{"id":1472,"date":"2024-12-07T06:56:01","date_gmt":"2024-12-07T06:56:01","guid":{"rendered":"https:\/\/kb.lagonet.vn\/?p=1472"},"modified":"2024-12-07T06:56:01","modified_gmt":"2024-12-07T06:56:01","slug":"bai-lab-kubernetes-trien-khai-va-quan-ly-nguoi-dung-tren-cluster","status":"publish","type":"post","link":"https:\/\/kb.lagonet.vn\/?p=1472","title":{"rendered":"B\u00e0i Lab Kubernetes – Tri\u1ec3n khai v\u00e0 qu\u1ea3n l\u00fd ng\u01b0\u1eddi d\u00f9ng tr\u00ean cluster"},"content":{"rendered":"\n

T\u00f4i \u0111\u00e3 tr\u00edch xu\u1ea5t \u0111\u01b0\u1ee3c n\u1ed9i dung t\u1eeb c\u00e1c h\u00ecnh \u1ea3nh. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 c\u00e1c b\u01b0\u1edbc chi ti\u1ebft d\u1ef1a tr\u00ean b\u00e0i lab Kubernetes:<\/p>\n\n\n\n

\n\n\n\n

B\u00e0i Lab Kubernetes – Tri\u1ec3n khai v\u00e0 qu\u1ea3n l\u00fd ng\u01b0\u1eddi d\u00f9ng tr\u00ean cluster<\/strong><\/h3>\n\n\n\n

B\u01b0\u1edbc 1: Ki\u1ec3m tra c\u1ea5u h\u00ecnh m\u1eb7c \u0111\u1ecbnh<\/strong><\/h4>\n\n\n\n

M\u1eb7c \u0111\u1ecbnh, kubectl<\/code> s\u1eed d\u1ee5ng file c\u1ea5u h\u00ecnh t\u1eeb th\u01b0 m\u1ee5c: $HOME\/.kube\/config<\/code>.
N\u1ebfu mu\u1ed1n ch\u1ec9 \u0111\u1ecbnh file kh\u00e1c \u0111\u1ec3 kubectl<\/code> k\u1ebft n\u1ed1i \u0111\u1ebfn c\u1ee5m Kubernetes, s\u1eed d\u1ee5ng l\u1ec7nh:<\/p>\n\n\n\n

kubectl --kubeconfig=$HOME\/config get node\n<\/code><\/pre>\n\n\n\n
B\u01b0\u1edbc 2: C\u1ea5u tr\u00fac file config<\/strong><\/h4>\n\n\n\n
File c\u1ea5u h\u00ecnh bao g\u1ed3m:<\/p>\n\n\n\n
    \n
  • Danh s\u00e1ch c\u00e1c clusters:<\/strong> th\u00f4ng tin k\u1ebft n\u1ed1i \u0111\u1ebfn c\u1ee5m Kubernetes.<\/li>\n\n\n\n
  • Danh s\u00e1ch c\u00e1c users:<\/strong> th\u00f4ng tin ng\u01b0\u1eddi d\u00f9ng.<\/li>\n\n\n\n
  • Danh s\u00e1ch c\u00e1c context:<\/strong> nh\u00f3m user v\u00e0 cluster th\u00e0nh m\u1ed9t context \u0111\u1ec3 s\u1eed d\u1ee5ng d\u1ec5 d\u00e0ng.<\/li>\n<\/ul>\n\n\n\n
    B\u01b0\u1edbc 3: Chu\u1ea9n b\u1ecb m\u00f4i tr\u01b0\u1eddng (Base Node)<\/strong><\/h4>\n\n\n\n
      \n
    1. C\u00e0i \u0111\u1eb7t kubectl<\/code> tr\u00ean m\u1ed9t m\u00e1y (g\u1ecdi l\u00e0 base node). Kh\u00f4ng c\u1ea7n init c\u1ee5m.<\/li>\n\n\n\n
    2. Copy file c\u1ea5u h\u00ecnh t\u1eeb m\u00e1y master sang base node:<\/li>\n<\/ol>\n\n\n\n
      scp \/root\/.kube\/config ubuntu@<BASE_NODE_IP>:\/home\/ubuntu\/config\n<\/code><\/pre>\n\n\n\n
        \n
      1. Tr\u00ean base node:
        • Ki\u1ec3m tra k\u1ebft n\u1ed1i v\u1edbi file c\u1ea5u h\u00ecnh v\u1eeba copy:<\/li><\/ul>kubectl --kubeconfig=$HOME\/config get node<\/code><\/li>\n<\/ol>\n\n\n\n
          B\u01b0\u1edbc 4: Thi\u1ebft l\u1eadp bi\u1ebfn m\u00f4i tr\u01b0\u1eddng<\/strong><\/h4>\n\n\n\n
            \n
          1. Set bi\u1ebfn m\u00f4i tr\u01b0\u1eddng $KUBECONFIG<\/code> \u0111\u1ec3 s\u1eed d\u1ee5ng file config m\u1eb7c \u0111\u1ecbnh:<\/li>\n<\/ol>\n\n\n\n
            export KUBECONFIG=\"$HOME\/config\"\n<\/code><\/pre>\n\n\n\n
              \n
            1. Ki\u1ec3m tra:<\/li>\n<\/ol>\n\n\n\n
              kubectl get node\n<\/code><\/pre>\n\n\n\n
              B\u01b0\u1edbc 5: T\u1ea1o namespace v\u00e0 c\u1ea5p quy\u1ec1n<\/strong><\/h4>\n\n\n\n
                \n
              1. T\u1ea1o namespace:<\/li>\n<\/ol>\n\n\n\n
                kubectl create namespace backend1\n<\/code><\/pre>\n\n\n\n
                  \n
                1. T\u1ea1o private key cho user:<\/li>\n<\/ol>\n\n\n\n
                  openssl genrsa -out pnh1.key 2048\n<\/code><\/pre>\n\n\n\n
                    \n
                  1. T\u1ea1o file CSR:<\/li>\n<\/ol>\n\n\n\n
                    openssl req -new -key pnh1.key -out pnh1.csr -subj \"\/CN=pnh1\/O=pnh\"\n<\/code><\/pre>\n\n\n\n
                      \n
                    1. T\u1ea1o ch\u1ee9ng ch\u1ec9 t\u1eeb CSR tr\u00ean m\u00e1y master:<\/li>\n<\/ol>\n\n\n\n
                      sudo openssl x509 -req -in pnh1.csr -CA \/etc\/kubernetes\/pki\/ca.crt -CAkey \/etc\/kubernetes\/pki\/ca.key -CAcreateserial -out pnh1.crt -days 500\n<\/code><\/pre>\n\n\n\n
                      B\u01b0\u1edbc 6: Thi\u1ebft l\u1eadp user v\u00e0 context<\/strong><\/h4>\n\n\n\n
                        \n
                      1. Copy file ch\u1ee9ng ch\u1ec9 v\u00e0 key v\u1ec1 base node:<\/li>\n<\/ol>\n\n\n\n
                        scp master:\/root\/pnh1.* \/home\/ubuntu\/\n<\/code><\/pre>\n\n\n\n
                          \n
                        1. Th\u00eam user v\u00e0o config:<\/li>\n<\/ol>\n\n\n\n
                          kubectl config set-credentials pnh1 --client-certificate=\/home\/ubuntu\/pnh1.crt --client-key=\/home\/ubuntu\/pnh1.key\n<\/code><\/pre>\n\n\n\n
                            \n
                          1. T\u1ea1o context cho user:<\/li>\n<\/ol>\n\n\n\n
                            kubectl config set-context pnh1-context --cluster=kubernetes --namespace=backend1 --user=pnh1\n<\/code><\/pre>\n\n\n\n
                            B\u01b0\u1edbc 7: T\u1ea1o Role v\u00e0 ph\u00e2n quy\u1ec1n<\/strong><\/h4>\n\n\n\n
                              \n
                            1. T\u1ea1o Role (ph\u00e2n quy\u1ec1n c\u1ee5 th\u1ec3 trong namespace backend1<\/code>):<\/li>\n<\/ol>\n\n\n\n
                              # File: pnh1role.yml\napiVersion: rbac.authorization.k8s.io\/v1\nkind: Role\nmetadata:\n  namespace: backend1\n  name: deploy-manager\nrules:\n- apiGroups: [\"\", \"extensions\", \"apps\"]\n  resources: [\"deployments\", \"replicasets\", \"pods\"]\n  verbs: [\"get\", \"list\", \"watch\", \"create\", \"update\", \"patch\", \"delete\"]\n<\/code><\/pre>\n\n\n\n
                              \u00c1p d\u1ee5ng Role:<\/p>\n\n\n\n
                              kubectl apply -f pnh1role.yml\n<\/code><\/pre>\n\n\n\n
                                \n
                              1. T\u1ea1o RoleBinding:<\/li>\n<\/ol>\n\n\n\n
                                kubectl create rolebinding rolebinding-deploy --role=deploy-manager --user=pnh1 -n backend1\n<\/code><\/pre>\n\n\n\n
                                B\u01b0\u1edbc 8: Ki\u1ec3m tra quy\u1ec1n<\/strong><\/h4>\n\n\n\n
                                  \n
                                1. \u0110\u1eb7t context:<\/li>\n<\/ol>\n\n\n\n
                                  kubectl config use-context pnh1-context\n<\/code><\/pre>\n\n\n\n
                                    \n
                                  1. Ki\u1ec3m tra quy\u1ec1n h\u1ea1n:<\/li>\n<\/ol>\n\n\n\n
                                    kubectl get pod -n backend1\n<\/code><\/pre>\n\n\n\n
                                    B\u01b0\u1edbc 9: M\u1edf r\u1ed9ng quy\u1ec1n (ClusterRole)<\/strong><\/h4>\n\n\n\n
                                    N\u1ebfu c\u1ea7n quy\u1ec1n tr\u00ean to\u00e0n b\u1ed9 c\u00e1c namespace:<\/p>\n\n\n\n
                                    # File: pnh1clusterrole.yml\napiVersion: rbac.authorization.k8s.io\/v1\nkind: ClusterRole\nmetadata:\n  name: deploy-cluster-manager\nrules:\n- apiGroups: [\"\", \"extensions\", \"apps\"]\n  resources: [\"namespaces\", \"deployments\", \"replicasets\", \"pods\"]\n  verbs: [\"get\", \"list\", \"watch\", \"create\", \"update\", \"patch\", \"delete\"]\n<\/code><\/pre>\n\n\n\n
                                    \u00c1p d\u1ee5ng v\u00e0 t\u1ea1o ClusterRoleBinding:<\/p>\n\n\n\n
                                    kubectl apply -f pnh1clusterrole.yml\nkubectl create clusterrolebinding clusterbinding-deploy --clusterrole=deploy-cluster-manager --user=pnh1\n<\/code><\/pre>\n\n\n\n
                                    \n\n\n\n
                                    H\u00e3y cho t\u00f4i bi\u1ebft n\u1ebfu b\u1ea1n c\u1ea7n gi\u1ea3i th\u00edch th\u00eam ph\u1ea7n n\u00e0o!<\/p>\n","protected":false},"excerpt":{"rendered":"
                                    T\u00f4i \u0111\u00e3 tr\u00edch xu\u1ea5t \u0111\u01b0\u1ee3c n\u1ed9i dung t\u1eeb c\u00e1c h\u00ecnh \u1ea3nh. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 c\u00e1c b\u01b0\u1edbc chi ti\u1ebft d\u1ef1a tr\u00ean […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[141],"tags":[],"class_list":["post-1472","post","type-post","status-publish","format-standard","hentry","category-devops"],"_links":{"self":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts\/1472","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1472"}],"version-history":[{"count":1,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts\/1472\/revisions"}],"predecessor-version":[{"id":1473,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts\/1472\/revisions\/1473"}],"wp:attachment":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1472"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1472"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1472"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}