In a recent technical interview, I faced a series of challenges to be completed within a strict 24-hour timeframe. One such task was to containerize a Node.js application, and I’d like to share my approach and reasoning with you. Note I will be using the terms “containerize” and “dockerize” interchangeably, as well as referring to “Dockerfile” and “Containerfile” interchangeably. Hello World The code was initially very simple and you can check it here. Read more

Learning bits from Linux Containers the Hard Way workshop. Linux namespaces are spawned by using either the clone or unshare system calls. unshare command is a Bash wrapper to the unshare system call. $ unshare --help Usage: unshare [options] [<program> [<argument>...]] Run a program with some namespaces unshared from the parent. Options: -m, --mount[=<file>] unshare mounts namespace -u, --uts[=<file>] unshare UTS namespace (hostname etc) -i, --ipc[=<file>] unshare System V IPC namespace -n, --net[=<file>] unshare network namespace -p, --pid[=<file>] unshare pid namespace -U, --user[=<file>] unshare user namespace -C, --cgroup[=<file>] unshare cgroup namespace -T, --time[=<file>] unshare time namespace -f, --fork fork before launching <program> --map-user=<uid>|<name> map current user to uid (implies --user) --map-group=<gid>|<name> map current group to gid (implies --user) -r, --map-root-user map current user to root (implies --user) -c, --map-current-user map current user to itself (implies --user) --map-auto map users and groups automatically (implies --user) --map-users=<outeruid>,<inneruid>,<count> map count users from outeruid to inneruid (implies --user) --map-groups=<outergid>,<innergid>,<count> map count groups from outergid to innergid (implies --user) --kill-child[=<signame>] when dying, kill the forked child (implies --fork) defaults to SIGKILL --mount-proc[=<dir>] mount proc filesystem first (implies --mount) --propagation slave|shared|private|unchanged modify mount propagation in mount namespace --setgroups allow|deny control the setgroups syscall in user namespaces --keep-caps retain capabilities granted in user namespaces -R, --root=<dir> run the command with root directory set to <dir> -w, --wd=<dir> change working directory to <dir> -S, --setuid <uid> set uid in entered namespace -G, --setgid <gid> set gid in entered namespace --monotonic <offset> set clock monotonic offset (seconds) in time namespaces --boottime <offset> set clock boottime offset (seconds) in time namespaces -h, --help display this help -V, --version display version For more details see unshare(1). Read more