A Comprehensive Overview of Cloud Native Technologies: From Fundamentals to Kubernetes, Docker, and Service Mesh

Author: William Mengxianglong, Tencent CDG System Architect, focusing on cloud native technology for fintech.

This article provides a key knowledge overview of cloud native, aiming to give readers a "window" into the cloud native landscape, illustrating the overall blueprint, core technologies, and practical insights.

Before reading, imagine you are a CTO of a small‑to‑mid‑size IT company deciding on cloud native adoption. You need to answer two questions: why move to the cloud and what are the drawbacks?

1 Cloud Native – Overview

1.1 Definition

Cloud native is defined in many ways; from a technical perspective it emphasizes microservices, containers, container orchestration, service networking, immutable infrastructure, and declarative APIs.

1.2 Technical Ecosystem

Key components include microservice architecture, containers, container orchestration platforms, service mesh, immutable infrastructure, and declarative APIs (command‑style vs. declarative).

1.3 Core Technologies

1.3.1 Microservices

Microservices split a complex application into independent, loosely‑coupled services that communicate via high cohesion and low coupling.

1.3.2 Containers

Containers package an application and its dependencies into a portable, isolated runtime environment, offering resource isolation via namespaces, cgroups, and UnionFS.

1.3.3 Container Orchestration

Orchestration automates container lifecycle management, scheduling, resource allocation, and service discovery.

1.3.4 Service Mesh

Service mesh provides a transparent infrastructure layer for reliable inter‑service communication using lightweight sidecar proxies.

1.3.5 Immutable Infrastructure

Immutable infrastructure treats every instance as read‑only after creation; updates are performed by replacing instances.

1.3.6 Declarative API

Declarative APIs describe the desired state, allowing the system to converge automatically, which improves robustness.

1.3.7 DevOps

DevOps combines culture, automation, measurement, and sharing to shorten development cycles and increase deployment frequency.

2 Containers – Docker

2.1 Docker Overview

Docker is the industry standard for packaging and distributing cloud‑native applications. Core concepts are images (read‑only layers), containers (runtime instances with a writable layer), and repositories (central image storage).

2.2 Docker Key Technologies

2.2.1 Namespace Isolation

Linux namespaces provide process‑level isolation, giving each container its own view of the system.

2.2.2 Control Groups

cgroups limit CPU, memory, and I/O usage for groups of processes.

2.2.3 Union File System

UnionFS merges multiple read‑only layers into a single unified filesystem for containers.

2.3 Docker Networking

Docker uses bridge mode (docker0), veth pairs, and iptables to connect containers to the host network and to each other.

3 Container Orchestration – Kubernetes

3.1 Overview, Architecture, Core Components

Kubernetes provides a cloud‑native operating system that automates deployment, scaling, and management of containerized workloads. Core components include the API server, scheduler, controller‑manager, etcd, kubelet, and kube‑proxy.

3.2 Deployment, Resource Control, Storage

Kubernetes achieves high availability through static pod deployment, leader election, and load‑balanced API servers.

3.3 Networking

3.3.1 Service Types

Kubernetes offers ClusterIP, NodePort, LoadBalancer, and ExternalName services to expose workloads.

3.3.2 Underlay vs. Overlay

Underlay networks reuse physical infrastructure, while overlay solutions (Flannel, Calico) create virtual networks on top of it.

3.3.3 Flannel

Flannel provides simple overlay networking using UDP, VxLAN, or IPIP backends.

3.3.4 Calico

Calico delivers layer‑3 routing, network‑policy enforcement, and integrates with BGP for large‑scale clusters.

4 Service Mesh – Istio

4.1 Overview

Istio adds traffic management, security, and observability to microservices via a control plane and a data plane of sidecar proxies.

4.2 Control Plane

Components such as Pilot, Citadel, and Galley configure and secure the mesh.

4.3 Data Plane

Envoy sidecars intercept and route all inbound and outbound traffic.

5 Cloud‑Native Ecosystem Components

Prometheus – monitoring and alerting.

Grafana – visualization.

Elasticsearch + Fluentd + Kibana – log aggregation and analysis.

Jaeger – distributed tracing.

Chaos Engineering – resilience testing.

6 Common Network Technologies

6.1 Host Networking & iptables

iptables manipulates Linux netfilter to filter, NAT, and route packets.

6.2 Underlay – VLAN

VLAN partitions a physical LAN into multiple broadcast domains.

6.3 Overlay – VXLAN

VXLAN extends layer‑2 networks over IP using UDP encapsulation and VNI identifiers.

7 Summary

Cloud native shifts focus from resource‑centric cloud to application‑centric design, leveraging containers, Kubernetes, and service mesh to accelerate digital innovation.

8 Acknowledgements

Thanks to CDG‑FiT teammates and Tencent OTeam for their contributions.

9 Learning Resources

SRE Google

Kubernetes Authoritative Guide

Kubernetes in Action

Deep Dive into Kubernetes

Docker Containers and Cloud

Istio Service Mesh

CNCF, Huawei Cloud Native, Docker, Kubernetes, Istio official sites

10 Hero Posters

Images of community members.