Chapter 7: Containerization & Orchestration

Metadata Card

Prerequisites: Vol 4 Networking (Linux network namespace), Chapter 6 (Microservices)
Estimated Time: 45 minutes
Core Difficulty: Intermediate
Reading Mode: High focus
Completion Milestone: Understand Docker image layering, explain Pod vs container relationship, understand Deployment strategies, know HPA mechanics

Your Progress

20 microservices, 100 instances. Each instance's deployment: request VM → install JDK 17 → configure env vars → copy JAR → start → health check. 15 minutes per instance when everything goes right. But "everything right" is rare.

General Lin says: "In battle, does every soldier cook their own meals?"

Of course not. The army has unified logistics. Rations are standardized.

Containers are your standardized rations. Kubernetes is the logistics system. Your Task

Containerization core: Cgroups and Namespace isolation, Docker layered images. K8s abstractions: Pod, Service, Deployment.

Containers vs VMs: Containers share the host OS kernel (namespaces + cgroups). Not "lightweight VMs." Namespaces isolate views (PID, network, mount, UTS, IPC, user). Cgroups control resource usage (CPU, memory, IO).

Docker: Standardizes packaging, distribution, and running. Image layers: each Dockerfile instruction creates a layer. Layers are cached, shared, incrementally transferred.

Kubernetes: Pod (smallest scheduling unit, 1+ containers sharing network namespace), Service (stable virtual IP + DNS, load balances across pods), Deployment (declarative updates, rolling updates), HPA (auto-scale based on metrics).

ConfigMap/Secret: Separate configuration from container images. ConfigMap for non-sensitive config, Secret for sensitive data (base64 encoded, can be encrypted).

Common Pitfalls: Running multiple processes in one container (lose health check precision). Missing resource requests/limits (unlimited resource consumption). Using latest image tag. Accessing pods by IP directly.

Traveler's Notes

Containerization: Namespace+Cgroups isolation at the bottom, Pod-Service-Deployment management model at the top. Docker provides portable packaging and running; K8s provides large-scale orchestration and governance.

Next: Observability (Chapter 8).