{"id":93229,"date":"2025-11-26T14:11:13","date_gmt":"2025-11-26T07:11:13","guid":{"rendered":"https:\/\/itviec.com\/blog\/?p=93229"},"modified":"2026-01-09T10:42:10","modified_gmt":"2026-01-09T03:42:10","slug":"kubernetes-architecture-la-gi","status":"publish","type":"post","link":"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/","title":{"rendered":"Kubernetes architecture: T\u00ecm hi\u1ec3u t\u1ed5ng quan A-Z cho ng\u01b0\u1eddi m\u1edbi"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed9i dung b\u00e0i vi\u1ebft<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/#Tong_quan_ve_Kubernetes_architecture\" >T\u1ed5ng quan v\u1ec1 Kubernetes architecture<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/#Cac_thanh_phan_chinh_trong_Kubernetes_architecture\" >C\u00e1c th\u00e0nh ph\u1ea7n ch\u00ednh trong Kubernetes architecture&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/#Cach_Kubernetes_architecture_van_hanh\" >C\u00e1ch Kubernetes architecture v\u1eadn h\u00e0nh<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/#Bao_mat_trong_Kubernetes_architecture_Authentication_vs_Authorization\" >B\u1ea3o m\u1eadt trong Kubernetes architecture: Authentication vs Authorization<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/#Cac_cau_hoi_thuong_gap_ve_Kubernetes_architecture\" >C\u00e1c c\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p v\u1ec1 Kubernetes architecture<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/#Tong_ket\" >T\u1ed5ng k\u1ebft<\/a><\/li><\/ul><\/nav><\/div>\n\n<p><strong><em>N\u1ebfu b\u1ea1n t\u1eebng th\u1eafc m\u1eafc l\u00e0m th\u1ebf n\u00e0o c\u00e1c \u1ee9ng d\u1ee5ng c\u00f3 th\u1ec3 ch\u1ea1y \u1ed5n \u0111\u1ecbnh d\u00f9 n\u1eb1m tr\u00ean h\u00e0ng tr\u0103m m\u00e1y ch\u1ee7 kh\u00e1c nhau, c\u00e2u tr\u1ea3 l\u1eddi n\u1eb1m \u1edf Kubernetes architecture. \u0110\u00e2y l\u00e0 ki\u1ebfn tr\u00fac \u0111\u1ee9ng sau kh\u1ea3 n\u0103ng t\u1ef1 \u0111\u1ed9ng h\u00f3a, c\u00e2n b\u1eb1ng t\u1ea3i v\u00e0 m\u1edf r\u1ed9ng linh ho\u1ea1t c\u1ee7a Kubernetes. Hi\u1ec3u \u0111\u01b0\u1ee3c c\u00e1ch Kubernetes \u0111\u01b0\u1ee3c x\u00e2y d\u1ef1ng ch\u00ednh l\u00e0 b\u01b0\u1edbc \u0111\u1ea7u ti\u00ean \u0111\u1ec3 b\u1ea1n n\u1eafm v\u1eefng c\u00e1ch h\u1ec7 th\u1ed1ng n\u00e0y v\u1eadn h\u00e0nh trong th\u1ef1c t\u1ebf.<\/em><\/strong><\/p>\n\n\n\n<p>\u0110\u1ecdc b\u00e0i vi\u1ebft sau \u0111\u1ec3 bi\u1ebft th\u00eam v\u1ec1:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T\u1ed5ng quan v\u1ec1 Kubernetes architecture<\/li>\n\n\n\n<li>C\u00e1c th\u00e0nh ph\u1ea7n ch\u00ednh trong Kubernetes architecture<\/li>\n\n\n\n<li>C\u00e1ch Kubernetes architecture v\u1eadn h\u00e0nh&nbsp;<\/li>\n\n\n\n<li>B\u1ea3o m\u1eadt v\u00e0 ph\u00e2n quy\u1ec1n trong ki\u1ebfn tr\u00fac Kubernetes<\/li>\n\n\n\n<li>\u1ee8ng d\u1ee5ng th\u1ef1c t\u1ebf c\u1ee7a Kubernetes Architecture<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-t\u1ed5ng-quan-v\u1ec1-kubernetes-architecture\"><span class=\"ez-toc-section\" id=\"Tong_quan_ve_Kubernetes_architecture\"><\/span><strong>T\u1ed5ng quan v\u1ec1 Kubernetes architecture<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-kubernetes-architecture-la-gi\"><strong>Kubernetes architecture l\u00e0 g\u00ec?<\/strong><\/h3>\n\n\n\n<p>Kubernetes architecture \u0111\u00f3ng vai tr\u00f2 nh\u01b0 \u201cb\u1ed9 khung\u201d, x\u00e1c \u0111\u1ecbnh c\u00e1ch c\u00e1c th\u00e0nh ph\u1ea7n trong h\u1ec7 th\u1ed1ng (Control Plane, Worker Nodes, Pods, Services, ConfigMaps, Secrets v\u00e0 API Server). N\u00f3 gi\u00fap c\u00e1c th\u00e0nh ph\u1ea7n trong h\u1ec7 th\u1ed1ng Kubernetes ph\u1ed1i h\u1ee3p v\u1edbi nhau \u0111\u1ec3 tri\u1ec3n khai, gi\u00e1m s\u00e1t v\u00e0 duy tr\u00ec \u1ee9ng d\u1ee5ng container ho\u1ea1t \u0111\u1ed9ng t\u1ef1 \u0111\u1ed9ng, \u1ed5n \u0111\u1ecbnh v\u00e0 linh ho\u1ea1t.&nbsp;<\/p>\n\n\n\n<p>Hi\u1ec3u r\u00f5 Kubernetes architecture gi\u00fap b\u1ea1n n\u1eafm \u0111\u01b0\u1ee3c c\u00e1ch c\u00e1c b\u1ed9 ph\u1eadn c\u1ed1t l\u00f5i nh\u01b0 API Server, etcd, Scheduler, Kubelet, kube-proxy v\u00e0 c\u00e1c th\u00e0nh ph\u1ea7n kh\u00e1c t\u01b0\u01a1ng t\u00e1c v\u1edbi nhau. \u0110\u00e2y l\u00e0 n\u1ec1n t\u1ea3ng quan tr\u1ecdng \u0111\u1ec3 b\u1ea1n ti\u1ebfp t\u1ee5c kh\u00e1m ph\u00e1 c\u00e1ch Kubernetes m\u1edf r\u1ed9ng (scaling), c\u00e2n b\u1eb1ng t\u1ea3i (load balancing), t\u1ef1 ph\u1ee5c h\u1ed3i (self-healing) v\u00e0 b\u1ea3o m\u1eadt h\u1ec7 th\u1ed1ng.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u0110\u1ecdc chi ti\u1ebft: <strong><a href=\"https:\/\/itviec.com\/blog\/kubernetes-la-gi\/\" target=\"_blank\" rel=\"noreferrer noopener\">Kubernetes l\u00e0 g\u00ec: To\u00e0n di\u1ec7n ki\u1ebfn th\u1ee9c Kubernetes n\u1ec1n t\u1ea3ng c\u1ea7n bi\u1ebft<\/a><\/strong><\/em><\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-vai-tro-c\u1ee7a-kubernetes-architecture-nbsp\"><strong>Vai tr\u00f2 c\u1ee7a Kubernetes architecture&nbsp;<\/strong><\/h3>\n\n\n\n<p>Nh\u1edd ki\u1ebfn tr\u00fac n\u00e0y, Kubernetes c\u00f3 th\u1ec3 x\u1eed l\u00fd nhi\u1ec1u m\u00e1y ch\u1ee7 (nodes), \u0111\u1ea3m b\u1ea3o n\u1ebfu m\u1ed9t node g\u1eb7p s\u1ef1 c\u1ed1, c\u00e1c \u1ee9ng d\u1ee5ng v\u1eabn ti\u1ebfp t\u1ee5c ch\u1ea1y v\u00e0 \u0111\u01b0\u1ee3c ph\u1ee5c h\u1ed3i nhanh ch\u00f3ng. Vi\u1ec7c qu\u1ea3n l\u00fd h\u00e0ng tr\u0103m, th\u1eadm ch\u00ed h\u00e0ng ngh\u00ecn container tr\u1edf n\u00ean d\u1ec5 d\u00e0ng h\u01a1n.<\/p>\n\n\n\n<p>C\u1ee5 th\u1ec3 vai tr\u00f2 c\u1ee7a Kubernetes architecture l\u00e0:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T\u1ef1 \u0111\u1ed9ng \u0111i\u1ec1u ph\u1ed1i t\u00e0i nguy\u00ean, ph\u00e2n b\u1ed5 container \u0111\u1ebfn c\u00e1c node ph\u00f9 h\u1ee3p tr\u00ean c\u00e1c y\u00eau c\u1ea7u v\u1ec1 t\u00e0i nguy\u00ean (CPU, memory) v\u00e0 r\u00e0ng bu\u1ed9c (constraints, affinity rules).<\/li>\n\n\n\n<li>\u0110\u1ea3m b\u1ea3o t\u00ednh s\u1eb5n s\u00e0ng cao (High Availability): Khi m\u1ed9t node g\u1eb7p s\u1ef1 c\u1ed1, workload \u0111\u01b0\u1ee3c t\u1ef1 \u0111\u1ed9ng chuy\u1ec3n sang node kh\u00e1c th\u00f4ng qua c\u01a1 ch\u1ebf reschedule c\u1ee7a Scheduler.<\/li>\n\n\n\n<li>T\u1ef1 ph\u1ee5c h\u1ed3i (self-healing) khi \u1ee9ng d\u1ee5ng b\u1ecb l\u1ed7i ho\u1eb7c pod b\u1ecb m\u1ea5t k\u1ebft n\u1ed1i b\u1eb1ng c\u00e1ch t\u1ef1 \u0111\u1ed9ng restart pod, thay th\u1ebf pod b\u1ecb l\u1ed7i, ho\u1eb7c kill c\u00e1c pod kh\u00f4ng ph\u1ea3n h\u1ed3i health check.<\/li>\n\n\n\n<li>M\u1edf r\u1ed9ng linh ho\u1ea1t (auto-scaling) t\u00f9y theo nhu c\u1ea7u th\u1ef1c t\u1ebf th\u00f4ng qua Horizontal Pod Autoscaler (HPA), Vertical Pod Autoscaler (VPA), v\u00e0 Cluster Autoscaler.<\/li>\n<\/ul>\n\n\n\n<p>N\u00f3i c\u00e1ch kh\u00e1c, ki\u1ebfn tr\u00fac Kubernetes ch\u00ednh l\u00e0 n\u1ec1n t\u1ea3ng gi\u00fap ng\u01b0\u1eddi d\u00f9ng v\u1eadn h\u00e0nh h\u1ec7 th\u1ed1ng container \u1edf quy m\u00f4 l\u1edbn m\u00e0 v\u1eabn \u0111\u1ea3m b\u1ea3o t\u00ednh \u1ed5n \u0111\u1ecbnh, hi\u1ec7u su\u1ea5t v\u00e0 b\u1ea3o m\u1eadt cao.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cac-thanh-ph\u1ea7n-chinh-trong-kubernetes-architecture-nbsp\"><span class=\"ez-toc-section\" id=\"Cac_thanh_phan_chinh_trong_Kubernetes_architecture\"><\/span><strong>C\u00e1c th\u00e0nh ph\u1ea7n ch\u00ednh trong Kubernetes architecture&nbsp;<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Kubernetes c\u00f3 ki\u1ebfn tr\u00fac ph\u00e2n t\u1ea7ng (layered architecture) v\u1edbi hai ph\u1ea7n ch\u00ednh: <strong>Control Plane <\/strong>(m\u00e1y ch\u1ee7 \u0111i\u1ec1u khi\u1ec3n) v\u00e0 <strong>Worker Nodes<\/strong> (m\u00e1y ch\u1ee7 th\u1ef1c thi). M\u1ed7i ph\u1ea7n ch\u1ee9a c\u00e1c th\u00e0nh ph\u1ea7n ri\u00eang bi\u1ec7t \u0111\u1ea3m nh\u1eadn c\u00e1c nhi\u1ec7m v\u1ee5 c\u1ee5 th\u1ec3 \u0111\u1ec3 qu\u1ea3n l\u00fd v\u00e0 v\u1eadn h\u00e0nh container m\u1ed9t c\u00e1ch hi\u1ec7u qu\u1ea3.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"500\" src=\"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/11\/image-9-640x500.png\" alt=\"\" class=\"wp-image-93230\" srcset=\"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/11\/image-9-640x500.png 640w, https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/11\/image-9-300x234.png 300w, https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/11\/image-9-200x156.png 200w, https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/11\/image-9-768x600.png 768w, https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/11\/image-9.png 800w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/figure>\n\n\n\n<p class=\"has-text-align-center\"><em>Ngu\u1ed3n: Platform9<\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-control-plane-vung-di\u1ec1u-khi\u1ec3n\"><strong>Control Plane (v\u00f9ng \u0111i\u1ec1u khi\u1ec3n)<\/strong><\/h3>\n\n\n\n<p>Control Plane l\u00e0 trung t\u00e2m qu\u1ea3n l\u00fd logic c\u1ee7a cluster &#8211; n\u01a1i ra quy\u1ebft \u0111\u1ecbnh, gi\u00e1m s\u00e1t v\u00e0 \u0111i\u1ec1u ph\u1ed1i tr\u1ea1ng th\u00e1i c\u1ee7a h\u1ec7 th\u1ed1ng.&nbsp;<\/p>\n\n\n\n<p>C\u00e1c th\u00e0nh ph\u1ea7n c\u1ee7a Control Plane:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>API Server (kube-apiserver):<\/strong> L\u00e0 c\u1eeda ng\u00f5 ch\u00ednh (entry-point) v\u00e0 frontend c\u1ee7a Control Plane \u0111\u1ec3 nh\u1eadn c\u00e1c y\u00eau c\u1ea7u t\u1eeb ng\u01b0\u1eddi d\u00f9ng (qua kubectl ho\u1eb7c c\u00e1c c\u00f4ng c\u1ee5 kh\u00e1c), x\u00e1c th\u1ef1c &amp; ph\u00e2n ph\u1ed1i ch\u00fang t\u1edbi c\u00e1c th\u00e0nh ph\u1ea7n kh\u00e1c trong cluster. T\u1ea5t c\u1ea3 c\u00e1c th\u00e0nh ph\u1ea7n kh\u00e1c \u0111\u1ec1u giao ti\u1ebfp qua API Server.<\/li>\n\n\n\n<li><strong>etcd:<\/strong> Kho l\u01b0u tr\u1eef key-value ph\u00e2n t\u00e1n c\u00f3 t\u00ednh nh\u1ea5t qu\u00e1n cao (consistent) gi\u1eef tr\u1ea1ng th\u00e1i v\u00e0 c\u1ea5u h\u00ecnh c\u1ee7a cluster; m\u1ecdi thay \u0111\u1ed5i tr\u1ea1ng th\u00e1i \u0111\u01b0\u1ee3c ghi t\u1ea1i \u0111\u00e2y nh\u01b0 l\u00e0 ngu\u1ed3n ch\u00e2n th\u1ef1c (source of truth). etcd s\u1eed d\u1ee5ng thu\u1eadt to\u00e1n Raft consensus \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o t\u00ednh nh\u1ea5t qu\u00e1n d\u1eef li\u1ec7u. Ch\u1ec9 API Server m\u1edbi giao ti\u1ebfp tr\u1ef1c ti\u1ebfp v\u1edbi etcd.<\/li>\n\n\n\n<li><strong>Scheduler (kube-scheduler)<\/strong>: Ch\u1ecbu tr\u00e1ch nhi\u1ec7m l\u1ef1a ch\u1ecdn node ph\u00f9 h\u1ee3p cho c\u00e1c Pod ch\u01b0a \u0111\u01b0\u1ee3c ph\u00e2n b\u1ed5, d\u1ef1a tr\u00ean t\u00e0i nguy\u00ean kh\u1ea3 d\u1ee5ng (CPU, memory), quy t\u1eafc affinity\/anti-affinity r\u00e0ng bu\u1ed9c, h\u1ea1n ch\u1ebf, v\u00e0 ch\u00ednh s\u00e1ch \u0111\u00e3 \u0111\u1ecbnh.<\/li>\n\n\n\n<li><strong>Controller Manager (kube-controller-manager)<\/strong>: Ch\u1ea1y c\u00e1c controller&nbsp; (v\u00ed d\u1ee5: Node Controller, Replication Controller, Deployment Controller,Service Controller, Endpoint Controller\u2026) \u2013 nh\u1eefng th\u00e0nh ph\u1ea7n \u0111\u1ea3m b\u1ea3o tr\u1ea1ng th\u00e1i th\u1ef1c t\u1ebf c\u1ee7a cluster kh\u1edbp v\u1edbi tr\u1ea1ng th\u00e1i mong mu\u1ed1n (v\u00ed d\u1ee5: gi\u1eef s\u1ed1 l\u01b0\u1ee3ng Pod, qu\u1ea3n l\u00fd node).<\/li>\n<\/ul>\n\n\n\n<p>Ngo\u00e0i ra c\u00f2n c\u00f3 <strong>cloud-controller-manager <\/strong>(tu\u1ef3 ch\u1ecdn, n\u1ebfu ch\u1ea1y tr\u00ean m\u00f4i tr\u01b0\u1eddng cloud): Th\u1ef1c hi\u1ec7n c\u00e1c t\u00e1c v\u1ee5 t\u01b0\u01a1ng t\u00e1c v\u1edbi nh\u00e0 cung c\u1ea5p \u0111\u00e1m m\u00e2y, ch\u1eb3ng h\u1ea1n qu\u1ea3n l\u00fd load balancer, g\u1eafn volume, ho\u1eb7c ki\u1ec3m tra t\u00e0i nguy\u00ean cloud.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-control-plane-vs-data-plane-co-gi-khac-nhau\"><strong>Control Plane vs Data Plane c\u00f3 g\u00ec kh\u00e1c nhau?<\/strong><\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Ti\u00eau ch\u00ed<\/strong><\/td><td><strong>Control Plane<\/strong><\/td><td><strong>Data Plan<\/strong><\/td><\/tr><tr><td>Vai tr\u00f2 ch\u00ednh<\/td><td>L\u00e0 \u201cb\u1ed9 n\u00e3o\u201d trong Kubernetes architecture \u2013 qu\u1ea3n l\u00fd, \u0111i\u1ec1u ph\u1ed1i v\u00e0 duy tr\u00ec tr\u1ea1ng th\u00e1i mong mu\u1ed1n c\u1ee7a cluster<\/td><td>L\u00e0 \u201cc\u00e1nh tay\u201d th\u1ef1c thi \u2013 n\u01a1i c\u00e1c container v\u00e0 \u1ee9ng d\u1ee5ng th\u1ef1c t\u1ebf \u0111\u01b0\u1ee3c ch\u1ea1y<\/td><\/tr><tr><td>V\u1ecb tr\u00ed ho\u1ea1t \u0111\u1ed9ng<\/td><td>Ch\u1ea1y tr\u00ean c\u00e1c Master Nodes ho\u1eb7c c\u00e1c node chuy\u00ean bi\u1ec7t d\u00e0nh cho \u0111i\u1ec1u khi\u1ec3n<\/td><td>Ch\u1ea1y tr\u00ean c\u00e1c Worker Nodes trong cluster<\/td><\/tr><tr><td>Nhi\u1ec7m v\u1ee5 ch\u00ednh<\/td><td>Ra quy\u1ebft \u0111\u1ecbnh, l\u1eadp k\u1ebf ho\u1ea1ch, gi\u00e1m s\u00e1t v\u00e0 \u0111i\u1ec1u ph\u1ed1i t\u00e0i nguy\u00ean<\/td><td>Th\u1ef1c hi\u1ec7n l\u1ec7nh t\u1eeb Control Plane, ch\u1ea1y v\u00e0 gi\u00e1m s\u00e1t c\u00e1c container<\/td><\/tr><tr><td>Th\u00e0nh ph\u1ea7n ti\u00eau bi\u1ec3u<\/td><td>&#8211; API Server<br>&#8211; etcd<br>&#8211; Controller Manager<br>&#8211; Scheduler<br>&#8211; Cloud Controller Manager<\/td><td>&#8211; Kubelet<br>&#8211; Kube-proxy<br>&#8211; Container Runtime<br>&#8211; Pods<\/td><\/tr><tr><td>M\u1ee9c \u0111\u1ed9 t\u01b0\u01a1ng t\u00e1c<\/td><td>Nh\u1eadn y\u00eau c\u1ea7u t\u1eeb ng\u01b0\u1eddi d\u00f9ng v\u00e0 giao ti\u1ebfp v\u1edbi Data Plane \u0111\u1ec3 tri\u1ec3n khai ho\u1eb7c \u0111i\u1ec1u ch\u1ec9nh \u1ee9ng d\u1ee5ng<\/td><td>G\u1eedi b\u00e1o c\u00e1o tr\u1ea1ng th\u00e1i v\u00e0 ph\u1ea3n h\u1ed3i l\u1ea1i c\u00e1c l\u1ec7nh t\u1eeb Control Plane<\/td><\/tr><tr><td>\u1ea2nh h\u01b0\u1edfng khi g\u1eb7p s\u1ef1 c\u1ed1<\/td><td>N\u1ebfu Control Plane ng\u1eebng ho\u1ea1t \u0111\u1ed9ng, cluster t\u1ea1m th\u1eddi kh\u00f4ng th\u1ec3 tri\u1ec3n khai m\u1edbi ho\u1eb7c \u0111i\u1ec1u ph\u1ed1i t\u00e0i nguy\u00ean nh\u01b0ng workload hi\u1ec7n t\u1ea1i v\u1eabn ti\u1ebfp t\u1ee5c ch\u1ea1y<\/td><td>Kh\u00f4ng th\u1ec3 tri\u1ec3n khai m\u1edbi ho\u1eb7c \u0111i\u1ec1u ph\u1ed1i t\u00e0i nguy\u00eanN\u1ebfu Data Plane g\u1eb7p s\u1ef1 c\u1ed1, c\u00e1c Pod tr\u00ean node \u0111\u00f3 c\u00f3 th\u1ec3 b\u1ecb m\u1ea5t, nh\u01b0ng Control Plane s\u1ebd t\u1ef1 kh\u00f4i ph\u1ee5c b\u1eb1ng c\u00e1ch t\u1ea1o Pod m\u1edbi<\/td><\/tr><tr><td>M\u1ee5c ti\u00eau thi\u1ebft k\u1ebf<\/td><td>Duy tr\u00ec tr\u1ea1ng th\u00e1i mong mu\u1ed1n c\u1ee7a h\u1ec7 th\u1ed1ng (declarative state management)<\/td><td>\u0110\u1ea3m b\u1ea3o workload ch\u1ea1y \u1ed5n \u0111\u1ecbnh, hi\u1ec7u su\u1ea5t cao<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>T\u00f3m l\u1ea1i: Control Plane gi\u1ed1ng nh\u01b0 \u201ctrung t\u00e2m ch\u1ec9 huy\u201d c\u1ee7a Kubernetes. C\u00f2n Data Plane gi\u1ed1ng nh\u01b0 \u201cc\u00e1c \u0111\u1ed9i thi c\u00f4ng\u201d th\u1ef1c hi\u1ec7n nhi\u1ec7m v\u1ee5 do trung t\u00e2m giao xu\u1ed1ng.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-worker-nodes-vung-d\u1eef-li\u1ec7u-x\u1eed-ly-cong-vi\u1ec7c\"><strong>Worker Nodes (v\u00f9ng d\u1eef li\u1ec7u \/ x\u1eed l\u00fd c\u00f4ng vi\u1ec7c)<\/strong><\/h3>\n\n\n\n<p>Worker Nodes l\u00e0 n\u01a1i th\u1ef1c thi \u1ee9ng d\u1ee5ng th\u1ef1c t\u1ebf (workloads). M\u1ed7i node trong l\u1edbp n\u00e0y c\u1ea7n c\u00f3 c\u00e1c th\u00e0nh ph\u1ea7n sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>kubelet<\/strong>: L\u00e0 agent ch\u1ea1y tr\u00ean m\u1ed7i Worker Node. Kubelet nh\u1eadn ch\u1ec9 th\u1ecb t\u1eeb Control Plane th\u00f4ng qua API Server v\u00e0 \u0111\u1ea3m b\u1ea3o r\u1eb1ng c\u00e1c container \u0111\u01b0\u1ee3c ch\u1ea1y \u0111\u00fang theo \u0111\u1ecbnh ngh\u0129a Pod, b\u00e1o c\u00e1o tr\u1ea1ng th\u00e1i node v\u00e0 Pod v\u1ec1 API Server \u0111\u1ecbnh k\u1ef3.<\/li>\n\n\n\n<li><strong>Pods<\/strong>: M\u1eb7c d\u00f9 kh\u00f4ng h\u1eb3n l\u00e0 m\u1ed9t th\u00e0nh ph\u1ea7n \u201cc\u01a1 s\u1edf h\u1ea1 t\u1ea7ng c\u1ee7a node\u201d, Pod l\u00e0 \u0111\u01a1n v\u1ecb nh\u1ecf nh\u1ea5t m\u00e0 Kubernetes tri\u1ec3n khai. M\u1ed7i Pod c\u00f3 th\u1ec3 ch\u1ee9a m\u1ed9t ho\u1eb7c nhi\u1ec1u container c\u00f9ng chia s\u1ebb m\u1ea1ng namespace, storage volumes, v\u00e0 lifecycle.<\/li>\n\n\n\n<li><strong>Container Runtime<\/strong>: Ph\u1ea7n m\u1ec1m ch\u1ecbu tr\u00e1ch nhi\u1ec7m kh\u1edfi ch\u1ea1y, d\u1eebng v\u00e0 qu\u1ea3n l\u00fd lifecycle c\u1ee7a container theo chu\u1ea9n Container Runtime Interface (CRI) (v\u00ed d\u1ee5 nh\u01b0 Docker, containerd, CRI-O). Container Runtime giao ti\u1ebfp v\u1edbi kubelet qua CRI (Container Runtime Interface). Docker \u0111\u00e3 b\u1ecb ng\u1eebng h\u1ed7 tr\u1ee3 l\u00e0m container runtime k\u1ec3 t\u1eeb Kubernetes phi\u00ean b\u1ea3n 1.20, v\u00e0 b\u1ecb lo\u1ea1i b\u1ecf ho\u00e0n to\u00e0n k\u1ec3 t\u1eeb phi\u00ean b\u1ea3n 1.24.<\/li>\n\n\n\n<li><strong>kube-proxy:<\/strong> Component m\u1ea1ng ch\u1ea1y tr\u00ean m\u1ed7i node, C\u00f4ng c\u1ee5 x\u1eed l\u00fd m\u1ea1ng, cung c\u1ea5p d\u1ecbch v\u1ee5 routing v\u00e0 load balancing n\u1ed9i b\u1ed9 cho c\u00e1c Pod. Kube-proxy theo d\u00f5i c\u00e1c service v\u00e0 t\u1ea1o c\u00e1c quy t\u1eafc iptables ho\u1eb7c s\u1eed d\u1ee5ng c\u00e1c c\u00f4ng ngh\u1ec7 m\u1ea1ng kh\u00e1c \u0111\u1ec3 chuy\u1ec3n ti\u1ebfp l\u01b0u l\u01b0\u1ee3ng \u0111\u00fang \u0111\u1ebfn c\u00e1c Pod backend.<\/li>\n<\/ul>\n\n\n\n<p><strong>Th\u00e0nh ph\u1ea7n h\u1ed7 tr\u1ee3 kh\u00e1c:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Namespaces:<\/strong> Ph\u00e2n v\u00f9ng logic trong cluster gi\u00fap chia s\u1ebb t\u00e0i nguy\u00ean, c\u00f4 l\u1eadp gi\u1eefa c\u00e1c nh\u00f3m ho\u1eb7c m\u00f4i tr\u01b0\u1eddng kh\u00e1c nhau (dev, staging, production). Default namespaces bao g\u1ed3m: default, kube-system, kube-public, kube-node-lease.<\/li>\n\n\n\n<li><strong>Volumes \/ Storage:<\/strong> Cung c\u1ea5p l\u01b0u tr\u1eef b\u1ec1n v\u1eefng cho container th\u00f4ng qua c\u00e1c lo\u1ea1i volume types (emptyDir, hostPath, PersistentVolume, etc.), gi\u00fap d\u1eef li\u1ec7u c\u00f3 th\u1ec3 t\u1ed3n t\u1ea1i qua c\u00e1c phi\u00ean b\u1ea3n ho\u1eb7c \u0111\u1eddi s\u1ed1ng Pod. StorageClass cho ph\u00e9p dynamic provisioning c\u1ee7a Persistent Volumes.<\/li>\n\n\n\n<li><strong>Services:<\/strong> Cung c\u1ea5p abstraction layer \u1ed5n \u0111\u1ecbnh \u0111\u1ec3 k\u1ebft n\u1ed1i, c\u00e2n b\u1eb1ng t\u1ea3i gi\u1eefa c\u00e1c Pod, \u0111\u1ea3m b\u1ea3o c\u00e1c Pod \u0111\u01b0\u1ee3c truy c\u1eadp \u1ed5n \u0111\u1ecbnh ngay c\u1ea3 khi IP c\u1ee7a ch\u00fang thay \u0111\u1ed5i. C\u00e1c lo\u1ea1i Service: ClusterIP (default), NodePort, LoadBalancer, ExternalName.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cach-kubernetes-architecture-v\u1eadn-hanh\"><span class=\"ez-toc-section\" id=\"Cach_Kubernetes_architecture_van_hanh\"><\/span><strong>C\u00e1ch Kubernetes architecture v\u1eadn h\u00e0nh<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Ki\u1ebfn tr\u00fac Kubernetes v\u1eadn h\u00e0nh d\u1ef1a tr\u00ean s\u1ef1 ph\u1ed1i h\u1ee3p gi\u1eefa c\u00e1c th\u00e0nh ph\u1ea7n Control Plane v\u00e0 Data Plane \u0111\u1ec3 tri\u1ec3n khai, gi\u00e1m s\u00e1t v\u00e0 duy tr\u00ec c\u00e1c \u1ee9ng d\u1ee5ng container.&nbsp;<\/p>\n\n\n\n<p>D\u01b0\u1edbi \u0111\u00e2y l\u00e0 quy tr\u00ecnh ho\u1ea1t \u0111\u1ed9ng ch\u00ednh:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-g\u1eedi-yeu-c\u1ea7u-t\u1edbi-api-server\"><strong>G\u1eedi y\u00eau c\u1ea7u t\u1edbi API Server<\/strong><\/h3>\n\n\n\n<p>Khi ng\u01b0\u1eddi d\u00f9ng ho\u1eb7c h\u1ec7 th\u1ed1ng g\u1eedi l\u1ec7nh (qua kubectl ho\u1eb7c giao di\u1ec7n API), y\u00eau c\u1ea7u \u0111\u01b0\u1ee3c g\u1eedi t\u1edbi API Server, th\u00e0nh ph\u1ea7n trung t\u00e2m ti\u1ebfp nh\u1eadn v\u00e0 x\u1eed l\u00fd y\u00eau c\u1ea7u. API Server s\u1ebd:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>X\u00e1c th\u1ef1c (Authentication) v\u00e0 ph\u00e2n quy\u1ec1n (Authorization) ng\u01b0\u1eddi d\u00f9ng.<\/li>\n\n\n\n<li>Sau \u0111\u00f3 ghi nh\u1eadn y\u00eau c\u1ea7u v\u00e0o kho d\u1eef li\u1ec7u trung t\u00e2m etcd.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-l\u01b0u-tr\u1ea1ng-thai-mong-mu\u1ed1n-trong-etcd\"><strong>L\u01b0u tr\u1ea1ng th\u00e1i mong mu\u1ed1n trong etcd<\/strong><\/h3>\n\n\n\n<p>etcd l\u00e0 n\u01a1i l\u01b0u tr\u1eef \u201ctr\u1ea1ng th\u00e1i mong mu\u1ed1n\u201d (desired state) c\u1ee7a cluster, ch\u1eb3ng h\u1ea1n s\u1ed1 l\u01b0\u1ee3ng Pod c\u1ea7n ch\u1ea1y, c\u1ea5u h\u00ecnh m\u1ea1ng, secrets, v.v. T\u1ea5t c\u1ea3 c\u00e1c thay \u0111\u1ed5i t\u1eeb API Server \u0111\u1ec1u \u0111\u01b0\u1ee3c ghi v\u00e0o etcd m\u1ed9t c\u00e1ch nh\u1ea5t qu\u00e1n v\u00e0 theo c\u01a1 ch\u1ebf giao d\u1ecbch nguy\u00ean t\u1eed (atomic).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-controller-manager-giam-sat-va-di\u1ec1u-ch\u1ec9nh\"><strong>Controller Manager gi\u00e1m s\u00e1t v\u00e0 \u0111i\u1ec1u ch\u1ec9nh<\/strong><\/h3>\n\n\n\n<p>Controller Manager (v\u1edbi c\u00e1c controller nh\u01b0 Deployment Controller, ReplicationController, Node Controller\u2026) li\u00ean t\u1ee5c so s\u00e1nh tr\u1ea1ng th\u00e1i th\u1ef1c t\u1ebf (actual state) v\u1edbi tr\u1ea1ng th\u00e1i mong mu\u1ed1n trong etcd th\u00f4ng qua c\u01a1 ch\u1ebf quan s\u00e1t.<\/p>\n\n\n\n<p>N\u1ebfu ph\u00e1t hi\u1ec7n sai l\u1ec7ch (v\u00ed d\u1ee5: m\u1ed9t Pod b\u1ecb crash ho\u1eb7c b\u1ecb x\u00f3a), n\u00f3 s\u1ebd k\u00edch ho\u1ea1t quy tr\u00ecnh \u0111\u1ed3ng b\u1ed9 (reconciliation) \u0111\u1ec3 \u0111\u01b0a h\u1ec7 th\u1ed1ng v\u1ec1 tr\u1ea1ng th\u00e1i mong mu\u1ed1n.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-scheduler-phan-cong-pod-vao-node\"><strong>Scheduler ph\u00e2n c\u00f4ng Pod v\u00e0o Node<\/strong><\/h3>\n\n\n\n<p>Scheduler (b\u1ed9 l\u1eadp l\u1ecbch) s\u1ebd ch\u1ecdn Node ph\u00f9 h\u1ee3p \u0111\u1ec3 ch\u1ea1y c\u00e1c Pod m\u1edbi, d\u1ef1a tr\u00ean:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ngu\u1ed3n l\u1ef1c s\u1eb5n c\u00f3 (CPU, RAM)<\/li>\n\n\n\n<li>Ch\u1ea5t l\u01b0\u1ee3ng d\u1ecbch v\u1ee5 (QoS classes)<\/li>\n\n\n\n<li>C\u00e1c gi\u1edbi h\u1ea1n (taints, tolerations)<\/li>\n\n\n\n<li>Quy t\u1eafc r\u00e0ng bu\u1ed9c (affinity, anti-affinity)<\/li>\n<\/ul>\n\n\n\n<p>Scheduler s\u1eed d\u1ee5ng thu\u1eadt to\u00e1n l\u1ecdc v\u00e0 ch\u1ea5m \u0111i\u1ec3m (filtering &amp; scoring algorithm) \u0111\u1ec3 t\u00ecm ra node t\u1ed1i \u01b0u nh\u1ea5t. Khi quy\u1ebft \u0111\u1ecbnh \u0111\u01b0\u1ee3c \u0111\u01b0a ra, Scheduler s\u1ebd ghi th\u00f4ng tin g\u00e1n k\u1ebft (binding) gi\u1eefa Pod v\u00e0 Node v\u00e0o API Server.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-kubelet-va-container-runtime-tri\u1ec3n-khai-pod\"><strong>Kubelet v\u00e0 Container Runtime tri\u1ec3n khai Pod<\/strong><\/h3>\n\n\n\n<p>Kubelet tr\u00ean Worker Node nh\u1eadn ch\u1ec9 th\u1ecb t\u1eeb Control Plane th\u00f4ng qua watch API Server v\u00e0 ch\u1ecbu tr\u00e1ch nhi\u1ec7m kh\u1edfi t\u1ea1o Pod, theo \u0111\u1ecbnh ngh\u0129a t\u1eeb file manifest.&nbsp;<\/p>\n\n\n\n<p>Container Runtime (v\u00ed d\u1ee5: containerd, CRI-O) s\u1ebd pull image th\u1ef1c thi container trong Pod \u0111\u00f3. Kubelet gi\u00e1m s\u00e1t t\u00ecnh tr\u1ea1ng container th\u00f4ng qua health checks (liveness\/readiness probes) v\u00e0 b\u00e1o c\u00e1o l\u1ea1i cho API Server.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-m\u1ea1ng-amp-truy-c\u1eadp-d\u1ecbch-v\u1ee5-service-discovery\"><strong>M\u1ea1ng &amp; truy c\u1eadp d\u1ecbch v\u1ee5 (Service Discovery)<\/strong><\/h3>\n\n\n\n<p>Kube-proxy tr\u00ean m\u1ed7i Node ch\u1ecbu tr\u00e1ch nhi\u1ec7m \u0111\u1ecbnh tuy\u1ebfn v\u00e0 c\u00e2n b\u1eb1ng t\u1ea3i gi\u1eefa c\u00e1c Pod d\u1ef1a tr\u00ean Service.&nbsp; Kube-proxy c\u00f3 th\u1ec3 ho\u1ea1t \u0111\u1ed9ng \u1edf c\u00e1c mode: userspace, iptables, ho\u1eb7c IPVS. Ngo\u00e0i ra, h\u1ec7 th\u1ed1ng DNS n\u1ed9i b\u1ed9 (v\u00ed d\u1ee5 CoreDNS) gi\u00fap \u00e1nh x\u1ea1 t\u00ean d\u1ecbch v\u1ee5 sang \u0111\u1ecba ch\u1ec9 IP c\u1ee7a Pod ho\u1eb7c Service t\u01b0\u01a1ng \u1ee9ng th\u00f4ng qua DNS A\/AAAA records v\u00e0 SRV records<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-vong-l\u1eb7p-ki\u1ec3m-tra-va-t\u1ef1-ph\u1ee5c-h\u1ed3i-self-healing\"><strong>V\u00f2ng l\u1eb7p ki\u1ec3m tra v\u00e0 t\u1ef1 ph\u1ee5c h\u1ed3i (Self-healing)<\/strong><\/h3>\n\n\n\n<p>Ki\u1ebfn tr\u00fac Kubernetes li\u00ean t\u1ee5c ki\u1ec3m tra tr\u1ea1ng th\u00e1i:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>N\u1ebfu m\u1ed9t container ho\u1eb7c Pod b\u1ecb l\u1ed7i, Kubelet s\u1ebd kh\u1edfi \u0111\u1ed9ng l\u1ea1i container d\u1ef1a tr\u00ean restartPolicy. N\u1ebfu Pod fail ho\u00e0n to\u00e0n, Control Plane s\u1ebd ph\u00e1t hi\u1ec7n v\u00e0 t\u00e1i kh\u1edfi t\u1ea1o Pod m\u1edbi th\u00f4ng qua ReplicaSet\/Deployment controller.<\/li>\n\n\n\n<li>N\u1ebfu Node b\u1ecb l\u1ed7i, Scheduler s\u1ebd chuy\u1ec3n workload sang node kh\u00e1c kh\u1ecfe m\u1ea1nh sau khi h\u1ebft th\u1eddi gian pod-eviction-timeout.<\/li>\n\n\n\n<li>etcd, Controller Manager, API Server c\u0169ng c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c tri\u1ec3n khai \u1edf ch\u1ebf \u0111\u1ed9 High Availability (HA) v\u1edbi nhi\u1ec1u b\u1ea3n sao (replicas) \u0111\u1ec3 tr\u00e1nh \u0111i\u1ec3m l\u1ed7i \u0111\u01a1n (Single Point of Failure \u2013 SPOF).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-b\u1ea3o-m\u1eadt-trong-kubernetes-architecture-authentication-vs-authorization\"><span class=\"ez-toc-section\" id=\"Bao_mat_trong_Kubernetes_architecture_Authentication_vs_Authorization\"><\/span><strong>B\u1ea3o m\u1eadt trong Kubernetes architecture: Authentication vs Authorization<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Trong Kubernetes architecture, x\u00e1c th\u1ef1c v\u00e0 ph\u00e2n quy\u1ec1n (authentication &amp; authorization) \u0111\u00f3ng vai tr\u00f2 thi\u1ebft y\u1ebfu \u0111\u1ec3 b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng kh\u1ecfi truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0 \u0111\u1ea3m b\u1ea3o r\u1eb1ng m\u1ecdi ng\u01b0\u1eddi d\u00f9ng ho\u1eb7c th\u00e0nh ph\u1ea7n ch\u1ec9 l\u00e0m \u0111\u01b0\u1ee3c nh\u1eefng h\u00e0nh \u0111\u1ed9ng \u0111\u01b0\u1ee3c ph\u00e9p.<\/p>\n\n\n\n<p>Hi\u1ec3u c\u00e1ch Kubernetes x\u1eed l\u00fd x\u00e1c th\u1ef1c v\u00e0 ph\u00e2n quy\u1ec1n l\u00e0 b\u01b0\u1edbc kh\u00f4ng th\u1ec3 thi\u1ebfu \u0111\u1ec3 n\u1eafm v\u1eefng c\u00e1ch ki\u1ebfn tr\u00fac Kubernetes v\u1eadn h\u00e0nh v\u00e0 b\u1ea3o v\u1ec7 t\u00e0i nguy\u00ean trong cluster.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-xac-th\u1ef1c-authentication-b\u1ea1n-la-ai\"><strong>X\u00e1c th\u1ef1c (Authentication) &#8211; \u201cB\u1ea1n l\u00e0 ai?\u201d<\/strong><\/h3>\n\n\n\n<p>M\u1ecdi y\u00eau c\u1ea7u g\u1eedi \u0111\u1ebfn API Server \u0111\u1ec1u ph\u1ea3i qua b\u01b0\u1edbc x\u00e1c th\u1ef1c \u0111\u1ec3 x\u00e1c nh\u1eadn danh t\u00ednh ng\u01b0\u1eddi d\u00f9ng ho\u1eb7c th\u00e0nh ph\u1ea7n g\u1eedi y\u00eau c\u1ea7u.<\/p>\n\n\n\n<p>Kubernetes kh\u00f4ng duy tr\u00ec h\u1ec7 th\u1ed1ng t\u00e0i kho\u1ea3n n\u1ed9i b\u1ed9 nh\u01b0 c\u00e1c \u1ee9ng d\u1ee5ng truy\u1ec1n th\u1ed1ng. Thay v\u00e0o \u0111\u00f3, n\u00f3 d\u1ef1a v\u00e0o nhi\u1ec1u ph\u01b0\u01a1ng th\u1ee9c x\u00e1c th\u1ef1c kh\u00e1c nhau, bao g\u1ed3m:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ch\u1ee9ng ch\u1ec9 kh\u00e1ch h\u00e0ng X.509 (X.509 Client Certificates)<\/li>\n\n\n\n<li>M\u00e3 th\u00f4ng b\u00e1o (Bearer Tokens)<\/li>\n\n\n\n<li>Service Account Tokens<\/li>\n\n\n\n<li>OpenID Connect Tokens (OIDC \u2013 li\u00ean k\u1ebft v\u1edbi h\u1ec7 th\u1ed1ng \u0111\u0103ng nh\u1eadp b\u00ean ngo\u00e0i)<\/li>\n\n\n\n<li>Proxy x\u00e1c th\u1ef1c (Authentication Proxy)<\/li>\n<\/ul>\n\n\n\n<p>V\u00ed d\u1ee5: ng\u01b0\u1eddi d\u00f9ng d\u00f9ng kubectl s\u1ebd cung c\u1ea5p ch\u1ee9ng ch\u1ec9 ho\u1eb7c token t\u1eeb kubeconfig file \u0111\u1ec3 g\u1eedi y\u00eau c\u1ea7u \u0111\u1ebfn API Server, API Server s\u1ebd ki\u1ec3m tra h\u1ee3p l\u1ec7 r\u1ed3i ch\u1ea5p nh\u1eadn ho\u1eb7c t\u1eeb ch\u1ed1i.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-phan-quy\u1ec1n-authorization-b\u1ea1n-d\u01b0\u1ee3c-lam-gi\"><strong>Ph\u00e2n quy\u1ec1n (Authorization) &#8211; \u201cB\u1ea1n \u0111\u01b0\u1ee3c l\u00e0m g\u00ec?\u201d<\/strong><\/h3>\n\n\n\n<p>Sau khi x\u00e1c th\u1ef1c th\u00e0nh c\u00f4ng, h\u1ec7 th\u1ed1ng x\u00e1c \u0111\u1ecbnh xem ng\u01b0\u1eddi d\u00f9ng c\u00f3 quy\u1ec1n th\u1ef1c hi\u1ec7n h\u00e0nh \u0111\u1ed9ng c\u1ee5 th\u1ec3 (nh\u01b0 t\u1ea1o Pod, PersistentVolume\u2026) tr\u00ean t\u00e0i nguy\u00ean n\u00e0o hay kh\u00f4ng.<\/p>\n\n\n\n<p>Kubernetes c\u00f3 nhi\u1ec1u m\u00f4 h\u00ecnh ph\u00e2n quy\u1ec1n:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>RBAC (Role-Based Access Control):<\/strong> c\u00e1ch ph\u1ed5 bi\u1ebfn v\u00e0 \u0111\u01b0\u1ee3c khuy\u1ebfn ngh\u1ecb \u2014 g\u00e1n vai tr\u00f2 (Roles \/ ClusterRoles) cho ng\u01b0\u1eddi d\u00f9ng ho\u1eb7c service account \u0111\u1ec3 ki\u1ec3m so\u00e1t quy\u1ec1n theo namespace ho\u1eb7c to\u00e0n cluster. RBAC s\u1eed d\u1ee5ng RoleBinding v\u00e0 ClusterRoleBinding \u0111\u1ec3 li\u00ean k\u1ebft vai tr\u00f2 (roles) v\u1edbi ch\u1ee7 th\u1ec3 (subjects).<\/li>\n\n\n\n<li><strong>ABAC (Attribute-Based Access Control):<\/strong> ki\u1ec3m so\u00e1t theo thu\u1ed9c t\u00ednh (user, group, namespace&#8230;) nh\u01b0ng kh\u00f3 qu\u1ea3n l\u00fd khi h\u1ec7 th\u1ed1ng l\u1edbn v\u00e0 y\u00eau c\u1ea7u restart API Server khi thay \u0111\u1ed5i policy.<\/li>\n\n\n\n<li><strong>Node Authorizer \/ Webhook:&nbsp;<\/strong>\n<ul class=\"wp-block-list\">\n<li>Node Authorizer: x\u1eed l\u00fd quy\u1ec1n \u0111\u1eb7c bi\u1ec7t cho Kubelet, \u0111\u1ea3m b\u1ea3o m\u1ed7i node ch\u1ec9 c\u00f3 th\u1ec3 truy c\u1eadp t\u00e0i nguy\u00ean \u0111\u01b0\u1ee3c ph\u00e9p.<\/li>\n\n\n\n<li>Webhook Authorizer: cho ph\u00e9p t\u00edch h\u1ee3p h\u1ec7 th\u1ed1ng ph\u00e2n quy\u1ec1n b\u00ean ngo\u00e0i, v\u00ed d\u1ee5 g\u1ecdi t\u1edbi API t\u00f9y ch\u1ec9nh \u0111\u1ec3 \u0111\u01b0a ra quy\u1ebft \u0111\u1ecbnh truy c\u1eadp.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>API Server x\u1eed l\u00fd ph\u00e2n quy\u1ec1n n\u1ed9i b\u1ed9, t\u1ea5t c\u1ea3 c\u00e1c y\u00eau c\u1ea7u \u0111\u1ec1u \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng nguy\u00ean t\u1eafc \u201cdeny by default\u201d \u2013 n\u1ebfu kh\u00f4ng c\u00f3 quy\u1ec1n h\u1ee3p l\u1ec7, y\u00eau c\u1ea7u s\u1ebd b\u1ecb t\u1eeb ch\u1ed1i.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-b\u1ea3o-m\u1eadt-cac-thanh-ph\u1ea7n-n\u1ed9i-b\u1ed9-nbsp\"><strong>B\u1ea3o m\u1eadt c\u00e1c th\u00e0nh ph\u1ea7n n\u1ed9i b\u1ed9&nbsp;<\/strong><\/h3>\n\n\n\n<p>Trong Kubernetes architecture, kh\u00f4ng ch\u1ec9 ng\u01b0\u1eddi d\u00f9ng m\u00e0 c\u00e1c th\u00e0nh ph\u1ea7n n\u1ed9i b\u1ed9 c\u0169ng c\u1ea7n \u0111\u01b0\u1ee3c x\u00e1c th\u1ef1c v\u00e0 ph\u00e2n quy\u1ec1n ch\u1eb7t ch\u1ebd. N\u1ebfu kh\u00f4ng, k\u1ebb x\u1ea5u c\u00f3 th\u1ec3 truy c\u1eadp API n\u1ed9i b\u1ed9 c\u1ee7a node \u0111\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c h\u00e0nh \u0111\u1ed9ng nh\u01b0 exec v\u00e0o container.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>etcd l\u00e0 n\u01a1i l\u01b0u tr\u1eef tr\u1ea1ng th\u00e1i cluster, bao g\u1ed3m c\u1ea3 d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m nh\u01b0 Secrets. Vi\u1ec7c truy c\u1eadp etcd \u0111\u00f2i h\u1ecfi ch\u1ee9ng ch\u1ec9 v\u00e0 quy\u1ec1n truy c\u1eadp ch\u1eb7t ch\u1ebd.<\/li>\n\n\n\n<li>Quy t\u1eafc v\u1ec1 least privilege (quy\u1ec1n t\u1ed1i thi\u1ec3u): Ch\u1ec9 c\u1ea5p cho ng\u01b0\u1eddi d\u00f9ng v\u00e0 service account nh\u1eefng quy\u1ec1n h\u1ecd th\u1eadt s\u1ef1 c\u1ea7n, gi\u00fap gi\u1ea3m r\u1ee7i ro khi c\u00f3 l\u1ed7 h\u1ed5ng.<\/li>\n\n\n\n<li>S\u1eed d\u1ee5ng c\u00e1c webhook admission controllers \u0111\u1ec3 ki\u1ec3m tra s\u00e2u h\u01a1n c\u00e1c y\u00eau c\u1ea7u, \u00e1p d\u1ee5ng ch\u00ednh s\u00e1ch b\u1ed5 sung tr\u01b0\u1edbc khi t\u00e0i nguy\u00ean \u0111\u01b0\u1ee3c ch\u1ea5p nh\u1eadn.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cac-cau-h\u1ecfi-th\u01b0\u1eddng-g\u1eb7p-v\u1ec1-kubernetes-architecture\"><span class=\"ez-toc-section\" id=\"Cac_cau_hoi_thuong_gap_ve_Kubernetes_architecture\"><\/span><strong>C\u00e1c c\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p v\u1ec1 Kubernetes architecture<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-kubernetes-co-th\u1ec3-ch\u1ea1y-ma-khong-c\u1ea7n-docker-khong\"><strong>Kubernetes c\u00f3 th\u1ec3 ch\u1ea1y m\u00e0 kh\u00f4ng c\u1ea7n Docker kh\u00f4ng?<\/strong><\/h3>\n\n\n\n<p>C\u00f3, Kubernetes c\u00f3 th\u1ec3 ch\u1ea1y m\u00e0 kh\u00f4ng c\u1ea7n Docker. Trong Kubernetes architecture, Docker ch\u1ec9 l\u00e0 m\u1ed9t trong nhi\u1ec1u container runtime \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3, ngo\u00e0i ra c\u00f2n c\u00f3 containerd, CRI-O hay Podman. Mi\u1ec5n l\u00e0 runtime tu\u00e2n th\u1ee7 Container Runtime Interface (CRI), Kubernetes v\u1eabn ho\u1ea1t \u0111\u1ed9ng \u1ed5n \u0111\u1ecbnh v\u00e0 hi\u1ec7u qu\u1ea3 m\u00e0 kh\u00f4ng ph\u1ee5 thu\u1ed9c v\u00e0o Docker.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u0110\u1ecdc chi ti\u1ebft: <strong><a href=\"https:\/\/itviec.com\/blog\/docker-container\/\" target=\"_blank\" rel=\"noreferrer noopener\">Docker Container l\u00e0 g\u00ec? C\u00e1ch s\u1eed d\u1ee5ng Docker Container hi\u1ec7u qu\u1ea3<\/a><\/strong><\/em><\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-control-plane-trong-kubernetes-architecture-g\u1ed3m-nh\u1eefng-gi\"><strong>Control Plane trong Kubernetes architecture g\u1ed3m nh\u1eefng g\u00ec?<\/strong><\/h3>\n\n\n\n<p>Trong Kubernetes architecture, Control Plane l\u00e0 trung t\u00e2m \u0111i\u1ec1u ph\u1ed1i to\u00e0n b\u1ed9 ho\u1ea1t \u0111\u1ed9ng c\u1ee7a cluster. N\u00f3 bao g\u1ed3m c\u00e1c th\u00e0nh ph\u1ea7n ch\u00ednh nh\u01b0 API Server, etcd, Controller Manager, Scheduler v\u00e0 trong m\u00f4i tr\u01b0\u1eddng cloud c\u00f2n c\u00f3 Cloud Controller Manager. C\u00e1c th\u00e0nh ph\u1ea7n n\u00e0y ph\u1ed1i h\u1ee3p \u0111\u1ec3 qu\u1ea3n l\u00fd tr\u1ea1ng th\u00e1i, tri\u1ec3n khai workload v\u00e0 \u0111\u1ea3m b\u1ea3o h\u1ec7 th\u1ed1ng Kubernetes v\u1eadn h\u00e0nh \u1ed5n \u0111\u1ecbnh.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-pod-la-gi-trong-kubernetes-pod-khac-container-nh\u01b0-th\u1ebf-nao\"><strong>Pod l\u00e0 g\u00ec trong Kubernetes? Pod kh\u00e1c Container nh\u01b0 th\u1ebf n\u00e0o?<\/strong><\/h3>\n\n\n\n<p>Trong Kubernetes architecture, Pod l\u00e0 \u0111\u01a1n v\u1ecb tri\u1ec3n khai nh\u1ecf nh\u1ea5t, ch\u1ee9a m\u1ed9t ho\u1eb7c nhi\u1ec1u container c\u00f9ng chia s\u1ebb t\u00e0i nguy\u00ean m\u1ea1ng v\u00e0 l\u01b0u tr\u1eef. Kh\u00e1c v\u1edbi container \u0111\u01a1n l\u1ebb, Pod cho ph\u00e9p c\u00e1c container b\u00ean trong giao ti\u1ebfp n\u1ed9i b\u1ed9 d\u1ec5 d\u00e0ng v\u00e0 ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t th\u1ef1c th\u1ec3 th\u1ed1ng nh\u1ea5t.<\/p>\n\n\n\n<p>M\u1ed7i Pod c\u00f3 v\u00f2ng \u0111\u1eddi ri\u00eang (Pod lifecycle) v\u00e0 \u0111\u01b0\u1ee3c xem l\u00e0 \u0111\u01a1n v\u1ecb nguy\u00ean t\u1eed trong qu\u00e1 tr\u00ecnh l\u1eadp l\u1ecbch (atomic unit of scheduling), ngh\u0129a l\u00e0 Kubernetes lu\u00f4n t\u1ea1o, qu\u1ea3n l\u00fd v\u00e0 di chuy\u1ec3n Pod nh\u01b0 m\u1ed9t kh\u1ed1i th\u1ed1ng nh\u1ea5t. Nh\u1edd c\u1ea5u tr\u00fac n\u00e0y, Kubernetes c\u00f3 th\u1ec3 qu\u1ea3n l\u00fd, m\u1edf r\u1ed9ng v\u00e0 ph\u1ee5c h\u1ed3i \u1ee9ng d\u1ee5ng hi\u1ec7u qu\u1ea3 h\u01a1n.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-s\u1ef1-khac-nhau-gi\u1eefa-node-va-pod-la-gi\"><strong>S\u1ef1 kh\u00e1c nhau gi\u1eefa Node v\u00e0 Pod l\u00e0 g\u00ec?<\/strong><\/h3>\n\n\n\n<p>Trong Kubernetes architecture, Node l\u00e0 m\u00e1y ch\u1ee7 v\u1eadt l\u00fd ho\u1eb7c \u1ea3o n\u01a1i c\u00e1c \u1ee9ng d\u1ee5ng \u0111\u01b0\u1ee3c ch\u1ea1y, c\u00f2n Pod l\u00e0 \u0111\u01a1n v\u1ecb tri\u1ec3n khai nh\u1ecf nh\u1ea5t ch\u1ee9a m\u1ed9t ho\u1eb7c nhi\u1ec1u container. M\u1ed7i Node c\u00f3 th\u1ec3 ch\u1ea1y nhi\u1ec1u Pod c\u00f9ng l\u00fac, \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd b\u1edfi Control Plane.<\/p>\n\n\n\n<p>N\u00f3i c\u00e1ch kh\u00e1c, Node c\u00f3 c\u00e1c th\u00e0nh ph\u1ea7n h\u1ec7 th\u1ed1ng nh\u01b0 kubelet, kube-proxy, container runtime. Pod l\u00e0 workload ch\u1ea1y b\u00ean trong Node, c\u00f2n Node l\u00e0 m\u00f4i tr\u01b0\u1eddng h\u1ea1 t\u1ea7ng \u0111\u1ec3 Pod ho\u1ea1t \u0111\u1ed9ng.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-toi-c\u1ea7n-h\u1ecdc-gi-tr\u01b0\u1edbc-khi-tim-hi\u1ec3u-kubernetes-architecture\"><strong>T\u00f4i c\u1ea7n h\u1ecdc g\u00ec tr\u01b0\u1edbc khi t\u00ecm hi\u1ec3u Kubernetes Architecture?<\/strong><\/h3>\n\n\n\n<p>Tr\u01b0\u1edbc khi t\u00ecm hi\u1ec3u Kubernetes architecture, b\u1ea1n n\u00ean n\u1eafm v\u1eefng:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>C\u00e1c kh\u00e1i ni\u1ec7m c\u01a1 b\u1ea3n v\u1ec1 container, \u0111\u1eb7c bi\u1ec7t l\u00e0 Docker. Hi\u1ec3u c\u00e1ch ho\u1ea1t \u0111\u1ed9ng c\u1ee7a \u1ee9ng d\u1ee5ng trong m\u00f4i tr\u01b0\u1eddng container s\u1ebd gi\u00fap b\u1ea1n d\u1ec5 ti\u1ebfp c\u1eadn h\u01a1n v\u1edbi c\u01a1 ch\u1ebf orchestration c\u1ee7a Kubernetes.<\/li>\n\n\n\n<li>Ki\u1ebfn th\u1ee9c v\u1ec1 Linux v\u00e0 command line<\/li>\n\n\n\n<li>Ki\u1ebfn th\u1ee9c v\u1ec1 m\u1ea1ng m\u00e1y t\u00ednh (networking): TCP\/IP, DNS, load balancing,&#8230;<\/li>\n\n\n\n<li>Hi\u1ec3u v\u1ec1 YAML format, RESTful APIs<\/li>\n\n\n\n<li>Kh\u00e1i ni\u1ec7m h\u1ec7 th\u1ed1ng ph\u00e2n t\u00e1n (distributed systems): Hi\u1ec3u c\u00e1c nguy\u00ean t\u1eafc nh\u01b0 scalability (kh\u1ea3 n\u0103ng m\u1edf r\u1ed9ng), fault tolerance (ch\u1ecbu l\u1ed7i), v\u00e0 consistency (t\u00ednh nh\u1ea5t qu\u00e1n) \u0111\u1ec3 n\u1eafm \u0111\u01b0\u1ee3c l\u00fd do t\u1ea1i sao Kubernetes architecture \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf theo m\u00f4 h\u00ecnh hi\u1ec7n t\u1ea1i.<\/li>\n<\/ul>\n\n\n\n<p>Khi c\u00f3 n\u1ec1n t\u1ea3ng n\u00e0y, vi\u1ec7c h\u1ecdc v\u00e0 \u00e1p d\u1ee5ng Kubernetes architecture s\u1ebd tr\u1edf n\u00ean tr\u1ef1c quan v\u00e0 hi\u1ec7u qu\u1ea3 h\u01a1n.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-t\u1ed5ng-k\u1ebft\"><span class=\"ez-toc-section\" id=\"Tong_ket\"><\/span><strong>T\u1ed5ng k\u1ebft<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Nh\u1edd kh\u1ea3 n\u0103ng t\u1ef1 ph\u1ee5c h\u1ed3i, m\u1edf r\u1ed9ng linh ho\u1ea1t v\u00e0 t\u00edch h\u1ee3p d\u1ec5 d\u00e0ng v\u1edbi nhi\u1ec1u m\u00f4i tr\u01b0\u1eddng \u0111\u00e1m m\u00e2y, Kubernetes \u0111\u00e3 tr\u1edf th\u00e0nh ti\u00eau chu\u1ea9n v\u00e0ng trong tri\u1ec3n khai \u1ee9ng d\u1ee5ng hi\u1ec7n \u0111\u1ea1i. Vi\u1ec7c hi\u1ec3u r\u00f5 Kubernetes architecture kh\u00f4ng ch\u1ec9 gi\u00fap b\u1ea1n l\u00e0m ch\u1ee7 h\u1ea1 t\u1ea7ng c\u00f4ng ngh\u1ec7 m\u00e0 c\u00f2n m\u1edf ra c\u01a1 h\u1ed9i ph\u00e1t tri\u1ec3n chuy\u00ean s\u00e2u trong l\u0129nh v\u1ef1c DevOps v\u00e0 \u0111i\u1ec7n to\u00e1n \u0111\u00e1m m\u00e2y.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>N\u1ebfu b\u1ea1n t\u1eebng th\u1eafc m\u1eafc l\u00e0m th\u1ebf n\u00e0o c\u00e1c \u1ee9ng d\u1ee5ng c\u00f3 th\u1ec3 ch\u1ea1y \u1ed5n \u0111\u1ecbnh d\u00f9 n\u1eb1m tr\u00ean h\u00e0ng tr\u0103m m\u00e1y ch\u1ee7 kh\u00e1c nhau, c\u00e2u tr\u1ea3 l\u1eddi n\u1eb1m \u1edf Kubernetes architecture. \u0110\u00e2y l\u00e0 ki\u1ebfn tr\u00fac \u0111\u1ee9ng sau kh\u1ea3 n\u0103ng t\u1ef1 \u0111\u1ed9ng h\u00f3a, c\u00e2n b\u1eb1ng t\u1ea3i v\u00e0 m\u1edf r\u1ed9ng linh ho\u1ea1t c\u1ee7a Kubernetes. Hi\u1ec3u \u0111\u01b0\u1ee3c [&hellip;]<\/p>\n","protected":false},"author":214,"featured_media":93232,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gspb_post_css":"","footnotes":""},"categories":[109],"tags":[],"class_list":["post-93229","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-chuyen-mon-it"],"blocksy_meta":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.8 (Yoast SEO v27.7) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Kubernetes architecture: T\u00ecm hi\u1ec3u t\u1ed5ng quan A-Z cho ng\u01b0\u1eddi m\u1edbi - ITviec Blog<\/title>\n<meta name=\"description\" content=\"Kubernetes architecture l\u00e0 ki\u1ebfn tr\u00fac \u0111\u1ee9ng sau kh\u1ea3 n\u0103ng linh ho\u1ea1t c\u1ee7a Kubernetes. \u0110\u1ecdc b\u00e0i vi\u1ebft \u0111\u1ec3 hi\u1ec3u r\u00f5 Kubernetes architecture.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/\" \/>\n<meta property=\"og:locale\" content=\"vi_VN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Kubernetes architecture: T\u00ecm hi\u1ec3u t\u1ed5ng quan A-Z cho ng\u01b0\u1eddi m\u1edbi\" \/>\n<meta property=\"og:description\" content=\"N\u1ebfu b\u1ea1n t\u1eebng th\u1eafc m\u1eafc l\u00e0m th\u1ebf n\u00e0o c\u00e1c \u1ee9ng d\u1ee5ng c\u00f3 th\u1ec3 ch\u1ea1y \u1ed5n \u0111\u1ecbnh d\u00f9 n\u1eb1m tr\u00ean h\u00e0ng tr\u0103m m\u00e1y ch\u1ee7 kh\u00e1c nhau, c\u00e2u tr\u1ea3 l\u1eddi n\u1eb1m \u1edf Kubernetes architecture. \u0110\u00e2y\" \/>\n<meta property=\"og:url\" content=\"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/\" \/>\n<meta property=\"og:site_name\" content=\"ITviec Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ITviec\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-26T07:11:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-09T03:42:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/11\/kubernetes-architecture-scaled.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"421\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Hi\u1ebfu Phan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ITviec\" \/>\n<meta name=\"twitter:site\" content=\"@ITviec\" \/>\n<meta name=\"twitter:label1\" content=\"\u0110\u01b0\u1ee3c vi\u1ebft b\u1edfi\" \/>\n\t<meta name=\"twitter:data1\" content=\"Hi\u1ebfu Phan\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u01af\u1edbc t\u00ednh th\u1eddi gian \u0111\u1ecdc\" \/>\n\t<meta name=\"twitter:data2\" content=\"18 ph\u00fat\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Kubernetes architecture: T\u00ecm hi\u1ec3u t\u1ed5ng quan A-Z cho ng\u01b0\u1eddi m\u1edbi - ITviec Blog","description":"Kubernetes architecture l\u00e0 ki\u1ebfn tr\u00fac \u0111\u1ee9ng sau kh\u1ea3 n\u0103ng linh ho\u1ea1t c\u1ee7a Kubernetes. \u0110\u1ecdc b\u00e0i vi\u1ebft \u0111\u1ec3 hi\u1ec3u r\u00f5 Kubernetes architecture.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/","og_locale":"vi_VN","og_type":"article","og_title":"Kubernetes architecture: T\u00ecm hi\u1ec3u t\u1ed5ng quan A-Z cho ng\u01b0\u1eddi m\u1edbi","og_description":"N\u1ebfu b\u1ea1n t\u1eebng th\u1eafc m\u1eafc l\u00e0m th\u1ebf n\u00e0o c\u00e1c \u1ee9ng d\u1ee5ng c\u00f3 th\u1ec3 ch\u1ea1y \u1ed5n \u0111\u1ecbnh d\u00f9 n\u1eb1m tr\u00ean h\u00e0ng tr\u0103m m\u00e1y ch\u1ee7 kh\u00e1c nhau, c\u00e2u tr\u1ea3 l\u1eddi n\u1eb1m \u1edf Kubernetes architecture. \u0110\u00e2y","og_url":"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/","og_site_name":"ITviec Blog","article_publisher":"https:\/\/www.facebook.com\/ITviec","article_published_time":"2025-11-26T07:11:13+00:00","article_modified_time":"2026-01-09T03:42:10+00:00","og_image":[{"width":800,"height":421,"url":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/11\/kubernetes-architecture-scaled.png","type":"image\/png"}],"author":"Hi\u1ebfu Phan","twitter_card":"summary_large_image","twitter_creator":"@ITviec","twitter_site":"@ITviec","twitter_misc":{"\u0110\u01b0\u1ee3c vi\u1ebft b\u1edfi":"Hi\u1ebfu Phan","\u01af\u1edbc t\u00ednh th\u1eddi gian \u0111\u1ecdc":"18 ph\u00fat"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/#article","isPartOf":{"@id":"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/"},"author":{"name":"Hi\u1ebfu Phan","@id":"https:\/\/itviec.com\/blog\/#\/schema\/person\/d9f4dfc3237d95eb1549e5adb2ede904"},"headline":"Kubernetes architecture: T\u00ecm hi\u1ec3u t\u1ed5ng quan A-Z cho ng\u01b0\u1eddi m\u1edbi","datePublished":"2025-11-26T07:11:13+00:00","dateModified":"2026-01-09T03:42:10+00:00","mainEntityOfPage":{"@id":"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/"},"wordCount":4660,"publisher":{"@id":"https:\/\/itviec.com\/blog\/#organization"},"image":{"@id":"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/#primaryimage"},"thumbnailUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/11\/kubernetes-architecture-scaled.png","articleSection":["Chuy\u00ean m\u00f4n IT"],"inLanguage":"vi"},{"@type":"WebPage","@id":"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/","url":"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/","name":"Kubernetes architecture: T\u00ecm hi\u1ec3u t\u1ed5ng quan A-Z cho ng\u01b0\u1eddi m\u1edbi - ITviec Blog","isPartOf":{"@id":"https:\/\/itviec.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/#primaryimage"},"image":{"@id":"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/#primaryimage"},"thumbnailUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/11\/kubernetes-architecture-scaled.png","datePublished":"2025-11-26T07:11:13+00:00","dateModified":"2026-01-09T03:42:10+00:00","description":"Kubernetes architecture l\u00e0 ki\u1ebfn tr\u00fac \u0111\u1ee9ng sau kh\u1ea3 n\u0103ng linh ho\u1ea1t c\u1ee7a Kubernetes. \u0110\u1ecdc b\u00e0i vi\u1ebft \u0111\u1ec3 hi\u1ec3u r\u00f5 Kubernetes architecture.","breadcrumb":{"@id":"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/#breadcrumb"},"inLanguage":"vi","potentialAction":[{"@type":"ReadAction","target":["https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/"]}]},{"@type":"ImageObject","inLanguage":"vi","@id":"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/#primaryimage","url":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/11\/kubernetes-architecture-scaled.png","contentUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/11\/kubernetes-architecture-scaled.png","width":800,"height":421,"caption":"Kubernetes architecture - itviec blog"},{"@type":"BreadcrumbList","@id":"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Chuy\u00ean m\u00f4n IT","item":"https:\/\/itviec.com\/blog\/chuyen-mon-it\/"},{"@type":"ListItem","position":2,"name":"Kubernetes architecture: T\u00ecm hi\u1ec3u t\u1ed5ng quan A-Z cho ng\u01b0\u1eddi m\u1edbi"}]},{"@type":"WebSite","@id":"https:\/\/itviec.com\/blog\/#website","url":"https:\/\/itviec.com\/blog\/","name":"ITviec Blog","description":"IT Jobs &amp; People in Vietnam","publisher":{"@id":"https:\/\/itviec.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/itviec.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"vi"},{"@type":"Organization","@id":"https:\/\/itviec.com\/blog\/#organization","name":"ITviec","url":"https:\/\/itviec.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"vi","@id":"https:\/\/itviec.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2018\/12\/itviec-black-square-facebook.png","contentUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2018\/12\/itviec-black-square-facebook.png","width":1800,"height":1800,"caption":"ITviec"},"image":{"@id":"https:\/\/itviec.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ITviec","https:\/\/x.com\/ITviec","https:\/\/www.linkedin.com\/company\/itviec","https:\/\/www.youtube.com\/channel\/UCYthAQ3bcGr57M_ag5gHDvQ"]},{"@type":"Person","@id":"https:\/\/itviec.com\/blog\/#\/schema\/person\/d9f4dfc3237d95eb1549e5adb2ede904","name":"Hi\u1ebfu Phan","image":{"@type":"ImageObject","inLanguage":"vi","@id":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2024\/03\/phan-trung-hieu-author-e1709881921227-100x100.jpg","url":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2024\/03\/phan-trung-hieu-author-e1709881921227-100x100.jpg","contentUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2024\/03\/phan-trung-hieu-author-e1709881921227-100x100.jpg","caption":"Hi\u1ebfu Phan"},"url":"https:\/\/itviec.com\/blog\/author\/hieu-phan\/"}]}},"_links":{"self":[{"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/posts\/93229","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/users\/214"}],"replies":[{"embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/comments?post=93229"}],"version-history":[{"count":2,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/posts\/93229\/revisions"}],"predecessor-version":[{"id":94202,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/posts\/93229\/revisions\/94202"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/media\/93232"}],"wp:attachment":[{"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/media?parent=93229"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/categories?post=93229"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/tags?post=93229"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}