Here's a preview from my zine, How Containers Work!! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!
get the zine!
read the transcript!
panel 1
Illustration of a smiling stick figure with curly hair.
person: here are the 6 most important things you can configure when starting a container!
map a port to the host
Illustration of two boxes drawn with dotted lines. One is labelled “host”, the other is labelled “container”. The “host” box says “port 1234”, and the “container box” is labelled “port 8080”. There is a double-ended arrow pointing back and forth between the two ports.
mount directories from the host
Illustration of two boxes drawn with dotted lines. One is labelled “host”, the other is labelled “container”. The “host” box says “~/code/blah”, and the “container box” says “/src”. There is a double-ended arrow pointing back and forth between the two boxes.
set capabilities
add seccomp-bpf filters
set memory and CPU limits
person: only 200 MB RAM for you
use the host network namespace
Usually the default is to use a new network namespace!