12 KiB
12 KiB
name, description, compatibility, metadata
| name | description | compatibility | metadata | ||||
|---|---|---|---|---|---|---|---|
| deployment-kubernetes | Kubernetes deployment patterns. Use for Pods, Services, Ingress, Helm Charts, ConfigMaps, Secrets, và health probes. | Kubernetes 1.28+, Helm 3+ |
|
Kubernetes Deployment Patterns / Mẫu Triển Khai Kubernetes
Kubernetes deployment patterns cho GoodGo microservices production.
When to Use This Skill / Khi Nào Sử Dụng
Use this skill when:
- Deploying services to Kubernetes / Triển khai services lên Kubernetes
- Creating Helm charts / Tạo Helm charts
- Configuring Ingress routing / Cấu hình Ingress routing
- Managing secrets and configs / Quản lý secrets và configs
- Setting up health probes / Cài đặt health probes
- Scaling applications / Scale ứng dụng
Core Concepts / Khái Niệm Cốt Lõi
Kubernetes Architecture / Kiến Trúc Kubernetes
┌─────────────────────────────────────────────────────────────┐
│ KUBERNETES CLUSTER │
├─────────────────────────────────────────────────────────────┤
│ ┌─────────────────────────────────────────────────────┐ │
│ │ INGRESS │ │
│ │ (NGINX / Traefik Controller) │ │
│ └──────────────────────┬──────────────────────────────┘ │
│ │ │
│ ┌──────────────────────▼──────────────────────────────┐ │
│ │ SERVICES │ │
│ │ ┌───────────┐ ┌───────────┐ ┌───────────┐ │ │
│ │ │ iam-svc │ │ order-svc │ │storage-svc│ │ │
│ │ └─────┬─────┘ └─────┬─────┘ └─────┬─────┘ │ │
│ └──────────┼──────────────┼──────────────┼────────────┘ │
│ │ │ │ │
│ ┌──────────▼──────────────▼──────────────▼────────────┐ │
│ │ PODS │ │
│ │ ┌─────────┐ ┌─────────┐ ┌─────────┐ │ │
│ │ │ Pod 1 │ │ Pod 2 │ │ Pod 3 │ │ │
│ │ │ replica │ │ replica │ │ replica │ │ │
│ │ └─────────┘ └─────────┘ └─────────┘ │ │
│ └─────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
Key Resources / Các Tài Nguyên Chính
| Resource | Purpose | Example |
|---|---|---|
| Pod | Smallest deployable unit | Container(s) + volumes |
| Deployment | Manages ReplicaSets | Rolling updates |
| Service | Stable network endpoint | Load balancing |
| Ingress | HTTP routing | Host/path rules |
| ConfigMap | Non-sensitive config | App settings |
| Secret | Sensitive data | Passwords, keys |
Health Probes / Các Loại Probe
| Probe | Purpose | Failure Action |
|---|---|---|
| Liveness | Is container alive? | Restart container |
| Readiness | Can accept traffic? | Remove from LB |
| Startup | Has started? | Block other probes |
Key Patterns / Mẫu Chính
Deployment Manifest
# k8s/base/iam-service/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: iam-service
labels:
app: iam-service
tier: backend
spec:
replicas: 3
selector:
matchLabels:
app: iam-service
template:
metadata:
labels:
app: iam-service
spec:
containers:
- name: iam-service
image: goodgo/iam-service:latest
ports:
- containerPort: 8080
env:
- name: ASPNETCORE_ENVIRONMENT
value: "Production"
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: iam-secrets
key: database-url
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 3
startupProbe:
httpGet:
path: /health/startup
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 30
Service Manifest
# k8s/base/iam-service/service.yaml
apiVersion: v1
kind: Service
metadata:
name: iam-service
labels:
app: iam-service
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8080
protocol: TCP
name: http
selector:
app: iam-service
Ingress Configuration
# k8s/base/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: goodgo-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: nginx
tls:
- hosts:
- api.goodgo.vn
secretName: goodgo-tls
rules:
- host: api.goodgo.vn
http:
paths:
- path: /api/v1/iam
pathType: Prefix
backend:
service:
name: iam-service
port:
number: 80
- path: /api/v1/orders
pathType: Prefix
backend:
service:
name: order-service
port:
number: 80
- path: /api/v1/storage
pathType: Prefix
backend:
service:
name: storage-service
port:
number: 80
ConfigMap & Secret
# k8s/base/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
ASPNETCORE_ENVIRONMENT: "Production"
Logging__LogLevel__Default: "Information"
Redis__InstanceName: "GoodGo:"
---
# k8s/base/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: iam-secrets
type: Opaque
stringData:
database-url: "Host=postgres;Database=iam_db;Username=postgres;Password=secret"
jwt-secret: "your-super-secret-key-here"
Helm Chart Structure
charts/
└── goodgo-service/
├── Chart.yaml
├── values.yaml
├── templates/
│ ├── deployment.yaml
│ ├── service.yaml
│ ├── ingress.yaml
│ ├── configmap.yaml
│ ├── secret.yaml
│ ├── hpa.yaml
│ └── _helpers.tpl
└── values/
├── development.yaml
├── staging.yaml
└── production.yaml
Helm Values File
# charts/goodgo-service/values.yaml
replicaCount: 3
image:
repository: goodgo/iam-service
tag: "latest"
pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 80
targetPort: 8080
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: api.goodgo.vn
paths:
- path: /api/v1/iam
pathType: Prefix
tls:
- secretName: goodgo-tls
hosts:
- api.goodgo.vn
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 10
targetCPUUtilizationPercentage: 70
env:
- name: ASPNETCORE_ENVIRONMENT
value: "Production"
envFromSecret:
- name: ConnectionStrings__DefaultConnection
secretName: iam-secrets
secretKey: database-url
HorizontalPodAutoscaler
# k8s/base/hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: iam-service-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: iam-service
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
Common Mistakes / Lỗi Thường Gặp
1. No Resource Limits
# ❌ BAD: No limits
containers:
- name: app
image: myapp
# ✅ GOOD: With limits
containers:
- name: app
image: myapp
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
2. Missing Health Probes
# ❌ BAD: No probes
containers:
- name: app
# ✅ GOOD: All probes configured
containers:
- name: app
livenessProbe:
httpGet:
path: /health/live
port: 8080
readinessProbe:
httpGet:
path: /health/ready
port: 8080
3. Hardcoded Secrets
# ❌ BAD: Secret in env
env:
- name: DB_PASSWORD
value: "mysecretpassword"
# ✅ GOOD: From Secret
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: db-secrets
key: password
Quick Reference / Tham Chiếu Nhanh
kubectl Commands
# EN: Apply manifests / VI: Áp dụng manifests
kubectl apply -f k8s/base/
# EN: Check pod status / VI: Kiểm tra trạng thái pods
kubectl get pods -l app=iam-service
# EN: View logs / VI: Xem logs
kubectl logs -f deployment/iam-service
# EN: Scale deployment / VI: Scale deployment
kubectl scale deployment iam-service --replicas=5
# EN: Rollout status / VI: Trạng thái rollout
kubectl rollout status deployment/iam-service
# EN: Rollback / VI: Rollback
kubectl rollout undo deployment/iam-service
Helm Commands
# EN: Install chart / VI: Cài đặt chart
helm install iam-service ./charts/goodgo-service -f values/production.yaml
# EN: Upgrade / VI: Nâng cấp
helm upgrade iam-service ./charts/goodgo-service -f values/production.yaml
# EN: Rollback / VI: Rollback
helm rollback iam-service 1
# EN: List releases / VI: Liệt kê releases
helm list -A
Resources / Tài Nguyên
- Detailed Examples - Full configurations
- Docker Traefik - Container basics
- Observability - Health checks
- Error Handling - Probes setup