Category Archives: DevOps

Devops(Series) Phần 2 : AWS EC2, nhân tố quan trọng của AWS.

Aws EC2 là gì? Khi sử dụng Virtual Machine thì các bạn có thể dùng virtualbox, Vm ware, Vagrant, VM ware. Ngoài các tool phổ biến trên còn một số tool khác mà mình không liệt kê hết ở đây.

Một vitural machine cung cấp nhiều thứ ,nhưng quan trọng nhất là: CPU, RAM, và network.

Tương tự, trên các hệ thống cho thuê server như GCP(Google Cloud Platform), Microsoft Azure hoặc AWS, những VM này có các tên khác nhau, như trên Azure và Google Cloud là Compute, và trên Amazon Web Services là EC2(Elastic Compute Cloud).

Mặc dù tên gọi khác nhau nhưng về cơ bản EC2 cung cấp cho bạn 1 máy chủ với CPU, RAM, Network để bạn có thể làm việc, bạn biến nó thành 1 server hay chạy web services gì đó tùy theo bạn muốn, và EC2 nằm bên trong 1 VPC, với Gateway để kết nối internet, và ở gateway bạn có thể đặt cá rules để bảo vệ cho Instance của bạn.

Ngoài ra đối với những hệ thống thực tế, khi chạy webservices trên EC2 bạn có thể tùy chỉnh thêm autoscaling, tự động tăng giảm số lượng máy ảo khi server quá tải, hoặc tự điều chỉnh cắt giảm số lượng máy ảo trong thời gian vắng khách.

An overview about Metal as a Services(MaaS)

Hello again! Today’s class is metal as a service MAAS so we’ve been doing a number of classes lately on these different services, we’ve talked about software as a service we’ve talked about infrastructure as a service, and we have talked about platform as a service. Now when you’re talking about these services by far the most popular solution out there is software as a service that is where you basically you go out and you lease software from companies and the software is all run on their server so we’re talking about software as a service think about things like Google Docs think about things like Salesforce the software is not installed on your local computer.

Its installed on their servers and you access that somehow these are either through a web browser or through some type of a terminal connection something like that tied by the infrastructure as a service basically when your your infrastructure all those things that you would buy and install in your premises you no longer actually own anymore.

So think about your telephone systems companies you should spend $50 thousand on their telephone system and that telephone system was installed in their premises and they owned it now you can get hosted voice over IP solutions such as on sip you get hosted firewall solutions you can have hosted server rooms why have your own servers when you can go to Amazon Web Services and simply spin up a number of virtual services on their platform so that is infrastructure as a service.

We then talked about platform as a service platform as a service is where you create your web apps and then you are looking for some place to host them so the basic idea is think about a shared hosting web plan you create your web site you create your web application and then you simply upload that to GoDaddy or one in one servers their servers have PHP installed their servers have my sequel installed their servers have Ruby or Perl or any of these other scripting languages that you need all that you have to worry about is your application of course that gets much more complicated once you go over to Google App Engine and some of the more and more advanced things but that’s the the basic concept so now we’re getting to basically probably the last service that I will be talking about is metal as a service now this is one of those really really really cool ideas that actually it is pretty cutting-edge I’m not sure if it’s bleeding edge but it’s pretty cutting edge so some of you guys looking to create businesses out there really should listen to what I’m talking about right now because it really is a good business opportunity right now because not very many people actually offer this service so when we’re talking about metal as a service what we are literally talking about is providing the server hardware as a service to clients so this is not the same thing as what you would normally think about with cloud computing or virtualization where you install a hypervisor onto a server and then they spin up some kind of a instance of a server and this isn’t the same thing as a dedicated server so for and a couple of other things that I do we rent a dedicated server from a company called one and one comm with that I get a specific server 12 gigs of ram quad core processor blah blah blah.

With a certain version of Linux on it and then from that point I can configure up but with that when you are purchasing something like a dedicated server you have to use whatever operating systems are provided by the provider so with one and one com if you go with them you can use like Server 2008 or Server 2012 Fedora sent OS if you wanted to use something else tough luck if you wanted to use freebsd on one of these services that you couldn’t do it if you wanted to install a hypervisor on Twenties dedicated services servers you couldn’t do it the reason is is because although you’re renting the dedicated server it has to have a bare minimum installation on it before you are actually able to get access to it the cool thing with metal as a service it is the concept is that you are literally renting the physical box with nothing else on it so this is where you would go to a provider and you would literally rent it would be a quad-core xeon processor with so much RAM so much hard drive and that’s it there would not necessarily be sent OS on it there were not necessarily be windows on it there wouldn’t necessarily be anything on it.

You are literally renting the metal as a service so basically now instead of having to have your own server rooms with your own equipment your own server racks your own HVAC you’re all redundant to power supply and your ups and all of that kind of stuff you can have the same thing sitting in somebody else’s server room so they are renting to you the metal as a service now that you may be wondering why why would you bother with that if you can get virtual servers if you can use infrastructure as a service if you can even get dedicated servers why would you run want to rent or lease the bare metal as a service well as you go through with your companies.

If you have a startup company or if you have a technology company and you start growing what, you are going to find is no matter what operating system distribution you use. It is probably not going to be optimized for whatever it is you’re doing so you know we all know with Windows we all know with Windows. Windows hogs up a lot of extra resources to do things most of us really truly don’t care about it we’ll be happy if it did it but a lot of people don’t realize is even with Linux.

Even with Linux there are resources that are used there are security vulnerabilities that are opened up simply because when you install the default installation of whatever Linux you’re going to be using it installs a base level of applications and services and a lot of times you don’t need that so imagine if you were a company where you want to spin out a lot of database servers and you want those database servers to run at the absolute optimum the fastest they can possibly run well you may want to go in to a distribution of an operating system and literally rip out all the crap that you don’t want you don’t need notepad you don’t need tar you don’t need a lot of these these things you just need that server to run as fast as possible to do a specific task possibly do something like a database server because this becomes very important especially when you start dealing with larger companies that are dealing with a larger load on their servers because when you rip out all of the crap you don’t need on it on a servers operating system.

You can gain efficiencies now this is not you’re not going to probably speed up the server by 200% or 500% or a thousand percent right that’s not what what the target you’re going to hit you may be able to actually speed up the server though by something like five percent now for you especially if you haven’t dealt with real server rooms if you haven’t dealt with real loads on servers optimizing an operating system we get five percent improvement probably doesn’t sound like a big deal but with companies if you if you have 20 servers up and running or 40 servers up and running a five percent increase in speed can be very very very very very very very significant so with these companies they may be looking to optimize the things like I say the operating systems that will be installed how all this will be configured how all this will be managed and so all they want is the bare metal they want the server they want the hard drives they want the RAM.

They want the CPU but they don’t want anybody else to mess with the rest of it they want to be able to build this thing from the ground up and again there can be a lot of reasons for this nowadays things like again efficiency making sure that the resources on the server are optimized but also issues such as compliance so compliance is becoming a bigger and bigger deal within the the corporate world what compliance means is that you are running your IT systems to certain specifications for security and reliability so as more and more companies start using cloud computers and servers and all that to run the infrastructure of their business they have to make sure that that infrastructure is reliable enough for their industry now one of the problems if you go out and you use a standard instance of an operating system or you use a standard load of an operating system from one of these providers is you don’t necessarily know all the security flaws you haven’t necessarily been able to sit down and do penetration test and do hardening testing and do all of those things so when you when you are leasing let’s say from 1 + 1 , dedicated server you can’t guarantee that this is that the the server operating system that has been installed is as hardened as it should be.

Now again for somebody like me I don’t care again do good backups and you should be fine for and this is one of the things you have to think about for 98% of the business population this type of concept doesn’t matter but for that 2% it is very very very important it is very important that they know that whatever operating system and software that’s going to be installed in that server it lives up to certain specifications so that’s why they would want to be able to rent that that bare metal as a service so metal as a service now one of the questions that you’re going to be coming up in with thanh’s you’re gonna be saying work and got me saying.

Well Thanh uh I don’t understand how you would interact with metal as a service then because you know when we think about dealing with these virtual computers when we think about dealing with it with cloud computers and all that we have a basic interface to deal with so basically again if you get a dedicated server you get a virtual private server they spin up the operating system and then they give you the login credentials so basically the company that you’re buying the service from they have already installed the instance of the operating system they’ve already created the first user account they then give you that information for that first user account and then you can figure it out.

However it is you want so the question you may be asking say well I don’t I don’t understand that because if you’re literally renting the metal and the metal let’s say five states away well wait a minute but there’s no operating system to interact with and the metals five states away so you don’t want to drive there so so I don’t understand how you would configure it or work with it well one of the cool things and not really new but but they’re they’re coming too more into vogue is something called IPP KVM switches so kate.

KVM switches been around for forever long far longer than i’ve been in the computer industry keyboard video mouse switches so what these are generally when you’re dealing with a server rack is you plug all the servers in the rack into one KVM switch and then you can press a button then when you press that button that gives you access to the server from one keyboard video and mouse combination so you have a monitor you have a keyboard and mouse and you say oh I need to deal with the wit server – and you just hit the server – button and server – pops up oh I need to deal with server 10 you click the server 10 button and the server 10 pops up well with KVM they now have IP k via what this means is that you can deal with that server from the basic input/output so the basic video keyboard and mouse and you can do that over an IP connection so you can either open that up through a web browser and be able to log in or you can open it up through some kind of terminal session or or some kind of application so basically you can be sitting in your in your office five states away from this bare metal the company that you’re dealing with will plug in the KVM switch and whatever else and then basically you can hit the on there.

They can hit the on button or you may have some kind of remote wait at the on button and from there it will literally load into a BIOS screen then from there depending on what the the service provider has for you you can go and you can install your your your your operating system and do all of your configurations but literally you have remote access to the lowest level of that server so you could literally reboot that server and go into the BIOS and change BIOS configuration settings you literally have that ability whether you’re five states away or you know on an entirely different continent now especially with PDUs so the the power distribution units basically what most people will call surge protectors even those have remote access so that you can do things like power cycle the server because again the question where you’re like well Thanh I don’t understand if if you have metal as a service.

If you have that metal and you do something wrong and it freezes up how do you force it to restart because again you know you’re installing operating systems you’re doing all kind of wacky stuff sometimes it’ll freeze and if you have access to the metal what are you going to do well with these surge protectors these power distribution units you can actually power cycle them again remotely so this is the cool stuff with metal as a service I think this is going to become a much more prominent thing right now this is one of those things that it is offered by companies you don’t see it around a lot but it is something that you should be looking at and you should be thinking about because again this way you can have you you can have your own custom servers that have been hardened up to your specifications but they are sitting in somebody else’s data center you don’t have to worry about it just like with all these commoditized items it is less expensive for you to be able to rent this service from somebody else that can have a thousand or five thousand or twenty thousand of these servers up and running basically they can have five or ten technicians running around making sure all the metal is doing with metal supposed to do versus if you had servers in each one of your individual offices and having people run around and deal with that kind of stuff so that’s the basic concept of metal as a service again all it is at the end of the day is you are literally leasing or renting that bare metal so you’ve got a server with absolutely no operating system on it.

That is what you’re leasing that allows you to do a lot of really cool sexy amazing cool stuff um and with the modern technology like I say it’s actually very very very doable today it’s one of those things when you got to start thinking we think about the cloud I mean that’s a whole one of the problems with us old technicians right is we’re used to touching stuff we like you know when we work on computers we’re used to keyboards we’re used to like plugging away and we’ve got the server in front of us and we got the router in front of us we got all this stuff in front of us so like mentally we think about all this equipment like being in our server room being in our office being in our facility and so what you have to realize is in this modern world that we’re in you can have the exact same functionality that you would have if the equipment was in your building but it can be somewhere else it can be provisioned given to you very quickly it can be given to you very inexpensively and you can be provided as securely or more securely than what you could do yourself again a lot of people you know I’m starting to talk you know talking about things like metal as a service and everybody gets worried about security everybody’s like oh how do I how do I know Thanh.

How do I know my servers are going to be secure how do I know that data center is going to be secure well one you do something called due diligence you you actually make sure that the company that you’re dealing with is a legitimate company you probably if you’re going to be running your business office stuff you should fly out to their data center at least once to actually take a look at it make sure they’ve got all the security stuff and all that but beyond that what a lot of people don’t realize is how in secure their facilities actually are they always worry about how insecure the cloud provider is and they somehow completely ignore just the crappy crappy crappy crappy crappy security that they have on their facility again I’m here in Baltimore Maryland in the Baltimore City.

We have an incredibly high crime rate and so one of the real problems that you have is you can have antivirus on your servers you can have your firewalls on your servers you can of your intrusion detection on the servers you can have your ups on the servers and some crackhead could break into your building literally rip the server out of server rack and walk away with it and try to sell for 25 bucks to the local pawn shop and when they can’t sell it at the local pawn shop then they’ll get pissed and they’ll just throw it in a ditch and keep walking again that’s the nice thing with these data centers at least with that kind of physical security you would be surprised many times they have much much much much better physical security in the rest of this then then you have take a real honest hard look at the security in your facility and if you’re honest about it you probably know that it’s it’s probably pretty bad it’s probably probably probably your servers would be better off in some kind of hosted solution so that’s all there is for from metal as a service.

I enjoy taking this class and look forward to see you the next one you.


Introduction to Terraform

Welcome to the intro guide to Terraform! This guide is the best place to start with Terraform. We cover what Terraform is, what problems it can solve, how it compares to existing software, and contains a quick start for using Terraform.

If you are already familiar with the basics of Terraform, the documentation provides a better reference guide for all available features as well as internals.

What is Terraform?

Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.

Configuration files describe to Terraform the components needed to run a single application or your entire datacenter. Terraform generates an execution plan describing what it will do to reach the desired state, and then executes it to build the described infrastructure. As the configuration changes, Terraform is able to determine what changed and create incremental execution plans which can be applied.

The infrastructure Terraform can manage includes low-level components such as compute instances, storage, and networking, as well as high-level components such as DNS entries, SaaS features, etc…

Examples work best to showcase Terraform. Please see the use cases.

The key features of Terraform are:

Infrastructure as Code

Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would any other code. Additionally, infrastructure can be shared and re-used.

Execution Plans

Terraform has a “planning” step where it generates an execution plan. The execution plan shows what Terraform will do when you call apply. This lets you avoid any surprises when Terraform manipulates infrastructure.

Resource Graph

Terraform builds a graph of all your resources, and parallelizes the creation and modification of any non-dependent resources. Because of this, Terraform builds infrastructure as efficiently as possible, and operators get insight into dependencies in their infrastructure.

Change Automation

Complex changesets can be applied to your infrastructure with minimal human interaction. With the previously mentioned execution plan and resource graph, you know exactly what Terraform will change and in what order, avoiding many possible human errors.


Up till now, we have looked in Terraform for infrastructure provisioning and initial setup using provisioners. Now let’s look at ansible which is an open source automation platform. Ansible does configuration management, application deployment, along with infrastructure orchestration. Ansible is procedural rather than declarative. In ansible, we define what we want to do and ansible go through each and every step for that. In terraform, we specify what state we want to achieve and it makes sure we are at that state by creating, modifying or destroying needed resources. Ansible doesn’t manage any state so we need to define how we want to keep track of created resources using tags or other properties while terraform keeps the state of infrastructure so we don’t need to worry about duplicate resource creation. Personally, I recommend terraform for provisioning the infrastructure, and Ansible for configuring the software as terraform is much more intuitive for infrastructure orchestration.

Once upon a time, managing servers reliably and efficiently was a challenge. System administrators managed server by hand, installing software manually, changing configuration and managing services on servers. As managed servers grew and managed services become more complex, scaling manual process was time-consuming and hard. Then came Ansible which is helpful in creating the group of machines, define how to configure them, what action to be taken on them. All these configurations and actions can be triggered from a central location which can be your local system (named controller machine). Ansible uses SSH to connect to remote hosts and do the setup, no software needed to be installed beforehand on a remote host. It’s simple, agentless, powerful and flexible. It uses YAML in form of ansible playbook. Playbook is a file where automation is defined through tasks. A task is a single step to be performed like installing a package.

Ansible works by connecting to remote hosts (using SSH) defined in inventory file, which contains information about servers to be managed. Ansible then executes defined modules or tasks inside a playbook. Execution of playbook which is called the play. We can use predefined organised playbook called roles, which are used for sharing and reusing a provisioning.

Let’s have a look at some of the terminology used in ansible:

  1. Controller Machine: Machine where Ansible is installed
  2. Inventory: Information regarding servers to be managed
  3. Playbook: Automation is defined using tasks defined in YAML format
  4. Task: Procedure to be executed
  5. Module: Predefined commands executed directly on remote hosts
  6. Play: Execution of a playbook
  7. Role: a Pre-defined way for organizing playbooks
  8. Handlers: Tasks with unique names that will only be executed if notified by another task

As I am using Mac OS, so will be installing pip first using easy_install and then ansible using pip. Please look here to install for other platforms.

sudo easy_install pipsudo pip install ansible

Once above command executed, run command below to make sure that ansible is installed properly.

ansible --version

The output should be something like below.

ansible 2.5.3
config file = None
configured module search path = [u'/Users/mitesh/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /Library/Python/2.7/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 2.7.10 (default, Oct 6 2017, 22:29:07) [GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.31)]

Ansible reads the ssh keys form ~/.ssh/id_rsa. We need to make sure we have public key setup on all remote hosts as we already done using terraform while creation of a remote EC2 instance.

For running ansible command, we need inventory file which is expected to be at a specified path: “/etc/ansible/hosts”. We can change its path using ansible config file (ansible.cfg file) in ansible workspace and define inventory file path there. We need to define username which we are going to use during ssh in ansible config file.

File: ansible.cfg
inventory = ./inventory
remote_user = ec2-user

Create an inventory file and add the IP address (dummy)of a remote host.

File: inventory

Once this is done, let’s execute below command to ping all given remote host.

ansible all -m ping

Ansible executes ping command to a remote host and gives below output: | SUCCESS => {
"changed": false,
"ping": "pong"

We can even create groups in the inventory file and execute ansible commands by replacing all with a group name. In below example, the server is our group name specified in the inventory file.

ansible server -m ping

Let’s look at playbooks to execute a series of actions. We need to make sure we define playbooks as idempotent so that they can run more than once without having any side effects. Ansible executes playbook in a sequential manner from top to bottom.

Sample playbook is like:

- hosts: [hosts]
- [first task]
- [second task]

We are going to create a directory on our remote node using playbook for all hosts. Below mentioned playbook will create test directory in /home/ec2-user path.

- hosts: all
— name: Creates directory
file: path=/home/ec2-user/test state=directory

When we execute above playbook using command “ansible-playbook playbook.yml” we get below result. In this, the first result is gathering facts. This happens as ansible executes a special module named “setup” before executing any task. This module connects to a remote host and gathers all kinds of information like IP address, disk space, CPU etc. Once this is done, our create directory task is executed to create the test directory.

PLAY [all] ***************************************************************************************************************************************************TASK [Gathering Facts] ***************************************************************************************************************************************
ok: []TASK [Creates directory] *************************************************************************************************************************************
changed: []PLAY RECAP *************************************************************************************************************************************************** : ok=2 changed=1 unreachable=0 failed=0

There are many modules and commands available to be executed on remote hosts. With ansible, we can do a server setup, software installation and lot more tasks.

Bash Script

Đặt vấn đề

Có bao giờ bạn cảm thấy mất thời gian và công sức khi cứ phải lặp lại thao tác gõ những lệnh dài dòng và khó nhớ trên Terminal . Và bạn muốn viết những câu lệnh đó ở một chỗ nào đó và sau chỉ cần lấy ra chạy

Giải pháp cho bạn là hãy viết một file script ( file .sh trên mồi trường linux và .bat trên môi trường window ) chỉ cần viết 1 lần và có thể chạy bất kỳ khi nào

1) Cấu trúc file bash

Dòng đâu tiên và bắt buộc với một file bash với đuôi mở rộng là .sh ( trên Linux ) hoặc .bat trên Window ) là câu lệnh này


// tiếp theo là những câu lệnh thực thi  

VD :

echo Hello 
// in ra màn hình terminal chứ Hello 

Để run file này đơn giản trên màn hình terminal chỉ cần chạy ./

2) Các biến trong file bash

Có 2 kiểu biến trong file bash

  • Setting a value for a variable.
  • Reading the value for a variable.

Đơn giản khi chúng ta cần tham chiều và để đọc giá trị của biên đó thì ta dùng Reading the value với cú pháp thêm dấu $ trước tên biến Khi chúng ta muốn gán giá trị cho biến thì ta dùng Setting a value chỉ cần bỏ dấu $ đằng trước đi là được

Một số biến của hệ thống như :

$0- Tên của file  Bash script.
$1 - $9 - lần lượt là các đối số truyền vào cho file Bash script.
$# - Số lượng các  arguments chúng ta truyền vào cho file the Bash script.
$@ - Tất cả các đối số cung cấp cho file  Bash script.
$? - Trạng thái của câu lệnh thực hiện gần nhất ( 0 -> true , 1 -> false ) 
$$ - ID của script hiện tại .

VD :

echo arguments1 = $arg

Run file : ./ 123 với 123 là giá trị argument truyền vào

màn hình sẽ in ra kết quả như sau :

nambd@nambd-HP:~/Desktop$ bash ./  123
arguments1 = 123

3) Input trong file bash

Như ví dụ bên trên mình đang truyển giá trị theo kiểu Command line arguments

Một cách khác là mình sẽ dùng cách Ask the User for Input

Cú pháp :

read value

VD :

nambd@nambd-HP:~/Desktop$ bash ./ 
Enter your name :
Your name is Hihi

Một số option

-p : thêm dấu nhắc nhập lệnh -s : ẩn đi giá trị bạn nhập


read -p 'Username: ' uservar
read -sp 'Password: ' passvar 
echo Username : $uservar Password : $passvar 

Khi bạn muốn nhập nhiều gía trị :

read var1 var2 var3 

4) If , If else Statements

Cậu lệnh điều kiện

Cú pháp

if [ <some test> ]
<other commands>

VD :


if [ $# -eq 1 ] // kiêm tra số lượng các argument 
nl $1
//some action 

Hoặc câu lệnh elif

if [ <some test> ]
elif [ <some test> ] 
<different commands>
<other commands>

VD :


if [ $1 -ge 18 ]
echo You may go to the party.
elif [ $2 == 'yes' ]
echo You may go to the party but be back before midnight.
echo You may not go to the party.

Boolean Operations gồm có

  • and – &&
  • or – ||


if [ -r $1 ] && [ -s $1 ]
echo This file is useful.

5) Case Statements

Cú pháp :

case <variable> in
<pattern 1>)
<pattern 2>)
<other commands>

VD :

case $1 in
echo starting
echo stoping
echo restarting
echo don\'t know

Tổng kết

Ok .Chăc chỉ cần như này là các bạn đã có thể áp dụng để chạy nhiều câu lệnh trên terminal dung bash script rồi Phần này mình xin dừng lại ở đây , phần tiếp theo mình sẽ giới thiệu về vòng lắp và function trong Bash Script


What is Kubernetes? Let’s find out how it works

Kubernetes là gì? Cùng tìm hiểu cách hoạt động

What is Kubernetes? Kubernetes, or k8s is an open source platform that automates the management, scaling and deployment of applications in the form of containers, also known as Container orchestration engine. It eliminates a lot of the manual processes involved in the deployment and expansion of containerized applications.

Kubernetes là gì? – Kubernetes, hoặc k8s là một nền tảng mã nguồn mở tự động hoá việc quản lý, scaling và triển khai ứng dụng dưới dạng container hay còn gọi là Container orchestration engine. Nó loại bỏ rất nhiều các quy trình thủ công liên quan đến việc triển khai và mở rộng các containerized applications.

Lately, many applications have implemented containerization using docker and using it as an increasingly production environment. In production environments, because it is difficult to structure a container-based system using only docker. So using a platform Container orchestration engine such as k8s is quite popular today.

Gần đây, nhiều ứng dụng đã thực hiện container hoá bằng cách sử dụng docker và sử dụng nó như là môi trường production ngày càng tăng. Trên môi trường production, Vì việc cấu trúc hệ thống chạy bằng container chỉ sử dụng docker là rất khó khăn. Cho nên việc sử dụng một nền tảng Container orchestration engine như là k8s thì khá phổ biến hiện nay.

Actual production applications span multiple containers. These containers must be deployed on multiple server hosts. Kubernetes provides the coordination and management necessary to deploy containers to scale for those workloads.

Các ứng dụng production thực tế mở rộng nhiều containers. Các containers đó phải được triển khai trên nhiều server hosts. Kubernetes cung cấp khả năng phối hợp và quản lý cần thiết để triển khai các containers theo quy mô cho các workloads đó.

tuyển it

Kubernetes was originally developed and designed by engineers at Google. This is also the technology behind Google’s cloud services. Google has been creating more than 2 billion container deployments per week, all supported by the internal platform.

Kubernetes ban đầu được phát triển và thiết kế bởi các kỹ sư tại Google. Đây cũng là công nghệ đằng sau các dịch vụ đám mây của Google. Google đã và đang tạo ra hơn 2 tỷ container deployments mỗi tuần và tất cả đều được hỗ trợ bởi nền tảng nội bộ.

Nên sử dụng Kubernetes khi nào?

  • Large businesses that have a real need to scaling the system quickly, and already use containers (Docker). Projects need to run> = 5 containers of the same type for 1 service. (For example using> = 5 machines together to run code website TopDev) Innovative startups invest in technology to easily auto scale later.
  • Các doanh nghiệp lớn, có nhu cầu thực sự phải scaling hệ thống nhanh chóng, và đã sử dụng container (Docker).
  • Các dự án cần chạy >= 5 container cùng loại cho 1 dịch vụ. (Ví dụ dùng >=5 máy cùng để chạy code website TopDev).
  • Các startup tân tiến, chịu đầu tư vào công nghệ để dễ dàng auto scale về sau.

Kubernetes giải quyết vấn đề gì?

By using docker, on 1 host you can create multiple containers. However, if you intend to use it in production environment, you must think about the following:

  • Batch management of docker hosts
  • Container Scheduling
  • Rolling update
  • Scaling / Auto Scaling
  • Monitor the life and death of the container.
  • Self-hearing in case something goes wrong. (Capable of detecting and self-correct error)
  • Service discovery
  • Load balancing
  • Data management, work node, log
  • Infrastructure as Code
  • Alignment and expansion with other systems

Bằng việc sử dụng docker, trên 1 host bạn có thể tạo ra nhiều container. Tuy nhiên nếu bạn có ý định sử dụng trên môi trường production thì phải bắt buộc phải nghĩ đến những vấn đề dưới đây:

  • Việc quản lý hàng loạt docker host
  • Container Scheduling
  • Rolling update
  • Scaling/Auto Scaling
  • Monitor vòng đời và tình trạng sống chết của container.
  • Self-hearing trong trường hợp có lỗi xãy ra. (Có khả năng phát hiện và tự correct lỗi)
  • Service discovery
  • Load balancing
  • Quản lý data, work node, log
  • Infrastructure as Code
  • Sự liên kết và mở rộng với các hệ thống khác

Bằng việc sử dụng một Container orchestration engine như K8s có thể giải quyết được nhưng vấn đề trên đây. Trong trường hợp không sử dụng k8s, Thì sẽ phải cần thiết tạo ra cơ chế tự động hoá cho những cái kể trên, như thế thì cực kỳ tốn thời gian và không khả thi.

K8s quản lý thực thi các container sử dụng YAML để viết các Manifest.

tuyển it
Kubernetes là gì?

Sau khái niệm kubernetes là gì chúng ta hãy đến với chức năng của nó. Kubernetes quản lý các docker host và cấu trúc container cluster. Ngoài ra, khi thực thi các container trên K8s, bằng cách thực hiện replicas (tạo ra nhiều container giống nhau) làm cho hệ thống có sức chịu lỗi cao và tự động thực hiện load balancing. Thông qua cơ chế load balancing, chúng ta có thể tăng giảm số lượng container replica (auto scaling).

tuyển it

Khi thực hiện phân chia container vào các Node (docker host), dựa trên các loại docker host kiểu như “Disk SSD” hay “số lượng clock của CPU cao”… Hoặc dựa trên loại Workload kiểu như “Disk I/O quá nhiều”, “Băng thông đến một container chỉ định quá nhiều” … K8s sẽ ý thức được việc affinity hay anti-affinity và thực hiện Scheduling một cách hợp lý cho chúng ta.

tuyển it

Trong trường hợp không được chỉ định host cụ thể, K8s sẽ thực hiện scheduling tuỳ thuộc vào tình trạng CPU, memmory của docker host có trống hay không. Vì vậy, chúng ta không cần quan tâm đến việc quản lý bố trí container vào các docker host như thế nào.

Hơn nữa, trường hợp resource không đủ, thì việc auto scheduling của K8s cluster cũng sẽ được thực hiện tự động.

kubernetes là gì

Được xây dựng theo quan điểm tính chịu lỗi cao, K8s thực hiện monitor các container theo tiêu chuẩn. Trong trường hợp bất ngờ nào đó, khi một container process bị dừng, K8s sẽ thực hiện Self-hearing bằng cách scheduling một container nữa.

Self-hearing là một khái niệm cự kỳ quan trọng trong k8s, nếu trường hợp có một node nào đó trong cluster xảy ra vấn đề ví dụ có thể là bị die, hay node đó được di chuyển đi. Cơ chế self-hearing sẽ tự động phục hồi mà không ảnh hưởng đến service.

Thêm nữa, ngoài việc monitor hệ thống, k8s còn có khả năng thiết lập health check bằng HTTP/TCP script.

kubernetes là gì

Trường hợp sau khi auto scaling, phát sinh một vấn đề của endpoint đến container. Trong trường hợp sử dụng máy ảo, bằng việc setting load balancing endpoint sẽ được sử dụng như một VIP.

K8s cũng có một chức năng tương tự như vậy đó là Service. Service của k8s cung cấp chức năng load balancing cho hàng loạt các container được chỉ định. Việc tự động thêm, xoá container thời điểm scale là điều hiển nhiên, khi một container xảy ra sự cố thì tự động cách ly.

Khi thực hiện rolling update container thì việc đầu tiên k8s sẽ làm là cách ly container cho chúng ta, vì vậy k8s có thể đảm nhận việc quản lý các endpoint ở mức SLA cao.

Trong trường hợp cấu trúc một hệ thống sử dụng docker, nên phân tách nhỏ các chức năng trong kiến trúc Microservice.

Trong kiến trúc Microservice, để sử dụng các image container được tạo ra tương ứng với từng chức năng và deploy chúng thì chức năng Service discovery thực sự cần thiết.

kubernetes là gì

K8s là một Platform nhưng có khả năng liên kết tốt với các hệ sinh thái bên ngoài, có nhiều middleware chạy trên các service của k8s, trong tương lai chắc chắn sẽ còn nhiều hơn nữa.

  • Ansible: Deploy container tới Kubernetes
  • Apache Ignite: Sử dụng Service Discovery của Kubernetes, tự động tạo và scaling k8s clkuster
  • Fluentd: gửi log của container trong Kubernetes
  • Jenkins: Deploy container đến Kubernetes
  • OpenStack:Cấu trúc k8s liên kết với Cloud
  • Prometheus: Monitor Kubernetes
  • Spark: Thực thi native job trên Kubernetes(thay thế cho YARN)
  • Spinnaker:Deploy container đến Kubernetes

Thêm nữa, K8s chuẩn bị một vài cơ thế để có thể mở rộng, thực thi chức năng độc lập, nó có thể sử dụng platform như là một framework. Bằng cách sử dụng khả năng mở rộng, chúng ta có thể thực hiện release một ReplicaSet mà k8s cung cấp.

Những khái niệm cơ bản trong Kubernetes là gì

Master node

Là server điều khiển các máy Worker chạy ứng dụng. Master node bao gồm 4 thành phần chính:

  • Kubernetes API Server: là thành phần giúp các thành phần khác liên lạc nói chuyện với nhau. Lập trình viên khi triển khai ứng dụng sẽ gọi API Kubernetes API Server này.
  • Scheduler: Thành phần này lập lịch triển khai cho các ứng dụng, ưng dụng được đặt vào Worker nào để chạy
  • Controler Manager: Thành phần đảm nhiệm phần quản lý các Worker, kiểm tra các Worker sống hay chết, đảm nhận việc nhân bản ứng dụng…
  • Etcd: Đây là cơ sở dữ liệu của Kubernetes, tất cả các thông tin của Kubernetes được lưu trữ cố định vào đây.

Worker node

Là server chạy ứng dụng trên đó. Bao gồm 3 thành phần chính:

  • Container runtime: Là thành phần giúp chạy các ứng dụng dưới dạng Container. Thông thường người ta sử dụng Docker.
  • Kubelet: đây là thành phần giao tiếp với Kubernetes API Server, và cũng quản lý các container
  • Kubernetes Service Proxy: Thành phần này đảm nhận việc phân tải giữa các ứng dụng


Tool quản trị Kubernetes, được cài đặt trên các máy trạm, cho phép các lập trình viên đẩy các ứng dụng mô tả triển khai vào cụm Kubernetes, cũng như là cho phép các quản trị viên có thể quản trị được cụm Kubernetes.

kubernetes là gì


Pod là khái niệm cơ bản và quan trọng nhất trên Kubernetes. Bản thân Pod có thể chứa 1 hoặc nhiều hơn 1 container. Pod chính là nơi ứng dụng được chạy trong đó. Pod là các tiến trình nằm trên các Worker Node. Bản thân Pod có tài nguyên riêng về file system, cpu, ram, volumes, địa chỉ network…


Là phần mềm chạy ứng dụng đã được gói lại thành một chương trình để có thể chạy dưới dạng container. Các Pod sẽ sử dụng các Image để chạy.

Các Image này thông thường quản lý ở một nơi lưu trữ tập trung, ví dụ chúng ta có Docker Hub là nơi chứa Images của nhiều ứng dụng phổ biến như nginx, mysql, wordpress…


Là cách thức để giúp triển khai, cập nhật, quản trị Pod.

Replicas Controller

Là thành phần quản trị bản sao của Pod, giúp nhân bản hoặc giảm số lượng Pod.


Là phần mạng (network) của Kubernetes giúp cho các Pod gọi nhau ổn định hơn, hoặc để Load Balancing giữa nhiều bản sao của Pod, và có thể dùng để dẫn traffic từ người dùng vào ứng dụng (Pod), giúp người dùng có thể sử dụng được ứng dụng.


Label ra đời để phân loại và quản lý Pod,. Ví dụ chúng ta có thể đánh nhãn các Pod chạy ở theo chức năng frontend, backend, chạy ở môi trường dev, qc, uat, production…

Thực hành Kubernetes là gì

Phần thực hành sẽ giúp luyện tập với những khái niệm cơ bản ở phía trên của Kubernetes. Nội dùng phần này bao gồm việc cài đặt cụm Kubernetes gồm Master và Node thông qua Minikube.

Việc triển khai ứng dụng vào Kubernetes thông qua Deployment, sử dụng Service để giúp người dùng truy cập ứng dụng từ bên ngoài vào trong Kubernetes, và các thao tác quản trị như tăng giảm số bản sao của ứng dụng cũng như cập nhật phiên bản của ứng dụng.