Containers Under the Hood

Have you ever wondered how Containers work?  No, I don't mean just creating a Dockerfile or a Yaml file. Have you ever asked yourself (or others) what are the key mechanisms that enable us to isolate an application or to control how much CPU or Memory it gets? 

How is it possible for an application to run on the same physical machine as other applications, yet not know about them? How do technologies like Docker make it happen? For many  of us, Containers and Kubernetes Pods are just a black box. But they don't have to be. In this course, you will learn the foundational mechanisms that make Containers possible.  We will take an in-depth look at Namespaces, Cgroups and Overlay FS, and understand how they combine to give us Containers.

Hands-on Course : The concepts will be demonstrated with detailed hands-on examples throughout the course. You will have access to a Ubuntu Virtual Machine that I have used for the demos. The course will include a good mix of theory and demos to illustrate the concepts.

Here is what you will learn in this course:

Namespaces: We will start with how Namespaces enable isolation, the key mechanism in containerization.  We will take a detailed look at different kinds of Namespaces - PID, MNT, IPC, USER and UTS ,  with hands-on examples to demonstrate each of these Namespaces.

Overlay Filesystems: Next, we will look at what Overlay Filesystems are, and understand the key role they play in the world of containers.  Again, we will see working examples of how to create an Overlay Filesystem and how they enable sharing modules across multiple containers.

Cgroups:  We will also take an in-depth look at what Cgroups are, how they enable us to control the amount of resources available to an application. We will create our own Cgroups for controlling the amount of Memory and CPU available to an example application.

Related System Concepts: You will also learn related system concepts such as the Proc filesystem and Mount Points, which will come in handy while understanding the PID and MNT Namespaces.

For the demos, we will use very simple, easy-to-understand examples instead of complex applications. The focus will be on driving home the key concepts in this course.

Docker: Once we have a solid understanding of Namespaces, Overlay Filesystems and Cgroups, we will jump into Docker. We will understand what Docker Images are and how to create one. Then, we will dive deep into how image layering works in Docker, and tie this back to the Overlay Filesystem. There will be detailed working examples to demonstrate how image layering works in Docker and we will peel these images layer-by-layer. Finally, using concrete working examples, we will  demonstrate how Cgroups work behind the scenes when we control the amount of CPU or Memory available to a Docker container.

Kubernetes: We will look at the idea of a Pod, why it exists and also create a Pod by just using Namespaces. Then, we will create Kubernetes Pods, and understand other resources such as Replica Sets and Deployments. We will understand what the key components of a Kubernetes Control Plane are and how they come together in helping us orchestrate Pods. Finally, we will demonstrate how Cgroups are again the key mechanism that enable us to control resources available to a Pod, such as CPU and Memory.

This course will keep evolving as I will continue to add more advanced topics and also clarifying videos to existing topics.

Why this Course?

Because basics do not change. Once you have a firm grasp of these foundational concepts, you will be well positioned to learn any container technology of choice with ease and a lot more clarity. In addition, these ideas are used in other areas - for example Cgroups are also used in Virtual Machines.  The knowledge you gain from this course will broaden your skill-set. With a solid understanding of how things work under the hood, you will see Containers in new light.

What you need to bring to the table?

Curiosity and Patience. Curiosity to understand how containers work under the hood. I intentionally go slow, specifically in the beginning of the course, setting the stage for the problem that Namespaces solve. You must be patient and understand the problem first, so that you can really appreciate why Namespaces exist and how they work. Once you understand the problem and the story setup that we will use for the most part of the course, you will start to truly appreciate the core concepts.

Pre-requisite background: If you have done some level of programming and can use basic command-line Linux, you are good to go. You are not expected to have any kind of background in container technologies such as Docker or Kubernetes. I will walk you through any related areas such as the Proc filesystem and Mount Points. Also, you do not have to have an in-depth knowledge of Linux. I will provide the required background wherever necessary. It would be beneficial if you can download and use the VM that comes for free with this course.

How should you approach this course?

First, DO NOT try to cram this into a few weeks - more so, if you have not dealt with these topics before. Because we go deep in to these topics, it is important that you pace yourself. Next, carve out time for the individual sections. There are some areas within each of these sections that demand more time. For example, Mount Namespaces is quite detailed and same goes for Image Layering. Take a break on a regular basis, revisit the ideas and let them sink in. Once it clicks, you will find it incredibly rewarding. It is also important that you get your hands dirty with the examples in the demos, and once you get the idea, try out your own examples.