Chapter 8. Running Containers

If you have a tough question that you can’t answer, start by tackling a simpler question that you can’t answer.

Max Tegmark

In previous chapters, we’ve focused mostly on the operational aspects of Kubernetes: where to get your clusters, how to maintain them, and how to manage your cluster resources. Let’s turn now to the most fundamental Kubernetes object: the container. We’ll look at how containers work on a technical level, how they relate to Pods, and how to deploy container images to Kubernetes.

In this chapter, we’ll also cover the important topic of container security, and how to use the security features in Kubernetes to deploy your applications in a secure way, according to best practices. Finally, we’ll look at how to mount disk volumes on Pods, allowing containers to share and persist data.

Containers and Pods

We’ve already introduced Pods in Chapter 2, and talked about how Deployments use ReplicaSets to maintain a set of replica Pods, but we haven’t really looked at Pods themselves in much detail. Pods are the unit of scheduling in Kubernetes. A Pod object represents a container or group of containers, and everything that runs in Kubernetes does so by means of a Pod:

A Pod represents a collection of application containers and volumes running in the same execution environment. Pods, not containers, are the smallest deployable artifact in a Kubernetes cluster. This means all of the containers in a Pod always land on the same machine. ...

Get Cloud Native DevOps with Kubernetes now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.