Ransomware Saldırıları %400 Arttı: Zero Trust Architecture ile Kurumsal Siber Savunma Rehberi
2025-08-21Flutter 3.0 mı React Native 0.74 mü? 2025 Cross-Platform Mobil Uygulama Geliştirme Savaşları
2025-08-21On-Premise’den Cloud’a: Kubernetes ve Container Orchestration ile Hibrit Sanallaştırma Rehberi
Yayın Tarihi: 21 Ağustos 2025
Kategori: Sanallaştırma, Kubernetes, Container, Docker, Cloud Migration
Okuma Süresi: 12 dakika
Neden Şimdi? Sanallaştırma 3.0 Çağı
VMware’in Broadcom tarafından satın alınması ve lisans fiyatlarının %300 artması, Türkiye’deki kurumları alternatif sanallaştırma çözümlerine yöneltti. Kubernetes ve container teknolojileri, geleneksel VM’lere göre %65 daha az kaynak kullanımı ve %80 daha hızlı deployment süreleri sunuyor. Bu rehber, step-by-step Kubernetes cluster kurulumu ve production-ready konfigürasyonu içeriyor.
Bölüm 1: Temel Kavramlar ve Mimari
Container vs Virtual Machine: Teknik Karşılaştırma
# Kaynak Kullanımı Karşılaştırması
Virtual_Machine:
overhead: 1-2 GB RAM per VM
boot_time: 30-60 seconds
disk_usage: 10-20 GB per instance
density: 10-15 VMs per host
Container:
overhead: 50-100 MB RAM
boot_time: 1-2 seconds
disk_usage: 100-500 MB per instance
density: 100-500 containers per hostKubernetes Bileşenleri: Master ve Worker Node’lar
graph TB
subgraph "Master Node (Control Plane)"
API[API Server]
ETCD[etcd - Key/Value Store]
SCH[Scheduler]
CM[Controller Manager]
end
subgraph "Worker Node 1"
KUB1[kubelet]
KP1[kube-proxy]
CR1[Container Runtime]
POD1[Pods]
end
subgraph "Worker Node 2"
KUB2[kubelet]
KP2[kube-proxy]
CR2[Container Runtime]
POD2[Pods]
end
API --> KUB1
API --> KUB2Bölüm 2: Production Kubernetes Cluster Kurulumu
Adım 1: Sistem Gereksinimleri ve Hazırlık
#!/bin/bash
# Minimum sistem gereksinimleri
# Master Node: 2 CPU, 4GB RAM, 20GB Disk
# Worker Node: 2 CPU, 8GB RAM, 40GB Disk
# Ubuntu 22.04 LTS üzerinde kurulum
# Tüm node'larda çalıştırılacak
# Sistem güncelleme
sudo apt update && sudo apt upgrade -y
# Swap kapatma (Kubernetes requirement)
sudo swapoff -a
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
# Kernel modülleri yükleme
cat <Adım 2: Container Runtime Kurulumu (containerd)
# containerd kurulumu
sudo apt install -y apt-transport-https ca-certificates curl software-properties-common
# Docker repository ekleme
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# containerd yükleme
sudo apt update
sudo apt install -y containerd.io
# containerd konfigürasyonu
sudo mkdir -p /etc/containerd
sudo containerd config default | sudo tee /etc/containerd/config.toml
# SystemdCgroup = true yapma (önemli!)
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
sudo systemctl restart containerd
sudo systemctl enable containerdAdım 3: Kubernetes Bileşenlerini Yükleme
# Kubernetes repository ekleme
sudo apt-get install -y apt-transport-https ca-certificates curl
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
# kubeadm, kubelet, kubectl yükleme
sudo apt-get update
sudo apt-get install -y kubelet=1.28.2-00 kubeadm=1.28.2-00 kubectl=1.28.2-00
sudo apt-mark hold kubelet kubeadm kubectlAdım 4: Master Node Başlatma
# Master node'da çalıştırılacak
sudo kubeadm init --pod-network-cidr=10.244.0.0/16 \
--control-plane-endpoint=master.k8s.local \
--apiserver-advertise-address=192.168.1.100
# Kubectl konfigürasyonu
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# Network plugin kurulumu (Flannel)
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.ymlAdım 5: Worker Node'ları Ekleme
# Master node'dan token alma
kubeadm token create --print-join-command
# Worker node'larda çalıştırılacak (master'dan alınan komut)
sudo kubeadm join master.k8s.local:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdefBölüm 3: Production-Ready Konfigürasyonlar
High Availability (HA) Setup
# haproxy.cfg - Load Balancer konfigürasyonu
global
maxconn 4096
defaults
mode tcp
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend kubernetes-api
bind *:6443
default_backend kubernetes-masters
backend kubernetes-masters
balance roundrobin
server master1 192.168.1.100:6443 check
server master2 192.168.1.101:6443 check
server master3 192.168.1.102:6443 checkStorage Configuration: Persistent Volumes
# local-storage-class.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
---
# nfs-persistent-volume.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-pv-data
spec:
capacity:
storage: 100Gi
accessModes:
- ReadWriteMany
nfs:
server: 192.168.1.50
path: "/mnt/k8s-data"
storageClassName: nfs-storageMonitoring Stack: Prometheus + Grafana
# Helm ile Prometheus Stack kurulumu
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
# values.yaml dosyası oluşturma
cat < prometheus-values.yaml
prometheus:
prometheusSpec:
retention: 30d
storageSpec:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 50Gi
grafana:
adminPassword: "SecurePassword123!"
persistence:
enabled: true
size: 10Gi
alertmanager:
config:
global:
smtp_smarthost: 'smtp.gmail.com:587'
smtp_from: '[email protected]'
receivers:
- name: 'email-notifications'
email_configs:
- to: '[email protected]'
EOF
# Kurulum
helm install monitoring prometheus-community/kube-prometheus-stack \
--namespace monitoring --create-namespace \
-f prometheus-values.yaml Bölüm 4: Uygulama Deployment Best Practices
Multi-Stage Dockerfile Örneği
# Multi-stage build for Java application
FROM maven:3.8-openjdk-17 AS builder
WORKDIR /app
COPY pom.xml .
RUN mvn dependency:go-offline
COPY src ./src
RUN mvn clean package -DskipTests
FROM openjdk:17-jdk-alpine
RUN addgroup -g 1001 -S appuser && adduser -u 1001 -S appuser -G appuser
WORKDIR /app
COPY --from=builder /app/target/*.jar app.jar
USER appuser
EXPOSE 8080
ENTRYPOINT ["java", "-jar", "app.jar"]Kubernetes Deployment Manifest
# application-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: java-app
labels:
app: java-app
spec:
replicas: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
app: java-app
template:
metadata:
labels:
app: java-app
spec:
containers:
- name: app
image: registry.company.com/java-app:v1.2.3
ports:
- containerPort: 8080
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
env:
- name: SPRING_PROFILES_ACTIVE
value: "production"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: passwordHorizontal Pod Autoscaler (HPA)
# hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: java-app-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: java-app
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80Bölüm 5: Network Policies ve Güvenlik
Calico Network Policy Örneği
# network-policy.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: backend-netpol
spec:
podSelector:
matchLabels:
tier: backend
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
tier: frontend
ports:
- protocol: TCP
port: 8080
egress:
- to:
- podSelector:
matchLabels:
tier: database
ports:
- protocol: TCP
port: 5432Pod Security Standards
# pod-security-policy.yaml
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'persistentVolumeClaim'
runAsUser:
rule: 'MustRunAsNonRoot'
seLinux:
rule: 'RunAsAny'
fsGroup:
rule: 'RunAsAny'Bölüm 6: CI/CD Pipeline Entegrasyonu
GitLab CI/CD Pipeline
# .gitlab-ci.yml
stages:
- build
- test
- deploy
variables:
DOCKER_REGISTRY: registry.company.com
APP_NAME: java-app
NAMESPACE: production
build:
stage: build
script:
- docker build -t $DOCKER_REGISTRY/$APP_NAME:$CI_COMMIT_SHA .
- docker push $DOCKER_REGISTRY/$APP_NAME:$CI_COMMIT_SHA
- docker tag $DOCKER_REGISTRY/$APP_NAME:$CI_COMMIT_SHA $DOCKER_REGISTRY/$APP_NAME:latest
- docker push $DOCKER_REGISTRY/$APP_NAME:latest
test:
stage: test
script:
- docker run --rm $DOCKER_REGISTRY/$APP_NAME:$CI_COMMIT_SHA ./mvnw test
deploy:
stage: deploy
script:
- kubectl set image deployment/$APP_NAME $APP_NAME=$DOCKER_REGISTRY/$APP_NAME:$CI_COMMIT_SHA -n $NAMESPACE
- kubectl rollout status deployment/$APP_NAME -n $NAMESPACE
only:
- mainBölüm 7: Troubleshooting ve Debugging
Yaygın Sorunlar ve Çözümleri
# Pod'ların neden başlamadığını kontrol etme
kubectl describe pod
kubectl logs --previous
# Node kaynak kullanımı
kubectl top nodes
kubectl top pods --all-namespaces
# Network connectivity testi
kubectl run tmp-shell --rm -i --tty --image nicolaka/netshoot -- /bin/bash
# DNS troubleshooting
kubectl exec -it -- nslookup kubernetes.default
# etcd backup
ETCDCTL_API=3 etcdctl snapshot save backup.db \
--endpoints=https://127.0.0.1:2379 \
--cacert=/etc/etcd/ca.crt \
--cert=/etc/etcd/server.crt \
--key=/etc/etcd/server.key Bölüm 8: Maliyet Optimizasyonu
Resource Quotas ve Limit Ranges
# resource-quota.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-quota
namespace: production
spec:
hard:
requests.cpu: "100"
requests.memory: 200Gi
limits.cpu: "200"
limits.memory: 400Gi
persistentvolumeclaims: "10"
services.loadbalancers: "2"Spot Instance Kullanımı (Cloud Providers)
# spot-instance-nodepool.yaml
apiVersion: v1
kind: Node
metadata:
labels:
node.kubernetes.io/instance-type: spot
kubernetes.io/arch: amd64
spec:
taints:
- key: "spot-instance"
value: "true"
effect: "NoSchedule"Performans Karşılaştırması: Geleneksel VM vs Kubernetes
|--------|---------------|------------|----------|
Sonuç ve Öneriler
Kubernetes'e geçiş, ilk bakışta karmaşık görünse de, doğru planlama ve aşamalı geçiş ile 6 ay içinde ROI sağlayabilir. Türkiye'deki kurumlar için öneriler:
1. Pilot Proje: Kritik olmayan bir uygulama ile başlayın
2. Eğitim: DevOps ekibine Kubernetes sertifikasyonu (CKA/CKAD)
3. Hybrid Yaklaşım: VM ve Container'ları birlikte kullanın
4. Managed Services: İlk aşamada EKS, GKE veya AKS düşünün
5. Local Expertise: Yerel Kubernetes danışmanları ile çalışın
Kaynaklar
Anahtar Kelimeler: Kubernetes, container, Docker, sanallaştırma, orchestration, microservices, cloud native, DevOps, CI/CD, container security, Helm, Prometheus, Grafana, pod, deployment, service mesh, Istio, hybrid cloud, multi-cloud, Türkiye bulut teknolojileri, dijital dönüşüm
