Yayın Tarihi: 21 Ağustos 2025
Kategori: Sanallaştırma, Kubernetes, Container, Docker, Cloud Migration
Okuma Süresi: 12 dakika
Neden Şimdi? Sanallaştırma 3.0 Çağı
VMware’in Broadcom tarafından satın alınması ve lisans fiyatlarının %300 artması, Türkiye’deki kurumları alternatif sanallaştırma çözümlerine yöneltti. Kubernetes ve container teknolojileri, geleneksel VM’lere göre %65 daha az kaynak kullanımı ve %80 daha hızlı deployment süreleri sunuyor. Bu rehber, step-by-step Kubernetes cluster kurulumu ve production-ready konfigürasyonu içeriyor.
Bölüm 1: Temel Kavramlar ve Mimari
Container vs Virtual Machine: Teknik Karşılaştırma
# Kaynak Kullanımı Karşılaştırması
Virtual_Machine:
overhead: 1-2 GB RAM per VM
boot_time: 30-60 seconds
disk_usage: 10-20 GB per instance
density: 10-15 VMs per host
Container:
overhead: 50-100 MB RAM
boot_time: 1-2 seconds
disk_usage: 100-500 MB per instance
density: 100-500 containers per hostKubernetes Bileşenleri: Master ve Worker Node’lar
graph TB
subgraph "Master Node (Control Plane)"
API
ETCD
SCH
CM
end
subgraph "Worker Node 1"
KUB1
KP1
CR1
POD1
end
subgraph "Worker Node 2"
KUB2
KP2
CR2
POD2
end
API --> KUB1
API --> KUB2Bölüm 2: Production Kubernetes Cluster Kurulumu
Adım 1: Sistem Gereksinimleri ve Hazırlık
#!/bin/bash
# Minimum sistem gereksinimleri
# Master Node: 2 CPU, 4GB RAM, 20GB Disk
# Worker Node: 2 CPU, 8GB RAM, 40GB Disk
# Ubuntu 22.04 LTS üzerinde kurulum
# Tüm node'larda çalıştırılacak
# Sistem güncelleme
sudo apt update && sudo apt upgrade -y
# Swap kapatma (Kubernetes requirement)
sudo swapoff -a
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
# Kernel modülleri yükleme
cat <Adım 2: Container Runtime Kurulumu (containerd)
# containerd kurulumu
sudo apt install -y apt-transport-https ca-certificates curl software-properties-common
# Docker repository ekleme
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# containerd yükleme
sudo apt update
sudo apt install -y containerd.io
# containerd konfigürasyonu
sudo mkdir -p /etc/containerd
sudo containerd config default | sudo tee /etc/containerd/config.toml
# SystemdCgroup = true yapma (önemli!)
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
sudo systemctl restart containerd
sudo systemctl enable containerdAdım 3: Kubernetes Bileşenlerini Yükleme
# Kubernetes repository ekleme
sudo apt-get install -y apt-transport-https ca-certificates curl
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
# kubeadm, kubelet, kubectl yükleme
sudo apt-get update
sudo apt-get install -y kubelet=1.28.2-00 kubeadm=1.28.2-00 kubectl=1.28.2-00
sudo apt-mark hold kubelet kubeadm kubectlAdım 4: Master Node Başlatma
# Master node'da çalıştırılacak
sudo kubeadm init --pod-network-cidr=10.244.0.0/16 \
--control-plane-endpoint=master.k8s.local \
--apiserver-advertise-address=192.168.1.100
# Kubectl konfigürasyonu
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# Network plugin kurulumu (Flannel)
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.ymlAdım 5: Worker Node'ları Ekleme
# Master node'dan token alma
kubeadm token create --print-join-command
# Worker node'larda çalıştırılacak (master'dan alınan komut)
sudo kubeadm join master.k8s.local:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdefBölüm 3: Production-Ready Konfigürasyonlar
High Availability (HA) Setup
# haproxy.cfg - Load Balancer konfigürasyonu
global
maxconn 4096
defaults
mode tcp
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend kubernetes-api
bind *:6443
default_backend kubernetes-masters
backend kubernetes-masters
balance roundrobin
server master1 192.168.1.100:6443 check
server master2 192.168.1.101:6443 check
server master3 192.168.1.102:6443 checkStorage Configuration: Persistent Volumes
# local-storage-class.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
---
# nfs-persistent-volume.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-pv-data
spec:
capacity:
storage: 100Gi
accessModes:
- ReadWriteMany
nfs:
server: 192.168.1.50
path: "/mnt/k8s-data"
storageClassName: nfs-storageMonitoring Stack: Prometheus + Grafana
# Helm ile Prometheus Stack kurulumu
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
# values.yaml dosyası oluşturma
cat < prometheus-values.yaml
prometheus:
prometheusSpec:
retention: 30d
storageSpec:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 50Gi
grafana:
adminPassword: "SecurePassword123!"
persistence:
enabled: true
size: 10Gi
alertmanager:
config:
global:
smtp_smarthost: 'smtp.gmail.com:587'
smtp_from: 'alerts@company.com'
receivers:
- name: 'email-notifications'
email_configs:
- to: 'devops-team@company.com'
EOF
# Kurulum
helm install monitoring prometheus-community/kube-prometheus-stack \
--namespace monitoring --create-namespace \
-f prometheus-values.yaml Bölüm 4: Uygulama Deployment Best Practices
Multi-Stage Dockerfile Örneği
# Multi-stage build for Java application
FROM maven:3.8-openjdk-17 AS builder
WORKDIR /app
COPY pom.xml .
RUN mvn dependency:go-offline
COPY src ./src
RUN mvn clean package -DskipTests
FROM openjdk:17-jdk-alpine
RUN addgroup -g 1001 -S appuser && adduser -u 1001 -S appuser -G appuser
WORKDIR /app
COPY --from=builder /app/target/*.jar app.jar
USER appuser
EXPOSE 8080
ENTRYPOINT ["java", "-jar", "app.jar"]Kubernetes Deployment Manifest
# application-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: java-app
labels:
app: java-app
spec:
replicas: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
app: java-app
template:
metadata:
labels:
app: java-app
spec:
containers:
- name: app
image: registry.company.com/java-app:v1.2.3
ports:
- containerPort: 8080
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
env:
- name: SPRING_PROFILES_ACTIVE
value: "production"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: passwordHorizontal Pod Autoscaler (HPA)
# hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: java-app-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: java-app
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80Bölüm 5: Network Policies ve Güvenlik
Calico Network Policy Örneği
# network-policy.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: backend-netpol
spec:
podSelector:
matchLabels:
tier: backend
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
tier: frontend
ports:
- protocol: TCP
port: 8080
egress:
- to:
- podSelector:
matchLabels:
tier: database
ports:
- protocol: TCP
port: 5432Pod Security Standards
# pod-security-policy.yaml
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'persistentVolumeClaim'
runAsUser:
rule: 'MustRunAsNonRoot'
seLinux:
rule: 'RunAsAny'
fsGroup:
rule: 'RunAsAny'Bölüm 6: CI/CD Pipeline Entegrasyonu
GitLab CI/CD Pipeline
# .gitlab-ci.yml
stages:
- build
- test
- deploy
variables:
DOCKER_REGISTRY: registry.company.com
APP_NAME: java-app
NAMESPACE: production
build:
stage: build
script:
- docker build -t $DOCKER_REGISTRY/$APP_NAME:$CI_COMMIT_SHA .
- docker push $DOCKER_REGISTRY/$APP_NAME:$CI_COMMIT_SHA
- docker tag $DOCKER_REGISTRY/$APP_NAME:$CI_COMMIT_SHA $DOCKER_REGISTRY/$APP_NAME:latest
- docker push $DOCKER_REGISTRY/$APP_NAME:latest
test:
stage: test
script:
- docker run --rm $DOCKER_REGISTRY/$APP_NAME:$CI_COMMIT_SHA ./mvnw test
deploy:
stage: deploy
script:
- kubectl set image deployment/$APP_NAME $APP_NAME=$DOCKER_REGISTRY/$APP_NAME:$CI_COMMIT_SHA -n $NAMESPACE
- kubectl rollout status deployment/$APP_NAME -n $NAMESPACE
only:
- mainBölüm 7: Troubleshooting ve Debugging
Yaygın Sorunlar ve Çözümleri
# Pod'ların neden başlamadığını kontrol etme
kubectl describe pod
kubectl logs --previous
# Node kaynak kullanımı
kubectl top nodes
kubectl top pods --all-namespaces
# Network connectivity testi
kubectl run tmp-shell --rm -i --tty --image nicolaka/netshoot -- /bin/bash
# DNS troubleshooting
kubectl exec -it -- nslookup kubernetes.default
# etcd backup
ETCDCTL_API=3 etcdctl snapshot save backup.db \
--endpoints=https://127.0.0.1:2379 \
--cacert=/etc/etcd/ca.crt \
--cert=/etc/etcd/server.crt \
--key=/etc/etcd/server.key Bölüm 8: Maliyet Optimizasyonu
Resource Quotas ve Limit Ranges
# resource-quota.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-quota
namespace: production
spec:
hard:
requests.cpu: "100"
requests.memory: 200Gi
limits.cpu: "200"
limits.memory: 400Gi
persistentvolumeclaims: "10"
services.loadbalancers: "2"Spot Instance Kullanımı (Cloud Providers)
# spot-instance-nodepool.yaml
apiVersion: v1
kind: Node
metadata:
labels:
node.kubernetes.io/instance-type: spot
kubernetes.io/arch: amd64
spec:
taints:
- key: "spot-instance"
value: "true"
effect: "NoSchedule"Performans Karşılaştırması: Geleneksel VM vs Kubernetes
|--------|---------------|------------|----------|
Sonuç ve Öneriler
Kubernetes'e geçiş, ilk bakışta karmaşık görünse de, doğru planlama ve aşamalı geçiş ile 6 ay içinde ROI sağlayabilir. Türkiye'deki kurumlar için öneriler:
1. Pilot Proje: Kritik olmayan bir uygulama ile başlayın
2. Eğitim: DevOps ekibine Kubernetes sertifikasyonu (CKA/CKAD)
3. Hybrid Yaklaşım: VM ve Container'ları birlikte kullanın
4. Managed Services: İlk aşamada EKS, GKE veya AKS düşünün
5. Local Expertise: Yerel Kubernetes danışmanları ile çalışın
Kaynaklar
Anahtar Kelimeler: Kubernetes, container, Docker, sanallaştırma, orchestration, microservices, cloud native, DevOps, CI/CD, container security, Helm, Prometheus, Grafana, pod, deployment, service mesh, Istio, hybrid cloud, multi-cloud, Türkiye bulut teknolojileri, dijital dönüşüm