The document discusses various aspects of Docker and Kubernetes, including container runtimes, deployment strategies, and container networking. It references resources from the Cloud Native Computing Foundation (CNCF) and outlines the roles of different components such as Kubelet, CRI-O, and containerd. Additionally, it covers technical details about container orchestration and management within Kubernetes.

1. Copyright(c)2021 NTT Corp. All Rights Reserved
Docker Kubernetes
CloudNative Days Online 2021
2021/03/11

2. Copyright(c)2021 NTT Corp. All Rights Reserved
GitHub:@ktock / Twitter:@TokunagaKohei
containerd
containerd Stargz Snapshotter
Container Runtime Meetup

3. Copyright(c)2021 NTT Corp. All Rights Reserved
KubeCon+CloudNative Con NA Virtual 2020 22,816
CNCF SURVEY 2020( 3 ) [2]
[2] https://www.cncf.io/wp-content/uploads/2020/11/CNCF_Survey_Report_2020.pdf
[1] https://www.cncf.io/wp-content/uploads/2020/12/KubeCon_NA_20_Virtual_Report.pdf
KubeCon + CloudNativeCon North America 2020
- Virtual Conference Transparency Report. CNCF[1]
IT
l
l
l
l
Kubernetes
91%
Kubernetes
92%

4. Copyright(c)2021 NTT Corp. All Rights Reserved
Docker
Kubernetes
Docker Kubernetes
4 Docker Kubernetes

5. Copyright(c)2021 NTT Corp. All Rights Reserved
Docker
Kubernetes
Docker Kubernetes

6. Copyright(c)2021 NTT Corp. All Rights Reserved
Files
Proces
ses
6
1 1

7. Copyright(c)2021 NTT Corp. All Rights Reserved
1 ” ”
HW
… …
…
OS OS
A
p
p
A
p
p
A
p
p
A
p
p
7 OS
7
OS 7
OS 7 1
1 7
OS
Process
…
7 Docker runc7

8. Copyright(c)2021 NTT Corp. All Rights Reserved
2
Build Run
Docker Kubernetes 8
Docker
Ship
l
Build Ship Run
•
•
• CI/CD
l
• MB
•

9. Copyright(c)2021 NTT Corp. All Rights Reserved
3
https://landscape.cncf.io

10. Copyright(c)2021 NTT Corp. All Rights Reserved
CNCF OCI
Linux Foundation
OSS 0
KubeCon+CloudNative
Con 0
1
Linux Foundation
0
https://www.cncf.io https://opencontainers.org

11. Copyright(c)2021 NTT Corp. All Rights Reserved
Docker
Kubernetes
Docker Kubernetes

12. Copyright(c)2021 NTT Corp. All Rights Reserved
Docker
l 2013 3 dotCloud Docker 2
l
l Build Ship Run
Docker Swarm 1

13. Copyright(c)2021 NTT Corp. All Rights Reserved
Build
Context
Dockerfile docker build
Dockerfile
1
3

14. Copyright(c)2021 NTT Corp. All Rights Reserved
Run
docker run
1
1
1 4

15. Copyright(c)2021 NTT Corp. All Rights Reserved
Ship
docker push docker pull
app:v1 app:v2 svr:v1 svr:v2
5
1
1
:Docker Hub

16. Copyright(c)2021 NTT Corp. All Rights Reserved
1
/
/bin/ /lib/ /usr/
bash cat ls
6 1

17. Copyright(c)2021 NTT Corp. All Rights Reserved
1 A
C
7 7
tar

18. Copyright(c)2021 NTT Corp. All Rights Reserved
Build Dockerfile
2
80
2 4
1.0
RUN
COPY
FROM ubuntu:20.04
RUN apt-get update &&
apt-get install –y figlet
COPY ./hello.sh /hello.sh
:
D

19. Copyright(c)2021 NTT Corp. All Rights Reserved
rootfs
app
OS
Docker Overlay2 storage driver
OverlayFS
tar
9 1
9 1
9
1
9

20. Copyright(c)2021 NTT Corp. All Rights Reserved
Docker
Kubernetes
Docker Kubernetes

21. Copyright(c)2021 NTT Corp. All Rights Reserved
Kubernetes
l 2014 6 Google 2
l 1
l

22. Copyright(c)2021 NTT Corp. All Rights Reserved
Kubernetes
Kubernetes API
2
2
Docker Hub
pull
kubectl apply
kubectl get
kubectl describe
kubectl
( )

23. Copyright(c)2021 NTT Corp. All Rights Reserved
(
P =
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
https://kubernetes.io/docs/concepts/workloads/controllers/
deployment/#creating-a-deployment
P 3 )
k8s 3
P
P

24. Copyright(c)2021 NTT Corp. All Rights Reserved
Pod
192.168.100.10
Pod
4
Pod
localhost
Pod
IP
N
I
C
Pod 2
l
2 4
l
4

25. Copyright(c)2021 NTT Corp. All Rights Reserved
Pod
vol
1
vol
0
0
2
2
5
1
Deployment StatefulSet
DaemonSet Job/CronJob

26. Copyright(c)2021 NTT Corp. All Rights Reserved
Deployment
Pod
Deployment
Pod : 2
Deployment
Pod : 2
Pod
Deployment
Pod : 2

27. Copyright(c)2021 NTT Corp. All Rights Reserved
Deployment
Deployment
Pod
Deployment
Pod
Deployment
Pod
Deployment
Deployment
Pod 7
2

28. Copyright(c)2021 NTT Corp. All Rights Reserved
Pod
192.168.1.10:8080
192.168.1.11:80
192.168.1.12:80
192.168.100.11:8080 192.168.100.10:80
l Pod / IP
l
Pod2
l Pod
IP
l 2IP 8 Pod 2
Service
Service
Pod
Service A Service B

29. Copyright(c)2021 NTT Corp. All Rights Reserved
Service Pod
NodePort
Service
LoadBalancer
Service
Ingress
9
Service Pod
9
Service 2
Pod
URL
Service
ClusterIP
Service
Pod service
service
IP

30. Copyright(c)2021 NTT Corp. All Rights Reserved
Kubernetes
3
Kubernetes
3
Kubernetes3
0
Pod
3
ConfigMap/Secrets Volume PV/PVC Custom Resource Definition
And more….

31. Copyright(c)2021 NTT Corp. All Rights Reserved
Docker
Kubernetes
Docker Kubernetes

32. Copyright(c)2021 NTT Corp. All Rights Reserved
CRI
OCI
kubelet kubelet
CRI
OCI
kubelet
1 2 3
Kubernetes kubelet Pod
l 3 2 kube-scheduler Pod 3 2
l kubelet Pod
• API kube-apiserver Pod
kubectl apply

33. Copyright(c)2021 NTT Corp. All Rights Reserved
OCI
CRI
l Kubelet pull
Pod
l Container Runtime Interface CRI
3
• containerd CNCF graduated project
• CRI-O CNCF sandbox project
CRI
kubelet
CRI
pull
Docker kubelet
• CRI 3 kubelet Docker API
• Kubernetes v1.20 kubelet Docker
kubelet Docker

34. Copyright(c)2021 NTT Corp. All Rights Reserved
OCI
OCI
CRI
kubelet
CRI
l Docker OCI
l OCI OCI Runtime Spec
l runc OCI 4 3
OCI
OCI
runc Kata Containers gVisor
OCI 4
Namespace Linux
Open Infrastructure
Foundation
Pod
Google
app
runc
OS
agent
C
C
C
VM
(sentry)
app

35. Copyright(c)2021 NTT Corp. All Rights Reserved
runc namespace
1
2 3
4 5
eth0
1
2 3
eth0
eth
0
eth0 eth0
1
2 3
4 5
1
2 3
PID namespace
namespace
PID=1
Mount namespace
namespace mount
unmount ”/”
3 namespace
Network namespace
namespace
A B
And more…
namespace 5

36. Copyright(c)2021 NTT Corp. All Rights Reserved
runc cgroup C
m 3 y
v
,
: m 3 sr
io ,
, v
( ( ( ) ( )
P C
p , sr 1
p ,
l io cg 1CPU 1 m
l c d Docker p c cg 6/dev/sda
cgroup v2 6Docker v20.10 )1 u cgroup v2
e ,

37. Copyright(c)2021 NTT Corp. All Rights Reserved
Docker
Kubernetes
Docker Kubernetes
l 7
l
l Build Ship Run7
l 7
l 3
l
l CRI OCI 7
l runc namespace cgroup Linux 7