Docker & Kubernetes in Productie

Container orchestratie is essentieel voor moderne applicaties. Deze gids brengt u van development naar production-ready Kubernetes clusters.

Waarom Kubernetes?

Kubernetes (K8s) automatiseert deployment, scaling en management van containerized applicaties. Voor productie-omgevingen biedt het:

Auto-scaling: Horizontaal en verticaal schalen op basis van load
Self-healing: Automatisch herstarten van failed containers
Load balancing: Traffic distributie over pods
Rolling updates: Zero-downtime deployments
Service discovery: Automatische DNS voor services

Production-Ready Cluster Setup

Control Plane (Master Nodes)

Minimum 3 nodes voor high availability:

# Initialize first master
kubeadm init --control-plane-endpoint "loadbalancer:6443" \
  --upload-certs \
  --pod-network-cidr=10.244.0.0/16

# Join additional masters
kubeadm join loadbalancer:6443 --token xxx \
  --discovery-token-ca-cert-hash sha256:xxx \
  --control-plane --certificate-key xxx

Worker Nodes

Schaalbare compute capacity:

# Join workers
kubeadm join loadbalancer:6443 --token xxx \
  --discovery-token-ca-cert-hash sha256:xxx

Networking: CNI Plugin

Flannel voor eenvoud, Calico voor geavanceerde features:

# Flannel (simple)
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml

# Calico (network policies)
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

Storage: Persistent Volumes

NFS, Ceph, of cloud storage voor stateful apps:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-nfs
spec:
  capacity:
    storage: 100Gi
  accessModes:
    - ReadWriteMany
  nfs:
    server: nas.local
    path: /storage/k8s

Deployment Strategie

Rolling Update (Default)

apiVersion: apps/v1
kind: Deployment
metadata:
  name: webapp
spec:
  replicas: 3
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  template:
    spec:
      containers:
      - name: app
        image: webapp:v2
        resources:
          requests:
            memory: "256Mi"
            cpu: "250m"
          limits:
            memory: "512Mi"
            cpu: "500m"

Auto-Scaling

Horizontal Pod Autoscaler

apiVersion: autoscaling/v2
kind:HorizontalPodAutoscaler
metadata:
  name: webapp-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: webapp
  minReplicas: 3
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 70

Monitoring & Logging

Essential stack:

Prometheus: Metrics collection
Grafana: Visualization
ELK Stack: Centralized logging
Jaeger: Distributed tracing

# Install Prometheus & Grafana
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm install prometheus prometheus-community/kube-prometheus-stack

Security Best Practices

RBAC voor granulaire access control
Network policies voor pod-to-pod traffic
Pod Security Policies/Standards
Image scanning (Trivy, Clair)
Secret management (Vault, Sealed Secrets)

Backup & Disaster Recovery

Velero voor cluster backups:

# Install Velero
velero install --provider aws --bucket k8s-backups

# Backup namespace
velero backup create prod-backup --include-namespaces production

# Restore
velero restore create --from-backup prod-backup

🚀 5iX Managed Kubernetes: Wij bouwen, beheren en monitoren productie K8s clusters. Van on-premise tot cloud. Inclusief 24/7 support.