linuxlab.io
Tutorials▾
  • Linux & networking
    File system, processes, TCP/IP, BGP and OSPF
    →
  • Terraform & IaC
    HCL, state, plan/apply on a LocalStack sandbox
    →
  • Git & GitHub
    Object model, plumbing, branching, GitHub Actions
    →
All tutorials →
PricingAboutSign inCreate account
/
  • Introduction
  • Lessons
  • How it works
  • Simulator
  • Knowledge base
  • Interview prep
Index
Categories
All entries
Footer
linuxlab-TutorialsPricingAboutPrivacy & cookies
Copyright © 2026 LinuxLab. All rights reserved.
home/linux/kb/Containers (bonus)

kb/containersбонус

Bonus: Linux containers, OCI, runc, Docker, Kubernetes

Бонус-раздел. Эти статьи это расширение кругозора, не часть основного курса по Linux. Полезны если планируешь идти в DevOps/SRE или просто хочешь понять, как контейнерные платформы используют примитивы ядра.

Linux containers from the kernel up, a bonus section to broaden your view rather than part of the main course. How a container is built in the Linux kernel: namespaces plus cgroups, the OCI spec as a contract, runc as the reference runtime, Docker storage drivers, the lifecycle of a Kubernetes pod. From the kernel to orchestration with no magic.

5 статей в категории

§ статьи

  • docker-storage-driversDocker storage drivers: overlay2, btrfs, zfsA storage driver is how Docker keeps image layers and container changes on disk. overlay2 is the default (overlayfs over ext4/xfs), btrfs and zfs work through subvolumes and snapshots, fuse-overlayfs is for rootless.
  • kubelet-internalskubelet: the Kubernetes node agent architecturekubelet is a daemon on every node. It receives the PodSpec through the API, starts containers through CRI, mounts volumes through CSI, and watches health. Under pressure it does eviction. Image GC and the cgroup tree are also its job.
  • kubernetes-pod-lifecycleKubernetes pod lifecycle: from Pending to TerminatedA pod moves through phases Pending, Running, Succeeded/Failed/Unknown. Init containers run sequentially before the main ones. Probes: startup, then readiness/liveness. SIGTERM plus a grace period on delete.
  • oci-specOCI spec: the container standardOCI is three specs: Image (layers + manifest), Runtime (config.json + rootfs for runc), Distribution (registry API). The standard that followed Docker; runc, podman, containerd, CRI-O are all OCI-compatible.
  • runc-and-runscrunc, runsc, kata: container runtimesrunc is the standard OCI runtime: namespaces+cgroups+seccomp. runsc/gVisor is a userspace kernel for extra isolation. kata is a lightweight VM per container. Performance and isolation trade off against each other.

← вернуться ко всем категориям базы знаний

Footer
linuxlab-
Copyright © 2026 LinuxLab. All rights reserved.
Tutorials
Pricing
About
Privacy & cookies