Understanding Kubernetes: Architecture, Docker Foundations, and Container Technologies

1. What is Kubernetes?

Kubernetes (also called k8s or “kube”) is an open‑source, portable, extensible platform for managing containerised workloads and services. Compared with traditional VM‑based deployments it offers several advantages:

Agile application creation and deployment – container images are easier and faster to build than VM images.

Continuous integration, delivery and deployment – immutable images enable reliable, frequent roll‑backs.

Separation of development and operations – containers are built at build time, not at deployment time.

Observability – both OS‑level metrics and application‑level health signals are exposed.

Environment consistency across development, testing and production.

Portability across clouds and OS distributions (Ubuntu, RHEL, CoreOS, GKE, etc.).

Application‑centric management – higher abstraction from OS to logical resources.

Loose coupling, distributed, elastic micro‑services that can be deployed independently.

Resource isolation for predictable performance.

Efficient resource utilisation for high density.

1. The Rise of Docker

Docker’s story begins in 2013 when Docker (then dotCloud) was introduced at PyCon. Its ability to package an entire OS filesystem into a single image solved many PaaS packaging problems and quickly gained traction.

2. Evolution of Docker Orchestration

Swarm extended Docker’s native API to provide cluster management. In 2014 Docker acquired the Fig project, creating Compose for declarative multi‑container deployments. In June 2014 Google released Kubernetes.

In June 2015 Docker, CoreOS, Google, RedHat and others donated libcontainer (renamed runC) to the Open Container Initiative (OCI), establishing a neutral standard for runtimes and images. Kubernetes exposed extensible plugin mechanisms, spawning projects such as Istio, Operators, and Rook.

2. Technical Foundations of Docker Containers

1. Processes and Linux Namespaces

Docker isolates processes using Linux namespaces. The system call int pid = clone(main_function, stack_size, SIGCHLD, NULL); creates a new process. Adding the CLONE_NEWPID flag ( int pid = clone(main_function, stack_size, CLONE_NEWPID | SIGCHLD, NULL); ) places the process in a new PID namespace where it sees itself as PID 1.

Other namespaces (mount, UTS, IPC, network, user) provide further isolation.

2. Resource Limits with Linux Cgroups

Cgroups (Control Groups) restrict the amount of CPU, memory, disk I/O, etc., a group of processes can consume. Examples include:

blkio – I/O limits for block devices.

cpuset – dedicated CPU cores and memory nodes.

memory – memory usage caps.

Using cgroups, containers achieve resource isolation.

3. Container Images and Filesystems

The Linux chroot command changes a process’s root directory. For example, chroot $HOME/test /bin/bash makes / refer to $HOME/test . Docker builds a root filesystem (rootfs) by mounting a complete OS image (e.g., Ubuntu 16.04) inside the container.

The container creation workflow is:

Enable Linux namespaces.

Configure cgroup limits.

Switch the process root (pivot_root or chroot).

Note that the rootfs contains only user‑space files; the kernel is shared with the host.

3. Overview of Kubernetes Architecture

Kubernetes consists of a control plane (Master) and worker nodes (Node). The Master runs:

kube‑apiserver – API server.

kube‑scheduler – scheduling decisions.

kube‑controller‑manager – controller logic.

etcd – persistent cluster state.

Each Node runs:

kubelet – interacts with the container runtime and configures networking and storage.

kube‑proxy – maintains network rules.

A container runtime such as Docker, containerd, or CRI‑O.

Kubernetes treats a set of tightly coupled containers as a Pod, which shares a network namespace and storage. Services expose Pods via stable network endpoints. Higher‑level objects like Job, DaemonSet, and CronJob describe one‑off, singleton, and scheduled workloads respectively.

Deployments are declared via YAML files; for example, creating an Nginx deployment involves writing nginx‑deployment.yaml and running kubectl create -f nginx‑deployment.yaml .

Overall, Kubernetes provides a declarative, container‑native platform for building and managing distributed systems at scale.

4. References

Wikipedia: Kubernetes – https://zh.wikipedia.org/wiki/Kubernetes

Kubernetes official documentation – https://kubernetes.io/

Deep dive into Kubernetes – https://time.geekbang.org/column/intro/100015201

Wikipedia: Linux namespaces – https://en.wikipedia.org/wiki/Linux_namespaces

Wikipedia: Cgroups – https://zh.wikipedia.org/wiki/Cgroups