u1ec1u h\u00e0nh s\u1eed d\u1ee5ng Linux namespaces v\u00e0 cgroups. Khi Container \u0111\u01b0\u1ee3c kh\u1edfi ch\u1ea1y t\u1eeb Image, n\u00f3 ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t th\u1ef1c th\u1ec3 s\u1ed1ng, c\u00f3 th\u1ec3 thay \u0111\u1ed5i tr\u1ea1ng th\u00e1i trong qu\u00e1 tr\u00ecnh v\u1eadn h\u00e0nh, ch\u1eb3ng h\u1ea1n nh\u01b0 ghi d\u1eef li\u1ec7u, c\u1eadp nh\u1eadt file, ho\u1eb7c c\u00e0i \u0111\u1eb7t th\u00eam g\u00f3i m\u1edbi. Tuy nhi\u00ean, nh\u1eefng thay \u0111\u1ed5i n\u00e0y ch\u1ec9 t\u1ed3n t\u1ea1i trong Container \u0111ang ch\u1ea1y v\u00e0 kh\u00f4ng \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn Image g\u1ed1c do Container s\u1eed d\u1ee5ng writable layer ri\u00eang bi\u1ec7t.\u00a0<\/p>\n\n\n\n<p>Ph\u00e2n bi\u1ec7t Docker Image v\u00e0 Docker Container:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Kh\u00eda c\u1ea1nh<\/strong><\/td><td><strong>Docker Image<\/strong><\/td><td><strong>Docker Container<\/strong><\/td><\/tr><tr><td>B\u1ea3n ch\u1ea5t<\/td><td>Template b\u1ea5t bi\u1ebfn (blueprint)<\/td><td>Th\u1ef1c thi \u1ee9ng d\u1ee5ng (runtime)<\/td><\/tr><tr><td>Kh\u1ea3 n\u0103ng thay \u0111\u1ed5i<\/td><td>Kh\u00f4ng th\u1ec3 c\u1eadp nh\u1eadt tr\u1ef1c ti\u1ebfp<\/td><td>C\u00f3 th\u1ec3 thay \u0111\u1ed5i, t\u1ea1o file, s\u1eeda c\u1ea5u h\u00ecnh<\/td><\/tr><tr><td>Vai tr\u00f2 s\u1eed d\u1ee5ng<\/td><td>L\u00e0m c\u01a1 s\u1edf \u0111\u1ec3 t\u1ea1o Container<\/td><td>N\u01a1i \u1ee9ng d\u1ee5ng th\u1ef1c thi<\/td><\/tr><tr><td>L\u01b0u tr\u1eef<\/td><td>Layers ch\u1ec9 \u0111\u1ecdc (read-only)<\/td><td>Read-only layers + writable layer<\/td><\/tr><tr><td>M\u1ed1i quan h\u1ec7<\/td><td>Image d\u00f9ng \u0111\u1ec3 t\u1ea1o Container<\/td><td>Container l\u00e0 instance c\u1ee7a Image<\/td><\/tr><tr><td>S\u1ed1 l\u01b0\u1ee3ng t\u1ea1o \u0111\u01b0\u1ee3c<\/td><td>M\u1ed9t Image \u2192 nhi\u1ec1u Container<\/td><td>Nhi\u1ec1u Container t\u1eeb m\u1ed9t Image<\/td><\/tr><tr><td>Tr\u1ea1ng th\u00e1i<\/td><td>T\u0129nh (static)<\/td><td>\u0110\u1ed9ng (dynamic)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-so-sanh-docker-run-va-docker-start\"><strong>So s\u00e1nh Docker run v\u00e0 Docker start<\/strong><\/h3>\n\n\n\n<p>L\u1ec7nh <strong><code>docker run<\/code><\/strong> th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 t\u1ea1o v\u00e0 kh\u1edfi \u0111\u1ed9ng m\u1ed9t Container m\u1edbi t\u1eeb m\u1ed9t Image \u0111\u00e3 ch\u1ec9 \u0111\u1ecbnh. L\u1ec7nh n\u00e0y \u0111\u1ed3ng th\u1eddi th\u1ef1c hi\u1ec7n hai b\u01b0\u1edbc:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T\u1ea1o m\u1ed9t layer ghi (writable layer) m\u1edbi d\u1ef1a tr\u00ean Image<\/li>\n\n\n\n<li>Sau \u0111\u00f3 kh\u1edfi \u0111\u1ed9ng Container c\u00f9ng v\u1edbi c\u00e1c t\u00f9y ch\u1ecdn nh\u01b0 \u0111\u1eb7t t\u00ean, g\u1eafn Volume, thi\u1ebft l\u1eadp bi\u1ebfn m\u00f4i tr\u01b0\u1eddng, ho\u1eb7c mapping port.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Nh\u1edb \u0111\u00f3, <code>docker run<\/code> gi\u00fap c\u1ea5u h\u00ecnh Container m\u1ed9t c\u00e1ch linh ho\u1ea1t khi l\u1ea7n \u0111\u1ea7u kh\u1edfi t\u1ea1o.<\/p>\n\n\n\n<p>Ng\u01b0\u1ee3c l\u1ea1i,<strong> <code>docker start<\/code> <\/strong>ch\u1ec9 \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 kh\u1edfi \u0111\u1ed9ng l\u1ea1i m\u1ed9t Container \u0111\u00e3 t\u1ed3n t\u1ea1i v\u00e0 \u0111ang \u1edf tr\u1ea1ng th\u00e1i d\u1eebng (stopped). N\u00f3 kh\u00f4ng t\u1ea1o m\u1edbi Container v\u00e0 s\u1ebd s\u1eed d\u1ee5ng l\u1ea1i tr\u1ea1ng th\u00e1i filesystem c\u0169ng nh\u01b0 c\u00e1c c\u1ea5u h\u00ecnh tr\u01b0\u1edbc \u0111\u00f3. L\u1ec7nh n\u00e0y c\u00f3 th\u1ec3 k\u1ebft h\u1ee3p c\u00e1c t\u00f9y ch\u1ecdn nh\u01b0 <code>-i<\/code> \u0111\u1ec3 b\u1eadt ch\u1ebf \u0111\u1ed9 interactive ho\u1eb7c <code>-a<\/code> \u0111\u1ec3 g\u1eafn \u0111\u1ea7u ra (attach output) \u0111\u1ebfn terminal.<\/p>\n\n\n\n<p>So s\u00e1nh <code>docker run<\/code> v\u00e0 <code>docker start<\/code>:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Ti\u00eau ch\u00ed<\/strong><\/td><td><strong>Docker run<\/strong><\/td><td><strong>Docker start<\/strong><\/td><\/tr><tr><td>T\u1ea1o Container<\/td><td>C\u00f3. N\u00f3 t\u1ea1o m\u1ed9t Container m\u1edbi t\u1eeb Image<\/td><td>Kh\u00f4ng, ch\u1ec9 d\u00f9ng l\u1ea1i Container \u0111\u00e3 t\u1ea1o tr\u01b0\u1edbc<\/td><\/tr><tr><td>Kh\u1edfi \u0111\u1ed9ng<\/td><td>C\u00f3. N\u00f3 t\u1ea1o v\u00e0 ch\u1ea1y c\u00f9ng l\u00fac<\/td><td>C\u00f3, nh\u01b0ng ch\u1ec9 ch\u1ea1y Container \u0111ang \u1edf tr\u1ea1ng th\u00e1i stopped<\/td><\/tr><tr><td>Tu\u1ef3 ch\u1ecdn c\u1ea5u h\u00ecnh<\/td><td>H\u1ed7 tr\u1ee3 nhi\u1ec1u flag nh\u01b0 <code>--name<\/code>, <code>-p<\/code>, <code>-v<\/code>, <code>-e<\/code><\/td><td>H\u1ea1n ch\u1ebf, ch\u1ee7 y\u1ebfu d\u00f9ng c\u00e1c flag nh\u01b0 <code>-i<\/code>, <code>-a<\/code><\/td><\/tr><tr><td>T\u1ed1c \u0111\u1ed9 th\u1ef1c thi<\/td><td>Ch\u1eadm h\u01a1n v\u00ec ph\u1ea3i t\u1ea1o Container m\u1edbi<\/td><td>Nhanh h\u01a1n v\u00ec kh\u1edfi ch\u1ea1y l\u1ea1i Container \u0111\u00e3 c\u00f3 s\u1eb5n<\/td><\/tr><tr><td>Tr\u1ea1ng th\u00e1i v\u00e0 d\u1eef li\u1ec7u<\/td><td>B\u1eaft \u0111\u1ea7u t\u1eeb tr\u1ea1ng th\u00e1i s\u1ea1ch, kh\u00f4ng gi\u1eef l\u1ea1i d\u1eef li\u1ec7u c\u0169<\/td><td>Gi\u1eef nguy\u00ean filesystem, log, tr\u1ea1ng th\u00e1i tr\u01b0\u1edbc \u0111\u00f3<\/td><\/tr><tr><td>Container ID<\/td><td>T\u1ea1o Container ID m\u1edbi<\/td><td>S\u1eed d\u1ee5ng Container ID \u0111\u00e3 t\u1ed3n t\u1ea1i<\/td><\/tr><tr><td>\u1ee8ng d\u1ee5ng ti\u00eau bi\u1ec3u<\/td><td>Kh\u1edfi t\u1ea1o Container m\u1edbi v\u1edbi c\u1ea5u h\u00ecnh m\u1edbi<\/td><td>Resume Container \u0111\u00e3 d\u1eebng m\u00e0 kh\u00f4ng mu\u1ed1n m\u1ea5t d\u1eef li\u1ec7u<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-dockerfile-la-gi-dockerfile-dung-d\u1ec3-lam-gi\"><strong>Dockerfile l\u00e0 g\u00ec? Dockerfile d\u00f9ng \u0111\u1ec3 l\u00e0m g\u00ec?<\/strong><\/h3>\n\n\n\n<p>Dockerfile l\u00e0 m\u1ed9t t\u1ec7p v\u0103n b\u1ea3n ch\u1ee9a c\u00e1c l\u1ec7nh vi\u1ebft theo m\u1ed9t ng\u00f4n ng\u1eef ri\u00eang (DSL) gi\u00fap \u0111\u1eb7c t\u1ea3 t\u1eebng b\u01b0\u1edbc trong qu\u00e1 tr\u00ecnh x\u00e2y d\u1ef1ng m\u1ed9t Docker Image t\u1eeb \u0111\u1ea7u.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>M\u1ed7i d\u00f2ng l\u1ec7nh trong Dockerfile nh\u01b0 <code>FROM<\/code>, <code>RUN<\/code>, <code>COPY<\/code>, <code>ENV<\/code>, <code>CMD<\/code>,&#8230; \u0111\u01b0\u1ee3c Docker daemon th\u1ef1c thi tu\u1ea7n t\u1ef1 \u0111\u1ec3 gh\u00e9p c\u00e1c l\u1edbp (layers) t\u1ea1o n\u00ean m\u1ed9t Image ho\u00e0n ch\u1ec9nh.\u00a0<\/li>\n\n\n\n<li>M\u1ed7i l\u1ec7nh (instruction) t\u1ea1o ra m\u1ed9t layer m\u1edbi, v\u00e0 Docker s\u1eed d\u1ee5ng c\u01a1 ch\u1ebf cache (caching mechanism) \u0111\u1ec3 t\u0103ng t\u1ed1c qu\u00e1 tr\u00ecnh build b\u1eb1ng c\u00e1ch t\u00e1i s\u1eed d\u1ee5ng nh\u1eefng layer kh\u00f4ng thay \u0111\u1ed5i.<\/li>\n<\/ul>\n\n\n\n<p>V\u00ec v\u1eady, Dockerfile \u0111\u01b0\u1ee3c coi nh\u01b0 \u201cm\u00e3 ngu\u1ed3n c\u1ea5u tr\u00fac\u201d c\u1ee7a Image, gi\u00fap \u0111\u1ea3m b\u1ea3o s\u1ef1 nh\u1ea5t qu\u00e1n v\u00e0 kh\u1ea3 n\u0103ng t\u00e1i t\u1ea1o l\u1ea1i m\u00f4i tr\u01b0\u1eddng m\u1ecdi l\u00fac m\u1ecdi n\u01a1i:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>M\u1ee5c \u0111\u00edch ch\u00ednh c\u1ee7a Dockerfile l\u00e0 t\u1ef1 \u0111\u1ed9ng h\u00f3a qu\u00e1 tr\u00ecnh t\u1ea1o Image m\u1ed9t c\u00e1ch c\u00f3 th\u1ec3 t\u00e1i s\u1eed d\u1ee5ng, d\u1ec5 chia s\u1ebb v\u00e0 linh \u0111\u1ed9ng. Nh\u1edd \u0111\u00f3, ch\u00fang ta c\u00f3 th\u1ec3 kh\u1edfi t\u1ea1o m\u1ed9t Container m\u1edbi v\u1edbi m\u00f4i tr\u01b0\u1eddng gi\u1ed1ng h\u1ec7t nhau tr\u00ean m\u1ecdi h\u1ec7 th\u1ed1ng, t\u1eeb m\u00e1y ph\u00e1t tri\u1ec3n \u0111\u1ebfn c\u00e1c m\u00e1y ch\u1ee7 s\u1ea3n xu\u1ea5t.&nbsp;<\/li>\n\n\n\n<li>Dockerfile c\u0169ng h\u1ed7 tr\u1ee3 c\u00e1c workflow nh\u01b0 CI\/CD, cho ph\u00e9p x\u00e2y d\u1ef1ng Image t\u1ef1 \u0111\u1ed9ng khi code thay \u0111\u1ed5i v\u00e0 \u0111\u1ea3m b\u1ea3o c\u00e1c Container \u0111\u01b0\u1ee3c t\u1ea1o ra ho\u1ea1t \u0111\u1ed9ng theo \u0111\u00fang c\u1ea5u h\u00ecnh \u0111\u1eb7t tr\u01b0\u1edbc.&nbsp;<\/li>\n\n\n\n<li>Ngo\u00e0i ra, vi\u1ec7c s\u1eed d\u1ee5ng Dockerfile gi\u00fap t\u1ea1o ra c\u00e1c Images c\u00f3 k\u00edch th\u01b0\u1edbc t\u1ed1i \u01b0u th\u00f4ng qua c\u00e1c best practices nh\u01b0 multi-stage builds v\u00e0 t\u1ed1i \u01b0u h\u00f3a layer.<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u0110\u1ecdc chi ti\u1ebft: <strong><a href=\"https:\/\/itviec.com\/blog\/dockerfile-la-gi\/\" target=\"_blank\" rel=\"noreferrer noopener\">Dockerfile l\u00e0 g\u00ec: H\u01b0\u1edbng d\u1eabn vi\u1ebft Dockerfile theo c\u1ea5u tr\u00fac chu\u1ea9n<\/a><\/strong><\/em><\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-cmd-va-entrypoint-trong-dockerfile-co-gi-khac-nhau\"><strong>CMD v\u00e0 ENTRYPOINT trong Dockerfile c\u00f3 g\u00ec kh\u00e1c nhau?<\/strong><\/h3>\n\n\n\n<p><strong>CMD<\/strong> l\u00e0 l\u1ec7nh m\u1eb7c \u0111\u1ecbnh \u0111\u1ec3 th\u1ef1c thi khi Container \u0111\u01b0\u1ee3c kh\u1edfi \u0111\u1ed9ng m\u00e0 kh\u00f4ng c\u00f3 l\u1ec7nh CLI cung c\u1ea5p th\u00eam. C\u00f3 th\u1ec3 l\u00e0:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>shell form (CMD command param1 param2)&nbsp;<\/code><\/pre>\n\n\n\n<p>Ho\u1eb7c:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>exec form (CMD &#91;\"executable\", \"param1\", \"param2\"]),<\/code><\/pre>\n\n\n\n<p>CMD ch\u1ee7 y\u1ebfu d\u00f9ng \u0111\u1ec3 cung c\u1ea5p c\u00e1c command v\u00e0 tham s\u1ed1 m\u1eb7c \u0111\u1ecbnh cho Image. Khi ch\u1ea1y docker run v\u00e0 truy\u1ec1n l\u1ec7nh c\u1ee5 th\u1ec3, l\u1ec7nh \u0111\u00f3 s\u1ebd ghi \u0111\u00e8 ho\u00e0n to\u00e0n CMD t\u1eeb Dockerfile. Quan tr\u1ecdng l\u00e0 trong shell form, command s\u1ebd ch\u1ea1y v\u1edbi <code>\/bin\/sh -c<\/code>, trong khi exec form ch\u1ea1y tr\u1ef1c ti\u1ebfp executable m\u00e0 kh\u00f4ng qua shell.<\/p>\n\n\n\n<p><strong>ENTRYPOINT <\/strong>\u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 \u0111\u1ecbnh ngh\u0129a l\u1ec7nh c\u00f3 t\u00ednh c\u1ed1 \u0111\u1ecbnh m\u00e0 Container lu\u00f4n th\u1ef1c thi khi kh\u1edfi \u0111\u1ed9ng, b\u1ea5t k\u1ec3 khi ch\u00fang ta c\u00f3 cung c\u1ea5p l\u1ec7nh CLI hay kh\u00f4ng. ENTRYPOINT c\u00f3 th\u1ec3 \u1edf d\u1ea1ng:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>exec (ENTRYPOINT &#91;\"executable\", \"param1\"])&nbsp;<\/code><\/pre>\n\n\n\n<p>Ho\u1eb7c:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>shell (ENTRYPOINT command param1)<\/code><\/pre>\n\n\n\n<p>ENTRYPOINT ch\u1ec9 b\u1ecb ghi \u0111\u00e8 khi s\u1eed d\u1ee5ng flag &#8211;entrypoint trong docker run. ENTRYPOINT v\u1edbi exec form s\u1ebd ch\u1ea1y nh\u01b0 PID 1 process, c\u00f3 th\u1ec3 nh\u1eadn v\u00e0 x\u1eed l\u00fd signals m\u1ed9t c\u00e1ch ch\u00ednh x\u00e1c. T\u1eeb \u0111\u00f3 gi\u00fap \u0111\u1ea3m b\u1ea3o \u0111i\u1ec1u ki\u1ec7n ho\u1ea1t \u0111\u1ed9ng c\u1ed1 \u0111\u1ecbnh v\u00e0 \u0111\u00e1ng tin c\u1eady cho Container.<\/p>\n\n\n\n<p>Khi c\u1ea3 hai ch\u1ec9 th\u1ecb c\u00f9ng xu\u1ea5t hi\u1ec7n trong Dockerfile, ENTRYPOINT \u0111\u00f3ng vai tr\u00f2 l\u00e0 ch\u01b0\u01a1ng tr\u00ecnh ch\u00ednh \u0111\u01b0\u1ee3c ch\u1ea1y, c\u00f2n CMD cung c\u1ea5p b\u1ed9 tham s\u1ed1 m\u1eb7c \u0111\u1ecbnh cho ENTRYPOINT.&nbsp;<\/p>\n\n\n\n<p>V\u00ed d\u1ee5:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Khi <code>ENTRYPOINT [\"echo\", \"Hello\"]<\/code> v\u00e0 <code>CMD [\"World\"]<\/code>, th\u00ec l\u1ec7nh m\u1eb7c \u0111\u1ecbnh s\u1ebd l\u00e0 echo Hello World.\u00a0<\/li>\n\n\n\n<li>Khi ch\u1ea1y l\u1ec7nh docker run Image KodeKloud!, ph\u1ea7n &#8220;World&#8221; t\u1eeb CMD s\u1ebd b\u1ecb ghi \u0111\u00e8, v\u00e0 Container s\u1ebd hi\u1ec3n th\u1ecb Hello KodeKloud!. ENTRYPOINT v\u1eabn lu\u00f4n th\u1ef1c thi, trong khi CMD c\u00f3 th\u1ec3 linh ho\u1ea1t b\u1ecb thay \u0111\u1ed5i b\u1eb1ng \u0111\u1ed1i s\u1ed1 CLI.<\/li>\n<\/ul>\n\n\n\n<p>So s\u00e1nh CMD v\u00e0 ENTRYPOINT:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Ti\u00eau ch\u00ed<\/strong><\/td><td><strong>CMD<\/strong><\/td><td><strong>ENTRYPOINT<\/strong><\/td><\/tr><tr><td>M\u1ee5c ti\u00eau<\/td><td>L\u1ec7nh\/ch\u1ea1y m\u1eb7c \u0111\u1ecbnh d\u1ec5 b\u1ecb ghi \u0111\u00e8<\/td><td>L\u1ec7nh\/core command c\u1ed1 \u0111\u1ecbnh khi Container kh\u1edfi \u0111\u1ed9ng<\/td><\/tr><tr><td>Ghi \u0111\u00e8 t\u1ea1i runtime?<\/td><td>C\u00f3, n\u00f3 th\u00eam args v\u00e0o docker run s\u1ebd ghi \u0111\u00e8<\/td><td>Kh\u00f4ng, tr\u1eeb khi d\u00f9ng flag &#8211;entrypoint<\/td><\/tr><tr><td>PID 1 process<\/td><td>C\u00f3 th\u1ec3 kh\u00f4ng ph\u1ea3i PID 1 n\u1ebfu d\u00f9ng shell form<\/td><td>Lu\u00f4n l\u00e0 PID 1 v\u1edbi exec form<\/td><\/tr><tr><td>D\u00f9ng k\u1ebft h\u1ee3p v\u1edbi nhau?<\/td><td>C\u00f3, CMD l\u00e0m tham s\u1ed1 cho ENTRYPOINT<\/td><td>C\u00f3, ENTRYPOINT x\u00e1c \u0111\u1ecbnh process; CMD \u0111\u01b0a arg m\u1eb7c \u0111\u1ecbnh<\/td><\/tr><tr><td>T\u00ednh linh ho\u1ea1t<\/td><td>Cao, d\u00f9ng ph\u00f9 h\u1ee3p khi c\u1ea7n command thay \u0111\u1ed5i<\/td><td>\u1ed4n \u0111\u1ecbnh. Container lu\u00f4n ch\u1ea1y ch\u00ednh x\u00e1c l\u1ec7nh \u0111\u00e3 \u0111\u1ecbnh<\/td><\/tr><tr><td>Signal handling<\/td><td>C\u00f3 th\u1ec3 kh\u00f4ng nh\u1eadn signals \u0111\u00fang c\u00e1ch v\u1edbi shell form<\/td><td>Nh\u1eadn v\u00e0 x\u1eed l\u00fd signals ch\u00ednh x\u00e1c v\u1edbi exec form<\/td><\/tr><tr><td>Syntax form \u01b0u ti\u00ean<\/td><td>Exec form: <code>CMD [\"app\", \"arg\"]<\/code><\/td><td>Exec form: <code>ENTRYPOINT [\"app\", \"arg\"]<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-volumes-trong-docker-la-gi-khac-gi-v\u1edbi-bind-mounts\"><strong>Volumes trong Docker l\u00e0 g\u00ec? Kh\u00e1c g\u00ec v\u1edbi Bind Mounts?<\/strong><\/h3>\n\n\n\n<p><strong>Volumes <\/strong>l\u00e0 m\u1ed9t c\u01a1 ch\u1ebf l\u01b0u tr\u1eef d\u1eef li\u1ec7u do Docker qu\u1ea3n l\u00fd ho\u00e0n to\u00e0n. Khi Volume \u0111\u01b0\u1ee3c t\u1ea1o, Docker s\u1ebd t\u1ef1 \u0111\u1ed9ng t\u1ea1o m\u1ed9t th\u01b0 m\u1ee5c tr\u00ean host (th\u01b0\u1eddng l\u00e0 \u1edf \/var\/lib\/docker\/Volumes\/) \u0111\u1ec3 l\u01b0u tr\u1eef d\u1eef li\u1ec7u. C\u00e1c Container c\u00f3 th\u1ec3 g\u1eafn v\u00e0 s\u1eed d\u1ee5ng Volume \u0111\u00f3 m\u00e0 kh\u00f4ng b\u1ecb ph\u1ee5 thu\u1ed9c v\u00e0o c\u1ea5u tr\u00fac filesystem c\u1ee7a host. Volume gi\u00fap l\u01b0u d\u1eef li\u1ec7u t\u1ed3n t\u1ea1i \u0111\u1ed9c l\u1eadp v\u1edbi v\u00f2ng \u0111\u1eddi c\u1ee7a Container \u2013 k\u1ec3 c\u1ea3 khi Container b\u1ecb x\u00f3a, d\u1eef li\u1ec7u v\u1eabn c\u00f2n nguy\u00ean v\u1eb9n.&nbsp;<\/p>\n\n\n\n<p>Volumes c\u00f3 performance t\u1ed1t h\u01a1n bind mounts tr\u00ean Windows v\u00e0 macOS do \u0111\u01b0\u1ee3c t\u1ed1i \u01b0u h\u00f3a b\u1edfi Docker Desktop. Ngo\u00e0i ra, Docker cho ph\u00e9p qu\u1ea3n l\u00fd Volume qua CLI ho\u1eb7c API, khi\u1ebfn vi\u1ec7c backup, restore v\u00e0 chia s\u1ebb Volume gi\u1eefa nhi\u1ec1u Container tr\u1edf n\u00ean thu\u1eadn ti\u1ec7n h\u01a1n.<\/p>\n\n\n\n<p><strong>Bind Mounts <\/strong>l\u00e0 c\u00e1ch tr\u1ef1c ti\u1ebfp g\u1eafn m\u1ed9t th\u01b0 m\u1ee5c ho\u1eb7c file hi\u1ec7n c\u00f3 tr\u00ean h\u1ec7 th\u1ed1ng host v\u00e0o b\u00ean trong Container theo \u0111\u01b0\u1eddng d\u1eabn tuy\u1ec7t \u0111\u1ed1i. Khi s\u1eed d\u1ee5ng bind mount, Container truy c\u1eadp tr\u1ef1c ti\u1ebfp filesystem host, m\u1ecdi thay \u0111\u1ed5i t\u1eeb Container ho\u1eb7c host s\u1ebd \u0111\u1ed3ng th\u1eddi ph\u1ea3n \u00e1nh l\u00ean nhau.&nbsp;<\/p>\n\n\n\n<p>Tuy bind mounts r\u1ea5t ti\u1ec7n cho ph\u00e1t tri\u1ec3n (v\u00ed d\u1ee5 \u0111\u1ed3ng b\u1ed9 code realtime) nh\u01b0ng ch\u00fang ph\u1ee5 thu\u1ed9c r\u1ea5t nhi\u1ec1u v\u00e0o c\u1ea5u tr\u00fac tr\u00ean host v\u00e0 th\u01b0\u1eddng kh\u00f4ng ph\u00f9 h\u1ee3p khi di chuy\u1ec3n gi\u1eefa c\u00e1c m\u00e1y kh\u00e1c nhau. Bind mounts c\u0169ng c\u00f3 th\u1ec3 g\u00e2y ra v\u1ea5n \u0111\u1ec1 v\u1ec1 b\u1ea3o m\u1ea5t v\u00ec Container c\u00f3 th\u1ec3 truy c\u1eadp tr\u1ef1c ti\u1ebfp v\u00e0o filesystem c\u1ee7a host.<\/p>\n\n\n\n<p>Ngo\u00e0i ra, Docker c\u00f2n h\u1ed7 tr\u1ee3 tmpfs mounts \u2013 d\u1ea1ng l\u01b0u tr\u1eef t\u1ea1m th\u1eddi trong RAM, ph\u00f9 h\u1ee3p cho d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m ho\u1eb7c t\u1ec7p t\u1ea1m th\u1eddi kh\u00f4ng c\u1ea7n l\u01b0u tr\u1eef l\u00e2u d\u00e0i (persist).<\/p>\n\n\n\n<p>So s\u00e1nh Volumes v\u00e0 Bind Mounts:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Ti\u00eau ch\u00ed<\/strong><\/td><td><strong>Volumes<\/strong><\/td><td><strong>Bind Mounts<\/strong><\/td><\/tr><tr><td>\u0110\u01b0\u1ee3c qu\u1ea3n l\u00fd b\u1edfi Docker<\/td><td>C\u00f3 \u2013 n\u1eb1m trong th\u01b0 m\u1ee5c do Docker \u0111i\u1ec1u h\u00e0nh<\/td><td>Kh\u00f4ng \u2013 d\u00f9ng filesystem host, ng\u01b0\u1eddi d\u00f9ng t\u1ef1 ch\u1ec9 \u0111\u1ecbnh path<\/td><\/tr><tr><td>\u0110\u1ed9c l\u1eadp v\u1edbi host c\u1ea5u tr\u00fac<\/td><td>C\u00f3 \u2013 kh\u00f4ng ph\u1ee5 thu\u1ed9c v\u00e0o c\u1ea5u tr\u00fac th\u01b0 m\u1ee5c c\u1ee7a host<\/td><td>Kh\u00f4ng \u2013 ph\u1ea3i x\u00e1c \u0111\u1ecbnh r\u00f5 host path ch\u00ednh x\u00e1c<\/td><\/tr><tr><td>Backup &amp; migration<\/td><td>D\u1ec5 d\u00e0ng sao l\u01b0u, di chuy\u1ec3n qua CLI hay API c\u1ee7a Docker<\/td><td>Ph\u1ee9c t\u1ea1p h\u01a1n, ph\u1ee5 thu\u1ed9c v\u00e0o host<\/td><\/tr><tr><td>Chia s\u1ebb gi\u1eefa Container<\/td><td>C\u00f3 th\u1ec3 chia s\u1ebb Volume gi\u1eefa nhi\u1ec1u Container \u0111\u1ed3ng th\u1eddi<\/td><td>C\u00f3 th\u1ec3 chia s\u1ebb, nh\u01b0ng ph\u1ee5 thu\u1ed9c v\u00e0o quy\u1ec1n v\u00e0 c\u1ea5u tr\u00fac host<\/td><\/tr><tr><td>M\u1ee5c \u0111\u00edch s\u1eed d\u1ee5ng ti\u00eau bi\u1ec3u<\/td><td>L\u01b0u d\u1eef li\u1ec7u \u1ee9ng d\u1ee5ng (DB, logs&#8230;), d\u00f9ng trong production<\/td><td>Ph\u00e1t tri\u1ec3n real-time: code, config, logs dev, test<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-lam-cach-nao-d\u1ec3-xoa-t\u1ea5t-c\u1ea3-container-dang-stopped\"><strong>L\u00e0m c\u00e1ch n\u00e0o \u0111\u1ec3 x\u00f3a t\u1ea5t c\u1ea3 Container \u0111ang stopped?<\/strong><\/h3>\n\n\n\n<p>\u0110\u1ec3 x\u00f3a to\u00e0n b\u1ed9 Docker Container \u0111\u00e3 d\u1eebng (stopped), t\u00f4i d\u00f9ng c\u00e1c c\u00e1ch sau:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-cach-nhanh-va-d\u01a1n-gi\u1ea3n-nh\u1ea5t-docker-container-prune\"><strong>C\u00e1ch nhanh v\u00e0 \u0111\u01a1n gi\u1ea3n nh\u1ea5t: docker Container prune<\/strong><\/h4>\n\n\n\n<p>L\u1ec7nh n\u00e0y s\u1ebd x\u00f3a t\u1ea5t c\u1ea3 Container c\u00f3 tr\u1ea1ng th\u00e1i Exited ho\u1eb7c Created, \u0111\u01b0\u1ee3c h\u1ecfi x\u00e1c nh\u1eadn tr\u01b0\u1edbc khi th\u1ef1c hi\u1ec7n.&nbsp;<\/p>\n\n\n\n<p>N\u1ebfu mu\u1ed1n b\u1ecf qua b\u01b0\u1edbc h\u1ecfi x\u00e1c nh\u1eadn, th\u00eam <code>-f<\/code> \u0111\u1ec3 ch\u1ea1y l\u1ec7nh m\u00e0 kh\u00f4ng c\u1ea7n prompt.\u00a0<\/p>\n\n\n\n<p>C\u00f3 th\u1ec3 th\u00eam filters \u0111\u1ec3 ki\u1ec3m so\u00e1t ch\u00ednh x\u00e1c h\u01a1n: docker Container prune <code>--filter \"until=24h\"<\/code> \u0111\u1ec3 x\u00f3a Containers stopped trong 24h qua. \u0110\u00e2y l\u00e0 c\u00e1ch hi\u1ec7u qu\u1ea3 gi\u00fap d\u1ecdn d\u1eb9p nhanh m\u00f4i tr\u01b0\u1eddng Docker kh\u00f4ng c\u00f2n d\u00f9ng \u0111\u1ebfn.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-cach-ki\u1ec3m-soat-c\u1ee5-th\u1ec3-b\u1eb1ng-l\u1ec7nh-dong\"><strong>C\u00e1ch ki\u1ec3m so\u00e1t c\u1ee5 th\u1ec3 b\u1eb1ng l\u1ec7nh d\u00f2ng<\/strong><\/h4>\n\n\n\n<p>L\u1ecdc v\u00e0 x\u00f3a c\u00e1c Container d\u1eebng theo c\u00e1ch th\u1ee7 c\u00f4ng:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>B\u01b0\u1edbc 1: Li\u1ec7t k\u00ea c\u00e1c Container \u0111\u00e3 d\u1eebng:&nbsp;<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>docker ps --filter \"status=exited\" --filter \"status=dead\" -q<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>B\u01b0\u1edbc 2: X\u00f3a t\u1eebng Container ho\u1eb7c nhi\u1ec1u Container m\u1ed9t l\u00fac:<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>docker rm &lt;Container_id><\/code><\/pre>\n\n\n\n<p>ho\u1eb7c x\u00f3a t\u1ea5t c\u1ea3:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker rm $(docker ps --filter \"status=exited\" -q)<\/code><\/pre>\n\n\n\n<p>ho\u1eb7c s\u1eed d\u1ee5ng xargs:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker ps --filter \"status=exited\" -q | xargs docker rm<\/code><\/pre>\n\n\n\n<p>C\u00e1ch n\u00e0y gi\u00fap ki\u1ec3m so\u00e1t ch\u00ednh x\u00e1c nh\u1eefng Container n\u00e0o \u0111\u01b0\u1ee3c x\u00f3a v\u00e0 tr\u00e1nh x\u00f3a nh\u1ea7m.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-cach-d\u1ecdn-d\u1eb9p-toan-di\u1ec7n-v\u1edbi-docker-system-prune\"><strong>C\u00e1ch d\u1ecdn d\u1eb9p to\u00e0n di\u1ec7n v\u1edbi docker system prune<\/strong><\/h4>\n\n\n\n<p>X\u00f3a Containers stopped, Networks unused, Images dangling v\u00e0 build cache:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker system prune<\/code><\/pre>\n\n\n\n<p>Th\u00eam -a \u0111\u1ec3 x\u00f3a lu\u00f4n Images kh\u00f4ng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker system prune -a<\/code><\/pre>\n\n\n\n<p>Th\u00eam &#8211;Volumes \u0111\u1ec3 x\u00f3a lu\u00f4n anonymous Volumes<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker system prune --Volumes<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-khi-nao-nen-dung-docker-compose\"><strong>Khi n\u00e0o n\u00ean d\u00f9ng Docker Compose?<\/strong><\/h3>\n\n\n\n<p>Docker Compose l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 gi\u00fap \u0111\u1ecbnh ngh\u0129a v\u00e0 qu\u1ea3n l\u00fd m\u1ed9t \u1ee9ng d\u1ee5ng g\u1ed3m nhi\u1ec1u Container th\u00f4ng qua m\u1ed9t file c\u1ea5u h\u00ecnh YAML duy nh\u1ea5t (th\u01b0\u1eddng l\u00e0 docker-Compose.yml). Thay v\u00ec ch\u1ea1y t\u1eebng Container b\u1eb1ng nhi\u1ec1u l\u1ec7nh docker run, t\u00f4i c\u00f3 th\u1ec3 kh\u1edfi \u0111\u1ed9ng to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng g\u1ed3m d\u1ecbch v\u1ee5 web, database, cache&#8230; ch\u1ec9 v\u1edbi m\u1ed9t l\u1ec7nh docker Compose up.<\/p>\n\n\n\n<p>\u0110\u00e2y l\u00e0 c\u00e1ch ti\u1ebfp c\u1eadn l\u00fd t\u01b0\u1edfng khi t\u00f4i c\u1ea7n ph\u00e1t tri\u1ec3n ho\u1eb7c th\u1eed nghi\u1ec7m c\u00e1c \u1ee9ng d\u1ee5ng \u0111a th\u00e0nh ph\u1ea7n m\u1ed9t c\u00e1ch nhanh ch\u00f3ng, nh\u1ea5t qu\u00e1n v\u00e0 d\u1ec5 ki\u1ec3m so\u00e1t.<\/p>\n\n\n\n<p>Nh\u1eefng t\u00ecnh hu\u1ed1ng n\u00ean d\u00f9ng Docker Compose:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>M\u00f4i tr\u01b0\u1eddng ph\u00e1t tri\u1ec3n local (Development)<\/li>\n<\/ul>\n\n\n\n<p>Compose c\u1ef1c k\u1ef3 h\u1eefu \u00edch cho l\u1eadp tr\u00ecnh vi\u00ean khi c\u1ea7n ch\u1ea1y nhi\u1ec1u d\u1ecbch v\u1ee5 c\u00f9ng l\u00fac. V\u00ed d\u1ee5 \u1ee9ng d\u1ee5ng Node.js k\u1ebft n\u1ed1i v\u1edbi Redis ho\u1eb7c MySQL. T\u1ea5t c\u1ea3 c\u1ea5u h\u00ecnh v\u1ec1 service, Network, Volume \u0111\u1ec1u \u0111\u1ecbnh ngh\u0129a trong file YAML v\u00e0 d\u1ec5 d\u00e0ng chia s\u1ebb c\u00f9ng \u0111\u1ed3ng \u0111\u1ed9i. Ch\u1ec9 c\u1ea7n clone repository v\u00e0 ch\u1ea1y l\u1ec7nh docker Compose up, m\u00f4i tr\u01b0\u1eddng dev \u0111\u00e3 s\u1eb5n s\u00e0ng.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CI\/CD v\u00e0 ki\u1ec3m th\u1eed t\u1ef1 \u0111\u1ed9ng (Automated Testing)<\/li>\n<\/ul>\n\n\n\n<p>Compose cho ph\u00e9p d\u1ef1ng v\u00e0 ph\u00e1 m\u00f4i tr\u01b0\u1eddng ki\u1ec3m th\u1eed m\u1ed9t c\u00e1ch t\u1ef1 \u0111\u1ed9ng trong pipeline CI\/CD. T\u00f4i c\u00f3 th\u1ec3 t\u1ea1o m\u00f4i tr\u01b0\u1eddng test ri\u00eang bi\u1ec7t, ch\u1ea1y xong th\u00ec d\u1eb9p s\u1ea1ch b\u1eb1ng l\u1ec7nh docker Compose down, thu\u1eadn ti\u1ec7n cho c\u00e1c b\u00e0i ki\u1ec3m th\u1eed end-to-end ho\u1eb7c integration tests.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tri\u1ec3n khai tr\u00ean m\u1ed9t server \u0111\u01a1n (Single Host Deployments)<\/li>\n<\/ul>\n\n\n\n<p>Docker Compose v\u1eabn ph\u00f9 h\u1ee3p v\u1edbi nh\u1eefng \u1ee9ng d\u1ee5ng nh\u1ecf ho\u1eb7c m\u00f4i tr\u01b0\u1eddng staging\/production ch\u1ea1y tr\u00ean m\u1ed9t m\u00e1y ch\u1ee7 duy nh\u1ea5t. Khi c\u00e1c c\u1ea5u h\u00ecnh ri\u00eang cho production (nh\u01b0 port, volume) \u0111\u01b0\u1ee3c \u0111\u01b0a v\u00e0o file Compose, t\u00f4i c\u00f3 th\u1ec3 qu\u1ea3n l\u00fd to\u00e0n b\u1ed9 stack ch\u1ec9 b\u1eb1ng m\u1ed9t file YAML v\u1edbi docker compose up v\u00e0 docker compose down.<\/p>\n\n\n\n<p>L\u01b0u \u00fd quan tr\u1ecdng: Docker Compose kh\u00f4ng ph\u1ea3i l\u00e0 c\u00f4ng c\u1ee5 orchestration cho m\u00f4i tr\u01b0\u1eddng production multi-host. V\u1edbi h\u1ec7 th\u1ed1ng l\u1edbn, h\u00e3y d\u00f9ng Kubernetes, Docker Swarm, ho\u1eb7c c\u00e1c n\u1ec1n t\u1ea3ng Container orchestration kh\u00e1c.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-lam-th\u1ebf-nao-d\u1ec3-build-m\u1ed9t-image-t\u1eeb-dockerfile\"><strong>L\u00e0m th\u1ebf n\u00e0o \u0111\u1ec3 build m\u1ed9t Image t\u1eeb Dockerfile?<\/strong><\/h3>\n\n\n\n<p>\u0110\u1ec3 t\u1ea1o m\u1ed9t Docker Image t\u1eeb Dockerfile, t\u00f4i s\u1eed d\u1ee5ng l\u1ec7nh <strong>docker build<\/strong> c\u00f9ng v\u1edbi th\u01b0 m\u1ee5c ch\u1ee9a Dockerfile v\u00e0 n\u1ed9i dung c\u1ea7n \u0111\u00f3ng g\u00f3i.<\/p>\n\n\n\n<p>C\u00fa ph\u00e1p c\u01a1 b\u1ea3n nh\u01b0 sau:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker build -t t\u00ean-Image:tag .<\/code><\/pre>\n\n\n\n<p>Trong \u0111\u00f3:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tham s\u1ed1 <code>-t<\/code> gi\u00fap g\u00e1n t\u00ean v\u00e0 tag cho Image, v\u00ed d\u1ee5 <code>myapp:latest<\/code>.<\/li>\n\n\n\n<li>D\u1ea5u . \u1edf cu\u1ed1i c\u00e2u l\u1ec7nh ch\u1ec9 \u0111\u1ebfn build context &#8211; th\u01b0 m\u1ee5c ch\u1ee9a Dockerfile v\u00e0 c\u00e1c file c\u1ea7n thi\u1ebft \u0111\u1ec3 build Image, nh\u01b0 m\u00e3 ngu\u1ed3n, c\u1ea5u h\u00ecnh,&#8230;&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>\u0110i\u1ec3m quan tr\u1ecdng l\u00e0 to\u00e0n b\u1ed9 build context s\u1ebd \u0111\u01b0\u1ee3c g\u1eedi \u0111\u1ebfn Docker daemon, n\u00ean t\u00f4i lu\u00f4n s\u1eed d\u1ee5ng <code>.dockerignore<\/code> \u0111\u1ec3 lo\u1ea1i tr\u1eeb nh\u1eefng file kh\u00f4ng c\u1ea7n thi\u1ebft. N\u1ebfu kh\u00f4ng ch\u1ec9 \u0111\u1ecbnh tag, Docker m\u1eb7c \u0111\u1ecbnh g\u00e1n tag l\u00e0 latest.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-quy-trinh-ben-trong\"><strong>Quy tr\u00ecnh b\u00ean trong<\/strong><\/h4>\n\n\n\n<p>Khi ch\u1ea1y l\u1ec7nh, Docker s\u1ebd \u0111\u1ecdc Dockerfile, l\u1ea5y base Image (n\u1ebfu c\u1ea7n), v\u00e0 th\u1ef1c thi t\u1eebng b\u01b0\u1edbc nh\u01b0 COPY, RUN, WORKDIR\u2026 t\u1ea1o th\u00e0nh c\u00e1c l\u1edbp (layers) \u0111\u1ec3 gh\u00e9p th\u00e0nh Image ho\u00e0n ch\u1ec9nh.<\/p>\n\n\n\n<p>Docker s\u1eed d\u1ee5ng layer caching \u0111\u1ec3 t\u0103ng t\u1ed1c \u0111\u1ed9 build &#8211; c\u00e1c layers kh\u00f4ng thay \u0111\u1ed5i s\u1ebd \u0111\u01b0\u1ee3c t\u00e1i s\u1eed d\u1ee5ng t\u1eeb cache. Image n\u00e0y sau \u0111\u00f3 c\u00f3 th\u1ec3 d\u00f9ng \u0111\u1ec3 ch\u1ea1y Container.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-m\u1ed9t-s\u1ed1-tuy-ch\u1ecdn-build-nang-cao-ma-toi-hay-dung\"><strong>M\u1ed9t s\u1ed1 t\u00f9y ch\u1ecdn build n\u00e2ng cao m\u00e0 t\u00f4i hay d\u00f9ng<\/strong><\/h4>\n\n\n\n<p># Build v\u1edbi Dockerfile kh\u00e1c t\u00ean ho\u1eb7c v\u1ecb tr\u00ed kh\u00e1c<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker build -f Dockerfile.prod -t myapp:prod .<\/code><\/pre>\n\n\n\n<p># Build v\u1edbi build arguments<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker build --build-arg NODE_ENV=production -t myapp:prod .<\/code><\/pre>\n\n\n\n<p># Build multi-stage v\u00e0 ch\u1ec9 build \u0111\u1ebfn stage c\u1ee5 th\u1ec3<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker build --target production -t myapp:prod .<\/code><\/pre>\n\n\n\n<p># Build kh\u00f4ng s\u1eed d\u1ee5ng cache<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker build --no-cache -t myapp:latest .<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-qu\u1ea3n-ly-tag-amp-push-len-registry\"><strong>Qu\u1ea3n l\u00fd tag &amp; push l\u00ean registry<\/strong><\/h4>\n\n\n\n<p>Sau khi build, t\u00f4i c\u00f3 th\u1ec3 g\u00e1n th\u00eam tag m\u1edbi cho Image b\u1eb1ng l\u1ec7nh docker tag.<\/p>\n\n\n\n<p>V\u00ed d\u1ee5:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker tag myapp:latest username\/myapp:v1.0<\/code><\/pre>\n\n\n\n<p>\u0110i\u1ec1u n\u00e0y gi\u00fap \u0111\u1eb7t t\u00ean r\u00f5 r\u00e0ng v\u00e0 qu\u1ea3n l\u00fd phi\u00ean b\u1ea3n d\u1ec5 d\u00e0ng.<\/p>\n\n\n\n<p>Sau khi Image \u0111\u00e3 \u0111\u01b0\u1ee3c tag ph\u00f9 h\u1ee3p, push Image l\u00ean Docker Hub ho\u1eb7c registry kh\u00e1c b\u1eb1ng l\u1ec7nh:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker push username\/myapp:v1.0<\/code><\/pre>\n\n\n\n<p>T\u1ea5t nhi\u00ean, c\u1ea7n \u0111\u0103ng nh\u1eadp (docker login) tr\u01b0\u1edbc khi push Image l\u00ean registry.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-docker-hub-la-gi-gi\u1ea3i-thich-quy-trinh-d\u1ec3-push-image-len-do\"><strong>Docker Hub l\u00e0 g\u00ec? Gi\u1ea3i th\u00edch quy tr\u00ecnh \u0111\u1ec3 push Image l\u00ean \u0111\u00f3?<\/strong><\/h3>\n\n\n\n<p>Docker Hub l\u00e0 m\u1ed9t \u0111\u0103ng k\u00fd (registry) c\u00f4ng c\u1ed9ng d\u00f9ng \u0111\u1ec3 l\u01b0u tr\u1eef v\u00e0 ph\u00e2n ph\u1ed1i Docker Image qua Internet. \u0110\u00e2y l\u00e0 n\u01a1i m\u00e0 ng\u01b0\u1eddi d\u00f9ng c\u00f3 th\u1ec3 push Image l\u00ean ho\u1eb7c pull Image t\u1eeb \u0111\u00f3, h\u1ed7 tr\u1ee3 c\u1ea3 repository \u1edf ch\u1ebf \u0111\u1ed9 public ho\u1eb7c private. Docker Hub l\u00e0 registry m\u1eb7c \u0111\u1ecbnh m\u00e0 Docker CLI truy c\u1eadp khi d\u00f9ng l\u1ec7nh nh\u01b0 docker pull ho\u1eb7c docker push, tr\u1eeb khi ng\u01b0\u1eddi d\u00f9ng ch\u1ec9 \u0111\u1ecbnh registry kh\u00e1c.&nbsp;<\/p>\n\n\n\n<p>Khi c\u1ea7n chia s\u1ebb Docker Image \u0111\u1ebfn c\u1ed9ng \u0111\u1ed3ng ho\u1eb7c m\u00f4i tr\u01b0\u1eddng tri\u1ec3n khai, t\u00f4i th\u1ef1c hi\u1ec7n c\u00e1c b\u01b0\u1edbc sau:<\/p>\n\n\n\n<p><strong>B\u01b0\u1edbc 1: \u0110\u0103ng k\u00fd t\u00e0i kho\u1ea3n &amp; t\u1ea1o repository<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T\u1ea1o t\u00e0i kho\u1ea3n mi\u1ec5n ph\u00ed tr\u00ean Docker Hub<\/li>\n\n\n\n<li>T\u1ea1o repository m\u1edbi, ch\u1ecdn public ho\u1eb7c private t\u00f9y m\u1ee5c \u0111\u00edch.<\/li>\n\n\n\n<li>C\u00f3 th\u1ec3 b\u1eadt Automated Builds \u0111\u1ec3 Docker Hub t\u1ef1 build Image t\u1eeb GitHub\/Bitbucket khi code thay \u0111\u1ed5i.<\/li>\n<\/ul>\n\n\n\n<p><strong>B\u01b0\u1edbc 2: G\u1eafn tag cho Image ph\u00f9 h\u1ee3p namespace<\/strong><\/p>\n\n\n\n<p>Image c\u1ea7n \u0111\u01b0\u1ee3c tag theo \u0111\u1ecbnh d\u1ea1ng <code>&lt;dockerhub-username>\/&lt;repository-name>:&lt;tag><\/code> \u0111\u1ec3 Docker Hub c\u00f3 th\u1ec3 x\u1eed l\u00fd \u0111\u00fang.\u00a0<\/p>\n\n\n\n<p>V\u00ed d\u1ee5: alice\/myapp:v1.0. N\u1ebfu kh\u00f4ng ch\u1ec9 \u0111\u1ecbnh tag, Docker m\u1eb7c \u0111\u1ecbnh d\u00f9ng latest<\/p>\n\n\n\n<p># Tag Image hi\u1ec7n c\u00f3<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker tag myapp:latest alice\/myapp:v1.0\n\ndocker tag myapp:latest alice\/myapp:latest<\/code><\/pre>\n\n\n\n<p><strong>B\u01b0\u1edbc 3: \u0110\u0103ng nh\u1eadp tr\u00ean CLI<\/strong><\/p>\n\n\n\n<p>Tr\u01b0\u1edbc khi push, c\u1ea7n th\u1ef1c hi\u1ec7n docker login v\u00e0 nh\u1eadp username\/password Docker Hub \u0111\u1ec3 x\u00e1c th\u1ef1c t\u00e0i kho\u1ea3n. T\u1eeb phi\u00ean b\u1ea3n m\u1edbi, Docker khuy\u1ebfn ngh\u1ecb s\u1eed d\u1ee5ng Personal Access Token thay v\u00ec password tr\u1ef1c ti\u1ebfp \u0111\u1ec3 t\u0103ng b\u1ea3o m\u1eadt.<\/p>\n\n\n\n<p><strong>B\u01b0\u1edbc 4: Push Image l\u00ean Docker Hub<\/strong><\/p>\n\n\n\n<p>Sau khi login v\u00e0 tag \u0111\u00fang, t\u00f4i ch\u1ea1y l\u1ec7nh sau \u0111\u1ec3 push Image:&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker push &lt;dockerhub-username&gt;\/&lt;repository-name&gt;:&lt;tag&gt;<\/code><\/pre>\n\n\n\n<p>Docker s\u1ebd upload Image theo t\u1eebng layer \u0111\u1ebfn repository t\u01b0\u01a1ng \u1ee9ng. Docker s\u1eed d\u1ee5ng layer deduplication &#8211; ch\u1ec9 upload c\u00e1c layers ch\u01b0a t\u1ed3n t\u1ea1i tr\u00ean registry, gi\u00fap ti\u1ebft ki\u1ec7m bandwidth v\u00e0 th\u1eddi gian. N\u1ebfu b\u1ea1n c\u00f3 nhi\u1ec1u tag c\u1ea7n push, c\u00f3 th\u1ec3 d\u00f9ng flag -a \u0111\u1ec3 push t\u1ea5t c\u1ea3 c\u00f9ng l\u00fac<\/p>\n\n\n\n<p><strong>B\u01b0\u1edbc 5: Ki\u1ec3m tra th\u00e0nh c\u00f4ng<\/strong><\/p>\n\n\n\n<p>Sau khi l\u1ec7nh docker push ch\u1ea1y xong, t\u00f4i v\u00e0o giao di\u1ec7n Docker Hub \u0111\u1ec3 x\u00e1c nh\u1eadn Image \u0111\u00e3 hi\u1ec3n th\u1ecb trong repository v\u1edbi \u0111\u00fang tag nh\u01b0 mong mu\u1ed1n. Docker Hub c\u0169ng cung c\u1ea5p vulnerability scanning \u0111\u1ec3 ki\u1ec3m tra c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1ea5t trong Image.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cau-h\u1ecfi-ph\u1ecfng-v\u1ea5n-docker-trung-c\u1ea5p-intermediate-level\"><span class=\"ez-toc-section\" id=\"Cau_hoi_phong_van_Docker_trung_cap_Intermediate_Level\"><\/span><strong>C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker trung c\u1ea5p (Intermediate Level)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-mo-t\u1ea3-cach-c\u1ea5u-hinh-ghi-nh\u1eadt-ky-cho-cac-vung-ch\u1ee9a-docker-d\u1ec3-thu-th\u1eadp-va-phan-tich-nh\u1eadt-ky-\u1ee9ng-d\u1ee5ng\"><strong>M\u00f4 t\u1ea3 c\u00e1ch c\u1ea5u h\u00ecnh ghi nh\u1eadt k\u00fd cho c\u00e1c v\u00f9ng ch\u1ee9a Docker \u0111\u1ec3 thu th\u1eadp v\u00e0 ph\u00e2n t\u00edch nh\u1eadt k\u00fd \u1ee9ng d\u1ee5ng<\/strong><\/h3>\n\n\n\n<p>Trong m\u00f4i tr\u01b0\u1eddng production ho\u1eb7c staging, t\u00f4i s\u1ebd x\u00e2y d\u1ef1ng m\u1ed9t h\u1ec7 th\u1ed1ng logging t\u1eadp trung cho c\u00e1c Container Docker g\u1ed3m hai ph\u1ea7n ch\u00ednh: c\u1ea5u h\u00ecnh logging driver tr\u00ean Docker v\u00e0 forwarding log t\u1edbi h\u1ec7 th\u1ed1ng ph\u00e2n t\u00edch b\u00ean ngo\u00e0i.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-ch\u1ecdn-va-c\u1ea5u-hinh-docker-logging-driver\">Ch\u1ecdn v\u00e0 c\u1ea5u h\u00ecnh Docker Logging Driver<\/h4>\n\n\n\n<p>M\u1eb7c \u0111\u1ecbnh Docker s\u1eed d\u1ee5ng driver json\u2011file, l\u01b0u log d\u01b0\u1edbi d\u1ea1ng JSON v\u00e0o file tr\u00ean host (\u0111\u01b0\u1eddng d\u1eabn th\u01b0\u1eddng l\u00e0 \/var\/lib\/docker\/Containers\/&lt;Container-id&gt;\/&lt;Container-id&gt;-json.log). Tuy nhi\u00ean trong m\u00f4i tr\u01b0\u1eddng production t\u00f4i \u01b0u ti\u00ean chuy\u1ec3n sang driver nh\u01b0 local, syslog, fluentd, ho\u1eb7c gelf, t\u00f9y theo h\u1ec7 th\u1ed1ng logging \u0111\u00e3 s\u1eed d\u1ee5ng.<\/p>\n\n\n\n<p>V\u00ed d\u1ee5, \u0111\u1ec3 \u0111\u1eb7t local l\u00e0m driver m\u1eb7c \u0111\u1ecbnh v\u00e0 b\u1eadt log rotation:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\n\u00a0\u00a0\"log-driver\": \"local\",\n\u00a0\u00a0\"log-opts\": {\n\u00a0\u00a0\u00a0\u00a0\"max-size\": \"20m\",\n\u00a0\u00a0\u00a0\u00a0\"max-file\": \"5\",\n\u00a0\u00a0\u00a0\u00a0\"compress\": \"true\"\n\u00a0\u00a0}\n}<\/code><\/pre>\n\n\n\n<p>Sau \u0111\u00f3 restart Docker daemon \u0111\u1ec3 \u00e1p d\u1ee5ng c\u1ea5u h\u00ecnh m\u1edbi. N\u1ebfu c\u1ea7n override cho Container ri\u00eang, c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng flag <code>--log-driver<\/code> v\u00e0 <code>--log-opt<\/code> trong l\u1ec7nh <code>docker run<\/code>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-thi\u1ebft-l\u1eadp-logging-\u1ee9ng-d\u1ee5ng-trong-container\">Thi\u1ebft l\u1eadp logging \u1ee9ng d\u1ee5ng trong Container<\/h4>\n\n\n\n<p>\u1ee8ng d\u1ee5ng ch\u1ea1y b\u00ean trong Container n\u00ean ghi log v\u00e0o stdout\/stderr, s\u1eed d\u1ee5ng th\u01b0 vi\u1ec7n logging chu\u1ea9n nh\u01b0 logback, logrus, hay Python logging. Vi\u1ec7c n\u00e0y gi\u00fap Docker d\u1ec5 d\u00e0ng b\u1eaft log v\u00e0 chuy\u1ec3n ti\u1ebfp nh\u1edd logging driver \u0111\u00e3 c\u1ea5u h\u00ecnh.<\/p>\n\n\n\n<p>T\u00f4i c\u0169ng chu\u1ea9n h\u00f3a format log (v\u00ed d\u1ee5 JSON c\u00f3 fields timestamp, level, message, metadata Container-id, service, m\u00f4i tr\u01b0\u1eddng&#8230;), gi\u00fap d\u1ec5 ph\u00e2n t\u00edch sau n\u00e0y.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-chuy\u1ec3n-log-d\u1ebfn-h\u1ec7-th\u1ed1ng-trung-tam\">Chuy\u1ec3n log \u0111\u1ebfn h\u1ec7 th\u1ed1ng trung t\u00e2m<\/h4>\n\n\n\n<p>\u0110\u1ec3 ph\u00e2n t\u00edch t\u1eadp trung, t\u00f4i s\u1ebd forward log t\u1eeb c\u00e1c Container ra h\u1ec7 th\u1ed1ng chuy\u00ean d\u1ee5ng nh\u01b0 ELK Stack (Elasticsearch\/Logstash\/Kibana), Splunk, Fluentd, Sematext, ho\u1eb7c Syslog server, t\u00f9y theo quy m\u00f4 v\u00e0 h\u1ea1 t\u1ea7ng hi\u1ec7n t\u1ea1i.<\/p>\n\n\n\n<p>C\u00f3 th\u1ec3 d\u00f9ng c\u00e1c m\u00f4 h\u00ecnh tri\u1ec3n khai sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Logging driver t\u00edch h\u1ee3p plugin (syslog, fluentd, gelf&#8230;) \u0111\u1ec3 g\u1eedi tr\u1ef1c ti\u1ebfp log t\u1eeb Docker \u0111\u1ebfn d\u1ecbch v\u1ee5 thu th\u1eadp log.<\/li>\n\n\n\n<li>Sidecar ho\u1eb7c Container chuy\u00ean d\u1ee5ng: ch\u1ea1y m\u1ed9t Container chuy\u00ean thu th\u1eadp log t\u1eeb c\u00e1c Volume ho\u1eb7c Docker API r\u1ed3i g\u1eedi \u0111\u1ebfn log aggregator.<\/li>\n\n\n\n<li>File-based shipping v\u00e0 agent: s\u1eed d\u1ee5ng agent nh\u01b0 Logstash, Logagent ho\u1eb7c Datadog Agent \u0111\u1ec3 \u0111\u1ecdc file log tr\u00ean host ho\u1eb7c Volume v\u00e0 forward \u0111i n\u01a1i kh\u00e1c.<\/li>\n\n\n\n<li>Thi\u1ebft l\u1eadp quy t\u1eafc qu\u1ea3n l\u00fd log v\u00e0 ph\u00e2n t\u00edch\n<ul class=\"wp-block-list\">\n<li>B\u1eadt log rotation \u0111\u1ec3 tr\u00e1nh log chi\u1ebfm qu\u00e1 nhi\u1ec1u disk v\u00e0 \u0111\u1ea3m b\u1ea3o retention policy (gi\u1eef log theo ng\u00e0y ho\u1eb7c k\u00edch th\u01b0\u1edbc).<\/li>\n\n\n\n<li>D\u00f9ng structured logging (JSON) c\u00f9ng levels r\u00f5 r\u00e0ng (INFO, WARN, ERROR), ph\u00e2n lo\u1ea1i theo service, Container \u0111\u1ec3 d\u1ec5 filter v\u00e0 search.<\/li>\n\n\n\n<li>Tri\u1ec3n khai dashboard (Grafana\/Kibana) \u0111\u1ec3 theo d\u00f5i real-time, alert khi l\u1ed7i x\u1ea3y ra ho\u1eb7c khi log Volume b\u1ea5t th\u01b0\u1eddng.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-lam-sao-d\u1ec3-t\u1ed1i-\u01b0u-dockerfile-d\u1ec3-gi\u1ea3m-dung-l\u01b0\u1ee3ng-image\"><strong>L\u00e0m sao \u0111\u1ec3 t\u1ed1i \u01b0u Dockerfile \u0111\u1ec3 gi\u1ea3m dung l\u01b0\u1ee3ng Image?<\/strong><\/h3>\n\n\n\n<p>\u0110\u1ec3 t\u1ed1i \u01b0u Dockerfile, t\u00f4i th\u01b0\u1eddng k\u1ebft h\u1ee3p nhi\u1ec1u chi\u1ebfn l\u01b0\u1ee3c \u0111\u1ec3 t\u1ea1o ra Image g\u1ecdn nh\u1eb9, nhanh ch\u00f3ng v\u00e0 b\u1ea3o m\u1eadt h\u01a1n.&nbsp;<\/p>\n\n\n\n<p>D\u01b0\u1edbi \u0111\u00e2y l\u00e0 m\u1ed9t s\u1ed1 chi\u1ebfn l\u01b0\u1ee3c hi\u1ec7u qu\u1ea3:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-ch\u1ecdn-base-image-nh\u1eb9-minimal-base-image\">Ch\u1ecdn base Image nh\u1eb9 (Minimal Base Image)<\/h4>\n\n\n\n<p>Kh\u1edfi \u0111\u1ea7u v\u1edbi m\u1ed9t Image n\u1ec1n t\u1ed1i gi\u1ea3n nh\u01b0 Alpine, Distroless, ho\u1eb7c c\u00e1c b\u1ea3n \u201c-slim\u201d, gi\u00fap gi\u1ea3m k\u00edch th\u01b0\u1edbc ngay t\u1eeb b\u01b0\u1edbc \u0111\u1ea7u.&nbsp;<\/p>\n\n\n\n<p>V\u00ed d\u1ee5, &lt;node:alpine&gt; ch\u1ec9 chi\u1ebfm kho\u1ea3ng 60\u202fMB trong khi b\u1ea3n Ubuntu g\u1ed1c d\u1ec5 \u0111\u1ea1t \u0111\u1ebfn 600\u202fMB. Distroless Images th\u1eadm ch\u00ed c\u00f2n nh\u1ecf h\u01a1n v\u00e0 an to\u00e0n h\u01a1n v\u00ec kh\u00f4ng ch\u1ee9a shell v\u00e0 package managers.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-s\u1eed-d\u1ee5ng-multi-stage-builds\">S\u1eed d\u1ee5ng multi-stage builds<\/h4>\n\n\n\n<p>V\u1edbi multi-stage builds, b\u1ea1n c\u00f3 th\u1ec3 d\u00f9ng m\u1ed9t Image l\u1edbn (c\u00f3 build tools) ch\u1ec9 trong giai \u0111o\u1ea1n x\u00e2y d\u1ef1ng, r\u1ed3i ch\u1ec9 copy ph\u1ea7n c\u1ea7n thi\u1ebft v\u00e0o Image cu\u1ed1i c\u00f9ng. K\u1ebft qu\u1ea3 l\u00e0 Image s\u1ea3n xu\u1ea5t s\u1ebd g\u1ecdn nh\u1eb9 h\u01a1n r\u1ea5t nhi\u1ec1u.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-t\u1ed1i-\u01b0u-th\u1ee9-t\u1ef1-layers-va-t\u1eadn-d\u1ee5ng-cache\">T\u1ed1i \u01b0u th\u1ee9 t\u1ef1 layers v\u00e0 t\u1eadn d\u1ee5ng cache<\/h4>\n\n\n\n<p>\u0110\u1eb7t c\u00e1c instructions \u00edt thay \u0111\u1ed5i l\u00ean tr\u01b0\u1edbc (nh\u01b0 dependency installation) v\u00e0 c\u00e1c instructions hay thay \u0111\u1ed5i xu\u1ed1ng cu\u1ed1i (nh\u01b0 source code copy). Docker s\u1ebd cache c\u00e1c layers kh\u00f4ng thay \u0111\u1ed5i, gi\u00fap build nhanh h\u01a1n.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-gi\u1ea3m-s\u1ed1-layer-t\u1ed1i-\u01b0u-cac-cau-l\u1ec7nh-trong-dockerfile\">Gi\u1ea3m s\u1ed1 layer \u2013 t\u1ed1i \u01b0u c\u00e1c c\u00e2u l\u1ec7nh trong Dockerfile<\/h4>\n\n\n\n<p>M\u1ed7i RUN, COPY, ADD t\u1ea1o m\u1ed9t layer, t\u00f4i s\u1ebd g\u1ed9p nhi\u1ec1u l\u1ec7nh th\u00e0nh m\u1ed9t RUN duy nh\u1ea5t, v\u00ed d\u1ee5: RUN apt-get update &amp;&amp; apt-get install -y curl &amp;&amp; rm -rf \/var\/lib\/apt\/lists\/* thay v\u00ec chia nh\u1ecf th\u00e0nh nhi\u1ec1u c\u00e2u l\u1ec7nh ri\u00eang bi\u1ec7t.<\/p>\n\n\n\n<p>V\u00ed d\u1ee5:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># C\u00e1ch t\u1ed1i \u01b0u\n\nRUN apt-get update \\\n\u00a0\u00a0\u00a0\u00a0&amp;&amp; apt-get install -y --no-install-recommends \\\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0curl \\\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0wget \\\n\u00a0\u00a0\u00a0\u00a0&amp;&amp; rm -rf \/var\/lib\/apt\/lists\/* \\\n\u00a0\u00a0\u00a0\u00a0&amp;&amp; apt-get clean<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-dung-dockerignore-d\u1ec3-lo\u1ea1i-b\u1ecf-file-khong-c\u1ea7n-thi\u1ebft\">D\u00f9ng .dockerignore \u0111\u1ec3 lo\u1ea1i b\u1ecf file kh\u00f4ng c\u1ea7n thi\u1ebft<\/h4>\n\n\n\n<p>Gi\u1ed1ng nh\u01b0 .gitignore, file .dockerignore ch\u1ec9 \u0111\u1ecbnh t\u1eadp tin ho\u1eb7c th\u01b0 m\u1ee5c kh\u00f4ng \u0111\u01b0\u1ee3c copy v\u00e0o build context, t\u1eeb \u0111\u00f3 gi\u1ea3m dung l\u01b0\u1ee3ng v\u00e0 t\u0103ng t\u1ed1c build. \u0110\u00e2y l\u00e0 c\u00e1ch t\u1ed1i \u01b0u h\u1eefu hi\u1ec7u \u0111\u1ec3 tr\u00e1nh \u0111\u01b0a v\u00f4 nh\u1eefng file th\u1eeba nh\u01b0 logs, th\u01b0 m\u1ee5c build, ho\u1eb7c node_modules kh\u00f4ng c\u1ea7n.<\/p>\n\n\n\n<p>V\u00ed d\u1ee5 .dockerignore:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>node_modules\n\nnpm-debug.log\n\n.git\n\n.gitignore\n\n*.md\n\n.env\n\ncoverage\/\n\n.nyc_output<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-lo\u1ea1i-b\u1ecf-file-t\u1ea1m-cache-va-ph\u1ee5-thu\u1ed9c-d\u01b0-th\u1eeba\">Lo\u1ea1i b\u1ecf file t\u1ea1m, cache, v\u00e0 ph\u1ee5 thu\u1ed9c d\u01b0 th\u1eeba<\/h4>\n\n\n\n<p>Trong qu\u00e1 tr\u00ecnh c\u00e0i \u0111\u1eb7t package, h\u00e3y d\u00f9ng c\u00e1c tu\u1ef3 ch\u1ecdn nh\u01b0 <code>--no\u2011install\u2011recommends<\/code> (v\u1edbi apt), <code>--no-cache<\/code> (v\u1edbi apk) ho\u1eb7c x\u00f3a cache ngay trong c\u00f9ng m\u1ed9t RUN \u0111\u1ec3 kh\u00f4ng l\u01b0u l\u1ea1i file th\u1eeba trong Image cu\u1ed1i c\u00f9ng.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-s\u1eed-d\u1ee5ng-cac-cong-c\u1ee5-security-scanning-va-dependency-analysis\">S\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 security scanning v\u00e0 dependency analysis<\/h4>\n\n\n\n<p>C\u1ee5 th\u1ec3, t\u00f4i s\u1eed d\u1ee5ng:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>docker scan, Trivy, ho\u1eb7c Clair \u0111\u1ec3 ki\u1ec3m tra vulnerabilities trong Image.<\/li>\n\n\n\n<li>Lo\u1ea1i b\u1ecf c\u00e1c packages kh\u00f4ng c\u1ea7n thi\u1ebft nh\u1eb1m gi\u1ea3m b\u1ec1 m\u1eb7t t\u1ea5n c\u00f4ng v\u00e0 dung l\u01b0\u1ee3ng Image.<\/li>\n\n\n\n<li>Th\u01b0\u1eddng xuy\u00ean c\u1eadp nh\u1eadt base image \u0111\u1ec3 nh\u1eadn b\u1ea3n v\u00e1 b\u1ea3o m\u1eadt m\u1edbi nh\u1ea5t.<\/li>\n<\/ul>\n\n\n\n<p><strong>V\u00ed d\u1ee5 m\u1ed9t Dockerfile t\u1ed1i \u01b0u:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>FROM golang:1.21 AS builder\n\nWORKDIR \/app\n\nCOPY . .\n\nRUN go build -o myapp\n\nFROM alpine:3.18\n\nWORKDIR \/app\n\nCOPY --from=builder \/app\/myapp \/app\/\n\nCMD &#91;\".\/myapp\"]<\/code><\/pre>\n\n\n\n<p><strong>Ho\u1eb7c v\u00ed d\u1ee5 kh\u00e1c:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>FROM node:alpine AS builder\n\nWORKDIR \/app\n\nCOPY package*.json .\/\n\nRUN npm install\n\nCOPY . .\n\nRUN npm run build\n\nFROM node:alpine\n\nWORKDIR \/app\n\nCOPY --from=builder \/app\/dist \/app\/dist\n\nCMD &#91;\"node\", \"dist\/index.js\"]<\/code><\/pre>\n\n\n\n<p>Hai v\u00ed d\u1ee5 n\u00e0y th\u1ec3 hi\u1ec7n r\u00f5 c\u00e1ch k\u1ebft h\u1ee3p multi-stage build, ch\u1ecdn base Image nh\u1eb9, v\u00e0 ch\u1ec9 copy ph\u1ea7n c\u1ea7n thi\u1ebft v\u00e0o Image cu\u1ed1i c\u00f9ng.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-multi-stage-build-la-gi-khi-nao-nen-dung\"><strong>Multi-stage build l\u00e0 g\u00ec? Khi n\u00e0o n\u00ean d\u00f9ng?<\/strong><\/h3>\n\n\n\n<p>Multi-stage build l\u00e0 m\u1ed9t t\u00ednh n\u0103ng trong Docker cho ph\u00e9p s\u1eed d\u1ee5ng nhi\u1ec1u giai \u0111o\u1ea1n (stage) trong m\u1ed9t Dockerfile duy nh\u1ea5t. M\u1ed7i giai \u0111o\u1ea1n \u0111\u01b0\u1ee3c kh\u1edfi t\u1ea1o b\u1eb1ng l\u1ec7nh FROM m\u1edbi v\u00e0 c\u00f3 th\u1ec3 d\u00f9ng m\u1ed9t base Image kh\u00e1c nhau. Do \u0111\u00f3, ch\u1ec9 copy nh\u1eefng ph\u1ea7n c\u1ea7n thi\u1ebft t\u1eeb c\u00e1c giai \u0111o\u1ea1n tr\u01b0\u1edbc v\u00e0o giai \u0111o\u1ea1n cu\u1ed1i c\u00f9ng, nh\u1edd v\u1eady t\u1ea1o ra Image nh\u1ecf g\u1ecdn, kh\u00f4ng bao g\u1ed3m to\u00e0n b\u1ed9 c\u00f4ng c\u1ee5 v\u00e0 ph\u1ee5 thu\u1ed9c ch\u1ec9 d\u00f9ng trong build.<\/p>\n\n\n\n<p>T\u00f4i th\u01b0\u1eddng s\u1eed d\u1ee5ng multi-stage build trong nh\u1eefng tr\u01b0\u1eddng h\u1ee3p sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u1ee8ng d\u1ee5ng bi\u00ean d\u1ecbch (compiled languages):<\/li>\n<\/ul>\n\n\n\n<p>Khi c\u1ea7n build c\u00e1c \u1ee9ng d\u1ee5ng nh\u01b0 Go, C++, Java\u2026, multi-stage gi\u00fap t\u00e1ch bi\u1ec7t giai \u0111o\u1ea1n c\u00f3 c\u00f4ng c\u1ee5 bi\u00ean d\u1ecbch v\u00e0 runtime environment, ch\u1ec9 gi\u1eef l\u1ea1i binary cu\u1ed1i c\u00f9ng trong Image s\u1ea3n xu\u1ea5t.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u1ee8ng d\u1ee5ng script\/JS c\u1ea7n \u0111\u00f3ng g\u00f3i:<\/li>\n<\/ul>\n\n\n\n<p>V\u1edbi Node.js, Python hay Ruby, t\u00f4i c\u00f3 th\u1ec3 build\/minify code trong m\u1ed9t stage r\u1ed3i ch\u1ec9 chuy\u1ec3n file cu\u1ed1i v\u00e0o Image nh\u1eb9, tr\u00e1nh \u0111\u1ec3 th\u01b0 vi\u1ec7n dev ho\u1eb7c c\u00f4ng c\u1ee5 \u0111\u00f3ng g\u00f3i v\u00e0o production.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T\u00e1ch bi\u1ec7t dependencies cho development v\u00e0 production:<\/li>\n<\/ul>\n\n\n\n<p>C\u00e0i \u0111\u1eb7t dev dependencies (testing tools, build tools) trong build stage v\u00e0 ch\u1ec9 copy production artifacts sang final stage.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u0110\u1ea3m b\u1ea3o an to\u00e0n v\u00e0 gi\u1ea3m r\u1ee7i ro:<\/li>\n<\/ul>\n\n\n\n<p>K\u1ef9 thu\u1eadt n\u00e0y gi\u00fap lo\u1ea1i b\u1ecf c\u00e1c c\u00f4ng c\u1ee5 build ra kh\u1ecfi Image cu\u1ed1i, gi\u1ea3m v\u00f9ng t\u1ea5n c\u00f4ng (attack surface) v\u00e0 kh\u1ea3 n\u0103ng t\u1ed3n t\u1ea1i l\u1ed7i b\u1ea3o m\u1eadt kh\u00f4ng c\u1ea7n thi\u1ebft. Final Image kh\u00f4ng ch\u1ee9a source code, build tools, ho\u1eb7c d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>D\u1ec5 qu\u1ea3n l\u00fd v\u00e0 t\u00e1i s\u1eed d\u1ee5ng:<\/li>\n<\/ul>\n\n\n\n<p>C\u00f3 th\u1ec3 \u0111\u1eb7t t\u00ean (AS &lt;stage-name&gt;) cho t\u1eebng giai \u0111o\u1ea1n v\u00e0 t\u00e1i s\u1eed d\u1ee5ng l\u1ea1i n\u1ebfu c\u1ea7n, gi\u00fap Dockerfile r\u00f5 r\u00e0ng, d\u1ec5 b\u1ea3o tr\u00ec v\u00e0 tr\u00e1nh vi\u1ebft nhi\u1ec1u Dockerfile ri\u00eang cho dev\/prod.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Build nhi\u1ec1u bi\u1ebfn th\u1ec3 t\u1eeb m\u1ed9t Dockerfile:<\/li>\n<\/ul>\n\n\n\n<p>C\u00f3 th\u1ec3 target specific stages b\u1eb1ng &#8211;target flag, v\u00ed d\u1ee5 build development Image v\u00e0 production Image t\u1eeb c\u00f9ng m\u1ed9t Dockerfile.<\/p>\n\n\n\n<p><strong>V\u00ed d\u1ee5 minh ho\u1ea1:<\/strong><\/p>\n\n\n\n<p># Giai \u0111o\u1ea1n build<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>FROM golang:1.24 AS build\n\nWORKDIR \/src\n\nCOPY main.go .\n\nRUN go build -o \/bin\/hello<\/code><\/pre>\n\n\n\n<p># Giai \u0111o\u1ea1n s\u1ea3n ph\u1ea9m t\u1ed1i gi\u1ea3n<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>FROM scratch\n\nCOPY --from=build \/bin\/hello \/bin\/hello\n\nCMD &#91;\"\/bin\/hello\"]<\/code><\/pre>\n\n\n\n<p>Trong v\u00ed d\u1ee5 n\u00e0y, Docker ch\u1ec9 gi\u1eef l\u1ea1i file nh\u1ecb ph\u00e2n hello trong Image cu\u1ed1i, lo\u1ea1i b\u1ecf m\u1ecdi th\u00e0nh ph\u1ea7n build tool ban \u0111\u1ea7u.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-lam-sao-chia-s\u1ebb-d\u1eef-li\u1ec7u-gi\u1eefa-hai-container\"><strong>L\u00e0m sao chia s\u1ebb d\u1eef li\u1ec7u gi\u1eefa hai Container?<\/strong><\/h3>\n\n\n\n<p>Trong m\u00f4i tr\u01b0\u1eddng Docker, vi\u1ec7c chia s\u1ebb d\u1eef li\u1ec7u gi\u1eefa c\u00e1c Container l\u00e0 m\u1ed9t nhu c\u1ea7u ph\u1ed5 bi\u1ebfn khi tri\u1ec3n khai c\u00e1c \u1ee9ng d\u1ee5ng nhi\u1ec1u th\u00e0nh ph\u1ea7n. C\u00f3 hai c\u00e1ch ch\u00ednh \u0111\u1ec3 th\u1ef1c hi\u1ec7n \u0111i\u1ec1u n\u00e0y: s\u1eed d\u1ee5ng Docker Volume, Bind Mounts, tmpfs mounts ho\u1eb7c li\u00ean k\u1ebft th\u00f4ng qua m\u1ed9t Container trung gian gi\u1eef Volume (c\u00f2n g\u1ecdi l\u00e0 data Volume Container).<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>S\u1eed d\u1ee5ng Docker Volume \u0111\u1ec3 chia s\u1ebb d\u1eef li\u1ec7u<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Docker Volume l\u00e0 ph\u01b0\u01a1ng ph\u00e1p ti\u00eau chu\u1ea9n v\u00e0 an to\u00e0n \u0111\u1ec3 l\u01b0u tr\u1eef d\u1eef li\u1ec7u d\u00f9ng chung gi\u1eefa c\u00e1c Container. T\u00f4i ch\u1ec9 c\u1ea7n t\u1ea1o m\u1ed9t Volume, sau \u0111\u00f3 mount Volume \u0111\u00f3 v\u00e0o nhi\u1ec1u Container v\u1edbi c\u00f9ng m\u1ed9t \u0111\u01b0\u1eddng d\u1eabn.&nbsp;<\/p>\n\n\n\n<p>V\u00ed d\u1ee5:&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker Volume create shared-data<\/code><\/pre>\n\n\n\n<p>Sau \u0111\u00f3, khi kh\u1edfi \u0111\u1ed9ng Container, mount Volume nh\u01b0 sau:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker run -v shared-data:\/data --name Container1 my-Image\n\ndocker run -v shared-data:\/data --name Container2 my-Image<\/code><\/pre>\n\n\n\n<p>C\u1ea3 hai Container l\u00fac n\u00e0y s\u1ebd truy c\u1eadp \u0111\u01b0\u1ee3c th\u01b0 m\u1ee5c \/data c\u00f3 n\u1ed9i dung gi\u1ed1ng nhau. \u0110\u00e2y l\u00e0 ph\u01b0\u01a1ng ph\u00e1p \u0111\u01b0\u1ee3c khuy\u1ebfn kh\u00edch v\u00ec \u0111\u1ea3m b\u1ea3o t\u00ednh nh\u1ea5t qu\u00e1n v\u00e0 \u0111\u1ed9c l\u1eadp v\u1edbi h\u1ec7 th\u1ed1ng file host.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>D\u00f9ng m\u1ed9t Container trung gian l\u00e0m \u201cVolume Container\u201d<\/strong><\/li>\n<\/ul>\n\n\n\n<p>M\u1ed9t c\u00e1ch kh\u00e1c l\u00e0 t\u1ea1o m\u1ed9t Container ch\u1ec9 \u0111\u1ec3 gi\u1eef Volume (g\u1ecdi l\u00e0 data-only Container) v\u00e0 c\u00e1c Container kh\u00e1c s\u1ebd s\u1eed d\u1ee5ng &#8211;Volumes-from \u0111\u1ec3 g\u1eafn k\u1ebft Volume t\u1eeb Container n\u00e0y.&nbsp;<\/p>\n\n\n\n<p>V\u00ed d\u1ee5:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker create -v \/shared-data --name data-Container busybox\n\ndocker run --Volumes-from data-Container my-Image\n\ndocker run --Volumes-from data-Container another-Image<\/code><\/pre>\n\n\n\n<p>C\u00e1ch n\u00e0y h\u1eefu \u00edch khi t\u00f4i mu\u1ed1n qu\u1ea3n l\u00fd t\u1eadp trung d\u1eef li\u1ec7u m\u00e0 kh\u00f4ng c\u1ea7n t\u1ea1o Volume ri\u00eang l\u1ebb, tuy nhi\u00ean ph\u01b0\u01a1ng ph\u00e1p n\u00e0y \u00edt ph\u1ed5 bi\u1ebfn h\u01a1n trong c\u00e1c phi\u00ean b\u1ea3n Docker m\u1edbi, n\u01a1i Docker Volume \u0111\u01b0\u1ee3c t\u1ed1i \u01b0u h\u01a1n.<\/p>\n\n\n\n<p>Khi n\u00e0o n\u00ean s\u1eed d\u1ee5ng?<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>D\u00f9ng Docker Volume khi t\u00f4i mu\u1ed1n d\u1eef li\u1ec7u \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef \u1ed5n \u0111\u1ecbnh, d\u1ec5 qu\u1ea3n l\u00fd v\u00e0 chia s\u1ebb r\u00f5 r\u00e0ng gi\u1eefa nhi\u1ec1u Container.<\/li>\n\n\n\n<li>D\u00f9ng Volume Container trong c\u00e1c h\u1ec7 th\u1ed1ng c\u0169 ho\u1eb7c c\u1ea7n m\u1ed9t gi\u1ea3i ph\u00e1p \u0111\u01a1n gi\u1ea3n, kh\u00f4ng c\u1ea7n t\u1ea1o Volume th\u1ee7 c\u00f4ng.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-khac-bi\u1ec7t-gi\u1eefa-docker-exec-va-docker-attach-la-gi\"><strong>Kh\u00e1c bi\u1ec7t gi\u1eefa docker exec v\u00e0 docker attach l\u00e0 g\u00ec?<\/strong><\/h3>\n\n\n\n<p>Trong th\u1ef1c t\u1ebf, c\u1ea3 hai l\u1ec7nh \u0111\u1ec1u cho ph\u00e9p t\u00f4i t\u01b0\u01a1ng t\u00e1c v\u1edbi Container \u0111ang ch\u1ea1y, nh\u01b0ng ch\u00fang ph\u1ee5c v\u1ee5 m\u1ee5c \u0111\u00edch kh\u00e1c nhau:&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-docker-exec-ch\u1ea1y-l\u1ec7nh-m\u1edbi-trong-container-dang-ho\u1ea1t-d\u1ed9ng\"><strong>docker exec: Ch\u1ea1y l\u1ec7nh m\u1edbi trong Container \u0111ang ho\u1ea1t \u0111\u1ed9ng<\/strong><\/h4>\n\n\n\n<p>L\u1ec7nh docker exec cho ph\u00e9p th\u1ef1c thi m\u1ed9t ti\u1ebfn tr\u00ecnh m\u1edbi b\u00ean trong Container m\u00e0 kh\u00f4ng \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn ti\u1ebfn tr\u00ecnh ch\u00ednh. N\u00f3 \u0111\u1eb7c bi\u1ec7t h\u1eefu \u00edch khi mu\u1ed1n ki\u1ec3m tra tr\u1ea1ng th\u00e1i h\u1ec7 th\u1ed1ng, s\u1eeda l\u1ed7i ho\u1eb7c th\u1ef1c hi\u1ec7n c\u00e1c t\u00e1c v\u1ee5 qu\u1ea3n tr\u1ecb nh\u01b0:&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker exec -it my_Container \/bin\/bash<\/code><\/pre>\n\n\n\n<p># Ho\u1eb7c ch\u1ea1y m\u1ed9t l\u1ec7nh c\u1ee5 th\u1ec3<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker exec my_Container ls -la \/app\n\ndocker exec -u root my_Container apt-get update<\/code><\/pre>\n\n\n\n<p>C\u00e2u l\u1ec7nh tr\u00ean s\u1ebd m\u1edf m\u1ed9t shell m\u1edbi b\u00ean trong Container my_Container, t\u00e1ch bi\u1ec7t ho\u00e0n to\u00e0n v\u1edbi ti\u1ebfn tr\u00ecnh ch\u00ednh \u0111ang ch\u1ea1y trong Container.<\/p>\n\n\n\n<p>C\u00e1c options quan tr\u1ecdng:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>-i<\/code> (interactive): Gi\u1eef STDIN m\u1edf<\/li>\n\n\n\n<li><code>-t<\/code> (tty): C\u1ea5p ph\u00e1t pseudo-TTY<\/li>\n\n\n\n<li><code>-u<\/code> (user): Ch\u1ec9 \u0111\u1ecbnh user \u0111\u1ec3 ch\u1ea1y command<\/li>\n\n\n\n<li><code>-w<\/code> (workdir): Ch\u1ec9 \u0111\u1ecbnh working directory<\/li>\n\n\n\n<li><code>-e<\/code> (env): Set environment variables<\/li>\n<\/ul>\n\n\n\n<p>\u01afu \u0111i\u1ec3m:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Kh\u00f4ng l\u00e0m gi\u00e1n \u0111o\u1ea1n ti\u1ebfn tr\u00ecnh ch\u00ednh c\u1ee7a Container.<\/li>\n\n\n\n<li>C\u00f3 th\u1ec3 m\u1edf nhi\u1ec1u session \u0111\u1ed3ng th\u1eddi.<\/li>\n\n\n\n<li>An to\u00e0n cho vi\u1ec7c ch\u1ea9n \u0111o\u00e1n ho\u1eb7c v\u1eadn h\u00e0nh h\u1ec7 th\u1ed1ng.<\/li>\n\n\n\n<li>Khi tho\u00e1t session (exit), Container v\u1eabn ti\u1ebfp t\u1ee5c ch\u1ea1y b\u00ecnh th\u01b0\u1eddng.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-docker-attach-k\u1ebft-n\u1ed1i-vao-ti\u1ebfn-trinh-chinh-dang-ch\u1ea1y\"><strong>docker attach: K\u1ebft n\u1ed1i v\u00e0o ti\u1ebfn tr\u00ecnh ch\u00ednh \u0111ang ch\u1ea1y<\/strong><\/h4>\n\n\n\n<p>Ng\u01b0\u1ee3c l\u1ea1i, docker attach s\u1ebd k\u1ebft n\u1ed1i tr\u1ef1c ti\u1ebfp v\u00e0o ti\u1ebfn tr\u00ecnh ch\u00ednh c\u1ee7a Container. \u0110i\u1ec1u n\u00e0y c\u00f3 ngh\u0129a l\u00e0 ng\u01b0\u1eddi d\u00f9ng s\u1ebd th\u1ea5y \u0111\u00fang output \u0111ang ch\u1ea1y c\u1ee7a Container v\u00e0 m\u1ecdi thao t\u00e1c nh\u1eadp v\u00e0o s\u1ebd \u1ea3nh h\u01b0\u1edfng tr\u1ef1c ti\u1ebfp t\u1edbi \u1ee9ng d\u1ee5ng ch\u00ednh.<\/p>\n\n\n\n<p>V\u00ed d\u1ee5:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker attach my_Container<\/code><\/pre>\n\n\n\n<p>N\u1ebfu Container \u0111ang ch\u1ea1y m\u1ed9t \u1ee9ng d\u1ee5ng console (nh\u01b0 Python, Node.js&#8230;), ch\u00fang ta s\u1ebd t\u01b0\u01a1ng t\u00e1c tr\u1ef1c ti\u1ebfp v\u1edbi n\u00f3. Tuy nhi\u00ean, n\u1ebfu kh\u00f4ng c\u1ea9n th\u1eadn, vi\u1ec7c \u0111\u00f3ng session c\u00f3 th\u1ec3 d\u1eebng lu\u00f4n Container, \u0111\u1eb7c bi\u1ec7t n\u1ebfu kh\u00f4ng t\u00e1ch r\u1eddi \u0111\u00fang c\u00e1ch.<\/p>\n\n\n\n<p>H\u1ea1n ch\u1ebf:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>C\u00f3 th\u1ec3 g\u00e2y ng\u1eaft ti\u1ebfn tr\u00ecnh n\u1ebfu tho\u00e1t sai c\u00e1ch (v\u00ed d\u1ee5 nh\u1ea5n Ctrl+C).<\/li>\n\n\n\n<li>Kh\u00f4ng th\u1ec3 m\u1edf nhi\u1ec1u session c\u00f9ng l\u00fac an to\u00e0n nh\u01b0 docker exec.<\/li>\n<\/ul>\n\n\n\n<p>B\u1ea3ng t\u00f3m t\u1eaft so s\u00e1nh:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>\u0110\u1eb7c \u0111i\u1ec3m<\/strong><\/td><td><strong>Docker exec<\/strong><\/td><td><strong>Docker attach<\/strong><\/td><\/tr><tr><td>M\u1ee5c \u0111\u00edch<\/td><td>Ch\u1ea1y l\u1ec7nh m\u1edbi trong Container<\/td><td>K\u1ebft n\u1ed1i v\u00e0o ti\u1ebfn tr\u00ecnh ch\u00ednh<\/td><\/tr><tr><td>Process target<\/td><td>T\u1ea1o process m\u1edbi (PID kh\u00e1c)<\/td><td>K\u1ebft n\u1ed1i t\u1edbi PID 1<\/td><\/tr><tr><td>\u1ea2nh h\u01b0\u1edfng \u0111\u1ebfn Container&nbsp;<\/td><td>Kh\u00f4ng<\/td><td>C\u00f3 th\u1ec3 l\u00e0m d\u1eebng Container n\u1ebfu tho\u00e1t sai<\/td><\/tr><tr><td>Nhi\u1ec1u session&nbsp;<\/td><td>C\u00f3<\/td><td>H\u1ea1n ch\u1ebf, kh\u00f4ng an to\u00e0n khi nhi\u1ec1u session<\/td><\/tr><tr><td>D\u00f9ng khi n\u00e0o?<\/td><td>Qu\u1ea3n tr\u1ecb, debug, ki\u1ec3m tra<\/td><td>Gi\u00e1m s\u00e1t ti\u1ebfn tr\u00ecnh ch\u00ednh<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-docker-network-la-gi-co-nh\u1eefng-lo\u1ea1i-nao\"><strong>Docker Network l\u00e0 g\u00ec? C\u00f3 nh\u1eefng lo\u1ea1i n\u00e0o?<\/strong><\/h3>\n\n\n\n<p>Docker Network l\u00e0 m\u1ed9t h\u1ec7 th\u1ed1ng m\u1ea1ng \u1ea3o m\u00e0 Docker cung c\u1ea5p \u0111\u1ec3 cho ph\u00e9p c\u00e1c Container k\u1ebft n\u1ed1i v\u00e0 trao \u0111\u1ed5i d\u1eef li\u1ec7u v\u1edbi nhau, ho\u1eb7c v\u1edbi h\u1ec7 th\u1ed1ng b\u00ean ngo\u00e0i. Thay v\u00ec \u0111\u1ec3 t\u1eebng Container ph\u1ea3i thi\u1ebft l\u1eadp m\u1ea1ng ri\u00eang bi\u1ec7t, Docker t\u1ea1o ra c\u00e1c m\u1ea1ng logic \u0111\u1ec3 Container c\u00f3 th\u1ec3 \u201cgiao ti\u1ebfp\u201d m\u00e0 kh\u00f4ng c\u1ea7n bi\u1ebft c\u1ee5 th\u1ec3 \u0111\u1ecba ch\u1ec9 IP c\u1ee7a nhau.<\/p>\n\n\n\n<p>M\u1ed7i khi ch\u1ea1y m\u1ed9t Container, Docker s\u1ebd t\u1ef1 \u0111\u1ed9ng g\u00e1n n\u00f3 v\u00e0o m\u1ed9t m\u1ea1ng m\u1eb7c \u0111\u1ecbnh, ho\u1eb7c c\u00f3 th\u1ec3 ch\u1ec9 \u0111\u1ecbnh m\u1ea1ng c\u1ee5 th\u1ec3 theo nhu c\u1ea7u. Docker cung c\u1ea5p built-in DNS resolution, cho ph\u00e9p Containers t\u00ecm th\u1ea5y nhau b\u1eb1ng t\u00ean thay v\u00ec IP address.<\/p>\n\n\n\n<p>Docker h\u1ed7 tr\u1ee3 nhi\u1ec1u ki\u1ec3u m\u1ea1ng kh\u00e1c nhau, ph\u00f9 h\u1ee3p v\u1edbi c\u00e1c k\u1ecbch b\u1ea3n s\u1eed d\u1ee5ng kh\u00e1c nhau. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 c\u00e1c lo\u1ea1i ph\u1ed5 bi\u1ebfn:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td>Lo\u1ea1i m\u1ea1ng<\/td><td>M\u00f4 t\u1ea3<\/td><td>Khi s\u1eed d\u1ee5ng<\/td><td>C\u00fa ph\u00e1p<\/td><\/tr><tr><td>Bridge<\/td><td>M\u1ea1ng m\u1eb7c \u0111\u1ecbnh c\u1ee7a Docker. Container trong c\u00f9ng bridge network c\u00f3 th\u1ec3 giao ti\u1ebfp v\u1edbi nhau, nh\u01b0ng t\u00e1ch bi\u1ec7t v\u1edbi network kh\u00e1c.<\/td><td>\u1ee8ng d\u1ee5ng \u0111\u1ed9c l\u1eadp, ch\u1ea1y tr\u00ean m\u1ed9t m\u00e1y ch\u1ee7 duy nh\u1ea5t.<\/td><td>docker network create &#8211;driver bridge my-bridge-network<\/td><\/tr><tr><td>Host<\/td><td>Container chia s\u1ebb stack m\u1ea1ng v\u1edbi m\u00e1y ch\u1ee7, kh\u00f4ng c\u1ea7n port mapping.<\/td><td>C\u1ea7n hi\u1ec7u n\u0103ng cao ho\u1eb7c tr\u00e1nh NAT.<\/td><td>docker run &#8211;network host nginx<\/td><\/tr><tr><td>Overlay<\/td><td>K\u1ebft n\u1ed1i Container tr\u00ean nhi\u1ec1u m\u00e1y Docker kh\u00e1c nhau, s\u1eed d\u1ee5ng VXLAN t\u1ea1o tunnels.<\/td><td>H\u1ec7 th\u1ed1ng microservices ph\u00e2n t\u00e1n, Docker Swarm.<\/td><td>docker network create &#8211;driver overlay my-overlay-network<\/td><\/tr><tr><td>None<\/td><td>Container kh\u00f4ng k\u1ebft n\u1ed1i m\u1ea1ng, ch\u1ec9 c\u00f3 loopback interface (localhost).<\/td><td>Mu\u1ed1n ki\u1ec3m so\u00e1t ho\u00e0n to\u00e0n c\u1ea5u h\u00ecnh m\u1ea1ng.<\/td><td>docker run &#8211;network none alpine<\/td><\/tr><tr><td>Macvlan<\/td><td>G\u00e1n \u0111\u1ecba ch\u1ec9 MAC v\u00e0 IP tr\u1ef1c ti\u1ebfp t\u1eeb m\u1ea1ng v\u1eadt l\u00fd cho Container, gi\u00fap n\u00f3 nh\u01b0 m\u1ed9t m\u00e1y \u0111\u1ed9c l\u1eadp trong LAN.<\/td><td>Container c\u1ea7n t\u01b0\u01a1ng t\u00e1c tr\u1ef1c ti\u1ebfp v\u1edbi m\u1ea1ng n\u1ed9i b\u1ed9 nh\u01b0 m\u1ed9t m\u00e1y ri\u00eang bi\u1ec7t.<\/td><td>docker network create -d macvlan &#8230; (c\u1ea7n config th\u00eam)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-lam-sao-d\u1ec3-g\u1eafn-log-container-vao-h\u1ec7-th\u1ed1ng-log-ben-ngoai\"><strong>L\u00e0m sao \u0111\u1ec3 g\u1eafn log Container v\u00e0o h\u1ec7 th\u1ed1ng log b\u00ean ngo\u00e0i?<\/strong><\/h3>\n\n\n\n<p>Docker cho ph\u00e9p Container ghi log th\u00f4ng qua logging drivers \u2013 m\u1ed9t c\u01a1 ch\u1ebf linh ho\u1ea1t \u0111\u1ec3 g\u1eedi log t\u1edbi c\u00e1c \u0111\u00edch kh\u00e1c nhau. B\u1eb1ng c\u00e1ch c\u1ea5u h\u00ecnh logging driver ph\u00f9 h\u1ee3p, ch\u00fang ta c\u00f3 th\u1ec3 chuy\u1ec3n log Container ra h\u1ec7 th\u1ed1ng log t\u1eadp trung nh\u01b0 syslog, Fluentd, ho\u1eb7c log file \u0111\u1ec3 b\u00ean ngo\u00e0i \u0111\u1ecdc v\u00e0 x\u1eed l\u00fd ti\u1ebfp.<\/p>\n\n\n\n<p>T\u1eeb phi\u00ean b\u1ea3n Docker 20.10 tr\u1edf \u0111i, Docker h\u1ed7 tr\u1ee3 dual logging \u2013 t\u1ee9c l\u00e0 cho ph\u00e9p m\u1ed9t Container c\u00f9ng l\u00fac s\u1eed d\u1ee5ng 2 driver log. \u0110i\u1ec1u n\u00e0y r\u1ea5t h\u1eefu \u00edch n\u1ebfu t\u00f4i mu\u1ed1n:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>V\u1eabn theo d\u00f5i log tr\u1ef1c ti\u1ebfp qua docker logs<\/li>\n\n\n\n<li>\u0110\u1ed3ng th\u1eddi g\u1eedi log \u0111\u1ebfn d\u1ecbch v\u1ee5 log nh\u01b0 Fluentd ho\u1eb7c Logstash<\/li>\n<\/ul>\n\n\n\n<p>T\u00f4i c\u1ea5u h\u00ecnh ngay trong l\u1ec7nh docker run:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker run \\\n\u00a0\u00a0--log-driver=local \\\n\u00a0\u00a0--log-driver=syslog \\\n\u00a0\u00a0--log-opt syslog-address=tcp:\/\/192.168.1.100:514 \\\n\u00a0\u00a0my-app<\/code><\/pre>\n\n\n\n<p>Kh\u00f4ng ph\u1ea3i phi\u00ean b\u1ea3n Docker n\u00e0o c\u0169ng h\u1ed7 tr\u1ee3 dual logging, do \u0111\u00f3 t\u00f4i lu\u00f4n \u0111\u1ea3m b\u1ea3o \u0111ang d\u00f9ng b\u1ea3n m\u1edbi nh\u1ea5t v\u00e0 \u0111\u00e3 b\u1eadt t\u00ednh n\u0103ng n\u00e0y trong c\u1ea5u h\u00ecnh daemon.<\/p>\n\n\n\n<p>Khi k\u1ebft n\u1ed1i log Container v\u1edbi h\u1ec7 th\u1ed1ng ngo\u00e0i, t\u00f4i th\u00eam c\u00e1c t\u00f9y ch\u1ecdn log nh\u01b0:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u0110\u1ecba ch\u1ec9 log server (syslog-address, fluentd-address\u2026)<\/li>\n\n\n\n<li>G\u00e1n tag cho Container \u0111\u1ec3 d\u1ec5 ph\u00e2n lo\u1ea1i log<\/li>\n\n\n\n<li>\u0110\u1ecbnh d\u1ea1ng log JSON ho\u1eb7c plaintext \u0111\u1ec3 ph\u00f9 h\u1ee3p v\u1edbi h\u1ec7 th\u1ed1ng ph\u00e2n t\u00edch<\/li>\n<\/ul>\n\n\n\n<p>V\u00ed d\u1ee5 v\u1edbi Fluentd:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker run \\\n\u00a0\u00a0--log-driver=fluentd \\\n\u00a0\u00a0--log-opt tag=\"app.myapp\" \\\n\u00a0\u00a0--log-opt fluentd-address=localhost:24224 \\\n\u00a0\u00a0my-app<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-cach-x\u1eed-ly-khi-image-build-b\u1ecb-l\u1ed7i-khong-ro-nguyen-nhan\"><strong>C\u00e1ch x\u1eed l\u00fd khi Image build b\u1ecb l\u1ed7i kh\u00f4ng r\u00f5 nguy\u00ean nh\u00e2n?<\/strong><\/h3>\n\n\n\n<p>\u0110\u00e2y l\u00e0 m\u1ed9t c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker nh\u1eb1m ki\u1ec3m tra kh\u1ea3 n\u0103ng x\u1eed l\u00fd s\u1ef1 c\u1ed1 v\u00e0 t\u01b0 duy debug c\u1ee7a \u1ee9ng vi\u00ean.&nbsp;<\/p>\n\n\n\n<p>D\u01b0\u1edbi \u0111\u00e2y l\u00e0 nh\u1eefng c\u00e1ch ti\u1ebfp c\u1eadn hi\u1ec7u qu\u1ea3 khi build Image b\u1ecb l\u1ed7i nh\u01b0ng log kh\u00f4ng n\u00f3i r\u00f5 nguy\u00ean nh\u00e2n.<\/p>\n\n\n\n<p><strong>Th\u00eam log chi ti\u1ebft b\u1eb1ng <code>--progress=plain<\/code> v\u00e0 <code>--no-cache<\/code><\/strong><\/p>\n\n\n\n<p>Khi g\u1eb7p l\u1ed7i m\u01a1 h\u1ed3, \u0111i\u1ec1u \u0111\u1ea7u ti\u00ean n\u00ean l\u00e0m l\u00e0 x\u00e2y d\u1ef1ng l\u1ea1i Image t\u1eeb \u0111\u1ea7u v\u00e0 \u00e9p Docker hi\u1ec3n th\u1ecb \u0111\u1ea7y \u0111\u1ee7 th\u00f4ng tin: DOCKER_BUILDKIT=1 docker build &#8211;progress=plain &#8211;no-cache -t my-Image .<\/p>\n\n\n\n<p>Trong \u0111\u00f3:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>--progress=plain<\/code>: hi\u1ec3n th\u1ecb chi ti\u1ebft c\u00e1c b\u01b0\u1edbc \u0111ang ch\u1ea1y<\/li>\n\n\n\n<li><code>--no-cache<\/code>: tr\u00e1nh d\u00f9ng cache \u0111\u1ec3 ph\u00e1t hi\u1ec7n l\u1ed7i ch\u00ednh x\u00e1c h\u01a1n<\/li>\n\n\n\n<li>T\u00e1ch nh\u1ecf c\u00e1c l\u1ec7nh trong Dockerfile<\/li>\n<\/ul>\n\n\n\n<p>M\u1ed9t trong nh\u1eefng nguy\u00ean nh\u00e2n khi\u1ebfn l\u1ed7i build tr\u1edf n\u00ean kh\u00f3 x\u00e1c \u0111\u1ecbnh l\u00e0 do vi\u1ebft qu\u00e1 nhi\u1ec1u l\u1ec7nh trong m\u1ed9t RUN. Thay v\u00ec:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>RUN apt update &amp;&amp; apt install -y curl &amp;&amp; curl http:\/\/example.com\/install.sh | bash<\/code><\/pre>\n\n\n\n<p>H\u00e3y t\u00e1ch th\u00e0nh:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>RUN apt update\n\nRUN apt install -y curl\n\nRUN curl http:\/\/example.com\/install.sh | bash<\/code><\/pre>\n\n\n\n<p>Vi\u1ec7c chia nh\u1ecf gi\u00fap b\u1ea1n bi\u1ebft ch\u00ednh x\u00e1c b\u01b0\u1edbc n\u00e0o g\u00e2y l\u1ed7i v\u00e0 d\u1ec5 t\u00e1i ki\u1ec3m tra h\u01a1n.<\/p>\n\n\n\n<p><strong>Ki\u1ec3m tra k\u1ef9 m\u00f4i tr\u01b0\u1eddng build<\/strong><\/p>\n\n\n\n<p>Nhi\u1ec1u l\u1ed7i build x\u1ea3y ra kh\u00f4ng ph\u1ea3i v\u00ec Dockerfile sai, m\u00e0 v\u00ec m\u00f4i tr\u01b0\u1eddng h\u1ec7 th\u1ed1ng c\u00f3 v\u1ea5n \u0111\u1ec1 nh\u01b0:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Thi\u1ebfu k\u1ebft n\u1ed1i m\u1ea1ng<\/li>\n\n\n\n<li>DNS l\u1ed7i (th\u1eed \u0111\u1ed5i sang 8.8.8.8)<\/li>\n\n\n\n<li>Thi\u1ebfu t\u00e0i nguy\u00ean (RAM, \u1ed5 c\u1ee9ng)<\/li>\n\n\n\n<li>Phi\u00ean b\u1ea3n Docker kh\u00f4ng t\u01b0\u01a1ng th\u00edch<\/li>\n<\/ul>\n\n\n\n<p>T\u00f4i th\u01b0\u1eddng ki\u1ec3m tra b\u1eb1ng c\u00e1ch build tr\u00ean m\u1ed9t m\u00f4i tr\u01b0\u1eddng kh\u00e1c (v\u00ed d\u1ee5: m\u00f4i tr\u01b0\u1eddng CI\/CD, server m\u1edbi&#8230;) \u0111\u1ec3 so s\u00e1nh.<\/p>\n\n\n\n<p><strong>In debug ho\u1eb7c ch\u1ea1y shell trung gian<\/strong><\/p>\n\n\n\n<p>M\u1ed9t m\u1eb9o hay \u0111\u1ec3 debug l\u00e0 ch\u00e8n c\u00e1c l\u1ec7nh in tr\u1ea1ng th\u00e1i ho\u1eb7c t\u1ea1m d\u1eebng gi\u1eefa qu\u00e1 tr\u00ecnh build, v\u00ed d\u1ee5:&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>RUN echo \"T\u1edbi \u0111\u00e2y v\u1eabn \u1ed5n\" &amp;&amp; sleep 10<\/code><\/pre>\n\n\n\n<p>Ho\u1eb7c b\u1ea1n c\u00f3 th\u1ec3 build m\u1ed9t Image trung gian, sau \u0111\u00f3 ch\u1ea1y shell b\u00ean trong \u0111\u1ec3 ki\u1ec3m tra t\u1eebng b\u01b0\u1edbc:&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker run -it --entrypoint \/bin\/sh Image-trung-gian<\/code><\/pre>\n\n\n\n<p><strong>B\u00e1m s\u00e1t best practices c\u1ee7a Docker<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>D\u00f9ng Docker BuildKit \u0111\u1ec3 t\u0103ng t\u1ed1c v\u00e0 debug t\u1ed1t h\u01a1n<\/li>\n\n\n\n<li>Vi\u1ebft Dockerfile c\u00f3 c\u1ea5u tr\u00fac r\u00f5 r\u00e0ng, h\u1ea1n ch\u1ebf COPY hay RUN qu\u00e1 nhi\u1ec1u file\/l\u1ec7nh kh\u00f4ng c\u1ea7n thi\u1ebft<\/li>\n\n\n\n<li>Kh\u00f4ng hard-code gi\u00e1 tr\u1ecb m\u00f4i tr\u01b0\u1eddng, thay v\u00e0o \u0111\u00f3 d\u00f9ng bi\u1ebfn ENV ho\u1eb7c ARG<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-docker-compose-khac-gi-so-v\u1edbi-swarm\"><strong>Docker Compose kh\u00e1c g\u00ec so v\u1edbi Swarm?<\/strong><\/h3>\n\n\n\n<p><strong>Docker Compose<\/strong> \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 gi\u00fap c\u00e1c developer d\u1ec5 d\u00e0ng c\u1ea5u h\u00ecnh v\u00e0 kh\u1edfi ch\u1ea1y nhi\u1ec1u Container li\u00ean k\u1ebft v\u1edbi nhau ch\u1ec9 v\u1edbi m\u1ed9t file YAML duy nh\u1ea5t (docker-Compose.yml). \u0110\u00e2y l\u00e0 gi\u1ea3i ph\u00e1p l\u00fd t\u01b0\u1edfng cho:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>M\u00f4i tr\u01b0\u1eddng local ho\u1eb7c staging<\/li>\n\n\n\n<li>Ph\u00e1t tri\u1ec3n \u1ee9ng d\u1ee5ng c\u00f3 nhi\u1ec1u service (web, database, redis\u2026)<\/li>\n\n\n\n<li>D\u1ec5 qu\u1ea3n l\u00fd nh\u1edd file c\u1ea5u h\u00ecnh \u0111\u01a1n gi\u1ea3n<\/li>\n\n\n\n<li>Kh\u00f4ng y\u00eau c\u1ea7u cluster hay ph\u00e2n t\u00e1n<\/li>\n\n\n\n<li>Single-host deployments<\/li>\n<\/ul>\n\n\n\n<p>V\u00ed d\u1ee5, t\u00f4i c\u00f3 th\u1ec3 ch\u1ea1y to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng ch\u1ec9 b\u1eb1ng m\u1ed9t l\u1ec7nh: docker-Compose up<\/p>\n\n\n\n<p><strong>Docker Swarm<\/strong> l\u00e0 c\u00f4ng c\u1ee5 orchestration (\u0111i\u1ec1u ph\u1ed1i) c\u1ee7a Docker, cho ph\u00e9p tri\u1ec3n khai c\u00e1c Container tr\u00ean nhi\u1ec1u node (m\u00e1y ch\u1ee7) trong m\u1ed9t c\u1ee5m ph\u00e2n t\u00e1n (cluster). Docker Swarm mode \u0111\u01b0\u1ee3c t\u00edch h\u1ee3p s\u1eb5n trong Docker Engine t\u1eeb version 1.12. \u0110\u00e2y l\u00e0 gi\u1ea3i ph\u00e1p ph\u00f9 h\u1ee3p khi c\u1ea7n:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tri\u1ec3n khai tr\u00ean m\u00f4i tr\u01b0\u1eddng production c\u00f3 quy m\u00f4 l\u1edbn<\/li>\n\n\n\n<li>\u0110\u1ea3m b\u1ea3o high availability (s\u1eb5n s\u00e0ng cao) v\u00e0 load balancing<\/li>\n\n\n\n<li>T\u1ef1 \u0111\u1ed9ng scale (m\u1edf r\u1ed9ng ho\u1eb7c thu h\u1eb9p s\u1ed1 l\u01b0\u1ee3ng Container)<\/li>\n\n\n\n<li>Qu\u1ea3n l\u00fd tr\u1ea1ng th\u00e1i Container (recovery khi c\u00f3 node l\u1ed7i)<\/li>\n\n\n\n<li>Service discovery v\u00e0 internal load balancing<\/li>\n\n\n\n<li>C\u1eadp nh\u1eadt cu\u1ed1n chi\u1ebfu v\u1edbi zero downtime<\/li>\n<\/ul>\n\n\n\n<p>Swarm s\u1eed d\u1ee5ng c\u00e1c l\u1ec7nh nh\u01b0 docker swarm init, docker service create, docker node ls\u2026 \u0111\u1ec3 qu\u1ea3n l\u00fd c\u00e1c t\u00e0i nguy\u00ean trong c\u1ee5m.<\/p>\n\n\n\n<p>B\u1ea3ng so s\u00e1nh Docker Compose v\u00e0 Swarm:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Ti\u00eau ch\u00ed<\/strong><\/td><td><strong>Docker Compose<\/strong><\/td><td><strong>Docker Swarm<\/strong><\/td><\/tr><tr><td>M\u1ee5c \u0111\u00edch ch\u00ednh<\/td><td>Ph\u00e1t tri\u1ec3n local<\/td><td>Tri\u1ec3n khai ph\u00e2n t\u00e1n (cluster)<\/td><\/tr><tr><td>Quy m\u00f4 tri\u1ec3n khai<\/td><td>M\u1ed9t m\u00e1y<\/td><td>Nhi\u1ec1u m\u00e1y (multi-host)<\/td><\/tr><tr><td>T\u00ednh s\u1eb5n s\u00e0ng cao (HA)<\/td><td>Kh\u00f4ng h\u1ed7 tr\u1ee3<\/td><td>C\u00f3 t\u00edch h\u1ee3p<\/td><\/tr><tr><td>Load balancing<\/td><td>External load balancer c\u1ea7n thi\u1ebft<\/td><td>Built-in load balancing<\/td><\/tr><tr><td>Kh\u1ea3 n\u0103ng m\u1edf r\u1ed9ng t\u1ef1 \u0111\u1ed9ng<\/td><td>Kh\u00f4ng<\/td><td>C\u00f3<\/td><\/tr><tr><td>Qu\u1ea3n l\u00fd tr\u1ea1ng th\u00e1i Container<\/td><td>Kh\u00f4ng<\/td><td>C\u00f3 gi\u00e1m s\u00e1t v\u00e0 kh\u00f4i ph\u1ee5c<\/td><\/tr><tr><td>\u0110\u1ed9 ph\u1ee9c t\u1ea1p c\u1ea5u h\u00ecnh<\/td><td>Th\u1ea5p<\/td><td>Trung b\u00ecnh \u2013 cao<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Khi n\u00e0o n\u00ean ch\u1ecdn Compose, khi n\u00e0o d\u00f9ng Swarm?<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>D\u00f9ng Docker Compose khi b\u1ea1n l\u00e0m vi\u1ec7c v\u1edbi m\u1ed9t nh\u00f3m nh\u1ecf, \u0111ang ph\u00e1t tri\u1ec3n \u1ee9ng d\u1ee5ng ho\u1eb7c test h\u1ec7 th\u1ed1ng tr\u00ean m\u1ed9t m\u00e1y.<\/li>\n\n\n\n<li>D\u00f9ng Docker Swarm khi h\u1ec7 th\u1ed1ng c\u1ea7n tri\u1ec3n khai th\u1ef1c t\u1ebf tr\u00ean nhi\u1ec1u node, y\u00eau c\u1ea7u kh\u1ea3 n\u0103ng ph\u1ee5c h\u1ed3i, m\u1edf r\u1ed9ng v\u00e0 ph\u00e2n ph\u1ed1i t\u1ea3i.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-lam-sao-d\u1ec3-g\u1ee1-container-chi\u1ebfm-port-80\"><strong>L\u00e0m sao \u0111\u1ec3 g\u1ee1 Container chi\u1ebfm port 80?<\/strong><\/h3>\n\n\n\n<p>Trong qu\u00e1 tr\u00ecnh l\u00e0m vi\u1ec7c v\u1edbi Docker, vi\u1ec7c b\u1ecb chi\u1ebfm m\u1ea5t port 80 \u2013 c\u1ed5ng m\u1eb7c \u0111\u1ecbnh cho c\u00e1c \u1ee9ng d\u1ee5ng web \u2013 l\u00e0 l\u1ed7i ph\u1ed5 bi\u1ebfn g\u00e2y ra xung \u0111\u1ed9t khi kh\u1edfi ch\u1ea1y Container m\u1edbi. \u0110\u1ec3 x\u1eed l\u00fd t\u00ecnh hu\u1ed1ng n\u00e0y hi\u1ec7u qu\u1ea3, c\u1ea7n bi\u1ebft c\u00e1ch x\u00e1c \u0111\u1ecbnh Container \u0111ang chi\u1ebfm port 80 v\u00e0 g\u1ee1 b\u1ecf ho\u1eb7c d\u1eebng n\u00f3 m\u1ed9t c\u00e1ch an to\u00e0n. \u0110\u00e2y l\u00e0 c\u00e1ch t\u00f4i th\u01b0\u1eddng l\u00e0m:<\/p>\n\n\n\n<p><strong>B\u01b0\u1edbc 1: X\u00e1c \u0111\u1ecbnh Container \u0111ang s\u1eed d\u1ee5ng port 80<\/strong><\/p>\n\n\n\n<p>Tr\u01b0\u1edbc ti\u00ean, t\u00f4i ki\u1ec3m tra Container n\u00e0o \u0111ang chi\u1ebfm port 80 b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng l\u1ec7nh:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker ps<\/code><\/pre>\n\n\n\n<p>T\u00ecm trong c\u1ed9t PORTS d\u00f2ng n\u00e0o c\u00f3 0.0.0.0:80-&gt;&#8230; ho\u1eb7c :::80-&gt;&#8230;, v\u00ed d\u1ee5: 0.0.0.0:80-&gt;80\/tcp<\/p>\n\n\n\n<p>L\u01b0u l\u1ea1i Container ID ho\u1eb7c t\u00ean Container trong d\u00f2ng \u0111\u00f3 \u0111\u1ec3 x\u1eed l\u00fd \u1edf b\u01b0\u1edbc ti\u1ebfp theo.<\/p>\n\n\n\n<p><strong>B\u01b0\u1edbc 2: D\u1eebng Container \u0111ang chi\u1ebfm port<\/strong><\/p>\n\n\n\n<p>Sau khi x\u00e1c \u0111\u1ecbnh \u0111\u01b0\u1ee3c Container, t\u00f4i d\u1eebng n\u00f3 b\u1eb1ng l\u1ec7nh:&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker stop &lt;Container_id ho\u1eb7c Container_name&gt;<\/code><\/pre>\n\n\n\n<p>V\u00ed d\u1ee5:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker stop web_server<\/code><\/pre>\n\n\n\n<p>L\u1ec7nh n\u00e0y s\u1ebd gi\u1ea3i ph\u00f3ng port 80, cho ph\u00e9p ch\u1ea1y Container m\u1edbi m\u00e0 kh\u00f4ng b\u1ecb xung \u0111\u1ed9t.<\/p>\n\n\n\n<p><strong>B\u01b0\u1edbc 3 (tu\u1ef3 ch\u1ecdn): Xo\u00e1 Container n\u1ebfu kh\u00f4ng c\u00f2n s\u1eed d\u1ee5ng<\/strong><\/p>\n\n\n\n<p>N\u1ebfu t\u00f4i ch\u1eafc ch\u1eafn kh\u00f4ng c\u1ea7n Container \u0111\u00f3 n\u1eefa, c\u00f3 th\u1ec3 xo\u00e1 n\u00f3 ho\u00e0n to\u00e0n b\u1eb1ng l\u1ec7nh:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker rm &lt;Container_id ho\u1eb7c Container_name&gt;<\/code><\/pre>\n\n\n\n<p>\u0110\u1ec3 k\u1ebft h\u1ee3p c\u1ea3 hai b\u01b0\u1edbc (d\u1eebng v\u00e0 xo\u00e1), t\u00f4i c\u00f3 th\u1ec3 d\u00f9ng m\u1ed9t l\u1ec7nh duy nh\u1ea5t:&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker rm -f &lt;Container_id ho\u1eb7c Container_name&gt;<\/code><\/pre>\n\n\n\n<p>M\u1ed9t s\u1ed1 kinh nghi\u1ec7m c\u1ee7a t\u00f4i:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Kh\u00f4ng n\u00ean xo\u00e1 Container n\u1ebfu \u0111ang d\u00f9ng trong production, c\u1ea7n ki\u1ec3m tra k\u1ef9 tr\u01b0\u1edbc khi thao t\u00e1c.<\/li>\n\n\n\n<li>N\u1ebfu Container kh\u1edfi \u0111\u1ed9ng l\u1ea1i t\u1ef1 \u0111\u1ed9ng sau khi d\u1eebng, c\u00f3 th\u1ec3 n\u00f3 \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp v\u1edbi restart policy, c\u1ea7n xo\u00e1 ho\u1eb7c thay \u0111\u1ed5i thi\u1ebft l\u1eadp \u0111\u00f3.<\/li>\n\n\n\n<li>Trong m\u1ed9t s\u1ed1 tr\u01b0\u1eddng h\u1ee3p, d\u1ecbch v\u1ee5 kh\u00e1c kh\u00f4ng thu\u1ed9c Docker (nh\u01b0 Apache\/Nginx c\u00e0i s\u1eb5n) c\u0169ng c\u00f3 th\u1ec3 chi\u1ebfm port 80. Khi \u0111\u00f3 n\u00ean d\u00f9ng: sudo lsof -i :80 \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh ch\u00ednh x\u00e1c ti\u1ebfn tr\u00ecnh (process) n\u00e0o \u0111ang chi\u1ebfm d\u1ee5ng port.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-docker-compose-v2-va-v3-khac-nhau-di\u1ec3m-gi\"><strong>Docker Compose v2 v\u00e0 v3 kh\u00e1c nhau \u0111i\u1ec3m g\u00ec?<\/strong><\/h3>\n\n\n\n<p>S\u1ef1 kh\u00e1c bi\u1ec7t ch\u1ee7 y\u1ebfu n\u1eb1m \u1edf m\u1ee5c ti\u00eau s\u1eed d\u1ee5ng v\u00e0 t\u00ednh n\u0103ng h\u1ed7 tr\u1ee3:<\/p>\n\n\n\n<p><strong>Docker Compose v2 <\/strong>\u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf cho m\u00f4i tr\u01b0\u1eddng local ho\u1eb7c single-host. N\u00f3 h\u1ed7 tr\u1ee3:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>M\u1ea1ng l\u01b0\u1edbi ri\u00eang (bridge): S\u1eed d\u1ee5ng bridge \u0111\u1ec3 k\u1ebft n\u1ed1i c\u00e1c Container v\u00e0 c\u00f3 t\u00ean d\u1ecbch v\u1ee5 l\u00e0m hostname.<\/li>\n\n\n\n<li>Named Volumes: H\u1ed7 tr\u1ee3 khai b\u00e1o Volume d\u1ec5 d\u00e0ng th\u00f4ng qua file YAML.<\/li>\n\n\n\n<li>Kh\u00f4ng h\u1ed7 tr\u1ee3 Swarm: \u0110\u00e2y l\u00e0 phi\u00ean b\u1ea3n ch\u1ee7 y\u1ebfu d\u00f9ng cho m\u00f4i tr\u01b0\u1eddng ph\u00e1t tri\u1ec3n ho\u1eb7c h\u1ec7 th\u1ed1ng m\u1ed9t m\u00e1y ch\u1ee7.<\/li>\n\n\n\n<li>Gi\u00e1 tr\u1ecb n\u00e2ng cao kh\u00e1c: T\u00edch h\u1ee3p depends_on, c\u1ea5u h\u00ecnh m\u00f4i tr\u01b0\u1eddng cpu_shares, mem_limit<\/li>\n\n\n\n<li>H\u1ed7 tr\u1ee3 \u0111a lo\u1ea1i m\u1ea1ng v\u00e0 build context d\u1ec5 d\u00e0ng v\u1edbi c\u00e1c phi\u00ean b\u1ea3n nh\u01b0 2.3, 2.4. bridge network, named volumes, v\u00e0 c\u00e1c c\u1ea5u h\u00ecnh t\u00e0i nguy\u00ean (CPU, RAM) ngay trong service.<\/li>\n<\/ul>\n\n\n\n<p>Phi\u00ean b\u1ea3n n\u00e0y ph\u00f9 h\u1ee3p cho ph\u00e1t tri\u1ec3n v\u00e0 th\u1eed nghi\u1ec7m h\u01a1n l\u00e0 production ph\u00e2n t\u00e1n.<\/p>\n\n\n\n<p><strong>Docker Compose v3 <\/strong>h\u01b0\u1edbng \u0111\u1ebfn tri\u1ec3n khai production ph\u00e2n t\u00e1n tr\u00ean Docker Swarm v\u1edbi c\u00e1c t\u00ednh n\u0103ng nh\u01b0:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T\u01b0\u01a1ng th\u00edch v\u1edbi Swarm mode: Th\u00eam ph\u1ea7n deploy \u0111\u1ec3 m\u00f4 t\u1ea3 replica, scaling, c\u1ea5u h\u00ecnh c\u1eadp nh\u1eadt, ph\u00f9 h\u1ee3p v\u1edbi tri\u1ec3n khai production ph\u00e2n t\u00e1n.<\/li>\n\n\n\n<li>Gi\u1ea3m m\u1ed9t s\u1ed1 c\u1ea5u h\u00ecnh V2: Lo\u1ea1i b\u1ecf c\u00e1c thu\u1ed9c t\u00ednh nh\u01b0 Volumes_from, cpu_shares, extends,&#8230; \u0110\u00e2y l\u00e0 b\u01b0\u1edbc h\u01b0\u1edbng \u0111\u1ebfn ti\u00eau chu\u1ea9n h\u00f3a kh\u00e2u deploy.<\/li>\n\n\n\n<li>Ph\u00e2n bi\u1ec7t r\u00f5 gi\u1eefa ph\u00e1t tri\u1ec3n v\u00e0 deploy: C\u00e1c c\u1ea5u h\u00ecnh t\u00e0i nguy\u00ean (CPU, mem) \u0111\u01b0\u1ee3c chuy\u1ec3n v\u00e0o m\u1ee5c deploy, ch\u1ec9 c\u00f3 hi\u1ec7u l\u1ef1c trong swarm. Khi d\u00f9ng docker-Compose, ph\u1ea7n n\u00e0y s\u1ebd b\u1ecb b\u1ecf qua&nbsp;<\/li>\n\n\n\n<li>Docker Documentation.<\/li>\n\n\n\n<li>H\u1ed7 tr\u1ee3 m\u1ea1ng overlay v\u00e0 stacks: Ph\u00f9 h\u1ee3p khi b\u1ea1n c\u1ea7n tri\u1ec3n khai h\u1ec7 th\u1ed1ng microservices v\u1eeba ch\u1ea1y tr\u00ean nhi\u1ec1u node, v\u1eeba c\u1ea7n c\u00e2n b\u1eb1ng t\u1ea3i v\u00e0 high availability.<\/li>\n<\/ul>\n\n\n\n<p>B\u1ea3ng so s\u00e1nh Docker Compose v2 v\u00e0 Docker Compose v3:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Ti\u00eau ch\u00ed<\/strong><\/td><td><strong>Docker Compose v2<\/strong><\/td><td><strong>Docker Compose v3<\/strong><\/td><\/tr><tr><td>M\u1ee5c ti\u00eau ch\u00ednh<\/td><td>Local ho\u1eb7c single-host development<\/td><td>Production, clustering v\u1edbi Docker Swarm<\/td><\/tr><tr><td>H\u1ed7 tr\u1ee3 Volumes_from<\/td><td>C\u00f3<\/td><td>B\u1ecf<\/td><\/tr><tr><td>C\u1ea5u h\u00ecnh t\u00e0i nguy\u00ean<\/td><td>Ngay trong d\u1ecbch v\u1ee5 (cpu, mem\u2026)<\/td><td>Trong deploy ch\u1ec9 d\u00e0nh cho swarm<\/td><\/tr><tr><td>Networking<\/td><td>Bridge m\u1eb7c \u0111\u1ecbnh, d\u1ec5 c\u1ea5u h\u00ecnh<\/td><td>Overlay v\u00e0 stack ph\u00f9 h\u1ee3p v\u1edbi ph\u00e2n t\u00e1n<\/td><\/tr><tr><td>C\u1ea5u h\u00ecnh m\u1edf r\u1ed9ng<\/td><td>Gi\u1ea3n ti\u1ec7n cho tr\u01b0\u1eddng h\u1ee3p \u0111\u01a1n gi\u1ea3n<\/td><td>\u0110\u1ea7y \u0111\u1ee7 cho production<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cau-h\u1ecfi-ph\u1ecfng-v\u1ea5n-docker-nang-cao-advanced-level\"><span class=\"ez-toc-section\" id=\"Cau_hoi_phong_van_Docker_nang_cao_Advanced_Level\"><\/span><strong>C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker n\u00e2ng cao (Advanced Level)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-hay-chia-s\u1ebb-kinh-nghi\u1ec7m-c\u1ee7a-b\u1ea1n-khi-s\u1eed-d\u1ee5ng-docker-swarm-ho\u1eb7c-kubernetes-d\u1ec3-di\u1ec1u-ph\u1ed1i-cac-container-docker-\u01b0u-va-nh\u01b0\u1ee3c-di\u1ec3m-c\u1ee7a-t\u1eebng-gi\u1ea3i-phap-la-gi-va-khi-nao-b\u1ea1n-nen-ch\u1ecdn-gi\u1ea3i-phap-nay-thay-vi-gi\u1ea3i-phap-kia\"><strong>H\u00e3y chia s\u1ebb kinh nghi\u1ec7m c\u1ee7a b\u1ea1n khi s\u1eed d\u1ee5ng Docker Swarm ho\u1eb7c Kubernetes \u0111\u1ec3 \u0111i\u1ec1u ph\u1ed1i c\u00e1c Container Docker. \u01afu v\u00e0 nh\u01b0\u1ee3c \u0111i\u1ec3m c\u1ee7a t\u1eebng gi\u1ea3i ph\u00e1p l\u00e0 g\u00ec, v\u00e0 khi n\u00e0o b\u1ea1n n\u00ean ch\u1ecdn gi\u1ea3i ph\u00e1p n\u00e0y thay v\u00ec gi\u1ea3i ph\u00e1p kia?<\/strong><\/h3>\n\n\n\n<p>Trong th\u1ef1c t\u1ebf, Docker Swarm v\u00e0 Kubernetes \u0111\u1ec1u l\u00e0 nh\u1eefng h\u1ec7 th\u1ed1ng orchestration ph\u1ed5 bi\u1ebfn, m\u1ed7i n\u1ec1n t\u1ea3ng h\u01b0\u1edbng t\u1edbi t\u1eebng m\u1ee5c ti\u00eau s\u1eed d\u1ee5ng kh\u00e1c nhau.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-docker-swarm-tinh-gi\u1ea3n-amp-nhanh-chong\"><strong>Docker Swarm \u2013 Tinh gi\u1ea3n &amp; Nhanh ch\u00f3ng<\/strong><\/h4>\n\n\n\n<p>\u01afu \u0111i\u1ec3m:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>D\u1ec5 tri\u1ec3n khai v\u00e0 k\u1ebft h\u1ee3p ho\u00e0n h\u1ea3o v\u1edbi Docker CLI v\u00e0 Docker Compose, h\u1ed7 tr\u1ee3 nhanh c\u00e1c k\u1ecbch b\u1ea3n ph\u00e1t tri\u1ec3n ho\u1eb7c m\u00f4i tr\u01b0\u1eddng test nh\u1ecf.&nbsp;<\/li>\n\n\n\n<li>G\u1ecdn nh\u1eb9, \u00edt overhead, ph\u00f9 h\u1ee3p khi b\u1ea1n mu\u1ed1n kh\u1edfi t\u1ea1o cluster \u0111\u01a1n gi\u1ea3n v\u00e0 d\u1ec5 qu\u1ea3n l\u00fd.&nbsp;<\/li>\n\n\n\n<li>Kh\u1ea3 n\u0103ng scale c\u01a1 b\u1ea3n, c\u1eadp nh\u1eadt cu\u1ed1n chi\u1ebfu v\u00e0 tri\u1ec3n khai v\u1edbi c\u00fa ph\u00e1p Docker quen thu\u1ed9c.<\/li>\n\n\n\n<li>T\u00edch h\u1ee3p s\u1eb5n v\u00e0o Docker Engine, kh\u00f4ng c\u1ea7n c\u00e0i \u0111\u1eb7t th\u00eam components<\/li>\n\n\n\n<li>Service discovery v\u00e0 load balancing t\u1ef1 \u0111\u1ed9ng<\/li>\n\n\n\n<li>Qu\u1ea3n l\u00fd secrets v\u00e0 configs \u0111\u01a1n gi\u1ea3n<\/li>\n<\/ul>\n\n\n\n<p>Nh\u01b0\u1ee3c \u0111i\u1ec3m:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T\u00ednh n\u0103ng h\u1ea1n ch\u1ebf, \u0111\u1eb7c bi\u1ec7t thi\u1ebfu nhi\u1ec1u h\u1ed7 tr\u1ee3 cho m\u00f4i tr\u01b0\u1eddng ph\u1ee9c t\u1ea1p nh\u01b0 autoscaling, network policy, hay kh\u1ea3 n\u0103ng m\u1edf r\u1ed9ng quy m\u00f4.&nbsp;<\/li>\n\n\n\n<li>M\u00f4i tr\u01b0\u1eddng h\u1ed7 tr\u1ee3 c\u1ed9ng \u0111\u1ed3ng nh\u1ecf, thi\u1ebfu nhi\u1ec1u c\u00f4ng c\u1ee5 m\u1edf r\u1ed9ng so v\u1edbi Kubernetes.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Kinh nghi\u1ec7m th\u1ef1c t\u1ebf: T\u00f4i \u0111\u00e1nh gi\u00e1 Swarm r\u1ea5t ph\u00f9 h\u1ee3p cho \u1ee9ng d\u1ee5ng nh\u1ecf ho\u1eb7c c\u00e1c h\u1ec7 th\u1ed1ng nh\u1ecf l\u1ebb, tuy nhi\u00ean Docker \u0111\u00e3 ng\u1eebng active development cho Swarm mode k\u1ec3 t\u1eeb n\u0103m 2019.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-kubernetes-toan-di\u1ec7n-amp-m\u1ea1nh-m\u1ebd\"><strong>Kubernetes \u2013 To\u00e0n di\u1ec7n &amp; M\u1ea1nh m\u1ebd<\/strong><\/h4>\n\n\n\n<p>\u01afu \u0111i\u1ec3m:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>H\u1ed7 tr\u1ee3 t\u1ef1 \u0111\u1ed9ng scale, t\u1ef1 ph\u1ee5c h\u1ed3i, c\u1ea5u h\u00ecnh rollout\/rollback, qu\u1ea3n l\u00fd tr\u1ea1ng th\u00e1i cluster r\u1ea5t t\u1ed1t<\/li>\n\n\n\n<li>M\u1ea1ng v\u00e0 l\u01b0u tr\u1eef \u0111a d\u1ea1ng, t\u1eeb CNI plugins, DNS service, cho t\u1edbi PersistentVolumes ph\u1ee5c v\u1ee5 \u1ee9ng d\u1ee5ng stateful<\/li>\n\n\n\n<li>H\u1ec7 sinh th\u00e1i m\u1ea1nh m\u1ebd, c\u1ed9ng \u0111\u1ed3ng \u0111\u00f4ng \u0111\u1ea3o, h\u00e0ng t\u00e1 c\u00f4ng c\u1ee5 t\u00edch h\u1ee3p v\u00e0 d\u1ecbch v\u1ee5 cloud-managed (GKE, EKS, v.v.)<\/li>\n\n\n\n<li>RBAC phong ph\u00fa v\u00e0 m\u00f4 h\u00ecnh b\u1ea3o m\u1eadt<\/li>\n\n\n\n<li>H\u1ed7 tr\u1ee3 c\u00e1c workload ph\u1ee9c t\u1ea1p: scheduling n\u00e2ng cao v\u1edbi node affinity, taints, tolerations; StatefulSets cho \u1ee9ng d\u1ee5ng stateful; Custom Resource Definitions (CRDs) cho kh\u1ea3 n\u0103ng m\u1edf r\u1ed9ng<\/li>\n\n\n\n<li>H\u1ec7 sinh th\u00e1i gi\u00e1m s\u00e1t v\u00e0 logging to\u00e0n di\u1ec7n<\/li>\n<\/ul>\n\n\n\n<p>Nh\u01b0\u1ee3c \u0111i\u1ec3m:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Kh\u00f3 setup, qu\u1ea3n l\u00fd v\u00e0 h\u1ecdc t\u1eadp, \u0111\u00f2i h\u1ecfi nhi\u1ec1u ki\u1ebfn th\u1ee9c v\u1ec1 cluster v\u00e0 DeVops<\/li>\n\n\n\n<li>Chi ph\u00ed v\u1eadn h\u00e0nh cao h\u01a1n, c\u1ea7n \u0111\u1ed9i ng\u0169 h\u1ea1 t\u1ea7ng h\u1ed7 tr\u1ee3 v\u1eadn h\u00e0nh production<\/li>\n\n\n\n<li>Overhead ph\u1ee9c t\u1ea1p cho \u1ee9ng d\u1ee5ng nh\u1ecf<\/li>\n\n\n\n<li>Ng\u1ed1n t\u00e0i nguy\u00ean (nh\u1ea5t l\u00e0 cho control plane)<\/li>\n\n\n\n<li>M\u1ea5t nhi\u1ec1u th\u1eddi gian \u0111\u1ec3 th\u00e0nh th\u1ea1o<\/li>\n<\/ul>\n\n\n\n<p>Kinh nghi\u1ec7m th\u1ef1c t\u1ebf: T\u00f4i b\u1eaft \u0111\u1ea7u v\u1edbi Swarm v\u00ec \u0111\u01a1n gi\u1ea3n, nh\u01b0ng khi h\u1ec7 th\u1ed1ng ph\u00e1t tri\u1ec3n, t\u00f4i \u0111\u00e3 chuy\u1ec3n sang Kubernetes \u0111\u1ec3 h\u01b0\u1edfng l\u1ee3i t\u1eeb t\u00ednh t\u1ef1 \u0111\u1ed9ng v\u00e0 kh\u1ea3 n\u0103ng m\u1edf r\u1ed9ng.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-khi-nen-ch\u1ecdn-docker-swarm-khi-nao-ch\u1ecdn-kubernetes\"><strong>Khi n\u00ean ch\u1ecdn Docker Swarm, khi n\u00e0o ch\u1ecdn Kubernetes?<\/strong><\/h4>\n\n\n\n<p>Ch\u1ecdn Docker Swarm khi:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>C\u1ea7n kh\u1edfi \u0111\u1ed9ng cluster nhanh, setup \u0111\u01a1n gi\u1ea3n.<\/li>\n\n\n\n<li>D\u1ef1 \u00e1n nh\u1ecf, kh\u00f4ng c\u1ea7n autoscaling hay orchestrator ph\u1ee9c t\u1ea1p.<\/li>\n\n\n\n<li>\u0110\u1ed9i ng\u0169 kh\u00f4ng c\u00f3 nhi\u1ec1u kinh nghi\u1ec7m Kubernetes v\u00e0 mu\u1ed1n t\u1eadp trung v\u00e0o ph\u00e1t tri\u1ec3n.<\/li>\n<\/ul>\n\n\n\n<p>Ch\u1ecdn Kubernetes khi:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>H\u1ec7 th\u1ed1ng c\u1ea7n m\u1edf r\u1ed9ng, c\u00f3 c\u1ea5u tr\u00fac microservices ph\u1ee9c t\u1ea1p, c\u1ea7n t\u00edch h\u1ee3p CI\/CD, t\u1ef1 \u0111\u1ed9ng scale v\u00e0 ph\u1ee5c h\u1ed3i.<\/li>\n\n\n\n<li>Mong mu\u1ed1n t\u1eadn d\u1ee5ng h\u1ec7 sinh th\u00e1i tools, RBAC, Network policy v\u00e0 storage m\u1ea1nh m\u1ebd.<\/li>\n\n\n\n<li>C\u00f3 s\u1eb5n \u0111\u1ed9i ng\u0169 c\u00f3 kh\u1ea3 n\u0103ng v\u1eadn h\u00e0nh cluster ph\u1ee9c t\u1ea1p.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-m\u1ed9t-s\u1ed1-ph\u01b0\u01a1ng-phap-hay-nh\u1ea5t-d\u1ec3-vi\u1ebft-dockerfile-la-gi\"><strong>M\u1ed9t s\u1ed1 ph\u01b0\u01a1ng ph\u00e1p hay nh\u1ea5t \u0111\u1ec3 vi\u1ebft Dockerfile l\u00e0 g\u00ec?<\/strong><\/h3>\n\n\n\n<p>Khi vi\u1ebft Dockerfile, t\u00f4i lu\u00f4n \u00e1p d\u1ee5ng m\u1ed9t s\u1ed1 best practices \u0111\u1ec3 gi\u1eef Image nh\u1eb9, b\u1ea3o m\u1eadt, v\u00e0 d\u1ec5 duy tr\u00ec. C\u1ee5 th\u1ec3:<\/p>\n\n\n\n<p><strong>Ch\u1ecdn base Image ch\u00ednh th\u1ee9c, nh\u1eb9 v\u00e0 ph\u00f9 h\u1ee3p<\/strong><\/p>\n\n\n\n<p>Kh\u1edfi \u0111\u1ea7u Dockerfile b\u1eb1ng m\u1ed9t base Image ngu\u1ed3n g\u1ed1c r\u00f5 r\u00e0ng (nh\u01b0 t\u1eeb Docker Hub official) v\u00e0 \u01b0u ti\u00ean phi\u00ean b\u1ea3n nh\u1eb9 nh\u01b0 alpine, -slim, ho\u1eb7c distroless. \u0110i\u1ec1u n\u00e0y kh\u00f4ng ch\u1ec9 gi\u1ea3m k\u00edch th\u01b0\u1edbc Image m\u00e0 c\u00f2n b\u1edbt r\u1ee7i ro b\u1ea3o m\u1eadt t\u1eeb th\u01b0 vi\u1ec7n th\u1eeba.<\/p>\n\n\n\n<p><strong>\u00c1p d\u1ee5ng multi-stage builds \u0111\u1ec3 s\u1ea1ch v\u00e0 nh\u1ecf g\u1ecdn<\/strong><\/p>\n\n\n\n<p>S\u1eed d\u1ee5ng multi-stage build \u0111\u1ec3 t\u00e1ch giai \u0111o\u1ea1n build \u0111\u1ea7y \u0111\u1ee7 c\u00f4ng c\u1ee5 (compiler, dependencies&#8230;) kh\u1ecfi Image cu\u1ed1i c\u00f9ng. Ch\u1ec9 copy nh\u1eefng th\u00e0nh ph\u1ea7n th\u1ef1c s\u1ef1 c\u1ea7n thi\u1ebft v\u00e0o Image deploy. \u0110i\u1ec1u n\u00e0y gi\u00fap Image nh\u1eb9 v\u00e0 s\u1ea1ch h\u01a1n.<\/p>\n\n\n\n<p><strong>Gi\u1ea3m s\u1ed1 layers b\u1eb1ng c\u00e1ch k\u1ebft h\u1ee3p c\u00e1c l\u1ec7nh<\/strong><\/p>\n\n\n\n<p>M\u1ed7i instruction nh\u01b0 <code>RUN<\/code>, <code>COPY<\/code>, <code>ADD<\/code> t\u1ea1o m\u1ed9t layer ri\u00eang. G\u1ed9p nhi\u1ec1u l\u1ec7nh v\u1edbi &amp;&amp; trong m\u1ed9t RUN, s\u1eed d\u1ee5ng WORKDIR thay v\u00ec mkdir\/cd. \u0110i\u1ec1u n\u00e0y gi\u00fap gi\u1ea3m s\u1ed1 l\u1edbp, t\u0103ng t\u1ed1c build v\u00e0 gi\u1ea3m k\u00edch th\u01b0\u1edbc \u1ea3nh.<\/p>\n\n\n\n<p><strong>T\u1eadn d\u1ee5ng caching v\u00e0 th\u1ee9 t\u1ef1 di\u1ec5n gi\u1ea3i Dockerfile<\/strong><\/p>\n\n\n\n<p>S\u1eafp x\u1ebfp c\u00e1c l\u1ec7nh theo th\u1ee9 t\u1ef1 thay \u0111\u1ed5i \u00edt \u2192 thay \u0111\u1ed5i nhi\u1ec1u (v\u00ed d\u1ee5: install dependencies tr\u01b0\u1edbc, copy source sau) \u0111\u1ec3 Docker t\u1eadn d\u1ee5ng cache t\u1ed1i \u01b0u khi rebuild, gi\u00fap ti\u1ebft ki\u1ec7m th\u1eddi gian.<\/p>\n\n\n\n<p><strong>D\u00f9ng file .dockerignore \u0111\u1ec3 lo\u1ea1i tr\u1eeb n\u1ed9i dung kh\u00f4ng c\u1ea7n<\/strong><\/p>\n\n\n\n<p>T\u1ea1o .dockerignore \u0111\u1ec3 tr\u00e1nh copy c\u00e1c file kh\u00f4ng c\u1ea7n thi\u1ebft (nh\u01b0 node_modules, .git, logs, file t\u1ea1m\u2026) v\u00e0o build context. Vi\u1ec7c n\u00e0y gi\u00fap gi\u1ea3m k\u00edch th\u01b0\u1edbc context v\u00e0 t\u0103ng t\u1ed1c build.<\/p>\n\n\n\n<p><strong>Lo\u1ea1i b\u1ecf file t\u1ea1m v\u00e0 cache trong c\u00f9ng m\u1ed9t layer<\/strong><\/p>\n\n\n\n<p>Sau khi c\u00e0i \u0111\u1eb7t g\u00f3i ho\u1eb7c dependencies, clean cache ngay trong c\u00f9ng c\u00e2u l\u1ec7nh RUN \u0111\u1ec3 tr\u00e1nh l\u01b0u l\u1ea1i file t\u1ea1m trong layer hi\u1ec7n t\u1ea1i.<\/p>\n\n\n\n<p><strong>Kh\u00f4ng ch\u1ea1y Container d\u01b0\u1edbi quy\u1ec1n root<\/strong><\/p>\n\n\n\n<p>N\u1ebfu c\u00e1c Container m\u1eb7c \u0111\u1ecbnh ch\u1ea1y v\u1edbi quy\u1ec1n root s\u1ebd ti\u1ec1m \u1ea9n r\u1ee7i ro b\u1ea3o m\u1eadt. T\u00f4i th\u01b0\u1eddng t\u1ea1o ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng ph\u1ea3i root v\u00e0 chuy\u1ec3n sang quy\u1ec1n \u0111\u00f3 b\u1eb1ng USER trong Dockerfile.<\/p>\n\n\n\n<p><strong>S\u1eed d\u1ee5ng tags c\u1ed1 \u0111\u1ecbnh v\u00e0 scan b\u1ea3o m\u1eadt th\u01b0\u1eddng xuy\u00ean<\/strong><\/p>\n\n\n\n<p>T\u00f4i kh\u00f4ng d\u00f9ng tag latest, m\u00e0i th\u01b0\u1eddng ch\u1ec9 \u0111\u1ecbnh r\u00f5 tag\/version (v\u00ed d\u1ee5 nginx:1.23.1) \u0111\u1ec3 c\u00f3 kh\u1ea3 n\u0103ng truy v\u1ebft Image, \u0111\u1ed3ng th\u1eddi t\u00edch h\u1ee3p qu\u00e9t l\u1ed7 h\u1ed5ng (Docker Scan, Trivy&#8230;) trong CI\/CD \u0111\u1ec3 h\u1ea1n ch\u1ebf r\u1ee7i ro b\u1ea3o m\u1eadt.<\/p>\n\n\n\n<p><strong>Ghi ch\u00fa, t\u1ed5 ch\u1ee9c v\u00e0 t\u00e1i s\u1eed d\u1ee5ng c\u00e1c stage<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Th\u00eam c\u00e1c ghi ch\u00fa (comment) ngay trong Dockerfile \u0111\u1ec3 gi\u00fap ng\u01b0\u1eddi kh\u00e1c hi\u1ec3u logic nhanh h\u01a1n.<\/li>\n\n\n\n<li>N\u1ebfu c\u00f3 ph\u1ea7n logic \u201ccommon\u201d gi\u1eefa nhi\u1ec1u Image, d\u00f9ng reusable stage \u0111\u1ec3 tr\u00e1nh l\u1eb7p l\u1ea1i (AS builder).<\/li>\n<\/ul>\n\n\n\n<p><strong>T\u1ed1i \u01b0u hi\u1ec7u su\u1ea5t build qua layering, base Image ph\u00f9 h\u1ee3p, v\u00e0 caching<\/strong><\/p>\n\n\n\n<p>Vi\u1ec7c ch\u1ecdn \u0111\u00fang base Image, s\u1eafp x\u1ebfp layer h\u1ee3p l\u00fd, t\u1eadn d\u1ee5ng cache v\u00e0 s\u1eed d\u1ee5ng multi-stage builds c\u00f3 th\u1ec3 gi\u1ea3m th\u1eddi gian build v\u00e0 k\u00edch th\u01b0\u1edbc Image.<\/p>\n\n\n\n<p>T\u00f3m t\u1eaft nhanh:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>M\u1ee5c ti\u00eau<\/strong><\/td><td><strong>Best Practice<\/strong><\/td><\/tr><tr><td>Gi\u1ea3m k\u00edch th\u01b0\u1edbc Image<\/td><td>Ch\u1ecdn base Image nh\u1eb9, d\u00f9ng multi-stage, x\u00f3a cache<\/td><\/tr><tr><td>T\u0103ng t\u1ed1c \u0111\u1ed9 build<\/td><td>T\u1ed1i \u01b0u th\u1ee9 t\u1ef1 l\u1ec7nh, t\u1eadn d\u1ee5ng Docker cache<\/td><\/tr><tr><td>B\u1ea3o m\u1eadt v\u00e0 minh b\u1ea1ch<\/td><td>D\u00f9ng user kh\u00f4ng root, tag c\u1ee5 th\u1ec3, scan \u0111\u1ecbnh k\u1ef3<\/td><\/tr><tr><td>D\u1ec5 duy tr\u00ec &amp; debug<\/td><td>Vi\u1ebft r\u00f5 r\u00e0ng, d\u00f9ng .dockerignore, t\u1ed5 ch\u1ee9c stage<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-lam-th\u1ebf-nao-d\u1ec3-gi\u1edbi-h\u1ea1n-cpu-va-ram-cho-m\u1ed9t-container-nbsp\"><strong>L\u00e0m th\u1ebf n\u00e0o \u0111\u1ec3 gi\u1edbi h\u1ea1n CPU v\u00e0 RAM cho m\u1ed9t Container?&nbsp;<\/strong><\/h3>\n\n\n\n<p>T\u00f4i th\u01b0\u1eddng gi\u1edbi h\u1ea1n t\u00e0i nguy\u00ean cho Container b\u1eb1ng c\u00e1c tham s\u1ed1 CPU v\u00e0 b\u1ed9 nh\u1edb ngay khi ch\u1ea1y docker run ho\u1eb7c trong Docker Compose. C\u00e1ch ti\u1ebfp c\u1eadn nh\u01b0 sau:<\/p>\n\n\n\n<p>Gi\u1edbi h\u1ea1n CPU:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>--cpus<\/code>: Gi\u1edbi h\u1ea1n s\u1ed1 l\u01b0\u1ee3ng CPU (c\u00f3 th\u1ec3 d\u00f9ng ph\u1ea7n th\u1eadp ph\u00e2n). V\u00ed d\u1ee5, <code>--cpus=2<\/code> cho ph\u00e9p Container d\u00f9ng t\u1ed1i \u0111a 2 l\u00f5i CPU.<\/li>\n\n\n\n<li><code>--cpuset-cpus<\/code>: R\u00e0ng bu\u1ed9c Container ch\u1ec9 \u0111\u01b0\u1ee3c ph\u00e9p s\u1eed d\u1ee5ng m\u1ed9t ho\u1eb7c m\u1ed9t nh\u00f3m l\u00f5i nh\u1ea5t \u0111\u1ecbnh, ch\u1eb3ng h\u1ea1n &#8220;0-2&#8221; hay &#8220;1,3&#8221;.<\/li>\n\n\n\n<li><code>--cpu-shares<\/code>: \u0110\u1eb7t \u01b0u ti\u00ean CPU t\u01b0\u01a1ng \u0111\u1ed1i khi c\u00f3 nhi\u1ec1u Container c\u1ea1nh tranh t\u00e0i nguy\u00ean (m\u1eb7c \u0111\u1ecbnh l\u00e0 1024; s\u1ed1 cao h\u01a1n s\u1ebd \u0111\u01b0\u1ee3c \u01b0u ti\u00ean h\u01a1n).<\/li>\n\n\n\n<li><code>--cpu-period<\/code> v\u00e0 <code>--cpu-quota<\/code>: Cho ph\u00e9p ki\u1ec3m so\u00e1t chi ti\u1ebft h\u01a1n b\u1eb1ng th\u1eddi gian ch\u1ebf \u0111\u1ed9 CFS. V\u00ed d\u1ee5, \u0111\u1ec3 gi\u1edbi h\u1ea1n Container s\u1eed d\u1ee5ng 50% CPU, b\u1ea1n c\u00f3 th\u1ec3 thi\u1ebft l\u1eadp <code>--cpu-period=100000 --cpu-quota=50000<\/code>.<\/li>\n<\/ul>\n\n\n\n<p>Gi\u1edbi h\u1ea1n b\u1ed9 nh\u1edb RAM<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>--memory<\/code> (<code>-m<\/code>): Gi\u1edbi h\u1ea1n ch\u1eb7t ch\u1ebd v\u1ec1 l\u01b0\u1ee3ng RAM Container c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng (v\u00ed d\u1ee5: &#8220;512m&#8221;). \u0110\u00e2y l\u00e0 hard limit \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng b\u1edfi h\u1ec7 th\u1ed1ng.<\/li>\n\n\n\n<li><code>--memory-swap<\/code>: Quy \u0111\u1ecbnh t\u1ed5ng b\u1ed9 nh\u1edb (RAM + swap) m\u00e0 Container c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng. N\u1ebfu b\u1ea1n kh\u00f4ng mu\u1ed1n s\u1eed d\u1ee5ng swap, h\u00e3y \u0111\u1eb7t <code>--memory-swap<\/code> tr\u00f9ng v\u1edbi <code>--memory<\/code>.<\/li>\n\n\n\n<li><code>--memory-reservation<\/code>: Soft limit, s\u1ebd \u0111\u01b0\u1ee3c k\u00edch ho\u1ea1t khi h\u1ec7 th\u1ed1ng c\u00f3 s\u1ef1 c\u1ea1nh tranh t\u00e0i nguy\u00ean; n\u00f3 th\u1ea5p h\u01a1n <code>--memory<\/code> v\u00e0 ch\u1ec9 l\u00e0 gi\u1edbi h\u1ea1n \u201cm\u1ec1m\u201d.<\/li>\n\n\n\n<li><code>--kernel-memory<\/code>: Gi\u1edbi h\u1ea1n b\u1ed9 nh\u1edb kernel. C\u1ea7n d\u00f9ng c\u1ea9n tr\u1ecdng v\u00ec n\u1ebfu thi\u1ebfu s\u1ebd \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn ho\u1ea1t \u0111\u1ed9ng c\u1ee7a Container v\u00e0 host.<\/li>\n\n\n\n<li><code>--oom-kill-disable<\/code>: V\u00f4 hi\u1ec7u h\u00f3a OOM killer cho Container (ch\u1ec9 n\u00ean d\u00f9ng khi \u0111\u00e3 set memory limit).<\/li>\n\n\n\n<li><code>--memory-swappiness<\/code>: Ki\u1ec3m so\u00e1t m\u1ee9c \u0111\u1ed9 s\u1eed d\u1ee5ng swap (gi\u00e1 tr\u1ecb t\u1eeb 0-100).<\/li>\n<\/ul>\n\n\n\n<p>Sau khi thi\u1ebft l\u1eadp gi\u1edbi h\u1ea1n, t\u00f4i ki\u1ec3m tra hi\u1ec7u qu\u1ea3 b\u1eb1ng:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker stats<\/code><\/pre>\n\n\n\n<p>L\u1ec7nh n\u00e0y hi\u1ec3n th\u1ecb CPU% RAM s\u1eed d\u1ee5ng\/gi\u1edbi h\u1ea1n c\u0169ng nh\u01b0 I\/O\u2014gi\u00fap t\u00f4i x\u00e1c nh\u1eadn xem c\u00e1c t\u00f9y ch\u1ecdn \u0111\u00e3 \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng \u0111\u00fang hay ch\u01b0a.<\/p>\n\n\n\n<p>V\u00ed d\u1ee5 minh ho\u1ea1:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker run -d \\\n\u00a0\u00a0--cpus=\"1.5\" \\\n\u00a0\u00a0--memory=\"512m\" \\\n\u00a0\u00a0--memory-swap=\"1g\" \\\n\u00a0\u00a0nginx<\/code><\/pre>\n\n\n\n<p>L\u1ec7nh n\u00e0y s\u1ebd kh\u1edfi t\u1ea1o m\u1ed9t Container Nginx, gi\u1edbi h\u1ea1n s\u1eed d\u1ee5ng t\u1ed1i \u0111a 1.5 CPU v\u00e0 512\u202fMB RAM, v\u1edbi t\u1ed5ng b\u1ed9 nh\u1edb RAM + swap kh\u00f4ng v\u01b0\u1ee3t qu\u00e1 1\u202fGB.<\/p>\n\n\n\n<p>Ho\u1eb7c n\u1ebfu d\u00f9ng Docker Compose (phi\u00ean b\u1ea3n 3+):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>services:\n\u00a0\u00a0app:\n\u00a0\u00a0\u00a0\u00a0Image: myapp\n\u00a0\u00a0\u00a0\u00a0cpus: \"0.5\"\n\u00a0\u00a0\u00a0\u00a0mem_limit: 512m\n\u00a0\u00a0\u00a0\u00a0mem_reservation: 256m<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-lam-sao-b\u1ea3o-m\u1eadt-image-docker-tr\u01b0\u1edbc-khi-deploy\"><strong>L\u00e0m sao b\u1ea3o m\u1eadt Image Docker tr\u01b0\u1edbc khi deploy?<\/strong><\/h3>\n\n\n\n<p>\u0110\u1ec3 \u0111\u1ea3m b\u1ea3o Image Docker an to\u00e0n tr\u01b0\u1edbc khi \u0111\u01b0a v\u00e0o m\u00f4i tr\u01b0\u1eddng production, t\u00f4i th\u01b0\u1eddng c\u1ea7n tri\u1ec3n khai m\u1ed9t lo\u1ea1t bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt xuy\u00ean su\u1ed1t v\u00f2ng \u0111\u1eddi c\u1ee7a Image. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 nh\u1eefng b\u01b0\u1edbc hi\u1ec7u qu\u1ea3 nh\u1ea5t:<\/p>\n\n\n\n<p><strong>Ch\u1ecdn Image ngu\u1ed3n \u0111\u00e1ng tin c\u1eady v\u00e0 g\u1ecdn nh\u1eb9<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u01afu ti\u00ean s\u1eed d\u1ee5ng c\u00e1c Image ch\u00ednh th\u1ee9c t\u1eeb Docker Hub ho\u1eb7c nh\u00e0 cung c\u1ea5p \u0111\u01b0\u1ee3c x\u00e1c minh. Nh\u1eefng Image n\u00e0y th\u01b0\u1eddng \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt th\u01b0\u1eddng xuy\u00ean v\u00e0 ki\u1ec3m th\u1eed nghi\u00eam ng\u1eb7t.<\/li>\n\n\n\n<li>S\u1eed d\u1ee5ng c\u00e1c Image base t\u1ed1i gi\u1ea3n nh\u01b0 Alpine ho\u1eb7c distroless gi\u00fap gi\u1ea3m b\u1ec1 m\u1eb7t t\u1ea5n c\u00f4ng \u0111\u00e1ng k\u1ec3.<\/li>\n\n\n\n<li>S\u1eed d\u1ee5ng multi-stage builds \u0111\u1ec3 gi\u1ea3m k\u00edch th\u01b0\u1edbc Image v\u00e0 lo\u1ea1i b\u1ecf c\u00e1c build dependencies kh\u00f4ng c\u1ea7n thi\u1ebft.<\/li>\n<\/ul>\n\n\n\n<p><strong>Qu\u00e9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u0111\u1ecbnh k\u1ef3<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T\u00edch h\u1ee3p c\u00f4ng c\u1ee5 nh\u01b0 Trivy, Grype ho\u1eb7c Docker Scan v\u00e0o pipeline CI\/CD \u0111\u1ec3 qu\u00e9t Image v\u00e0 ph\u00e1t hi\u1ec7n c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt ngay trong giai \u0111o\u1ea1n build.<\/li>\n\n\n\n<li>Qu\u00e9t th\u01b0\u1eddng xuy\u00ean v\u00e0 c\u1eadp nh\u1eadt ngay khi c\u00f3 b\u1ea3n v\u00e1 b\u1ea3o m\u1eadt m\u1edbi.<\/li>\n<\/ul>\n\n\n\n<p><strong>Ch\u1ea1y Container v\u1edbi quy\u1ec1n h\u1ea1n t\u1ed1i thi\u1ec3u<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Kh\u00f4ng ch\u1ea1y Container d\u01b0\u1edbi quy\u1ec1n root; t\u1ea1o ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng ph\u1ea3i root b\u1eb1ng ch\u1ec9 th\u1ecb USER trong Dockerfile \u0111\u1ec3 gi\u1ea3m thi\u1ec3u nguy c\u01a1 leo thang quy\u1ec1n h\u1ea1n.&nbsp;<\/li>\n\n\n\n<li>Gi\u1ea3m c\u00e1c Linux capabilities kh\u00f4ng c\u1ea7n thi\u1ebft b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng &#8211;cap-drop ALL v\u00e0 ch\u1ec9 th\u00eam nh\u1eefng g\u00ec c\u1ea7n thi\u1ebft.<\/li>\n<\/ul>\n\n\n\n<p><strong>\u00c1p d\u1ee5ng c\u01a1 ch\u1ebf b\u1ea3o v\u1ec7 runtime<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cho ph\u00e9p tu\u1ef3 ch\u1ecdn &#8211;read-only \u0111\u1ec3 \u00e1p d\u1ee5ng ch\u1ebf \u0111\u1ed9 ch\u1ec9 \u0111\u1ecdc cho h\u1ec7 th\u1ed1ng file; ch\u1ec9 mount nh\u1eefng Volume c\u1ea7n ghi (nh\u01b0 logs) ra ngo\u00e0i.&nbsp;<\/li>\n\n\n\n<li>S\u1eed d\u1ee5ng t\u00f9y ch\u1ecdn &#8211;security-opt no-new-privileges:true \u0111\u1ec3 ng\u0103n Container kh\u00f4ng leo thang quy\u1ec1n.<\/li>\n<\/ul>\n\n\n\n<p><strong>Qu\u1ea3n l\u00fd secrets an to\u00e0n<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tuy\u1ec7t \u0111\u1ed1i kh\u00f4ng nh\u00fang m\u1eadt kh\u1ea9u, API keys v\u00e0o Dockerfile ho\u1eb7c Image. Thay v\u00e0o \u0111\u00f3, d\u00f9ng Docker Secrets, Vault, ho\u1eb7c AWS Secrets Manager \u0111\u1ec3 qu\u1ea3n l\u00fd v\u00e0 inject secrets v\u00e0o Container khi ch\u1ea1y.<\/li>\n\n\n\n<li>S\u1eed d\u1ee5ng .dockerignore \u0111\u1ec3 tr\u00e1nh copy c\u00e1c file nh\u1ea1y c\u1ea3m v\u00e0o Image.<\/li>\n\n\n\n<li>Tr\u00e1nh s\u1eed d\u1ee5ng bi\u1ebfn m\u00f4i tr\u01b0\u1eddng cho d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m &#8211; thay v\u00e0o \u0111\u00f3 d\u00f9ng secrets mounting.<\/li>\n<\/ul>\n\n\n\n<p><strong>Ch\u1ee9ng th\u1ef1c v\u00e0 ki\u1ec3m tra ngu\u1ed3n g\u1ed1c Image<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>B\u1eadt Docker Content Trust (DCT) \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o Image ch\u1ec9 \u0111\u01b0\u1ee3c pull t\u1eeb ngu\u1ed3n tin c\u1eady c\u00f3 signature h\u1ee3p l\u1ec7.<\/li>\n\n\n\n<li>S\u1eed d\u1ee5ng SBOM (Software Bill of Materials) v\u00e0 k\u00fd m\u00e3 \u0111\u1ec3 t\u0103ng m\u1ee9c \u0111\u1ed9 minh b\u1ea1ch v\u00e0 ki\u1ec3m ch\u1ee9ng t\u00ednh to\u00e0n v\u1eb9n c\u1ee7a Image.<\/li>\n<\/ul>\n\n\n\n<p><strong>Gia c\u1ed1 b\u1ea3o m\u1eadt host<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Kh\u00f4ng \u0111\u1ec3 Docker daemon socket (\/var\/run\/docker.sock) d\u1ec5 truy c\u1eadp \u2013 ch\u1ec9 cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng c\u1ea7n thi\u1ebft m\u1edbi \u0111\u01b0\u1ee3c truy c\u1eadp.&nbsp;<\/li>\n\n\n\n<li>B\u1ea3o tr\u00ec host, c\u1eadp nh\u1eadt kernel v\u00e0 Docker engine \u0111\u1ecbnh k\u1ef3; v\u00e0 c\u00f3 th\u1ec3 ch\u1ea1y Docker \u1edf ch\u1ebf \u0111\u1ed9 rootless \u0111\u1ec3 n\u00e2ng cao an to\u00e0n.<\/li>\n<\/ul>\n\n\n\n<p><strong>Gi\u00e1m s\u00e1t v\u00e0 audit<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>S\u1eed d\u1ee5ng Docker Bench for Security \u0111\u1ec3 ki\u1ec3m tra c\u1ea5u h\u00ecnh h\u1ec7 th\u1ed1ng Docker v\u00e0 host nh\u1eb1m \u0111\u1ea3m b\u1ea3o tu\u00e2n th\u1ee7 best practices.&nbsp;<\/li>\n\n\n\n<li>Theo d\u00f5i runtime Container b\u1eb1ng c\u00e1c c\u00f4ng c\u1ee5 nh\u01b0 Falco ho\u1eb7c sysdig \u0111\u1ec3 ph\u00e1t hi\u1ec7n b\u1ea5t th\u01b0\u1eddng.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-docker-content-trust-la-gi\"><strong>Docker Content Trust l\u00e0 g\u00ec?<\/strong><\/h3>\n\n\n\n<p>Docker Content Trust (DCT) l\u00e0 m\u1ed9t c\u01a1 ch\u1ebf b\u1ea3o m\u1eadt \u0111\u01b0\u1ee3c t\u00edch h\u1ee3p trong Docker, cho ph\u00e9p s\u1eed d\u1ee5ng ch\u1eef k\u00fd s\u1ed1 \u0111\u1ec3 x\u00e1c th\u1ef1c ngu\u1ed3n g\u1ed1c v\u00e0 t\u00ednh to\u00e0n v\u1eb9n c\u1ee7a Image khi th\u1ef1c hi\u1ec7n thao t\u00e1c pull ho\u1eb7c push v\u1edbi Docker registry. \u0110i\u1ec1u n\u00e0y gi\u00fap \u0111\u1ea3m b\u1ea3o r\u1eb1ng Image \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng th\u1ef1c s\u1ef1 \u0111\u1ebfn t\u1eeb ng\u01b0\u1eddi ph\u00e1t h\u00e0nh \u0111\u00e1ng tin c\u1eady, ch\u01b0a b\u1ecb gi\u1ea3 m\u1ea1o ho\u1eb7c thay \u0111\u1ed5i kh\u00f4ng mong mu\u1ed1n.<\/p>\n\n\n\n<p>C\u00e1ch ho\u1ea1t \u0111\u1ed9ng c\u1ee7a Docker Content Trust<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ng\u01b0\u1eddi ph\u00e1t h\u00e0nh (publisher) c\u00f3 th\u1ec3 k\u00fd Image v\u1edbi c\u00e1c kh\u00f3a k\u1ef9 thu\u1eadt s\u1ed1 tr\u01b0\u1edbc khi push l\u00ean registry.<\/li>\n\n\n\n<li>Khi Docker Content Trust \u0111\u01b0\u1ee3c b\u1eadt, c\u00e1c thao t\u00e1c nh\u01b0 docker pull, run, ho\u1eb7c push s\u1ebd ch\u1ec9 cho ph\u00e9p c\u00e1c Image \u0111\u01b0\u1ee3c k\u00fd h\u1ee3p l\u1ec7, gi\u00fap ng\u0103n ch\u1eb7n pull, run ho\u1eb7c build c\u00e1c Image kh\u00f4ng \u0111\u00e1ng tin c\u1eady.<\/li>\n\n\n\n<li>C\u00f3 th\u1ec3 k\u00edch ho\u1ea1t DCT b\u1eb1ng c\u00e1ch \u0111\u1eb7t bi\u1ebfn m\u00f4i tr\u01b0\u1eddng trong shell:&nbsp;<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>export DOCKER_CONTENT_TRUST=1<\/code><\/pre>\n\n\n\n<p>Khi b\u1eadt, Docker client ch\u1ec9 hi\u1ec3n th\u1ecb v\u00e0 t\u01b0\u01a1ng t\u00e1c v\u1edbi c\u00e1c Image \u0111\u00e3 \u0111\u01b0\u1ee3c k\u00fd; c\u00e1c Image kh\u00f4ng c\u00f3 ch\u1eef k\u00fd s\u1ebd b\u1ecb \u1ea9n ho\u1eb7c t\u1eeb ch\u1ed1i<\/p>\n\n\n\n<p>DCT s\u1eed d\u1ee5ng m\u1ed9t h\u1ec7 th\u1ed1ng kho\u00e1 kh\u00f3a (keys) \u0111\u1ec3 qu\u1ea3n l\u00fd vi\u1ec7c k\u00fd v\u00e0 x\u00e1c th\u1ef1c:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Root key: kh\u00f3a g\u1ed1c gi\u1eef vai tr\u00f2 ki\u1ec3m so\u00e1t cao nh\u1ea5t, th\u01b0\u1eddng \u0111\u01b0\u1ee3c b\u1ea3o m\u1eadt ngo\u1ea1i tuy\u1ebfn.<\/li>\n\n\n\n<li>Targets (repository) key: d\u00f9ng \u0111\u1ec3 k\u00fd Image tag.<\/li>\n\n\n\n<li>Snapshot &amp; Timestamp keys: \u0111\u1ea3m b\u1ea3o t\u00ednh kh\u00f4ng thay \u0111\u1ed5i v\u00e0 th\u1eddi gian x\u00e1c th\u1ef1c.<\/li>\n\n\n\n<li>Delegation keys: cho ph\u00e9p \u1ee7y quy\u1ec1n k\u00fd cho c\u00e1c th\u00e0nh ph\u1ea7n ho\u1eb7c c\u00e1 nh\u00e2n kh\u00e1c, gi\u00fap qu\u1ea3n l\u00fd ph\u00e2n quy\u1ec1n linh ho\u1ea1t.<\/li>\n<\/ul>\n\n\n\n<p>DCT \u0111\u01b0\u1ee3c x\u00e2y d\u1ef1ng d\u1ef1a tr\u00ean Notary project, cung c\u1ea5p framework b\u1ea3o m\u1eadt cho vi\u1ec7c xu\u1ea5t b\u1ea3n v\u00e0 x\u00e1c th\u1ef1c content.<\/p>\n\n\n\n<p>Khi n\u00e0o n\u00ean d\u00f9ng Docker Content Trust?<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Khi t\u00f4i mu\u1ed1n \u0111\u1ea3m b\u1ea3o ch\u1ec9 tri\u1ec3n khai Image t\u1eeb ngu\u1ed3n an to\u00e0n v\u00e0 \u0111\u01b0\u1ee3c x\u00e1c th\u1ef1c, r\u1ea5t quan tr\u1ecdng trong m\u00f4i tr\u01b0\u1eddng s\u1ea3n xu\u1ea5t ho\u1eb7c CI\/CD.<\/li>\n\n\n\n<li>Khi t\u1ed5 ch\u1ee9c c\u1ea7n ki\u1ec3m so\u00e1t ch\u1eb7t ch\u1ebd v\u00e0 \u0111\u1ea3m b\u1ea3o kh\u00f4ng s\u1eed d\u1ee5ng Image \u0111\u00e3 b\u1ecb thay \u0111\u1ed5i ho\u1eb7c \u0111\u0103ng b\u1edfi ngu\u1ed3n kh\u00f4ng x\u00e1c th\u1ef1c.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-lam-sao-ki\u1ec3m-tra-l\u1ed7-h\u1ed5ng-b\u1ea3o-m\u1eadt-trong-image\"><strong>L\u00e0m sao ki\u1ec3m tra l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt trong Image?<\/strong><\/h3>\n\n\n\n<p>Vi\u1ec7c qu\u00e9t l\u1ed7 h\u1ed5ng (vulnerabilities) tr\u01b0\u1edbc khi \u0111\u01b0a Docker Image v\u00e0o m\u00f4i tr\u01b0\u1eddng s\u1ea3n xu\u1ea5t l\u00e0 m\u1ed9t th\u1ef1c h\u00e0nh kh\u00f4ng th\u1ec3 b\u1ecf qua \u0111\u1ec3 b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng an to\u00e0n.<\/p>\n\n\n\n<p>C\u00e1c c\u00e1ch th\u01b0\u1eddng d\u00f9ng:<\/p>\n\n\n\n<p><strong>S\u1eed d\u1ee5ng b\u1ed9 qu\u00e9t t\u00edch h\u1ee3p trong Container Registry<\/strong><\/p>\n\n\n\n<p>N\u1ebfu t\u00f4i d\u00f9ng m\u1ed9t registry h\u1ed7 tr\u1ee3 kh\u1ea3 n\u0103ng qu\u00e9t t\u1ef1 \u0111\u1ed9ng (nh\u01b0 Oracle Cloud Infrastructure Registry, Harbor, Amazon ECR, Google Container Registry), t\u00f4i ch\u1ec9 c\u1ea7n k\u00edch ho\u1ea1t t\u00ednh n\u0103ng Image Scanning cho repository.<\/p>\n\n\n\n<p>Sau \u0111\u00f3, b\u1ea5t c\u1ee9 l\u1ea7n n\u00e0o t\u00f4i docker push, Image \u0111\u00f3 s\u1ebd \u0111\u01b0\u1ee3c qu\u00e9t ngay \u0111\u1ec3 t\u00ecm l\u1ed7 h\u1ed5ng d\u1ef1a tr\u00ean c\u00e1c d\u1eef li\u1ec7u CVE. Nh\u1eefng scan n\u00e0y c\u00f3 th\u1ec3 t\u1ef1 \u0111\u1ed9ng ch\u1ea1y l\u1ea1i khi c\u00f3 d\u1eef li\u1ec7u CVE m\u1edbi, v\u00e0 t\u00f4i c\u00f3 th\u1ec3 xem b\u00e1o c\u00e1o chi ti\u1ebft v\u1ec1 m\u1ee9c \u0111\u1ed9 r\u1ee7i ro v\u00e0 l\u1ecbch s\u1eed scan trong th\u1eddi gian d\u00e0i.<\/p>\n\n\n\n<p><strong>D\u00f9ng c\u00f4ng c\u1ee5 qu\u00e9t l\u1ed7 h\u1ed5ng \u0111\u1ed9c l\u1eadp nh\u01b0 Trivy, Clair, Anchore, Grype&#8230;<\/strong><\/p>\n\n\n\n<p>C\u00f3 nhi\u1ec1u c\u00f4ng c\u1ee5 m\u1ea1nh m\u1ebd \u0111\u1ec3 scan Image ngay t\u1eeb local tr\u01b0\u1edbc khi \u0111\u01b0a \u0111\u1ebfn registry:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Trivy: Nh\u1ecf nh\u1eb9, d\u1ec5 s\u1eed d\u1ee5ng v\u00e0 t\u00edch h\u1ee3p CI\/CD nhanh ch\u00f3ng; ph\u00e1t hi\u1ec7n l\u1ed7 h\u1ed5ng \u1edf c\u1ea3 h\u1ec7 \u0111i\u1ec1u h\u00e0nh v\u00e0 dependencies \u1ee9ng d\u1ee5ng.<\/li>\n\n\n\n<li>Clair: Qu\u00e9t statically t\u1eeb Image v\u00e0 cho k\u1ebft qu\u1ea3 chi ti\u1ebft theo t\u1eebng layer, th\u01b0\u1eddng t\u00edch h\u1ee3p c\u00f9ng c\u00e1c registry (v\u00ed d\u1ee5 Harbor).<\/li>\n\n\n\n<li>Anchore Engine ho\u1eb7c Grype: Cho ph\u00e9p th\u00eam ch\u00ednh s\u00e1ch b\u1ea3o m\u1eadt t\u00f9y ch\u1ec9nh, ph\u00f9 h\u1ee3p v\u1edbi quy tr\u00ecnh t\u1ef1 \u0111\u1ed9ng h\u00f3a v\u00e0 ki\u1ec3m so\u00e1t n\u1ed9i b\u1ed9.<\/li>\n<\/ul>\n\n\n\n<p><strong>T\u00edch h\u1ee3p qu\u00e9t v\u00e0o pipeline CI\/CD<\/strong><\/p>\n\n\n\n<p>M\u1ed9t c\u00e1ch hay l\u00e0 \u0111\u01b0a b\u01b0\u1edbc qu\u00e9t l\u1ed7 h\u1ed5ng v\u00e0o quy tr\u00ecnh CI\/CD. V\u00ed d\u1ee5 nh\u01b0 v\u1edbi GitLab CI, t\u00f4i c\u00f3 th\u1ec3 l\u01b0u h\u00ecnh \u1ea3nh, \u0111\u1ea9y l\u00ean registry, v\u00e0 t\u1ef1 \u0111\u1ed9ng qu\u00e9t tr\u01b0\u1edbc khi Deploy.<\/p>\n\n\n\n<p>Ngo\u00e0i ra, Docker Hub c\u0169ng cung c\u1ea5p kh\u1ea3 n\u0103ng static scanning (nh\u01b0 v\u1edbi Docker Scout), \u0111\u1ec3 ph\u00e1t hi\u1ec7n l\u1ed7 h\u1ed5ng khi t\u00f4i push Image v\u00e0o repository, t\u00f4i ch\u1ec9 c\u1ea7n b\u1eadt t\u00ednh n\u0103ng n\u00e0y trong c\u00e0i \u0111\u1eb7t repository.<\/p>\n\n\n\n<p>T\u00f3m t\u1eaft c\u00e1c ph\u01b0\u01a1ng ph\u00e1p ch\u00ednh:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Ph\u01b0\u01a1ng ph\u00e1p<\/strong><\/td><td><strong>M\u00f4 t\u1ea3<\/strong><\/td><\/tr><tr><td>Registry c\u00f3 scan t\u00edch h\u1ee3p<\/td><td>K\u00edch ho\u1ea1t Image Scanning \u0111\u1ec3 t\u1ef1 \u0111\u1ed9ng qu\u00e9t sau push<\/td><\/tr><tr><td>C\u00f4ng c\u1ee5 qu\u00e9t offline (Trivy, Clair&#8230;)<\/td><td>D\u00f9ng tr\u1ef1c ti\u1ebfp tr\u00ean local ho\u1eb7c nh\u01b0 m\u1ed9t b\u01b0\u1edbc trong CI<\/td><\/tr><tr><td>CI\/CD t\u1ef1 \u0111\u1ed9ng<\/td><td>T\u00edch h\u1ee3p qu\u00e9t v\u00e0o pipeline \u0111\u1ec3 ch\u1eb7n Image kh\u00f4ng an to\u00e0n<\/td><\/tr><tr><td>Docker Scout<\/td><td>C\u00f4ng c\u1ee5 scanning m\u1edbi t\u1eeb Docker v\u1edbi g\u1ee3i \u00fd b\u1eb1ng AI<\/td><\/tr><tr><td>Qu\u00e9t khi push l\u00ean Docker Hub<\/td><td>D\u00f9ng t\u00ednh n\u0103ng static scanning ho\u1eb7c Docker Scout<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-mo-t\u1ea3-cach-tri\u1ec3n-khai-ci-cd-v\u1edbi-docker-gitlab\"><strong>M\u00f4 t\u1ea3 c\u00e1ch tri\u1ec3n khai CI\/CD v\u1edbi Docker + GitLab<\/strong><\/h3>\n\n\n\n<p>T\u00f4i s\u1ebd k\u1ebft h\u1ee3p Docker c\u00f9ng GitLab CI\/CD \u0111\u1ec3 t\u1ef1 \u0111\u1ed9ng h\u00f3a to\u00e0n b\u1ed9 quy tr\u00ecnh t\u1eeb khi m\u00e3 ngu\u1ed3n thay \u0111\u1ed5i \u0111\u1ebfn khi \u0111\u01b0a \u1ee9ng d\u1ee5ng l\u00ean m\u00f4i tr\u01b0\u1eddng \u0111\u00edch. \u0110i\u1ec3m n\u1ed5i b\u1eadt l\u00e0 s\u1eed d\u1ee5ng Docker-in-Docker (DinD), cho ph\u00e9p pipeline x\u00e2y d\u1ef1ng Image Docker ngay b\u00ean trong m\u00f4i tr\u01b0\u1eddng runner.<\/p>\n\n\n\n<p><strong>B\u01b0\u1edbc 1: Chu\u1ea9n b\u1ecb m\u00f4i tr\u01b0\u1eddng<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>S\u1eed d\u1ee5ng GitLab Runner v\u1edbi Docker executor l\u00e0 \u0111i\u1ec1u ki\u1ec7n c\u1ea7n \u0111\u1ec3 ch\u1ea1y c\u00e1c job Docker.<\/li>\n\n\n\n<li>Trong file .gitlab-ci.yml, t\u00f4i \u0111\u1ecbnh ngh\u0129a stages nh\u01b0 build, test, security v\u00e0 deploy.<\/li>\n<\/ul>\n\n\n\n<p><strong>B\u01b0\u1edbc 2: C\u1ea5u h\u00ecnh .gitlab-ci.yml \u0111\u1ec3 x\u00e2y d\u1ef1ng v\u00e0 push Image<\/strong><\/p>\n\n\n\n<p>M\u1ed9t v\u00ed d\u1ee5 config m\u1ea1ch l\u1ea1c trong GitLab:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>stages:\n\u00a0\u00a0- build\n\u00a0\u00a0- security\n\u00a0\u00a0- deploy\n\nvariables:\n\u00a0\u00a0DOCKER_Image: $CI_REGISTRY_Image:$CI_COMMIT_SHA\n\u00a0\u00a0DOCKER_DRIVER: overlay2\n\u00a0\u00a0DOCKER_TLS_CERTDIR: \"\/certs\"\n\nbuild:\n\u00a0\u00a0Image: docker:24.0.7\n\u00a0\u00a0stage: build\n\u00a0\u00a0services:\n\u00a0\u00a0\u00a0\u00a0- docker:24.0.7-dind\n\u00a0\u00a0before_script:\n\u00a0\u00a0\u00a0\u00a0- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY\n\nscript:\n\u00a0\u00a0\u00a0\u00a0- docker build -t $DOCKER_Image .\n\u00a0\u00a0\u00a0\u00a0- docker tag $DOCKER_Image $CI_REGISTRY_Image:latest\n\u00a0\u00a0\u00a0\u00a0- docker push $DOCKER_Image\n\u00a0\u00a0\u00a0\u00a0- docker push $CI_REGISTRY_Image:latest\n\nsecurity_scan:\n\u00a0\u00a0Image: aquasec\/trivy:latest\n\u00a0\u00a0stage: security\n\u00a0\u00a0script:\n\u00a0\u00a0\u00a0\u00a0- trivy Image --exit-code 1 --severity HIGH,CRITICAL $DOCKER_Image\n\u00a0\u00a0allow_failure: false\n\ndeploy:\n\u00a0\u00a0Image: docker:24.0.7\n\u00a0\u00a0stage: deploy\n\u00a0\u00a0script:\n\u00a0\u00a0\u00a0\u00a0- docker run -d --name myapp -p 80:80 $DOCKER_Image\n\nonly:\n\u00a0\u00a0\u00a0\u00a0- main<\/code><\/pre>\n\n\n\n<p>Gi\u1ea3i th\u00edch chi ti\u1ebft:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>S\u1eed d\u1ee5ng Image Docker CLI (docker:24.0.7 &#8211; phi\u00ean b\u1ea3n stable).<\/li>\n\n\n\n<li>Khai b\u00e1o service docker:24.0.7-dind \u0111\u1ec3 ch\u1ea1y Docker daemon b\u00ean trong job.<\/li>\n\n\n\n<li>Th\u00eam stage security \u0111\u1ec3 qu\u00e9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt.<\/li>\n\n\n\n<li>Th\u00eam stage deploy \u0111\u1ec3 tri\u1ec3n khai \u1ee9ng d\u1ee5ng.<\/li>\n<\/ul>\n\n\n\n<p><strong>B\u01b0\u1edbc 3: Qu\u1ea3n l\u00fd tags v\u00e0 version<\/strong><\/p>\n\n\n\n<p>S\u1eed d\u1ee5ng bi\u1ebfn <code>$CI_COMMIT_SHA<\/code> \u0111\u1ec3 \u0111\u00e1nh tag Image theo commit, gi\u00fap truy v\u1ebft ch\u00ednh x\u00e1c Image \u1ee9ng v\u1edbi m\u1ed7i l\u1ea7n build.<\/p>\n\n\n\n<p>Push th\u00eam tag <code>latest<\/code> cho phi\u00ean b\u1ea3n m\u1edbi nh\u1ea5t.<\/p>\n\n\n\n<p>C\u00f3 th\u1ec3 s\u1eed d\u1ee5ng semantic versioning v\u1edbi GitLab tags: <\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$CI_REGISTRY_Image:$CI_COMMIT_TAG.<\/code><\/pre>\n\n\n\n<p><strong>B\u01b0\u1edbc 4: Nh\u1eefng best practices c\u1ea7n l\u01b0u \u00fd<\/strong><\/p>\n\n\n\n<p>H\u1ea1n ch\u1ebf d\u00f9ng Docker-in-Docker \u1edf ch\u1ebf \u0111\u1ed9 privileged: V\u00ec c\u00f3 th\u1ec3 m\u1edf c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt, n\u00ean c\u00e2n nh\u1eafc s\u1eed d\u1ee5ng Docker rootless ho\u1eb7c c\u00e1c gi\u1ea3i ph\u00e1p nh\u01b0 BuildKit n\u1ebfu ph\u00f9 h\u1ee3p.<\/p>\n\n\n\n<p>T\u1ed1i \u01b0u hi\u1ec7u n\u0103ng v\u00e0 b\u1ea3o m\u1eadt pipeline:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ch\u1ea1y c\u00e1c job song song \u0111\u1ec3 gi\u1ea3m th\u1eddi gian ch\u1edd.<\/li>\n\n\n\n<li>C\u1ea5u h\u00ecnh caching h\u1ee3p l\u00fd \u0111\u1ec3 t\u0103ng t\u1ed1c qu\u00e1 tr\u00ecnh x\u00e2y d\u1ef1ng.<\/li>\n\n\n\n<li>S\u1eed d\u1ee5ng Docker layer caching v\u00e0 GitLab CI cache.<\/li>\n\n\n\n<li>Qu\u1ea3n l\u00fd secret v\u1edbi GitLab CI\/CD variables.<\/li>\n\n\n\n<li>Thi\u1ebft l\u1eadp tri\u1ec3n khai theo t\u1eebng m\u00f4i tr\u01b0\u1eddng (staging, production)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-b\u1ea1n-s\u1ebd-x\u1eed-ly-th\u1ebf-nao-khi-container-crash-sau-khi-restart-lien-t\u1ee5c\"><strong>B\u1ea1n s\u1ebd x\u1eed l\u00fd th\u1ebf n\u00e0o khi Container crash sau khi restart li\u00ean t\u1ee5c?<\/strong><\/h3>\n\n\n\n<p>Khi g\u1eb7p t\u00ecnh hu\u1ed1ng Container crash l\u1eb7p l\u1ea1i, t\u00f4i x\u1eed l\u00fd theo c\u00e1c b\u01b0\u1edbc sau:<\/p>\n\n\n\n<p><strong>B\u01b0\u1edbc 1: Ki\u1ec3m tra log \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh nguy\u00ean nh\u00e2n:<\/strong><\/p>\n\n\n\n<p>Tr\u01b0\u1edbc h\u1ebft, t\u00f4i c\u1ea7n xem log l\u1ed7i c\u1ee7a Container \u0111\u1ec3 bi\u1ebft \u1ee9ng d\u1ee5ng \u0111ang crash v\u00ec l\u00fd do g\u00ec (l\u1ed7i c\u1ea5u h\u00ecnh, thi\u1ebfu file, sai command,&#8230;) b\u1eb1ng l\u1ec7nh:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker logs &lt;Container_id><\/code><\/pre>\n\n\n\n<p>N\u1ebfu Container restart nhanh, t\u00f4i c\u00f3 th\u1ec3 xem log t\u1eeb phi\u00ean b\u1ea3n tr\u01b0\u1edbc \u0111\u00f3 b\u1eb1ng l\u1ec7nh:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker logs --since 5s &lt;Container_id><\/code><\/pre>\n\n\n\n<p><strong>B\u01b0\u1edbc 2: Ki\u1ec3m tra exit code \u0111\u1ec3 hi\u1ec3u nguy\u00ean nh\u00e2n crash:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker ps -a --format \"table {{.Names}}\\t{{.Status}}\\t{{.ExitCode}}<\/code><\/pre>\n\n\n\n<p>Exit code 0: Th\u00e0nh c\u00f4ng<\/p>\n\n\n\n<p>Exit code 1: L\u1ed7i chung<\/p>\n\n\n\n<p>Exit code 125: Docker daemon error<\/p>\n\n\n\n<p>Exit code 126: Container command kh\u00f4ng th\u1ec3 th\u1ef1c thi<\/p>\n\n\n\n<p>Exit code 127: Container command kh\u00f4ng t\u00ecm th\u1ea5y<\/p>\n\n\n\n<p>Exit code 137: Container b\u1ecb kill (SIGKILL) &#8211; th\u01b0\u1eddng do OOM<\/p>\n\n\n\n<p><strong>B\u01b0\u1edbc 3: Ki\u1ec3m tra ch\u00ednh s\u00e1ch restart<\/strong><\/p>\n\n\n\n<p>Docker cho ph\u00e9p nhi\u1ec1u ch\u1ebf \u0111\u1ed9 restart (<code>--restart flag<\/code>), c\u00f3 th\u1ec3 l\u00e0 <code>always<\/code>, <code>on-failure<\/code>, <code>unless-stopped<\/code>,&#8230;\u00a0<\/p>\n\n\n\n<p>N\u1ebfu d\u00f9ng always, Container s\u1ebd li\u00ean t\u1ee5c kh\u1edfi \u0111\u1ed9ng l\u1ea1i ngay c\u1ea3 khi l\u1ed7i kh\u00f4ng nghi\u00eam tr\u1ecdng hay c\u1ea5u h\u00ecnh sai. Vi\u1ec7c ki\u1ec3m tra v\u00e0 \u0111i\u1ec1u ch\u1ec9nh l\u1ea1i policy (v\u00ed d\u1ee5 chuy\u1ec3n sang on-failure) \u0111\u1ec3 ng\u0103n restart kh\u00f4ng ph\u1ee5c v\u1ee5 troubleshooting l\u00e0 c\u1ea7n thi\u1ebft.<\/p>\n\n\n\n<p><strong>B\u01b0\u1edbc 4: Ch\u1ea1y Container \u1edf ch\u1ebf \u0111\u1ed9 foreground (tty interactive) \u0111\u1ec3 debug<\/strong><\/p>\n\n\n\n<p>Trong m\u1ed9t s\u1ed1 tr\u01b0\u1eddng h\u1ee3p, Container v\u1eabn ng\u1eaft v\u00ec ti\u1ebfn tr\u00ecnh ch\u00ednh k\u1ebft th\u00fac ngay, nh\u01b0 d\u00f9ng script r\u1ed3i exit m\u00e0 kh\u00f4ng gi\u1eef shell m\u1edf.<\/p>\n\n\n\n<p>Gi\u1ea3i ph\u00e1p l\u00e0 b\u1eadt tty \u0111\u1ec3 gi\u1eef Container s\u1ed1ng t\u1ea1m th\u1eddi: <code>tty: true<\/code><\/p>\n\n\n\n<p>\u0110i\u1ec1u n\u00e0y gi\u00fap v\u00e0o inspect Container b\u1eb1ng docker attach v\u00e0 quan s\u00e1t \u1ee9ng d\u1ee5ng ho\u1ea1t \u0111\u1ed9ng ra sao.<\/p>\n\n\n\n<p><strong>B\u01b0\u1edbc 5: C\u1ea3i thi\u1ec7n ENTRYPOINT\/CMD \u0111\u1ec3 x\u1eed l\u00fd t\u00edn hi\u1ec7u \u0111\u00fang<\/strong><\/p>\n\n\n\n<p>C\u00f3 th\u1ec3 vi\u1ec7c Container crash l\u00e0 do x\u1eed l\u00fd STOP\/TERM kh\u00f4ng \u0111\u00fang. Code ho\u1eb7c script trong Container c\u00f3 th\u1ec3 kh\u00f4ng b\u1eaft t\u00edn hi\u1ec7u d\u1eebng, d\u1eabn \u0111\u1ebfn vi\u1ec7c b\u1ecb kill \u0111\u1ed9t ng\u1ed9t (exit code 137) v\u00e0 c\u00e1c restart policy l\u1ea1i kick in.<\/p>\n\n\n\n<p>Gi\u1ea3i ph\u00e1p l\u00e0:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>S\u1eed d\u1ee5ng c\u00f4ng c\u1ee5 nh\u01b0 tini ho\u1eb7c x\u1eed l\u00fd t\u00edn hi\u1ec7u trong shell script \u0111\u1ec3 d\u1eebng Container \u0111\u00fang c\u00e1ch.<\/li>\n\n\n\n<li>Thi\u1ebft l\u1eadp <code>--stop-timeout<\/code> d\u00e0i h\u01a1n \u0111\u1ec3 Container c\u00f3 th\u1eddi gian cleanup tr\u01b0\u1edbc khi b\u1ecb kill.<\/li>\n\n\n\n<li>X\u00e2y d\u1ef1ng l\u1ea1i Container n\u1ebfu nghi ng\u1edd b\u1ecb l\u1ed7i build ho\u1eb7c metadata<\/li>\n<\/ul>\n\n\n\n<p>C\u00f3 tr\u01b0\u1eddng h\u1ee3p Container b\u1ecb h\u1ecfng (corrupted) do build l\u1ed7i ho\u1eb7c metadata Docker l\u01b0u nh\u1ea7m. Khi \u0111\u00f3, c\u00e1ch t\u1ed1t nh\u1ea5t l\u00e0:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>X\u00f3a Container c\u0169.<\/li>\n\n\n\n<li>Build l\u1ea1i Image m\u1edbi v\u00e0 t\u1ea1o Container m\u1edbi.<\/li>\n\n\n\n<li>C\u00f3 th\u1ec3 s\u1eed d\u1ee5ng docker system prune \u0111\u1ec3 d\u1ecdn metadata r\u00e1c.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-lam-th\u1ebf-nao-d\u1ec3-c\u1eadp-nh\u1eadt-image-ma-khong-gay-downtime\"><strong>L\u00e0m th\u1ebf n\u00e0o \u0111\u1ec3 c\u1eadp nh\u1eadt Image m\u00e0 kh\u00f4ng g\u00e2y downtime?<\/strong><\/h3>\n\n\n\n<p>\u0110\u1ec3 tri\u1ec3n khai b\u1ea3n c\u1eadp nh\u1eadt m\u00e0 kh\u00f4ng l\u00e0m gi\u00e1n \u0111o\u1ea1n d\u1ecbch v\u1ee5, t\u00f4i \u00e1p d\u1ee5ng m\u1ed9t s\u1ed1 chi\u1ebfn l\u01b0\u1ee3c hi\u1ec7u qu\u1ea3 nh\u01b0 rolling update, blue\u2011green deployment hay s\u1eed d\u1ee5ng c\u00f4ng c\u1ee5 h\u1ed7 tr\u1ee3 nh\u01b0 Docker Compose ho\u1eb7c Docker Swarm\/Kubernetes. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 c\u00e1ch th\u1ef1c hi\u1ec7n:<\/p>\n\n\n\n<p><strong>Rolling Update v\u1edbi Docker Compose (version 3+)<\/strong><\/p>\n\n\n\n<p>Trong file docker-Compose.yml, t\u00f4i c\u00f3 th\u1ec3 c\u1ea5u h\u00ecnh tri\u1ec3n khai theo l\u1edbp, \u0111\u1ea3m b\u1ea3o r\u1eb1ng Container m\u1edbi ch\u1ec9 \u0111\u01b0\u1ee3c kh\u1edfi \u0111\u1ed9ng khi Container c\u0169 \u0111\u00e3 ho\u1ea1t \u0111\u1ed9ng \u1ed5n.&nbsp;<\/p>\n\n\n\n<p>V\u00ed d\u1ee5:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>version: '3.8'\n\nservices:\n\n\u00a0\u00a0web:\n\u00a0\u00a0\u00a0\u00a0Image: myapp:latest\n\u00a0\u00a0\u00a0\u00a0deploy:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0update_config:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0parallelism: 1\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0delay: 10s\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0restart_policy:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0condition: on-failure\n\n\u00a0\u00a0\u00a0\u00a0ports:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- \"80:80\"<\/code><\/pre>\n\n\n\n<p>Trong \u0111\u00f3:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>parallelism: 1: ch\u1ec9 c\u1eadp nh\u1eadt t\u1eebng Container m\u1ed9t.<\/li>\n\n\n\n<li>delay: 10s: ch\u1edd m\u1ed9t kho\u1ea3ng th\u1eddi gian gi\u1eefa c\u00e1c b\u01b0\u1edbc \u0111\u1ec3 tr\u00e1nh xung \u0111\u1ed9t.<\/li>\n<\/ul>\n\n\n\n<p><strong>Blue-Green Deployment<\/strong><\/p>\n\n\n\n<p>X\u00e2y d\u1ef1ng hai phi\u00ean b\u1ea3n m\u00f4i tr\u01b0\u1eddng: Blue (phi\u00ean b\u1ea3n hi\u1ec7n t\u1ea1i) v\u00e0 Green (phi\u00ean b\u1ea3n m\u1edbi). C\u00e1ch l\u00e0m nh\u01b0 sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tri\u1ec3n khai Image m\u1edbi v\u00e0o m\u00f4i tr\u01b0\u1eddng Green.<\/li>\n\n\n\n<li>Ki\u1ec3m tra phi\u00ean b\u1ea3n Green ho\u1ea1t \u0111\u1ed9ng \u1ed5n \u0111\u1ecbnh.<\/li>\n\n\n\n<li>Chuy\u1ec3n l\u01b0u l\u01b0\u1ee3ng traffic t\u1eeb Blue sang Green (c\u00f3 th\u1ec3 qua reverse proxy nh\u01b0 Nginx ho\u1eb7c c\u00e2n b\u1eb1ng t\u1ea3i).<\/li>\n\n\n\n<li>Khi Green \u0111\u00e3 ho\u1ea1t \u0111\u1ed9ng \u1ed5n \u0111\u1ecbnh, g\u1ee1 b\u1ecf ho\u1eb7c t\u1ea1m ng\u1eebng phi\u00ean b\u1ea3n Blue.<\/li>\n<\/ul>\n\n\n\n<p>\u0110i\u1ec1u n\u00e0y \u0111\u1ea3m b\u1ea3o qu\u00e1 tr\u00ecnh c\u1eadp nh\u1eadt di\u1ec5n ra su\u00f4n s\u1ebb, kh\u00f4ng l\u00e0m gi\u00e1n \u0111o\u1ea1n d\u1ecbch v\u1ee5.<\/p>\n\n\n\n<p><strong>Canary Deployment (Tri\u1ec3n khai d\u1ea7n)<\/strong><\/p>\n\n\n\n<p>\u0110\u00e2y l\u00e0 c\u00e1ch ti\u1ebfp c\u1eadn chuy\u1ec3n \u0111\u1ed5i traffic m\u1ed9t c\u00e1ch t\u1eeb t\u1eeb, b\u1eaft \u0111\u1ea7u v\u1edbi m\u1ed9t ph\u1ea7n nh\u1ecf ng\u01b0\u1eddi d\u00f9ng s\u1ebd \u0111i qua phi\u00ean b\u1ea3n m\u1edbi, theo d\u00f5i hi\u1ec7u su\u1ea5t, sau \u0111\u00f3 t\u0103ng d\u1ea7n. M\u00f4 h\u00ecnh n\u00e0y gi\u00fap ph\u00e1t hi\u1ec7n s\u1edbm l\u1ed7i v\u00e0 gi\u1ea3m r\u1ee7i ro khi c\u1eadp nh\u1eadt.<\/p>\n\n\n\n<p><strong>C\u00e2n b\u1eb1ng t\u1ea3i (Load Balancing)<\/strong><\/p>\n\n\n\n<p>D\u00f9 d\u00f9ng Swarm ho\u1eb7c Kubernetes, t\u00f4i c\u0169ng \u00e1p d\u1ee5ng load balancer \u1edf ph\u00eda tr\u01b0\u1edbc c\u00e1c Container \u0111\u1ec3 \u0111i\u1ec1u ph\u1ed1i traffic. Khi deploy b\u1ea3n m\u1edbi, Container m\u1edbi c\u00f3 th\u1ec3 nh\u1eadn traffic t\u1eeb load balancer, trong khi Container c\u0169 v\u1eabn x\u1eed l\u00fd y\u00eau c\u1ea7u hi\u1ec7n t\u1ea1i, \u0111\u1ea3m b\u1ea3o kh\u00f4ng gi\u00e1n \u0111o\u1ea1n ng\u01b0\u1eddi d\u00f9ng.<\/p>\n\n\n\n<p><strong>L\u01b0u tr\u1eef phi\u00ean b\u1ea3n c\u0169 \u0111\u1ec3 c\u00f3 th\u1ec3 rollback<\/strong><\/p>\n\n\n\n<p>Lu\u00f4n gi\u1eef Container c\u0169 ho\u1ea1t \u0111\u1ed9ng cho \u0111\u1ebfn khi t\u00f4i ch\u1eafc ch\u1eafn r\u1eb1ng Container m\u1edbi ch\u1ea1y \u1ed5n \u0111\u1ecbnh. Vi\u1ec7c n\u00e0y gi\u00fap d\u1ec5 d\u00e0ng rollback n\u1ebfu c\u00f3 s\u1ef1 c\u1ed1, v\u00e0 cho ph\u00e9p ki\u1ec3m so\u00e1t qu\u00e1 tr\u00ecnh c\u1eadp nh\u1eadt ch\u1eb7t ch\u1ebd h\u01a1n.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-lam-sao-phan-bi\u1ec7t-image-g\u1ed1c-official-va-image-tuy-ch\u1ec9nh-t\u1eeb-docker-hub\"><strong>L\u00e0m sao ph\u00e2n bi\u1ec7t Image g\u1ed1c (official) v\u00e0 Image t\u00f9y ch\u1ec9nh t\u1eeb Docker Hub?<\/strong><\/h3>\n\n\n\n<p>Docker Official Images l\u00e0 nh\u1eefng Image \u0111\u01b0\u1ee3c Docker tr\u1ef1c ti\u1ebfp curate, c\u00f3 badge \u201cOfficial Image\u201d, th\u01b0\u1eddng l\u00e0 n\u1ec1n t\u1ea3ng \u0111\u00e1ng tin c\u1eady \u0111\u1ec3 b\u1eaft \u0111\u1ea7u x\u00e2y d\u1ef1ng h\u1ec7 th\u1ed1ng. Ch\u00fang c\u00f3 m\u00f4 t\u1ea3 r\u00f5 r\u00e0ng, \u0111\u01b0\u1ee3c duy tr\u00ec b\u1edfi m\u1ed9t nh\u00f3m chuy\u00ean tr\u00e1ch (Docker, upstream maintainers v\u00e0 c\u1ed9ng \u0111\u1ed3ng), v\u00e0 th\u01b0\u1eddng xuy\u00ean \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o an to\u00e0n c\u0169ng nh\u01b0 ch\u1ea5t l\u01b0\u1ee3ng cao.<\/p>\n\n\n\n<p>Nh\u1eefng Image t\u00f9y ch\u1ec9nh th\u01b0\u1eddng do ng\u01b0\u1eddi d\u00f9ng ho\u1eb7c t\u1ed5 ch\u1ee9c t\u1ef1 build t\u1eeb Dockerfile ho\u1eb7c d\u1ef1a tr\u00ean Official Image. ch\u00fang \u0111\u01b0\u1ee3c t\u1ea1o v\u1edbi m\u1ee5c \u0111\u00edch c\u00e1 nh\u00e2n h\u00f3a n\u1ed9i dung, th\u00eam c\u1ea5u h\u00ecnh, ph\u1ea7n m\u1ec1m ri\u00eang ho\u1eb7c \u0111i\u1ec1u ch\u1ec9nh ph\u00f9 h\u1ee3p v\u1edbi m\u00f4i tr\u01b0\u1eddng s\u1eed d\u1ee5ng c\u1ee5 th\u1ec3.<\/p>\n\n\n\n<p>\u01afu \u0111i\u1ec3m: linh ho\u1ea1t, c\u00f3 th\u1ec3 t\u1ed1i \u01b0u theo nhu c\u1ea7u. Nh\u01b0ng h\u1ea1n ch\u1ebf l\u00e0 t\u00ednh minh b\u1ea1ch th\u1ea5p, d\u1ec5 b\u1ecb l\u1ed7i b\u1ea3o m\u1eadt n\u1ebfu kh\u00f4ng \u0111\u01b0\u1ee3c ki\u1ec3m tra k\u1ef9 l\u01b0\u1ee1ng, v\u00e0 c\u00f3 th\u1ec3 thi\u1ebfu t\u00e0i li\u1ec7u r\u00f5 r\u00e0ng.<\/p>\n\n\n\n<p><strong>B\u1ea3ng so s\u00e1nh nhanh:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Ti\u00eau ch\u00ed<\/strong><\/td><td><strong>Docker Official Image<\/strong><\/td><td><strong>Image t\u00f9y ch\u1ec9nh (Custom Image)<\/strong><\/td><\/tr><tr><td>Ngu\u1ed3n g\u1ed1c<\/td><td>Docker ki\u1ec3m duy\u1ec7t, badge \u201cOfficial\u201d<\/td><td>T\u1ef1 build ho\u1eb7c t\u1eeb ng\u01b0\u1eddi d\u00f9ng kh\u00e1c<\/td><\/tr><tr><td>Ch\u1ea5t l\u01b0\u1ee3ng &amp; B\u1ea3o m\u1eadt<\/td><td>Cao, c\u1eadp nh\u1eadt th\u01b0\u1eddng xuy\u00ean<\/td><td>T\u00f9y thu\u1ed9c v\u00e0o quy tr\u00ecnh build v\u00e0 ki\u1ec3m th\u1eed c\u1ee7a ng\u01b0\u1eddi t\u1ea1o<\/td><\/tr><tr><td>T\u00e0i li\u1ec7u &amp; h\u1ed7 tr\u1ee3<\/td><td>R\u1ed9ng r\u00e3i, c\u00f3 t\u00e0i li\u1ec7u h\u1ed7 tr\u1ee3<\/td><td>\u00cdt khi c\u00f3, n\u1ebfu kh\u00f4ng do ch\u00ednh t\u00e1c gi\u1ea3 cung c\u1ea5p<\/td><\/tr><tr><td>T\u00ednh minh b\u1ea1ch<\/td><td>R\u00f5 r\u00e0ng, repository Dockerfiles c\u00f4ng khai<\/td><td>C\u00f3 th\u1ec3 opaque, c\u1ea7n t\u1ef1 ki\u1ec3m tra<\/td><\/tr><tr><td>T\u00f9y ch\u1ec9nh theo nhu c\u1ea7u<\/td><td>H\u1ea1n ch\u1ebf, ch\u1ec9 d\u00f9ng nh\u01b0 n\u1ec1n t\u1ea3ng<\/td><td>Cao, c\u00f3 th\u1ec3 th\u00eam c\u1ea5u h\u00ecnh \u0111\u1eb7c th\u00f9<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Kinh nghi\u1ec7m th\u1ef1c t\u1ebf:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>B\u1eaft \u0111\u1ea7u v\u1edbi Docker Official Image n\u1ebfu t\u00f4i c\u1ea7n m\u1ed9t n\u1ec1n t\u1ea3ng \u1ed5n \u0111\u1ecbnh, \u0111\u01b0\u1ee3c duy tr\u00ec v\u00e0 c\u00f3 \u0111\u1ed9 tin c\u1eady cao.<\/li>\n\n\n\n<li>T\u00f9y ch\u1ec9nh khi c\u1ea7n thi\u1ebft, v\u00ed d\u1ee5 khi c\u1ea7n th\u00eam ph\u1ea7n m\u1ec1m, config ho\u1eb7c c\u00f4ng c\u1ee5 ri\u00eang (nh\u01b0 curl, c\u1ea5u tr\u00fac th\u01b0 m\u1ee5c t\u00f9y ch\u1ec9nh&#8230;). Khi \u0111\u00f3, t\u00f4i t\u1ef1 build Image d\u1ef1a tr\u00ean Official, v\u00e0 \u0111\u1ea3m b\u1ea3o c\u00f3 Dockerfile r\u00f5 r\u00e0ng c\u00f9ng quy tr\u00ecnh ki\u1ec3m th\u1eed th\u00edch h\u1ee3p<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-lam-th\u1ebf-nao-d\u1ec3-l\u01b0u-log-c\u1ee7a-container-vao-t\u1eadp-tin\"><strong>L\u00e0m th\u1ebf n\u00e0o \u0111\u1ec3 l\u01b0u log c\u1ee7a Container v\u00e0o t\u1eadp tin?<\/strong><\/h3>\n\n\n\n<p>\u0110\u1ec3 l\u01b0u log t\u1eeb Container Docker v\u00e0o m\u1ed9t t\u1ec7p tr\u00ean h\u1ec7 th\u1ed1ng, t\u00f4i s\u1eed d\u1ee5ng m\u1ed9t s\u1ed1 ph\u01b0\u01a1ng ph\u00e1p ph\u1ed5 bi\u1ebfn, tu\u1ef3 v\u00e0o m\u1ee5c \u0111\u00edch s\u1eed d\u1ee5ng v\u00e0 m\u00f4i tr\u01b0\u1eddng tri\u1ec3n khai:<\/p>\n\n\n\n<p><strong>Redirect log d\u1eef li\u1ec7u qua l\u1ec7nh docker logs<\/strong><\/p>\n\n\n\n<p>C\u00e1ch \u0111\u01a1n gi\u1ea3n nh\u1ea5t: s\u1eed d\u1ee5ng l\u1ec7nh docker logs \u0111\u1ec3 l\u1ea5y to\u00e0n b\u1ed9 output (stdout v\u00e0 stderr), r\u1ed3i chuy\u1ec3n h\u01b0\u1edbng v\u00e0o file:&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker logs &lt;Container_name_or_id&gt; &gt; Container.log<\/code><\/pre>\n\n\n\n<p>Ho\u1eb7c \u0111\u1ec3 theo d\u00f5i logs \u0111\u1ea7u ra theo th\u1eddi gian th\u1ef1c v\u00e0 l\u01b0u:&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker logs -f &lt;Container_name_or_id&gt; &gt; Container_follow.log<\/code><\/pre>\n\n\n\n<p>T\u00f4i c\u0169ng c\u00f3 th\u1ec3 l\u01b0u c\u1ea3 stdout l\u1eabn stderr c\u00f9ng l\u00fac b\u1eb1ng &amp;&gt;: docker logs &lt;Container&gt; &amp;&gt; Container_all.log<\/p>\n\n\n\n<p>\u0110\u1ec3 l\u01b0u logs v\u1edbi timestamp v\u00e0 filter theo th\u1eddi gian:&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker logs --timestamps --since=\"2024-01-01\" &lt;Container&gt; &gt; Container_timestamped.log<\/code><\/pre>\n\n\n\n<p><strong>C\u1ea5u h\u00ecnh Docker logging driver \u0111\u1ec3 vi\u1ebft log v\u00e0o file<\/strong><\/p>\n\n\n\n<p>T\u00f4i cho Docker t\u1ef1 \u0111\u1ed9ng l\u01b0u log v\u00e0o file v\u1edbi &#8211;log-driver v\u00e0 tu\u1ef3 ch\u1ecdn &#8211;log-opt. V\u00ed d\u1ee5 s\u1eed d\u1ee5ng driver json-file v\u00e0 b\u1eadt log rotation \u0111\u1ec3 qu\u1ea3n l\u00fd k\u00edch th\u01b0\u1edbc log:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker run -d \\\n\u00a0\u00a0--log-driver=json-file \\\n\u00a0\u00a0--log-opt max-size=10m \\\n\u00a0\u00a0--log-opt max-file=3 \\\n\u00a0\u00a0your_Image<\/code><\/pre>\n\n\n\n<p>L\u1ec7nh n\u00e0y s\u1ebd l\u01b0u log v\u00e0o c\u00e1c file JSON t\u1ef1 \u0111\u1ed9ng xoay khi \u0111\u1ea1t k\u00edch th\u01b0\u1edbc t\u1ed1i \u0111a. Logs \u0111\u01b0\u1ee3c l\u01b0u t\u1ea1i \u0111\u01b0\u1eddng d\u1eabn nh\u01b0:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/var\/lib\/docker\/Containers\/&lt;Container-id>\/&lt;Container-id>-json.log<\/code><\/pre>\n\n\n\n<p><strong>Ghi log tr\u1ef1c ti\u1ebfp trong c\u00e2u l\u1ec7nh kh\u1edfi \u0111\u1ed9ng \u1ee9ng d\u1ee5ng<\/strong><\/p>\n\n\n\n<p>T\u00f4i redirect output n\u1ed9i b\u1ed9 ngay trong Dockerfile b\u1eb1ng l\u1ec7nh:&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker run my-Image bash -c \"myapp &gt;&gt; \/path\/to\/logs\/app.log 2&gt;&amp;1\"<\/code><\/pre>\n\n\n\n<p>Ho\u1eb7c d\u00f9ng entrypoint script \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o ti\u1ebfn tr\u00ecnh ch\u00ednh l\u00e0 PID 1 v\u00e0 log ghi v\u00e0o t\u1ec7p m\u1ed9t c\u00e1ch g\u1ecdn g\u00e0ng:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#!\/bin\/sh\nexec >\/log\/stdout.log\nexec 2>\/log\/stderr.log\nexec \"$@\"<\/code><\/pre>\n\n\n\n<p>Kinh nghi\u1ec7m th\u1ef1c t\u1ebf:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>L\u1ec7nh docker logs r\u1ea5t ti\u1ec7n khi ch\u1ec9 c\u1ea7n xu\u1ea5t log m\u1ed9t l\u1ea7n ho\u1eb7c theo d\u00f5i t\u1ea1m th\u1eddi.<\/li>\n\n\n\n<li>C\u1ea5u h\u00ecnh logging driver gi\u00fap l\u01b0u log d\u00e0i h\u1ea1n, c\u00f3 rotation, v\u00e0 t\u1ef1 \u0111\u1ed9ng h\u00f3a gi\u00e1m s\u00e1t.<\/li>\n\n\n\n<li>Redirect tr\u1ef1c ti\u1ebfp trong Container ph\u00f9 h\u1ee3p khi t\u00f4i mu\u1ed1n ki\u1ec3m so\u00e1t ch\u00ednh x\u00e1c file log ngay t\u1eeb \u0111\u1ea7u.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-lam-sao-d\u1ec3-ki\u1ec3m-soat-version-c\u1ee7a-image-trong-moi-tr\u01b0\u1eddng-staging-va-production\"><strong>L\u00e0m sao \u0111\u1ec3 ki\u1ec3m so\u00e1t version c\u1ee7a Image trong m\u00f4i tr\u01b0\u1eddng staging v\u00e0 production?<\/strong><\/h3>\n\n\n\n<p>\u0110\u1ec3 \u0111\u1ea3m b\u1ea3o t\u00ednh nh\u1ea5t qu\u00e1n v\u00e0 ki\u1ec3m so\u00e1t ch\u1eb7t ch\u1ebd gi\u1eefa m\u00f4i tr\u01b0\u1eddng staging v\u00e0 production, t\u00f4i th\u01b0\u1eddng \u00e1p d\u1ee5ng c\u00e1c chi\u1ebfn l\u01b0\u1ee3c sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Tag theo phi\u00ean b\u1ea3n r\u00f5 r\u00e0ng, tr\u00e1nh d\u00f9ng latest<\/strong><\/li>\n<\/ul>\n\n\n\n<p>H\u1ea1n ch\u1ebf s\u1eed d\u1ee5ng tag latest v\u00ec kh\u00f4ng ph\u1ea3n \u00e1nh r\u00f5 r\u00e0ng Image n\u00e0o \u0111ang \u0111\u01b0\u1ee3c d\u00f9ng. Thay v\u00e0o \u0111\u00f3, s\u1eed d\u1ee5ng version c\u1ee5 th\u1ec3 (v\u00ed d\u1ee5: 1.2.0, dev-abc123) ho\u1eb7c theo commit hash:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>REV=$(git rev-parse --short HEAD)\n\ndocker build -t myapp:$REV .\n\ndocker push myapp:$REV<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Promote Image qua t\u1eebng m\u00f4i tr\u01b0\u1eddng thay v\u00ec rebuild<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Sau khi test \u1edf staging, thay v\u00ec build l\u1ea1i, t\u00f4i retag v\u00e0 push l\u1ea1i Image sang m\u00f4i tr\u01b0\u1eddng production:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker tag myapp:staging-abc123 myapp:prod-abc123\n\ndocker push myapp:prod-abc123<\/code><\/pre>\n\n\n\n<p>C\u00e1ch l\u00e0m n\u00e0y \u0111\u1ea3m b\u1ea3o production ch\u1ea1y \u0111\u00fang Image \u0111\u00e3 \u0111\u01b0\u1ee3c ki\u1ec3m th\u1eed \u1edf staging.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u00c1p d\u1ee5ng CI\/CD \u0111\u1ec3 ki\u1ec3m so\u00e1t version v\u00e0 tri\u1ec3n khai theo pipeline<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Thay v\u00ec thao t\u00e1c th\u1ee7 c\u00f4ng, n\u00ean s\u1eed d\u1ee5ng CI\/CD pipeline (nh\u01b0 GitLab CI, GitHub Actions&#8230;) \u0111\u1ec3 t\u1ef1 \u0111\u1ed9ng h\u00f3a qu\u00e1 tr\u00ecnh build \u2013 tag \u2013 test \u2013 promote Image.&nbsp;<\/p>\n\n\n\n<p>V\u00ed d\u1ee5:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Khi merge v\u00e0o branch develop, pipeline s\u1ebd build Image v\u00e0 tag l\u00e0 staging-{commit} \u2192 push l\u00ean staging registry.<\/li>\n\n\n\n<li>Khi merge v\u00e0o main, pipeline retag l\u1ea1i Image \u0111\u00f3 l\u00e0 prod-{commit} \u2192 push sang production registry.<\/li>\n<\/ul>\n\n\n\n<p>Pipeline gi\u00fap \u0111\u1ea3m b\u1ea3o Image d\u00f9ng \u1edf production lu\u00f4n \u0111\u1ed3ng nh\u1ea5t v\u1edbi Image \u0111\u00e3 \u0111\u01b0\u1ee3c ki\u1ec3m th\u1eed \u1edf staging, gi\u1ea3m thi\u1ec3u r\u1ee7i ro v\u00e0 \u0111\u1ea3m b\u1ea3o traceability.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>S\u1eed d\u1ee5ng Image digest \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o t\u00ednh b\u1ea5t bi\u1ebfn tuy\u1ec7t \u0111\u1ed1i<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Ngo\u00e0i tag, c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng digest (SHA256) \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o production lu\u00f4n d\u00f9ng \u0111\u00fang Image \u0111\u00e3 ki\u1ec3m th\u1eed:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker pull myapp@sha256:&lt;digest><\/code><\/pre>\n\n\n\n<p>Digest gi\u00fap ng\u0103n t\u00ecnh tr\u1ea1ng Image b\u1ecb thay \u0111\u1ed5i sau khi \u0111\u00e3 tag, ph\u00f9 h\u1ee3p v\u1edbi y\u00eau c\u1ea7u b\u1ea3o m\u1eadt v\u00e0 t\u00ednh \u1ed5n \u0111\u1ecbnh.<\/p>\n\n\n\n<p>T\u00f3m t\u1eaft:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>M\u00f4i tr\u01b0\u1eddng<\/strong><\/td><td><strong>C\u00e1ch qu\u1ea3n l\u00fd Image<\/strong><\/td><\/tr><tr><td>Staging<\/td><td>Tag theo commit\/version, \u0111\u1ea9y l\u00ean registry staging<\/td><\/tr><tr><td>Production<\/td><td>Retag t\u1eeb staging ho\u1eb7c deploy theo digest \u0111\u00e3 ki\u1ec3m th\u1eed<\/td><\/tr><tr><td>C\u1ea3 hai env<\/td><td>T\u00edch h\u1ee3p CI\/CD \u0111\u1ec3 t\u1ef1 \u0111\u1ed9ng h\u00f3a versioning v\u00e0 ki\u1ec3m so\u00e1t<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-k\u1ebft-lu\u1eadn\"><span class=\"ez-toc-section\" id=\"Ket_luan\"><\/span><strong>K\u1ebft lu\u1eadn<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Hy v\u1ecdng r\u1eb1ng b\u1ed9 30+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker m\u1edbi nh\u1ea5t tr\u00ean \u0111\u00e2y \u0111\u00e3 gi\u00fap b\u1ea1n n\u1eafm v\u1eefng ki\u1ebfn th\u1ee9c c\u1ed1t l\u00f5i v\u00e0 chu\u1ea9n b\u1ecb t\u1ef1 tin h\u01a1n cho bu\u1ed5i ph\u1ecfng v\u1ea5n s\u1eafp t\u1edbi. T\u1eeb c\u00e1c kh\u00e1i ni\u1ec7m c\u01a1 b\u1ea3n \u0111\u1ebfn k\u1ef9 thu\u1eadt tri\u1ec3n khai CI\/CD, b\u1ea3o m\u1eadt Image v\u00e0 x\u1eed l\u00fd s\u1ef1 c\u1ed1 Container, m\u1ecdi n\u1ed9i dung \u0111\u1ec1u \u0111\u01b0\u1ee3c ch\u1ecdn l\u1ecdc k\u1ef9 l\u01b0\u1ee1ng nh\u1eb1m \u0111\u00e1p \u1ee9ng y\u00eau c\u1ea7u tuy\u1ec3n d\u1ee5ng th\u1ef1c t\u1ebf. H\u00e3y b\u1eaft \u0111\u1ea7u luy\u1ec7n t\u1eadp ngay h\u00f4m nay \u0111\u1ec3 s\u1eb5n s\u00e0ng chinh ph\u1ee5c m\u1ecdi c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker m\u1ed9t c\u00e1ch hi\u1ec7u qu\u1ea3 nh\u1ea5t.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Trong k\u1ef7 nguy\u00ean c\u1ee7a \u0111i\u1ec7n to\u00e1n \u0111\u00e1m m\u00e2y v\u00e0 t\u1ef1 \u0111\u1ed9ng h\u00f3a, Docker \u0111\u00e3 tr\u1edf th\u00e0nh c\u00f4ng c\u1ee5 c\u1ed1t l\u00f5i gi\u00fap c\u00e1c k\u1ef9 s\u01b0 ph\u1ea7n m\u1ec1m x\u00e2y d\u1ef1ng, \u0111\u00f3ng g\u00f3i v\u00e0 tri\u1ec3n khai \u1ee9ng d\u1ee5ng m\u1ed9t c\u00e1ch linh ho\u1ea1t, nhanh ch\u00f3ng v\u00e0 \u0111\u1ed3ng nh\u1ea5t tr\u00ean nhi\u1ec1u m\u00f4i tr\u01b0\u1eddng kh\u00e1c nhau. Vi\u1ec7c hi\u1ec3u v\u00e0 th\u00e0nh th\u1ea1o [&hellip;]<\/p>\n","protected":false},"author":214,"featured_media":91287,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gspb_post_css":"","footnotes":""},"categories":[109,105],"tags":[],"class_list":["post-91284","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-chuyen-mon-it","category-phong-van-it"],"blocksy_meta":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.8 (Yoast SEO v27.7) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Top 30+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker t\u1eeb c\u01a1 b\u1ea3n \u0111\u1ebfn n\u00e2ng cao - ITviec Blog<\/title>\n<meta name=\"description\" content=\"L\u01b0u ngay 30+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker t\u1eeb\u01b0 Dockerfile, Compose, CI\/CD, b\u1ea3o m\u1eadt v\u00e0 nhi\u1ec1u k\u1ef9 n\u0103ng quan tr\u1ecdng kh\u00e1c cho bu\u1ed5i ph\u1ecfng v\u1ea5n.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/\" \/>\n<meta property=\"og:locale\" content=\"vi_VN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Top 30+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker t\u1eeb c\u01a1 b\u1ea3n \u0111\u1ebfn n\u00e2ng cao\" \/>\n<meta property=\"og:description\" content=\"Trong k\u1ef7 nguy\u00ean c\u1ee7a \u0111i\u1ec7n to\u00e1n \u0111\u00e1m m\u00e2y v\u00e0 t\u1ef1 \u0111\u1ed9ng h\u00f3a, Docker \u0111\u00e3 tr\u1edf th\u00e0nh c\u00f4ng c\u1ee5 c\u1ed1t l\u00f5i gi\u00fap c\u00e1c k\u1ef9 s\u01b0 ph\u1ea7n m\u1ec1m x\u00e2y d\u1ef1ng, \u0111\u00f3ng g\u00f3i v\u00e0 tri\u1ec3n khai \u1ee9ng\" \/>\n<meta property=\"og:url\" content=\"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/\" \/>\n<meta property=\"og:site_name\" content=\"ITviec Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ITviec\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-12T07:32:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-12T08:44:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/09\/cau-hoi-phong-van-docker-scaled.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1347\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Hi\u1ebfu Phan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ITviec\" \/>\n<meta name=\"twitter:site\" content=\"@ITviec\" \/>\n<meta name=\"twitter:label1\" content=\"\u0110\u01b0\u1ee3c vi\u1ebft b\u1edfi\" \/>\n\t<meta name=\"twitter:data1\" content=\"Hi\u1ebfu Phan\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u01af\u1edbc t\u00ednh th\u1eddi gian \u0111\u1ecdc\" \/>\n\t<meta name=\"twitter:data2\" content=\"67 ph\u00fat\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Top 30+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker t\u1eeb c\u01a1 b\u1ea3n \u0111\u1ebfn n\u00e2ng cao - ITviec Blog","description":"L\u01b0u ngay 30+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker t\u1eeb\u01b0 Dockerfile, Compose, CI\/CD, b\u1ea3o m\u1eadt v\u00e0 nhi\u1ec1u k\u1ef9 n\u0103ng quan tr\u1ecdng kh\u00e1c cho bu\u1ed5i ph\u1ecfng v\u1ea5n.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/","og_locale":"vi_VN","og_type":"article","og_title":"Top 30+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker t\u1eeb c\u01a1 b\u1ea3n \u0111\u1ebfn n\u00e2ng cao","og_description":"Trong k\u1ef7 nguy\u00ean c\u1ee7a \u0111i\u1ec7n to\u00e1n \u0111\u00e1m m\u00e2y v\u00e0 t\u1ef1 \u0111\u1ed9ng h\u00f3a, Docker \u0111\u00e3 tr\u1edf th\u00e0nh c\u00f4ng c\u1ee5 c\u1ed1t l\u00f5i gi\u00fap c\u00e1c k\u1ef9 s\u01b0 ph\u1ea7n m\u1ec1m x\u00e2y d\u1ef1ng, \u0111\u00f3ng g\u00f3i v\u00e0 tri\u1ec3n khai \u1ee9ng","og_url":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/","og_site_name":"ITviec Blog","article_publisher":"https:\/\/www.facebook.com\/ITviec","article_published_time":"2025-09-12T07:32:35+00:00","article_modified_time":"2025-09-12T08:44:28+00:00","og_image":[{"width":2560,"height":1347,"url":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/09\/cau-hoi-phong-van-docker-scaled.png","type":"image\/png"}],"author":"Hi\u1ebfu Phan","twitter_card":"summary_large_image","twitter_creator":"@ITviec","twitter_site":"@ITviec","twitter_misc":{"\u0110\u01b0\u1ee3c vi\u1ebft b\u1edfi":"Hi\u1ebfu Phan","\u01af\u1edbc t\u00ednh th\u1eddi gian \u0111\u1ecdc":"67 ph\u00fat"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/#article","isPartOf":{"@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/"},"author":{"name":"Hi\u1ebfu Phan","@id":"https:\/\/itviec.com\/blog\/#\/schema\/person\/d9f4dfc3237d95eb1549e5adb2ede904"},"headline":"Top 30+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker t\u1eeb c\u01a1 b\u1ea3n \u0111\u1ebfn n\u00e2ng cao","datePublished":"2025-09-12T07:32:35+00:00","dateModified":"2025-09-12T08:44:28+00:00","mainEntityOfPage":{"@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/"},"wordCount":17522,"publisher":{"@id":"https:\/\/itviec.com\/blog\/#organization"},"image":{"@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/#primaryimage"},"thumbnailUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/09\/cau-hoi-phong-van-docker-scaled.png","articleSection":["Chuy\u00ean m\u00f4n IT","Ph\u1ecfng v\u1ea5n IT"],"inLanguage":"vi"},{"@type":"WebPage","@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/","url":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/","name":"Top 30+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker t\u1eeb c\u01a1 b\u1ea3n \u0111\u1ebfn n\u00e2ng cao - ITviec Blog","isPartOf":{"@id":"https:\/\/itviec.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/#primaryimage"},"image":{"@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/#primaryimage"},"thumbnailUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/09\/cau-hoi-phong-van-docker-scaled.png","datePublished":"2025-09-12T07:32:35+00:00","dateModified":"2025-09-12T08:44:28+00:00","description":"L\u01b0u ngay 30+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker t\u1eeb\u01b0 Dockerfile, Compose, CI\/CD, b\u1ea3o m\u1eadt v\u00e0 nhi\u1ec1u k\u1ef9 n\u0103ng quan tr\u1ecdng kh\u00e1c cho bu\u1ed5i ph\u1ecfng v\u1ea5n.","breadcrumb":{"@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/#breadcrumb"},"inLanguage":"vi","potentialAction":[{"@type":"ReadAction","target":["https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/"]}]},{"@type":"ImageObject","inLanguage":"vi","@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/#primaryimage","url":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/09\/cau-hoi-phong-van-docker-scaled.png","contentUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/09\/cau-hoi-phong-van-docker-scaled.png","width":800,"height":421,"caption":"c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n docker - itviec blog"},{"@type":"BreadcrumbList","@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-docker\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Chuy\u00ean m\u00f4n IT","item":"https:\/\/itviec.com\/blog\/chuyen-mon-it\/"},{"@type":"ListItem","position":2,"name":"Top 30+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Docker t\u1eeb c\u01a1 b\u1ea3n \u0111\u1ebfn n\u00e2ng cao"}]},{"@type":"WebSite","@id":"https:\/\/itviec.com\/blog\/#website","url":"https:\/\/itviec.com\/blog\/","name":"ITviec Blog","description":"IT Jobs &amp; People in Vietnam","publisher":{"@id":"https:\/\/itviec.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/itviec.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"vi"},{"@type":"Organization","@id":"https:\/\/itviec.com\/blog\/#organization","name":"ITviec","url":"https:\/\/itviec.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"vi","@id":"https:\/\/itviec.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2018\/12\/itviec-black-square-facebook.png","contentUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2018\/12\/itviec-black-square-facebook.png","width":1800,"height":1800,"caption":"ITviec"},"image":{"@id":"https:\/\/itviec.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ITviec","https:\/\/x.com\/ITviec","https:\/\/www.linkedin.com\/company\/itviec","https:\/\/www.youtube.com\/channel\/UCYthAQ3bcGr57M_ag5gHDvQ"]},{"@type":"Person","@id":"https:\/\/itviec.com\/blog\/#\/schema\/person\/d9f4dfc3237d95eb1549e5adb2ede904","name":"Hi\u1ebfu Phan","image":{"@type":"ImageObject","inLanguage":"vi","@id":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2024\/03\/phan-trung-hieu-author-e1709881921227-100x100.jpg","url":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2024\/03\/phan-trung-hieu-author-e1709881921227-100x100.jpg","contentUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2024\/03\/phan-trung-hieu-author-e1709881921227-100x100.jpg","caption":"Hi\u1ebfu Phan"},"url":"https:\/\/itviec.com\/blog\/author\/hieu-phan\/"}]}},"_links":{"self":[{"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/posts\/91284","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/users\/214"}],"replies":[{"embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/comments?post=91284"}],"version-history":[{"count":4,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/posts\/91284\/revisions"}],"predecessor-version":[{"id":91293,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/posts\/91284\/revisions\/91293"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/media\/91287"}],"wp:attachment":[{"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/media?parent=91284"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/categories?post=91284"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/tags?post=91284"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}