Now that we have a basic understanding of why we need containers, let’s dive deeper.
In this video, we talk about the Kernel internals like
cgroups, Unified File System (
ufs), and Linux capabilities.
These lower level constructs come together and give us modern containers.
Notes from the video⌗
- create isolated and independent instances of user space
- 1 isolated instances = 1 containers
- common namespaces:
- process id (pid)
- network (net)
- filesystem/mount (mnt)
- inter-proc comm (ipc)
control groups (cgroups)
- group resources
- apply limits
- 1 container = 1 cgroup
unified file system (ufs)
- r/o file system or block devices layered on top of one another
- a single r/w top layer
- fine grain control over privileges a user or process gets
--privileged = true
- Docker uses a white list
Please share your questions and valuable feedback through comments.