What is a Docker Container?
A Docker container is like a lightweight virtual machine for a process. It isolates the process along with all of its dependencies from everything outside of the container. While that may not sound like a big deal, it absolutely is. Let me explain:
Containers eliminate dependency conflicts - For example, let's say that the containerized application uses python 3.8, but the host computer has an older version of python installed on it. Well, there won't be any conflicts because that older python installation is inaccessible to the application in the container.
Containers can be used to add security - For instance, pretend that a hacker is able to compromise your computer. They would have a hard time if they tried to manipulate the application in a container running on your machine. This is because containers isolate processes and files inside of them.
Containers simplify the task of deploying a program - Normally, you need to copy over the executable that you want to deploy, plus all of its dependencies--DLLs, jars, property files, etc. Then you need to install everything and set the environment variables. Finally, you need to trouble-shoot for a while because these kinds of installations never go right the first time. #WorksOnMyMachine #FML.
Thankfully, containers eliminate these headaches by encapsulating your application along with all of its dependencies. In fact, it's all baked right into the container’s file system and ready to go--no further installation required.
If you're interested in diving deeper, here's a link to my free 1.5 hour video course, True Docker: A Step-By-Step Guide
What is Container Orchestration?
Let's say that you have a bunch of containers that you want to work together as part of a larger, more sophisticated application. You will need to find solutions for numerous infrastructure-level problems such as load balancing, networking, reliability, resource management, security, etc. These are the kinds of problems that are solved by container orchestration systems.
Stated more simply, a container orchestration system manages a cluster of containers.
What is Kubernetes?
Kubernetes is a container orchestration system. It helps you to create and manage applications made up of multiple containers.
If you don't have experience in this area yet, then the previous definition probably doesn't feel very real or concrete. So let's change that by going over a hypothetical example.
Basketball shoes are red hot right now. Thousands of fans buy these collector's items both to put them in their collection and to resell them for huge profits.
- Goal - To create a high-end basketball sneaker resale website.
- Requirements - Our retail site must be able to...
- Handle sudden large demand spikes users placing bids on newly-available, limited-edition sneakers.
- Periodically scrape many different online shoe stores to keep our virtual shelves up to date.
- Accept third-party sellers who want to post their inventory for sale.
- Handle whatever comes. The site must be reliable. Reputation is everything!
- Design Philosophy
- www.K8sKicks.com will have a microservice architecture.
- It will be made up of multiple separate, specialized services that work together to form the system as a whole.
- Each service will follow the Unix design philosophy: do one thing and do it well.
- Each microservice will live in its own container to simplify deployment.
- Services / Components - For the sake of this example, let's break the system up into five microservices: (1) Web server, (2) Session cache, (3) Authentication server, (4) Web scraper, (5) Database.
- Problems solved by Kubernetes - Let's go through some of the key problems that www.K8sKicks.com is likely to encounter, and how Kubernetes can provide solutions to those problems.
Automatic container restarts on failure - Things break eventually. They always do. Perhaps the web scraper has a bug. Or perhaps one of the cluster nodes experiences a hardware failure and shuts down. Well, Kubernetes has mechanisms that will restart failed containers without the need for any manual intervention.
Horizontal scaling - On any given day, the www.K8sKicks.com webs server will only experience moderate demand from clients. But every now and then, the site will experience a rapid spike in demand when a particularly rare pair of shoes becomes available.
Thankfully, Kubernetes makes it really easy to spin up duplicates of the web server container to handle the extra load. This can be done manually with a single command or automatically.
Load balancing - Whenever you scale up the number of server containers, you will also need to evenly distribute requests between them. This is easily accomplished in Kubernetes using the in-built load balancers.
Security - For lots of our users, sneakers are big business. This puts a giant target on our back. We've got to harden our system to defend against hackers. Thankfully, Kubernetes has a number of security-related tools, such as the ability to remove unneeded kernel capabilities, and the ability to force a container’s file system to be read-only.
Firewalls - Kubernetes also gives us the ability to set Communications firewalls, called Network Policies, between the various microservices.
For instance, we might want to setup a network policy which restricts communication between the web scraper and the authentication server. This way, if the web scraper somehow got hacked, it's harder for the attacker to use it as a bastion from which two hack the authentication server.
Zero-downtime upgrades and rollbacks - Let’s say that you decide to update the web server. But then you find out that you’ve accidentally introduced a CSS bug. It's not compromising any critical functionality, but it is ugly, and so you want to fix it.
Thankfully, Kubernetes has the ability to revert the web server container back to an older, non-buggy version--and it can do so without any interruptions in service!
Similarly, you can deploy new versions of a container without any down time in service. And it can be done with a single, easy command.
Container scheduling - Kubernetes schedules containers to nodes for you. In other words, it automatically decides where to deploy each and every container. And it does so very efficiently. This is beneficial because it’s one less task for human operators.
Resource management - After running a bunch of performance tests on www.K8sKicks.com, you discovered two important things. First, the database requires a minimum of 256 megabytes of memory to work properly. Second, the web scraper is a greedy little bastard that will consume as much CPU as it can. Left to its own devices, it will slow things down for any other container running on the same machine.
Thankfully, Kubernetes gives you the option to set lower and upper bounds on the resources that each container can consume. Thus, you would probably want to request a minimum of 256 MB of memory for the database container and set an upper limit of .25 CPU on the web scraper container.
Kubernetes is basically a toolbox that helps you to construct very robust applications made up of multiple Docker containers.