From Docker to Kubernetes: A Comprehensive Guide to Containerization Technology

This article provides a comprehensive introduction to containerization technology, covering Docker and Kubernetes from basic concepts to implementation principles. It is designed for beginners looking to quickly understand these technologies.

Part One: Docker

Docker is an open-source application container engine that uses resource virtualization technology, allowing developers to package applications and dependencies into portable containers. The evolution of virtualization technology progressed through three eras: physical machine era, virtual machine era, and containerization era.

Docker consists of three core components: Images (cross-platform, portable packages), Image Repositories (storage locations like Docker Hub), and Containers (resource-isolated runtime environments).

The implementation principles of Docker rely on several key Linux kernel technologies:

Namespace : Provides isolation for process trees, network interfaces, mount points, and inter-process communication. Linux provides seven types of namespaces including CLONE_NEWCGROUP, CLONE_NEWIPC, CLONE_NEWNET, CLONE_NEWNS, CLONE_NEWPID, CLONE_NEWUSER, and CLONE_NEWUTS.

Control Groups (CGroups) : Provides physical resource isolation including CPU, memory, disk I/O, and network bandwidth. Components include Control Groups, Subsystems, Hierarchy, and Tasks.

UnionFS : Allows multiple directory contents to be联合挂载到同一目录，具有写时复制功能。Docker镜像由一系列只读层组成，Dockerfile中的每个命令都会创建一个新层。

Docker网络提供四种模式：host、container、none和bridge。bridge模式使用Veth Pair和网桥实现容器间网络通信。

Part Two: Kubernetes

Kubernetes (K8s) is a distributed architecture solution based on container technology, originating from Google's Borg system. It addresses challenges that arise when managing multiple containers in distributed environments.

Key Kubernetes concepts include:

Pod : The smallest unit of resource allocation and scheduling, consisting of multiple containers (typically one container per process). Includes a special Pause container for state representation.

Label : Key-value pairs for resource identification and selection using equality-based or set-based selectors.

Replication Controller (RC) / ReplicaSet (RS) : Ensures specified number of Pod replicas are running. RS supports set-based selectors while RC only supports equality-based selectors.

Deployment : An upgraded version of RC that provides deployment progress visibility.

Horizontal Pod Autoscaler (HPA) : Automatically scales Pod count based on CPU utilization or custom metrics.

StatefulSet : Manages stateful applications with stable unique network identifiers and persistent storage.

Service : Defines access entry points for applications, using Label Selector to route traffic to backend Pods.

Volume : Shared directories accessible by multiple containers within a Pod.

Persistent Volume (PV) and Persistent Volume Claim (PVC) : Network storage resources that persist beyond Pod lifecycle.

Namespace : Provides multi-tenant resource isolation.

ConfigMap : Stores configuration data as key-value pairs, mapped to Pods for dynamic configuration.

Kubernetes Architecture

The cluster consists of Master nodes, Node nodes, and external ETCD storage. Master components include:

API Server : The sole entry point for cluster control and resource operations, providing HTTPS REST interfaces with RBAC security.

Controller Manager : Automates resource control, including ResourceQuota Controller, Namespace Controller, and Endpoints Controller.

Scheduler : Binds Pods to optimal Nodes through pre-selection (Predicates) and priority ranking (Priorities).

Node components include:

kubelet : Manages container lifecycle and reports node status.

kube-proxy : Implements Service communication and load balancing.

Docker Engine : Creates and manages local containers.

Kubernetes networking extends Docker's principles to enable cross-Node container communication using CNI plugins like Flannel. Service discovery is handled by CoreDNS.