Skip to content
Deadline to Die

Module 1: Containerization & Pods

🏗️ 1. The Manual Task: Isolating a Process

Before orchestration, “containerization” is just the manual use of Linux kernel primitives.

Isolation Mechanisms:

  • chroot: Jails a process to a specific directory.
  • Namespaces: Hide system resources (PIDs, Networks, Mounts) from other processes.
  • cgroups: Cap the CPU/Memory usage.

Manual Simulation:

# Creating a new PID and Mount namespace manually
sudo unshare --pid --mount-proc --fork chroot /rootfs /bin/bash

📦 2. The Kubernetes Abstraction: Pods

A Pod is the smallest unit in Kubernetes. It’s a “wrapper” that automates the setup of these Linux primitives.

  • Shared Network: All containers in a Pod share the same localhost.
  • Shared Storage: Pod-scoped volumes can be mounted into multiple containers.
  • Resource Constraints: Kubernetes handles the cgroups setup via resources.limits.