Kubernetes Fundamentals for Docker Integration

When I first started working with Kubernetes, I made the mistake of thinking it was just a more complex way to run Docker containers. That perspective held me back for months. Kubernetes isn’t just a container runner - it’s a complete platform for building distributed systems that happen to use containers as their fundamental building blocks.

Understanding how Kubernetes thinks about and manages your Docker containers is crucial for effective integration. The platform introduces several abstractions that might seem unnecessary at first, but each one serves a specific purpose in creating resilient, scalable applications.

Pods: The Atomic Unit of Deployment

The pod is Kubernetes’ fundamental deployment unit, and it’s probably the most misunderstood concept for developers coming from Docker. A pod isn’t just a wrapper around a single container - it’s a group of containers that share networking and storage resources.

In most cases, you’ll have one container per pod, but understanding the multi-container possibilities is important. I’ve used multi-container pods for scenarios like sidecar logging, service mesh proxies, and data synchronization. Here’s what a typical single-container pod looks like:

apiVersion: v1
kind: Pod
metadata:
  name: my-app-pod
  labels:
    app: my-app
spec:
  containers:
  - name: my-app
    image: my-registry/my-app:v1.0
    ports:
    - containerPort: 3000
    resources:
      requests:
        memory: "128Mi"
        cpu: "100m"
      limits:
        memory: "256Mi"
        cpu: "200m"

The key insight here is that Kubernetes manages pods, not individual containers. When you scale your application, you’re creating more pods. When a container fails, Kubernetes restarts the entire pod. This design simplifies networking and storage management while providing clear boundaries for resource allocation.

Deployments: Managing Pod Lifecycles

While you can create pods directly, you almost never want to do that in production. Deployments provide the management layer that makes your applications resilient and scalable. They handle rolling updates, rollbacks, and ensure that your desired number of pods are always running.

I think of deployments as the bridge between your Docker images and running applications. They take your carefully crafted container images and turn them into managed, scalable services:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-app
        image: my-registry/my-app:v1.0
        ports:
        - containerPort: 3000
        livenessProbe:
          httpGet:
            path: /health
            port: 3000
          initialDelaySeconds: 30
          periodSeconds: 10
        readinessProbe:
          httpGet:
            path: /ready
            port: 3000
          initialDelaySeconds: 5
          periodSeconds: 5

The deployment ensures that three replicas of your application are always running. If a pod fails, the deployment controller immediately creates a replacement. If you update the image tag, the deployment performs a rolling update, gradually replacing old pods with new ones.

Services: Stable Networking for Dynamic Pods

One of the biggest challenges in distributed systems is service discovery - how do different parts of your application find and communicate with each other? Kubernetes solves this with Services, which provide stable network endpoints for your dynamic pods.

Pods come and go, and their IP addresses change constantly. Services create a stable abstraction layer that routes traffic to healthy pods regardless of their current IP addresses. This is where the integration between Docker and Kubernetes really shines - your containers can focus on their application logic while Kubernetes handles the networking complexity.

apiVersion: v1
kind: Service
metadata:
  name: my-app-service
spec:
  selector:
    app: my-app
  ports:
  - port: 80
    targetPort: 3000
    protocol: TCP
  type: ClusterIP

This service creates a stable endpoint that routes traffic to any pod with the label app: my-app. Other applications in your cluster can reach your service using the DNS name my-app-service, regardless of how many pods are running or where they’re located.

ConfigMaps and Secrets: Externalizing Configuration

One of the principles I follow religiously is keeping configuration separate from code. Docker images should be immutable and environment-agnostic, with all configuration provided at runtime. Kubernetes makes this easy with ConfigMaps for non-sensitive data and Secrets for sensitive information.

Here’s how I typically structure configuration for a containerized application:

apiVersion: v1
kind: ConfigMap
metadata:
  name: my-app-config
data:
  database_host: "postgres.default.svc.cluster.local"
  log_level: "info"
  feature_flags: |
    {
      "new_ui": true,
      "beta_features": false
    }
---
apiVersion: v1
kind: Secret
metadata:
  name: my-app-secrets
type: Opaque
data:
  database_password: cGFzc3dvcmQxMjM=  # base64 encoded
  api_key: YWJjZGVmZ2hpams=

Your deployment can then consume this configuration as environment variables or mounted files:

spec:
  containers:
  - name: my-app
    image: my-registry/my-app:v1.0
    env:
    - name: DATABASE_HOST
      valueFrom:
        configMapKeyRef:
          name: my-app-config
          key: database_host
    - name: DATABASE_PASSWORD
      valueFrom:
        secretKeyRef:
          name: my-app-secrets
          key: database_password

This approach keeps your Docker images generic and reusable across different environments while maintaining security for sensitive data.

Health Checks and Probes

Kubernetes provides sophisticated health checking mechanisms that go far beyond Docker’s basic health checks. Understanding the difference between liveness and readiness probes is crucial for building reliable applications.

Liveness probes determine if a container is running correctly. If a liveness probe fails, Kubernetes restarts the container. Readiness probes determine if a container is ready to receive traffic. If a readiness probe fails, Kubernetes removes the pod from service endpoints but doesn’t restart it.

I design my applications with distinct endpoints for these different types of health checks:

// Liveness probe - basic health check
app.get('/health', (req, res) => {
  res.json({ status: 'alive', timestamp: new Date().toISOString() });
});

// Readiness probe - comprehensive readiness check
app.get('/ready', async (req, res) => {
  try {
    await db.query('SELECT 1');
    await redis.ping();
    res.json({ status: 'ready' });
  } catch (error) {
    res.status(503).json({ status: 'not ready', error: error.message });
  }
});

The readiness probe ensures that pods only receive traffic when they can actually handle requests, while the liveness probe catches situations where the application process is running but not functioning correctly.

Resource Management

Kubernetes resource management is where proper Docker image design really pays off. When you specify resource requests and limits, you’re telling Kubernetes how much CPU and memory your containers need to function properly.

Resource requests are used for scheduling - Kubernetes ensures that nodes have enough available resources before placing pods. Resource limits prevent containers from consuming more resources than allocated, protecting other workloads on the same node.

resources:
  requests:
    memory: "128Mi"
    cpu: "100m"
  limits:
    memory: "256Mi"
    cpu: "200m"

I’ve learned to be conservative with requests (what you actually need) and generous with limits (what you might need under load). This approach ensures reliable scheduling while allowing for traffic spikes.

Namespaces: Organizing Your Cluster

Namespaces provide a way to organize resources within a Kubernetes cluster. They’re particularly useful for separating different environments, teams, or applications. I typically use namespaces to isolate development, staging, and production environments within the same cluster.

apiVersion: v1
kind: Namespace
metadata:
  name: my-app-production
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
  namespace: my-app-production
spec:
  # deployment specification

Namespaces also provide a scope for resource quotas and network policies, allowing you to implement governance and security boundaries within your cluster.

Labels and Selectors

Labels are key-value pairs that you attach to Kubernetes objects, and selectors are used to identify groups of objects based on their labels. This system is fundamental to how Kubernetes manages relationships between different resources.

I use a consistent labeling strategy across all my applications:

metadata:
  labels:
    app: my-app
    version: v1.0
    environment: production
    component: backend

Services use selectors to identify which pods should receive traffic, deployments use selectors to manage pods, and monitoring systems use labels to organize metrics and alerts.

Persistent Storage Integration

While containers are ephemeral by design, many applications need persistent storage. Kubernetes provides several mechanisms for integrating storage with your containerized applications, from simple volume mounts to sophisticated persistent volume claims.

For applications that need persistent data, I typically use PersistentVolumeClaims:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: my-app-data
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi

This claim can then be mounted into your pods, providing persistent storage that survives pod restarts and rescheduling.

Understanding the Control Plane

The Kubernetes control plane is what makes all this orchestration possible. It consists of several components that work together to maintain your desired state: the API server, etcd, the scheduler, and various controllers.

As a developer, you primarily interact with the API server through kubectl or client libraries. When you apply a deployment manifest, the API server stores it in etcd, the scheduler decides where to place pods, and controllers ensure that the actual state matches your desired state.

Understanding this architecture helps you troubleshoot issues and design applications that work well with Kubernetes’ reconciliation model.

Integration Patterns

The most successful Docker-Kubernetes integrations follow certain patterns that I’ve observed across many projects. Applications are designed as stateless services that can be easily scaled horizontally. Configuration is externalized through ConfigMaps and Secrets. Health checks are comprehensive and meaningful. Resource requirements are well-defined and tested.

These patterns aren’t just best practices - they’re essential for taking advantage of Kubernetes’ capabilities. When you design your Docker images and applications with these patterns in mind, Kubernetes becomes a powerful platform for building resilient, scalable systems.

Moving Forward

The concepts I’ve covered in this part form the foundation of effective Kubernetes usage. Pods, deployments, services, and the other primitives work together to create a platform that can manage complex distributed applications with minimal operational overhead.

In the next part, we’ll explore how to implement these concepts in practice, building complete applications that demonstrate effective Docker-Kubernetes integration. We’ll look at real-world examples that show how these fundamental concepts come together to solve actual business problems.

Continue Your Learning

This is part 3 of 12 in the comprehensive guide.

← Previous Advanced Docker Features for Kubernetes Guide Overview See all 12 parts Next → Practical Implementation Strategies