beginner
Container Internals Intensive
You will strace container starts, inspect overlay filesystems, and benchmark startup times after slimming images. Capabilities and seccomp introductions keep security in frame.
Logistics
3 weeks · 5h/week · Cohort · ¥58,000 JPY (informational)
Included focus areas
- Namespace isolation demos with failure cases
- cgroups v2 limits with measurable impact
- Image layer caching experiments
- Capability dropping exercises
- seccomp profiles at starter level
- Rootless container notes
- Debugging stuck containers checklist
Outcomes
- Explain a production incident using kernel-level vocabulary correctly.
- Produce a slim Dockerfile diff with size numbers.
- Document one seccomp decision for your team wiki.
Responsible instructor
Leo Hartmann
CI consultant for startups migrating from Jenkins.
FAQ
Kernel knowledge?
We start from mid-level Linux comfort; appendices cover gaps.
Windows containers?
Not covered.
Hardware?
Nested virtualization can be slow; cloud VM recommended.
Experience notes
“cgroups lab finally explained why our JVM pods bounced — not magic, just limits.”