admin/pos-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
76d75c753bc0d1b220dc9429e4125e7c62dc748e
pos-system/microservices/.agent/skills/deployment-kubernetes/SKILL.md
Ho Ngoc Hai 76d75c753b Migrate
2026-05-23 18:37:02 +07:00

442 lines
12 KiB
Markdown
Raw Blame History

---
name: deployment-kubernetes
description: Kubernetes deployment patterns. Use for Pods, Services, Ingress, Helm Charts, ConfigMaps, Secrets, và health probes.
compatibility: "Kubernetes 1.28+, Helm 3+"
metadata:
author: Velik Ho
version: "1.0"
---
# Kubernetes Deployment Patterns / Mẫu Triển Khai Kubernetes
Kubernetes deployment patterns cho GoodGo microservices production.
## When to Use This Skill / Khi Nào Sử Dụng
Use this skill when:
- Deploying services to Kubernetes / Triển khai services lên Kubernetes
- Creating Helm charts / Tạo Helm charts
- Configuring Ingress routing / Cấu hình Ingress routing
- Managing secrets and configs / Quản lý secrets và configs
- Setting up health probes / Cài đặt health probes
- Scaling applications / Scale ứng dụng
## Core Concepts / Khái Niệm Cốt Lõi
### Kubernetes Architecture / Kiến Trúc Kubernetes
```
┌─────────────────────────────────────────────────────────────┐
│ KUBERNETES CLUSTER │
├─────────────────────────────────────────────────────────────┤
│ ┌─────────────────────────────────────────────────────┐ │
│ │ INGRESS │ │
│ │ (NGINX / Traefik Controller) │ │
│ └──────────────────────┬──────────────────────────────┘ │
│ │ │
│ ┌──────────────────────▼──────────────────────────────┐ │
│ │ SERVICES │ │
│ │ ┌───────────┐ ┌───────────┐ ┌───────────┐ │ │
│ │ │ iam-svc │ │ order-svc │ │storage-svc│ │ │
│ │ └─────┬─────┘ └─────┬─────┘ └─────┬─────┘ │ │
│ └──────────┼──────────────┼──────────────┼────────────┘ │
│ │ │ │ │
│ ┌──────────▼──────────────▼──────────────▼────────────┐ │
│ │ PODS │ │
│ │ ┌─────────┐ ┌─────────┐ ┌─────────┐ │ │
│ │ │ Pod 1 │ │ Pod 2 │ │ Pod 3 │ │ │
│ │ │ replica │ │ replica │ │ replica │ │ │
│ │ └─────────┘ └─────────┘ └─────────┘ │ │
│ └─────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
```
### Key Resources / Các Tài Nguyên Chính
| Resource | Purpose | Example |
|----------|---------|---------|
| **Pod** | Smallest deployable unit | Container(s) + volumes |
| **Deployment** | Manages ReplicaSets | Rolling updates |
| **Service** | Stable network endpoint | Load balancing |
| **Ingress** | HTTP routing | Host/path rules |
| **ConfigMap** | Non-sensitive config | App settings |
| **Secret** | Sensitive data | Passwords, keys |
### Health Probes / Các Loại Probe
| Probe | Purpose | Failure Action |
|-------|---------|----------------|
| **Liveness** | Is container alive? | Restart container |
| **Readiness** | Can accept traffic? | Remove from LB |
| **Startup** | Has started? | Block other probes |
## Key Patterns / Mẫu Chính
### Deployment Manifest
```yaml
# k8s/base/iam-service/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: iam-service
labels:
app: iam-service
tier: backend
spec:
replicas: 3
selector:
matchLabels:
app: iam-service
template:
metadata:
labels:
app: iam-service
spec:
containers:
- name: iam-service
image: goodgo/iam-service:latest
ports:
- containerPort: 8080
env:
- name: ASPNETCORE_ENVIRONMENT
value: "Production"
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: iam-secrets
key: database-url
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 3
startupProbe:
httpGet:
path: /health/startup
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 30
```
### Service Manifest
```yaml
# k8s/base/iam-service/service.yaml
apiVersion: v1
kind: Service
metadata:
name: iam-service
labels:
app: iam-service
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8080
protocol: TCP
name: http
selector:
app: iam-service
```
### Ingress Configuration
```yaml
# k8s/base/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: goodgo-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: nginx
tls:
- hosts:
- api.goodgo.vn
secretName: goodgo-tls
rules:
- host: api.goodgo.vn
http:
paths:
- path: /api/v1/iam
pathType: Prefix
backend:
service:
name: iam-service
port:
number: 80
- path: /api/v1/orders
pathType: Prefix
backend:
service:
name: order-service
port:
number: 80
- path: /api/v1/storage
pathType: Prefix
backend:
service:
name: storage-service
port:
number: 80
```
### ConfigMap & Secret
```yaml
# k8s/base/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
ASPNETCORE_ENVIRONMENT: "Production"
Logging__LogLevel__Default: "Information"
Redis__InstanceName: "GoodGo:"
---
# k8s/base/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: iam-secrets
type: Opaque
stringData:
database-url: "Host=postgres;Database=iam_db;Username=postgres;Password=secret"
jwt-secret: "your-super-secret-key-here"
```
### Helm Chart Structure
```
charts/
└── goodgo-service/
├── Chart.yaml
├── values.yaml
├── templates/
│ ├── deployment.yaml
│ ├── service.yaml
│ ├── ingress.yaml
│ ├── configmap.yaml
│ ├── secret.yaml
│ ├── hpa.yaml
│ └── _helpers.tpl
└── values/
├── development.yaml
├── staging.yaml
└── production.yaml
```
### Helm Values File
```yaml
# charts/goodgo-service/values.yaml
replicaCount: 3
image:
repository: goodgo/iam-service
tag: "latest"
pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 80
targetPort: 8080
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: api.goodgo.vn
paths:
- path: /api/v1/iam
pathType: Prefix
tls:
- secretName: goodgo-tls
hosts:
- api.goodgo.vn
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 10
targetCPUUtilizationPercentage: 70
env:
- name: ASPNETCORE_ENVIRONMENT
value: "Production"
envFromSecret:
- name: ConnectionStrings__DefaultConnection
secretName: iam-secrets
secretKey: database-url
```
### HorizontalPodAutoscaler
```yaml
# k8s/base/hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: iam-service-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: iam-service
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
```
## Common Mistakes / Lỗi Thường Gặp
### 1. No Resource Limits
```yaml
# ❌ BAD: No limits
containers:
- name: app
image: myapp
# ✅ GOOD: With limits
containers:
- name: app
image: myapp
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
```
### 2. Missing Health Probes
```yaml
# ❌ BAD: No probes
containers:
- name: app
# ✅ GOOD: All probes configured
containers:
- name: app
livenessProbe:
httpGet:
path: /health/live
port: 8080
readinessProbe:
httpGet:
path: /health/ready
port: 8080
```
### 3. Hardcoded Secrets
```yaml
# ❌ BAD: Secret in env
env:
- name: DB_PASSWORD
value: "mysecretpassword"
# ✅ GOOD: From Secret
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: db-secrets
key: password
```
## Quick Reference / Tham Chiếu Nhanh
### kubectl Commands
```bash
# EN: Apply manifests / VI: Áp dụng manifests
kubectl apply -f k8s/base/
# EN: Check pod status / VI: Kiểm tra trạng thái pods
kubectl get pods -l app=iam-service
# EN: View logs / VI: Xem logs
kubectl logs -f deployment/iam-service
# EN: Scale deployment / VI: Scale deployment
kubectl scale deployment iam-service --replicas=5
# EN: Rollout status / VI: Trạng thái rollout
kubectl rollout status deployment/iam-service
# EN: Rollback / VI: Rollback
kubectl rollout undo deployment/iam-service
```
### Helm Commands
```bash
# EN: Install chart / VI: Cài đặt chart
helm install iam-service ./charts/goodgo-service -f values/production.yaml
# EN: Upgrade / VI: Nâng cấp
helm upgrade iam-service ./charts/goodgo-service -f values/production.yaml
# EN: Rollback / VI: Rollback
helm rollback iam-service 1
# EN: List releases / VI: Liệt kê releases
helm list -A
```
## Resources / Tài Nguyên
- [Detailed Examples](./references/REFERENCE.md) - Full configurations
- [Docker Traefik](../docker-traefik/SKILL.md) - Container basics
- [Observability](../observability/SKILL.md) - Health checks
- [Error Handling](../error-handling-patterns/SKILL.md) - Probes setup
Reference in New Issue View Git Blame Copy Permalink