Kubernetes (K8s) ist die führende Plattform für Container-Orchestrierung. Es automatisiert Deployment, Skalierung und Verwaltung von containerisierten Anwendungen.
Warum Kubernetes?
Vorteile
- Automatische Skalierung
- Self-Healing (automatischer Neustart)
- Load Balancing
- Rolling Updates
- Service Discovery
- Konfigurationsmanagement
Kubernetes vs. Docker Compose
| Feature | Docker Compose | Kubernetes |
|---|
| Komplexität | Einfach | Komplex |
| Skalierung | Manuell | Automatisch |
| Self-Healing | Nein | Ja |
| Multi-Host | Nein | Ja |
| Produktion | Klein | Enterprise |
Grundkonzepte
Architektur
┌─────────────────────────────────────────────────┐
│ Control Plane │
│ ┌───────────┐ ┌──────────┐ ┌───────────────┐ │
│ │ API Server│ │ Scheduler│ │ Controller │ │
│ │ │ │ │ │ Manager │ │
│ └───────────┘ └──────────┘ └───────────────┘ │
│ ┌─────────────────────────────────────────┐ │
│ │ etcd │ │
│ └─────────────────────────────────────────┘ │
└─────────────────────────────────────────────────┘
│
┌───────────────────┼───────────────────┐
│ │ │
┌───▼───┐ ┌────▼───┐ ┌───▼───┐
│ Node 1│ │ Node 2 │ │ Node 3│
│┌─────┐│ │┌─────┐ │ │┌─────┐│
││ Pod ││ ││ Pod │ │ ││ Pod ││
│└─────┘│ │└─────┘ │ │└─────┘│
│kubelet│ │kubelet │ │kubelet│
└───────┘ └────────┘ └───────┘
Wichtige Komponenten
Pod: Kleinste Einheit, ein oder mehrere Container
Deployment: Verwaltung von Pod-Replicas
Service: Netzwerk-Endpunkt für Pods
ConfigMap: Konfigurationsdaten
Secret: Sensible Daten (verschlüsselt)
Namespace: Logische Trennung von Ressourcen
Installation (Minikube)
Voraussetzungen
# Docker installieren
apt install docker.io
systemctl enable --now docker
Minikube installieren
# Minikube herunterladen
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
chmod +x minikube-linux-amd64
mv minikube-linux-amd64 /usr/local/bin/minikube
# Cluster starten
minikube start --driver=docker
# Status prüfen
minikube status
kubectl installieren
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
mv kubectl /usr/local/bin/
# Verbindung testen
kubectl cluster-info
kubectl get nodes
Pods
Pod erstellen (imperativ)
kubectl run nginx --image=nginx --port=80
kubectl get pods
kubectl describe pod nginx
Pod-Definition (YAML)
# nginx-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
resources:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "64Mi"
cpu: "250m"
kubectl apply -f nginx-pod.yaml
kubectl get pods
kubectl logs nginx-pod
kubectl exec -it nginx-pod -- /bin/bash
Multi-Container Pod
apiVersion: v1
kind: Pod
metadata:
name: multi-container
spec:
containers:
- name: app
image: nginx
ports:
- containerPort: 80
- name: sidecar
image: busybox
command: ['sh', '-c', 'while true; do echo "sidecar running"; sleep 3600; done']
Deployments
Deployment erstellen
# nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.24
ports:
- containerPort: 80
resources:
limits:
memory: "128Mi"
cpu: "500m"
kubectl apply -f nginx-deployment.yaml
kubectl get deployments
kubectl get pods
Skalierung
# Manuell skalieren
kubectl scale deployment nginx-deployment --replicas=5
# Autoscaling
kubectl autoscale deployment nginx-deployment --min=2 --max=10 --cpu-percent=50
Rolling Update
# Image aktualisieren
kubectl set image deployment/nginx-deployment nginx=nginx:1.25
# Update-Status
kubectl rollout status deployment/nginx-deployment
# Rollback
kubectl rollout undo deployment/nginx-deployment
# Historie anzeigen
kubectl rollout history deployment/nginx-deployment
Services
Service-Typen
| Typ | Beschreibung |
|---|
| ClusterIP | Nur intern erreichbar (Standard) |
| NodePort | Extern über Node-Port erreichbar |
| LoadBalancer | Externer Load Balancer |
| ExternalName | DNS-CNAME-Eintrag |
ClusterIP Service
# nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- port: 80
targetPort: 80
type: ClusterIP
NodePort Service
apiVersion: v1
kind: Service
metadata:
name: nginx-nodeport
spec:
selector:
app: nginx
ports:
- port: 80
targetPort: 80
nodePort: 30080
type: NodePort
kubectl apply -f nginx-service.yaml
kubectl get services
# Zugriff testen (Minikube)
minikube service nginx-nodeport --url
LoadBalancer Service
apiVersion: v1
kind: Service
metadata:
name: nginx-lb
spec:
selector:
app: nginx
ports:
- port: 80
targetPort: 80
type: LoadBalancer
ConfigMaps und Secrets
ConfigMap erstellen
# app-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
APP_ENV: "production"
APP_DEBUG: "false"
database.conf: |
host=localhost
port=3306
kubectl apply -f app-config.yaml
# Oder imperativ
kubectl create configmap app-config --from-literal=APP_ENV=production
ConfigMap verwenden
apiVersion: v1
kind: Pod
metadata:
name: app-pod
spec:
containers:
- name: app
image: myapp
envFrom:
- configMapRef:
name: app-config
# Oder einzelne Werte
env:
- name: ENVIRONMENT
valueFrom:
configMapKeyRef:
name: app-config
key: APP_ENV
Secret erstellen
# Imperativ
kubectl create secret generic db-secret \
--from-literal=username=admin \
--from-literal=password=geheim123
# db-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: db-secret
type: Opaque
data:
username: YWRtaW4= # base64-kodiert
password: Z2VoZWltMTIz # base64-kodiert
Secret verwenden
apiVersion: v1
kind: Pod
metadata:
name: app-with-secret
spec:
containers:
- name: app
image: myapp
env:
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: db-secret
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: password
Volumes
EmptyDir
apiVersion: v1
kind: Pod
metadata:
name: pod-with-volume
spec:
containers:
- name: app
image: nginx
volumeMounts:
- name: shared-data
mountPath: /data
volumes:
- name: shared-data
emptyDir: {}
PersistentVolume
# pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-storage
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data/pv
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
PVC verwenden
apiVersion: v1
kind: Pod
metadata:
name: pod-with-pvc
spec:
containers:
- name: app
image: nginx
volumeMounts:
- name: storage
mountPath: /data
volumes:
- name: storage
persistentVolumeClaim:
claimName: pvc-storage
Namespaces
Namespace erstellen
kubectl create namespace development
kubectl create namespace production
Ressourcen in Namespace
# Pods in Namespace auflisten
kubectl get pods -n development
# Pod in Namespace erstellen
kubectl run nginx --image=nginx -n development
# Alle Namespaces
kubectl get pods --all-namespaces
Standard-Namespace setzen
kubectl config set-context --current --namespace=development
Ingress
Ingress Controller installieren
# Nginx Ingress Controller (Minikube)
minikube addons enable ingress
Ingress-Ressource
# app-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: app.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
Ingress mit TLS
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: secure-ingress
spec:
tls:
- hosts:
- app.example.com
secretName: tls-secret
rules:
- host: app.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
Wichtige Befehle
Ressourcen verwalten
# Erstellen/Aktualisieren
kubectl apply -f manifest.yaml
# Löschen
kubectl delete -f manifest.yaml
kubectl delete pod nginx-pod
# Auflisten
kubectl get pods
kubectl get deployments
kubectl get services
kubectl get all
# Details anzeigen
kubectl describe pod nginx-pod
# Logs
kubectl logs pod-name
kubectl logs -f pod-name # Live
# Shell im Container
kubectl exec -it pod-name -- /bin/bash
Debugging
# Events anzeigen
kubectl get events
# Pod-Status
kubectl describe pod pod-name
# Ressourcenverbrauch
kubectl top pods
kubectl top nodes
# Port-Forwarding
kubectl port-forward pod/nginx-pod 8080:80
Beispiel: Komplette Anwendung
# app-complete.yaml
---
apiVersion: v1
kind: Namespace
metadata:
name: myapp
---
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
namespace: myapp
data:
APP_ENV: "production"
---
apiVersion: v1
kind: Secret
metadata:
name: db-secret
namespace: myapp
type: Opaque
data:
password: c2VjcmV0MTIz
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: web
namespace: myapp
spec:
replicas: 3
selector:
matchLabels:
app: web
template:
metadata:
labels:
app: web
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
envFrom:
- configMapRef:
name: app-config
resources:
limits:
memory: "128Mi"
cpu: "500m"
---
apiVersion: v1
kind: Service
metadata:
name: web-service
namespace: myapp
spec:
selector:
app: web
ports:
- port: 80
targetPort: 80
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-ingress
namespace: myapp
spec:
rules:
- host: myapp.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-service
port:
number: 80
Zusammenfassung
| Ressource | Funktion |
|---|
| Pod | Container-Gruppe |
| Deployment | Pod-Verwaltung mit Replicas |
| Service | Netzwerk-Endpunkt |
| ConfigMap | Konfiguration |
| Secret | Sensible Daten |
| Ingress | HTTP-Routing |
| PersistentVolume | Persistenter Speicher |
Fazit
Kubernetes bietet leistungsstarke Container-Orchestrierung für produktive Umgebungen. Beginnen Sie mit Minikube zum Lernen und verstehen Sie die Grundkonzepte Pod, Deployment und Service. Für Produktivumgebungen empfiehlt sich ein Managed Kubernetes wie GKE, EKS oder AKS, um die Komplexität des Cluster-Managements zu reduzieren.
