This is a collection of resources and posts about containers.

Linux namespaces

The series Namespaces in operation on LWN covers the underlying technology of containers: Linux namespaces. Some code examples are outdated because of new Linux kernel releases and the author provides updates in the comments. If the programs in the article do not work, do refer to the comments to see what should be modified.

The author also has a two-videos series about namespaces:

• Containers unplugged: Linux namespaces
• Containers unplugged: understanding user namespaces

Container networking

This is a series of blog posts explaining how container networking behaves. If you are not familiar with Linux networking, check out Linux Networking Fundamentals first.

• Network Namespaces and Docker
• Kubernetes Pods Networking
• Kubernetes Services Networking (todo)
• Kubernetes DNS (todo)

Resources

Services networking

Kubernetes Services and Iptables

DNS

Understanding CoreDNS in Kubernetes

The containers ecosystem

The Udemy course Dockerless: Deep Dive Into What Containers Really are About (How to get Udemy courses for free) explains the containers ecosystem in great detail, including:

• Low level container standard (OCI) and tools (like runc)
• Tools other than Docker to work with containers (like buildah and podman)

Rootless containers

Docker by default requires root privilege, this is not desirable from the security perspective. In contrast, Podman runs containers rootlessly using user namespaces. The article series written by Daniel J Walsh explains how rootless containers are implemented:

• Podman and user namespaces: A marriage made in heaven
• How does rootless Podman work?
• How rootless Buildah works: Building containers in unprivileged environments
• The shortcomings of rootless containers