Why Containers Need Kubernetes: A Visual Guide to Cloud‑Native Architecture

Containers

Before learning Kubernetes, understand what a container is, because without that you cannot discuss container orchestration.

A container is a package that holds all your materials —application code, dependencies, and even kernel‑level requirements.

The key concept is isolation , separating these materials for better control.

Containers provide three types of isolation:

Workspace isolation (process, network)

Resource isolation (CPU, memory)

Filesystem isolation

Think of a container as a lightweight VM: it offers isolation while being small, fast to start, and does not require a full operating system.

Containers achieve VM‑like isolation using Linux cgroup without installing an OS.

When to Use Kubernetes?

Containers are great, but when you have many of them to manage, you need a container orchestrator like Kubernetes.

If you reach the state shown in the diagram (many containers), you should adopt orchestration.

Kubernetes Architecture

Each Kubernetes cluster has two node types: master and worker .

The master controls and monitors the workers.

Master Components

etcd : a key‑value store that holds all Kubernetes objects, current state, access information, and cluster configuration.

API Server : exposes the cluster’s API endpoints; all components on master and workers communicate with it.

Scheduler : decides which node runs each workload.

Controller Manager : monitors the cluster state via the API server and takes actions to reach the desired state.

Worker Components

kubelet : the core agent on a worker node that talks to the API server and runs the containers scheduled to that node.

kube‑proxy : handles Pod networking using iptables/IPVS.

Pod : the basic unit that runs containers and provides inter‑container networking.

A Pod can contain multiple containers that see each other as local processes.

Each Pod gets its own IP address, visible only within the cluster, and kube‑proxy routes traffic to that IP.

Data volumes mounted in a Pod are shared among its containers, enabling use cases like an image‑upload service where one container saves images and another processes them.

Controllers

Kubernetes includes many controllers such as ReplicaSet, Deployment, Service, StatefulSet, and Ingress. The most important are:

(1) ReplicaSet

Creates and maintains a specified number of Pod replicas; if a Pod fails, it automatically creates a new one.

(2) Deployment

Manages Pods via a ReplicaSet and provides rolling updates, scaling up new versions and scaling down old ones.

(3) Service

Acts as a load balancer, exposing a stable endpoint that distributes traffic to a group of Pods (often across multiple workers). It enables front‑end applications to communicate with back‑end Pods without hard‑coding IP addresses.

(4) Ingress

The Ingress controller is the single entry point for external traffic into the cluster, allowing centralized configuration of security policies, monitoring, and logging.

Summary

This article provides a pictorial overview of containers and Kubernetes, covering isolation concepts, when orchestration is needed, the cluster architecture, core components, and key controllers.