{"id":93886,"date":"2025-12-30T11:15:37","date_gmt":"2025-12-30T04:15:37","guid":{"rendered":"https:\/\/itviec.com\/blog\/?p=93886"},"modified":"2025-12-30T11:15:41","modified_gmt":"2025-12-30T04:15:41","slug":"cau-hoi-phong-van-kubernetes","status":"publish","type":"post","link":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/","title":{"rendered":"Top 40+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes ph\u1ed5 bi\u1ebfn"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed9i dung b\u00e0i vi\u1ebft<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/#Tong_quan_ve_Kubernetes\" >T\u1ed5ng quan v\u1ec1 Kubernetes<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/#Cau_hoi_phong_van_Kubernetes_so_cap_Junior_level\" >C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes s\u01a1 c\u1ea5p (Junior level)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/#Cau_hoi_phong_van_Kubernetes_trung_cap_Intermediate_Level\" >C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes trung c\u1ea5p (Intermediate Level)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/#Cau_hoi_phong_van_Kubernetes_cao_cap_Advanced_Level\" >C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes cao c\u1ea5p (Advanced Level)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/#Tong_ket_cau_hoi_phong_van_Kubernetes\" >T\u1ed5ng k\u1ebft c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes<\/a><\/li><\/ul><\/nav><\/div>\n\n<p><strong><em>Khi h\u1ea1 t\u1ea7ng chuy\u1ec3n d\u1ecbch l\u00ean cloud-native, nhu c\u1ea7u tuy\u1ec3n d\u1ee5ng k\u1ef9 s\u01b0 hi\u1ec3u Kubernetes ng\u00e0y c\u00e0ng t\u0103ng. Ph\u1ecfng v\u1ea5n Kubernetes kh\u00f4ng ch\u1ec9 xoay quanh l\u00fd thuy\u1ebft, m\u00e0 c\u00f2n bao g\u1ed3m c\u00e1c c\u00e2u h\u1ecfi ki\u1ec3m tra v\u1ec1 t\u01b0 duy k\u1ef9 thu\u1eadt v\u00e0 kh\u1ea3 n\u0103ng v\u1eadn h\u00e0nh h\u1ec7 th\u1ed1ng th\u1ef1c t\u1ebf. N\u1ebfu b\u1ea1n \u0111ang \u1ee9ng tuy\u1ec3n cho c\u00e1c v\u1ecb tr\u00ed li\u00ean quan \u0111\u1ebfn DevOps, Cloud v\u00e0 microservices hi\u1ec7n \u0111\u1ea1i, th\u00ec b\u1ed9 c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes d\u01b0\u1edbi \u0111\u00e2y s\u1ebd gi\u00fap b\u1ea1n \u00f4n t\u1eadp \u0111\u1ea7y \u0111\u1ee7, b\u00e0i b\u1ea3n, \u0111\u00fang tr\u1ecdng t\u00e2m theo t\u1eebng c\u1ea5p \u0111\u1ed9.<\/em><\/strong><\/p>\n\n\n\n<p>\u0110\u1ecdc b\u00e0i vi\u1ebft sau \u0111\u1ec3 \u0111\u01b0\u1ee3c h\u01b0\u1edbng d\u1eabn tr\u1ea3 l\u1eddi:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes s\u01a1 c\u1ea5p (Junior level)<\/li>\n\n\n\n<li>C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes trung c\u1ea5p (Intermediate Level)<\/li>\n\n\n\n<li>C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes cao c\u1ea5p (Advanced Level)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-t\u1ed5ng-quan-v\u1ec1-kubernetes\"><span class=\"ez-toc-section\" id=\"Tong_quan_ve_Kubernetes\"><\/span><strong>T\u1ed5ng quan v\u1ec1 Kubernetes<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Kubernetes (vi\u1ebft t\u1eaft l\u00e0 K8s) l\u00e0 m\u1ed9t h\u1ec7 th\u1ed1ng m\u00e3 ngu\u1ed3n m\u1edf \u0111\u1ec3 \u201corchestrate\u201d (t\u1ef1 \u0111\u1ed9ng qu\u1ea3n l\u00fd) c\u00e1c \u1ee9ng d\u1ee5ng ch\u1ea1y trong container. Kubernetes \u0111\u01b0\u1ee3c x\u00e2y d\u1ef1ng d\u1ef1a tr\u00ean kinh nghi\u1ec7m h\u01a1n 15 n\u0103m v\u1eadn h\u00e0nh v\u1eadn h\u00e0nh container \u1edf quy m\u00f4 si\u00eau l\u1edbn c\u1ee7a Google. T\u1eeb n\u0103m 2014 n\u00f3 tr\u1edf th\u00e0nh m\u1ed9t d\u1ef1 \u00e1n m\u00e3 ngu\u1ed3n m\u1edf \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd b\u1edfi Cloud Native Computing Foundation (CNCF).<\/p>\n\n\n\n<p>Kubernetes th\u01b0\u1eddng d\u00f9ng \u0111\u1ec3:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>T\u1ef1 \u0111\u1ed9ng deploy, scale v\u00e0 qu\u1ea3n l\u00fd c\u00e1c \u1ee9ng d\u1ee5ng \u0111\u01b0\u1ee3c container h\u00f3a<\/strong>, t\u00f9y theo nhu c\u1ea7u d\u1ef1a tr\u00ean c\u01a1 ch\u1ebf c\u1ea5u h\u00ecnh theo ki\u1ec3u khai b\u00e1o (declarative configuration).<\/li>\n\n\n\n<li><strong>H\u1ed7 tr\u1ee3 service discovery v\u00e0 load balancing<\/strong>: Gi\u00fap c\u00e1c ph\u1ea7n c\u1ee7a \u1ee9ng d\u1ee5ng (ch\u1ea1y \u1edf container kh\u00e1c nhau) c\u00f3 th\u1ec3 li\u00ean l\u1ea1c v\u1edbi nhau m\u1ed9t c\u00e1ch \u1ed5n \u0111\u1ecbnh th\u00f4ng qua DNS n\u1ed9i b\u1ed9 ho\u1eb7c Service IP, \u0111\u1ed3ng th\u1eddi ph\u00e2n ph\u1ed1i t\u1ea3i h\u1ee3p l\u00fd.<\/li>\n\n\n\n<li><strong>Qu\u1ea3n l\u00fd &amp; ph\u00e2n b\u1ed5 t\u00e0i nguy\u00ean linh ho\u1ea1t (<\/strong>CPU, memory, storage\u2026), bao g\u1ed3m c\u1ea3 resource requests\/limits, gi\u00fap t\u1eadn d\u1ee5ng h\u1ea1 t\u1ea7ng hi\u1ec7u qu\u1ea3 m\u00e0 v\u1eabn gi\u1eef \u0111\u1ed9 \u1ed5n \u0111\u1ecbnh cao.<\/li>\n\n\n\n<li><strong>Ch\u1ea1y linh ho\u1ea1t tr\u00ean nhi\u1ec1u m\u00f4i tr\u01b0\u1eddng: <\/strong>C\u00f3 th\u1ec3 ch\u1ea1y tr\u00ean m\u00e1y ch\u1ee7 v\u1eadt l\u00fd, m\u00e1y \u1ea3o, public cloud (AWS EKS, GKE, AKS), private cloud ho\u1eb7c m\u00f4i tr\u01b0\u1eddng hybrid, gi\u00fap \u1ee9ng d\u1ee5ng \u201cdi \u0111\u1ed9ng\u201d gi\u1eefa c\u00e1c c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng kh\u00e1c nhau.<\/li>\n\n\n\n<li><strong>T\u0103ng t\u00ednh \u1ed5n \u0111\u1ecbnh v\u00e0 \u0111\u1ed9 tin c\u1eady v\u1edbi c\u01a1 ch\u1ebf self-healing<\/strong>: N\u1ebfu m\u1ed9t container ho\u1eb7c node b\u1ecb l\u1ed7i, Kubernetes c\u00f3 kh\u1ea3 n\u0103ng self-healing \u2013 t\u1ef1 kh\u1edfi \u0111\u1ed9ng l\u1ea1i, t\u00e1i l\u1eadp container, reschedule Pod sang node kh\u1ecfe m\u1ea1nh, \u0111\u1ea3m b\u1ea3o service v\u1eabn ch\u1ea1y th\u00f4ng su\u1ed1t.<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p> <em>\u0110\u1ecdc chi ti\u1ebft: <strong><a href=\"https:\/\/itviec.com\/blog\/kubernetes-la-gi\/\" target=\"_blank\" rel=\"noreferrer noopener\">Kubernetes l\u00e0 g\u00ec: To\u00e0n di\u1ec7n ki\u1ebfn th\u1ee9c Kubernetes n\u1ec1n t\u1ea3ng c\u1ea7n bi\u1ebft<\/a><\/strong><\/em><\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cau-h\u1ecfi-ph\u1ecfng-v\u1ea5n-kubernetes-s\u01a1-c\u1ea5p-junior-level\"><span class=\"ez-toc-section\" id=\"Cau_hoi_phong_van_Kubernetes_so_cap_Junior_level\"><\/span><strong>C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes s\u01a1 c\u1ea5p (Junior level)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-pod-container-la-gi-s\u1ef1-khac-nhau-gi\u1eefa-pod-va-container\"><strong>Pod, Container l\u00e0 g\u00ec? S\u1ef1 kh\u00e1c nhau gi\u1eefa Pod v\u00e0 Container?<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Container<\/strong> l\u00e0 \u0111\u01a1n v\u1ecb th\u1ef1c thi nh\u1eb9, \u0111\u1ed9c l\u1eadp, g\u1ed3m to\u00e0n b\u1ed9 m\u00f4i tr\u01b0\u1eddng c\u1ea7n thi\u1ebft \u0111\u1ec3 ch\u1ea1y m\u1ed9t \u1ee9ng d\u1ee5ng: m\u00e3 ngu\u1ed3n, runtime, th\u01b0 vi\u1ec7n, dependencies. Container gi\u00fap \u0111\u00f3ng g\u00f3i \u1ee9ng d\u1ee5ng theo c\u00e1ch c\u00f4 l\u1eadp, \u0111\u1ea3m b\u1ea3o r\u1eb1ng \u1ee9ng d\u1ee5ng ch\u1ea1y nh\u1ea5t qu\u00e1n tr\u00ean nhi\u1ec1u m\u00f4i tr\u01b0\u1eddng kh\u00e1c nhau, b\u1ea5t k\u1ec3 m\u00f4i tr\u01b0\u1eddng host c\u00f3 kh\u00e1c nhau ra sao.<\/li>\n<\/ul>\n\n\n\n<p>Khi ch\u1ea1y \u0111\u1ed9c l\u1eadp (kh\u00f4ng qua orchestrator nh\u01b0 Kubernetes), m\u1ed7i container c\u00f3 network namespace ri\u00eang, IP ri\u00eang, v\u00e0 c\u1ea7n c\u1ea5u h\u00ecnh ri\u00eang \u0111\u1ec3 giao ti\u1ebfp v\u1edbi container kh\u00e1c.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Pod: <\/strong>Kubernetes kh\u00f4ng ch\u1ea1y container tr\u1ef1c ti\u1ebfp, n\u00f3 ch\u1ea1y Pod &#8211; \u0111\u01a1n v\u1ecb tri\u1ec3n khai nh\u1ecf nh\u1ea5t v\u00e0 \u0111\u01a1n v\u1ecb scheduling c\u01a1 b\u1ea3n. Pod \u0111\u1ea1i di\u1ec7n cho m\u1ed9t ho\u1eb7c nhi\u1ec1u container ch\u1ea1y c\u00f9ng nhau, chia s\u1ebb chung m\u1ea1ng (network namespace) v\u00e0 l\u01b0u tr\u1eef (volumes). C\u00e1c container b\u00ean trong c\u00f9ng m\u1ed9t Pod c\u00f3 th\u1ec3 giao ti\u1ebfp qua localhost, d\u00f9ng chung m\u1ed9t IP address duy nh\u1ea5t v\u00e0 port space.\u00a0<\/li>\n<\/ul>\n\n\n\n<p>V\u1ec1 b\u1ea3n ch\u1ea5t, Pod l\u00e0 n\u01a1i c\u00e1c container c\u00f3 quan h\u1ec7 ch\u1eb7t ch\u1ebd \u0111\u01b0\u1ee3c gom l\u1ea1i \u0111\u1ec3 ch\u1ea1y c\u00f9ng v\u00f2ng \u0111\u1eddi. (v\u00ed d\u1ee5 container \u1ee9ng d\u1ee5ng ch\u00ednh + container sidecar h\u1ed7 tr\u1ee3 logging, monitoring, proxy, ho\u1eb7c init containers cho c\u00e1c t\u00e1c v\u1ee5 initialization).<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u0110\u1ecdc chi ti\u1ebft: <strong><a href=\"https:\/\/itviec.com\/blog\/kubernetes-architecture-la-gi\/\" target=\"_blank\" rel=\"noreferrer noopener\">Kubernetes architecture: T\u00ecm hi\u1ec3u t\u1ed5ng quan ki\u1ebfn tr\u00fac Kubernetes A-Z cho ng\u01b0\u1eddi m\u1edbi<\/a><\/strong><\/em><\/p>\n<\/blockquote>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-b\u1ea3ng-so-sanh-s\u1ef1-khac-bi\u1ec7t-pod-va-container\"><strong>B\u1ea3ng so s\u00e1nh s\u1ef1 kh\u00e1c bi\u1ec7t Pod v\u00e0 Container<\/strong><\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Ti\u00eau ch\u00ed<\/strong><\/td><td><strong>Pod<\/strong><\/td><td><strong>Container<\/strong><\/td><\/tr><tr><td>\u0110\u01a1n v\u1ecb qu\u1ea3n l\u00fd trong Kubernetes<\/td><td>Pod l\u00e0 \u0111\u01a1n v\u1ecb nh\u1ecf nh\u1ea5t m\u00e0 Kubernetes t\u1ea1o, l\u00ean l\u1ecbch v\u00e0 qu\u1ea3n l\u00fd.<\/td><td>Container n\u1eb1m b\u00ean trong Pod; Kubernetes kh\u00f4ng qu\u1ea3n l\u00fd container ri\u00eang l\u1ebb m\u00e0 th\u00f4ng qua Pod.<\/td><\/tr><tr><td>S\u1ed1 l\u01b0\u1ee3ng<\/td><td>M\u1ed9t Pod c\u00f3 th\u1ec3 ch\u1ee9a m\u1ed9t ho\u1eb7c nhi\u1ec1u container (th\u01b0\u1eddng l\u00e0 1 main container + optional sidecar\/init containers\uff09.<\/td><td>M\u1ed9t container l\u00e0 m\u1ed9t th\u1ef1c th\u1ec3 \u0111\u01a1n, ch\u1ee9a m\u1ed9t \u1ee9ng d\u1ee5ng (ho\u1eb7c process).<\/td><\/tr><tr><td>M\u1ea1ng &amp; giao ti\u1ebfp<\/td><td>C\u00e1c container trong c\u00f9ng Pod chia s\u1ebb m\u1ea1ng, d\u00f9ng chung IP, port; giao ti\u1ebfp qua localhost.<\/td><td>Container ri\u00eang bi\u1ec7t c\u00f3 m\u1ea1ng ri\u00eang; kh\u00f4ng t\u1ef1 \u0111\u1ed9ng chia s\u1ebb m\u1ea1ng v\u1edbi container kh\u00e1c tr\u1eeb khi \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh \u0111\u1eb7c bi\u1ec7t.<\/td><\/tr><tr><td>L\u01b0u tr\u1eef \/ volume<\/td><td>Pod c\u00f3 th\u1ec3 khai b\u00e1o shared volumes, t\u1ea5t c\u1ea3 container trong Pod truy c\u1eadp chung storage th\u00f4ng qua volumeMounts.<\/td><td>Container c\u00f3 filesystem ri\u00eang (container image + overlay filesystem), kh\u00f4ng share volume t\u1ef1 \u0111\u1ed9ng.<\/td><\/tr><tr><td>M\u1ee5c \u0111\u00edch s\u1eed d\u1ee5ng<\/td><td>D\u00f9ng \u0111\u1ec3 nh\u00f3m, ph\u1ed1i h\u1ee3p &amp; qu\u1ea3n l\u00fd c\u00e1c container c\u00f3 li\u00ean quan ch\u1eb7t ch\u1ebd nh\u01b0 app + sidecar, ho\u1eb7c app + helper.<\/td><td>D\u00f9ng \u0111\u1ec3 ch\u1ea1y m\u1ed9t \u1ee9ng d\u1ee5ng\/process \u0111\u1ed9c l\u1eadp, c\u00f9ng m\u00f4i tr\u01b0\u1eddng chu\u1ea9n t\u1eeb image.<\/td><\/tr><tr><td>Qu\u1ea3n l\u00fd v\u00f2ng \u0111\u1eddi<\/td><td>Kubernetes qu\u1ea3n l\u00fd Pod (scheduling, restart, scaling, volume, networking\u2026). Pod c\u00f3 tr\u1ea1ng th\u00e1i: Pending, Running, Succeeded, Failed, Unknown.<\/td><td>Container runtime qu\u1ea3n l\u00fd container \u0111\u01a1n l\u1ebb; n\u1ebfu mu\u1ed1n orchestration c\u1ea7n Kubernetes\/Pod\/Workload resource.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-deployment-trong-kubernetes-la-gi-ho\u1ea1t-d\u1ed9ng-nh\u01b0-th\u1ebf-nao\"><strong>Deployment trong Kubernetes l\u00e0 g\u00ec? Ho\u1ea1t \u0111\u1ed9ng nh\u01b0 th\u1ebf n\u00e0o?<\/strong><\/h3>\n\n\n\n<p>Trong Kubernetes, Deployment l\u00e0 m\u1ed9t Workload API object d\u00f9ng \u0111\u1ec3 declarative (khai b\u00e1o) \u0111\u1ecbnh ngh\u0129a c\u00e1ch b\u1ea1n mu\u1ed1n tri\u1ec3n khai v\u00e0 qu\u1ea3n l\u00fd c\u00e1c b\u1ea3n sao c\u1ee7a \u1ee9ng d\u1ee5ng (th\u00f4ng qua ReplicaSets v\u00e0 Pods).&nbsp;<\/p>\n\n\n\n<p>Khi t\u1ea1o m\u1ed9t Deployment, ch\u00fang ta s\u1ebd khai b\u00e1o desired state (tr\u1ea1ng th\u00e1i mong mu\u1ed1n) c\u1ee7a \u1ee9ng d\u1ee5ng:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Bao nhi\u00eau b\u1ea3n sao (replicas) c\u1ee7a Pod<\/li>\n\n\n\n<li>Container image n\u00e0o v\u00e0 version\/tag<\/li>\n\n\n\n<li>C\u1ea5u h\u00ecnh nh\u01b0 th\u1ebf n\u00e0o (environment variables, volumes, ports&#8230;)<\/li>\n\n\n\n<li>Update strategy (RollingUpdate ho\u1eb7c Recreate)<\/li>\n\n\n\n<li>Health checks (liveness\/readiness probes)<\/li>\n<\/ul>\n\n\n\n<p>\u2192 Kubernetes s\u1ebd \u0111\u1ea3m b\u1ea3o tr\u1ea1ng th\u00e1i th\u1ef1c t\u1ebf kh\u1edbp v\u1edbi tr\u1ea1ng th\u00e1i mong mu\u1ed1n \u0111\u00f3.<\/p>\n\n\n\n<p>\u2192 Sau \u0111\u00f3, Deployment Controller s\u1ebd \u0111\u1ea3m b\u1ea3o tr\u1ea1ng th\u00e1i th\u1ef1c t\u1ebf (actual state\uff09kh\u1edbp v\u1edbi tr\u1ea1ng th\u00e1i mong mu\u1ed1n \u0111\u00f3 th\u00f4ng qua reconciliation loop.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-vi-sao-deployment-d\u01b0\u1ee3c-xem-la-l\u1edbp-tr\u1eebu-t\u01b0\u1ee3ng-cao-h\u01a1n-replicaset\"><strong>V\u00ec sao Deployment \u0111\u01b0\u1ee3c xem l\u00e0 l\u1edbp tr\u1eebu t\u01b0\u1ee3ng cao h\u01a1n ReplicaSet?<\/strong><\/h3>\n\n\n\n<p>V\u00ec Deployment cho ph\u00e9p qu\u1ea3n l\u00fd to\u00e0n b\u1ed9 v\u00f2ng \u0111\u1eddi \u1ee9ng d\u1ee5ng m\u00e0 kh\u00f4ng c\u1ea7n thao t\u00e1c th\u1ee7 c\u00f4ng v\u1edbi t\u1eebng Pod. Thay v\u00ec t\u1ef1 t\u1ea1o, xo\u00e1 hay thay th\u1ebf Pod, ng\u01b0\u1eddi d\u00f9ng ch\u1ec9 c\u1ea7n khai b\u00e1o tr\u1ea1ng th\u00e1i mong mu\u1ed1n, c\u00f2n Kubernetes s\u1ebd t\u1ef1 \u0111\u1ed9ng x\u1eed l\u00fd ph\u1ea7n c\u00f2n l\u1ea1i.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-service-trong-kubernetes-la-gi-giup-gi\u1ea3i-quy\u1ebft-v\u1ea5n-d\u1ec1-gi\"><strong>Service trong Kubernetes l\u00e0 g\u00ec? Gi\u00fap gi\u1ea3i quy\u1ebft v\u1ea5n \u0111\u1ec1 g\u00ec?<\/strong><\/h3>\n\n\n\n<p>Trong Kubernetes, Service l\u00e0 m\u1ed9t abstraction v\u1ec1 m\u1ea1ng, cung c\u1ea5p m\u1ed9t \u0111i\u1ec3m truy c\u1eadp \u1ed5n \u0111\u1ecbnh (stable network endpoint) \u0111\u1ec3 truy c\u1eadp v\u00e0o c\u00e1c Pod.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Service t\u1ea1o ra IP address v\u00e0 DNS name c\u1ed1 \u0111\u1ecbnh<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Khi b\u1ea1n t\u1ea1o m\u1ed9t Service \u2192 B\u1ea1n \u0111\u1ecbnh ngh\u0129a selector (v\u00ed d\u1ee5 m\u1ed9t label m\u00e0 Pod c\u1ea7n c\u00f3)&nbsp;<\/p>\n\n\n\n<p>\u2192 Kubernetes s\u1ebd t\u1ef1 \u0111\u1ed9ng theo d\u00f5i c\u00e1c Pod ph\u00f9 h\u1ee3p v\u00e0 \u0111\u1ea3m b\u1ea3o r\u1eb1ng m\u1ecdi traffic h\u01b0\u1edbng \u0111\u1ebfn Service s\u1ebd \u0111\u01b0\u1ee3c chuy\u1ec3n ti\u1ebfp \u0111\u1ebfn m\u1ed9t (ho\u1eb7c nhi\u1ec1u) Pod backend t\u01b0\u01a1ng \u1ee9ng.&nbsp;<\/p>\n\n\n\n<p>Nh\u1edd c\u01a1 ch\u1ebf n\u00e0y, d\u00f9 Pod c\u00f3 th\u1ec3 b\u1ecb t\u1ea1o m\u1edbi, xo\u00e1, scale ho\u1eb7c di chuy\u1ec3n sang node kh\u00e1c, th\u00ec \u0111\u1ecba ch\u1ec9 truy c\u1eadp c\u1ee7a \u1ee9ng d\u1ee5ng v\u1eabn gi\u1eef nguy\u00ean, cho ph\u00e9p \u1ee9ng d\u1ee5ng \u0111\u01b0\u1ee3c truy c\u1eadp m\u00e0 kh\u00f4ng ph\u1ee5 thu\u1ed9c v\u00e0o Pod c\u1ee5 th\u1ec3 n\u00e0o. \u0110i\u1ec1u n\u00e0y gi\u00fap h\u1ec7 th\u1ed1ng \u1ed5n \u0111\u1ecbnh v\u00e0 resilient h\u01a1n, \u0111\u1ed3ng th\u1eddi tr\u00e1nh vi\u1ec7c ph\u1ea3i \u201cg\u1eafn c\u1ee9ng\u201d IP hay Pod c\u1ee5 th\u1ec3 trong code ho\u1eb7c config.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Service c\u0169ng h\u1ed7 tr\u1ee3 load balancing n\u1ed9i b\u1ed9<\/strong>: n\u1ebfu c\u00f3 nhi\u1ec1u Pod tham gia backend, Service s\u1ebd ph\u00e2n ph\u1ed1i traffic gi\u1eefa c\u00e1c Pod \u0111\u00f3 (m\u1eb7c \u0111\u1ecbnh s\u1eed d\u1ee5ng thu\u1eadt to\u00e1n round-robin), gi\u00fap c\u00e2n b\u1eb1ng t\u1ea3i v\u00e0 t\u0103ng \u0111\u1ed9 s\u1eb5n s\u00e0ng.<\/li>\n\n\n\n<li><strong>Service c\u00f3 th\u1ec3 \u0111\u1ecbnh ngh\u0129a ch\u1ebf \u0111\u1ed9 m\u1ea1ng kh\u00e1c nhau t\u00f9y nhu c\u1ea7u:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Service n\u1ed9i b\u1ed9 gi\u1eefa c\u00e1c Pod\/\u1ee9ng d\u1ee5ng trong cluster (Cluster-internal service).<\/li>\n\n\n\n<li>Service gi\u00fap expose \u1ee9ng d\u1ee5ng ra b\u00ean ngo\u00e0i (external access), cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng b\u00ean ngo\u00e0i ho\u1eb7c c\u00e1c h\u1ec7 th\u1ed1ng kh\u00e1c truy c\u1eadp.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-service-co-gi-khac-v\u1edbi-deployment\"><strong>Service c\u00f3 g\u00ec kh\u00e1c v\u1edbi Deployment?\u00a0\u00a0<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Deployment ch\u1ecbu tr\u00e1ch nhi\u1ec7m qu\u1ea3n l\u00fd v\u00f2ng \u0111\u1eddi c\u1ee7a Pod. N\u00f3 \u0111\u1ecbnh ngh\u0129a tr\u1ea1ng th\u00e1i mong mu\u1ed1n (desired state), t\u1eadp trung v\u00e0o vi\u1ec7c tri\u1ec3n khai, c\u1eadp nh\u1eadt v\u00e0 duy tr\u00ec Pod \u1ed5n \u0111\u1ecbnh trong cluster.<\/li>\n\n\n\n<li>Ng\u01b0\u1ee3c l\u1ea1i, Service kh\u00f4ng qu\u1ea3n l\u00fd Pod m\u00e0 cung c\u1ea5p m\u1ed9t \u0111i\u1ec3m truy c\u1eadp m\u1ea1ng \u1ed5n \u0111\u1ecbnh \u0111\u1ebfn c\u00e1c Pod do Deployment t\u1ea1o ra. \u0110i\u1ec1u n\u00e0y gi\u00fap \u1ee9ng d\u1ee5ng lu\u00f4n s\u1eb5n s\u00e0ng v\u00e0 c\u00f3 kh\u1ea3 n\u0103ng giao ti\u1ebfp \u1ed5n \u0111\u1ecbnh trong m\u00f4i tr\u01b0\u1eddng \u0111\u1ed9ng c\u1ee7a Kubernetes.<\/li>\n<\/ul>\n\n\n\n<p>T\u00f3m t\u1eaft:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Deployment = Qu\u1ea3n l\u00fd Pod: t\u1ea1o m\u1edbi, c\u1eadp nh\u1eadt, scale, rollback.<\/li>\n\n\n\n<li>Service = Qu\u1ea3n l\u00fd truy c\u1eadp: cung c\u1ea5p endpoint c\u1ed1 \u0111\u1ecbnh v\u00e0 c\u00e2n b\u1eb1ng t\u1ea3i \u0111\u1ebfn c\u00e1c Pod.<\/li>\n<\/ul>\n\n\n\n<p><strong>B\u1ea3ng so s\u00e1nh Service v\u00e0 Deployment:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Ti\u00eau ch\u00ed<\/strong><\/td><td><strong>Service<\/strong><\/td><td><strong>Deployment<\/strong><\/td><\/tr><tr><td>Ch\u1ee9c n\u0103ng ch\u00ednh<\/td><td>Tri\u1ec3n khai v\u00e0 qu\u1ea3n l\u00fd v\u00f2ng \u0111\u1eddi Pod (t\u1ea1o, c\u1eadp nh\u1eadt, scale, rollback).<\/td><td>Cung c\u1ea5p endpoint m\u1ea1ng \u1ed5n \u0111\u1ecbnh \u0111\u1ec3 truy c\u1eadp Pod v\u00e0 ph\u00e2n ph\u1ed1i l\u01b0u l\u01b0\u1ee3ng (load balancing).<\/td><\/tr><tr><td>Qu\u1ea3n l\u00fd Pod<\/td><td>C\u00f3 \u2013 Deployment \u0111i\u1ec1u khi\u1ec3n ReplicaSet \u0111\u1ec3 duy tr\u00ec s\u1ed1 l\u01b0\u1ee3ng Pod mong mu\u1ed1n.<\/td><td>Kh\u00f4ng \u2013 Service ch\u1ec9 \u0111\u1ecbnh tuy\u1ebfn traffic \u0111\u1ebfn Pod, kh\u00f4ng ki\u1ec3m so\u00e1t v\u00f2ng \u0111\u1eddi.<\/td><\/tr><tr><td>\u1ed4n \u0111\u1ecbnh \u0111\u1ecba ch\u1ec9 truy c\u1eadp<\/td><td>Kh\u00f4ng cung c\u1ea5p \u0111\u1ecba ch\u1ec9 c\u1ed1 \u0111\u1ecbnh, Pod c\u00f3 th\u1ec3 thay \u0111\u1ed5i IP khi restart.<\/td><td>C\u00f3 \u2013 Service t\u1ea1o ra DNS v\u00e0 \u0111\u1ecba ch\u1ec9 \u1ea3o c\u1ed1 \u0111\u1ecbnh, kh\u00f4ng b\u1ecb \u1ea3nh h\u01b0\u1edfng khi Pod thay \u0111\u1ed5i.<\/td><\/tr><tr><td>Load Balancing<\/td><td>Kh\u00f4ng h\u1ed7 tr\u1ee3.<\/td><td>C\u00f3 \u2013 Service ph\u00e2n ph\u1ed1i l\u01b0u l\u01b0\u1ee3ng \u0111\u1ebfn nhi\u1ec1u Pod backend.<\/td><\/tr><tr><td>C\u1eadp nh\u1eadt \u1ee9ng d\u1ee5ng<\/td><td>H\u1ed7 tr\u1ee3 rolling update, rollback, versioning.<\/td><td>Kh\u00f4ng h\u1ed7 tr\u1ee3 c\u1eadp nh\u1eadt \u1ee9ng d\u1ee5ng; ch\u1ec9 x\u1eed l\u00fd routing v\u00e0 networking.<\/td><\/tr><tr><td>Lo\u1ea1i t\u00e0i nguy\u00ean<\/td><td>Workload Controller.<\/td><td>Networking Abstraction.<\/td><\/tr><tr><td>S\u1eed d\u1ee5ng khi n\u00e0o?<\/td><td>Khi b\u1ea1n c\u1ea7n tri\u1ec3n khai \u1ee9ng d\u1ee5ng v\u00e0 \u0111\u1ea3m b\u1ea3o Pod ho\u1ea1t \u0111\u1ed9ng \u1ed5n \u0111\u1ecbnh.<\/td><td>Khi b\u1ea1n c\u1ea7n expose \u1ee9ng d\u1ee5ng ho\u1eb7c t\u1ea1o k\u1ebft n\u1ed1i \u1ed5n \u0111\u1ecbnh gi\u1eefa c\u00e1c Pod\/ d\u1ecbch v\u1ee5.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-lam-sao-d\u1ec3-xem-log-c\u1ee7a-pod\"><strong>L\u00e0m sao \u0111\u1ec3 xem log c\u1ee7a Pod?\u00a0\u00a0<\/strong><\/h3>\n\n\n\n<p>C\u00e1ch ch\u00ednh th\u1ee9c l\u00e0 s\u1eed d\u1ee5ng l\u1ec7nh <code>kubectl logs<\/code>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Pod ch\u1ec9 c\u00f3 m\u1ed9t container<\/strong><\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl logs &lt;pod-name><\/code><\/pre>\n\n\n\n<p>V\u00ed d\u1ee5:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl logs my-pod<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Pod c\u00f3 nhi\u1ec1u container<\/strong><\/li>\n<\/ul>\n\n\n\n<p>B\u1ea1n c\u1ea7n ch\u1ec9 \u0111\u1ecbnh container c\u1ee5 th\u1ec3 b\u1eb1ng flag <code>-c<\/code> ho\u1eb7c <code>--container<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl logs &lt;pod-name> -c &lt;container-name><\/code><\/pre>\n\n\n\n<p>C\u00e1ch n\u00e0y th\u01b0\u1eddng d\u00f9ng khi:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>C\u1ea7n debug l\u1ed7i \u1ee9ng d\u1ee5ng, ki\u1ec3m tra exception ho\u1eb7c warning t\u1eeb container.<\/li>\n\n\n\n<li>Mu\u1ed1n theo d\u00f5i h\u00e0nh vi \u1ee9ng d\u1ee5ng theo th\u1eddi gian th\u1ef1c, \u0111\u1eb7c bi\u1ec7t trong qu\u00e1 tr\u00ecnh deploy ho\u1eb7c test.<\/li>\n\n\n\n<li>Pod ho\u1eb7c container b\u1ecb restart, d\u00f9ng &#8211;previous \u0111\u1ec3 t\u00ecm nguy\u00ean nh\u00e2n g\u1ed1c r\u1ec5.<\/li>\n<\/ul>\n\n\n\n<p><strong>C\u00e1c t\u00f9y ch\u1ecdn th\u01b0\u1eddng d\u00f9ng khi xem log<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Tu\u1ef3 ch\u1ecdn<\/strong><\/td><td><strong>\u00dd ngh\u0129a<\/strong><\/td><\/tr><tr><td><code>-f<\/code> \/ <code>--follow<\/code><\/td><td>Theo d\u00f5i log theo th\u1eddi gian th\u1ef1c, t\u01b0\u01a1ng t\u1ef1 l\u1ec7nh tail -f<\/td><\/tr><tr><td><code>--tail=&lt;s\u1ed1_d\u00f2ng><\/code><\/td><td>Ch\u1ec9 hi\u1ec3n th\u1ecb m\u1ed9t s\u1ed1 d\u00f2ng log cu\u1ed1i c\u00f9ng, h\u1eefu \u00edch khi c\u1ea7n xem nhanh log m\u1edbi nh\u1ea5t<\/td><\/tr><tr><td><code>--since=&lt;duration><\/code> ho\u1eb7c <code>--since-time=&lt;timestamp><\/code><\/td><td>L\u1ea5y log trong m\u1ed9t kho\u1ea3ng th\u1eddi gian nh\u1ea5t \u0111\u1ecbnh tr\u01b0\u1edbc \u0111\u00f3, gi\u00fap khoanh v\u00f9ng s\u1ef1 ki\u1ec7n l\u1ed7i<\/td><\/tr><tr><td><code>-p<\/code> \/ <code>--previous<\/code><\/td><td>Xem log c\u1ee7a container tr\u01b0\u1edbc khi b\u1ecb restart, r\u1ea5t h\u1eefu \u00edch khi debug c\u00e1c l\u1ed7i khi\u1ebfn Pod crash<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-configmap-va-secret-khac-nhau-ra-sao\"><strong>ConfigMap v\u00e0 Secret kh\u00e1c nhau ra sao?\u00a0\u00a0<\/strong><\/h3>\n\n\n\n<p>Trong Kubernetes, ConfigMap v\u00e0 Secret \u0111\u1ec1u d\u00f9ng \u0111\u1ec3 cung c\u1ea5p c\u1ea5u h\u00ecnh cho \u1ee9ng d\u1ee5ng, nh\u01b0ng kh\u00e1c nhau v\u1ec1 m\u1ee5c ti\u00eau v\u00e0 c\u00e1ch x\u1eed l\u00fd d\u1eef li\u1ec7u.<\/p>\n\n\n\n<p><strong>ConfigMap<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>L\u01b0u tr\u1eef d\u1eef li\u1ec7u c\u1ea5u h\u00ecnh d\u1ea1ng kh\u00f4ng nh\u1ea1y c\u1ea3m<\/li>\n\n\n\n<li>L\u01b0u d\u1eef li\u1ec7u d\u01b0\u1edbi d\u1ea1ng text thu\u1ea7n (plain text), kh\u00f4ng c\u00f3 m\u00e3 h\u00f3a.\u00a0<\/li>\n\n\n\n<li>Th\u00edch h\u1ee3p cho c\u00e1c gi\u00e1 tr\u1ecb c\u1ea5u h\u00ecnh nh\u01b0 URL d\u1ecbch v\u1ee5, t\u00ean m\u00f4i tr\u01b0\u1eddng, tham s\u1ed1 \u1ee9ng d\u1ee5ng, config files (nh\u01b0 nginx.conf, application.properties).\u00a0<\/li>\n\n\n\n<li>Th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng r\u1ed9ng r\u00e3i trong m\u1ecdi lo\u1ea1i workload.<\/li>\n<\/ul>\n\n\n\n<p><strong>Secret\u00a0<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ch\u1ee9a th\u00f4ng tin nh\u1ea1y c\u1ea3m nh\u01b0 m\u1eadt kh\u1ea9u, token ho\u1eb7c kh\u00f3a API.<\/li>\n\n\n\n<li>\u0110\u01b0\u1ee3c m\u00e3 h\u00f3a b\u1eb1ng Base64 (Base64 ch\u1ec9 l\u00e0 encoding, kh\u00f4ng ph\u1ea3i encryption th\u1ef1c s\u1ef1\uff09v\u00e0 Kubernetes \u00e1p d\u1ee5ng c\u00e1c c\u01a1 ch\u1ebf b\u1ea3o m\u1eadt b\u1ed5 sung \u0111\u1ec3 h\u1ea1n ch\u1ebf quy\u1ec1n truy c\u1eadp v\u00e0o lo\u1ea1i d\u1eef li\u1ec7u n\u00e0y.\u00a0<\/li>\n\n\n\n<li>\u0110\u1ea3m b\u1ea3o r\u1eb1ng th\u00f4ng tin nh\u1ea1y c\u1ea3m \u0111\u01b0\u1ee3c t\u00e1ch bi\u1ec7t kh\u1ecfi m\u00e3 ngu\u1ed3n v\u00e0 kh\u00f4ng b\u1ecb l\u1ed9 khi tri\u1ec3n khai \u1ee9ng d\u1ee5ng.<\/li>\n<\/ul>\n\n\n\n<p><strong>T\u00f3m l\u1ea1i:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>ConfigMap \u2192 ch\u1ee9a c\u1ea5u h\u00ecnh kh\u00f4ng nh\u1ea1y c\u1ea3m, kh\u00f4ng m\u00e3 h\u00f3a.<\/li>\n\n\n\n<li>Secret \u2192 ch\u1ee9a d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m, \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a v\u00e0 b\u1ea3o v\u1ec7 nghi\u00eam ng\u1eb7t h\u01a1n.<\/li>\n<\/ul>\n\n\n\n<p><strong>B\u1ea3ng t\u00f3m t\u1eaft so s\u00e1nh ConfigMap v\u00e0 Secret<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Ti\u00eau ch\u00ed<\/strong><\/td><td><strong>ConfigMap<\/strong><\/td><td><strong>Secret<\/strong><\/td><\/tr><tr><td>M\u1ee5c \u0111\u00edch s\u1eed d\u1ee5ng<\/td><td>L\u01b0u tr\u1eef c\u1ea5u h\u00ecnh kh\u00f4ng nh\u1ea1y c\u1ea3m cho \u1ee9ng d\u1ee5ng.<\/td><td>L\u01b0u tr\u1eef d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m nh\u01b0 m\u1eadt kh\u1ea9u, token, kh\u00f3a API.<\/td><\/tr><tr><td>M\u1ee9c \u0111\u1ed9 b\u1ea3o m\u1eadt<\/td><td>Kh\u00f4ng c\u00f3 m\u00e3 h\u00f3a, l\u01b0u d\u1ea1ng plain text.<\/td><td>D\u1eef li\u1ec7u \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a \u1edf d\u1ea1ng Base64, c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a khi l\u01b0u tr\u1eef (encryption at rest) v\u00e0 \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd b\u1eb1ng c\u01a1 ch\u1ebf RBAC nghi\u00eam ng\u1eb7t h\u01a1n.<\/td><\/tr><tr><td>Lo\u1ea1i d\u1eef li\u1ec7u l\u01b0u tr\u1eef<\/td><td>C\u00e1c tham s\u1ed1 c\u1ea5u h\u00ecnh, gi\u00e1 tr\u1ecb m\u00f4i tr\u01b0\u1eddng, \u0111\u01b0\u1eddng d\u1eabn, t\u00ean d\u1ecbch v\u1ee5\u2026<\/td><td>Th\u00f4ng tin nh\u1ea1y c\u1ea3m: passwords, OAuth tokens, SSH keys, TLS certs<\/td><\/tr><tr><td>C\u00e1ch Kubernetes x\u1eed l\u00fd<\/td><td>Kubernetes kh\u00f4ng \u00e1p d\u1ee5ng b\u1ea3o v\u1ec7 \u0111\u1eb7c bi\u1ec7t v\u00ec d\u1eef li\u1ec7u kh\u00f4ng nh\u1ea1y c\u1ea3m.<\/td><td>\u0110\u01b0\u1ee3c mount d\u01b0\u1edbi d\u1ea1ng tmpfs, \u0111\u01b0\u1ee3c \u1ea9n trong log v\u00e0 event, \u0111\u1ed3ng th\u1eddi h\u1ed7 tr\u1ee3 m\u00e3 h\u00f3a khi l\u01b0u tr\u1eef (encryption at rest)<\/td><\/tr><tr><td>S\u1eed d\u1ee5ng trong Pod<\/td><td>\u0110\u01b0\u1ee3c mount v\u00e0o Pod d\u01b0\u1edbi d\u1ea1ng bi\u1ebfn m\u00f4i tr\u01b0\u1eddng (environment variables) ho\u1eb7c d\u01b0\u1edbi d\u1ea1ng volume (file)<\/td><td>T\u01b0\u01a1ng t\u1ef1 nh\u01b0 ConfigMap nh\u01b0ng \u0111\u01b0\u1ee3c mount tr\u1ef1c ti\u1ebfp v\u00e0o b\u1ed9 nh\u1edb (tmpfs), kh\u00f4ng ghi d\u1eef li\u1ec7u xu\u1ed1ng \u1ed5 \u0111\u0129a.<\/td><\/tr><tr><td>Th\u00edch h\u1ee3p cho<\/td><td>C\u1ea5u h\u00ecnh chung c\u1ee7a \u1ee9ng d\u1ee5ng, kh\u00f4ng c\u1ea7n b\u1ea3o v\u1ec7.<\/td><td>C\u00e1c gi\u00e1 tr\u1ecb b\u00ed m\u1eadt b\u1eaft bu\u1ed9c ph\u1ea3i \u0111\u01b0\u1ee3c t\u00e1ch kh\u1ecfi m\u00e3 ngu\u1ed3n.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-cach-scale-deployment-len-nhi\u1ec1u-replicas\"><strong>C\u00e1ch scale Deployment l\u00ean nhi\u1ec1u replicas?\u00a0\u00a0<\/strong><\/h3>\n\n\n\n<p>\u0110\u1ec3 scale Deployment l\u00ean nhi\u1ec1u replicas trong Kubernetes, b\u1ea1n ch\u1ec9 c\u1ea7n thay \u0111\u1ed5i s\u1ed1 l\u01b0\u1ee3ng Pod m\u00e0 Deployment ph\u1ea3i duy tr\u00ec. Qu\u00e1 tr\u00ecnh scale \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n th\u00f4ng qua ReplicaSet \u2013 th\u00e0nh ph\u1ea7n ch\u1ecbu tr\u00e1ch nhi\u1ec7m \u0111\u1ea3m b\u1ea3o s\u1ed1 Pod lu\u00f4n kh\u1edbp v\u1edbi tr\u1ea1ng th\u00e1i mong mu\u1ed1n. Khi b\u1ea1n \u0111i\u1ec1u ch\u1ec9nh s\u1ed1 l\u01b0\u1ee3ng replicas, Kubernetes s\u1ebd t\u1ef1 \u0111\u1ed9ng t\u1ea1o m\u1edbi ho\u1eb7c x\u00f3a b\u1edbt Pod t\u01b0\u01a1ng \u1ee9ng \u0111\u1ec3 duy tr\u00ec \u0111\u00fang s\u1ed1 l\u01b0\u1ee3ng.<\/p>\n\n\n\n<p>B\u1ea1n c\u00f3 th\u1ec3 scale Deployment theo hai c\u00e1ch:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-cach-1-nhanh-nh\u1ea5t-va-ph\u1ed5-bi\u1ebfn-nh\u1ea5t\"><strong>C\u00e1ch 1 &#8211; Nhanh nh\u1ea5t v\u00e0 ph\u1ed5 bi\u1ebfn nh\u1ea5t<\/strong><\/h4>\n\n\n\n<p>Scale tr\u1ef1c ti\u1ebfp b\u1eb1ng l\u1ec7nh:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl scale deployment &lt;t\u00ean-deployment> --replicas=&lt;s\u1ed1-l\u01b0\u1ee3ng><\/code><\/pre>\n\n\n\n<p>V\u00ed d\u1ee5:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl scale deployment nginx-deploy --replicas=5<\/code><\/pre>\n\n\n\n<p>Ngay sau khi ch\u1ea1y l\u1ec7nh, Kubernetes s\u1ebd c\u1eadp nh\u1eadt ReplicaSet v\u00e0 t\u1ea1o th\u00eam Pod \u0111\u1ec3 \u0111\u1ea1t \u0111\u1ee7 5 replicas.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-cach-2-scale-b\u1eb1ng-cach-ch\u1ec9nh-s\u1eeda-file-yaml\"><strong>C\u00e1ch 2: Scale b\u1eb1ng c\u00e1ch ch\u1ec9nh s\u1eeda file YAML<\/strong><\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>spec:\n\n\u00a0\u00a0replicas: 5<\/code><\/pre>\n\n\n\n<p>Sau \u0111\u00f3 apply l\u1ea1i:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl apply -f deployment.yaml<\/code><\/pre>\n\n\n\n<p>Vi\u1ec7c scale qua YAML ph\u00f9 h\u1ee3p khi b\u1ea1n qu\u1ea3n l\u00fd c\u1ea5u h\u00ecnh b\u1eb1ng GitOps ho\u1eb7c mu\u1ed1n ki\u1ec3m so\u00e1t c\u1ea5u h\u00ecnh l\u00e2u d\u00e0i.<\/p>\n\n\n\n<p>D\u00f9 d\u00f9ng c\u00e1ch n\u00e0o, Kubernetes s\u1ebd lu\u00f4n \u0111\u1ea3m b\u1ea3o s\u1ed1 l\u01b0\u1ee3ng Pod b\u1eb1ng \u0111\u00fang gi\u00e1 tr\u1ecb replicas m\u00e0 b\u1ea1n khai b\u00e1o nh\u1edd c\u01a1 ch\u1ebf t\u1ef1 \u0111\u1ed3ng b\u1ed9 tr\u1ea1ng th\u00e1i gi\u1eefa Deployment v\u00e0 ReplicaSet.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-khi-nao-nen-dung-nhi\u1ec1u-namespace\"><strong>Khi n\u00e0o n\u00ean d\u00f9ng nhi\u1ec1u Namespace?\u00a0\u00a0<\/strong><\/h3>\n\n\n\n<p>S\u1eed d\u1ee5ng nhi\u1ec1u Namespace trong Kubernetes gi\u00fap t\u1ed5 ch\u1ee9c, ph\u00e2n t\u00e1ch m\u00f4i tr\u01b0\u1eddng v\u00e0 qu\u1ea3n l\u00fd t\u00e0i nguy\u00ean m\u1ed9t c\u00e1ch r\u00f5 r\u00e0ng, \u0111\u1eb7c bi\u1ec7t ph\u00f9 h\u1ee3p khi c\u00f3 nhi\u1ec1u \u1ee9ng d\u1ee5ng, nhi\u1ec1u team, ho\u1eb7c nhi\u1ec1u m\u00f4i tr\u01b0\u1eddng kh\u00e1c nhau.&nbsp;<\/p>\n\n\n\n<p>D\u01b0\u1edbi \u0111\u00e2y l\u00e0 c\u00e1c tr\u01b0\u1eddng h\u1ee3p c\u1ee5 th\u1ec3 n\u00ean d\u00f9ng nhi\u1ec1u Namespace:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Khi c\u00f3 nhi\u1ec1u \u1ee9ng d\u1ee5ng \/ micro-services ch\u1ea1y c\u00f9ng cluster <\/strong>\u2192 \u0111\u1eb7t m\u1ed7i \u1ee9ng d\u1ee5ng v\u00e0o m\u1ed9t Namespace ri\u00eang gi\u00fap ng\u0103n c\u00e1ch c\u00e1c resource (Pod, Service, ConfigMap, Secret\u2026) tr\u00e1nh xung \u0111\u1ed9t v\u1ec1 t\u00ean, c\u1ea5u h\u00ecnh hay truy c\u1eadp m\u1ea1ng n\u1ed9i b\u1ed9.<\/li>\n\n\n\n<li><strong>Khi c\u1ea7n ph\u00e2n chia m\u00f4i tr\u01b0\u1eddng (dev \/ staging \/ prod): <\/strong>M\u1ed7i m\u00f4i tr\u01b0\u1eddng \u0111\u1eb7t trong m\u1ed9t Namespace ri\u00eang gi\u00fap d\u1ec5 ki\u1ec3m so\u00e1t quy\u1ec1n, c\u1ea5u h\u00ecnh v\u00e0 tr\u00e1nh \u1ea3nh h\u01b0\u1edfng ch\u00e9o gi\u1eefa m\u00f4i tr\u01b0\u1eddng.<\/li>\n\n\n\n<li><strong>Khi mu\u1ed1n ph\u00e2n quy\u1ec1n truy c\u1eadp &amp; qu\u1ea3n l\u00fd ri\u00eang bi\u1ec7t theo Team \/ Module: <\/strong>Namespace gi\u00fap b\u1ea1n \u00e1p d\u1ee5ng quy\u1ec1n Role-Based Access Control (RBAC) m\u1ed9t c\u00e1ch r\u00f5 r\u00e0ng theo team ho\u1eb7c module. M\u1ed7i team ch\u1ec9 nh\u00ecn th\u1ea5y resource trong Namespace c\u1ee7a h\u1ecd, gi\u00fap gi\u1edbi h\u1ea1n ph\u1ea1m vi thao t\u00e1c, d\u1ec5 audit v\u00e0 ki\u1ec3m so\u00e1t ai deploy g\u00ec, s\u1eed d\u1ee5ng bao nhi\u00eau resource,&#8230;<\/li>\n\n\n\n<li><strong>Khi c\u1ea7n gi\u1edbi h\u1ea1n t\u00e0i nguy\u00ean ho\u1eb7c quota cho t\u1eebng nh\u00f3m d\u1ecbch v\u1ee5: <\/strong>B\u1ea1n c\u00f3 th\u1ec3 \u00e1p \u0111\u1eb7t ResourceQuota, LimitRange tr\u00ean m\u1ed7i Namespace, gi\u00fap ng\u0103n m\u1ed9t \u1ee9ng d\u1ee5ng chi\u1ebfm h\u1ebft CPU, memory c\u1ee7a to\u00e0n cluster, \u0111\u1ea3m b\u1ea3o t\u00ednh c\u00f4ng b\u1eb1ng gi\u1eefa nhi\u1ec1u d\u1ecbch v\u1ee5. H\u1eefu \u00edch khi cluster d\u00f9ng chung nhi\u1ec1u d\u1ecbch v\u1ee5.<\/li>\n\n\n\n<li><strong>Khi mu\u1ed1n t\u00e1ch bi\u1ec7t m\u1ea1ng, service discovery v\u00e0 c\u00f4 l\u1eadp l\u1ed7i \/ \u1ea3nh h\u01b0\u1edfng: <\/strong>Namespace gi\u00fap tr\u00e1nh xung \u0111\u1ed9t service discovery nh\u1edd ph\u1ea1m vi t\u00ean ri\u00eang (&lt;service>.&lt;namespace>.svc.cluster.local) v\u00e0 t\u1ea1o n\u1ec1n t\u1ea3ng \u0111\u1ec3 c\u00f4 l\u1eadp l\u1ed7i t\u1ed1t h\u01a1n. Khi m\u1ed9t d\u1ecbch v\u1ee5 trong Namespace g\u1eb7p s\u1ef1 c\u1ed1, c\u00e1c Namespace kh\u00e1c th\u01b0\u1eddng kh\u00f4ng b\u1ecb \u1ea3nh h\u01b0\u1edfng tr\u1ef1c ti\u1ebfp.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-hay-neu-m\u1ed9t-vai-kinh-nghi\u1ec7m-dung-namespace-ma-b\u1ea1n-co\"><strong>H\u00e3y n\u00eau m\u1ed9t v\u00e0i kinh nghi\u1ec7m d\u00f9ng Namespace m\u00e0 b\u1ea1n c\u00f3.<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u0110\u1ec3 \u0111\u1ea1t \u0111\u01b0\u1ee3c m\u1ee9c \u0111\u1ed9 b\u1ea3o m\u1eadt \u0111\u1ea7y \u0111\u1ee7, Namespace ph\u1ea3i \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng c\u00f9ng NetworkPolicy, RBAC v\u00e0 Pod Security Standards<\/li>\n\n\n\n<li>M\u1ed9t s\u1ed1 resources l\u00e0 cluster-scoped (kh\u00f4ng thu\u1ed9c namespace): Nodes, PersistentVolumes, StorageClasses, ClusterRoles<\/li>\n\n\n\n<li>C\u00e1c namespace m\u1eb7c \u0111\u1ecbnh: kube-system (system components), kube-public (public info), kube-node-lease (node heartbeats), default<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-cach-debug-pod-b\u1ecb-crashloopbackoff\"><strong>C\u00e1ch debug Pod b\u1ecb CrashLoopBackOff?\u00a0\u00a0<\/strong><\/h3>\n\n\n\n<p>Khi m\u1ed9t Pod r\u01a1i v\u00e0o tr\u1ea1ng th\u00e1i CrashLoopBackOff, \u0111i\u1ec1u \u0111\u00f3 c\u00f3 ngh\u0129a l\u00e0 container kh\u1edfi \u0111\u1ed9ng l\u00ean nh\u01b0ng li\u00ean t\u1ee5c b\u1ecb crash sau m\u1ed9t th\u1eddi gian ng\u1eafn v\u00e0 Kubernetes s\u1eed d\u1ee5ng exponential backoff delay nh\u1eb1m ki\u1ec3m so\u00e1t t\u1ea7n su\u1ea5t restart v\u00e0 h\u1ea1n ch\u1ebf v\u00f2ng l\u1eb7p l\u1ed7i li\u00ean t\u1ee5c.&nbsp;<\/p>\n\n\n\n<p>Theo h\u01b0\u1edbng d\u1eabn ch\u00ednh th\u1ee9c t\u1eeb Kubernetes, b\u1ea1n c\u00f3 th\u1ec3 th\u1ef1c hi\u1ec7n debug b\u1eb1ng c\u00e1c b\u01b0\u1edbc sau:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>N\u1ed9i dung ki\u1ec3m tra<\/strong><\/td><td><strong>L\u1ec7nh s\u1eed d\u1ee5ng<\/strong><\/td><td><strong>M\u1ee5c \u0111\u00edch \/ C\u1ea7n ch\u00fa \u00fd<\/strong><\/td><\/tr><tr><td>Ki\u1ec3m tra log c\u0169 c\u1ee7a container xem container g\u1eb7p l\u1ed7i g\u00ec<\/td><td><code>kubectl logs &lt;pod-name> --previous<\/code><\/td><td>Flag &#8211;previous \u0111\u1eb7c bi\u1ec7t quan tr\u1ecdng v\u00ec container th\u01b0\u1eddng crash qu\u00e1 nhanh, log m\u1edbi c\u00f3 th\u1ec3 kh\u00f4ng ghi l\u1ea1i l\u1ed7i g\u1ed1c.&nbsp;N\u1ebfu c\u00f3 nhi\u1ec1u container: th\u00eam -c &lt;container-name&gt; \u0111\u1ec3 ch\u1ec9 \u0111\u1ecbnh container c\u1ee5 th\u1ec3.<\/td><\/tr><tr><td>Ki\u1ec3m tra m\u00f4 t\u1ea3 chi ti\u1ebft Pod<\/td><td><code>kubectl describe pod &lt;pod-name><\/code><\/td><td>Xem Events, , l\u00fd do container exit, Exit Code, l\u1ed7i pull image, volume, probe;&nbsp;Xem ph\u1ea7n Last State \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh l\u1ed7i ngay tr\u01b0\u1edbc khi Pod restart<\/td><\/tr><tr><td>Ki\u1ec3m tra c\u1ea5u h\u00ecnh liveness\/readiness probe<\/td><td>(Xem YAML Pod\/Deployment)<\/td><td>Nhi\u1ec1u Pod r\u01a1i v\u00e0o CrashLoopBackOff v\u00ec liveness probe c\u1ea5u h\u00ecnh sai, khi\u1ebfn Kubernetes li\u00ean t\u1ee5c kill container.&nbsp;H\u00e3y ki\u1ec3m tra:probe timeout qu\u00e1 ng\u1eafnendpoint probe kh\u00f4ng \u0111\u00fang\u1ee9ng d\u1ee5ng kh\u1edfi \u0111\u1ed9ng l\u00e2u nh\u01b0ng probe kh\u00f4ng \u0111\u1ee3i \u0111\u1ee7 th\u1eddi gian<\/td><\/tr><tr><td>Debug container b\u1eb1ng c\u00e1ch override command<\/td><td>T\u1ea1o m\u1ed9t Pod t\u1ea1m th\u1eddi \u0111\u1ec3 ki\u1ec3m tra container image:<br><code>kubectl run debug<br>--image=&lt;image><br>--command -- sleep 3600<\/code><br>Ho\u1eb7c debug pod \u0111ang t\u1ed3n t\u1ea1i (K8s 1.18+)<br><code>kubectl debug &lt;pod-name> -it<br>--image=&lt;debug-image><br>--share-processes<br>--copy-to=debug-pod<\/code><\/td><td>C\u00e1ch n\u00e0y gi\u00fap v\u00e0o m\u00f4i tr\u01b0\u1eddng container \u0111\u1ec3 ki\u1ec3m tra file, c\u1ea5u h\u00ecnh ho\u1eb7c dependency m\u00e0 \u1ee9ng d\u1ee5ng c\u1ea7n.<\/td><\/tr><tr><td>Ki\u1ec3m tra resource limits &amp; requests<\/td><td>(Xem resources.limits v\u00e0 resources.requests trong Pod\/Deployment)<\/td><td>Container c\u00f3 th\u1ec3 b\u1ecb crash do thi\u1ebfu CPU\/RAM n\u1ebfu limit qu\u00e1 th\u1ea5p ho\u1eb7c request kh\u00f4ng h\u1ee3p l\u00fd<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-file-yaml-c\u1ee7a-deployment-bao-g\u1ed3m-nh\u1eefng-ph\u1ea7n-chinh-nao\"><strong>File YAML c\u1ee7a Deployment bao g\u1ed3m nh\u1eefng ph\u1ea7n ch\u00ednh n\u00e0o?\u00a0\u00a0<\/strong><\/h3>\n\n\n\n<p>M\u1ed9t manifest YAML \u0111\u1ec3 t\u1ea1o Deployment trong Kubernetes th\u01b0\u1eddng bao g\u1ed3m c\u00e1c ph\u1ea7n c\u01a1 b\u1ea3n sau:<\/p>\n\n\n\n<p><strong>apiVersion<\/strong><\/p>\n\n\n\n<p>\u0110\u1ecbnh ngh\u0129a phi\u00ean b\u1ea3n API m\u00e0 manifest s\u1eed d\u1ee5ng, gi\u00fap Kubernetes hi\u1ec3u c\u00e1ch x\u1eed l\u00fd resource.<\/p>\n\n\n\n<p>V\u00ed d\u1ee5: apiVersion: apps\/v1<\/p>\n\n\n\n<p><strong>kind<\/strong><\/p>\n\n\n\n<p>X\u00e1c \u0111\u1ecbnh lo\u1ea1i resource m\u00e0 b\u1ea1n t\u1ea1o (\u1edf \u0111\u00e2y l\u00e0 &#8220;Deployment&#8221;).<\/p>\n\n\n\n<p>V\u00ed d\u1ee5:\u00a0kind: Deployment<\/p>\n\n\n\n<p><strong>metadata<\/strong><\/p>\n\n\n\n<p>Ch\u1ee9a th\u00f4ng tin v\u1ec1 resource:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>name: t\u00ean c\u1ee7a Deployment, s\u1ebd d\u00f9ng \u0111\u1ec3 tham chi\u1ebfu.<\/li>\n\n\n\n<li>namespace: (n\u1ebfu c\u1ea7n) x\u00e1c \u0111\u1ecbnh namespace, n\u1ebfu kh\u00f4ng khai b\u00e1o th\u00ec m\u1eb7c \u0111\u1ecbnh d\u00f9ng \u201cdefault\u201d.<\/li>\n\n\n\n<li>(C\u00f3 th\u1ec3 th\u00eam) labels v\u00e0 annotations \u0111\u1ec3 tag, ph\u00e2n lo\u1ea1i resource d\u1ec5 d\u00e0ng.<\/li>\n<\/ul>\n\n\n\n<p><strong>spec<\/strong><\/p>\n\n\n\n<p>Ph\u1ea7n ch\u00ednh \u0111\u1ec3 khai b\u00e1o mong mu\u1ed1n (desired state) c\u1ee7a Deployment. B\u00ean trong spec th\u01b0\u1eddng g\u1ed3m:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>replicas: s\u1ed1 l\u01b0\u1ee3ng b\u1ea3n sao Pod m\u00e0 b\u1ea1n mu\u1ed1n; v\u00ed d\u1ee5 replicas: 3.<\/li>\n\n\n\n<li>selector: \u0111i\u1ec1u ki\u1ec7n \u0111\u1ec3 ch\u1ecdn Pod m\u00e0 Deployment qu\u1ea3n l\u00fd, th\u01b0\u1eddng s\u1eed d\u1ee5ng matchLabels v\u1edbi label ph\u00f9 h\u1ee3p.<\/li>\n\n\n\n<li>template: \u0111\u1ecbnh ngh\u0129a c\u1ea5u h\u00ecnh cho Pod s\u1ebd \u0111\u01b0\u1ee3c t\u1ea1o ra. template l\u1ea1i bao g\u1ed3m hai ph\u1ea7n:\n<ul class=\"wp-block-list\">\n<li>metadata (th\u01b0\u1eddng ch\u1ee9a labels, gi\u00fap kh\u1edbp v\u1edbi selector).<\/li>\n\n\n\n<li>spec: \u0111\u1ecbnh ngh\u0129a c\u1ea5u h\u00ecnh cho container b\u00ean trong Pod, g\u1ed3m c\u00e1c tr\u01b0\u1eddng nh\u01b0: containers (danh s\u00e1ch c\u00e1c container, m\u1ed7i container c\u1ea7n khai b\u00e1o: name, image, c\u00f3 th\u1ec3 c\u00f3 ports, env, resources, volumeMounts\u2026 ). Ngo\u00e0i ra c\u00f2n c\u00f3 volumes, initContainers, c\u00e1c thi\u1ebft l\u1eadp v\u1ec1 t\u00e0i nguy\u00ean (resource requests\/limits), m\u00f4i tr\u01b0\u1eddng, storage,&#8230;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><\/li>\n<\/ul>\n\n\n\n<p><strong>(Tu\u1ef3 ch\u1ecdn) C\u00e1c c\u1ea5u h\u00ecnh ph\u1ee5 tr\u1ee3 kh\u00e1c<\/strong><\/p>\n\n\n\n<p>B\u1ea1n c\u00f3 th\u1ec3 khai b\u00e1o th\u00eam trong spec.template.spec, ch\u1eb3ng h\u1ea1n: volumes, initContainers, affinity, tolerations, nodeSelector, env\/envFrom, resources (request\/limit), livenessProbe \/ readinessProbe, v.v. \u2014 gi\u00fap ki\u1ec3m so\u00e1t chi ti\u1ebft h\u01a1n h\u00e0nh vi v\u00e0 m\u00f4i tr\u01b0\u1eddng c\u1ee7a Pod.<\/p>\n\n\n\n<p>B\u1ea1n c\u0169ng c\u00f3 th\u1ec3 th\u00eam strategy trong spec, \u0111\u1ec3 \u0111\u1ecbnh ngh\u0129a c\u00e1ch Deployment update (rolling update, recreate, v.v.).<\/p>\n\n\n\n<p><strong>V\u00ed d\u1ee5 minh h\u1ecda m\u1ed9t file YAML c\u1ee7a Deployment (gi\u1ea3n l\u01b0\u1ee3c)<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: apps\/v1\n\nkind: Deployment\n\nmetadata:\n\n\u00a0\u00a0name: my-app-deployment\n\nspec:\n\n\u00a0\u00a0replicas: 3\n\n\u00a0\u00a0selector:\n\n\u00a0\u00a0\u00a0\u00a0matchLabels:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0app: my-app\n\n\u00a0\u00a0template:\n\n\u00a0\u00a0\u00a0\u00a0metadata:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0labels:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0app: my-app\n\n\u00a0\u00a0\u00a0\u00a0spec:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0containers:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- name: my-app-container\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0image: my-app-image:latest\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ports:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- containerPort: 80<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cau-h\u1ecfi-ph\u1ecfng-v\u1ea5n-kubernetes-trung-c\u1ea5p-intermediate-level\"><span class=\"ez-toc-section\" id=\"Cau_hoi_phong_van_Kubernetes_trung_cap_Intermediate_Level\"><\/span><strong>C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes trung c\u1ea5p (Intermediate Level)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-ki\u1ebfn-truc-kubernetes-cluster-g\u1ed3m-nh\u1eefng-thanh-ph\u1ea7n-nao\"><strong>Ki\u1ebfn tr\u00fac Kubernetes cluster g\u1ed3m nh\u1eefng th\u00e0nh ph\u1ea7n n\u00e0o?\u00a0<\/strong><\/h3>\n\n\n\n<p>M\u1ed9t Kubernetes cluster ti\u00eau chu\u1ea9n \u0111\u01b0\u1ee3c x\u00e2y d\u1ef1ng d\u1ef1a tr\u00ean hai nh\u00f3m th\u00e0nh ph\u1ea7n ch\u00ednh: Control Plane (Master) v\u00e0 Worker Nodes.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-control-plane-b\u1ed9-nao-di\u1ec1u-khi\u1ec3n-toan-b\u1ed9-cluster\"><strong>Control Plane \u2013 B\u1ed9 n\u00e3o \u0111i\u1ec1u khi\u1ec3n to\u00e0n b\u1ed9 cluster<\/strong><\/h4>\n\n\n\n<p>Control Plane ch\u1ecbu tr\u00e1ch nhi\u1ec7m qu\u1ea3n l\u00fd tr\u1ea1ng th\u00e1i mong mu\u1ed1n (desired state) c\u1ee7a h\u1ec7 th\u1ed1ng. N\u00f3 quy\u1ebft \u0111\u1ecbnh \u1ee9ng d\u1ee5ng \u0111\u01b0\u1ee3c ch\u1ea1y \u1edf \u0111\u00e2u, khi n\u00e0o c\u1ea7n scale, v\u00e0 s\u1ebd t\u1ef1 \u0111\u1ed9ng kh\u00f4i ph\u1ee5c khi c\u00f3 l\u1ed7i x\u1ea3y ra.&nbsp;<\/p>\n\n\n\n<p>C\u00e1c th\u00e0nh ph\u1ea7n c\u1ed1t l\u00f5i bao g\u1ed3m:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>kube-apiserver\n<ul class=\"wp-block-list\">\n<li>L\u00e0 c\u1ed5ng giao ti\u1ebfp trung t\u00e2m c\u1ee7a Kubernetes (RESTful API).<\/li>\n\n\n\n<li>T\u1ea5t c\u1ea3 thao t\u00e1c t\u1eeb kubectl, CI\/CD, ho\u1eb7c c\u00e1c service kh\u00e1c \u0111\u1ec1u \u0111i qua API Server.<\/li>\n\n\n\n<li>X\u00e1c th\u1ef1c (authentication) v\u00e0 ph\u00e2n quy\u1ec1n (authorization) m\u1ecdi request<\/li>\n\n\n\n<li>L\u00e0 component duy nh\u1ea5t t\u01b0\u01a1ng t\u00e1c tr\u1ef1c ti\u1ebfp v\u1edbi etcd<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>etcd\n<ul class=\"wp-block-list\">\n<li>C\u01a1 s\u1edf d\u1eef li\u1ec7u distributed key-value l\u01b0u tr\u1eef to\u00e0n b\u1ed9 tr\u1ea1ng th\u00e1i c\u1ee7a cluster<\/li>\n\n\n\n<li>Ch\u1ec9 API Server m\u1edbi \u0111\u01b0\u1ee3c ph\u00e9p truy c\u1eadp tr\u1ef1c ti\u1ebfp<\/li>\n\n\n\n<li>\u0110\u1ea3m b\u1ea3o t\u00ednh nh\u1ea5t qu\u00e1n v\u00e0 \u0111\u1ed9 tin c\u1eady cao.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>kube-scheduler: Quy\u1ebft \u0111\u1ecbnh Pod s\u1ebd ch\u1ea1y tr\u00ean node n\u00e0o d\u1ef1a tr\u00ean t\u00e0i nguy\u00ean tr\u1ed1ng, gi\u1edbi h\u1ea1n, affinity\/anti-affinity ho\u1eb7c tolerations.<\/li>\n\n\n\n<li>kube-controller-manager\n<ul class=\"wp-block-list\">\n<li>G\u1ed3m nhi\u1ec1u lo\u1ea1i controller \u0111\u1ea3m nhi\u1ec7m c\u00e1c t\u00e1c v\u1ee5 t\u1ef1 \u0111\u1ed9ng nh\u01b0:\n<ul class=\"wp-block-list\">\n<li>\u0111\u1ea3m b\u1ea3o s\u1ed1 replica \u0111\u00fang,<\/li>\n\n\n\n<li>qu\u1ea3n l\u00fd Node,<\/li>\n\n\n\n<li>theo d\u00f5i tr\u1ea1ng th\u00e1i resource.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Khi ph\u00e1t hi\u1ec7n ch\u00eanh l\u1ec7ch gi\u1eefa desired state v\u00e0 current state, controller s\u1ebd h\u00e0nh \u0111\u1ed9ng \u0111\u1ec3 \u0111\u1ed3ng b\u1ed9 l\u1ea1i.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-worker-nodes-n\u01a1i-\u1ee9ng-d\u1ee5ng-th\u1ef1c-s\u1ef1-ch\u1ea1y\"><strong>Worker Nodes \u2013 N\u01a1i \u1ee9ng d\u1ee5ng th\u1ef1c s\u1ef1 ch\u1ea1y<\/strong><\/h4>\n\n\n\n<p>Worker nodes l\u00e0 n\u01a1i tri\u1ec3n khai container. M\u1ed7i node ch\u1ee9a c\u00e1c th\u00e0nh ph\u1ea7n sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Kubelet\n<ul class=\"wp-block-list\">\n<li>Agent ch\u1ea1y tr\u00ean m\u1ed7i node.<\/li>\n\n\n\n<li>M\u1ecdi request \u0111\u1ebfn API Server \u0111\u1ec1u \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n qua HTTPS.<\/li>\n\n\n\n<li>Nh\u1eadn l\u1ec7nh t\u1eeb API Server v\u00e0 \u0111\u1ea3m b\u1ea3o Pod \u0111\u01b0\u1ee3c t\u1ea1o, theo d\u00f5i, kh\u1edfi \u0111\u1ed9ng l\u1ea1i n\u1ebfu th\u1ea5t b\u1ea1i.<\/li>\n\n\n\n<li>Mount volumes, pull images, report Pod\/Node status<\/li>\n\n\n\n<li>Kh\u00f4ng qu\u1ea3n l\u00fd containers kh\u00f4ng \u0111\u01b0\u1ee3c t\u1ea1o b\u1edfi Kubernetes<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Kube-Proxy\n<ul class=\"wp-block-list\">\n<li>Qu\u1ea3n l\u00fd networking cho Pod v\u00e0 Service.<\/li>\n\n\n\n<li>\u0110\u1ea3m b\u1ea3o traffic \u0111\u01b0\u1ee3c \u0111\u1ecbnh tuy\u1ebfn \u0111\u00fang gi\u1eefa c\u00e1c Pods ho\u1eb7c t\u1eeb b\u00ean ngo\u00e0i v\u00e0o cluster.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Container Runtime\n<ul class=\"wp-block-list\">\n<li>H\u1ec7 th\u1ed1ng ch\u1ea1y container, v\u00ed d\u1ee5: containerd, CRI-O.<\/li>\n\n\n\n<li>Th\u1ef1c thi c\u00e1c image v\u00e0 qu\u1ea3n l\u00fd v\u00f2ng \u0111\u1eddi container.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-add-ons-va-cac-thanh-ph\u1ea7n-m\u1edf-r\u1ed9ng\"><strong>Add-ons v\u00e0 c\u00e1c th\u00e0nh ph\u1ea7n m\u1edf r\u1ed9ng<\/strong><\/h4>\n\n\n\n<p>Tu\u1ef3 nhu c\u1ea7u s\u1eed d\u1ee5ng, cluster c\u00f2n c\u00f3 th\u00eam c\u00e1c add-on quan tr\u1ecdng ph\u1ee5c v\u1ee5 nhu c\u1ea7u production:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>DNS (CoreDNS\/kube-dns) \u2013 cung c\u1ea5p ph\u00e2n gi\u1ea3i t\u00ean cho d\u1ecbch v\u1ee5 trong cluster<\/li>\n\n\n\n<li>CNI plugin \u2013 qu\u1ea3n l\u00fd m\u1ea1ng (Calico, Flannel, Cilium\u2026)<\/li>\n\n\n\n<li>Ingress Controller \u2013 \u0111i\u1ec1u ph\u1ed1i traffic HTTP\/HTTPS t\u1eeb b\u00ean ngo\u00e0i<\/li>\n\n\n\n<li>Dashboard ho\u1eb7c monitoring stack (Prometheus, Grafana\u2026)<\/li>\n\n\n\n<li>Metrics Server: cung c\u1ea5p c\u00e1c ch\u1ec9 s\u1ed1 t\u00e0i nguy\u00ean (CPU, memory) cho HPA<\/li>\n\n\n\n<li>Storage plugins (CSI drivers): T\u00edch h\u1ee3p v\u1edbi storage systems<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-s\u1ef1-khac-nhau-gi\u1eefa-replicaset-deployment-va-statefulset\"><strong>S\u1ef1 kh\u00e1c nhau gi\u1eefa ReplicaSet, Deployment v\u00e0 StatefulSet?\u00a0<\/strong><\/h3>\n\n\n\n<p>Trong Kubernetes, ReplicaSet, Deployment v\u00e0 StatefulSet \u0111\u1ec1u l\u00e0 nh\u1eefng workload resources gi\u00fap qu\u1ea3n l\u00fd v\u00f2ng \u0111\u1eddi c\u00e1c Pod.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-replicaset-d\u1ea3m-b\u1ea3o-s\u1ed1-l\u01b0\u1ee3ng-pod-luon-\u1ed5n-d\u1ecbnh-thong-qua-vong-l\u1eb7p-reconciliation\"><strong>ReplicaSet \u2013 \u0110\u1ea3m b\u1ea3o s\u1ed1 l\u01b0\u1ee3ng Pod lu\u00f4n \u1ed5n \u0111\u1ecbnh th\u00f4ng qua v\u00f2ng l\u1eb7p reconciliation<\/strong><\/h4>\n\n\n\n<p>ReplicaSet th\u01b0\u1eddng ch\u1ec9 \u0111\u01b0\u1ee3c d\u00f9ng khi c\u1ea7n ki\u1ec3m so\u00e1t tr\u1ef1c ti\u1ebfp c\u01a1 ch\u1ebf nh\u00e2n b\u1ea3n Pod m\u00e0 kh\u00f4ng c\u1ea7n t\u00ednh n\u0103ng rollout ph\u1ee9c t\u1ea1p.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>N\u1ebfu Pod b\u1ecb l\u1ed7i ho\u1eb7c bi\u1ebfn m\u1ea5t, ReplicaSet s\u1ebd t\u1ef1 \u0111\u1ed9ng t\u1ea1o Pod m\u1edbi nh\u1eb1m \u0111\u1ea3m b\u1ea3o \u0111\u00fang s\u1ed1 replica \u0111\u00e3 c\u1ea5u h\u00ecnh.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ho\u1ea1t \u0111\u1ed9ng d\u1ef1a tr\u00ean label selector \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh c\u00e1c Pod thu\u1ed9c ph\u1ea1m vi qu\u1ea3n l\u00fd.<\/li>\n\n\n\n<li>Kh\u00f4ng h\u1ed7 tr\u1ee3 rolling update ho\u1eb7c rollback.<\/li>\n\n\n\n<li>Th\u01b0\u1eddng kh\u00f4ng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng tr\u1ef1c ti\u1ebfp, v\u00ec Deployment \u0111\u00e3 bao g\u1ed3m ReplicaSet.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-deployment-qu\u1ea3n-ly-rollout-va-rollback-\u1ee9ng-d\u1ee5ng\"><strong>Deployment \u2013 Qu\u1ea3n l\u00fd rollout v\u00e0 rollback \u1ee9ng d\u1ee5ng<\/strong><\/h4>\n\n\n\n<p>Deployment l\u00e0 l\u1edbp \u0111i\u1ec1u khi\u1ec3n cao h\u01a1n c\u1ee7a ReplicaSet. N\u1ebfu \u1ee9ng d\u1ee5ng kh\u00f4ng c\u1ea7n l\u01b0u tr\u1ea1ng th\u00e1i theo Pod v\u00e0 c\u1ea7n c\u1eadp nh\u1eadt linh ho\u1ea1t, Deployment l\u00e0 l\u1ef1a ch\u1ecdn m\u1eb7c \u0111\u1ecbnh.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Qu\u1ea3n l\u00fd nhi\u1ec1u ReplicaSets (m\u1ed7i version m\u1ed9t ReplicaSet)<\/li>\n\n\n\n<li>C\u00f3 kh\u1ea3 n\u0103ng rollout phi\u00ean b\u1ea3n m\u1edbi, rollback khi g\u1eb7p l\u1ed7i, v\u00e0 c\u1eadp nh\u1eadt Pod t\u1eebng ph\u1ea7n (rolling update) m\u00e0 kh\u00f4ng g\u00e2y downtime.<\/li>\n\n\n\n<li>Cho ph\u00e9p pause\/resume deployment<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-statefulset-qu\u1ea3n-ly-\u1ee9ng-d\u1ee5ng-co-tr\u1ea1ng-thai-stateful\"><strong>StatefulSet \u2014 Qu\u1ea3n l\u00fd \u1ee9ng d\u1ee5ng c\u00f3 tr\u1ea1ng th\u00e1i (stateful)<\/strong><\/h4>\n\n\n\n<p>StatefulSet \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf cho c\u00e1c \u1ee9ng d\u1ee5ng c\u1ea7n danh t\u00ednh c\u1ed1 \u0111\u1ecbnh (persistent identity) gi\u1eefa c\u00e1c Pod \u2013 \u0111i\u1ec1u m\u00e0 ReplicaSet v\u00e0 Deployment kh\u00f4ng cung c\u1ea5p.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Pod c\u00f3 t\u00ean \u0111\u1ecbnh danh c\u1ed1 \u0111\u1ecbnh theo th\u1ee9 t\u1ef1 (v\u00ed d\u1ee5: web-0, web-1\u2026).<\/li>\n\n\n\n<li>M\u1ed7i Pod \u0111\u01b0\u1ee3c g\u1eafn v\u1edbi PersistentVolume ri\u00eang, kh\u00f4ng thay \u0111\u1ed5i k\u1ec3 c\u1ea3 khi Pod b\u1ecb x\u00f3a.<\/li>\n\n\n\n<li>Qu\u00e1 tr\u00ecnh scale, update v\u00e0 delete di\u1ec5n ra theo th\u1ee9 t\u1ef1, \u0111\u1ea3m b\u1ea3o s\u1ef1 nh\u1ea5t qu\u00e1n.<\/li>\n<\/ul>\n\n\n\n<p>StatefulSet th\u01b0\u1eddng d\u00f9ng cho database v\u00e0 c\u00e1c h\u1ec7 th\u1ed1ng ph\u00e2n t\u00e1n nh\u01b0 MySQL, PostgreSQL, MongoDB, Kafka, Zookeeper ho\u1eb7c Elasticsearch, ho\u1eb7c m\u1ed9t s\u1ed1 tr\u01b0\u1eddng h\u1ee3p c\u1ea7n kh\u1edfi \u0111\u1ed9ng ho\u1eb7c t\u1eaft Pod theo th\u1ee9 t\u1ef1 (ordered startup\/shutdown).<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-b\u1ea3ng-so-sanh-replicaset-deployment-va-statefulset\"><strong>B\u1ea3ng so s\u00e1nh ReplicaSet, Deployment v\u00e0 StatefulSet<\/strong><\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Ti\u00eau ch\u00ed<\/strong><\/td><td><strong>ReplicaSet<\/strong><\/td><td><strong>Deployment<\/strong><\/td><td><strong>StatefulSet<\/strong><\/td><\/tr><tr><td>Qu\u1ea3n l\u00fd s\u1ed1 l\u01b0\u1ee3ng Pod<\/td><td>\u2714<\/td><td>\u2714 (qua ReplicaSet)<\/td><td>\u2714<\/td><\/tr><tr><td>H\u1ed7 tr\u1ee3 rollout\/rollback<\/td><td>\u274c<\/td><td>\u2714<\/td><td>\u2714 (nh\u01b0ng theo th\u1ee9 t\u1ef1)<\/td><\/tr><tr><td>Pod c\u00f3 danh t\u00ednh c\u1ed1 \u0111\u1ecbnh<\/td><td>\u274c<\/td><td>\u274c<\/td><td>\u2714<\/td><\/tr><tr><td>D\u00f9ng cho \u1ee9ng d\u1ee5ng stateful<\/td><td>\u274c<\/td><td>\u274c<\/td><td>\u2714<\/td><\/tr><tr><td>D\u00f9ng cho \u1ee9ng d\u1ee5ng stateless<\/td><td>\u2714<\/td><td>\u2714<\/td><td>Kh\u00f4ng t\u1ed1i \u01b0u<\/td><\/tr><tr><td>Th\u1ee9 t\u1ef1 t\u1ea1o\/x\u00f3a Pod<\/td><td>Kh\u00f4ng \u0111\u1ea3m b\u1ea3o<\/td><td>Kh\u00f4ng \u0111\u1ea3m b\u1ea3o<\/td><td>C\u00f3 \u0111\u1ea3m b\u1ea3o<\/td><\/tr><tr><td>G\u1eafn PersistentVolume ri\u00eang cho t\u1eebng Pod<\/td><td>\u274c<\/td><td>\u274c<\/td><td>\u2714<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-hpa-horizontal-pod-autoscaler-ho\u1ea1t-d\u1ed9ng-nh\u01b0-th\u1ebf-nao\"><strong>HPA (Horizontal Pod Autoscaler) ho\u1ea1t \u0111\u1ed9ng nh\u01b0 th\u1ebf n\u00e0o?\u00a0<\/strong><\/h3>\n\n\n\n<p>Horizontal Pod Autoscaler (HPA) l\u00e0 c\u01a1 ch\u1ebf t\u1ef1 \u0111\u1ed9ng \u0111i\u1ec1u ch\u1ec9nh s\u1ed1 l\u01b0\u1ee3ng Pod trong Kubernetes d\u1ef1a tr\u00ean m\u1ee9c t\u1ea3i th\u1ef1c t\u1ebf. HPA gi\u00fap \u1ee9ng d\u1ee5ng m\u1edf r\u1ed9ng khi nhu c\u1ea7u t\u0103ng v\u00e0 thu nh\u1ecf l\u1ea1i khi t\u1ea3i gi\u1ea3m, t\u1eeb \u0111\u00f3 t\u1ed1i \u01b0u t\u00e0i nguy\u00ean v\u00e0 \u0111\u1ea3m b\u1ea3o hi\u1ec7u n\u0103ng \u1ed5n \u0111\u1ecbnh.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-hpa-theo-doi-metric-d\u1ec3-quy\u1ebft-d\u1ecbnh-scale\"><strong>HPA theo d\u00f5i metric \u0111\u1ec3 quy\u1ebft \u0111\u1ecbnh scale<\/strong><\/h4>\n\n\n\n<p>HPA li\u00ean t\u1ee5c ki\u1ec3m tra c\u00e1c ch\u1ec9 s\u1ed1 ho\u1ea1t \u0111\u1ed9ng c\u1ee7a Pod, ph\u1ed5 bi\u1ebfn nh\u1ea5t l\u00e0:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CPU utilization<\/li>\n\n\n\n<li>Memory utilization<\/li>\n\n\n\n<li>Custom metrics th\u00f4ng qua Custom Metrics API (v\u00ed d\u1ee5: s\u1ed1 request m\u1ed7i gi\u00e2y, \u0111\u1ed9 d\u00e0i h\u00e0ng \u0111\u1ee3i)<\/li>\n\n\n\n<li>External metrics qua External Metrics API (metrics t\u1eeb h\u1ec7 th\u1ed1ng b\u00ean ngo\u00e0i nh\u01b0 AWS CloudWatch)<\/li>\n<\/ul>\n\n\n\n<p>HPA nh\u1eadn d\u1eef li\u1ec7u metric th\u00f4ng qua Metrics Server (b\u1eaft bu\u1ed9c ph\u1ea3i c\u00e0i \u0111\u1eb7t) ho\u1eb7c c\u00e1c ngu\u1ed3n metric m\u1edf r\u1ed9ng nh\u01b0 Prometheus Adapter.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-xac-d\u1ecbnh-s\u1ed1-pod-c\u1ea7n-thi\u1ebft-d\u1ef1a-tren-cong-th\u1ee9c-m\u1ee5c-tieu\"><strong>X\u00e1c \u0111\u1ecbnh s\u1ed1 Pod c\u1ea7n thi\u1ebft d\u1ef1a tr\u00ean c\u00f4ng th\u1ee9c m\u1ee5c ti\u00eau<\/strong><\/h4>\n\n\n\n<p>Trong m\u1ed7i c\u1ea5u h\u00ecnh HPA, b\u1ea1n s\u1ebd \u0111\u1eb7t gi\u00e1 tr\u1ecb m\u1ee5c ti\u00eau (target) cho metric, v\u00ed d\u1ee5:<\/p>\n\n\n\n<p>\u201cGi\u1eef CPU \u1edf m\u1ee9c 70%\u201d.<\/p>\n\n\n\n<p>\u201cGi\u1eef memory \u1edf 80%\u201d<\/p>\n\n\n\n<p>\u201cGi\u1eef requests per second \u1edf 1000\u201d<\/p>\n\n\n\n<p>C\u00f4ng th\u1ee9c t\u00ednh to\u00e1n:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>desiredReplicas = ceil&#91;currentReplicas * (currentMetricValue \/ targetMetricValue)]<\/code><\/pre>\n\n\n\n<p>D\u1ef1a tr\u00ean metric th\u1ef1c t\u1ebf, HPA s\u1eed d\u1ee5ng c\u00f4ng th\u1ee9c t\u00ednh to\u00e1n \u0111\u1ec3 quy\u1ebft \u0111\u1ecbnh s\u1ed1 replica ph\u00f9 h\u1ee3p. N\u1ebfu m\u1ee9c s\u1eed d\u1ee5ng v\u01b0\u1ee3t ng\u01b0\u1ee1ng, HPA s\u1ebd scale Pod l\u00ean; n\u1ebfu th\u1ea5p h\u01a1n nhi\u1ec1u, HPA s\u1ebd gi\u1ea3m Pod xu\u1ed1ng trong gi\u1edbi h\u1ea1n minReplicas v\u00e0 maxReplicas.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-hpa-g\u1eedi-yeu-c\u1ea7u-c\u1eadp-nh\u1eadt-s\u1ed1-replica-cho-deployment-replicaset\"><strong>HPA g\u1eedi y\u00eau c\u1ea7u c\u1eadp nh\u1eadt s\u1ed1 replica cho Deployment\/ReplicaSet<\/strong><\/h4>\n\n\n\n<p>Khi x\u00e1c \u0111\u1ecbnh c\u1ea7n thay \u0111\u1ed5i, HPA s\u1ebd:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>G\u1eedi l\u1ec7nh t\u1edbi Deployment ho\u1eb7c ReplicaSet ho\u1eb7c StatefulSet.<\/li>\n\n\n\n<li>\u0110i\u1ec1u ch\u1ec9nh spec.replicas v\u1ec1 s\u1ed1 Pod m\u1edbi.<\/li>\n\n\n\n<li>Kubernetes t\u1ef1 \u0111\u1ed9ng t\u1ea1o ho\u1eb7c xo\u00e1 Pod theo y\u00eau c\u1ea7u.<\/li>\n<\/ul>\n\n\n\n<p>Quy tr\u00ecnh n\u00e0y di\u1ec5n ra t\u1eebng b\u01b0\u1edbc \u0111\u1ec3 tr\u00e1nh l\u00e0m h\u1ec7 th\u1ed1ng thay \u0111\u1ed5i \u0111\u1ed9t ng\u1ed9t.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Scale-up delay: Ch\u1edd 3 ph\u00fat gi\u1eefa c\u00e1c l\u1ea7n scale up (m\u1eb7c \u0111\u1ecbnh)<\/li>\n\n\n\n<li>Scale-down delay: Ch\u1edd 5 ph\u00fat gi\u1eefa c\u00e1c l\u1ea7n scale down (m\u1eb7c \u0111\u1ecbnh)<\/li>\n\n\n\n<li>Tolerance: Kh\u00f4ng scale n\u1ebfu thay \u0111\u1ed5i &lt; 10% (configurable)<\/li>\n<\/ul>\n\n\n\n<p>Th\u00f4ng th\u01b0\u1eddng, HPA c\u1eadp nh\u1eadt nh\u1ecbp \u0111o li\u00ean t\u1ee5c theo chu k\u1ef3 (kho\u1ea3ng 15 gi\u00e2y tr\u1edf l\u00ean t\u00f9y c\u1ea5u h\u00ecnh). \u0110i\u1ec1u n\u00e0y gi\u00fap \u1ee9ng d\u1ee5ng ph\u1ea3n \u1ee9ng nhanh khi t\u1ea3i t\u0103ng \u0111\u1ed9t bi\u1ebfn, \u0111\u1ed3ng th\u1eddi kh\u00f4ng g\u00e2y dao \u0111\u1ed9ng qu\u00e1 m\u1ea1nh trong s\u1ed1 l\u01b0\u1ee3ng Pod.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-clusterip-nodeport-va-loadbalancer-khac-nhau-nh\u01b0-th\u1ebf-nao\"><strong>ClusterIP, NodePort v\u00e0 LoadBalancer kh\u00e1c nhau nh\u01b0 th\u1ebf n\u00e0o?<\/strong><\/h3>\n\n\n\n<p>Trong Kubernetes, ClusterIP, NodePort v\u00e0 LoadBalancer l\u00e0 ba lo\u1ea1i Service ph\u1ed5 bi\u1ebfn nh\u1ea5t gi\u00fap \u1ee9ng d\u1ee5ng c\u00f3 th\u1ec3 giao ti\u1ebfp b\u00ean trong ho\u1eb7c b\u00ean ngo\u00e0i cluster. M\u1ed7i lo\u1ea1i Service cung c\u1ea5p m\u1ed9t m\u1ee9c \u0111\u1ed9 truy c\u1eadp kh\u00e1c nhau, ph\u00f9 h\u1ee3p cho t\u1eebng m\u1ee5c \u0111\u00edch tri\u1ec3n khai.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-b\u1ea3ng-so-sanh-clusterip-nodeport-va-loadbalancer\"><strong>B\u1ea3ng so s\u00e1nh ClusterIP, NodePort v\u00e0 LoadBalancer<\/strong><\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Ti\u00eau ch\u00ed<\/strong><\/td><td><strong>ClusterIP<\/strong><\/td><td><strong>NodePort<\/strong><\/td><td><strong>LoadBalancer<\/strong><\/td><\/tr><tr><td>M\u1ee5c \u0111\u00edch s\u1eed d\u1ee5ng<\/td><td>Ch\u1ec9 d\u00f9ng trong n\u1ed9i b\u1ed9 cluster, l\u00e0 ki\u1ec3u Service m\u1eb7c \u0111\u1ecbnh<\/td><td>M\u1edf c\u1ed5ng tr\u00ean t\u1ea5t c\u1ea3 Node \u0111\u1ec3 truy c\u1eadp t\u1eeb b\u00ean ngo\u00e0i<\/td><td>Expose \u1ee9ng d\u1ee5ng ra Internet&nbsp;<\/td><\/tr><tr><td>C\u01a1 ch\u1ebf<\/td><td>Cung c\u1ea5p m\u1ed9t \u0111\u1ecba ch\u1ec9 IP n\u1ed9i b\u1ed9 (virtual IP t\u1eeb service CIDR range) \u0111\u1ec3 c\u00e1c Pod ho\u1eb7c Service kh\u00e1c trong c\u00f9ng cluster c\u00f3 th\u1ec3 giao ti\u1ebfp v\u1edbi nhau.DNS name t\u1ef1 \u0111\u1ed9ng: &lt;service-name&gt;.&lt;namespace&gt;.svc.cluster.local<\/td><td>M\u1edf m\u1ed9t port c\u1ed1 \u0111\u1ecbnh (th\u01b0\u1eddng trong d\u1ea3i 30000\u201332767) tr\u00ean m\u1ed7i Node. Traffic g\u1eedi \u0111\u1ebfn Node tr\u00ean port n\u00e0y s\u1ebd \u0111\u01b0\u1ee3c chuy\u1ec3n ti\u1ebfp v\u00e0o Service v\u00e0 Pod t\u01b0\u01a1ng \u1ee9ng.<\/td><td>T\u1ea1o m\u1ed9t Load Balancer b\u00ean ngo\u00e0i (t\u1eeb cloud provider nh\u01b0 AWS, GCP, Azure) v\u00e0 tr\u1ecf traffic v\u1ec1 NodePort\/ClusterIP ph\u00eda d\u01b0\u1edbi.<\/td><\/tr><tr><td>Tr\u01b0\u1eddng h\u1ee3p s\u1eed d\u1ee5ng<\/td><td>Microservices n\u1ed9i b\u1ed9 ho\u1eb7c giao ti\u1ebfp backend\u2013backend.<\/td><td>&#8211; Khi c\u1ea7n m\u00f4i tr\u01b0\u1eddng \u0111\u01a1n gi\u1ea3n \u0111\u1ec3 test ho\u1eb7c build demo.- Khi c\u1ea7n expose \u1ee9ng d\u1ee5ng ra ngo\u00e0i m\u00e0 kh\u00f4ng c\u1ea7n load balancer chuy\u00ean d\u1ee5ng.<\/td><td>Tri\u1ec3n khai \u1ee9ng d\u1ee5ng l\u00ean m\u00f4i tr\u01b0\u1eddng production c\u1ea7n m\u1ed9t \u0111i\u1ec3m truy c\u1eadp \u1ed5n \u0111\u1ecbnh, hi\u1ec7u n\u0103ng cao<\/td><\/tr><tr><td>Ph\u1ea1m vi truy c\u1eadp<\/td><td>Ch\u1ec9 trong n\u1ed9i b\u1ed9 cluster<\/td><td>B\u00ean ngo\u00e0i cluster qua \u0111\u1ecba ch\u1ec9 IP c\u1ee7a Node<\/td><td>Internet tr\u1ef1c ti\u1ebfp<\/td><\/tr><tr><td>Port truy c\u1eadp<\/td><td>Cluster IP n\u1ed9i b\u1ed9<\/td><td>Gi\u1ed1ng nhau tr\u00ean t\u1ea5t c\u1ea3 c\u00e1c Node (30000\u201332767)<\/td><td>IP public c\u1ee7a load balancer<\/td><\/tr><tr><td>C\u00e2n b\u1eb1ng t\u1ea3i<\/td><td>N\u1ed9i b\u1ed9 cluster<\/td><td>H\u1ea1n ch\u1ebf, ph\u1ea3i th\u00f4ng qua Node<\/td><td>T\u1ed1t (d\u00f9ng LB c\u1ee7a cloud provider)<\/td><\/tr><tr><td>C\u1ea7n cloud provider<\/td><td>Kh\u00f4ng<\/td><td>Kh\u00f4ng<\/td><td>C\u00f3<\/td><\/tr><tr><td>Lu\u1ed3n traffic<\/td><td>Internal \u2192 ClusterIP \u2192 Pod<\/td><td>External \u2192 NodePort \u2192 ClusterIP \u2192 Pod<\/td><td>External \u2192 LoadBalancer \u2192 NodePort \u2192 ClusterIP \u2192 Pod<\/td><\/tr><tr><td>Kh\u1ea3 n\u0103ng truy c\u1eadp Internet<\/td><td>Kh\u00f4ng th\u1ec3<\/td><td>C\u00f3 th\u1ec3 (gi\u00e1n ti\u1ebfp)<\/td><td>C\u00f3 th\u1ec3<\/td><\/tr><tr><td>\u0110\u1ed9 ph\u1ee9c t\u1ea1p c\u1ea5u h\u00ecnh<\/td><td>R\u1ea5t d\u1ec5<\/td><td>D\u1ec5<\/td><td>D\u1ec5 nh\u01b0ng ph\u1ee5 thu\u1ed9c provider<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-persistent-volume-pv-va-persistent-volume-claim-pvc-khac-nhau-th\u1ebf-nao\"><strong>Persistent Volume (PV) v\u00e0 Persistent Volume Claim (PVC) kh\u00e1c nhau th\u1ebf n\u00e0o?\u00a0<\/strong><\/h3>\n\n\n\n<p>Trong Kubernetes, vi\u1ec7c l\u01b0u tr\u1eef d\u1eef li\u1ec7u l\u00e2u d\u00e0i l\u00e0 \u0111i\u1ec1u c\u1ea7n thi\u1ebft cho c\u00e1c \u1ee9ng d\u1ee5ng stateful. \u0110\u1ec3 t\u00e1ch bi\u1ec7t l\u1edbp l\u01b0u tr\u1eef kh\u1ecfi Pod, Kubernetes s\u1eed d\u1ee5ng hai kh\u00e1i ni\u1ec7m quan tr\u1ecdng: Persistent Volume (PV) v\u00e0 Persistent Volume Claim (PVC). \u0110\u00e2y l\u00e0 c\u01a1 ch\u1ebf gi\u00fap vi\u1ec7c l\u01b0u tr\u1eef tr\u1edf n\u00ean linh ho\u1ea1t, \u1ed5n \u0111\u1ecbnh v\u00e0 \u0111\u1ed9c l\u1eadp v\u1edbi v\u00f2ng \u0111\u1eddi Pod.<\/p>\n\n\n\n<p>\u0110i\u1ec3m kh\u00e1c bi\u1ec7t gi\u1eefa 2 kh\u00e1i ni\u1ec7m n\u00e0y l\u00e0:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Ti\u00eau ch\u00ed<\/strong><\/td><td><strong>Persistent Volume (PV)<\/strong><\/td><td><strong>Persistent Volume Claim (PVC)<\/strong><\/td><\/tr><tr><td>Kh\u00e1i ni\u1ec7m<\/td><td>Kh\u00f4ng gian l\u01b0u tr\u1eef c\u00f3 s\u1eb5n do cluster cung c\u1ea5p v\u00e0 qu\u1ea3n l\u00fd, gi\u1ed1ng nh\u01b0 \u201c\u1ed5 \u0111\u0129a d\u00f9ng chung\u201d<\/td><td>C\u01a1 ch\u1ebf \u0111\u1ec3 Pod y\u00eau c\u1ea7u v\u00e0 s\u1eed d\u1ee5ng storage t\u1eeb ph\u00eda \u1ee9ng d\u1ee5ng\/ng\u01b0\u1eddi d\u00f9ng<\/td><\/tr><tr><td>Vai tr\u00f2<\/td><td>Qu\u1ea3n l\u00fd t\u00e0i nguy\u00ean l\u01b0u tr\u1eef v\u1eadt l\u00fd<\/td><td>Gi\u00fap t\u00e1ch bi\u1ec7t \u1ee9ng d\u1ee5ng v\u00e0 h\u1ec7 th\u1ed1ng l\u01b0u tr\u1eef<\/td><\/tr><tr><td>Ai t\u1ea1o?<\/td><td>Admin t\u1ea1o th\u1ee7 c\u00f4ng (static provisioning) ho\u1eb7c t\u1ef1 \u0111\u1ed9ng th\u00f4ng qua StorageClass (dynamic provisioning)<\/td><td>Ng\u01b0\u1eddi d\u00f9ng ho\u1eb7c \u1ee9ng d\u1ee5ng<\/td><\/tr><tr><td>Ngu\u1ed3n storage<\/td><td>Local disk, NFS, cloud storage (EBS, GCE, Azure Disk\u2026)<\/td><td>Y\u00eau c\u1ea7u storage m\u00e0 kh\u00f4ng quan t\u00e2m \u0111\u1ebfn backend l\u00e0 g\u00ec.<\/td><\/tr><tr><td>Th\u1eddi \u0111i\u1ec3m t\u1ed3n t\u1ea1i<\/td><td>Tr\u01b0\u1edbc ho\u1eb7c \u0111\u1ed9c l\u1eadp v\u1edbi Pod<br><\/td><td>Khi \u1ee9ng d\u1ee5ng y\u00eau c\u1ea7u<\/td><\/tr><tr><td>T\u1ed3n t\u1ea1i khi Pod b\u1ecb x\u00f3a<\/td><td>C\u00f3 th\u1ec3 v\u1eabn t\u1ed3n t\u1ea1i<\/td><td>Ch\u1ec9 t\u1ed3n t\u1ea1i khi c\u00f2n nhu c\u1ea7u<\/td><\/tr><tr><td>C\u00e1ch Pod s\u1eed d\u1ee5ng<\/td><td>Pod kh\u00f4ng truy c\u1eadp tr\u1ef1c ti\u1ebfp<\/td><td>Pod s\u1eed d\u1ee5ng storage th\u00f4ng qua PVC<\/td><\/tr><tr><td>C\u01a1 ch\u1ebf g\u1eafn k\u1ebft (Binding)<\/td><td>Ch\u1edd PVC ph\u00f9 h\u1ee3p \u0111\u1ec3 bind (static binding)<\/td><td>Khi PVC \u0111\u01b0\u1ee3c t\u1ea1o, Kubernetes s\u1ebd t\u00ecm v\u00e0 bind PV ph\u00f9 h\u1ee3p \u0111\u1ec3 g\u1eafn k\u1ebft hai th\u00e0nh ph\u1ea7n n\u00e0y l\u1ea1i.<\/td><\/tr><tr><td>Dung l\u01b0\u1ee3ng (Capacity)<\/td><td>\u0110\u01b0\u1ee3c \u0111\u1ecbnh ngh\u0129a s\u1eb5n khi t\u1ea1o PV<\/td><td>Y\u00eau c\u1ea7u dung l\u01b0\u1ee3ng (v\u00ed d\u1ee5: storage: 10Gi)<\/td><\/tr><tr><td>Access Modes<\/td><td>Khai b\u00e1o khi t\u1ea1o PV: ReadWriteOnce\/RWO,&nbsp; ReadOnlyMany\/ROX,&nbsp; ReadWriteMany\/RWX<\/td><td>Y\u00eau c\u1ea7u accessModes ph\u00f9 h\u1ee3p<\/td><\/tr><tr><td>StorageClass<\/td><td>C\u00f3 th\u1ec3 g\u1eafn v\u1edbi StorageClass<\/td><td>Ch\u1ec9 \u0111\u1ecbnh storageClassName \u0111\u1ec3 dynamic provisioning<\/td><\/tr><tr><td>Provisioning<\/td><td>Static (t\u1ea1o th\u1ee7 c\u00f4ng) ho\u1eb7c Dynamic<\/td><td>K\u00edch ho\u1ea1t dynamic provisioning n\u1ebfu d\u00f9ng StorageClass<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-pv-va-pvc-lam-vi\u1ec7c-v\u1edbi-nhau-nh\u01b0-th\u1ebf-nao\"><strong>PV v\u00e0 PVC l\u00e0m vi\u1ec7c v\u1edbi nhau nh\u01b0 th\u1ebf n\u00e0o?<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Admin t\u1ea1o PV ho\u1eb7c h\u1ec7 th\u1ed1ng t\u1ef1 \u0111\u1ed9ng cung c\u1ea5p th\u00f4ng qua StorageClass.<\/li>\n\n\n\n<li>\u1ee8ng d\u1ee5ng g\u1eedi y\u00eau c\u1ea7u PVC.<\/li>\n\n\n\n<li>Control loop trong kube-controller-manager t\u00ecm PV ph\u00f9 h\u1ee3p v\u1edbi y\u00eau c\u1ea7u PVC<\/li>\n\n\n\n<li>Kubernetes t\u00ecm PV ph\u00f9 h\u1ee3p v\u1edbi y\u00eau c\u1ea7u PVC.<\/li>\n\n\n\n<li>Khi PV \u0111\u01b0\u1ee3c bind, Pod c\u00f3 th\u1ec3 mount PVC nh\u01b0 m\u1ed9t volume v\u00e0 b\u1eaft \u0111\u1ea7u s\u1eed d\u1ee5ng.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-cach-debug-pod-\u1edf-tr\u1ea1ng-thai-pending\"><strong>C\u00e1ch debug Pod \u1edf tr\u1ea1ng th\u00e1i Pending?\u00a0<\/strong><\/h3>\n\n\n\n<p>Khi m\u1ed9t Pod b\u1ecb \u201cPending\u201d, ngh\u0129a l\u00e0 Kubernetes ch\u01b0a th\u1ec3 schedule Pod l\u00ean b\u1ea5t k\u1ef3 Node n\u00e0o. \u0110\u00e2y l\u00e0 t\u00ecnh hu\u1ed1ng th\u01b0\u1eddng g\u1eb7p khi cluster thi\u1ebfu t\u00e0i nguy\u00ean, c\u1ea5u h\u00ecnh Pod ch\u01b0a \u0111\u00fang ho\u1eb7c c\u00f3 s\u1ef1 r\u00e0ng bu\u1ed9c khi\u1ebfn scheduler kh\u00f4ng t\u00ecm \u0111\u01b0\u1ee3c Node ph\u00f9 h\u1ee3p. Vi\u1ec7c debug \u0111\u00fang c\u00e1ch gi\u00fap b\u1ea1n nhanh ch\u00f3ng x\u00e1c \u0111\u1ecbnh nguy\u00ean nh\u00e2n v\u00e0 kh\u1eafc ph\u1ee5c l\u1ed7i.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>N\u1ed9i dung ki\u1ec3m tra<\/strong><\/td><td><strong>L\u1ec7nh c\u1ea7n ch\u1ea1y<\/strong><\/td><td><strong>C\u1ea7n ch\u00fa \u00fd \u0111i\u1ec1u g\u00ec<\/strong><\/td><\/tr><tr><td>Ki\u1ec3m tra m\u00f4 t\u1ea3 chi ti\u1ebft c\u1ee7a Pod<\/td><td>kubectl describe pod &lt;pod-name&gt;<\/td><td>Xem ph\u1ea7n Events \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh nguy\u00ean nh\u00e2n Pod kh\u00f4ng \u0111\u01b0\u1ee3c schedule, v\u00ed d\u1ee5: thi\u1ebfu CPU\/RAM, node c\u00f3 taint, y\u00eau c\u1ea7u volume kh\u00f4ng t\u1ed3n t\u1ea1i, scheduler kh\u00f4ng t\u00ecm \u0111\u01b0\u1ee3c node ph\u00f9 h\u1ee3p<\/td><\/tr><tr><td>X\u00e1c minh t\u00e0i nguy\u00ean c\u1ee7a cluster<\/td><td>kubectl get nodeskubectl top nodeskubectl describe node &lt;node-name&gt;<\/td><td>Pod th\u01b0\u1eddng \u1edf tr\u1ea1ng th\u00e1i Pending do kh\u00f4ng \u0111\u1ee7 t\u00e0i nguy\u00ean\u2192 Ki\u1ec3m tra CPU\/memory kh\u1ea3 d\u1ee5ng, node c\u00f3 b\u1ecb cordon\/drain, node c\u00f3 \u0111ang \u1edf tr\u1ea1ng th\u00e1i NotReady hay kh\u00f4ng<\/td><\/tr><tr><td>Ki\u1ec3m tra requests &amp; limits c\u1ee7a Pod<\/td><td>(Xem YAML Pod\/Deployment)<\/td><td>N\u1ebfu Pod y\u00eau c\u1ea7u qu\u00e1 nhi\u1ec1u t\u00e0i nguy\u00ean so v\u1edbi Node, scheduler s\u1ebd kh\u00f4ng th\u1ec3 \u0111\u1eb7t Pod l\u00ean Node n\u00e0o c\u1ea3.\u2192 \u0110\u1ea3m b\u1ea3o resources.requests kh\u00f4ng v\u01b0\u1ee3t qu\u00e1 kh\u1ea3 n\u0103ng c\u1ee7a b\u1ea5t k\u1ef3 node n\u00e0o v\u00e0 limits kh\u00f4ng \u0111\u1eb7t qu\u00e1 cao g\u00e2y c\u1ea3n tr\u1edf scheduling<\/td><\/tr><tr><td>R\u00e0 so\u00e1t c\u00e1c r\u00e0ng bu\u1ed9c scheduling<\/td><td>(Xem YAML Pod\/Deployment)<\/td><td>Pod c\u00f3 th\u1ec3 b\u1ecb Pending do:NodeSelector kh\u00f4ng kh\u1edbpNodeAffinity y\u00eau c\u1ea7u qu\u00e1 ch\u1eb7tPodAffinity\/AntiAffinity khi\u1ebfn kh\u00f4ng c\u00f2n Node ph\u00f9 h\u1ee3pTaint\/Toleration kh\u00f4ng t\u01b0\u01a1ng th\u00edchH\u00e3y ki\u1ec3m tra l\u1ea1i c\u1ea5u h\u00ecnh YAML \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o c\u00e1c r\u00e0ng bu\u1ed9c h\u1ee3p l\u00fd.<\/td><\/tr><tr><td>Ki\u1ec3m tra PVC v\u00e0 storage (n\u1ebfu d\u00f9ng volume)<\/td><td>kubectl get pvckubectl describe pvc &lt;pvc-name&gt;<\/td><td>X\u00e1c \u0111\u1ecbnh PVC \u0111\u00e3 \u0111\u01b0\u1ee3c bind v\u1edbi PV hay ch\u01b0a, storage class c\u00f3 h\u1ee3p l\u1ec7 kh\u00f4ng; PVC ch\u01b0a bind th\u00ec Pod s\u1ebd b\u1ecb Pending<\/td><\/tr><tr><td>Ki\u1ec3m tra t\u00ecnh tr\u1ea1ng pull image<\/td><td>kubectl describe pod &lt;pod-name&gt;<\/td><td>Pod Pending v\u00ec container image ch\u01b0a s\u1eb5n s\u00e0ng \u0111\u1ec3 pull (registry private, thi\u1ebfu secret, sai \u0111\u01b0\u1eddng d\u1eabn image).<br>\u2192 Ki\u1ec3m tra c\u00e1c event nh\u01b0 ImagePullBackOff, ErrImagePull<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-ingress-la-gi-khi-nao-c\u1ea7n-dung-ingress-thay-vi-service\"><strong>Ingress l\u00e0 g\u00ec? Khi n\u00e0o c\u1ea7n d\u00f9ng Ingress thay v\u00ec Service?\u00a0<\/strong><\/h3>\n\n\n\n<p>Ingress l\u00e0 m\u1ed9t API object t\u00e0i nguy\u00ean trong Kubernetes cho ph\u00e9p qu\u1ea3n l\u00fd truy c\u1eadp HTTP\/HTTPS t\u1eeb b\u00ean ngo\u00e0i v\u00e0o c\u00e1c \u1ee9ng d\u1ee5ng ch\u1ea1y trong cluster th\u00f4ng qua HTTP v\u00e0 HTTPS.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Thay v\u00ec m\u1edf nhi\u1ec1u c\u1ed5ng kh\u00e1c nhau ho\u1eb7c t\u1ea1o nhi\u1ec1u LoadBalancer, Ingress cung c\u1ea5p m\u1ed9t \u0111i\u1ec3m v\u00e0o duy nh\u1ea5t v\u00e0 \u0111\u1ecbnh tuy\u1ebfn traffic th\u00f4ng minh \u0111\u1ebfn c\u00e1c Service b\u00ean trong.<\/li>\n\n\n\n<li>Ingress kh\u00f4ng t\u1ef1 ho\u1ea1t \u0111\u1ed9ng \u0111\u1ed9c l\u1eadp, m\u00e0 c\u1ea7n m\u1ed9t Ingress Controller \u0111\u1ec3 th\u1ef1c thi c\u00e1c rule \u0111\u1ecbnh tuy\u1ebfn. Controller n\u00e0y ch\u1ecbu tr\u00e1ch nhi\u1ec7m x\u1eed l\u00fd routing theo hostname ho\u1eb7c \u0111\u01b0\u1eddng d\u1eabn, c\u0169ng nh\u01b0 c\u00e1c logic HTTP\/HTTPS \u1edf t\u1ea7ng \u1ee9ng d\u1ee5ng (Layer 7).<\/li>\n<\/ul>\n\n\n\n<p>N\u00ean d\u00f9ng Ingress thay v\u00ec ch\u1ec9 d\u00f9ng Service trong c\u00e1c tr\u01b0\u1eddng h\u1ee3p sau:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Tr\u01b0\u1eddng h\u1ee3p<\/strong><\/td><td><strong>V\u00ec sao n\u00ean d\u00f9ng Ingress thay v\u00ec Service<\/strong><\/td><\/tr><tr><td>C\u1ea7n expose nhi\u1ec1u Service qua chung m\u1ed9t IP \/ Load Balancer<\/td><td>Ingress cho ph\u00e9p nhi\u1ec1u \u1ee9ng d\u1ee5ng chia s\u1ebb m\u1ed9t entry point duy nh\u1ea5t, thay v\u00ec m\u1ed7i Service c\u1ea7n m\u1ed9t LoadBalancer ri\u00eang \u2192 gi\u1ea3m chi ph\u00ed khi ch\u1ea1y tr\u00ean cloud (AWS, GCP, Azure).<\/td><\/tr><tr><td>Mu\u1ed1n \u0111\u1ecbnh tuy\u1ebfn theo hostname ho\u1eb7c \u0111\u01b0\u1eddng d\u1eabn<\/td><td>Service kh\u00f4ng th\u1ec3 l\u00e0m \u0111\u01b0\u1ee3c routing theo host ho\u1eb7c pathl, trong khi Ingress h\u1ed7 tr\u1ee3:domain ri\u00eang: api.example.com, web.example.comrouting theo URL: \/api, \/webVirtual hosting: m\u1ed9t IP c\u00f3 th\u1ec3 ph\u1ee5c v\u1ee5 nhi\u1ec1u domainPath-based routing v\u1edbi regex matching (t\u00f9y Ingress Controller)<\/td><\/tr><tr><td>\u1ee8ng d\u1ee5ng web ph\u1ee9c t\u1ea1p ho\u1eb7c microservices<\/td><td>Ingress ph\u00f9 h\u1ee3p khi c\u00f3 nhi\u1ec1u service ph\u00eda sau m\u1ed9t c\u1ed5ng web, c\u1ea7n \u0111i\u1ec1u ph\u1ed1i traffic linh ho\u1ea1t theo HTTP\/HTTPS.<\/td><\/tr><tr><td>C\u1ea7n b\u1eadt HTTPS\/TLS cho nhi\u1ec1u d\u1ecbch v\u1ee5<\/td><td>Thay v\u00ec c\u00e0i \u0111\u1eb7t ch\u1ee9ng ch\u1ec9 ri\u00eang l\u1ebb cho t\u1eebng Service, b\u1ea1n ch\u1ec9 c\u1ea7n qu\u1ea3n l\u00fd t\u1ea1i Ingress.Ingress cho ph\u00e9p c\u1ea5u h\u00ecnh SSL\/TLS t\u1eadp trung.&nbsp;H\u1ed7 tr\u1ee3 SSL termination &#8211; gi\u1ea3i m\u00e3 HTTPS t\u1ea1i Ingress v\u00e0 forward HTTP \u0111\u1ebfn backendT\u00edch h\u1ee3p cert-manager \u0111\u1ec3 t\u1ef1 \u0111\u1ed9ng gia h\u1ea1n ch\u1ee9ng ch\u1ec9 SSLH\u1ed7 tr\u1ee3 SNI (Server Name Indication) cho nhi\u1ec1u domain tr\u00ean c\u00f9ng IP<\/td><\/tr><tr><td>C\u1ea7n c\u00e1c t\u00ednh n\u0103ng Layer 7 n\u00e2ng cao<\/td><td>Ingress cung c\u1ea5p c\u00e1c t\u00ednh n\u0103ng:Rewrite URLCanary deployment (tu\u1ef3 v\u00e0o controller)Rate limitingAuthentication t\u00f9y ch\u1ec9nhH\u1ed7 tr\u1ee3 c\u00e1c thu\u1eadt to\u00e1n c\u00e2n b\u1eb1ng t\u1ea3i nh\u01b0 round-robin, least-connections v\u00e0 IP hashCho ph\u00e9p thao t\u00e1c v\u00e0 ch\u1ec9nh s\u1eeda header c\u1ee7a request\/responseH\u1ed7 tr\u1ee3 WebSocket v\u00e0 gRPCC\u00e1c t\u00ednh n\u0103ng n\u00e0y kh\u00f4ng s\u1eb5n c\u00f3 trong ClusterIP, NodePort hay LoadBalancer.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-so-sanh-nhanh-ingress-va-service\"><strong>So s\u00e1nh nhanh Ingress v\u00e0 Service<\/strong><\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Ti\u00eau ch\u00ed<\/strong><\/td><td><strong>Ingress<\/strong><\/td><td><strong>Service (NodePort \/ LoadBalancer)<\/strong><\/td><\/tr><tr><td>L\u1edbp m\u1ea1ng<\/td><td>Layer 7 (HTTP\/HTTPS)<\/td><td>Layer 4 (TCP\/UDP)<\/td><\/tr><tr><td>Kh\u1ea3 n\u0103ng \u0111\u1ecbnh tuy\u1ebfn<\/td><td>C\u00f3 (path, host, header-based)<\/td><td>Kh\u00f4ng theo path\/host<\/td><\/tr><tr><td>S\u1ed1 IP public c\u1ea7n<\/td><td>M\u1ed9t IP duy nh\u1ea5t<\/td><td>Th\u01b0\u1eddng m\u1ed7i Service 1 IP<\/td><\/tr><tr><td>SSL\/TLS<\/td><td>T\u1eadp trung t\u1ea1i Ingress<\/td><td>C\u1ea5u h\u00ecnh ri\u00eang l\u1ebb t\u1eebng Service<\/td><\/tr><tr><td>Chi ph\u00ed<\/td><td>Ti\u1ebft ki\u1ec7m<\/td><td>Cao khi c\u00f3 nhi\u1ec1u Service<\/td><\/tr><tr><td>D\u00f9ng cho<\/td><td>Web traffic ph\u1ee9c t\u1ea1p<\/td><td>C\u00e1c service \u0111\u01a1n gi\u1ea3n, non-HTTP protocols<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-storage-class-dung-d\u1ec3-lam-gi\"><strong>Storage Class d\u00f9ng \u0111\u1ec3 l\u00e0m g\u00ec?\u00a0<\/strong><\/h3>\n\n\n\n<p>Trong Kubernetes, StorageClass \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 m\u00f4 t\u1ea3 \u201cki\u1ec3u storage\u201d m\u00e0 cluster c\u00f3 th\u1ec3 cung c\u1ea5p v\u00e0 quy\u1ebft \u0111\u1ecbnh c\u00e1ch m\u00e0 Kubernetes t\u1ea1o PV khi c\u00f3 Persistent Volume Claim (PVC) y\u00eau c\u1ea7u.&nbsp;&nbsp;<\/p>\n\n\n\n<p>V\u1ec1 b\u1ea3n ch\u1ea5t, StorageClass gi\u00fap:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T\u1ef1 \u0111\u1ed9ng t\u1ea1o PV khi c\u00f3 PVC<\/li>\n\n\n\n<li>Gi\u00fap t\u1ef1 \u0111\u1ed9ng h\u00f3a c\u00e1ch c\u1ea5p ph\u00e1t v\u00e0 qu\u1ea3n l\u00fd storage, \u0111\u1ea3m b\u1ea3o \u1ee9ng d\u1ee5ng c\u00f3 storage ph\u00f9 h\u1ee3p theo nhu c\u1ea7u: nhanh, ch\u1eadm, r\u1ebb ho\u1eb7c hi\u1ec7u n\u0103ng cao<\/li>\n\n\n\n<li>Cho ph\u00e9p d\u00f9ng nhi\u1ec1u lo\u1ea1i storage kh\u00e1c nhau trong c\u00f9ng m\u1ed9t cluster<\/li>\n\n\n\n<li>\u1ee8ng d\u1ee5ng s\u1eed d\u1ee5ng d\u1eef li\u1ec7u b\u1ec1n v\u1eefng (persistent storage)<\/li>\n<\/ul>\n\n\n\n<p>B\u1ea1n n\u00ean d\u00f9ng StorageClass trong c\u00e1c tr\u01b0\u1eddng h\u1ee3p:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mu\u1ed1n t\u1ef1 \u0111\u1ed9ng t\u1ea1o PV m\u1ed7i khi c\u00f3 PVC<\/li>\n\n\n\n<li>C\u1ea7n nhi\u1ec1u lo\u1ea1i storage kh\u00e1c nhau cho c\u00e1c workload (database, cache, file storage&#8230;)<\/li>\n\n\n\n<li>Mu\u1ed1n t\u1ed1i \u01b0u chi ph\u00ed b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng t\u1eebng lo\u1ea1i storage ph\u00f9 h\u1ee3p t\u1eebng \u1ee9ng d\u1ee5ng<\/li>\n\n\n\n<li>Mu\u1ed1n \u0111\u01a1n gi\u1ea3n h\u00f3a qu\u1ea3n l\u00fd storage trong m\u00f4i tr\u01b0\u1eddng multi-cluster ho\u1eb7c cloud<\/li>\n\n\n\n<li>C\u1ea7n snapshot v\u00e0 backup policies t\u1ef1 \u0111\u1ed9ng<\/li>\n\n\n\n<li>Khi c\u1ea7n m\u00e3 h\u00f3a d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m \u1edf tr\u1ea1ng th\u00e1i l\u01b0u tr\u1eef (encryption at rest)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-l\u1ec7nh-nao-dung-d\u1ec3-ki\u1ec3m-tra-status-c\u1ee7a-node-nbsp\"><strong>L\u1ec7nh n\u00e0o d\u00f9ng \u0111\u1ec3 ki\u1ec3m tra status c\u1ee7a node?&nbsp;<\/strong><\/h3>\n\n\n\n<p>L\u1ec7nh ph\u1ed5 bi\u1ebfn nh\u1ea5t \u0111\u1ec3 xem tr\u1ea1ng th\u00e1i t\u1ed5ng quan c\u1ee7a t\u1ea5t c\u1ea3 node l\u00e0:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl get nodes<\/code><\/pre>\n\n\n\n<p>L\u1ec7nh n\u00e0y hi\u1ec3n th\u1ecb danh s\u00e1ch node c\u00f9ng c\u00e1c th\u00f4ng tin quan tr\u1ecdng nh\u01b0:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>STATUS: Ready \/ NotReady \/ Unknown<\/li>\n\n\n\n<li>ROLES: control-plane, worker<\/li>\n\n\n\n<li>VERSION: phi\u00ean b\u1ea3n kubelet<\/li>\n\n\n\n<li>AGE: th\u1eddi gian node t\u1ed3n t\u1ea1i<\/li>\n\n\n\n<li>INTERNAL-IP v\u00e0 EXTERNAL-IP (v\u1edbi -o wide)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-l\u1ec7nh-nao-dung-d\u1ec3-xem-chi-ti\u1ebft-h\u01a1n-t\u1eebng-node\"><strong>L\u1ec7nh n\u00e0o d\u00f9ng \u0111\u1ec3 xem chi ti\u1ebft h\u01a1n t\u1eebng node?<\/strong><\/h3>\n\n\n\n<p>N\u1ebfu mu\u1ed1n xem chi ti\u1ebft h\u01a1n t\u1eebng node, b\u1ea1n c\u00f3 th\u1ec3 d\u00f9ng:&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl describe node &lt;node-name&gt;<\/code><\/pre>\n\n\n\n<p>L\u1ec7nh n\u00e0y cho ph\u00e9p b\u1ea1n ki\u1ec3m tra:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u0110i\u1ec1u ki\u1ec7n node (Node Conditions: Ready, DiskPressure, MemoryPressure\u2026)<\/li>\n\n\n\n<li>Th\u00f4ng tin allocatable &amp; capacity<\/li>\n\n\n\n<li>Danh s\u00e1ch Pod \u0111ang ch\u1ea1y tr\u00ean node<\/li>\n\n\n\n<li>S\u1ef1 ki\u1ec7n (Events) gi\u00fap debug khi node g\u1eb7p v\u1ea5n \u0111\u1ec1<\/li>\n\n\n\n<li>Taints v\u00e0 tolerations<\/li>\n\n\n\n<li>Th\u00f4ng tin h\u1ec7 th\u1ed1ng: h\u1ec7 \u0111i\u1ec1u h\u00e0nh (OS), ki\u1ebfn tr\u00fac ph\u1ea7n c\u1ee9ng (architecture) v\u00e0 container runtime<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-cac-lo\u1ea1i-volume-ph\u1ed5-bi\u1ebfn-hostpath-nfs-emptydir-khac-nhau-ra-sao\"><strong>C\u00e1c lo\u1ea1i Volume ph\u1ed5 bi\u1ebfn: hostPath, nfs, emptyDir kh\u00e1c nhau ra sao?\u00a0<\/strong><\/h3>\n\n\n\n<p>Trong Kubernetes, Volume \u0111\u00f3ng vai tr\u00f2 quan tr\u1ecdng trong vi\u1ec7c l\u01b0u tr\u1eef d\u1eef li\u1ec7u v\u00e0 \u0111\u1ea3m b\u1ea3o \u1ee9ng d\u1ee5ng ho\u1ea1t \u0111\u1ed9ng \u1ed5n \u0111\u1ecbnh. Ba lo\u1ea1i volume ph\u1ed5 bi\u1ebfn nh\u1ea5t l\u00e0 hostPath, NFS, v\u00e0 emptyDir:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-hostpath-g\u1eafn-th\u01b0-m\u1ee5c-tren-node-vao-pod\"><strong>hostPath \u2013 G\u1eafn th\u01b0 m\u1ee5c tr\u00ean Node v\u00e0o Pod<\/strong><\/h4>\n\n\n\n<p>hostPath cho ph\u00e9p Pod truy c\u1eadp tr\u1ef1c ti\u1ebfp v\u00e0o m\u1ed9t th\u01b0 m\u1ee5c ho\u1eb7c file tr\u00ean node v\u1eadt l\u00fd n\u01a1i Pod \u0111ang ch\u1ea1y.<\/p>\n\n\n\n<p>\u0110\u1eb7c \u0111i\u1ec3m:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>D\u1eef li\u1ec7u n\u1eb1m tr\u00ean m\u00e1y ch\u1ee7 v\u1eadt l\u00fd, kh\u00f4ng ph\u1ee5 thu\u1ed9c v\u00e0o vi\u1ec7c Pod b\u1ecb xo\u00e1 hay t\u1ea1o l\u1ea1i.<\/li>\n\n\n\n<li>Ph\u1ee5 thu\u1ed9c v\u00e0o node: Pod ch\u1ec9 ch\u1ea1y \u0111\u00fang n\u1ebfu \u0111\u01b0\u1ee3c scheduler g\u00e1n v\u00e0o node ch\u1ee9a path \u0111\u00f3.<\/li>\n\n\n\n<li>Th\u01b0\u1eddng d\u00f9ng cho c\u00e1c daemon ho\u1eb7c agent c\u1ea7n truy c\u1eadp file h\u1ec7 th\u1ed1ng c\u1ee7a host.<\/li>\n\n\n\n<li>Security risk: c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o host filesystem<\/li>\n\n\n\n<li>C\u00f3 nhi\u1ec1u type: Directory, DirectoryOrCreate, File, FileOrCreate, Socket, CharDevice, BlockDevice<\/li>\n<\/ul>\n\n\n\n<p>D\u00f9ng hostPath khi:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Thu th\u1eadp log c\u1ee7a node<\/li>\n\n\n\n<li>Ch\u1ea1y monitoring agent (nh\u01b0 Prometheus Node Exporter)<\/li>\n\n\n\n<li>Tr\u01b0\u1eddng h\u1ee3p c\u1ea7n truy c\u1eadp file h\u1ec7 th\u1ed1ng host<\/li>\n\n\n\n<li>DaemonSet c\u1ea7n truy c\u1eadp v\u00e0o Docker socket (\/var\/run\/docker.sock)<\/li>\n\n\n\n<li>C\u1ea7n quy\u1ec1n truy c\u1eadp v\u00e0o kubelet certificates ho\u1eb7c c\u00e1c file c\u1ea5u h\u00ecnh li\u00ean quan<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-nfs-volume-chia-s\u1ebb-gi\u1eefa-nhi\u1ec1u-pod\"><strong>NFS \u2013 Volume chia s\u1ebb gi\u1eefa nhi\u1ec1u Pod<\/strong><\/h4>\n\n\n\n<p>NFS (Network File System) l\u00e0 lo\u1ea1i volume h\u1ed7 tr\u1ee3 truy c\u1eadp qua m\u1ea1ng, cho ph\u00e9p nhi\u1ec1u Pod \u1edf nhi\u1ec1u node kh\u00e1c nhau \u0111\u1ecdc v\u00e0 ghi c\u00f9ng m\u1ed9t d\u1eef li\u1ec7u.<\/p>\n\n\n\n<p>\u0110\u1eb7c \u0111i\u1ec3m:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>H\u1ed7 tr\u1ee3 chia s\u1ebb d\u1eef li\u1ec7u gi\u1eefa nhi\u1ec1u Pod.<\/li>\n\n\n\n<li>Kh\u00f4ng ph\u1ee5 thu\u1ed9c v\u00e0o node \u2013 Pod ch\u1ea1y \u1edf \u0111\u00e2u c\u0169ng truy c\u1eadp \u0111\u01b0\u1ee3c.<\/li>\n\n\n\n<li>C\u1ea7n c\u00f3 server NFS ch\u1ea1y \u0111\u1ed9c l\u1eadp.<\/li>\n\n\n\n<li>H\u1ed7 tr\u1ee3 access mode ReadWriteMany (RWX)<\/li>\n\n\n\n<li>Hi\u1ec7u n\u0103ng ph\u1ee5 thu\u1ed9c nhi\u1ec1u v\u00e0o \u0111\u1ed9 tr\u1ec5 m\u1ea1ng (network latency)<\/li>\n\n\n\n<li>Y\u00eau c\u1ea7u c\u1ea5u h\u00ecnh NFS client tr\u00ean c\u00e1c worker node<\/li>\n<\/ul>\n\n\n\n<p>D\u00f9ng NFS khi:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>L\u01b0u tr\u1eef d\u1eef li\u1ec7u chung gi\u1eefa c\u00e1c Pod trong c\u00f9ng \u1ee9ng d\u1ee5ng<\/li>\n\n\n\n<li>L\u01b0u file upload c\u1ee7a ng\u01b0\u1eddi d\u00f9ng<\/li>\n\n\n\n<li>Ch\u1ea1y c\u00e1c \u1ee9ng d\u1ee5ng y\u00eau c\u1ea7u shared storage (CMS, web app nhi\u1ec1u replica\u2026)<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-emptydir-th\u01b0-m\u1ee5c-t\u1ea1m-th\u1eddi-g\u1eafn-v\u1edbi-pod\"><strong>emptyDir \u2013 Th\u01b0 m\u1ee5c t\u1ea1m th\u1eddi g\u1eafn v\u1edbi Pod<\/strong><\/h4>\n\n\n\n<p>emptyDir \u0111\u01b0\u1ee3c t\u1ea1o khi Pod b\u1eaft \u0111\u1ea7u ch\u1ea1y v\u00e0 b\u1ecb xo\u00e1 khi Pod b\u1ecb xo\u00e1.<\/p>\n\n\n\n<p>\u0110\u1eb7c \u0111i\u1ec3m:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>D\u1eef li\u1ec7u ch\u1ec9 s\u1ed1ng trong lifecycle c\u1ee7a Pod.<\/li>\n\n\n\n<li>Th\u01b0\u1eddng \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 l\u01b0u tr\u1eef file t\u1ea1m, cache, buffer.<\/li>\n\n\n\n<li>Kh\u00f4ng d\u00f9ng cho d\u1eef li\u1ec7u c\u1ea7n l\u01b0u b\u1ec1n v\u1eefng.<\/li>\n\n\n\n<li>H\u1ed7 tr\u1ee3 ReadWriteMany (RWX) access mode<\/li>\n\n\n\n<li>Performance ph\u1ee5 thu\u1ed9c v\u00e0o network latency<\/li>\n\n\n\n<li>C\u1ea7n c\u1ea5u h\u00ecnh NFS client tr\u00ean c\u00e1c worker nodes<\/li>\n<\/ul>\n\n\n\n<p>D\u00f9ng emptyDir khi:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>L\u01b0u temporary files<\/li>\n\n\n\n<li>L\u01b0u cache cho \u1ee9ng d\u1ee5ng web<\/li>\n\n\n\n<li>Chia s\u1ebb d\u1eef li\u1ec7u t\u1ea1m trong c\u00f9ng m\u1ed9t Pod gi\u1eefa nhi\u1ec1u container<\/li>\n\n\n\n<li>D\u00f9ng l\u00e0m kh\u00f4ng gian t\u1ea1m (scratch space) cho c\u00e1c t\u00e1c v\u1ee5 x\u1eed l\u00fd d\u1eef li\u1ec7u<\/li>\n\n\n\n<li>Init container s\u1eed d\u1ee5ng \u0111\u1ec3 chu\u1ea9n b\u1ecb d\u1eef li\u1ec7u cho container ch\u00ednh<\/li>\n\n\n\n<li>\u00c1p d\u1ee5ng sidecar pattern \u0111\u1ec3 x\u1eed l\u00fd ho\u1eb7c thu th\u1eadp log<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-so-sanh-nhanh-hostpath-vs-nfs-vs-emptydir\"><strong>So s\u00e1nh nhanh hostPath vs NFS vs emptyDir<\/strong><\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>\u0110\u1eb7c \u0111i\u1ec3m<\/strong><\/td><td><strong>hostPath<\/strong><\/td><td><strong>NFS<\/strong><\/td><td><strong>emptyDir<\/strong><\/td><\/tr><tr><td>Persistence<\/td><td>T\u1ed3n t\u1ea1i theo node<\/td><td>T\u1ed3n t\u1ea1i tr\u00ean server NFS<\/td><td>M\u1ea5t khi Pod xo\u00e1<\/td><\/tr><tr><td>Chia s\u1ebb gi\u1eefa Pods<\/td><td>Kh\u00f4ng<\/td><td>C\u00f3<\/td><td>Ch\u1ec9 trong c\u00f9ng Pod<\/td><\/tr><tr><td>Ph\u1ee5 thu\u1ed9c node<\/td><td>C\u00f3<\/td><td>Kh\u00f4ng<\/td><td>Kh\u00f4ng<\/td><\/tr><tr><td>Use case ch\u00ednh<\/td><td>Truy c\u1eadp file h\u1ec7 th\u1ed1ng host<\/td><td>L\u01b0u tr\u1eef chia s\u1ebb<\/td><td>Cache, file t\u1ea1m<\/td><\/tr><tr><td>\u0110\u1ed9 linh ho\u1ea1t<\/td><td>Th\u1ea5p<\/td><td>Cao<\/td><td>Trung b\u00ecnh<\/td><\/tr><tr><td>Y\u00eau c\u1ea7u h\u1ea1 t\u1ea7ng<\/td><td>Kh\u00f4ng<\/td><td>C\u1ea7n NFS server<\/td><td>Kh\u00f4ng<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-cni-plugin-la-gi-va-t\u1ea1i-sao-kubernetes-c\u1ea7n-no\"><strong>CNI plugin l\u00e0 g\u00ec v\u00e0 t\u1ea1i sao Kubernetes c\u1ea7n n\u00f3?\u00a0<\/strong><\/h3>\n\n\n\n<p>CNI plugin l\u00e0 m\u1ed9t th\u00e0nh ph\u1ea7n tu\u00e2n theo chu\u1ea9n Container Network Interface (CNI), cho ph\u00e9p Kubernetes c\u1ea5u h\u00ecnh v\u00e0 qu\u1ea3n l\u00fd m\u1ea1ng cho c\u00e1c container. Trong Kubernetes, vi\u1ec7c k\u1ebft n\u1ed1i m\u1ea1ng gi\u1eefa c\u00e1c Pod, node v\u00e0 d\u1ecbch v\u1ee5 l\u00e0 y\u1ebfu t\u1ed1 c\u1ed1t l\u00f5i \u0111\u1ec3 \u1ee9ng d\u1ee5ng ho\u1ea1t \u0111\u1ed9ng \u1ed5n \u0111\u1ecbnh. M\u1ed9t s\u1ed1 CNI ph\u1ed5 bi\u1ebfn g\u1ed3m: Calico, Flannel, Cilium, Weave Net.<\/p>\n\n\n\n<p>Kubernetes c\u1ea7n CNI plugin \u0111\u1ec3:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-c\u1ea5p-phat-ip-cho-pod\"><strong>C\u1ea5p ph\u00e1t IP cho Pod<\/strong><\/h4>\n\n\n\n<p>M\u1ed7i Pod trong Kubernetes c\u1ea7n m\u1ed9t IP ri\u00eang bi\u1ec7t. CNI plugin ch\u1ecbu tr\u00e1ch nhi\u1ec7m:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>C\u1ea5p ph\u00e1t IP t\u1eeb d\u1ea3i CIDR \u0111\u00e3 c\u1ea5u h\u00ecnh (IPAM)<\/li>\n\n\n\n<li>G\u1eafn interface m\u1ea1ng cho Pod (th\u01b0\u1eddng l\u00e0 veth pair)<\/li>\n\n\n\n<li>Thi\u1ebft l\u1eadp route \u0111\u1ec3 Pod c\u00f3 th\u1ec3 g\u1eedi\/nh\u1eadn d\u1eef li\u1ec7u<\/li>\n\n\n\n<li>\u0110\u1ea3m b\u1ea3o IP kh\u00f4ng b\u1ecb tr\u00f9ng l\u1eb7p trong cluster<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-d\u1ea3m-b\u1ea3o-k\u1ebft-n\u1ed1i-pod-to-pod-trong-toan-cluster\"><strong>\u0110\u1ea3m b\u1ea3o k\u1ebft n\u1ed1i Pod-to-Pod trong to\u00e0n cluster<\/strong><\/h4>\n\n\n\n<p>CNI plugin t\u1ea1o n\u00ean m\u1ea1ng ph\u1eb3ng (flat network), ngh\u0129a l\u00e0 Pod \u1edf b\u1ea5t k\u1ef3 node n\u00e0o c\u0169ng c\u00f3 th\u1ec3 giao ti\u1ebfp v\u1edbi Pod \u1edf node kh\u00e1c m\u00e0 kh\u00f4ng c\u1ea7n NAT, \u0111\u1ea3m b\u1ea3o c\u00e1c Pod c\u00f3 th\u1ec3 giao ti\u1ebfp theo m\u00f4 h\u00ecnh \u201cPod-to-Pod\u201d, \u201cPod-to-Service\u201d.<\/p>\n\n\n\n<p>\u0110i\u1ec1u n\u00e0y l\u00e0 n\u1ec1n t\u1ea3ng cho:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Microservices<\/li>\n\n\n\n<li>H\u1ec7 th\u1ed1ng ph\u00e2n t\u00e1n<\/li>\n\n\n\n<li>Service discovery<\/li>\n\n\n\n<li>Qu\u1ea3n l\u00fd lu\u1ed3ng traffic East-West b\u00ean trong cluster<\/li>\n\n\n\n<li>H\u1ed7 tr\u1ee3 t\u00edch h\u1ee3p v\u1edbi service mesh<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-ap-d\u1ee5ng-chinh-sach-m\u1ea1ng-network-policies\"><strong>\u00c1p d\u1ee5ng ch\u00ednh s\u00e1ch m\u1ea1ng (Network Policies)<\/strong><\/h4>\n\n\n\n<p>M\u1ed9t l\u00fd do quan tr\u1ecdng kh\u00e1c l\u00e0 v\u1ec1 b\u1ea3o m\u1eadt. C\u00e1c CNI plugin nh\u01b0 Calico ho\u1eb7c Cilium cho ph\u00e9p \u00e1p d\u1ee5ng Network Policy \u0111\u1ec3 ki\u1ec3m so\u00e1t l\u01b0u l\u01b0\u1ee3ng:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Pod n\u00e0o \u0111\u01b0\u1ee3c giao ti\u1ebfp v\u1edbi Pod n\u00e0o<\/li>\n\n\n\n<li>Giao th\u1ee9c v\u00e0 port n\u00e0o \u0111\u01b0\u1ee3c ph\u00e9p<\/li>\n\n\n\n<li>Ch\u1eb7n truy c\u1eadp gi\u1eefa c\u00e1c namespace<\/li>\n\n\n\n<li>H\u1ed7 tr\u1ee3 c\u00e1c rule Ingress v\u00e0 Egress<\/li>\n\n\n\n<li>\u00c1p d\u1ee5ng ch\u00ednh s\u00e1ch \u1edf Layer 3\/4 v\u00e0 Layer 7 (v\u00ed d\u1ee5 v\u1edbi Cilium)<\/li>\n\n\n\n<li>H\u1ed7 tr\u1ee3 m\u00e3 h\u00f3a d\u1eef li\u1ec7u khi truy\u1ec1n (encryption in transit), nh\u01b0 WireGuard v\u1edbi Calico<\/li>\n\n\n\n<li>Cung c\u1ea5p kh\u1ea3 n\u0103ng c\u00f4 l\u1eadp v\u00e0 ph\u00e2n \u0111o\u1ea1n m\u1ea1ng (network isolation v\u00e0 segmentation)<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-d\u1ecbnh-tuy\u1ebfn-l\u01b0u-l\u01b0\u1ee3ng-gi\u1eefa-cac-pod-va-node\"><strong>\u0110\u1ecbnh tuy\u1ebfn l\u01b0u l\u01b0\u1ee3ng gi\u1eefa c\u00e1c Pod v\u00e0 node<\/strong><\/h4>\n\n\n\n<p>Trong h\u1ec7 th\u1ed1ng nhi\u1ec1u node, vi\u1ec7c \u0111\u1ecbnh tuy\u1ebfn th\u1ee7 c\u00f4ng l\u00e0 kh\u00f4ng kh\u1ea3 thi.<\/p>\n\n\n\n<p>CNI plugin \u0111\u1ea3m b\u1ea3o:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>L\u01b0u l\u01b0\u1ee3ng gi\u1eefa node \u0111\u01b0\u1ee3c \u0111\u1ecbnh tuy\u1ebfn t\u1ef1 \u0111\u1ed9ng<\/li>\n\n\n\n<li>Tr\u00e1nh xung \u0111\u1ed9t IP<\/li>\n\n\n\n<li>\u0110\u1ea3m b\u1ea3o hi\u1ec7u n\u0103ng v\u1edbi c\u00e1c k\u1ef9 thu\u1eadt nh\u01b0 VXLAN, IP-in-IP, ho\u1eb7c BGP routing<\/li>\n\n\n\n<li>H\u1ed7 tr\u1ee3 networking gi\u1eefa nhi\u1ec1u cluster (multi-cluster)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-cach-theo-doi-tai-nguyen-cluster-b\u1eb1ng-kubectl\"><strong>C\u00e1ch theo d\u00f5i t\u00e0i nguy\u00ean cluster b\u1eb1ng kubectl?\u00a0<\/strong><\/h3>\n\n\n\n<p>Theo d\u00f5i t\u00e0i nguy\u00ean trong Kubernetes l\u00e0 b\u01b0\u1edbc quan tr\u1ecdng \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o cluster ho\u1ea1t \u0111\u1ed9ng \u1ed5n \u0111\u1ecbnh, tr\u00e1nh t\u00ecnh tr\u1ea1ng qu\u00e1 t\u1ea3i v\u00e0 h\u1ed7 tr\u1ee3 x\u1eed l\u00fd l\u1ed7i hi\u1ec7u qu\u1ea3. V\u1edbi kubectl, b\u1ea1n c\u00f3 th\u1ec3 nhanh ch\u00f3ng ki\u1ec3m tra m\u1ee9c s\u1eed d\u1ee5ng CPU, RAM c\u1ee7a node v\u00e0 Pod \u0111\u1ec3 \u0111\u00e1nh gi\u00e1 hi\u1ec7u n\u0103ng h\u1ec7 th\u1ed1ng.<\/p>\n\n\n\n<p>C\u00f3 c\u00e1c c\u00e1ch sau:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Ki\u1ec3m tra t\u00e0i nguy\u00ean c\u1ee7a Node<\/strong><\/li>\n<\/ol>\n\n\n\n<p>L\u1ec7nh c\u01a1 b\u1ea3n \u0111\u1ec3 xem m\u1ee9c s\u1eed d\u1ee5ng t\u00e0i nguy\u00ean c\u1ee7a t\u1ea5t c\u1ea3 node:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl top nodes<\/code><\/pre>\n\n\n\n<p>L\u1ec7nh n\u00e0y cho b\u1ea1n th\u1ea5y:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CPU \u0111ang s\u1eed d\u1ee5ng<\/li>\n\n\n\n<li>B\u1ed9 nh\u1edb (RAM) \u0111ang d\u00f9ng<\/li>\n\n\n\n<li>T\u1ef7 l\u1ec7 % so v\u1edbi t\u1ed5ng t\u00e0i nguy\u00ean node<\/li>\n\n\n\n<li>CPU(cores) v\u00e0 CPU%<\/li>\n\n\n\n<li>MEMORY(bytes) v\u00e0 MEMORY%<\/li>\n<\/ul>\n\n\n\n<p>\u0110\u00e2y l\u00e0 c\u00e1ch nhanh nh\u1ea5t \u0111\u1ec3 bi\u1ebft node n\u00e0o \u0111ang b\u1ecb qu\u00e1 t\u1ea3i.<\/p>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>Ki\u1ec3m tra t\u00e0i nguy\u00ean c\u1ee7a Pod<\/strong><\/li>\n<\/ol>\n\n\n\n<p>\u0110\u1ec3 xem m\u1ee9c s\u1eed d\u1ee5ng CPU v\u00e0 RAM c\u1ee7a t\u1eebng Pod trong m\u1ed9t namespace:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl top pods -n &lt;namespace><\/code><\/pre>\n\n\n\n<p>B\u1ea1n c\u00f3 th\u1ec3 b\u1ecf -n &lt;namespace&gt; \u0111\u1ec3 xem t\u1ea5t c\u1ea3 Pod trong namespace m\u1eb7c \u0111\u1ecbnh.<\/p>\n\n\n\n<p>L\u1ec7nh n\u00e0y h\u1eefu \u00edch khi:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Pod ch\u1ea1y ch\u1eadm<\/li>\n\n\n\n<li>\u1ee8ng d\u1ee5ng ti\u00eau th\u1ee5 b\u1ed9 nh\u1edb b\u1ea5t th\u01b0\u1eddng<\/li>\n\n\n\n<li>Mu\u1ed1n \u0111\u00e1nh gi\u00e1 vi\u1ec7c scale ho\u1eb7c t\u1ed1i \u01b0u t\u00e0i nguy\u00ean<\/li>\n\n\n\n<li>X\u00e1c \u0111\u1ecbnh nh\u1eefng Pod c\u1ea7n th\u1ef1c hi\u1ec7n vertical scaling<\/li>\n\n\n\n<li>Debug c\u00e1c s\u1ef1 c\u1ed1 OOMKilled<\/li>\n<\/ul>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li><strong>Xem chi ti\u1ebft resource limit v\u00e0 request c\u1ee7a Pod<\/strong><\/li>\n<\/ol>\n\n\n\n<p>B\u1ea1n c\u00f3 th\u1ec3 xem th\u00f4ng tin c\u1ea5u h\u00ecnh t\u00e0i nguy\u00ean Pod b\u1eb1ng:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl describe pod &lt;pod-name> -n &lt;namespace><\/code><\/pre>\n\n\n\n<p>Trong ph\u1ea7n m\u00f4 t\u1ea3, Kubernetes hi\u1ec3n th\u1ecb:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Requests (CPU\/RAM t\u1ed1i thi\u1ec3u Pod c\u1ea7n)<\/li>\n\n\n\n<li>Limits (ng\u01b0\u1ee1ng t\u1ed1i \u0111a Pod \u0111\u01b0\u1ee3c d\u00f9ng)<\/li>\n<\/ul>\n\n\n\n<p>\u0110i\u1ec1u n\u00e0y gi\u00fap \u0111\u1ed1i chi\u1ebfu vi\u1ec7c ti\u00eau th\u1ee5 th\u1ef1c t\u1ebf (kubectl top) v\u1edbi c\u1ea5u h\u00ecnh.<\/p>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li><strong>Theo d\u00f5i s\u1ef1 ki\u1ec7n li\u00ean quan \u0111\u1ebfn t\u00e0i nguy\u00ean<\/strong><\/li>\n<\/ol>\n\n\n\n<p>Khi Pod b\u1ecb thi\u1ebfu CPU ho\u1eb7c RAM, Kubernetes th\u01b0\u1eddng ghi s\u1ef1 ki\u1ec7n (Events):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl get events --sort-by=.metadata.creationTimestamp<\/code><\/pre>\n\n\n\n<p>C\u00e1c s\u1ef1 ki\u1ec7n nh\u01b0:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OOMKilled<\/li>\n\n\n\n<li>FailedScheduling<\/li>\n\n\n\n<li>Insufficient CPU\/Memory<\/li>\n<\/ul>\n\n\n\n<p>cho th\u1ea5y Pod \u0111ang g\u1eb7p v\u1ea5n \u0111\u1ec1 t\u00e0i nguy\u00ean.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cau-h\u1ecfi-ph\u1ecfng-v\u1ea5n-kubernetes-cao-c\u1ea5p-advanced-level\"><span class=\"ez-toc-section\" id=\"Cau_hoi_phong_van_Kubernetes_cao_cap_Advanced_Level\"><\/span><strong>C\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes cao c\u1ea5p (Advanced Level)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-cach-thi\u1ebft-k\u1ebf-cluster-kubernetes-co-d\u1ed9-kh\u1ea3-d\u1ee5ng-cao-high-availability\"><strong>C\u00e1ch thi\u1ebft k\u1ebf cluster Kubernetes c\u00f3 \u0111\u1ed9 kh\u1ea3 d\u1ee5ng cao (high availability)?\u00a0<\/strong><\/h3>\n\n\n\n<p>\u0110\u1ec3 m\u1ed9t cluster Kubernetes c\u00f3 \u0111\u1ed9 kh\u1ea3 d\u1ee5ng cao, t\u1ee9c l\u00e0 v\u1eabn ho\u1ea1t \u0111\u1ed9ng \u1ed5n \u0111\u1ecbnh, ch\u1ecbu l\u1ed7i (fault-tolerant), c\u00f3 kh\u1ea3 n\u0103ng ph\u1ee5c h\u1ed3i v\u00e0 \u0111\u1ea3m b\u1ea3o service kh\u00f4ng gi\u00e1n \u0111o\u1ea1n, t\u00f4i th\u01b0\u1eddng thi\u1ebft k\u1ebf theo m\u1ed9t s\u1ed1 nguy\u00ean t\u1eafc sau:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-da-control-plane-da-node-di\u1ec1u-khi\u1ec3n-da-master\"><strong>\u0110a Control-Plane (\u0111a node \u0111i\u1ec1u khi\u1ec3n \/ \u0111a master)<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Thi\u1ebft l\u1eadp nhi\u1ec1u node cho Control Plane (API Server, etcd, Scheduler, Controller-Manager). N\u1ebfu m\u1ed9t master b\u1ecb l\u1ed7i, c\u00e1c master kh\u00e1c v\u1eabn \u0111\u1ea3m b\u1ea3o cluster ho\u1ea1t \u0111\u1ed9ng.<\/li>\n\n\n\n<li>\u0110\u1ea3m b\u1ea3o b\u1ed9 nh\u1edb etcd \u0111\u01b0\u1ee3c replica v\u00e0 \u0111\u1ed3ng b\u1ed9 gi\u1eefa c\u00e1c master \u0111\u1ec3 tr\u00e1nh m\u1ea5t state khi m\u1ed9t master ch\u1ebft.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-phan-tan-worker-node-amp-tranh-single-point-of-failure-di\u1ec3m-l\u1ed7i-duy-nh\u1ea5t\"><strong>Ph\u00e2n t\u00e1n Worker node &amp; tr\u00e1nh single point of failure (\u0111i\u1ec3m l\u1ed7i duy nh\u1ea5t)<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>S\u1eed d\u1ee5ng nhi\u1ec1u worker node (\u00edt nh\u1ea5t 2-3 node), ph\u00e2n b\u1ed5 workload \u0111\u1ec1u.<\/li>\n\n\n\n<li>Kh\u00f4ng \u0111\u1eb7t t\u1ea5t c\u1ea3 Pod \/ service quan tr\u1ecdng v\u00e0o c\u00f9ng m\u1ed9t node, d\u00f9ng labels\/taints\/affinity \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o ph\u00e2n ph\u1ed1i load.<\/li>\n\n\n\n<li>Theo d\u00f5i t\u00ecnh tr\u1ea1ng node: n\u1ebfu m\u1ed9t node b\u1ecb l\u1ed7i, Pod t\u1ef1 \u0111\u1ed9ng \u0111\u01b0\u1ee3c scheduler l\u1ea1i tr\u00ean node kh\u00e1c.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-l\u01b0u-tr\u1eef-amp-persistent-volume-co-kh\u1ea3-nang-ch\u1ecbu-l\u1ed7i\"><strong>L\u01b0u tr\u1eef &amp; Persistent Volume c\u00f3 kh\u1ea3 n\u0103ng ch\u1ecbu l\u1ed7i<\/strong><\/h4>\n\n\n\n<p>V\u1edbi \u1ee9ng d\u1ee5ng c\u1ea7n l\u01b0u tr\u1eef b\u1ec1n v\u1eefng, kh\u00f4ng s\u1eed d\u1ee5ng l\u01b0u tr\u1eef c\u1ee5c b\u1ed9 ch\u1ec9 g\u1eafn v\u1edbi m\u1ed9t node. N\u00ean d\u00f9ng:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Storage backend h\u1ed7 tr\u1ee3 high avaibility, v\u00ed d\u1ee5 l\u01b0u tr\u1eef m\u1ea1ng ho\u1eb7c l\u01b0u tr\u1eef \u0111\u00e1m m\u00e2y (block storage, network storage).<\/li>\n\n\n\n<li>D\u00f9ng l\u1edbp abstraction nh\u01b0 StorageClass + PersistentVolume \u0111\u1ec3 storage kh\u00f4ng ph\u1ee5 thu\u1ed9c v\u00e0o node c\u1ee5 th\u1ec3.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-network-amp-cni-plugin-\u1ed5n-d\u1ecbnh-va-co-d\u1ef1-phong\"><strong>Network &amp; CNI plugin \u1ed5n \u0111\u1ecbnh v\u00e0 c\u00f3 d\u1ef1 ph\u00f2ng<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>D\u00f9ng CNI plugin \u1ed5n \u0111\u1ecbnh, h\u1ed7 tr\u1ee3 nhi\u1ec1u node v\u00e0 cho ph\u00e9p Pod tr\u00ean c\u00e1c node kh\u00e1c nhau giao ti\u1ebfp m\u01b0\u1ee3t m\u00e0.<\/li>\n\n\n\n<li>\u0110\u1ea3m b\u1ea3o m\u1ea1ng gi\u1eefa node v\u00e0 pod, v\u00e0 gi\u1eefa c\u00e1c pod kh\u00f4ng b\u1ecb single point failure.<\/li>\n\n\n\n<li>N\u1ebfu c\u1ea7n, thi\u1ebft l\u1eadp m\u1ea1ng ph\u1ee7 (overlay network) ho\u1eb7c ch\u00ednh s\u00e1ch m\u1ea1ng (network policy)<br>\u0111\u1ec3 t\u0103ng t\u00ednh an to\u00e0n v\u00e0 kh\u1ea3 n\u0103ng ch\u1ecbu l\u1ed7i.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-can-b\u1eb1ng-t\u1ea3i-amp-expose-d\u1ecbch-v\u1ee5-co-ha\"><strong>C\u00e2n b\u1eb1ng t\u1ea3i &amp; expose d\u1ecbch v\u1ee5 c\u00f3 HA<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Khi expose \u1ee9ng d\u1ee5ng ra b\u00ean ngo\u00e0i, s\u1eed d\u1ee5ng LoadBalancer ho\u1eb7c Ingress Controller v\u1edbi h\u1ed7 tr\u1ee3 high avaibility (c\u00f3 nhi\u1ec1u instance, d\u00f9ng external LB\/cloud LB n\u1ebfu c\u00f3).<\/li>\n\n\n\n<li>Tr\u00e1nh d\u00f9ng NodePort \u0111\u01a1n gi\u1ea3n cho production n\u1ebfu c\u1ea7n kh\u1ea3 n\u0103ng ch\u1ecbu l\u1ed7i v\u00e0 c\u00e2n b\u1eb1ng t\u1ea3i t\u1ed1t.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-monitoring-logging-amp-auto-recovery\"><strong>Monitoring, Logging &amp; Auto-Recovery<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tri\u1ec3n khai h\u1ec7 th\u1ed1ng gi\u00e1m s\u00e1t (monitoring) \u0111\u1ec3 theo d\u00f5i node, Pod, t\u00e0i nguy\u00ean h\u1ec7 th\u1ed1ng; ph\u00e1t hi\u1ec7n s\u1edbm khi node, container, ho\u1eb7c service g\u1eb7p s\u1ef1 c\u1ed1.<\/li>\n\n\n\n<li>Thi\u1ebft l\u1eadp alert, t\u1ef1 \u0111\u1ed9ng recovery: n\u1ebfu Pod ch\u1ebft, Deployment\/ReplicaSet\/StatefulSet t\u1ef1 t\u00e1i kh\u1edfi \u0111\u1ed9ng; n\u1ebfu node l\u1ed7i, scheduler t\u1ef1 chuy\u1ec3n Pod sang node kh\u00e1c.<\/li>\n\n\n\n<li>\u0110\u1ea3m b\u1ea3o log v\u00e0 data \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef b\u00ean ngo\u00e0i cluster n\u1ebfu c\u1ea7n l\u01b0u tr\u1eef l\u00e2u d\u00e0i, tr\u00e1nh m\u1ea5t log khi Pod\/node b\u1ecb xo\u00e1.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-backup-etcd-amp-d\u1eef-li\u1ec7u-quan-tr\u1ecdng\"><strong>Backup etcd &amp; d\u1eef li\u1ec7u quan tr\u1ecdng<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Do etcd ch\u1ee9a to\u00e0n b\u1ed9 state cluster, n\u00ean backup \u0111\u1ecbnh k\u1ef3 \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o c\u00f3 th\u1ec3 ph\u1ee5c h\u1ed3i cluster khi c\u00f3 s\u1ef1 c\u1ed1 nghi\u00eam tr\u1ecdng.<\/li>\n\n\n\n<li>V\u1edbi c\u00e1c \u1ee9ng d\u1ee5ng stateful th\u00ec c\u1ea7n backup database, files, storage \u0111\u1ecbnh k\u1ef3<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-khi-nao-nen-ap-d\u1ee5ng-thi\u1ebft-k\u1ebf-cluster-ha\"><strong>Khi n\u00e0o n\u00ean \u00e1p d\u1ee5ng thi\u1ebft k\u1ebf cluster HA?<\/strong><\/h3>\n\n\n\n<p>B\u1ea1n n\u00ean thi\u1ebft k\u1ebf cluster HA khi:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ch\u1ea1y m\u00f4i tr\u01b0\u1eddng production, nhi\u1ec1u user, \u0111\u00f2i h\u1ecfi uptime cao.<\/li>\n\n\n\n<li>\u1ee8ng d\u1ee5ng c\u1ea7n kh\u1ea3 n\u0103ng ch\u1ecbu l\u1ed7i, kh\u00f4ng ch\u1ea5p nh\u1eadn downtime khi node ho\u1eb7c master g\u1eb7p s\u1ef1 c\u1ed1.<\/li>\n\n\n\n<li>C\u00f3 nhi\u1ec1u microservices \/ workloads, c\u1ea7n c\u00e2n b\u1eb1ng t\u1ea3i v\u00e0 ph\u00e2n t\u00e1n.<\/li>\n\n\n\n<li>C\u1ea7n m\u1edf r\u1ed9ng (scaling), deployment th\u01b0\u1eddng xuy\u00ean, update phi\u00ean b\u1ea3n m\u00e0 v\u1eabn \u0111\u1ea3m b\u1ea3o \u1ed5n \u0111\u1ecbnh.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-rbac-role-based-access-control-ho\u1ea1t-d\u1ed9ng-th\u1ebf-nao\"><strong>RBAC (Role-Based Access Control) ho\u1ea1t \u0111\u1ed9ng th\u1ebf n\u00e0o?\u00a0<\/strong><\/h3>\n\n\n\n<p>Trong Kubernetes, RBAC (Role-Based Access Control) l\u00e0 c\u01a1 ch\u1ebf ki\u1ec3m so\u00e1t truy c\u1eadp d\u1ef1a tr\u00ean quy\u1ec1n, gi\u00fap gi\u1edbi h\u1ea1n nh\u1eefng h\u00e0nh \u0111\u1ed9ng m\u00e0 user, group ho\u1eb7c t\u00e0i kho\u1ea3n d\u1ecbch v\u1ee5 (service account) \u0111\u01b0\u1ee3c ph\u00e9p th\u1ef1c hi\u1ec7n. RBAC \u0111\u01b0\u1ee3c \u0111\u1eb7t l\u00e0m m\u1eb7c \u0111\u1ecbnh t\u1eeb Kubernetes 1.6.<\/p>\n\n\n\n<p>RBAC trong Kubernetes ho\u1ea1t \u0111\u1ed9ng d\u1ef1a tr\u00ean b\u1ed1n th\u00e0nh ph\u1ea7n ch\u00ednh:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Role\n<ul class=\"wp-block-list\">\n<li>Quy \u0111\u1ecbnh danh s\u00e1ch c\u00e1c h\u00e0nh \u0111\u1ed9ng (verb) \u0111\u01b0\u1ee3c ph\u00e9p th\u1ef1c hi\u1ec7n tr\u00ean t\u00e0i nguy\u00ean (resources) trong m\u1ed9t namespace.<\/li>\n\n\n\n<li>C\u00e1c verb bao g\u1ed3m: get, list, watch, create, update, patch, delete.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>ClusterRole\n<ul class=\"wp-block-list\">\n<li>Gi\u1ed1ng Role nh\u01b0ng \u00e1p d\u1ee5ng to\u00e0n cluster, kh\u00f4ng gi\u1edbi h\u1ea1n namespace.<\/li>\n\n\n\n<li>D\u00f9ng cho c\u00e1c resource \u1edf c\u1ea5p cluster nh\u01b0 node, PersistentVolume, namespace\u2026<\/li>\n\n\n\n<li>C\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c t\u1ed5ng h\u1ee3p th\u00f4ng qua aggregationRule<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>RoleBinding\n<ul class=\"wp-block-list\">\n<li>G\u00e1n Role cho user, group ho\u1eb7c service account trong m\u1ed9t namespace c\u1ee5 th\u1ec3.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>ClusterRoleBinding\n<ul class=\"wp-block-list\">\n<li>G\u00e1n ClusterRole cho user ho\u1eb7c service account tr\u00ean to\u00e0n b\u1ed9 cluster.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>Kubernetes s\u1ebd ki\u1ec3m tra quy\u1ec1n theo quy tr\u00ecnh:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>User g\u1eedi y\u00eau c\u1ea7u (v\u00ed d\u1ee5: \u201ccreate Pod\u201d).<\/li>\n\n\n\n<li>Authentication: X\u00e1c th\u1ef1c danh t\u00ednh (th\u00f4ng qua certificates, tokens, OIDC &#8211; h\u1ec7 th\u1ed1ng \u0111\u1ecbnh danh b\u00ean ngo\u00e0i)<\/li>\n\n\n\n<li>Authorization: API Server ki\u1ec3m tra ch\u00ednh s\u00e1ch ph\u00e2n quy\u1ec1n RBAC, xem ng\u01b0\u1eddi d\u00f9ng \u0111\u00f3 c\u00f3 \u0111\u01b0\u1ee3c ph\u00e9p th\u1ef1c hi\u1ec7n h\u00e0nh \u0111\u1ed9ng tr\u00ean t\u00e0i nguy\u00ean t\u01b0\u01a1ng \u1ee9ng hay kh\u00f4ng<\/li>\n\n\n\n<li>Admission Control ki\u1ec3m so\u00e1t \u0111\u1ea7u v\u00e0o v\u00e0 webhook:\n<ul class=\"wp-block-list\">\n<li>C\u00f3 th\u1ec3 ch\u1ec9nh s\u1eeda y\u00eau c\u1ea7u (mutate)<\/li>\n\n\n\n<li>Ho\u1eb7c ki\u1ec3m tra v\u00e0 t\u1eeb ch\u1ed1i y\u00eau c\u1ea7u (validate)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>V\u00ed d\u1ee5: \u00e9p bu\u1ed9c namespace, th\u00eam label, ki\u1ec3m tra quota, policy b\u1ea3o m\u1eadt\u2026<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ra quy\u1ebft \u0111\u1ecbnh:\n<ul class=\"wp-block-list\">\n<li>N\u1ebfu RoleBinding \/ ClusterRoleBinding cho ph\u00e9p h\u00e0nh \u0111\u1ed9ng \u2192 Y\u00eau c\u1ea7u \u0111\u01b0\u1ee3c ch\u1ea5p nh\u1eadn<\/li>\n\n\n\n<li>N\u1ebfu kh\u00f4ng c\u00f3 quy\u1ec1n \u2192 Tr\u1ea3 v\u1ec1 l\u1ed7i 403 \u2013 B\u1ecb t\u1eeb ch\u1ed1i truy c\u1eadp (Forbidden)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-lam-th\u1ebf-nao-d\u1ec3-t\u1ea1o-role-m\u1edbi-trong-kubernetes\"><strong>L\u00e0m th\u1ebf n\u00e0o \u0111\u1ec3 t\u1ea1o Role m\u1edbi trong Kubernetes?<\/strong><\/h3>\n\n\n\n<p><strong>B\u01b0\u1edbc 1: T\u1ea1o Role<\/strong><\/p>\n\n\n\n<p>V\u00ed d\u1ee5: T\u1ea1o m\u1ed9t Role ch\u1ec9 cho ph\u00e9p \u0111\u1ecdc v\u00e0 li\u1ec7t k\u00ea Pod trong namespace dev<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: rbac.authorization.k8s.io\/v1\n\nkind: Role\n\nmetadata:\n\n\u00a0\u00a0namespace: dev\n\n\u00a0\u00a0name: pod-reader\n\nrules:\n\n- apiGroups: &#91;\"\"]\n\n\u00a0\u00a0resources: &#91;\"pods\"]\n\n\u00a0\u00a0verbs: &#91;\"get\", \"list\", \"watch\"]<\/code><\/pre>\n\n\n\n<p>\u00c1p d\u1ee5ng Role v\u00e0o cluster:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl apply -f role.yaml<\/code><\/pre>\n\n\n\n<p><strong>B\u01b0\u1edbc 2: T\u1ea1o RoleBinding<\/strong><\/p>\n\n\n\n<p>V\u00ed d\u1ee5: G\u00e1n Role pod-reader cho service account app-sa trong namespace dev.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: rbac.authorization.k8s.io\/v1\n\nkind: RoleBinding\n\nmetadata:\n\n\u00a0\u00a0name: read-pods-binding\n\n\u00a0\u00a0namespace: dev\n\nsubjects:\n\n- kind: ServiceAccount\n\n\u00a0\u00a0name: app-sa\n\n\u00a0\u00a0namespace: dev\n\nroleRef:\n\n\u00a0\u00a0kind: Role\n\n\u00a0\u00a0name: pod-reader\n\n\u00a0\u00a0apiGroup: rbac.authorization.k8s.io<\/code><\/pre>\n\n\n\n<p>\u00c1p d\u1ee5ng RoleBinding:&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl apply -f rolebinding.yaml<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-canary-deployment-khac-gi-blue-green-deployment\"><strong>Canary Deployment kh\u00e1c g\u00ec Blue\/Green Deployment?\u00a0<\/strong><\/h3>\n\n\n\n<p>Trong ph\u00e1t tri\u1ec3n v\u00e0 v\u1eadn h\u00e0nh ph\u1ea7n m\u1ec1m hi\u1ec7n \u0111\u1ea1i, khi c\u1eadp nh\u1eadt \u1ee9ng d\u1ee5ng ch\u1ea1y tr\u00ean Kubernetes, c\u00f3 hai chi\u1ebfn l\u01b0\u1ee3c tri\u1ec3n khai ph\u1ed5 bi\u1ebfn l\u00e0 Blue\/Green Deployment v\u00e0 Canary Deployment. C\u1ea3 hai \u0111\u1ec1u l\u00e0 Progressive Delivery strategies.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-blue-green-deployment\"><strong>Blue\/Green Deployment<\/strong><\/h4>\n\n\n\n<p>Blue\/Green Deployment ho\u1ea1t \u0111\u1ed9ng b\u1eb1ng c\u00e1ch duy tr\u00ec hai m\u00f4i tr\u01b0\u1eddng ho\u00e0n ch\u1ec9nh c\u00f9ng l\u00fac:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>M\u00f4i tr\u01b0\u1eddng \u201cBlue\u201d: phi\u00ean b\u1ea3n \u1ee9ng d\u1ee5ng hi\u1ec7n \u0111ang ch\u1ea1y (production).<\/li>\n\n\n\n<li>M\u00f4i tr\u01b0\u1eddng \u201cGreen\u201d: phi\u00ean b\u1ea3n m\u1edbi c\u1ee7a \u1ee9ng d\u1ee5ng, \u0111\u01b0\u1ee3c tri\u1ec3n khai song song.<\/li>\n\n\n\n<li>Ho\u00e1n \u0111\u1ed5i traffic t\u1ee9c th\u00ec 100% t\u1eeb Blue sang Green<\/li>\n\n\n\n<li>Th\u01b0\u1eddng d\u00f9ng v\u1edbi Service selector ho\u1eb7c Ingress rules<\/li>\n<\/ul>\n\n\n\n<p>Khi phi\u00ean b\u1ea3n Green \u1ed5n \u0111\u1ecbnh, b\u1ea1n chuy\u1ec3n to\u00e0n b\u1ed9 traffic t\u1eeb Blue sang Green, ngh\u0129a l\u00e0 c\u1ea3 h\u1ec7 th\u1ed1ng d\u00f9ng phi\u00ean b\u1ea3n m\u1edbi c\u00f9ng l\u00fac. Sau \u0111\u00f3, phi\u00ean b\u1ea3n Blue c\u00f3 th\u1ec3 b\u1ecb g\u1ee1 b\u1ecf ho\u1eb7c gi\u1eef l\u00e0m rollback.<\/p>\n\n\n\n<p>\u01afu \u0111i\u1ec3m:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Downtime g\u1ea7n nh\u01b0 b\u1eb1ng 0.<\/li>\n\n\n\n<li>N\u1ebfu phi\u00ean b\u1ea3n m\u1edbi c\u00f3 l\u1ed7i, rollback nhanh ch\u00f3ng b\u1eb1ng c\u00e1ch chuy\u1ec3n l\u1ea1i traffic sang Blue.<\/li>\n\n\n\n<li>\u0110\u1ea3m b\u1ea3o m\u00f4i tr\u01b0\u1eddng Green \u0111\u01b0\u1ee3c test ho\u00e0n ch\u1ec9nh tr\u01b0\u1edbc khi chuy\u1ec3n \u0111\u1ed5i.<\/li>\n\n\n\n<li>\u0110\u01a1n gi\u1ea3n v\u00e0 d\u1ec5 d\u1ef1 \u0111o\u00e1n.<\/li>\n<\/ul>\n\n\n\n<p>Nh\u01b0\u1ee3c \u0111i\u1ec3m:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>C\u1ea7n g\u1ea5p \u0111\u00f4i h\u1ea1 t\u1ea7ng khi duy tr\u00ec song song hai m\u00f4i tr\u01b0\u1eddng.<\/li>\n\n\n\n<li>Qu\u1ea3n l\u00fd ph\u1ee9c t\u1ea1p h\u01a1n n\u1ebfu \u1ee9ng d\u1ee5ng c\u00f3 d\u1eef li\u1ec7u\/stateful c\u1ea7n migration.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-canary-deployment\"><strong>Canary Deployment<\/strong><\/h4>\n\n\n\n<p>Canary Deployment l\u00e0 ph\u01b0\u01a1ng ph\u00e1p tri\u1ec3n khai d\u1ea7n (gradual release):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u0110\u1ea7u ti\u00ean, b\u1ea1n deploy phi\u00ean b\u1ea3n m\u1edbi cho m\u1ed9t t\u1ef7 l\u1ec7 nh\u1ecf ng\u01b0\u1eddi d\u00f9ng\/requests.<\/li>\n\n\n\n<li>Quan s\u00e1t hi\u1ec7u n\u0103ng, l\u1ed7i, h\u00e0nh vi th\u1ef1c t\u1ebf.<\/li>\n\n\n\n<li>N\u1ebfu \u1ed5n, ti\u1ebfp t\u1ee5c m\u1edf r\u1ed9ng d\u1ea7n cho to\u00e0n b\u1ed9 ng\u01b0\u1eddi d\u00f9ng.<\/li>\n<\/ul>\n\n\n\n<p>\u01afu \u0111i\u1ec3m:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Gi\u1ea3m r\u1ee7i ro do rollout t\u1eeb t\u1eeb, phi\u00ean b\u1ea3n m\u1edbi ch\u1ec9 \u1ea3nh h\u01b0\u1edfng m\u1ed9t ph\u1ea7n nh\u1ecf trong h\u1ec7 th\u1ed1ng tr\u01b0\u1edbc khi rollout ho\u00e0n to\u00e0n.<\/li>\n\n\n\n<li>C\u00f3 th\u1ec3 ph\u00e1t hi\u1ec7n l\u1ed7i s\u1edbm, d\u1ec5 rollback nhanh n\u1ebfu c\u00f3 s\u1ef1 c\u1ed1.<\/li>\n\n\n\n<li>Ti\u1ebft ki\u1ec7m t\u00e0i nguy\u00ean, kh\u00f4ng c\u1ea7n g\u1ea5p \u0111\u00f4i h\u1ea1 t\u1ea7ng nh\u01b0 Blue\/Green.<\/li>\n<\/ul>\n\n\n\n<p>Nh\u01b0\u1ee3c \u0111i\u1ec3m:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Vi\u1ec7c qu\u1ea3n l\u00fd phi\u00ean b\u1ea3n v\u00e0 routing traffic ph\u1ee9c t\u1ea1p h\u01a1n.<\/li>\n\n\n\n<li>M\u1ed9t ph\u1ea7n ng\u01b0\u1eddi d\u00f9ng c\u00f3 th\u1ec3 tr\u1ea3i nghi\u1ec7m phi\u00ean b\u1ea3n m\u1edbi, n\u1ebfu c\u00f3 l\u1ed7i, \u1ea3nh h\u01b0\u1edfng t\u1edbi h\u1ecd.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-b\u1ea3ng-so-sanh-blue-green-va-canary-deployment\"><strong>B\u1ea3ng so s\u00e1nh Blue\/Green v\u00e0 Canary Deployment<\/strong><\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Ti\u00eau ch\u00ed<\/strong><\/td><td><strong>Blue\/Green Deployment<\/strong><\/td><td><strong>Canary Deployment<\/strong><\/td><\/tr><tr><td>C\u00e1ch th\u1ee9c tri\u1ec3n khai<\/td><td>Deploy to\u00e0n b\u1ed9 \u1ee9ng d\u1ee5ng m\u1edbi sang m\u00f4i tr\u01b0\u1eddng Green, sau \u0111\u00f3 chuy\u1ec3n to\u00e0n b\u1ed9 traffic<\/td><td>Deploy d\u1ea7n, m\u1ed9t ph\u1ea7n nh\u1ecf traffic d\u00f9ng phi\u00ean b\u1ea3n m\u1edbi, sau \u0111\u00f3 m\u1edf r\u1ed9ng<\/td><\/tr><tr><td>Downtime<\/td><td>G\u1ea7n nh\u01b0 kh\u00f4ng c\u00f3<\/td><td>G\u1ea7n nh\u01b0 kh\u00f4ng c\u00f3 (n\u1ebfu c\u1ea5u h\u00ecnh \u0111\u00fang)<\/td><\/tr><tr><td>Ngu\u1ed3n l\u1ef1c h\u1ea1 t\u1ea7ng c\u1ea7n<\/td><td>Cao, c\u1ea7n hai m\u00f4i tr\u01b0\u1eddng song song<\/td><td>Th\u1ea5p h\u01a1n, kh\u00f4ng c\u1ea7n g\u1ea5p \u0111\u00f4i to\u00e0n b\u1ed9<\/td><\/tr><tr><td>R\u1ee7i ro khi rollout<\/td><td>C\u00f3, n\u1ebfu phi\u00ean b\u1ea3n m\u1edbi l\u1ed7i th\u00ec \u1ea3nh h\u01b0\u1edfng to\u00e0n b\u1ed9<\/td><td>Th\u1ea5p h\u01a1n, ch\u1ec9 \u1ea3nh h\u01b0\u1edfng m\u1ed9t ph\u1ea7n nh\u1ecf<\/td><\/tr><tr><td>Rollback<\/td><td>\u0110\u01a1n gi\u1ea3n, chuy\u1ec3n l\u1ea1i traffic sang Blue<\/td><td>C\u1ea7n d\u1eebng phi\u00ean b\u1ea3n Canary, routing tr\u1edf l\u1ea1i phi\u00ean b\u1ea3n \u1ed5n \u0111\u1ecbnh<\/td><\/tr><tr><td>Ph\u00f9 h\u1ee3p cho<\/td><td>\u1ee8ng d\u1ee5ng nh\u1ecf\/medium, \u00edt microservice, c\u1ea7n release \u0111\u1ed3ng b\u1ed9<\/td><td>\u1ee8ng d\u1ee5ng l\u1edbn, microservices, c\u1ea7n ki\u1ec3m th\u1eed th\u1ef1c t\u1ebf, gi\u1ea3m r\u1ee7i ro<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-gi\u1ea3i-thich-cac-c\u01a1-ch\u1ebf-taints-tolerations-amp-affinity-anti-affinity-la-gi\"><strong>Gi\u1ea3i th\u00edch c\u00e1c c\u01a1 ch\u1ebf taints\/tolerations &amp; affinity\/anti-affinity l\u00e0 g\u00ec?\u00a0<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Taint: l\u00e0 c\u00e1ch g\u1eafn \u201cnh\u00e3n c\u1ea5m\u201d v\u00e0o m\u1ed9t node, ngh\u0129a l\u00e0 node \u0111\u00f3 \u201ckh\u00f4ng mu\u1ed1n nh\u1eadn Pod tr\u1eeb khi Pod \u0111\u00f3 ch\u1ea5p nh\u1eadn (tolerate) taint\u201d.<\/li>\n\n\n\n<li>Toleration: l\u00e0 khai b\u00e1o trong Pod \u0111\u1ec3 \u201cch\u1ecbu \u0111\u1ef1ng\u201d taint, nh\u1edd \u0111\u00f3 Pod c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c schedule l\u00ean node \u0111\u00e3 b\u1ecb taint.<\/li>\n\n\n\n<li>Node Affinity \/ Anti-Affinity: l\u00e0 c\u00e1ch \u0111\u1ec3 Pod y\u00eau c\u1ea7u ho\u1eb7c tr\u00e1nh node d\u1ef1a tr\u00ean label c\u1ee7a node. V\u00ed d\u1ee5 b\u1ea1n c\u00f3 th\u1ec3 y\u00eau c\u1ea7u Pod ch\u1ea1y tr\u00ean node c\u00f3 label ssd: &#8220;true&#8221; (affinity), ho\u1eb7c tr\u00e1nh node c\u00f3 label gpu: &#8220;true&#8221; (anti-affinity).<\/li>\n\n\n\n<li>Pod Affinity \/ Anti-Affinity: t\u01b0\u01a1ng t\u1ef1 nh\u01b0ng d\u1ef1a tr\u00ean label c\u1ee7a Pod kh\u00e1c, ngh\u0129a l\u00e0 b\u1ea1n c\u00f3 th\u1ec3 y\u00eau c\u1ea7u Pod ch\u1ea1y g\u1ea7n Pod kh\u00e1c, ho\u1eb7c tr\u00e1nh ch\u1ea1y c\u00f9ng Pod c\u00f3 label \u0111\u1eb7c bi\u1ec7t.<\/li>\n<\/ul>\n\n\n\n<p>Nh\u1edd c\u00e1c c\u01a1 ch\u1ebf n\u00e0y, b\u1ea1n c\u00f3 th\u1ec3 ki\u1ec3m so\u00e1t n\u01a1i n\u00e0o Pod \u0111\u01b0\u1ee3c ph\u00e2n b\u1ed5, r\u1ea5t h\u1eefu \u00edch khi cluster c\u00f3 nhi\u1ec1u node, ho\u1eb7c b\u1ea1n mu\u1ed1n t\u00e1ch bi\u1ec7t workload, hay \u01b0u ti\u00ean node c\u00f3 resource \u0111\u1eb7c bi\u1ec7t.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-s\u1eed-d\u1ee5ng-taints-tolerations-va-affinity-anti-affinity-khi-nao-va-nh\u01b0-th\u1ebf-nao\"><strong>S\u1eed d\u1ee5ng taints\/tolerations v\u00e0 affinity\/anti-affinity khi n\u00e0o v\u00e0 nh\u01b0 th\u1ebf n\u00e0o?<\/strong><\/h3>\n\n\n\n<p>B\u1ea1n n\u00ean s\u1eed d\u1ee5ng c\u00e1c t\u00ednh n\u0103ng n\u00e0y trong c\u00e1c tr\u01b0\u1eddng h\u1ee3p sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mu\u1ed1n \u0111\u1ea3m b\u1ea3o workload nh\u1ea1y c\u1ea3m (database, stateful service, latency-critical) ch\u1ea1y tr\u00ean node chuy\u00ean bi\u1ec7t c\u00f3 resource t\u1ed1t.<\/li>\n\n\n\n<li>C\u1ea7n c\u00f4 l\u1eadp c\u00e1c d\u1ecbch v\u1ee5, tr\u00e1nh ch\u00fang ch\u1ea1y chung tr\u00ean node \u0111\u1ec3 gi\u1ea3m r\u1ee7i ro \u1ea3nh h\u01b0\u1edfng l\u1eabn nhau.<\/li>\n\n\n\n<li>C\u1ea7n t\u00e1ch m\u00f4i tr\u01b0\u1eddng: dev \/ staging \/ production, m\u1ed7i m\u00f4i tr\u01b0\u1eddng tr\u00ean c\u00e1c node kh\u00e1c nhau.<\/li>\n\n\n\n<li>Cluster c\u00f3 nhi\u1ec1u node v\u1edbi c\u1ea5u h\u00ecnh kh\u00e1c nhau (SSD vs HDD, GPU vs CPU th\u01b0\u1eddng, \u2026), mu\u1ed1n t\u1ed1i \u01b0u resource.<\/li>\n\n\n\n<li>B\u1ea3o v\u1ec7 master node: g\u00e1n taint cho c\u00e1c master node \u0111\u1ec3 ng\u0103n workload \u0111\u01b0\u1ee3c schedule l\u00ean \u0111\u00f3<\/li>\n\n\n\n<li>C\u1ea7n t\u0103ng \u0111\u1ed9 tin c\u1eady, ph\u00e2n t\u00e1n Pod tr\u00e1nh \u0111i\u1ec3m l\u1ed7i \u0111\u01a1n (single-point-of-failure).<\/li>\n<\/ul>\n\n\n\n<p id=\"h-c\u1ee5-th\u1ec3-h\u01a1n\">C\u1ee5 th\u1ec3 h\u01a1n:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Taints\/Tolerations: D\u00f9ng khi b\u1ea1n mu\u1ed1n \u0111\u1eb7t \u201ch\u00e0ng r\u00e0o\u201d c\u1ed1 \u0111\u1ecbnh t\u1ea1i node, \u0111\u1ec3 node ch\u1ec9 s\u1eb5n s\u00e0ng \u0111\u00f3n Pod c\u00f3 toleration. R\u1ea5t h\u1eefu \u00edch \u0111\u1ec3 c\u00f4 l\u1eadp node cho workload \u0111\u1eb7c bi\u1ec7t.<\/li>\n\n\n\n<li>Affinity \/ Anti-Affinity: Linh ho\u1ea1t h\u01a1n, d\u1ef1a tr\u00ean label, d\u00f9ng \u0111\u1ec3 h\u01b0\u1edbng Pod \u0111\u1ebfn ho\u1eb7c tr\u00e1nh node\/Pod theo \u0111i\u1ec1u ki\u1ec7n linh ho\u1ea1t (nh\u01b0 resource, topology, workload type).<\/li>\n<\/ul>\n\n\n\n<p>Trong nhi\u1ec1u k\u1ecbch b\u1ea3n, b\u1ea1n c\u00f3 th\u1ec3 k\u1ebft h\u1ee3p c\u1ea3 hai \u0111\u1ec3 \u0111\u1ea1t \u0111\u01b0\u1ee3c ki\u1ec3m so\u00e1t t\u1ed1t nh\u1ea5t. V\u00ed d\u1ee5: d\u00f9ng taint \u0111\u1ec3 b\u1ea3o v\u1ec7 node nh\u1ea1y c\u1ea3m + d\u00f9ng affinity \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o Pod ph\u00f9 h\u1ee3p \u0111\u01b0\u1ee3c schedule \u0111\u00fang n\u01a1i.<\/p>\n\n\n\n<p id=\"h-cach-s\u1eed-d\u1ee5ng-vi-d\u1ee5-yaml-gi\u1ea3i-thich\"><strong>C\u00e1ch s\u1eed d\u1ee5ng (v\u00ed d\u1ee5 YAML + gi\u1ea3i th\u00edch)<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>V\u00ed d\u1ee5 d\u00f9ng Taints \/ Tolerations:<\/strong><\/li>\n<\/ul>\n\n\n\n<p>G\u1eafn taint l\u00ean Node<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl taint nodes node-1 key=value:NoSchedule<\/code><\/pre>\n\n\n\n<p>V\u00ed d\u1ee5:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl taint nodes gpu-node-1 gpu=true:NoSchedule\n\nkubectl taint nodes master-node node-role.kubernetes.io\/master:NoSchedule<\/code><\/pre>\n\n\n\n<p>Node node-1 gi\u1edd c\u00f3 taint. Pod b\u00ecnh th\u01b0\u1eddng s\u1ebd kh\u00f4ng \u0111\u01b0\u1ee3c schedule v\u00e0o node n\u00e0y.<\/p>\n\n\n\n<p>Trong Pod\/Deployment, th\u00eam toleration<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>spec:\n\n\u00a0\u00a0tolerations:\n\n\u00a0\u00a0- key: \"key\"\n\n\u00a0\u00a0\u00a0\u00a0operator: \"Equal\"\n\n\u00a0\u00a0\u00a0\u00a0value: \"value\"\n\n\u00a0\u00a0\u00a0\u00a0effect: \"NoSchedule\"<\/code><\/pre>\n\n\n\n<p>Khi Pod c\u00f3 \u0111o\u1ea1n tr\u00ean, n\u00f3 c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c schedule l\u00ean node-1.<\/p>\n\n\n\n<p>\u00dd ngh\u0129a: taint\/toleration gi\u00fap b\u1ea1n gi\u1eef &#8220;node c\u00f4 l\u1eadp&#8221;, ch\u1ec9 nh\u1eefng Pod \u0111\u01b0\u1ee3c ph\u00e9p m\u1edbi v\u00e0o node \u0111\u00f3.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>V\u00ed d\u1ee5 d\u00f9ng Node Affinity \/ Anti-Affinity:<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Y\u00eau c\u1ea7u Pod ch\u1ea1y tr\u00ean node c\u00f3 label nh\u1ea5t \u0111\u1ecbnh (affinity)<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>spec:\n\n\u00a0\u00a0affinity:\n\n\u00a0\u00a0\u00a0\u00a0nodeAffinity:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0requiredDuringSchedulingIgnoredDuringExecution:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0nodeSelectorTerms:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- matchExpressions:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- key: \"disk\"\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0operator: In\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0values:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- \"ssd\"<\/code><\/pre>\n\n\n\n<p>Pod s\u1ebd ch\u1ec9 \u0111\u01b0\u1ee3c schedule tr\u00ean node g\u1eafn label disk=ssd.<\/p>\n\n\n\n<p>Tr\u00e1nh Pod ch\u1ea1y c\u00f9ng node c\u00f3 label c\u1ee5 th\u1ec3 (anti-affinity)<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>spec:\n\n\u00a0\u00a0affinity:\n\n\u00a0\u00a0\u00a0\u00a0podAntiAffinity:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0requiredDuringSchedulingIgnoredDuringExecution:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- labelSelector:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0matchLabels:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0app: \"backend\"\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0topologyKey: \"kubernetes.io\/hostname\"<\/code><\/pre>\n\n\n\n<p>Pod s\u1ebd tr\u00e1nh ch\u1ea1y tr\u00ean c\u00f9ng node v\u1edbi b\u1ea5t k\u1ef3 Pod n\u00e0o c\u00f3 label app: backend.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-network-policy-trong-kubernetes-dung-d\u1ec3-ch\u1eb7n-ho\u1eb7c-cho-phep-traffic-ra-sao\"><strong>Network Policy trong Kubernetes d\u00f9ng \u0111\u1ec3 ch\u1eb7n ho\u1eb7c cho ph\u00e9p traffic ra sao?\u00a0<\/strong><\/h3>\n\n\n\n<p>Network Policy trong Kubernetes l\u00e0 t\u1eadp h\u1ee3p quy t\u1eafc gi\u00fap b\u1ea1n ki\u1ec3m so\u00e1t Pod \u0111\u01b0\u1ee3c ph\u00e9p g\u1eedi ho\u1eb7c nh\u1eadn traffic t\u1eeb \u0111\u00e2u. Thay v\u00ec \u0111\u1ec3 to\u00e0n b\u1ed9 Pod trong cluster t\u1ef1 do giao ti\u1ebfp v\u1edbi nhau (m\u1eb7c \u0111\u1ecbnh l\u00e0 \u201callow all\u201d), Network Policy cho ph\u00e9p b\u1ea1n gi\u1edbi h\u1ea1n traffic theo IP, namespace ho\u1eb7c label c\u1ee7a Pod, gi\u00fap t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt v\u00e0 gi\u1ea3m nguy c\u01a1 l\u00e2y lan khi c\u00f3 s\u1ef1 c\u1ed1.<\/p>\n\n\n\n<p>Network Policy kh\u00f4ng t\u1ef1 ch\u1eb7n traffic; n\u00f3 ho\u1ea1t \u0111\u1ed9ng d\u1ef1a tr\u00ean hai y\u1ebfu t\u1ed1:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Pod selector: x\u00e1c \u0111\u1ecbnh t\u1eadp Pod m\u00e0 ch\u00ednh s\u00e1ch n\u00e0y \u00e1p d\u1ee5ng.<\/li>\n\n\n\n<li>Ingress \/ Egress rules: m\u00f4 t\u1ea3 ngu\u1ed3n traffic \u0111\u01b0\u1ee3c ph\u00e9p \u0111i v\u00e0o (ingress) ho\u1eb7c \u0111i ra (egress) t\u1eeb Pod.<\/li>\n<\/ul>\n\n\n\n<p>Khi m\u1ed9t Network Policy \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng l\u00ean Pod, m\u1ecdi traffic kh\u00f4ng kh\u1edbp v\u1edbi c\u00e1c rule \u0111\u01b0\u1ee3c khai b\u00e1o s\u1ebd b\u1ecb ch\u1eb7n m\u1eb7c \u0111\u1ecbnh. \u0110i\u1ec1u n\u00e0y bi\u1ebfn Pod t\u1eeb ch\u1ebf \u0111\u1ed9 \u201cm\u1edf ho\u00e0n to\u00e0n\u201d sang \u201cch\u1ec9 cho ph\u00e9p nh\u1eefng g\u00ec \u0111\u01b0\u1ee3c khai b\u00e1o\u201d.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-ch\u1eb7n-ho\u1eb7c-cho-phep-traffic-ingress-traffic-di-vao-pod\"><strong>Ch\u1eb7n ho\u1eb7c cho ph\u00e9p traffic Ingress (traffic \u0111i v\u00e0o Pod)<\/strong><\/h4>\n\n\n\n<p>B\u1ea1n c\u00f3 th\u1ec3 cho ph\u00e9p Pod nh\u1eadn traffic t\u1eeb:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Pod kh\u00e1c c\u00f3 label c\u1ee5 th\u1ec3<\/li>\n\n\n\n<li>Namespace c\u00f3 label c\u1ee5 th\u1ec3<\/li>\n\n\n\n<li>IP range (CIDR) b\u00ean ngo\u00e0i cluster<\/li>\n<\/ul>\n\n\n\n<p>V\u00ed d\u1ee5: Ch\u1ec9 cho ph\u00e9p Pod nh\u1eadn traffic t\u1eeb Pod c\u00f3 label app=frontend:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ingress:\n\n- from:\n\n\u00a0\u00a0- podSelector:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0matchLabels:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0app: frontend<\/code><\/pre>\n\n\n\n<p>M\u1ecdi ngu\u1ed3n kh\u00e1c kh\u00f4ng thu\u1ed9c app=frontend s\u1ebd b\u1ecb ch\u1eb7n.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-ch\u1eb7n-ho\u1eb7c-cho-phep-traffic-egress-traffic-di-ra-kh\u1ecfi-pod\"><strong>Ch\u1eb7n ho\u1eb7c cho ph\u00e9p traffic Egress (traffic \u0111i ra kh\u1ecfi Pod)<\/strong><\/h4>\n\n\n\n<p>Egress rules gi\u00fap b\u1ea1n ki\u1ec3m so\u00e1t Pod c\u00f3 th\u1ec3 g\u1eedi traffic \u0111\u1ebfn \u0111\u00e2u, v\u00ed d\u1ee5:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ch\u1ec9 cho ph\u00e9p Pod truy c\u1eadp database<\/li>\n\n\n\n<li>C\u1ea5m Pod truy c\u1eadp external internet<\/li>\n\n\n\n<li>C\u1ea5m Pod truy c\u1eadp internet<\/li>\n\n\n\n<li>Ch\u1ec9 cho ph\u00e9p g\u1ecdi API n\u1ed9i b\u1ed9<\/li>\n<\/ul>\n\n\n\n<p>V\u00ed d\u1ee5: Ch\u1ec9 cho ph\u00e9p Pod g\u1eedi traffic \u0111\u1ebfn d\u1ea3i IP n\u1ed9i b\u1ed9 10.0.0.0\/24:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>egress:\n\n- to:\n\n\u00a0\u00a0- ipBlock:\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0cidr: 10.0.0.0\/24<\/code><\/pre>\n\n\n\n<p>Pod kh\u00f4ng th\u1ec3 g\u1eedi traffic ra ngo\u00e0i d\u1ea3i IP n\u00e0y.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-khi-nao-network-policy-co-hi\u1ec7u-l\u1ef1c\"><strong>Khi n\u00e0o Network Policy c\u00f3 hi\u1ec7u l\u1ef1c?<\/strong><\/h3>\n\n\n\n<p id=\"h-network-policy-ch\u1ec9-ho\u1ea1t-d\u1ed9ng-n\u1ebfu-cluster-h\u1ed7-tr\u1ee3-cni-phu-h\u1ee3p-n\u1ebfu-cni-khong-h\u1ed7-tr\u1ee3-network-policy-thi-policy-s\u1ebd-khong-co-hi\u1ec7u-l\u1ef1c-du-b\u1ea1n-ap-d\u1ee5ng-dung-nbsp\">Network Policy ch\u1ec9 ho\u1ea1t \u0111\u1ed9ng n\u1ebfu cluster h\u1ed7 tr\u1ee3 CNI ph\u00f9 h\u1ee3p. N\u1ebfu CNI kh\u00f4ng h\u1ed7 tr\u1ee3 Network Policy th\u00ec policy s\u1ebd kh\u00f4ng c\u00f3 hi\u1ec7u l\u1ef1c, d\u00f9 b\u1ea1n \u00e1p d\u1ee5ng \u0111\u00fang.&nbsp;<\/p>\n\n\n\n<p id=\"h-va-khong-ph\u1ea3i-m\u1ecdi-cni-plugin-d\u1ec1u-h\u1ed7-tr\u1ee3-network-policy-cac-plugin-n\u1ed5i-b\u1eadt-h\u1ed7-tr\u1ee3-g\u1ed3m\">V\u00e0 kh\u00f4ng ph\u1ea3i m\u1ecdi CNI plugin \u0111\u1ec1u h\u1ed7 tr\u1ee3 Network Policy. C\u00e1c plugin n\u1ed5i b\u1eadt h\u1ed7 tr\u1ee3 g\u1ed3m:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Calico<\/li>\n\n\n\n<li>Cilium<\/li>\n\n\n\n<li>Weave Net<\/li>\n\n\n\n<li>Kube-router<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-khi-nao-nen-dung-network-policy\"><strong>Khi n\u00e0o n\u00ean d\u00f9ng Network Policy?<\/strong><\/h3>\n\n\n\n<p>T\u00f4i th\u01b0\u1eddng d\u00f9ng Network Policy khi:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>C\u1ea7n c\u00f4 l\u1eadp c\u00e1c service quan tr\u1ecdng nh\u01b0 database ho\u1eb7c API nh\u1ea1y c\u1ea3m<\/li>\n\n\n\n<li>Mu\u1ed1n \u0111\u1ea3m b\u1ea3o m\u1ed7i microservice ch\u1ec9 giao ti\u1ebfp \u0111\u00fang ph\u1ea1m vi<\/li>\n\n\n\n<li>C\u1ea7n \u0111\u00e1p \u1ee9ng ti\u00eau chu\u1ea9n b\u1ea3o m\u1eadt (ISO, PCI-DSS\u2026)<\/li>\n\n\n\n<li>Cluster \u0111a tenant v\u1edbi c\u01a1 ch\u1ebf c\u00f4 l\u1eadp b\u1eb1ng Namespace<\/li>\n\n\n\n<li>Mu\u1ed1n gi\u1ea3m r\u1ee7i ro khi m\u1ed9t Pod b\u1ecb x\u00e2m nh\u1eadp, h\u1ea1n ch\u1ebf lateral movement<\/li>\n\n\n\n<li>Y\u00eau c\u1ea7u tu\u00e2n th\u1ee7 (compliance) \u0111\u1ed1i v\u1edbi c\u00e1c ng\u00e0nh ch\u1ecbu s\u1ef1 qu\u1ea3n l\u00fd nghi\u00eam ng\u1eb7t<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-cach-t\u1ed1i-\u01b0u-chi-phi-cho-cluster-kubernetes\"><strong>C\u00e1ch t\u1ed1i \u01b0u chi ph\u00ed cho cluster Kubernetes?\u00a0<\/strong><\/h3>\n\n\n\n<p>D\u01b0\u1edbi \u0111\u00e2y l\u00e0 c\u00e1c c\u00e1ch m\u00e0 t\u00f4i \u00e1p d\u1ee5ng \u0111\u1ec3 t\u1ed1i \u01b0u chi ph\u00ed khi v\u1eadn h\u00e0nh cluster.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-ch\u1ecdn-lo\u1ea1i-tai-nguyen-phu-h\u1ee3p-amp-di\u1ec1u-ch\u1ec9nh-dung-requests-limits\"><strong>Ch\u1ecdn lo\u1ea1i t\u00e0i nguy\u00ean ph\u00f9 h\u1ee3p &amp; \u0111i\u1ec1u ch\u1ec9nh \u0111\u00fang requests\/limits<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u0110\u1eb7t requests v\u00e0 limits h\u1ee3p l\u00fd cho Pod, tr\u00e1nh khai b\u00e1o qu\u00e1 cao so v\u1edbi nhu c\u1ea7u th\u1ef1c t\u1ebf, khi\u1ebfn node ph\u1ea3i c\u1ea5p ph\u00e1t t\u00e0i nguy\u00ean d\u01b0 th\u1eeba.<\/li>\n\n\n\n<li>S\u1eed d\u1ee5ng t\u00e0i nguy\u00ean shared ho\u1eb7c nh\u1eb9 cho c\u00e1c service nh\u1ecf, tr\u00e1nh s\u1eed d\u1ee5ng node c\u1ee9ng c\u1ea5u h\u00ecnh cao cho workload nh\u1eb9.<\/li>\n\n\n\n<li>LimitRange \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 \u00e1p \u0111\u1eb7t gi\u1edbi h\u1ea1n t\u00e0i nguy\u00ean t\u1ed1i thi\u1ec3u v\u00e0 t\u1ed1i \u0111a cho m\u1ed7i Pod<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-dung-auto-scaling-scale-theo-nhu-c\u1ea7u-th\u1ef1c-t\u1ebf\"><strong>D\u00f9ng auto-scaling: scale theo nhu c\u1ea7u th\u1ef1c t\u1ebf<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>S\u1eed d\u1ee5ng Horizontal Pod Autoscaler (HPA) \u0111\u1ec3 t\u1ef1 \u0111\u1ed9ng scale Pod khi t\u1ea3i t\u0103ng, v\u00e0 scale xu\u1ed1ng khi t\u1ea3i th\u1ea5p, ti\u1ebft ki\u1ec7m t\u00e0i nguy\u00ean khi cluster \u00edt s\u1eed d\u1ee5ng.<\/li>\n\n\n\n<li>N\u1ebfu c\u00f3 th\u1ec3, d\u00f9ng Cluster Autoscaler \u0111\u1ec3 t\u1ef1 \u0111\u1ed9ng scale node, t\u1ee9c l\u00e0 th\u00eam node khi c\u1ea7n, thu g\u1ecdn khi kh\u00f4ng c\u1ea7n, gi\u1ea3m chi ph\u00ed idle node.<\/li>\n\n\n\n<li>T\u1ef1 \u0111\u1ed9ng scale d\u1ef1a tr\u00ean d\u1ef1 \u0111o\u00e1n b\u1eb1ng m\u00f4 h\u00ecnh Machine Learning \u0111\u1ec3 nh\u1eadn di\u1ec7n v\u00e0 h\u1ecdc c\u00e1c m\u00f4 h\u00ecnh traffic<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-s\u1eed-d\u1ee5ng-may-\u1ea3o-gia-r\u1ebb-spot-preemptible-low-cost-instances-cho-moi-tr\u01b0\u1eddng-khong-qua-quan-tr\u1ecdng\"><strong>S\u1eed d\u1ee5ng m\u00e1y \u1ea3o gi\u00e1 r\u1ebb Spot \/ Preemptible \/ Low-cost instances (cho m\u00f4i tr\u01b0\u1eddng kh\u00f4ng qu\u00e1 quan tr\u1ecdng)<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>V\u1edbi workload kh\u00f4ng y\u00eau c\u1ea7u uptime 24\/7 ho\u1eb7c ch\u1ea5p nh\u1eadn m\u1ea5t node t\u1ea1m th\u1eddi, b\u1ea1n c\u00f3 th\u1ec3 d\u00f9ng spot instance \/ preemptible VM \u2013 gi\u00e1 m\u1ec1m h\u01a1n r\u1ea5t nhi\u1ec1u so v\u1edbi instance th\u01b0\u1eddng.<\/li>\n\n\n\n<li>Ph\u00f9 h\u1ee3p v\u1edbi batch job, workload kh\u00f4ng quan tr\u1ecdng uptime, ho\u1eb7c workload c\u00f3 kh\u1ea3 n\u0103ng t\u1ef1 recover.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-t\u1ed1i-\u01b0u-vi\u1ec7c-chia-s\u1ebb-tai-nguyen-va-khai-thac-mo-hinh-da-ng\u01b0\u1eddi-dung\"><strong>T\u1ed1i \u01b0u vi\u1ec7c chia s\u1ebb t\u00e0i nguy\u00ean v\u00e0 khai th\u00e1c m\u00f4 h\u00ecnh \u0111a ng\u01b0\u1eddi d\u00f9ng<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>G\u1ed9p nhi\u1ec1u microservice nh\u1eb9 v\u00e0o c\u00f9ng node n\u1ebfu kh\u00f4ng xung \u0111\u1ed9t resource, t\u1eadn d\u1ee5ng t\u1ed1i \u0111a CPU\/RAM, tr\u00e1nh d\u01b0 th\u1eeba.<\/li>\n\n\n\n<li>D\u00f9ng Namespace k\u1ebft h\u1ee3p quota v\u00e0 gi\u1edbi h\u1ea1n t\u00e0i nguy\u00ean \u0111\u1ec3 ph\u00e2n b\u1ed5 resource c\u00f4ng b\u1eb1ng, tr\u00e1nh l\u00e3ng ph\u00ed t\u00e0i nguy\u00ean.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-xoa-resource-khong-c\u1ea7n-thi\u1ebft\"><strong>Xo\u00e1 resource kh\u00f4ng c\u1ea7n thi\u1ebft<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Xo\u00e1 Pod, Job, ReplicaSet c\u0169, storage kh\u00f4ng d\u00f9ng n\u1eefa, tr\u00e1nh gi\u1eef resource idle.<\/li>\n\n\n\n<li>\u00c1p d\u1ee5ng lifecycle policy cho Persistent Volume, logs, artifacts\u2026<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-giam-sat-do-l\u01b0\u1eddng-chi-phi-va-s\u1eed-d\u1ee5ng-tai-nguyen-th\u01b0\u1eddng-xuyen\"><strong>Gi\u00e1m s\u00e1t, \u0111o l\u01b0\u1eddng chi ph\u00ed v\u00e0 s\u1eed d\u1ee5ng t\u00e0i nguy\u00ean th\u01b0\u1eddng xuy\u00ean<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>S\u1eed d\u1ee5ng monitoring \u0111\u1ec3 theo d\u00f5i m\u1ee9c s\u1eed d\u1ee5ng CPU, memory, storage, network, t\u1eeb \u0111\u00f3 ph\u00e1t hi\u1ec7n resource d\u01b0 th\u1eeba.<\/li>\n\n\n\n<li>Ph\u00e2n t\u00edch chi ph\u00ed theo namespace, workload, th\u1eddi gian \u0111\u1ec3 t\u00ecm n\u01a1i \u0111ang g\u00e2y l\u00e3ng ph\u00ed t\u00e0i nguy\u00ean.<\/li>\n\n\n\n<li>D\u1ef1a v\u00e0o d\u1eef li\u1ec7u th\u1ef1c t\u1ebf \u0111\u1ec3 t\u1ed1i \u01b0u requests\/limits, scaling, scheduling.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-ch\u1ecdn-dung-lo\u1ea1i-storage-amp-gi\u1ea3i-phap-l\u01b0u-tr\u1eef-phu-h\u1ee3p\"><strong>Ch\u1ecdn \u0111\u00fang lo\u1ea1i storage &amp; gi\u1ea3i ph\u00e1p l\u01b0u tr\u1eef ph\u00f9 h\u1ee3p<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>V\u1edbi d\u1eef li\u1ec7u kh\u00f4ng c\u1ea7n b\u1ec1n l\u00e2u: d\u00f9ng storage nh\u1eb9, shared storage, kh\u00f4ng c\u1ea7n disk hi\u1ec7u n\u0103ng cao.<\/li>\n\n\n\n<li>V\u1edbi production: c\u00e2n nh\u1eafc gi\u1eefa performance v\u00e0 chi ph\u00ed \u0111\u1ec3 ch\u1ecdn storage ph\u00f9 h\u1ee3p workload, tr\u00e1nh d\u00f9ng storage \u0111\u1eaft ti\u1ec1n cho service nh\u1ecf.<\/li>\n\n\n\n<li>Th\u01b0\u1eddng xuy\u00ean d\u1ecdn d\u1eb9p c\u00e1c PersistentVolumeClaims (PVC) v\u00e0 snapshots kh\u00f4ng c\u00f2n s\u1eed d\u1ee5ng \u0111\u1ec3 tr\u00e1nh l\u00e3ng ph\u00ed t\u00e0i nguy\u00ean l\u01b0u tr\u1eef<\/li>\n<\/ul>\n\n\n\n<p><strong>T\u00f4i th\u01b0\u1eddng \u00e1p d\u1ee5ng t\u1ed1i \u01b0u chi ph\u00ed cluster khi:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cluster c\u00f3 nhi\u1ec1u service, microservice, workload \u0111a d\u1ea1ng.<\/li>\n\n\n\n<li>Chi ph\u00ed v\u1eadn h\u00e0nh cao, mu\u1ed1n t\u1ed1i \u01b0u ng\u00e2n s\u00e1ch.<\/li>\n\n\n\n<li>T\u00e0i nguy\u00ean cloud h\u1ea1n ch\u1ebf, c\u1ea7n c\u00e2n nh\u1eafc hi\u1ec7u qu\u1ea3 s\u1eed d\u1ee5ng.<\/li>\n\n\n\n<li>Mu\u1ed1n \u0111\u1ea3m b\u1ea3o hi\u1ec7u n\u0103ng m\u00e0 v\u1eabn ti\u1ebft ki\u1ec7m chi ph\u00ed cho d\u00e0i h\u1ea1n.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-gi\u1ea3i-thich-quy-trinh-scheduling-c\u1ee7a-kubernetes\"><strong>Gi\u1ea3i th\u00edch quy tr\u00ecnh scheduling c\u1ee7a Kubernetes?\u00a0<\/strong><\/h3>\n\n\n\n<p>Trong Kubernetes, scheduling l\u00e0 qu\u00e1 tr\u00ecnh m\u00e0 h\u1ec7 th\u1ed1ng l\u1ef1a ch\u1ecdn node ph\u00f9 h\u1ee3p nh\u1ea5t \u0111\u1ec3 \u0111\u1eb7t m\u1ed9t Pod m\u1edbi l\u00ean, quy\u1ebft \u0111\u1ecbnh Pod s\u1ebd ch\u1ea1y \u1edf node n\u00e0o. Vi\u1ec7c scheduling \u0111\u1ea3m b\u1ea3o r\u1eb1ng Pod c\u00f3 \u0111\u1ee7 t\u00e0i nguy\u00ean, \u0111\u00e1p \u1ee9ng r\u00e0ng bu\u1ed9c v\u00e0 t\u1ed1i \u01b0u ph\u00e2n b\u1ed5 t\u00e0i nguy\u00ean to\u00e0n cluster.<\/p>\n\n\n\n<p>Khi b\u1ea1n t\u1ea1o Pod (qua Deployment, ReplicaSet ho\u1eb7c tr\u1ef1c ti\u1ebfp), scheduler c\u1ee7a Kubernetes s\u1ebd th\u1ef1c hi\u1ec7n c\u00e1c b\u01b0\u1edbc sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Pod \u0111\u01b0\u1ee3c g\u1eedi t\u1edbi API Server<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Pod specification (manifest) \u0111\u01b0\u1ee3c g\u1eedi l\u00ean qua API (v\u00ed d\u1ee5 kubectl apply). Kubernetes l\u01b0u Pod v\u00e0o etcd v\u1edbi tr\u1ea1ng th\u00e1i \u201cPending\u201d v\u00e0 nodeName field r\u1ed7ng.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Scheduler l\u1ecdc c\u00e1c node ph\u00f9 h\u1ee3p<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Scheduler (th\u01b0\u1eddng l\u00e0 kube-scheduler) s\u1ebd t\u00ecm t\u1ea5t c\u1ea3 node ph\u00f9 h\u1ee3p \u0111\u1ec3 \u0111\u1eb7t Pod b\u1eb1ng c\u00e1ch ki\u1ec3m tra nhi\u1ec1u \u0111i\u1ec1u ki\u1ec7n nh\u01b0:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Node c\u00f3 \u0111\u1ee7 t\u00e0i nguy\u00ean (CPU, memory) tr\u1ed1ng \u0111\u1ec3 \u0111\u00e1p \u1ee9ng requests\/limits c\u1ee7a Pod.<\/li>\n\n\n\n<li>Node ph\u00f9 h\u1ee3p v\u1edbi affinity\/anti-affinity, taints\/tolerations ho\u1eb7c c\u00e1c r\u00e0ng bu\u1ed9c kh\u00e1c.<\/li>\n\n\n\n<li>Node \u0111\u00e1p \u1ee9ng r\u00e0ng bu\u1ed9c v\u1ec1 labels, taints, zone\/region, topology constraints\u2026<\/li>\n<\/ul>\n\n\n\n<p>N\u1ebfu kh\u00f4ng \u0111\u00e1p \u1ee9ng, node \u0111\u00f3 b\u1ecb lo\u1ea1i (filter) kh\u1ecfi danh s\u00e1ch.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Scheduler \u0111\u00e1nh gi\u00e1 &amp; \u01b0u ti\u00ean<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Trong s\u1ed1 c\u00e1c node c\u00f2n l\u1ea1i, scheduler s\u1ebd ch\u1ea5m \u0111i\u1ec3m (score) t\u1eebng node theo c\u00e1c ti\u00eau ch\u00ed, v\u00ed d\u1ee5:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Node c\u00f3 \u00edt workload h\u01a1n (t\u1ea3i th\u1ea5p)<\/li>\n\n\n\n<li>Node ph\u00f9 h\u1ee3p nh\u1ea5t v\u1ec1 resource, locality, d\u1eef li\u1ec7u storage, network<\/li>\n\n\n\n<li>\u01afu ti\u00ean c\u00e2n b\u1eb1ng t\u1ea3i gi\u1eefa c\u00e1c node<\/li>\n<\/ul>\n\n\n\n<p>Node c\u00f3 \u0111i\u1ec3m cao nh\u1ea5t \u0111\u01b0\u1ee3c ch\u1ecdn \u0111\u1ec3 ch\u1ea1y Pod.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Binding Pod v\u1edbi Node<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Sau khi ch\u1ecdn node, scheduler g\u1eedi th\u00f4ng b\u00e1o \u0111\u1ebfn API Server \u0111\u1ec3 bind Pod v\u1edbi node \u0111\u00f3, t\u1ee9c l\u00e0 kh\u1eb3ng \u0111\u1ecbnh Pod s\u1ebd ch\u1ea1y \u1edf node \u0111\u00f3.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Kubelet tr\u00ean node nh\u1eadn l\u1ec7nh v\u00e0 kh\u1edfi ch\u1ea1y Pod<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Tr\u00ean node \u0111\u01b0\u1ee3c ch\u1ecdn: Agent kubelet nh\u1eadn l\u1ec7nh, t\u1ea3i container image, g\u1eafn volume, thi\u1ebft l\u1eadp networking, v\u00e0 kh\u1edfi \u0111\u1ed9ng container theo spec.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Thi\u1ebft l\u1eadp networking, storage, volumes v\u00e0 theo d\u00f5i tr\u1ea1ng th\u00e1i<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Sau khi container kh\u1edfi ch\u1ea1y, h\u1ec7 th\u1ed1ng g\u1eafn IP, mount volume, thi\u1ebft l\u1eadp network (qua CNI plugin n\u1ebfu c\u00f3), \u00e1p d\u1ee5ng policy, v\u00e0 qu\u1ea3n l\u00fd lifecycle c\u1ee7a Pod.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-vi-sao-quy-trinh-scheduling-quan-tr\u1ecdng\"><strong>V\u00ec sao quy tr\u00ecnh scheduling quan tr\u1ecdng?<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Gi\u00fap t\u1ed1i \u01b0u resource, tr\u00e1nh ph\u00e2n b\u1ed5 v\u01b0\u1ee3t m\u1ee9c t\u00e0i nguy\u00ean (overcommit), t\u1eadn d\u1ee5ng CPU\/memory hi\u1ec7u qu\u1ea3.<\/li>\n\n\n\n<li>\u0110\u1ea3m b\u1ea3o t\u00ednh \u1ed5n \u0111\u1ecbnh: Pod kh\u00f4ng b\u1ecb schedule l\u00ean node kh\u00f4ng ph\u00f9 h\u1ee3p (qu\u00e1 t\u1ea3i, thi\u1ebfu t\u00e0i nguy\u00ean, kh\u00f4ng \u0111\u00e1p \u1ee9ng affinity\/taint).<\/li>\n\n\n\n<li>H\u1ed7 tr\u1ee3 scale &amp; high availability: Khi c\u00f3 nhi\u1ec1u node, scheduler ph\u00e2n b\u1ed5 \u0111\u1ec1u, tr\u00e1nh single point of failure (\u0111i\u1ec3m l\u1ed7i duy nh\u1ea5t).<\/li>\n\n\n\n<li>Cho ph\u00e9p \u00e1p d\u1ee5ng r\u00e0ng bu\u1ed9c ph\u1ee9c t\u1ea1p (affinity, taints\/tolerations, storage locality\u2026), gi\u00fap deployment linh ho\u1ea1t v\u00e0 ph\u00f9 h\u1ee3p nhi\u1ec1u scenario.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-vi-sao-secret-encryption-at-rest-quan-tr\u1ecdng-khi-nao-nen-b\u1eadt-secret-encryption-at-rest\"><strong>V\u00ec sao Secret encryption at rest quan tr\u1ecdng? Khi n\u00e0o n\u00ean b\u1eadt Secret encryption at rest?<\/strong><\/h3>\n\n\n\n<p>Encryption at rest ngh\u0129a l\u00e0 qu\u00e1 tr\u00ecnh m\u00e3 h\u00f3a d\u1eef li\u1ec7u ngay khi n\u00f3 \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef, t\u1ee9c l\u00e0 khi d\u1eef li\u1ec7u kh\u00f4ng n\u1eb1m trong qu\u00e1 tr\u00ecnh truy\u1ec1n (in-transit), m\u00e0 \u0111ang \u201cngh\u1ec9\u201d (at rest) tr\u00ean \u0111\u0129a. M\u1eb7c \u0111\u1ecbnh, Kubernetes l\u01b0u Secrets trong etcd d\u01b0\u1edbi d\u1ea1ng base64 encoded (KH\u00d4NG PH\u1ea2I encrypted).<\/p>\n\n\n\n<p>V\u1edbi Kubernetes, khi b\u1ea1n s\u1eed d\u1ee5ng Secret \u0111\u1ec3 l\u01b0u th\u00f4ng tin nh\u1ea1y c\u1ea3m (m\u1eadt kh\u1ea9u, token, key), n\u1ebfu b\u1eadt Secret encryption at rest, ngh\u0129a l\u00e0 Kubernetes s\u1ebd m\u00e3 h\u00f3a n\u1ed9i dung Secret b\u1eb1ng encryption providers tr\u01b0\u1edbc khi l\u01b0u v\u00e0o store n\u1ed9i b\u1ed9 (v\u00ed d\u1ee5 etcd), \u0111\u1ea3m b\u1ea3o r\u1eb1ng ngay c\u1ea3 khi ai \u0111\u00f3 truy c\u1eadp v\u00e0o d\u1eef li\u1ec7u l\u01b0u tr\u1eef v\u1eadt l\u00fd c\u0169ng kh\u00f4ng \u0111\u1ecdc \u0111\u01b0\u1ee3c d\u1eef li\u1ec7u g\u1ed1c m\u00e0 kh\u00f4ng c\u00f3 kh\u00f3a gi\u1ea3i m\u00e3.&nbsp;<\/p>\n\n\n\n<p>N\u00f3 gi\u00fap:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>B\u1ea3o v\u1ec7 d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m: Secrets ch\u1ee9a m\u1eadt kh\u1ea9u, token, certificate\u2026 n\u1ebfu kh\u00f4ng m\u00e3 h\u00f3a, ai c\u00f3 quy\u1ec1n \u0111\u1ecdc store l\u01b0u tr\u1eef c\u00f3 th\u1ec3 l\u1ea5y to\u00e0n b\u1ed9. Encryption at rest gi\u00fap ng\u0103n vi\u1ec7c l\u1ed9 d\u1eef li\u1ec7u.<\/li>\n\n\n\n<li>Gi\u1ea3m thi\u1ec3u r\u1ee7i ro khi sao l\u01b0u ho\u1eb7c snapshot: Khi cluster b\u1ecb backup, snapshot \u1ed5 \u0111\u0129a ho\u1eb7c etcd \u0111\u01b0\u1ee3c l\u01b0u l\u1ea1i, d\u1eef li\u1ec7u v\u1eabn \u1edf d\u1ea1ng m\u00e3 h\u00f3a, tr\u00e1nh r\u00f2 r\u1ec9 n\u1ebfu backup b\u1ecb l\u1ed9.<\/li>\n\n\n\n<li>Tu\u00e2n th\u1ee7 y\u00eau c\u1ea7u b\u1ea3o m\u1eadt &amp; compliance: Nhi\u1ec1u ti\u00eau chu\u1ea9n b\u1ea3o m\u1eadt y\u00eau c\u1ea7u d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m ph\u1ea3i \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a khi l\u01b0u tr\u1eef, encryption at rest gi\u00fap \u0111\u00e1p \u1ee9ng \u0111i\u1ec1u n\u00e0y.<\/li>\n\n\n\n<li>An to\u00e0n ngay c\u1ea3 khi server v\u1eadt l\u00fd b\u1ecb x\u00e2m ph\u1ea1m: N\u1ebfu ai \u0111\u00f3 c\u00f3 truy c\u1eadp v\u1eadt l\u00fd ho\u1eb7c truy c\u1eadp v\u00e0o \u1ed5 l\u01b0u tr\u1eef, h\u1ecd c\u0169ng kh\u00f4ng th\u1ec3 \u0111\u1ecdc d\u1eef li\u1ec7u Secret n\u1ebfu kh\u00f4ng c\u00f3 kh\u00f3a gi\u1ea3i m\u00e3.<\/li>\n<\/ul>\n\n\n\n<p>N\u00ean b\u1eadt khi:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cluster ch\u1ee9a d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m (credential, key, token\u2026).<\/li>\n\n\n\n<li>C\u00f3 ch\u00ednh s\u00e1ch b\u1ea3o m\u1eadt nghi\u00eam ng\u1eb7t ho\u1eb7c tu\u00e2n th\u1ee7 compliance.<\/li>\n\n\n\n<li>C\u00f3 backup, snapshot, ho\u1eb7c l\u01b0u tr\u1eef d\u00e0i h\u1ea1n d\u1eef li\u1ec7u.<\/li>\n\n\n\n<li>Mu\u1ed1n b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u tr\u01b0\u1edbc c\u1ea3 c\u00e1c r\u1ee7i ro v\u1eadt l\u00fd (\u1ed5 \u0111\u0129a, server).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-lam-sao-phat-hi\u1ec7n-resource-bottleneck-c\u1ee7a-m\u1ed9t-workload\"><strong>L\u00e0m sao ph\u00e1t hi\u1ec7n resource bottleneck c\u1ee7a m\u1ed9t workload?\u00a0<\/strong><\/h3>\n\n\n\n<p>\u0110\u1ec3 ph\u00e1t hi\u1ec7n workload \u0111ang g\u1eb7p resource bottleneck, n\u00ean theo d\u00f5i ba nh\u00f3m ch\u1ec9 s\u1ed1 ch\u00ednh: CPU, memory v\u00e0 I\/O (disk ho\u1eb7c network). N\u1ebfu m\u1ed9t trong c\u00e1c t\u00e0i nguy\u00ean n\u00e0y li\u00ean t\u1ee5c b\u1ecb d\u00f9ng g\u1ea7n m\u1ee9c t\u1ed1i \u0111a ho\u1eb7c v\u01b0\u1ee3t qu\u00e1 requests\/limits, \u0111\u00f3 l\u00e0 d\u1ea5u hi\u1ec7u r\u00f5 r\u00e0ng c\u1ee7a bottleneck.<\/p>\n\n\n\n<p>V\u00ed d\u1ee5:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CPU bottleneck: Pod lu\u00f4n \u1edf m\u1ee9c 90\u2013100% CPU, container ph\u1ea3n h\u1ed3i ch\u1eadm, HPA scale l\u00ean li\u00ean t\u1ee5c.<\/li>\n\n\n\n<li>Memory bottleneck: Pod th\u01b0\u1eddng xuy\u00ean b\u1ecb OOMKilled ho\u1eb7c memory spike cao b\u1ea5t th\u01b0\u1eddng.<\/li>\n\n\n\n<li>I\/O bottleneck: \u1ee8ng d\u1ee5ng \u0111\u1ecdc\/ghi ch\u1eadm, latency network t\u0103ng m\u1ea1nh khi traffic cao.<\/li>\n<\/ul>\n\n\n\n<p>T\u00f4i s\u1eed d\u1ee5ng kubectl top pods, metrics server, Prometheus\/Grafana \u0111\u1ec3 xem xu h\u01b0\u1edbng t\u00e0i nguy\u00ean. Khi th\u1ea5y workload b\u1ecb gi\u1edbi h\u1ea1n \u1edf m\u1ed9t t\u00e0i nguy\u00ean nh\u1ea5t \u0111\u1ecbnh trong khi c\u00e1c t\u00e0i nguy\u00ean kh\u00e1c c\u00f2n d\u01b0, \u0111\u00f3 ch\u00ednh l\u00e0 bottleneck. T\u1eeb \u0111\u00f3 t\u00f4i \u0111i\u1ec1u ch\u1ec9nh requests\/limits, scale pods ho\u1eb7c t\u1ed1i \u01b0u \u1ee9ng d\u1ee5ng t\u00f9y theo nguy\u00ean nh\u00e2n.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-container-runtime-interface-cri-ho\u1ea1t-d\u1ed9ng-ra-sao-vi-sao-no-quan-tr\u1ecdng\"><strong>Container Runtime Interface (CRI) ho\u1ea1t \u0111\u1ed9ng ra sao? V\u00ec sao n\u00f3 quan tr\u1ecdng?<\/strong><\/h3>\n\n\n\n<p>CRI (Container Runtime Interface) l\u00e0 m\u1ed9t giao di\u1ec7n chu\u1ea9n m\u00e0 Kubernetes s\u1eed d\u1ee5ng \u0111\u1ec3 t\u01b0\u01a1ng t\u00e1c v\u1edbi ph\u1ea7n m\u1ec1m runtime ch\u1ecbu tr\u00e1ch nhi\u1ec7m kh\u1edfi ch\u1ea1y, qu\u1ea3n l\u00fd, v\u00e0 v\u1eadn h\u00e0nh container tr\u00ean node. Nh\u1edd CRI, Kubernetes kh\u00f4ng ph\u1ee5 thu\u1ed9c v\u00e0o m\u1ed9t container runtime c\u1ed1 \u0111\u1ecbnh, n\u00f3 c\u00f3 th\u1ec3 l\u00e0m vi\u1ec7c v\u1edbi nhi\u1ec1u runtime kh\u00e1c nhau nh\u01b0 containerd, CRI-O,&#8230;<\/p>\n\n\n\n<p><strong>C\u00e1ch CRI ho\u1ea1t \u0111\u1ed9ng trong Kubernetes<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Khi Kubernetes mu\u1ed1n ch\u1ea1y m\u1ed9t Pod \/ container, n\u00f3 g\u1eedi y\u00eau c\u1ea7u \u0111\u1ebfn kubelet tr\u00ean node.<\/li>\n\n\n\n<li>Kubelet s\u1eed d\u1ee5ng CRI \u0111\u1ec3 chuy\u1ec3n y\u00eau c\u1ea7u \u0111\u00f3 t\u1edbi runtime (containerd, CRI-O, \u2026).<\/li>\n\n\n\n<li>Container runtime th\u1ef1c hi\u1ec7n c\u00e1c b\u01b0\u1edbc kh\u1edfi t\u1ea1o container: t\u1ea3i image, t\u1ea1o filesystem, c\u1ea5p ph\u00e1t resource, thi\u1ebft l\u1eadp m\u1ea1ng\/volume, v\u00e0 kh\u1edfi container.<\/li>\n\n\n\n<li>Sau \u0111\u00f3 runtime gi\u00e1m s\u00e1t container, b\u00e1o l\u1ea1i cho kubelet v\u1ec1 tr\u1ea1ng th\u00e1i (running, exited, logs, resource usage, restart, \u2026).<\/li>\n\n\n\n<li>Nh\u1edd CRI, Kubernetes c\u00f3 th\u1ec3 thay \u0111\u1ed5i runtime m\u00e0 kh\u00f4ng c\u1ea7n thay \u0111\u1ed5i logic orchestration, t\u1eeb \u0111\u00f3 gi\u00fap cluster linh ho\u1ea1t v\u00e0 d\u1ec5 n\u00e2ng c\u1ea5p.<\/li>\n<\/ul>\n\n\n\n<p><strong>V\u00ec sao CRI quan tr\u1ecdng?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T\u00ednh \u0111a d\u1ea1ng &amp; linh ho\u1ea1t: Cho ph\u00e9p d\u00f9ng nhi\u1ec1u container runtime kh\u00e1c nhau t\u00f9y nhu c\u1ea7u.<\/li>\n\n\n\n<li>T\u00e1ch bi\u1ec7t orchestration &amp; runtime: Kubernetes lo scheduling, qu\u1ea3n l\u00fd Pod, c\u00f2n runtime lo kh\u1edfi container. \u0110\u00e2y l\u00e0 ki\u1ebfn tr\u00fac r\u00f5 r\u00e0ng, d\u1ec5 b\u1ea3o tr\u00ec.<\/li>\n\n\n\n<li>T\u01b0\u01a1ng th\u00edch ti\u00eau chu\u1ea9n: Nh\u1edd CRI, runtime tu\u00e2n theo chu\u1ea9n chung, gi\u1ea3m r\u1ee7i ro t\u01b0\u01a1ng th\u00edch khi \u0111\u1ed5i runtime.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-pod-security-standards-pss-g\u1ed3m-nh\u1eefng-m\u1ee9c-nao-vi-sao-khong-t\u1ed3n-t\u1ea1i-m\u1ed9t-m\u1ee9c-trung-gian-gi\u1eefa-privileged-va-baseline\"><strong>Pod Security Standards (PSS) g\u1ed3m nh\u1eefng m\u1ee9c n\u00e0o? V\u00ec sao kh\u00f4ng t\u1ed3n t\u1ea1i m\u1ed9t m\u1ee9c trung gian gi\u1eefa Privileged v\u00e0 Baseline?<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-pod-security-standards-pss-g\u1ed3m-nh\u1eefng-m\u1ee9c-nao\"><strong>Pod Security Standards (PSS) g\u1ed3m nh\u1eefng m\u1ee9c n\u00e0o?<\/strong><\/h4>\n\n\n\n<p>Pod Security Standards (PSS) replaced Pod Security Policies (PSP) in Kubernetes 1.25. PSS l\u00e0 b\u1ed9 quy t\u1eafc b\u1ea3o m\u1eadt \u00e1p d\u1ee5ng cho Pod nh\u1eb1m ki\u1ec3m so\u00e1t m\u1ee9c \u0111\u1ed9 r\u1ee7i ro khi ch\u1ea1y workload.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Privileged \u2013 M\u1ee9c \u00edt h\u1ea1n ch\u1ebf nh\u1ea5t<\/strong><\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cho ph\u00e9p Pod th\u1ef1c hi\u1ec7n h\u1ea7u h\u1ebft h\u00e0nh \u0111\u1ed9ng m\u00e0 container c\u00f3 th\u1ec3 l\u00e0m tr\u00ean node.<\/li>\n\n\n\n<li>D\u00f9ng cho c\u00e1c tr\u01b0\u1eddng h\u1ee3p \u0111\u1eb7c bi\u1ec7t nh\u01b0 c\u00f4ng c\u1ee5 qu\u1ea3n tr\u1ecb h\u1ec7 th\u1ed1ng, plugin m\u1ea1ng ho\u1eb7c workload thao t\u00e1c tr\u1ef1c ti\u1ebfp v\u1edbi kernel.<\/li>\n\n\n\n<li>Kh\u00f4ng \u0111\u01b0\u1ee3c khuy\u1ebfn kh\u00edch s\u1eed d\u1ee5ng trong m\u00f4i tr\u01b0\u1eddng s\u1ea3n xu\u1ea5t n\u1ebfu kh\u00f4ng th\u1eadt s\u1ef1 c\u1ea7n thi\u1ebft.<\/li>\n\n\n\n<li>M\u1ee9c \u0111\u1ed9 r\u1ee7i ro b\u1ea3o m\u1eadt: CAO NH\u1ea4T<\/li>\n<\/ul>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>Baseline \u2013 C\u00e2n b\u1eb1ng gi\u1eefa ch\u1ee9c n\u0103ng v\u00e0 r\u1ee7i ro<\/strong><\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>M\u1ee9c h\u1ea1n ch\u1ebf v\u1eeba ph\u1ea3i, ch\u1eb7n c\u00e1c c\u1ea5u h\u00ecnh container c\u00f3 nguy c\u01a1 cao nh\u01b0ng v\u1eabn \u0111\u1ee7 linh ho\u1ea1t cho ph\u1ea7n l\u1edbn \u1ee9ng d\u1ee5ng.<\/li>\n\n\n\n<li>Kh\u00f4ng cho ph\u00e9p: \u0111\u1eb7c quy\u1ec1n root t\u00f9y \u00fd, hostPID\/hostNetwork, mount hostPath kh\u00f4ng ki\u1ec3m so\u00e1t, ho\u1eb7c thay \u0111\u1ed5i c\u00e1c capability nh\u1ea1y c\u1ea3m.<\/li>\n<\/ul>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li><strong>Restricted \u2013 M\u1ee9c b\u1ea3o m\u1eadt cao nh\u1ea5t<\/strong><\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Thi\u1ebft k\u1ebf \u0111\u1ec3 tu\u00e2n theo best practice c\u1ee7a container security.<\/li>\n\n\n\n<li>Y\u00eau c\u1ea7u Pod ch\u1ea1y v\u1edbi quy\u1ec1n t\u1ed1i thi\u1ec3u, b\u1eadt seccomp, h\u1ea1n ch\u1ebf capability, kh\u00f4ng \u0111\u01b0\u1ee3c ch\u1ea1y v\u1edbi user root, v\u00e0 kh\u00f4ng can thi\u1ec7p v\u00e0o t\u00e0i nguy\u00ean c\u1ee7a host.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-vi-sao-khong-t\u1ed3n-t\u1ea1i-m\u1ed9t-m\u1ee9c-trung-gian-gi\u1eefa-privileged-va-baseline\"><strong>V\u00ec sao kh\u00f4ng t\u1ed3n t\u1ea1i m\u1ed9t m\u1ee9c trung gian gi\u1eefa Privileged v\u00e0 Baseline?<\/strong><\/h4>\n\n\n\n<p>Kh\u00f4ng t\u1ed3n t\u1ea1i m\u1ed9t m\u1ee9c trung gian gi\u1eefa Privileged v\u00e0 Baseline v\u00ec Kubernetes mu\u1ed1n gi\u1eef PSS \u0111\u01a1n gi\u1ea3n, r\u00f5 r\u00e0ng v\u00e0 d\u1ec5 \u00e1p d\u1ee5ng. Kho\u1ea3ng c\u00e1ch gi\u1eefa hai m\u1ee9c n\u00e0y th\u1ec3 hi\u1ec7n ranh gi\u1edbi quan tr\u1ecdng:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Privileged: cho ph\u00e9p h\u00e0nh vi \u1ea3nh h\u01b0\u1edfng tr\u1ef1c ti\u1ebfp \u0111\u1ebfn host \u2192 r\u1ee7i ro cao.<\/li>\n\n\n\n<li>Baseline: ch\u1eb7n to\u00e0n b\u1ed9 h\u00e0nh vi c\u00f3 th\u1ec3 g\u00e2y nguy hi\u1ec3m cho node \u2192 an to\u00e0n h\u01a1n \u0111\u00e1ng k\u1ec3.<\/li>\n<\/ul>\n\n\n\n<p>M\u1ed9t m\u1ee9c \u201c\u1edf gi\u1eefa\u201d s\u1ebd khi\u1ebfn ti\u00eau chu\u1ea9n tr\u1edf n\u00ean ph\u1ee9c t\u1ea1p, kh\u00f3 hi\u1ec3u v\u00e0 kh\u00f3 \u00e1p d\u1ee5ng, \u0111\u1ed3ng th\u1eddi kh\u00f4ng mang l\u1ea1i gi\u00e1 tr\u1ecb th\u1ef1c t\u1ebf, v\u00ec ch\u1ec9 c\u1ea7n b\u1eadt m\u1ed9t s\u1ed1 quy\u1ec1n \u0111\u1eb7c bi\u1ec7t l\u00e0 workload \u0111\u00e3 ti\u1ebfn g\u1ea7n \u0111\u1ebfn m\u1ee9c Privileged. Do \u0111\u00f3, Kubernetes gi\u1eef c\u1ea5u tr\u00fac 3 m\u1ee9c (Privileged, Baseline, v\u00e0 Restricted) \u0111\u1ec3 \u0111\u01a1n gi\u1ea3n h\u00f3a c\u1ea3 tri\u1ec3n khai l\u1eabn \u0111\u00e1nh gi\u00e1 r\u1ee7i ro b\u1ea3o m\u1eadt.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-nguyen-nhan-va-cach-x\u1eed-ly-khi-node-b\u1ecb-notready-nh\u01b0ng-workload-khong-t\u1ef1-recover\"><strong>Nguy\u00ean nh\u00e2n v\u00e0 c\u00e1ch x\u1eed l\u00fd khi Node b\u1ecb NotReady nh\u01b0ng workload kh\u00f4ng t\u1ef1 recover<\/strong><\/h3>\n\n\n\n<p>Khi m\u1ed9t node trong Kubernetes b\u1ecb \u0111\u00e1nh d\u1ea5u NotReady, ngh\u0129a l\u00e0 Kubernetes kh\u00f4ng cho r\u1eb1ng node \u0111\u00f3 \u0111\u1ee7 \u0111i\u1ec1u ki\u1ec7n \u0111\u1ec3 ch\u1ea1y workload. Tuy nhi\u00ean, trong m\u1ed9t s\u1ed1 tr\u01b0\u1eddng h\u1ee3p, workload (Pod) kh\u00f4ng \u0111\u01b0\u1ee3c t\u1ef1 \u0111\u1ed9ng di d\u1eddi ho\u1eb7c recover. D\u01b0\u1edbi \u0111\u00e2y s\u1ebd ch\u1ec9 ra c\u00e1c nguy\u00ean nh\u00e2n ph\u1ed5 bi\u1ebfn v\u00e0 c\u00e1ch kh\u1eafc ph\u1ee5c:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Nguy\u00ean nh\u00e2n<\/strong><\/td><td><strong>C\u00e1ch kh\u1eafc ph\u1ee5c<\/strong><\/td><\/tr><tr><td>Taint c\u1ee7a node ch\u01b0a \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng: N\u1ebfu node kh\u00f4ng b\u1ecb taint khi NotReady, scheduler c\u00f3 th\u1ec3 kh\u00f4ng coi node l\u00e0 \u201ckh\u00f4ng d\u00f9ng \u0111\u01b0\u1ee3c\u201d. M\u1eb7c \u0111\u1ecbnh, khi node NotReady, Kubernetes s\u1ebd t\u1ef1 \u0111\u1ed9ng th\u00eam taint node.kubernetes.io\/not-ready:NoSchedule v\u00e0 node.kubernetes.io\/not-ready:NoExecute sau m\u1ed9t kho\u1ea3ng th\u1eddi gian nh\u1ea5t \u0111\u1ecbnh (m\u1eb7c \u0111\u1ecbnh 5 ph\u00fat).<\/td><td>Taint node ngay khi ph\u00e1t hi\u1ec7n NotReady<br>kubectl taint node &lt;node-name&gt; key=value:NoSchedule<br>Vi\u1ec7c n\u00e0y \u0111\u1ea3m b\u1ea3o scheduler kh\u00f4ng \u0111\u1eb7t th\u00eam Pod v\u00e0o node g\u1eb7p s\u1ef1 c\u1ed1.<\/td><\/tr><tr><td>Pod c\u00f3 nodeAffinity ho\u1eb7c nodeSelector r\u00e0ng bu\u1ed9c c\u1ed1 \u0111\u1ecbnh node \u0111\u00f3 \u2192 Scheduler s\u1ebd kh\u00f4ng t\u00ecm n\u01a1i kh\u00e1c.<\/td><td>R\u00e0 so\u00e1t v\u00e0 n\u1edbi l\u1ecfng affinity ho\u1eb7c selector \u0111\u1ec3 Pod c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c schedule sang node kh\u00e1c khi node hi\u1ec7n t\u1ea1i g\u1eb7p s\u1ef1 c\u1ed1.<\/td><\/tr><tr><td>Pod kh\u00f4ng \u1edf tr\u1ea1ng th\u00e1i cho ph\u00e9p di d\u1eddi: Pod \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh v\u1edbi podDisruptionBudget, ho\u1eb7c l\u00e0 StatefulSet\/DaemonSet m\u00e0 kh\u00f4ng cho ph\u00e9p t\u1ef1 \u0111\u1ed9ng di d\u1eddi.<\/td><td>K\u00edch ho\u1ea1t hay \u0111i\u1ec1u ch\u1ec9nh l\u1ea1i podDisruptionBudget \/ affinity \u0111\u1ec3 Pod c\u00f3 th\u1ec3 di chuy\u1ec3n, \u0111\u1ea3m b\u1ea3o r\u1eb1ng Pod kh\u00f4ng b\u1ecb kh\u00f3a bu\u1ed9c node c\u0169.<\/td><\/tr><tr><td>Kh\u00f4ng c\u00f3 node th\u1eeba (spare node) trong cluster \u2192 Scheduler kh\u00f4ng t\u00ecm \u0111\u01b0\u1ee3c node kh\u00e1c \u0111\u00e1p \u1ee9ng resource &amp; r\u00e0ng bu\u1ed9c.<\/td><td>\u0110\u1ea3m b\u1ea3o c\u00f3 node d\u1ef1 ph\u00f2ng (spare node) ho\u1eb7c m\u1edf r\u1ed9ng node b\u1eb1ng auto-scaler \u0111\u1ec3 scheduler c\u00f3 n\u01a1i di d\u1eddi.<\/td><\/tr><tr><td>Persistent Volume \/ storage bound v\u1edbi node c\u1ee5 th\u1ec3 \u2192 Pod y\u00eau c\u1ea7u storage c\u1ee5c b\u1ed9, n\u00ean kh\u00f4ng th\u1ec3 migrate d\u1ec5 d\u00e0ng.<\/td><td>S\u1eed d\u1ee5ng storage network ho\u1eb7c PV kh\u00f4ng g\u1eafn c\u1ed1 \u0111\u1ecbnh node (Avoid hostPath \/ local storage n\u1ebfu c\u1ea7n HA) \u0111\u1ec3 Pod c\u00f3 th\u1ec3 mount storage tr\u00ean node kh\u00e1c n\u1ebfu migrate.<\/td><\/tr><tr><td>CNI \/ network \/ volume plugin g\u1eb7p l\u1ed7i sau khi node tr\u1edf l\u1ea1i tr\u1ea1ng th\u00e1i Ready, khi\u1ebfn Pod kh\u00f4ng th\u1ec3 ch\u1ea1y \u1edf node kh\u00e1c.<\/td><td>Ki\u1ec3m tra event v\u00e0 tr\u1ea1ng th\u00e1i node \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh l\u1ed7i n\u1ec1n (network, disk, memory, volume mount), sau \u0111\u00f3 kh\u1eafc ph\u1ee5c plugin ho\u1eb7c m\u00f4i tr\u01b0\u1eddng li\u00ean quan:kubectl describe node &lt;node-name&gt;kubectl get events &#8211;sort-by=.metadata.creationTimestamp<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>N\u1ebfu c\u1ea7n kh\u00f4i ph\u1ee5c nhanh trong t\u00ecnh hu\u1ed1ng kh\u1ea9n c\u1ea5p, h\u00e3y ch\u1ee7 \u0111\u1ed9ng xo\u00e1 Pod \u0111\u1ec3 scheduler t\u1ea1o l\u1ea1i Pod tr\u00ean node healthy kh\u00e1c thay v\u00ec ch\u1edd c\u01a1 ch\u1ebf t\u1ef1 \u0111\u1ed9ng:<\/p>\n\n\n\n<p>kubectl delete pod &lt;pod-name&gt;<\/p>\n\n\n\n<p>Ngo\u00e0i ra, m\u1ed9t s\u1ed1 m\u1eb9o chu\u1ea9n b\u1ecb tr\u01b0\u1edbc \u0111\u1ec3 tr\u00e1nh s\u1ef1 c\u1ed1:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>N\u1ebfu c\u00f3 Persistent Volume \/ d\u1ecbch v\u1ee5 stateful, n\u00ean thi\u1ebft k\u1ebf storage &amp; affinity ph\u00f9 h\u1ee3p \u0111\u1ec3 d\u1ec5 migrate.<\/li>\n\n\n\n<li>Cluster c\u00f3 nhi\u1ec1u node \u0111\u1ec3 tr\u00e1nh single point of failure.<\/li>\n\n\n\n<li>Thi\u1ebft l\u1eadp gi\u00e1m s\u00e1t\/alert \u0111\u1ec3 ph\u00e1t hi\u1ec7n node NotReady s\u1edbm v\u00e0 t\u1ef1 taint &amp; migrate workload.<\/li>\n\n\n\n<li>C\u1ea5u h\u00ecnh tolerationSeconds ph\u00f9 h\u1ee3p cho workload nh\u1eb1m ki\u1ec3m so\u00e1t th\u1eddi gian ch\u1edd tr\u01b0\u1edbc khi Pod b\u1ecb evict.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-c\u1ea7n-ki\u1ec3m-tra-nh\u1eefng-gi-khi-hpa-scale-khong-dung-v\u1edbi-load-th\u1ef1c-t\u1ebf\"><strong>C\u1ea7n ki\u1ec3m tra nh\u1eefng g\u00ec khi HPA scale kh\u00f4ng \u0111\u00fang v\u1edbi load th\u1ef1c t\u1ebf?\u00a0<\/strong><\/h3>\n\n\n\n<p>N\u1ebfu b\u1ea1n th\u1ea5y Horizontal Pod Autoscaler (HPA) kh\u00f4ng scale l\u00ean khi load t\u0103ng, ho\u1eb7c scale kh\u00f4ng \u0111\u00fang so v\u1edbi t\u1ea3i, d\u01b0\u1edbi \u0111\u00e2y l\u00e0 c\u00e1c kh\u00eda c\u1ea1nh c\u1ea7n r\u00e0 so\u00e1t:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-ki\u1ec3m-tra-metric-source-metrics-api\"><strong>Ki\u1ec3m tra metric source \/ metrics API<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>N\u1ebfu metrics-server kh\u00f4ng ho\u1ea1t \u0111\u1ed9ng, HPA kh\u00f4ng nh\u1eadn \u0111\u01b0\u1ee3c s\u1ed1 li\u1ec7u th\u00ec s\u1ebd kh\u00f4ng scale \u0111\u01b0\u1ee3c \u2192 \u0110\u1ea3m b\u1ea3o cluster c\u00f3 metrics-server (ho\u1eb7c m\u1ed9t metrics-provider h\u1ee3p l\u1ec7) \u0111ang ch\u1ea1y v\u00e0 cung c\u1ea5p metric CPU\/Memory.\u00a0<\/li>\n\n\n\n<li>Ki\u1ec3m tra logs c\u1ee7a metrics-server ho\u1eb7c component t\u01b0\u01a1ng \u0111\u01b0\u01a1ng \u0111\u1ec3 xem c\u00f3 l\u1ed7i trong vi\u1ec7c thu th\u1eadp d\u1eef li\u1ec7u kh\u00f4ng.<\/li>\n\n\n\n<li>Ki\u1ec3m tra HPA status: xem c\u00f3 message l\u1ed7i ki\u1ec3u \u201cunable to get memory metrics for resource\u201d hay \u201cno metrics returned from resource metrics API\u201d \u2192 \u0110\u00e2y l\u00e0 nh\u1eefng d\u1ea5u hi\u1ec7u r\u00f5 r\u00e0ng c\u1ee7a vi\u1ec7c thi\u1ebfu metric.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-ki\u1ec3m-tra-c\u1ea5u-hinh-hpa-target-metric-requests-limits\"><strong>Ki\u1ec3m tra c\u1ea5u h\u00ecnh HPA (target, metric, requests\/limits)<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>N\u1ebfu workload kh\u00f4ng ti\u00eau t\u1ed1n metric b\u1ea1n d\u00f9ng \u0111\u1ec3 scale, HPA s\u1ebd kh\u00f4ng trigger scale \u2192 \u0110\u1ea3m b\u1ea3o b\u1ea1n \u0111\u00e3 ch\u1ec9 \u0111\u1ecbnh \u0111\u00fang target metric (v\u00ed d\u1ee5 CPU utilization, memory, ho\u1eb7c custom metrics) ph\u00f9 h\u1ee3p v\u1edbi workload.\u00a0<\/li>\n\n\n\n<li>QUAN TR\u1eccNG: HPA b\u1eaft bu\u1ed9c ph\u1ea3i c\u00f3 requests \u0111\u1ec3 t\u00ednh to\u00e1n m\u1ee9c \u0111\u1ed9 s\u1eed d\u1ee5ng t\u00e0i nguy\u00ean; n\u1ebfu thi\u1ebfu, HPA s\u1ebd kh\u00f4ng ho\u1ea1t \u0111\u1ed9ng ho\u1eb7c kh\u00f4ng \u0111\u1ea1t ng\u01b0\u1ee1ng trigger \u0111\u1ec3 scale \u2192 \u0110\u1ea3m b\u1ea3o container \u0111\u00e3 c\u1ea5u h\u00ecnh resources.requests (v\u00e0 limits n\u1ebfu c\u1ea7n).\u00a0<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-ki\u1ec3m-tra-th\u1eddi-gian-l\u1ea5y-m\u1eabu-amp-\u1ed5n-d\u1ecbnh-load\"><strong>Ki\u1ec3m tra th\u1eddi gian l\u1ea5y m\u1eabu &amp; \u1ed5n \u0111\u1ecbnh load<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>N\u1ebfu load t\u0103ng \u0111\u1ed9t bi\u1ebfn ng\u1eafn, HPA c\u00f3 th\u1ec3 b\u1ecf l\u1ee1: metrics sampling v\u00e0 polling c\u00f3 \u0111\u1ed9 tr\u1ec5, n\u00ean scale kh\u00f4ng k\u1ecbp.<\/li>\n\n\n\n<li>N\u1ebfu load gi\u1ea3m ngay sau \u0111\u00f3, HPA c\u00f3 th\u1ec3 scale xu\u1ed1ng nhanh, d\u1eabn \u0111\u1ebfn \u201cping-pong\u201d (scale l\u00ean xu\u1ed1ng li\u00ean t\u1ee5c) \u2192 C\u1ea7n c\u1ea5u h\u00ecnh h\u1ee3p l\u00fd ho\u1eb7c d\u00f9ng \u1ed5n \u0111\u1ecbnh load\/tr\u1ec5.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-ki\u1ec3m-tra-resource-constraints-amp-h\u1ea1n-ch\u1ebf-cluster\"><strong>Ki\u1ec3m tra resource constraints &amp; h\u1ea1n ch\u1ebf cluster<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ki\u1ec3m tra xem cluster c\u00f3 \u0111\u1ee7 node\/CPU\/memory \u0111\u1ec3 scale kh\u00f4ng? \u2192 N\u1ebfu cluster kh\u00f4ng c\u00f2n node tr\u1ed1ng (CPU\/memory), HPA scale l\u00ean nh\u01b0ng Pod kh\u00f4ng \u0111\u01b0\u1ee3c schedule, nh\u00ecn t\u1eeb ngo\u00e0i s\u1ebd gi\u1ed1ng nh\u01b0 \u201ckh\u00f4ng scale\u201d.<\/li>\n\n\n\n<li>Ki\u1ec3m tra Pod log\/scheduling error \u2192 c\u00f3 th\u1ec3 Pod m\u1edbi b\u1ecb Crash, pending, ho\u1eb7c kh\u00f4ng th\u1ec3 kh\u1edfi \u0111\u1ed9ng.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-ki\u1ec3m-tra-quy\u1ec1n-truy-xu\u1ea5t-metric-amp-rbac-n\u1ebfu-dung-external-custom-metrics\"><strong>Ki\u1ec3m tra quy\u1ec1n truy xu\u1ea5t metric &amp; RBAC (n\u1ebfu d\u00f9ng external\/custom metrics)<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>N\u1ebfu d\u00f9ng custom\/external metrics, c\u1ea7n \u0111\u1ea3m b\u1ea3o HPA c\u00f3 quy\u1ec1n truy c\u1eadp metrics API, service account c\u00f3 \u0111\u00fang permission.<\/li>\n\n\n\n<li>Ki\u1ec3m tra r\u1eb1ng metric endpoint v\u1eabn ho\u1ea1t \u0111\u1ed9ng, kh\u00f4ng b\u1ecb ch\u1eb7n b\u1edfi network policy, authentication,&#8230;<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-ki\u1ec3m-tra-c\u1ea5u-hinh-cluster-autoscaler-node-autoscaling-n\u1ebfu-co\"><strong>Ki\u1ec3m tra c\u1ea5u h\u00ecnh cluster autoscaler \/ node autoscaling (n\u1ebfu c\u00f3)<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>N\u1ebfu b\u1ea1n d\u00f9ng autoscaler \u0111\u1ec3 scale node, m\u00e0 node kh\u00f4ng \u0111\u01b0\u1ee3c th\u00eam khi c\u1ea7n, HPA scale Pod nh\u01b0ng kh\u00f4ng c\u00f3 node ph\u00f9 h\u1ee3p th\u00ec Pod s\u1ebd Pending \u2192 l\u1ea7m t\u01b0\u1edfng l\u00e0 HPA kh\u00f4ng ho\u1ea1t \u0111\u1ed9ng.<\/li>\n\n\n\n<li>Ki\u1ec3m tra xem cluster autoscaler \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh \u0111\u00fang ch\u01b0a (min\/max nodes, taints, limits,&#8230;).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-x\u1eed-ly-nh\u01b0-th\u1ebf-nao-n\u1ebfu-ingress-ho\u1ea1t-d\u1ed9ng-khong-\u1ed5n-d\u1ecbnh-khi-co-traffic-l\u1edbn\"><strong>X\u1eed l\u00fd nh\u01b0 th\u1ebf n\u00e0o n\u1ebfu Ingress ho\u1ea1t \u0111\u1ed9ng kh\u00f4ng \u1ed5n \u0111\u1ecbnh khi c\u00f3 traffic l\u1edbn?\u00a0<\/strong><\/h3>\n\n\n\n<p>Khi b\u1ea1n d\u00f9ng Ingress (v\u00ed d\u1ee5 th\u00f4ng qua NGINX Ingress Controller) \u0111\u1ec3 expose \u1ee9ng d\u1ee5ng, d\u01b0\u1edbi t\u1ea3i l\u1edbn c\u00f3 th\u1ec3 g\u1eb7p c\u00e1c v\u1ea5n \u0111\u1ec1 nh\u01b0 response ch\u1eadm, l\u1ed7i 502\/503, upstream timeout, ho\u1eb7c CPU cao. \u0110\u1ec3 kh\u1eafc ph\u1ee5c, c\u00f3 c\u00e1c c\u00e1ch sau:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-tang-tai-nguyen-va-c\u1ea5u-hinh-cho-ingress-controller\"><strong>T\u0103ng t\u00e0i nguy\u00ean v\u00e0 c\u1ea5u h\u00ecnh cho Ingress Controller<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u0110\u1ea3m b\u1ea3o Ingress Controller Pod c\u00f3 \u0111\u1ee7 CPU v\u00e0 memory \u0111\u1ec3 x\u1eed l\u00fd s\u1ed1 l\u01b0\u1ee3ng k\u1ebft n\u1ed1i l\u1edbn n\u1ebfu resource qu\u00e1 th\u1ea5p, controller c\u00f3 th\u1ec3 b\u1ecb ngh\u1ebdn.<\/li>\n\n\n\n<li>N\u1ebfu s\u1eed d\u1ee5ng Deployment\/DaemonSet, c\u00e2n nh\u1eafc scale s\u1ed1 POD c\u1ee7a Ingress Controller \u0111\u1ec3 c\u00e2n t\u1ea3i.<\/li>\n\n\n\n<li>C\u1ea5u h\u00ecnh \u0111\u00fang worker_processes, worker_connections, keepalive_timeout, client_max_body_size, proxy_buffers \u2026 \u0111\u1ec3 Ingress c\u00f3 th\u1ec3 x\u1eed l\u00fd nhi\u1ec1u k\u1ebft n\u1ed1i \u0111\u1ed3ng th\u1eddi.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-s\u1eed-d\u1ee5ng-load-balancer-ho\u1eb7c-da-ingress-controller-d\u1ec3-tranh-single-point-of-failure\"><strong>S\u1eed d\u1ee5ng Load Balancer ho\u1eb7c \u0111a Ingress Controller \u0111\u1ec3 tr\u00e1nh single point of failure<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>N\u1ebfu traffic l\u1edbn, kh\u00f4ng n\u00ean \u0111\u1ec3 m\u1ed9t Ingress Controller \u0111\u01a1n l\u1ebb, h\u00e3y deploy nhi\u1ec1u replica ho\u1eb7c d\u00f9ng d\u1ecbch v\u1ee5 c\u00e2n t\u1ea3i ph\u00eda tr\u01b0\u1edbc (cloud load-balancer ho\u1eb7c external LB) \u0111\u1ec3 ph\u00e2n ph\u1ed1i \u0111\u1ec1u.<\/li>\n\n\n\n<li>\u0110\u1ea3m b\u1ea3o m\u1ed7i Ingress Controller nh\u1eadn traffic v\u1eeba s\u1ee9c, tr\u00e1nh overload.<\/li>\n\n\n\n<li>C\u00e2n nh\u1eafc s\u1eed d\u1ee5ng Service type LoadBalancer ho\u1eb7c NodePort k\u1ebft h\u1ee3p v\u1edbi external load balancer \u0111\u1ec3 ph\u00e2n ph\u1ed1i traffic hi\u1ec7u qu\u1ea3.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-b\u1eadt-caching-gzip-compression-rate-limit-n\u1ebfu-phu-h\u1ee3p\"><strong>B\u1eadt caching, gzip, compression, rate-limit n\u1ebfu ph\u00f9 h\u1ee3p<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>N\u1ebfu n\u1ed9i dung t\u0129nh ho\u1eb7c ph\u1ea3n h\u1ed3i c\u00f3 th\u1ec3 cache, c\u1ea5u h\u00ecnh caching ho\u1eb7c HTTP cache \u0111\u1ec3 gi\u1ea3m t\u1ea3i backend.<\/li>\n\n\n\n<li>S\u1eed d\u1ee5ng gzip \/ compression \u0111\u1ec3 gi\u1ea3m l\u01b0\u1ee3ng d\u1eef li\u1ec7u truy\u1ec1n, gi\u00fap m\u1ea1ng v\u00e0 Ingress \u0111\u1ee1 t\u1ea3i h\u01a1n.<\/li>\n\n\n\n<li>\u0110\u1eb7t gi\u1edbi h\u1ea1n (rate-limit) v\u1edbi annotations nginx.ingress.kubernetes.io\/limit-rps ho\u1eb7c nginx.ingress.kubernetes.io\/limit-connections n\u1ebfu c\u00f3 nhi\u1ec1u request t\u1eeb c\u00f9ng client \u0111\u1ec3 tr\u00e1nh DDoS ho\u1eb7c spike traffic \u0111\u1ed9t bi\u1ebfn.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-ki\u1ec3m-tra-health-check-readiness-liveness-probe-cho-backend-amp-ingress-controller\"><strong>Ki\u1ec3m tra health-check, readiness\/liveness probe cho backend &amp; Ingress Controller<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u0110\u1ea3m b\u1ea3o backend service (Pod) \u0111\u1ee7 \u1ed5n \u0111\u1ecbnh, kh\u00f4ng b\u1ecb crash. N\u1ebfu backend k\u00e9m \u1ed5n \u0111\u1ecbnh, Ingress d\u1ec5 l\u1ed7i khi chuy\u1ec3n upstream.<\/li>\n\n\n\n<li>C\u1ea5u h\u00ecnh readiness\/liveness probe gi\u00fap Kubernetes ch\u1ec9 g\u1eedi traffic t\u1edbi Pod s\u1eb5n s\u00e0ng, tr\u00e1nh l\u1ed7i do Pod ch\u01b0a s\u1eb5n s\u00e0ng.<\/li>\n\n\n\n<li>C\u1ea5u h\u00ecnh health check cho Ingress Controller \u0111\u1ec3 Load Balancer nh\u1eadn bi\u1ebft ch\u00ednh x\u00e1c controller n\u00e0o \u0111ang \u1edf tr\u1ea1ng th\u00e1i healthy:<\/li>\n<\/ul>\n\n\n\n<p>readinessProbe:<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;httpGet:<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;path: \/healthz<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;port: 10254<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-giam-sat-amp-logging-d\u1ec3-phan-tich-nguyen-nhan-bottleneck\"><strong>Gi\u00e1m s\u00e1t &amp; logging \u0111\u1ec3 ph\u00e2n t\u00edch nguy\u00ean nh\u00e2n bottleneck<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Theo d\u00f5i metric c\u1ee7a Ingress Controller: CPU, memory, s\u1ed1 k\u1ebft n\u1ed1i, latency, s\u1ed1 l\u1ed7i 5xx\/4xx.<\/li>\n\n\n\n<li>Ki\u1ec3m tra log c\u1ee7a NGINX Ingress \u0111\u1ec3 t\u00ecm l\u1ed7i timeout, upstream l\u1ed7i, connection reset, &#8230;<\/li>\n\n\n\n<li>T\u1eeb d\u1eef li\u1ec7u th\u1ef1c t\u1ebf, x\u00e1c \u0111\u1ecbnh xem bottleneck n\u1eb1m \u1edf \u0111\u00e2u: network, backend, Ingress config, hay resource, t\u1eeb \u0111\u00f3 \u0111i\u1ec1u ch\u1ec9nh t\u01b0\u01a1ng \u1ee9ng.<\/li>\n\n\n\n<li>S\u1eed d\u1ee5ng Prometheus + Grafana \u0111\u1ec3 gi\u00e1m s\u00e1t c\u00e1c ch\u1ec9 s\u1ed1 NGINX Ingress th\u00f4ng qua built-in exporter.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-t\u1ed1i-\u01b0u-backend-amp-\u1ee9ng-d\u1ee5ng-d\u1ec3-gi\u1ea3m-ap-l\u1ef1c-len-ingress\"><strong>T\u1ed1i \u01b0u backend &amp; \u1ee9ng d\u1ee5ng \u0111\u1ec3 gi\u1ea3m \u00e1p l\u1ef1c l\u00ean Ingress<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u0110\u1ea3m b\u1ea3o backend \u0111\u01b0\u1ee3c scale ph\u00f9 h\u1ee3p v\u1edbi t\u1ea3i, c\u00e2n nh\u1eafc s\u1eed d\u1ee5ng HPA cho d\u1ecbch v\u1ee5 backend. N\u1ebfu backend y\u1ebfu, Ingress d\u00f9 \u1ed5n v\u1eabn kh\u00f4ng tr\u1ea3 \u0111\u01b0\u1ee3c request.<\/li>\n\n\n\n<li>T\u1ed1i \u01b0u th\u1eddi gian x\u1eed l\u00fd request, database query, caching, connection pooling, CDN, gi\u00fap backend ph\u1ea3n h\u1ed3i nhanh, gi\u1ea3m th\u1eddi gian gi\u1eef k\u1ebft n\u1ed1i.<\/li>\n\n\n\n<li>N\u1ebfu c\u00f3 static assets ho\u1eb7c CDN, n\u00ean offload c\u00e1c n\u1ed9i dung t\u0129nh sang CDN thay v\u00ec serve qua Ingress \u0111\u1ec3 ti\u1ebft ki\u1ec7m t\u00e0i nguy\u00ean cho cluster.<\/li>\n\n\n\n<li>C\u00e2n nh\u1eafc tri\u1ec3n khai circuit breaker pattern k\u1ebft h\u1ee3p retry logic h\u1ee3p l\u00fd \u0111\u1ec3 ng\u0103n ch\u1eb7n hi\u1ec7n t\u01b0\u1ee3ng l\u1ed7i d\u00e2y chuy\u1ec1n (cascade failure) trong h\u1ec7 th\u1ed1ng.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-t\u1ed5ng-k\u1ebft-cau-h\u1ecfi-ph\u1ecfng-v\u1ea5n-kubernetes\"><span class=\"ez-toc-section\" id=\"Tong_ket_cau_hoi_phong_van_Kubernetes\"><\/span><strong>T\u1ed5ng k\u1ebft c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>T\u1eeb nh\u1eefng c\u00e2u h\u1ecfi n\u1ec1n t\u1ea3ng nh\u01b0 Pod, Service, Deployment\u2026 \u0111\u1ebfn c\u00e1c ch\u1ee7 \u0111\u1ec1 n\u00e2ng cao nh\u01b0 RBAC, Network Policy, scheduling, storage, high availability, b\u00e0i t\u1ed5ng h\u1ee3p c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes tr\u00ean gi\u00fap b\u1ea1n \u00f4n luy\u1ec7n ki\u1ebfn th\u1ee9c v\u1eefng ch\u1eafc \u0111\u1ec3 t\u1ef1 tin \u1ee9ng tuy\u1ec3n v\u00e0o c\u00e1c v\u1ecb tr\u00ed DevOps ho\u1eb7c Cloud.<\/p>\n\n\n\n<p>Khi hi\u1ec3u r\u00f5 c\u1ea3 l\u00fd thuy\u1ebft l\u1eabn c\u00e1c t\u00ecnh hu\u1ed1ng th\u1ef1c t\u1ebf, b\u1ea1n s\u1ebd d\u1ec5 d\u00e0ng th\u1ec3 hi\u1ec7n n\u0103ng l\u1ef1c tr\u01b0\u1edbc nh\u00e0 tuy\u1ec3n d\u1ee5ng. H\u00e3y ti\u1ebfp t\u1ee5c luy\u1ec7n t\u1eadp v\u00e0 c\u1eadp nh\u1eadt ki\u1ebfn th\u1ee9c \u0111\u1ec3 s\u1eb5n s\u00e0ng cho m\u1ecdi bu\u1ed5i ph\u1ecfng v\u1ea5n nh\u00e9.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Khi h\u1ea1 t\u1ea7ng chuy\u1ec3n d\u1ecbch l\u00ean cloud-native, nhu c\u1ea7u tuy\u1ec3n d\u1ee5ng k\u1ef9 s\u01b0 hi\u1ec3u Kubernetes ng\u00e0y c\u00e0ng t\u0103ng. Ph\u1ecfng v\u1ea5n Kubernetes kh\u00f4ng ch\u1ec9 xoay quanh l\u00fd thuy\u1ebft, m\u00e0 c\u00f2n bao g\u1ed3m c\u00e1c c\u00e2u h\u1ecfi ki\u1ec3m tra v\u1ec1 t\u01b0 duy k\u1ef9 thu\u1eadt v\u00e0 kh\u1ea3 n\u0103ng v\u1eadn h\u00e0nh h\u1ec7 th\u1ed1ng th\u1ef1c t\u1ebf. N\u1ebfu b\u1ea1n \u0111ang \u1ee9ng tuy\u1ec3n [&hellip;]<\/p>\n","protected":false},"author":95,"featured_media":93895,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gspb_post_css":"","footnotes":""},"categories":[109],"tags":[],"class_list":["post-93886","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-chuyen-mon-it"],"blocksy_meta":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.8 (Yoast SEO v27.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Top 40+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes ph\u1ed5 bi\u1ebfn - ITviec Blog<\/title>\n<meta name=\"description\" content=\"L\u01b0u ngay b\u1ed9 40+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes ph\u1ed5 bi\u1ebfn \u0111\u1ec3 gi\u00fap b\u1ea1n \u00f4n t\u1eadp \u0111\u1ea7y \u0111\u1ee7, b\u00e0i b\u1ea3n, \u0111\u00fang tr\u1ecdng t\u00e2m theo t\u1eebng c\u1ea5p \u0111\u1ed9.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/\" \/>\n<meta property=\"og:locale\" content=\"vi_VN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Top 40+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes ph\u1ed5 bi\u1ebfn\" \/>\n<meta property=\"og:description\" content=\"Khi h\u1ea1 t\u1ea7ng chuy\u1ec3n d\u1ecbch l\u00ean cloud-native, nhu c\u1ea7u tuy\u1ec3n d\u1ee5ng k\u1ef9 s\u01b0 hi\u1ec3u Kubernetes ng\u00e0y c\u00e0ng t\u0103ng. Ph\u1ecfng v\u1ea5n Kubernetes kh\u00f4ng ch\u1ec9 xoay quanh l\u00fd thuy\u1ebft, m\u00e0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/\" \/>\n<meta property=\"og:site_name\" content=\"ITviec Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ITviec\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-30T04:15:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-30T04:15:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/12\/cau-hoi-phong-van-kubernetes-scaled.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"421\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Tuong Uyen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ITviec\" \/>\n<meta name=\"twitter:site\" content=\"@ITviec\" \/>\n<meta name=\"twitter:label1\" content=\"\u0110\u01b0\u1ee3c vi\u1ebft b\u1edfi\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tuong Uyen\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u01af\u1edbc t\u00ednh th\u1eddi gian \u0111\u1ecdc\" \/>\n\t<meta name=\"twitter:data2\" content=\"75 ph\u00fat\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Top 40+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes ph\u1ed5 bi\u1ebfn - ITviec Blog","description":"L\u01b0u ngay b\u1ed9 40+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes ph\u1ed5 bi\u1ebfn \u0111\u1ec3 gi\u00fap b\u1ea1n \u00f4n t\u1eadp \u0111\u1ea7y \u0111\u1ee7, b\u00e0i b\u1ea3n, \u0111\u00fang tr\u1ecdng t\u00e2m theo t\u1eebng c\u1ea5p \u0111\u1ed9.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/","og_locale":"vi_VN","og_type":"article","og_title":"Top 40+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes ph\u1ed5 bi\u1ebfn","og_description":"Khi h\u1ea1 t\u1ea7ng chuy\u1ec3n d\u1ecbch l\u00ean cloud-native, nhu c\u1ea7u tuy\u1ec3n d\u1ee5ng k\u1ef9 s\u01b0 hi\u1ec3u Kubernetes ng\u00e0y c\u00e0ng t\u0103ng. Ph\u1ecfng v\u1ea5n Kubernetes kh\u00f4ng ch\u1ec9 xoay quanh l\u00fd thuy\u1ebft, m\u00e0","og_url":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/","og_site_name":"ITviec Blog","article_publisher":"https:\/\/www.facebook.com\/ITviec","article_published_time":"2025-12-30T04:15:37+00:00","article_modified_time":"2025-12-30T04:15:41+00:00","og_image":[{"width":800,"height":421,"url":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/12\/cau-hoi-phong-van-kubernetes-scaled.png","type":"image\/png"}],"author":"Tuong Uyen","twitter_card":"summary_large_image","twitter_creator":"@ITviec","twitter_site":"@ITviec","twitter_misc":{"\u0110\u01b0\u1ee3c vi\u1ebft b\u1edfi":"Tuong Uyen","\u01af\u1edbc t\u00ednh th\u1eddi gian \u0111\u1ecdc":"75 ph\u00fat"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/#article","isPartOf":{"@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/"},"author":{"name":"Tuong Uyen","@id":"https:\/\/itviec.com\/blog\/#\/schema\/person\/e97d0e359f8840eaea7dc3a96006a8d4"},"headline":"Top 40+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes ph\u1ed5 bi\u1ebfn","datePublished":"2025-12-30T04:15:37+00:00","dateModified":"2025-12-30T04:15:41+00:00","mainEntityOfPage":{"@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/"},"wordCount":19455,"publisher":{"@id":"https:\/\/itviec.com\/blog\/#organization"},"image":{"@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/#primaryimage"},"thumbnailUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/12\/cau-hoi-phong-van-kubernetes-scaled.png","articleSection":["Chuy\u00ean m\u00f4n IT"],"inLanguage":"vi"},{"@type":"WebPage","@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/","url":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/","name":"Top 40+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes ph\u1ed5 bi\u1ebfn - ITviec Blog","isPartOf":{"@id":"https:\/\/itviec.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/#primaryimage"},"image":{"@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/#primaryimage"},"thumbnailUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/12\/cau-hoi-phong-van-kubernetes-scaled.png","datePublished":"2025-12-30T04:15:37+00:00","dateModified":"2025-12-30T04:15:41+00:00","description":"L\u01b0u ngay b\u1ed9 40+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes ph\u1ed5 bi\u1ebfn \u0111\u1ec3 gi\u00fap b\u1ea1n \u00f4n t\u1eadp \u0111\u1ea7y \u0111\u1ee7, b\u00e0i b\u1ea3n, \u0111\u00fang tr\u1ecdng t\u00e2m theo t\u1eebng c\u1ea5p \u0111\u1ed9.","breadcrumb":{"@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/#breadcrumb"},"inLanguage":"vi","potentialAction":[{"@type":"ReadAction","target":["https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/"]}]},{"@type":"ImageObject","inLanguage":"vi","@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/#primaryimage","url":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/12\/cau-hoi-phong-van-kubernetes-scaled.png","contentUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/12\/cau-hoi-phong-van-kubernetes-scaled.png","width":800,"height":421,"caption":"Top 40+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes ph\u1ed5 bi\u1ebfn - itviec blog"},{"@type":"BreadcrumbList","@id":"https:\/\/itviec.com\/blog\/cau-hoi-phong-van-kubernetes\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Chuy\u00ean m\u00f4n IT","item":"https:\/\/itviec.com\/blog\/chuyen-mon-it\/"},{"@type":"ListItem","position":2,"name":"Top 40+ c\u00e2u h\u1ecfi ph\u1ecfng v\u1ea5n Kubernetes ph\u1ed5 bi\u1ebfn"}]},{"@type":"WebSite","@id":"https:\/\/itviec.com\/blog\/#website","url":"https:\/\/itviec.com\/blog\/","name":"ITviec Blog","description":"IT Jobs &amp; People in Vietnam","publisher":{"@id":"https:\/\/itviec.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/itviec.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"vi"},{"@type":"Organization","@id":"https:\/\/itviec.com\/blog\/#organization","name":"ITviec","url":"https:\/\/itviec.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"vi","@id":"https:\/\/itviec.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2018\/12\/itviec-black-square-facebook.png","contentUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2018\/12\/itviec-black-square-facebook.png","width":1800,"height":1800,"caption":"ITviec"},"image":{"@id":"https:\/\/itviec.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ITviec","https:\/\/x.com\/ITviec","https:\/\/www.linkedin.com\/company\/itviec","https:\/\/www.youtube.com\/channel\/UCYthAQ3bcGr57M_ag5gHDvQ"]},{"@type":"Person","@id":"https:\/\/itviec.com\/blog\/#\/schema\/person\/e97d0e359f8840eaea7dc3a96006a8d4","name":"Tuong Uyen","image":{"@type":"ImageObject","inLanguage":"vi","@id":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2022\/10\/tuong-uyen-profile-picture-100x100.jpg","url":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2022\/10\/tuong-uyen-profile-picture-100x100.jpg","contentUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2022\/10\/tuong-uyen-profile-picture-100x100.jpg","caption":"Tuong Uyen"},"url":"https:\/\/itviec.com\/blog\/author\/tuong-uyen-pikachu\/"}]}},"_links":{"self":[{"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/posts\/93886","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/users\/95"}],"replies":[{"embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/comments?post=93886"}],"version-history":[{"count":3,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/posts\/93886\/revisions"}],"predecessor-version":[{"id":93896,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/posts\/93886\/revisions\/93896"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/media\/93895"}],"wp:attachment":[{"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/media?parent=93886"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/categories?post=93886"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/tags?post=93886"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}