📋 Inhaltsverzeichnis
Fortgeschritten25 min Lesezeit2025-06-08
Kubernetes ClusterManagement
Professionelle Kubernetes-Orchestrierung: Deployments, Services, Ingress und Scaling-Strategien für Container-Workloads in der Cloud.
KubernetesContainer OrchestrationMicroservicesCloud Native
⚓ Kubernetes Grundlagen
Kubernetes (K8s) ist eine Open-Source-Plattform zur Automatisierung der Bereitstellung, Skalierung und Verwaltung von containerisierten Anwendungen. Es abstrahiert die zugrunde liegende Infrastructure und bietet eine einheitliche API.
🎯 Orchestrierung
Automatisierte Container-Verwaltung
🔄 Auto-Scaling
Dynamische Anpassung der Ressourcen
🛡️ Self-Healing
Automatische Wiederherstellung
🏗️ Cluster-Architektur
Control Plane
- •API Server - Zentrale API für alle Komponenten
- •etcd - Distributed Key-Value Store
- •Scheduler - Pod-Zuweisung zu Nodes
- •Controller Manager - Cluster-Zustand überwachen
Worker Nodes
- •kubelet - Node Agent für Pod-Management
- •kube-proxy - Network Proxy & Load Balancer
- •Container Runtime - Docker, containerd, CRI-O
🚀 Cluster Setup
Lokales Development mit kind
# kind installieren (Kubernetes in Docker)
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
# Cluster erstellen
kind create cluster --name dev-cluster
# kubectl konfigurieren
kubectl cluster-info --context kind-dev-cluster
# Cluster Status prüfen
kubectl get nodesProduction Cluster mit kubeadm
# Master Node initialisieren
sudo kubeadm init --pod-network-cidr=10.244.0.0/16
# kubectl für User konfigurieren
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# Pod Network (Flannel) installieren
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
# Worker Nodes hinzufügen
sudo kubeadm join <master-ip>:6443 --token <token> --discovery-token-ca-cert-hash <hash>📦 Deployments
Deployment Manifest
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.21
ports:
- containerPort: 80
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 5Deployment Management
# Deployment erstellen
kubectl apply -f deployment.yaml
# Deployments anzeigen
kubectl get deployments
# Pod Status prüfen
kubectl get pods -l app=nginx
# Deployment skalieren
kubectl scale deployment nginx-deployment --replicas=5
# Rolling Update
kubectl set image deployment/nginx-deployment nginx=nginx:1.22
# Rollback
kubectl rollout undo deployment/nginx-deployment
# Rollout Status
kubectl rollout status deployment/nginx-deployment🌐 Services & Networking
Service Types
ClusterIP
Interne Service-Kommunikation
NodePort
Externer Zugriff über Node-Port
LoadBalancer
Cloud Load Balancer Integration
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
type: ClusterIP
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-loadbalancer
spec:
type: LoadBalancer
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80🚪 Ingress Controller
NGINX Ingress Setup
# NGINX Ingress Controller installieren
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/cloud/deploy.yaml
# Ingress Resource erstellen
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- app.example.com
secretName: app-tls
rules:
- host: app.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
- path: /api
pathType: Prefix
backend:
service:
name: api-service
port:
number: 3000📈 Auto-Scaling
Horizontal Pod Autoscaler (HPA)
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: nginx-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: nginx-deployment
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
behavior:
scaleDown:
stabilizationWindowSeconds: 300
policies:
- type: Percent
value: 10
periodSeconds: 60
scaleUp:
stabilizationWindowSeconds: 0
policies:
- type: Percent
value: 100
periodSeconds: 15Vertical Pod Autoscaler (VPA)
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: nginx-vpa
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: nginx-deployment
updatePolicy:
updateMode: "Auto"
resourcePolicy:
containerPolicies:
- containerName: nginx
maxAllowed:
cpu: 1
memory: 500Mi
minAllowed:
cpu: 100m
memory: 50Mi🔒 Security & RBAC
Role-Based Access Control
# Service Account erstellen
apiVersion: v1
kind: ServiceAccount
metadata:
name: deploy-user
namespace: production
---
# Role definieren
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: production
name: deployment-manager
rules:
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "list", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["pods", "services"]
verbs: ["get", "list"]
---
# RoleBinding erstellen
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: deploy-user-binding
namespace: production
subjects:
- kind: ServiceAccount
name: deploy-user
namespace: production
roleRef:
kind: Role
name: deployment-manager
apiGroup: rbac.authorization.k8s.io🛡️ Security Best Practices
- • Least Privilege Principle - Minimale erforderliche Berechtigungen
- • Network Policies - Mikro-Segmentierung des Netzwerks
- • Pod Security Standards - Restricted Pod Security Context
- • Image Security - Vulnerability Scanning und Image Signing
- • Secrets Management - Externe Secret Stores integrieren
🎯 Zusammenfassung
Kubernetes bietet eine mächtige Plattform für Container-Orchestrierung in der Cloud. Mit den richtigen Strategien erreichen Sie:
Erreichte Ziele
- ✅ Automatisierte Container-Orchestrierung
- ✅ Selbstheilende Systeme
- ✅ Effiziente Ressourcennutzung
- ✅ Zero-Downtime Deployments
Nächste Schritte
- 🔍 Service Mesh (Istio/Linkerd)
- 📊 Advanced Monitoring Setup
- 🔄 GitOps Workflows
- ⚡ Performance Tuning