Containers Under the Hood

11h 25m 14s
English
Paid
November 1, 2023

Take your knowledge in Containers and Linux to the next level. You don't need to be a Containers or Linux pro. We will start from the basics. How does this course differ from other courses on the same topic? It will be a perfect complement to the other courses on this topic. The course will take a bottom-up approach, with a strong focus on the core mechanisms that make containers possible - Namespaces, Overlay Filesystems and Cgroups.

More

Have you ever wondered how Containers work?  No, I don't mean just creating a Dockerfile or a Yaml file. Have you ever asked yourself (or others) what are the key mechanisms that enable us to isolate an application or to control how much CPU or Memory it gets? 

How is it possible for an application to run on the same physical machine as other applications, yet not know about them? How do technologies like Docker make it happen? For many  of us, Containers and Kubernetes Pods are just a black box. But they don't have to be. In this course, you will learn the foundational mechanisms that make Containers possible.  We will take an in-depth look at Namespaces, Cgroups and Overlay FS, and understand how they combine to give us Containers.

Hands-on Course : The concepts will be demonstrated with detailed hands-on examples throughout the course. You will have access to a Ubuntu Virtual Machine that I have used for the demos. The course will include a good mix of theory and demos to illustrate the concepts.

Here is what you will learn in this course:

Namespaces: We will start with how Namespaces enable isolation, the key mechanism in containerization.  We will take a detailed look at different kinds of Namespaces - PID, MNT, IPC, USER and UTS ,  with hands-on examples to demonstrate each of these Namespaces.

Overlay Filesystems: Next, we will look at what Overlay Filesystems are, and understand the key role they play in the world of containers.  Again, we will see working examples of how to create an Overlay Filesystem and how they enable sharing modules across multiple containers.

Cgroups:  We will also take an in-depth look at what Cgroups are, how they enable us to control the amount of resources available to an application. We will create our own Cgroups for controlling the amount of Memory and CPU available to an example application.

Related System Concepts: You will also learn related system concepts such as the Proc filesystem and Mount Points, which will come in handy while understanding the PID and MNT Namespaces.

For the demos, we will use very simple, easy-to-understand examples instead of complex applications. The focus will be on driving home the key concepts in this course.

Docker: Once we have a solid understanding of Namespaces, Overlay Filesystems and Cgroups, we will jump into Docker. We will understand what Docker Images are and how to create one. Then, we will dive deep into how image layering works in Docker, and tie this back to the Overlay Filesystem. There will be detailed working examples to demonstrate how image layering works in Docker and we will peel these images layer-by-layer. Finally, using concrete working examples, we will  demonstrate how Cgroups work behind the scenes when we control the amount of CPU or Memory available to a Docker container.

Kubernetes: We will look at the idea of a Pod, why it exists and also create a Pod by just using Namespaces. Then, we will create Kubernetes Pods, and understand other resources such as Replica Sets and Deployments. We will understand what the key components of a Kubernetes Control Plane are and how they come together in helping us orchestrate Pods. Finally, we will demonstrate how Cgroups are again the key mechanism that enable us to control resources available to a Pod, such as CPU and Memory.

This course will keep evolving as I will continue to add more advanced topics and also clarifying videos to existing topics.

Why this Course?

Because basics do not change. Once you have a firm grasp of these foundational concepts, you will be well positioned to learn any container technology of choice with ease and a lot more clarity. In addition, these ideas are used in other areas - for example Cgroups are also used in Virtual Machines.  The knowledge you gain from this course will broaden your skill-set. With a solid understanding of how things work under the hood, you will see Containers in new light.

What you need to bring to the table?

Curiosity and Patience. Curiosity to understand how containers work under the hood. I intentionally go slow, specifically in the beginning of the course, setting the stage for the problem that Namespaces solve. You must be patient and understand the problem first, so that you can really appreciate why Namespaces exist and how they work. Once you understand the problem and the story setup that we will use for the most part of the course, you will start to truly appreciate the core concepts.

Pre-requisite background: If you have done some level of programming and can use basic command-line Linux, you are good to go. You are not expected to have any kind of background in container technologies such as Docker or Kubernetes. I will walk you through any related areas such as the Proc filesystem and Mount Points. Also, you do not have to have an in-depth knowledge of Linux. I will provide the required background wherever necessary. It would be beneficial if you can download and use the VM that comes for free with this course.

How should you approach this course?

First, DO NOT try to cram this into a few weeks - more so, if you have not dealt with these topics before. Because we go deep in to these topics, it is important that you pace yourself. Next, carve out time for the individual sections. There are some areas within each of these sections that demand more time. For example, Mount Namespaces is quite detailed and same goes for Image Layering. Take a break on a regular basis, revisit the ideas and let them sink in. Once it clicks, you will find it incredibly rewarding. It is also important that you get your hands dirty with the examples in the demos, and once you get the idea, try out your own examples.

Watch Online Containers Under the Hood

Join premium to watch
Go to premium
# Title Duration
1 Introduction 07:47
2 Our Journey 04:37
3 What is Containerization? 02:17
4 Namespaces enable Isolation 01:28
5 Why do we need Namespaces ? Understanding the Problem 07:01
6 Namespaces - Understanding the Solution 07:16
7 Namespaces Demo - The Setup 01:16
8 Demo: Namespaces in Action 13:22
9 Demo: PID Namespaces 22:28
10 Assignment - Separate Namespace for Claude 01:20
11 Solution - Separate Namespace for Claude 04:15
12 Enter the Namespace 06:56
13 Mount and UTS Namespaces - The Idea 14:13
14 Mounting and Mount Points 09:09
15 Demo - Mounting, Mount Points and Mount Namespaces 33:43
16 The function of the --mount-proc Flag - A Visual 03:40
17 Demo - Understanding the --mount-proc flag in Depth 12:10
18 PID and MNT Namespaces - Recap 03:30
19 Demo: UTS and IPC Namespaces 10:53
20 The Alpine Root Filesystem 05:20
21 Summarizing Namespaces 08:10
22 Summary Demo - Namespaces Command and Options 08:30
23 Overlay Filesystems: Introduction 08:48
24 Demo - How Overlay Filesystems work 10:54
25 Overlay Filesystems - Multiple Directories in Lower Layer 02:21
26 Demo - Overlay FS with Multiple Directories in Lower Layer 04:25
27 Why do we need Overlay Filesystems? 08:30
28 Demo Example - Why Overlay FS? 02:01
29 Demo - How Overlay FS helps with Containers 16:56
30 Summary: Overlay FS and Namespaces 08:12
31 Cgroups - An Introduction 11:07
32 Demo - Controlling Memory with Cgroups 12:46
33 Demo - Controlling Memory Available to a Container 12:13
34 Demo - Controlling CPU 11:54
35 Demo - Controlling CPU with cpu.shares 19:35
36 A Note about the Examples Used for CPU Cgroups 01:46
37 Demo - Controlling CPU available to a Container 09:07
38 Using cpu.shares with Containers - Example Scenarios for the Demo 02:22
39 Demo: Controlling CPU available to a Container using cpu.shares 18:08
40 Summary - Namespaces, Overlay FS and Cgroups 05:04
41 Why do we need Containers? 08:37
42 Demo - Docker Introduction 24:02
43 Container for our 'Fitness Fans' Group 09:33
44 Dissecting Container Images - How it Relates to Overlay FS 06:41
45 Demo - Dissecting Container Images 17:08
46 Image Layering In Depth 21:28
47 Demo - Image Layering 19:28
48 Demo - More on Image Layering 14:41
49 Demo - Resource Allocation in Docker 25:10
50 Demo - Controlling CPU resource Using cpu.shares 13:23
51 Summary 03:01
52 Demo - Recap of Docker Commands 10:31
53 The Idea of a Pod 08:17
54 Why do we need Kubernetes? 05:19
55 Demo - Creating a Pod with just Namespaces - Part 1 11:53
56 Demo - Creating a Pod with just Namespaces - Part 2 13:03
57 Kubelet, Pod and the Container Runtime 19:18
58 ReplicaSets - What and Why? 08:24
59 Demo - Replica Sets 11:20
60 Deployments - What and Why? 05:43
61 Demo - Deployments 09:18
62 Kubernetes Control Plane 11:36
63 Demo - Controlling Memory - Cgroups behind the scenes 10:11
64 Demo - Controlling CPU - Cgroups behind the scenes 09:42
65 Recap and What's to Come 07:19
66 User Namespaces - Introduction 16:53
67 More User Namespaces 07:45

Similar courses to Containers Under the Hood

React: Intermediate Topics

React: Intermediate Topicscodewithmosh (Mosh Hamedani)

Duration 6 hours 5 minutes 3 seconds
Docker & Kubernetes: The Practical Guide

Docker & Kubernetes: The Practical GuideudemyAcademind Pro

Duration 23 hours 10 minutes 27 seconds
Docker for Node.js Projects From a Docker Captain

Docker for Node.js Projects From a Docker Captainudemy

Duration 8 hours 14 minutes 12 seconds
The Ultimate Docker Course

The Ultimate Docker Coursecodewithmosh (Mosh Hamedani)

Duration 4 hours 25 minutes 17 seconds