Basic concepts of docker/kubernete/kata-container

Kubereters

An open-source system for automating deployment, scaling, and management of containerized applications;

Traditional >> Hypervisor >> Container

Traditional:

　　No way to define resource boundaries for applications in a physical server before, run each applications on a different physical server;

Hypervisor:

　　Will run multi VMs on a single physical server's CPU;

　　Allow applications to be isolated between VMs and provides a level of securiy as the infomation of one application cannot be freely accessed by another 　　　　application;

　　Each VM is a full machine running all the components, including its own operating system;

Container:

　　Have relaxed isolation properties to share the operating system among the applications;

　　Lightweight;

　　A container has its own filesytem/CPU/memory/process space/..

　　Are portable across clouds and OS distributions because they are decoupled from the underlying infrastrucure;

　　Benifits of containers:

　　　　1. Agile application creation and deployment: increased ease and efficiency of container image creation compared to VM image use

　　　　2. Continuous development, integrations and deployment:

　　　　　　provide for reliable and frequent container image build and deployment with quick and easy rollbacks;

　　　　3. Dev and Ops separation of concerns: create application container images at build/release time rather than deployment time, thereby decoupling applications from infrastructure;

　　　　4. Obervability not only surfaces OS-level information and metrics, but also application health and other signals;

　　　　5. Environmental consistency across development, testing, and production; Runs the same on a laptop as it does in the cloud;

　　　　6. Cloud and OS distribution portabilty: Runs on Ubuntu, RHEL, CoreOS, on-prem, Google Kubernetes Engine, and anywhrere else;

　　　　7. Application-centric management;

　　　　8. Loosely coupled, distributed;

　　　　9. Resource isolation;

　　　　10. Resource utilization;

Benefits of Kubernetes:

　　1.  Service discovery and load balancing　　　　

　　　　　　kubernetes expose a container using the DNS name or using their own IP address;

　　　　　　if traffic to a container is high, kubernetes is able to load balance and distribute the network traffic so that the deployment is stable;

　　2.  Stroage orchestartion

　　　　　　automatically mount a storage system of local storages/public cloud providers/..

　　3.  Automated rollouts and rollbacks

　　　　　　automake kubernets to create new containers

　　4.  Self-healing

　　　　　　restart fail containers, kill no-respond containers;

　　5.  Automatic bin packing

　　　　　　tell kubernetes how much CPU and RAM each container needs, kubernets can fit containers onto your nodes to make the best use of you resources;

Kubernetes Master

When deploying kubernetes, we wil get a cluster, which is a set of machines (nodes),

that run containerzed applications managed by kubernetes.

A cluster has at least one worker node and at least one master node;

Kubernetes Master is a collection of three processes that run on a single node in your cluster, which is designed as the master node;

Three processes:

　　Kube-apiserver;

　　Kube-controller-manager;

　　Kube-scheduler;

Individual non-master node in cluster run two processes:

　　kubelet

　　　　which communicates with the Kubernetes Master;

　　　　The primary node agent that runs on each node; It can register the node with tha apiserver using one of

　　　　　　the host name;

　　　　　　a flag to override the hostname;

　　　　　　specific logic for a cloud provider;

　　　　

　　kube-proxy

　　　　a network proxy which reflects Kubernetes networking services on each node;

　　　　Kubernets network proxy runs on each node, this relects services as defined in the Kubernetes API on each node

　　　　and can do simple TCP/UDP and SCTP stream forwarding or round robin TCP/UDP/SCTP forwarding across a set of backends/

　　　　Service cluster IPs and ports are currently found through Docker-links-compatible　　　

　

Kubernetes Objects

Kubernetes contains serveral abstractions representing the state of system;

Basic Kubernetes objects include:

• Pod
• Service
• Volume
• Namespace

Kata-container

An open-source project and community working to build a standard implement of lightweight VM that feel and perform like containers, but provide the workload isolation and security advantages of VMs;

Kata container Components

• Agent　　　　　　-- The Kata-agent runs inside the virtual machine and sets up the container environment
• KSM throttler　　 -- An optional utility that monitors containers and deduplicates memory to max container density on a host
• Proxy　　　　　　-- A process running on the host and co-ordinates access to the agent running inside the VM
• Runtime　　　　　-- Be invoked by a container manager and provides high-level verbs to manage containersd
• Shim　　　　　　  -- A process that runs on the host, acts as though it is the workload ( which actually runs inside the VM), required to be compliant with th expecations of the OCI runtime sepc
• Hypervisor　　　　--
• Kernel　　　　　　-- HV uses a linux kernel to boot the guest image

Docker

Following storage drivers:

• overlay2 　　　　is the preferred storage driver, for all currently supported linux distributions, and requires no extra conf
• aufs 　　　　　　is the preferred stroage driver for Docker 18.06 or older, when running on Ubuntu 14 on Kernel 3.13 which has no support or ovrlay2
• devicemapper 　 is supported, but requires direct-lvm for production environments, because loopback-lvm, while zero-conf, has very poor performance.