Containerd From The Bottom Up

A book in progress

Containerd From The Bottom Up.

A reader-grade tour of containerd, runc, namespaces, cgroups, and the Linux primitives behind every running container — built from kernel up, not Kubernetes down.

Start with Chapter 1 Download PDF

Six parts, twenty chapters

What's inside

  1. I

    Orientation

    The container stack map, what a container actually is, and the OCI / runtime-v2 contracts.

  2. II

    Linux Primitives

    Namespaces, cgroups v2, container filesystems, and the security controls that make a container a container.

  3. III

    OCI And runc

    The bundle, config.json, and what runc actually does between create and start.

  4. IV

    containerd

    The daemon's architecture, content and snapshots, the task / shim split, and the CRI surface Kubernetes talks to.

  5. V

    Networking

    Network namespaces, veth pairs, the CNI plugin contract, and how a Kubernetes pod ends up on the wire.

  6. VI

    Experiments

    Hands-on labs that build containers from primitives, then take them apart again — safely, on a disposable VM.

Who it is for

Engineers who want the full mental model.

If you have shipped containers but never traced what happens between kubectl apply and the kernel scheduling your process, this book is for you. Every chapter names the binary, the syscall, and the file on disk — no hand-waving, no "it's basically a chroot."