Professional Documents
Culture Documents
Kịch Bản EN
Kịch Bản EN
BÁO CÁO
SLIDE 3
a) Microservice
SLIDE 4
Microservices is an architectural approach to building software systems where the
application is broken down into small, independent and scalable services.
Microservices are designed to reduce barriers to software development, deployment, and
maintenance. Each microservice can be written in different languages, technologies and
databases corresponding to its requirements
SLIDE 5
Microservices are typically deployed as separate processes or containers, and are connected
through APIs or messaging systems. This allows each service to be developed, tested, and
deployed independently of the others, which can result in faster release cycles and more
efficient use of resources.
Microservices architecture allows development teams to focus on the part of the application
they good at, and leave the rest to other teams. Microservices can help to avoid the issues
associated with monolithic architecture, such as tight coupling, long release cycles, and
difficulty with scaling. By breaking the application down into smaller services, it can
become easier to manage changes, fix bugs, and add new features.
SLIDE 6
b) Kubernetes
SLIDE 7
(often referred to as "K8s") is an open-source platform for container orchestration and
management developed by Google, It provides a framework for automating the deployment,
scaling, and management of containerized applications on cloud easily and efficiently.
14
Kubernetes is used to deploy applications of microservices architecture.
SLIDE 8
Kubernetes allows deploying application on an existing cluster of computers or on public or
private cloud environments. Kubernetes is widely used in applications that have a large
number of containers, continuous development, flexibility and scalability.
14
There was no way to define resource boundaries for applications in a physical server, and
this caused resource allocation issues.
14
To solve the issue deploying the application on physical server, virtualization was
introduced. It allows you to run multiple Virtual Machines (VMs) on a single physical
server's. Each VM will have its own file system, operating system (OS), CPU. Virtualization
allows applications to be isolated between VMs and provides a level of security as the
information of one application cannot be freely accessed by another application.
SLIDE 11
14
Containers are similar to VMs, but they have relaxed isolation properties to share the
Operating System (OS) among the applications. Therefore, containers are considered
lightweight. Similar to a VM, a container has its own filesystem, share of CPU, memory,
process space, and more. This allows us to run multiple applications on the same physical
server.
With containers, it is easy to develop and run your application on different operating
systems.
SLIDE 13
14
kubernetes we can group and manage containers by application and project. It provides
features such as service discovery and load balancing, storage orchestration, automated
rollouts and rollbacks, automatic bin packing, self-healing, and secret and configuration
management. Kubernetes enables easy management of containerized systems, ensures
stable deployment, and can automatically handle issues such as container failure and
scaling.
SLIDE 14
g) Architecture of Kubernetes
Kubernetes cluster (a cluster consists of a master and at least one worker node) consists 2
main components:
Master nodes (control plane)
Worker nodes
The main components of the control plane in Kubernetes are:
API server: It is the central touch point that is accessed by all users, automation, and
components in the Kubernetes cluster.
14
Container runtime (docker, rkt or other platform): run container
Kubelet: This component runs on each worker node and communicates with the API
server to receive instructions on scheduling and running containers
Kubernetes Service Proxy (kube-proxy): This component is responsible for
networking on the worker node, facilitating communication between services across
the cluster
Besides the main components, there are some add-on components (Addons) to enhance the
functionality of the kubernetes cluster such as:
Kubernetes DNS server
Dashboard
Ingress controller
Container Network Interface network plugin
SLIDE 15
14
SLIDE 18
i) Triển khai K8S trên Google Cloud
SLIDE 19
- Tạo Cluster và connect tới cluster
SLIDE 20
Deploy ứng dụng (ứng dụng cài đặt: wordpress, MySQL)
14
- Tải file config của Wordpress và MySQL
o Cài đặt file config của MySQL
SLIDE 21
- Apply các resource
14
SLIDE 23
j) Kubescape
SLIDE 24
Kubescape is an open-source Kubernetes security platform. It includes risk analysis,
security compliance, and misconfiguration scanning developed by CyberArk company.
Kubescape is designed to help administrators and developers detect security vulnerabilities
in the deployment and operation of Kubernetes.
Kubescape can scan for different types of risks, such as privilege escalation, resource
consumption, and network attacks.
Kubescape uses a variety of security detection techniques to find common security
vulnerabilities in Kubernetes components such as pods, specific resources, or entire clusters.
This tool also helps protect Kubernetes from attacks such as malicious cloud attacks.
Kubescape features include threat detection in Kubernetes resources, detection of
vulnerabilities in incorrect security settings and configurations, risk assessment, and
remediation.
SLIDE 25
14
Thực hiện Scan
SLIDE 26
---