--- name: deployment-kubernetes description: Kubernetes deployment patterns. Use for Pods, Services, Ingress, Helm Charts, ConfigMaps, Secrets, và health probes. compatibility: "Kubernetes 1.28+, Helm 3+" metadata: author: Velik Ho version: "1.0" --- # Kubernetes Deployment Patterns / Mẫu Triển Khai Kubernetes Kubernetes deployment patterns cho GoodGo microservices production. ## When to Use This Skill / Khi Nào Sử Dụng Use this skill when: - Deploying services to Kubernetes / Triển khai services lên Kubernetes - Creating Helm charts / Tạo Helm charts - Configuring Ingress routing / Cấu hình Ingress routing - Managing secrets and configs / Quản lý secrets và configs - Setting up health probes / Cài đặt health probes - Scaling applications / Scale ứng dụng ## Core Concepts / Khái Niệm Cốt Lõi ### Kubernetes Architecture / Kiến Trúc Kubernetes ``` ┌─────────────────────────────────────────────────────────────┐ │ KUBERNETES CLUSTER │ ├─────────────────────────────────────────────────────────────┤ │ ┌─────────────────────────────────────────────────────┐ │ │ │ INGRESS │ │ │ │ (NGINX / Traefik Controller) │ │ │ └──────────────────────┬──────────────────────────────┘ │ │ │ │ │ ┌──────────────────────▼──────────────────────────────┐ │ │ │ SERVICES │ │ │ │ ┌───────────┐ ┌───────────┐ ┌───────────┐ │ │ │ │ │ iam-svc │ │ order-svc │ │storage-svc│ │ │ │ │ └─────┬─────┘ └─────┬─────┘ └─────┬─────┘ │ │ │ └──────────┼──────────────┼──────────────┼────────────┘ │ │ │ │ │ │ │ ┌──────────▼──────────────▼──────────────▼────────────┐ │ │ │ PODS │ │ │ │ ┌─────────┐ ┌─────────┐ ┌─────────┐ │ │ │ │ │ Pod 1 │ │ Pod 2 │ │ Pod 3 │ │ │ │ │ │ replica │ │ replica │ │ replica │ │ │ │ │ └─────────┘ └─────────┘ └─────────┘ │ │ │ └─────────────────────────────────────────────────────┘ │ └─────────────────────────────────────────────────────────────┘ ``` ### Key Resources / Các Tài Nguyên Chính | Resource | Purpose | Example | |----------|---------|---------| | **Pod** | Smallest deployable unit | Container(s) + volumes | | **Deployment** | Manages ReplicaSets | Rolling updates | | **Service** | Stable network endpoint | Load balancing | | **Ingress** | HTTP routing | Host/path rules | | **ConfigMap** | Non-sensitive config | App settings | | **Secret** | Sensitive data | Passwords, keys | ### Health Probes / Các Loại Probe | Probe | Purpose | Failure Action | |-------|---------|----------------| | **Liveness** | Is container alive? | Restart container | | **Readiness** | Can accept traffic? | Remove from LB | | **Startup** | Has started? | Block other probes | ## Key Patterns / Mẫu Chính ### Deployment Manifest ```yaml # k8s/base/iam-service/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: iam-service labels: app: iam-service tier: backend spec: replicas: 3 selector: matchLabels: app: iam-service template: metadata: labels: app: iam-service spec: containers: - name: iam-service image: goodgo/iam-service:latest ports: - containerPort: 8080 env: - name: ASPNETCORE_ENVIRONMENT value: "Production" - name: ConnectionStrings__DefaultConnection valueFrom: secretKeyRef: name: iam-secrets key: database-url resources: requests: memory: "256Mi" cpu: "100m" limits: memory: "512Mi" cpu: "500m" livenessProbe: httpGet: path: /health/live port: 8080 initialDelaySeconds: 10 periodSeconds: 10 failureThreshold: 3 readinessProbe: httpGet: path: /health/ready port: 8080 initialDelaySeconds: 5 periodSeconds: 5 failureThreshold: 3 startupProbe: httpGet: path: /health/startup port: 8080 initialDelaySeconds: 5 periodSeconds: 5 failureThreshold: 30 ``` ### Service Manifest ```yaml # k8s/base/iam-service/service.yaml apiVersion: v1 kind: Service metadata: name: iam-service labels: app: iam-service spec: type: ClusterIP ports: - port: 80 targetPort: 8080 protocol: TCP name: http selector: app: iam-service ``` ### Ingress Configuration ```yaml # k8s/base/ingress.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: goodgo-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/ssl-redirect: "true" cert-manager.io/cluster-issuer: letsencrypt-prod spec: ingressClassName: nginx tls: - hosts: - api.goodgo.vn secretName: goodgo-tls rules: - host: api.goodgo.vn http: paths: - path: /api/v1/iam pathType: Prefix backend: service: name: iam-service port: number: 80 - path: /api/v1/orders pathType: Prefix backend: service: name: order-service port: number: 80 - path: /api/v1/storage pathType: Prefix backend: service: name: storage-service port: number: 80 ``` ### ConfigMap & Secret ```yaml # k8s/base/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: app-config data: ASPNETCORE_ENVIRONMENT: "Production" Logging__LogLevel__Default: "Information" Redis__InstanceName: "GoodGo:" --- # k8s/base/secret.yaml apiVersion: v1 kind: Secret metadata: name: iam-secrets type: Opaque stringData: database-url: "Host=postgres;Database=iam_db;Username=postgres;Password=secret" jwt-secret: "your-super-secret-key-here" ``` ### Helm Chart Structure ``` charts/ └── goodgo-service/ ├── Chart.yaml ├── values.yaml ├── templates/ │ ├── deployment.yaml │ ├── service.yaml │ ├── ingress.yaml │ ├── configmap.yaml │ ├── secret.yaml │ ├── hpa.yaml │ └── _helpers.tpl └── values/ ├── development.yaml ├── staging.yaml └── production.yaml ``` ### Helm Values File ```yaml # charts/goodgo-service/values.yaml replicaCount: 3 image: repository: goodgo/iam-service tag: "latest" pullPolicy: IfNotPresent service: type: ClusterIP port: 80 targetPort: 8080 ingress: enabled: true className: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt-prod hosts: - host: api.goodgo.vn paths: - path: /api/v1/iam pathType: Prefix tls: - secretName: goodgo-tls hosts: - api.goodgo.vn resources: requests: memory: "256Mi" cpu: "100m" limits: memory: "512Mi" cpu: "500m" autoscaling: enabled: true minReplicas: 2 maxReplicas: 10 targetCPUUtilizationPercentage: 70 env: - name: ASPNETCORE_ENVIRONMENT value: "Production" envFromSecret: - name: ConnectionStrings__DefaultConnection secretName: iam-secrets secretKey: database-url ``` ### HorizontalPodAutoscaler ```yaml # k8s/base/hpa.yaml apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: iam-service-hpa spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: iam-service minReplicas: 2 maxReplicas: 10 metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 70 - type: Resource resource: name: memory target: type: Utilization averageUtilization: 80 ``` ## Common Mistakes / Lỗi Thường Gặp ### 1. No Resource Limits ```yaml # ❌ BAD: No limits containers: - name: app image: myapp # ✅ GOOD: With limits containers: - name: app image: myapp resources: requests: memory: "256Mi" cpu: "100m" limits: memory: "512Mi" cpu: "500m" ``` ### 2. Missing Health Probes ```yaml # ❌ BAD: No probes containers: - name: app # ✅ GOOD: All probes configured containers: - name: app livenessProbe: httpGet: path: /health/live port: 8080 readinessProbe: httpGet: path: /health/ready port: 8080 ``` ### 3. Hardcoded Secrets ```yaml # ❌ BAD: Secret in env env: - name: DB_PASSWORD value: "mysecretpassword" # ✅ GOOD: From Secret env: - name: DB_PASSWORD valueFrom: secretKeyRef: name: db-secrets key: password ``` ## Quick Reference / Tham Chiếu Nhanh ### kubectl Commands ```bash # EN: Apply manifests / VI: Áp dụng manifests kubectl apply -f k8s/base/ # EN: Check pod status / VI: Kiểm tra trạng thái pods kubectl get pods -l app=iam-service # EN: View logs / VI: Xem logs kubectl logs -f deployment/iam-service # EN: Scale deployment / VI: Scale deployment kubectl scale deployment iam-service --replicas=5 # EN: Rollout status / VI: Trạng thái rollout kubectl rollout status deployment/iam-service # EN: Rollback / VI: Rollback kubectl rollout undo deployment/iam-service ``` ### Helm Commands ```bash # EN: Install chart / VI: Cài đặt chart helm install iam-service ./charts/goodgo-service -f values/production.yaml # EN: Upgrade / VI: Nâng cấp helm upgrade iam-service ./charts/goodgo-service -f values/production.yaml # EN: Rollback / VI: Rollback helm rollback iam-service 1 # EN: List releases / VI: Liệt kê releases helm list -A ``` ## Resources / Tài Nguyên - [Detailed Examples](./references/REFERENCE.md) - Full configurations - [Docker Traefik](../docker-traefik/SKILL.md) - Container basics - [Observability](../observability/SKILL.md) - Health checks - [Error Handling](../error-handling-patterns/SKILL.md) - Probes setup