Trường Đại học Công nghệ Thông tin (UIT)

BÁO CÁO
SLIDE 3
a) Microservice
SLIDE 4
Microservices is an architectural approach to building software systems where the
application is broken down into small, independent and scalable services.
Microservices are designed to reduce barriers to software development, deployment, and
maintenance. Each microservice can be written in different languages, technologies and
databases corresponding to its requirements
SLIDE 5
Microservices are typically deployed as separate processes or containers, and are connected
through APIs or messaging systems. This allows each service to be developed, tested, and
deployed independently of the others, which can result in faster release cycles and more
efficient use of resources.
Microservices architecture allows development teams to focus on the part of the application
they good at, and leave the rest to other teams. Microservices can help to avoid the issues
associated with monolithic architecture, such as tight coupling, long release cycles, and
difficulty with scaling. By breaking the application down into smaller services, it can
become easier to manage changes, fix bugs, and add new features.

SLIDE 6
b) Kubernetes
SLIDE 7
(often referred to as "K8s") is an open-source platform for container orchestration and
management developed by Google, It provides a framework for automating the deployment,
scaling, and management of containerized applications on cloud easily and efficiently.

14
Kubernetes is used to deploy applications of microservices architecture.
SLIDE 8
Kubernetes allows deploying application on an existing cluster of computers or on public or
private cloud environments. Kubernetes is widely used in applications that have a large
number of containers, continuous development, flexibility and scalability.

BỘ MÔN Báo cáo môn học

AN TOÀN THÔNG TIN HỌC KỲ II – NĂM HỌC 2022-2023
SLIDE 9
c) Why kubernetes?
To understand what problems kubernetes can help us solve, we will first talk about common
ways to deploy applications
d) Deploying the application on physical server

14
There was no way to define resource boundaries for applications in a physical server, and
this caused resource allocation issues.

BỘ MÔN Báo cáo môn học

AN TOÀN THÔNG TIN HỌC KỲ II – NĂM HỌC 2022-2023
SLIDE 10
e) Runing multiple Virtual Machines (VMs) on a single physical server

14

To solve the issue deploying the application on physical server, virtualization was
introduced. It allows you to run multiple Virtual Machines (VMs) on a single physical
server's. Each VM will have its own file system, operating system (OS), CPU. Virtualization
allows applications to be isolated between VMs and provides a level of security as the
information of one application cannot be freely accessed by another application.

SLIDE 11

BỘ MÔN Báo cáo môn học

AN TOÀN THÔNG TIN HỌC KỲ II – NĂM HỌC 2022-2023
Because the VM is virtualized by copying both the OS and the hardware, the number of
VMs can be created on a server(4 to 5 with normal servers)
SLIDE 12

14

Containers are similar to VMs, but they have relaxed isolation properties to share the
Operating System (OS) among the applications. Therefore, containers are considered
lightweight. Similar to a VM, a container has its own filesystem, share of CPU, memory,
process space, and more. This allows us to run multiple applications on the same physical
server.
With containers, it is easy to develop and run your application on different operating
systems.

SLIDE 13

BỘ MÔN Báo cáo môn học

AN TOÀN THÔNG TIN HỌC KỲ II – NĂM HỌC 2022-2023
 f) What Kubernetes can do?
Containers are a helpful way to bundle and run applications, but they require proper
management to prevent downtime. For example, if a container goes down, another container
needs to start.
Kubernetes is a framework that can help manage containers in a distributed system. With

14
kubernetes we can group and manage containers by application and project. It provides
features such as service discovery and load balancing, storage orchestration, automated
rollouts and rollbacks, automatic bin packing, self-healing, and secret and configuration
management. Kubernetes enables easy management of containerized systems, ensures
stable deployment, and can automatically handle issues such as container failure and
scaling.

SLIDE 14
g) Architecture of Kubernetes

Kubernetes cluster (a cluster consists of a master and at least one worker node) consists 2
main components:
 Master nodes (control plane)
 Worker nodes
The main components of the control plane in Kubernetes are:
 API server: It is the central touch point that is accessed by all users, automation, and
components in the Kubernetes cluster.

BỘ MÔN Báo cáo môn học

AN TOÀN THÔNG TIN HỌC KỲ II – NĂM HỌC 2022-2023
  Controller manager: this component includes multiple controllers that watch the state
of the cluster and respond to changes.
 Scheduler: this component is responsible for scheduling pods to run on available
nodes in the cluster
 Etcd: is a database to store the state and resources of the cluster
The main components of the worker node in Kubernetes are:

14
 Container runtime (docker, rkt or other platform): run container
 Kubelet: This component runs on each worker node and communicates with the API
server to receive instructions on scheduling and running containers
 Kubernetes Service Proxy (kube-proxy): This component is responsible for
networking on the worker node, facilitating communication between services across
the cluster
Besides the main components, there are some add-on components (Addons) to enhance the
functionality of the kubernetes cluster such as:
 Kubernetes DNS server
 Dashboard
 Ingress controller
 Container Network Interface network plugin

SLIDE 15

BỘ MÔN Báo cáo môn học

AN TOÀN THÔNG TIN HỌC KỲ II – NĂM HỌC 2022-2023
 14
SLIDE 16
h) Kubernetes Pod
Pod is the most basic component for deploying and running an application, created and
managed by kubernetes. A Pod is a group of one or more containers, with shared storage
and network resources, and a specification for how to run the containers. A Pod's contents
are always co-located and co-scheduled, and run in a shared context.

BỘ MÔN Báo cáo môn học

AN TOÀN THÔNG TIN HỌC KỲ II – NĂM HỌC 2022-2023
SLIDE 17

14
SLIDE 18
i) Triển khai K8S trên Google Cloud
SLIDE 19
- Tạo Cluster và connect tới cluster

SLIDE 20
Deploy ứng dụng (ứng dụng cài đặt: wordpress, MySQL)

BỘ MÔN Báo cáo môn học

AN TOÀN THÔNG TIN HỌC KỲ II – NĂM HỌC 2022-2023
 - Tạo file kustomization.yaml

14
- Tải file config của Wordpress và MySQL
o Cài đặt file config của MySQL

o Cài đặt file config của Wordpress

- Thêm 2 file config vừa tải vào kustomization.yaml

SLIDE 21
- Apply các resource

- Kiểm tra xem service đã chạy chưa

- Kết nối tới WordPress bằng địa chỉ ip

o Kiểm tra đại chỉ ip

BỘ MÔN Báo cáo môn học

AN TOÀN THÔNG TIN HỌC KỲ II – NĂM HỌC 2022-2023
 14

BỘ MÔN Báo cáo môn học

AN TOÀN THÔNG TIN HỌC KỲ II – NĂM HỌC 2022-2023
SLIDE 22
o Giao diện WordPress

14
SLIDE 23
j) Kubescape
SLIDE 24
Kubescape is an open-source Kubernetes security platform. It includes risk analysis,
security compliance, and misconfiguration scanning developed by CyberArk company.
Kubescape is designed to help administrators and developers detect security vulnerabilities
in the deployment and operation of Kubernetes.
Kubescape can scan for different types of risks, such as privilege escalation, resource
consumption, and network attacks.
Kubescape uses a variety of security detection techniques to find common security
vulnerabilities in Kubernetes components such as pods, specific resources, or entire clusters.
This tool also helps protect Kubernetes from attacks such as malicious cloud attacks.
Kubescape features include threat detection in Kubernetes resources, detection of
vulnerabilities in incorrect security settings and configurations, risk assessment, and
remediation.

SLIDE 25

BỘ MÔN Báo cáo môn học

AN TOÀN THÔNG TIN HỌC KỲ II – NĂM HỌC 2022-2023
Cài đặt Kuberscape

14
Thực hiện Scan

SLIDE 26

---

BỘ MÔN Báo cáo môn học

AN TOÀN THÔNG TIN HỌC KỲ II – NĂM HỌC 2022-2023