Docker Mental Model: Namespaces vs Cgroups

𝐃𝐚𝐲 𝟑𝟒= 𝐋𝐢𝐧𝐮𝐱 𝐒𝐞𝐫𝐢𝐞𝐬 = 𝐒𝐭𝐨𝐩 𝐰𝐨𝐫𝐤𝐢𝐧𝐠 𝐢𝐧 𝐚 𝐜𝐥𝐮𝐭𝐭𝐞𝐫𝐞𝐝 𝐭𝐞𝐫𝐦𝐢𝐧𝐚𝐥!  The simplest fix? The clear command. Link to original video: https://lnkd.in/gQj5xgJK Does your terminal look like a chaotic mess of old commands and directory lists? When you're deep into a #DevOps workflow or debugging code, a messy screen isn't just annoying—it’s a distraction. It's easy to lose track of which path you're in or what the last output was Just type clear and hit enter. Simple, effective, and essential for every Linux user. What’s your most-used Linux shortcut? Let’s hear it in the comments! 👇 #Linux #DevOps #CodingTips #SoftwareEngineering #TechHacks #Terminal #CloudComputing

Day 30 – Docker Images & Container Lifecycle Today was all about going deeper into how Docker actually works under the hood. I explored: 🔹 The relationship between Docker Images & Containers 🔹 How image layers work and why caching makes builds faster 🔹 The complete container lifecycle (create → start → pause → stop → remove) 🔹 Running, inspecting, and debugging live containers 🔹 Cleaning up unused containers and images to manage system 💡 Key learning: Docker images are built in layers — and those layers are reused. That’s why builds are faster and storage is optimized. #90DaysOfDevOps #DevOpsKaJosh #TrainWithShubham #Docker #DevOps #CloudComputing #Containers #LearningInPublic #TechJourney #BuildInPublic #Linux #SoftwareEngineering #CI_CD

AI Code Gets Approved in the Linux Kernel… But With Strings Attached: The kernel's stance on AI-assisted patches is now official. Read more: https://lnkd.in/g4wWHGxE 🎪 Step right up to the DevOps community! Join us for an amazing journey of learning and growth.

🚨 My server log grew to 60GB and I had no idea why. Turns out my logrotate config was silently doing nothing. The fix was simple: ✅ Added `daily` rotation ✅ Set `maxsize 300M` as a safety net ✅ Switched to `copytruncate` for Docker compatibility The key lesson: if your app runs in Docker, use `copytruncate` — the container holds the log file open, so the normal `create` method won't work without extra signaling. Small config, big impact. Always verify your log rotation is actually rotating. 🔄 #DevOps #Linux #Docker #SysAdmin #LessonsLearned

Week 1 of the 30-Day DevOps Challenge done ✅ Linux and Networking this week. Turns out the basics are not always basic. Day 1: CPU at 100%, top shows nothing top cannot see kernel threads. perf top can. Day 2: set -e did not catch a failure It has edge cases. set -euo pipefail works better. Day 3: ulimit shows 65536 but app crashes The real limit is in /proc/PID/limits Day 4: Service shows active then dies silently journalctl -u service tells you exactly what happened. Day 5: SSH locked down but still open PermitRootLogin prohibit-password still allows key-based root login. Day 6: iptables rules set, traffic still flows Ubuntu 24.04 and above runs nftables underneath. Nobody teaches you this stuff. Production does. Hope this saves someone a late night. 👇 Week 2 starts Monday 7 AM GMT+6 (CI/CD and Automation) #Linux #SRE #DevOps #30DaysOfDevOps

I'd been lying to myself about containers for years. I could docker run anything. Write a Dockerfile in my sleep. I could not have told you, with a straight face, what actually happens between docker run alpine and a process existing on my machine. A fly.io take-home ~6 months back forced me to find out. Wrote it up, sat on the draft, forgot to share. Publishing now because the learning was too good to leave rotting in ~/drafts. I built it from scratch. Pull image from S3. Unpack into a devicemapper thinpool. Snapshot the thin volume to "activate" it. Track the whole thing in SQLite. Drive it with the same FSM library that powers flyd. Three things broke my mental model: 1. A container image is a tar of tars plus a JSON map. That's it. No runtime, no kernel feature embedded. The image is inert until something else unpacks and runs it. 2. "Activating" an image is two dmsetup calls. Zero bytes copied. A snapshot of a thin volume shares every block with the parent until somebody writes. That's how one host runs thousands of VMs without burning through its NVMe in a week. 3. The FSM isn't ceremony. My first version used goroutines and a retry loop — clean, fast, dead on reboot. Fleet-scale orchestration isn't the goroutine. It's the durable record of states the goroutine left behind. Goroutines die. SQLite rows don't. The primitives have shipped in mainline Linux since 2011. The discipline is choosing them deliberately and refusing to add anything else. Full write-up, including a hands-on walkthrough of pulling ubuntu:24.04 into a thinpool with dmsetup + losetup + skopeo — every output from a live SSH session: https://lnkd.in/g_kAC_vM What's the abstraction you assumed was magic until you had to build it? #containers #linux #devops #infrastructure #golang

Once upon a time, someone said, “But it works on my machine”, until they watched the same code fail miserably in production. In the carousel, I've explained in a simplified way the notion of Containerization, and how we transitioned from legacy environments to the modern, portable systems we actually use today. #containers #devops #linux #containerization #docker

Linux Command : grep grep is a powerful Linux command used to search for specific text or patterns inside files. 👉 Example: If your application is throwing errors and you have a large log file, instead of checking manually, you can run: grep "ERROR" application.log 👉 This will instantly show only the lines containing errors, making troubleshooting faster ⚡ 👉 Pro Tip: Use -i to ignore case sensitivity. grep -i "error" application.log This ensures you don’t miss logs like Error, ERROR, or error. 🚀 In DevOps, quickly finding issues in logs is crucial, and grep makes it super efficient. #DevOps #Tech #Linux

Most engineers use Docker every day. Very few know what actually happens at the Linux kernel level when a container starts. Here’s the truth: 👉 chroot is NOT how containers work. It never was. Real container isolation relies on pivot_root, a kernel primitive that completely replaces the root filesystem, making escape significantly harder. This is what powers modern runtimes like Docker and containerd. In this video (Kernel Primitives Ep 05), I build a real container from scratch, no Docker, no libraries, using unshare and pivot_root to show you exactly: → Why chroot breaks under a real attack scenario → How pivot_root solves what chroot cannot → What PID 1 inside a container actually looks like at the kernel level If you're running workloads on Kubernetes or Docker in production, this is the kind of knowledge that separates: Engineers who use containers vs Engineers who truly understand them 🎥 Full video: https://lnkd.in/gArnmHFv Would love to hear: did you already know this difference between chroot and pivot_root? Drop a comment 👇 #DevOps #Docker #Kubernetes #Linux #CloudEngineering #Containers #SRE #PlatformEngineering

Arch Linux now has a bit-for-bit reproducible Docker image under the repro tag. Reproducible base images are essential for the supply chain. Other distros are pretty opaque on this. Worth watching as a model. https://lnkd.in/gp2QbCc5