Shulou(Shulou.com)06/03 Report--

Today, I will talk to you about how to understand docker and K8S. Many people may not know much about it. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something from this article.

Kubernetes (K8S for short) and container technology can be said to be one of the hottest technologies in recent years. When it comes to K8S, we all know that it is an open source container orchestration tool for google. Today I want to talk about what containers I understand, what K8S is, and why they are popular.

Why Docker

Since K8S is a container orchestration tool, to figure out what K8S is, you have to figure out what a container is and why you use container technology.

Figuratively speaking, a linux container is actually a process, or a process deceived by the system. Why would you say that? A process running in a container has the following main characteristics:

It is isolated by the host operating system. It cannot see other processes on the host and thinks it is a process with a pid of 1.

The hardware resources are limited by the host operating system, and the hardware resources such as cpu and memory that it can use are only part of the host.

After the storage space is limited by the host operating system, the process thinks that a directory of the host is the system root.

These deceptive technologies are the three axes of container technology, namespace for resource isolation, cgroup for resource restrictions, and rootfs for camouflage the root directory of the process. These three technologies have long existed in linux, but docker innovatively integrates these three technologies together, and puts forward the concepts of container image and image warehouse, which packages this process and related dependent environment into image files that can be distributed and reused, so that containers can be ported between different machines. In this way, anywhere, as long as you can run docker, you can run the container image into a container instance containing the application process and the associated dependent environment.

Here, using the diagram of K8S official documentation, we will briefly talk about the production scenario and see what problems container technology can solve.

The figure on the left shows the traditional way of deploying applications on physical machines. We can see that in addition to the operation of an application, it is inseparable from the application configuration, libraries, and other dependent environments. Usually, the launch of an application will go through different basic environments, such as development environment, pre environment, beta environment, grayscale testing, production environment and so on. The development students run through the code in the development environment, and when running in other environments, various problems may occur due to the different dependence, configuration and security requirements of each environment. The students of operation and maintenance are busy relying on each other in different environments. Due to the special dependent requirements of different languages and applications, the logic of CI/CD is complex and difficult to unify.

The figure on the right shows the scene after using container technology. The essence of a container image is a collection of program processes plus all runtime environments and configurations and dependencies. Consistent deployment of all environments can be achieved as long as the underlying layers of each environment are compatible with docker. Developers do not have to worry about the differences between the production environment and the development environment, which may lead to application running problems. Operation and maintenance students deploy an application as long as they ensure that the container image can run normally. CI/CD automation is also relatively easy to achieve. As a result, the development efficiency, application iteration efficiency and operation and maintenance workload are greatly increased.

At this point, I have to talk about the comparison between containers and traditional virtual machines. In fact, both of them can be understood as virtualization, and the most essential difference between them is that the container is virtualization at the operating system level, while the virtual machine is the virtualization at the hardware level. See the picture below.

K8S cluster consists of a master node (master node) and multiple working nodes (node nodes). Developers submit application container images, and submit the number and methods of running images to K8S master nodes through description files. K8S master nodes or deploy applications in work nodes as required according to the overall situation of the cluster. For developers, K8S can be used to deploy programs conveniently, regardless of infrastructure, while for operators, the focus of work has shifted from maintaining specific applications to maintaining K8S clusters. Moreover, whether developers or operators, do not care about the specific node where the application is deployed, K8S will automatically judge and take care of everything. Compared with the traditional application deployment, do you think K8S is great?

When the concept of container orchestration appeared, Kubernetes was not the only container orchestration tool. The mainstream tools were Docker's native swarm and Apache Foundation's mesos. Why did K8S have the last laugh and become the de facto standard of container orchestration? I understand that there are two biggest differences between K8S and them: (I won't introduce swarm and mesos in detail here, and I haven't really played much.)

K8S does another layer of abstraction to the container, that is, POD.

Unlike the other two tools, K8S manages atomic objects that are not containers, but POD. According to the definition of official documentation, a POD is a collection of one or more containers that share storage and networks, and describe how to run these containers, so POD is actually an abstract concept. All the operations of K8s on the container, such as dynamic scaling, monitoring, etc., are actually the management of pod. So what are the benefits of this layer of abstraction?

As mentioned above, a container is essentially a process that is specially handled. Imagine a web business where the log output from the web application process needs to be processed by the big data agent process. If this business wants to be containerized, there are usually two ways. One is to set up two containers separately and mount the host to the same directory to store logs. The other is to use an operating system-level container or supervisord container as an enterpoint to manage web services and agent processes. In the former method, the two containers are framed on this host. To achieve horizontal expansion and reduction of business instances, you need to consider the operation and storage mounting of the two containers, and the logic is complicated. In the latter way, you have to open an extra supervisord process for each container, and more importantly, because entrypoint is a supervisord process, the web application and big data agent are invisible to docker. Even if nginx restarts frequently due to errors, Docker considers the container to be normal as long as supervisord is alive.

Let's take a look at what has changed since we used the concept of pod. Two container instances, web service process and big data agent, are used in a pod. First of all, the container instances in pod share storage and network namespace, that is, the storage data of the two processes are directly shared, and no additional mount action is required. Second, the pod is managed as a whole by K8s, which monitors the status of each container in the pod and automatically intervenes if there is a problem according to policy. In this sense, pod is more similar to traditional virtual machines.

Declarative API

The second and more important aspect is the declarative api of K8S (it seems that the new version of swarm also supports it, and I won't go into details if I haven't played it). What is declarative API? you can refer to the description file in the system diagram above. For example, if I need to run 10 web service containers in the cluster, the traditional imperative API is to call commands step by step to build the container. With declarative api, as long as you tell K8S I want 10 web containers, K8S will automatically maintain the number of web cluster instances at 10, and when a pod fails to exit, K8S will automatically re-pull the new pod to keep the cluster running with 10 pod instances all the time. This makes it easy to manage the cluster as long as the desired cluster state is described through the configuration file without paying attention to the intermediate implementation process.

Summary:

Why Dokcer: use container technology to run applications, which is more efficient, lightweight and resource-saving than the original physical machine and virtual machine. At the same time, it greatly facilitates the deployment and distribution of applications in different environments.

Why Kubernetes: it is not enough to run containers in production clusters, and container applications should be arranged and managed as a business system cluster. Some advantages of K8S make it the de facto standard of container cluster choreography and management tools.

Finally, one more point. In fact, Docker is not the only company that does container technology, and Kubernetes is not only managing Docker containers. However, in terms of market share, application and the popularity of the development community, they are the most mainstream solutions of container technology at present. As far as the production environment is concerned, there is basically no need to consider other container technologies.

After reading the above, do you have any further understanding of how to understand docker and K8s? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.