Docker & Containers - Kernel Internals

Learn about the Kernel internals like namespaces, cgroups, Unified File System (ufs), and Linux capabilities, which together give us the modern containers.

In the previous videos, we talked about the evolution of Virtualization. We also looked into the problems with the VM model.

Now that we have a basic understanding of why we need containers, let’s dive deeper.

Notes from the video

• namespaces

  • create isolated and independent instances of user space
  • 1 isolated instances = 1 containers
  • common namespaces:
    • process id (pid)
    • network (net)
    • filesystem/mount (mnt)
    • inter-proc comm (ipc)
    • uts
    • user

• control groups (cgroups)

  • group resources
  • apply limits
  • 1 container = 1 cgroup

• unified file system (ufs)

  • r/o file system or block devices layered on top of one another
  • a single r/w top layer

• capabilities

  • fine grain control over privileges a user or process gets
  • --privileged = true
  • Docker uses a white list

Please share your questions and valuable feedback through comments.

Thanks.