Kubernetes Grundlagen - Container-Orchestrierung verstehen | Blog

Kubernetes (K8s) ist die führende Plattform für Container-Orchestrierung. Es automatisiert Deployment, Skalierung und Verwaltung von containerisierten Anwendungen.

Warum Kubernetes?

Vorteile

- Automatische Skalierung
- Self-Healing (automatischer Neustart)
- Load Balancing
- Rolling Updates
- Service Discovery
- Konfigurationsmanagement

Kubernetes vs. Docker Compose

| Feature | Docker Compose | Kubernetes | |---------|---------------|------------| | Komplexität | Einfach | Komplex | | Skalierung | Manuell | Automatisch | | Self-Healing | Nein | Ja | | Multi-Host | Nein | Ja | | Produktion | Klein | Enterprise |

Grundkonzepte

Architektur

┌─────────────────────────────────────────────────┐
│                 Control Plane                    │
│  ┌───────────┐ ┌──────────┐ ┌───────────────┐  │
│  │ API Server│ │ Scheduler│ │ Controller    │  │
│  │           │ │          │ │ Manager       │  │
│  └───────────┘ └──────────┘ └───────────────┘  │
│  ┌─────────────────────────────────────────┐   │
│  │              etcd                        │   │
│  └─────────────────────────────────────────┘   │
└─────────────────────────────────────────────────┘
                        │
    ┌───────────────────┼───────────────────┐
    │                   │                   │
┌───▼───┐          ┌────▼───┐          ┌───▼───┐
│ Node 1│          │ Node 2 │          │ Node 3│
│┌─────┐│          │┌─────┐ │          │┌─────┐│
││ Pod ││          ││ Pod │ │          ││ Pod ││
│└─────┘│          │└─────┘ │          │└─────┘│
│kubelet│          │kubelet │          │kubelet│
└───────┘          └────────┘          └───────┘

Wichtige Komponenten

Pod:         Kleinste Einheit, ein oder mehrere Container
Deployment:  Verwaltung von Pod-Replicas
Service:     Netzwerk-Endpunkt für Pods
ConfigMap:   Konfigurationsdaten
Secret:      Sensible Daten (verschlüsselt)
Namespace:   Logische Trennung von Ressourcen

Installation (Minikube)

Voraussetzungen

# Docker installieren
apt install docker.io
systemctl enable --now docker

Minikube installieren

# Minikube herunterladen
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
chmod +x minikube-linux-amd64
mv minikube-linux-amd64 /usr/local/bin/minikube

# Cluster starten
minikube start --driver=docker

# Status prüfen
minikube status

kubectl installieren

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
mv kubectl /usr/local/bin/

# Verbindung testen
kubectl cluster-info
kubectl get nodes

Pods

Pod erstellen (imperativ)

kubectl run nginx --image=nginx --port=80
kubectl get pods
kubectl describe pod nginx

Pod-Definition (YAML)

# nginx-pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
  labels:
    app: nginx
spec:
  containers:
  - name: nginx
    image: nginx:latest
    ports:
    - containerPort: 80
    resources:
      limits:
        memory: "128Mi"
        cpu: "500m"
      requests:
        memory: "64Mi"
        cpu: "250m"

kubectl apply -f nginx-pod.yaml
kubectl get pods
kubectl logs nginx-pod
kubectl exec -it nginx-pod -- /bin/bash

Multi-Container Pod

apiVersion: v1
kind: Pod
metadata:
  name: multi-container
spec:
  containers:
  - name: app
    image: nginx
    ports:
    - containerPort: 80
  - name: sidecar
    image: busybox
    command: ['sh', '-c', 'while true; do echo "sidecar running"; sleep 3600; done']

Deployments

Deployment erstellen

# nginx-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.24
        ports:
        - containerPort: 80
        resources:
          limits:
            memory: "128Mi"
            cpu: "500m"

kubectl apply -f nginx-deployment.yaml
kubectl get deployments
kubectl get pods

Skalierung

# Manuell skalieren
kubectl scale deployment nginx-deployment --replicas=5

# Autoscaling
kubectl autoscale deployment nginx-deployment --min=2 --max=10 --cpu-percent=50

Rolling Update

# Image aktualisieren
kubectl set image deployment/nginx-deployment nginx=nginx:1.25

# Update-Status
kubectl rollout status deployment/nginx-deployment

# Rollback
kubectl rollout undo deployment/nginx-deployment

# Historie anzeigen
kubectl rollout history deployment/nginx-deployment

Services

Service-Typen

| Typ | Beschreibung | |-----|--------------| | ClusterIP | Nur intern erreichbar (Standard) | | NodePort | Extern über Node-Port erreichbar | | LoadBalancer | Externer Load Balancer | | ExternalName | DNS-CNAME-Eintrag |

ClusterIP Service

# nginx-service.yaml

apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  selector:
    app: nginx
  ports:
  - port: 80
    targetPort: 80
  type: ClusterIP

NodePort Service

apiVersion: v1
kind: Service
metadata:
  name: nginx-nodeport
spec:
  selector:
    app: nginx
  ports:
  - port: 80
    targetPort: 80
    nodePort: 30080
  type: NodePort

kubectl apply -f nginx-service.yaml
kubectl get services

# Zugriff testen (Minikube)
minikube service nginx-nodeport --url

LoadBalancer Service

apiVersion: v1
kind: Service
metadata:
  name: nginx-lb
spec:
  selector:
    app: nginx
  ports:
  - port: 80
    targetPort: 80
  type: LoadBalancer

ConfigMaps und Secrets

ConfigMap erstellen

# app-config.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  APP_ENV: "production"
  APP_DEBUG: "false"
  database.conf: |
    host=localhost
    port=3306

kubectl apply -f app-config.yaml

# Oder imperativ
kubectl create configmap app-config --from-literal=APP_ENV=production

ConfigMap verwenden

apiVersion: v1
kind: Pod
metadata:
  name: app-pod
spec:
  containers:
  - name: app
    image: myapp
    envFrom:
    - configMapRef:
        name: app-config
    # Oder einzelne Werte
    env:
    - name: ENVIRONMENT
      valueFrom:
        configMapKeyRef:
          name: app-config
          key: APP_ENV

Secret erstellen

# Imperativ
kubectl create secret generic db-secret \
  --from-literal=username=admin \
  --from-literal=password=geheim123

# db-secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: db-secret
type: Opaque
data:
  username: YWRtaW4=      # base64-kodiert
  password: Z2VoZWltMTIz  # base64-kodiert

Secret verwenden

apiVersion: v1
kind: Pod
metadata:
  name: app-with-secret
spec:
  containers:
  - name: app
    image: myapp
    env:
    - name: DB_USERNAME
      valueFrom:
        secretKeyRef:
          name: db-secret
          key: username
    - name: DB_PASSWORD
      valueFrom:
        secretKeyRef:
          name: db-secret
          key: password

Volumes

EmptyDir

apiVersion: v1
kind: Pod
metadata:
  name: pod-with-volume
spec:
  containers:
  - name: app
    image: nginx
    volumeMounts:
    - name: shared-data
      mountPath: /data
  volumes:
  - name: shared-data
    emptyDir: {}

PersistentVolume

# pv.yaml

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-storage
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: /data/pv
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc-storage
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi

PVC verwenden

apiVersion: v1
kind: Pod
metadata:
  name: pod-with-pvc
spec:
  containers:
  - name: app
    image: nginx
    volumeMounts:
    - name: storage
      mountPath: /data
  volumes:
  - name: storage
    persistentVolumeClaim:
      claimName: pvc-storage

Namespaces

Namespace erstellen

kubectl create namespace development
kubectl create namespace production

Ressourcen in Namespace

# Pods in Namespace auflisten
kubectl get pods -n development

# Pod in Namespace erstellen
kubectl run nginx --image=nginx -n development

# Alle Namespaces
kubectl get pods --all-namespaces

Standard-Namespace setzen

kubectl config set-context --current --namespace=development

Ingress

Ingress Controller installieren

# Nginx Ingress Controller (Minikube)
minikube addons enable ingress

Ingress-Ressource

# app-ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-service
            port:
              number: 80

Ingress mit TLS

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: secure-ingress
spec:
  tls:
  - hosts:
    - app.example.com
    secretName: tls-secret
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-service
            port:
              number: 80

Wichtige Befehle

Ressourcen verwalten

# Erstellen/Aktualisieren
kubectl apply -f manifest.yaml

# Löschen
kubectl delete -f manifest.yaml
kubectl delete pod nginx-pod

# Auflisten
kubectl get pods
kubectl get deployments
kubectl get services
kubectl get all

# Details anzeigen
kubectl describe pod nginx-pod

# Logs
kubectl logs pod-name
kubectl logs -f pod-name  # Live

# Shell im Container
kubectl exec -it pod-name -- /bin/bash

Debugging

# Events anzeigen
kubectl get events

# Pod-Status
kubectl describe pod pod-name

# Ressourcenverbrauch
kubectl top pods
kubectl top nodes

# Port-Forwarding
kubectl port-forward pod/nginx-pod 8080:80

Beispiel: Komplette Anwendung

# app-complete.yaml

---
apiVersion: v1
kind: Namespace
metadata:
  name: myapp

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
  namespace: myapp
data:
  APP_ENV: "production"

---
apiVersion: v1
kind: Secret
metadata:
  name: db-secret
  namespace: myapp
type: Opaque
data:
  password: c2VjcmV0MTIz

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web
  namespace: myapp
spec:
  replicas: 3
  selector:
    matchLabels:
      app: web
  template:
    metadata:
      labels:
        app: web
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80
        envFrom:
        - configMapRef:
            name: app-config
        resources:
          limits:
            memory: "128Mi"
            cpu: "500m"

---
apiVersion: v1
kind: Service
metadata:
  name: web-service
  namespace: myapp
spec:
  selector:
    app: web
  ports:
  - port: 80
    targetPort: 80
  type: ClusterIP

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web-ingress
  namespace: myapp
spec:
  rules:
  - host: myapp.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: web-service
            port:
              number: 80

Zusammenfassung

| Ressource | Funktion | |-----------|----------| | Pod | Container-Gruppe | | Deployment | Pod-Verwaltung mit Replicas | | Service | Netzwerk-Endpunkt | | ConfigMap | Konfiguration | | Secret | Sensible Daten | | Ingress | HTTP-Routing | | PersistentVolume | Persistenter Speicher |

Fazit

Kubernetes bietet leistungsstarke Container-Orchestrierung für produktive Umgebungen. Beginnen Sie mit Minikube zum Lernen und verstehen Sie die Grundkonzepte Pod, Deployment und Service. Für Produktivumgebungen empfiehlt sich ein Managed Kubernetes wie GKE, EKS oder AKS, um die Komplexität des Cluster-Managements zu reduzieren.