Containers Aren’t Magic: Building One From Scratch

Note: This is a paid event just to avoid last-minute drops and also to bring in only serious people together. I have put a very nominal and almost negligible amount for this event so that folks RSVP and don't show up at the event. There is a lot of effort being put in creating the content and also finding venues and a lot of things goes behind the scenes. That's the sole reason for trying to bring in only serious people for these events.

Note: The seating capacity is very limited for these events; that's the reason I have put 20 people so it will be on a first-come, first-served basis. Once we have the 20 seats availed, the RSVP will automatically close. If you are serious about attending this event, please ensure that you RSVP at the very earliest.

Note: I will be updating the location very soon. It will be in and around Hi-Tech City, Madhapur, Gachibowli and Kondapur.

We spend our days building golden paths, crafting elegant Helm charts and relying on sophisticated orchestrators like Kubernetes to manage our workloads. These abstractions are the bedrock of modern platform engineering. They make deployments fast, repeatable and scalable.

But what happens when the abstraction leaks? When a critical pod is mysteriously `OOMKilled` or a workload is aggressively CPU-throttled despite passing all CI/CD checks, the resilience of our entire platform is suddenly tested. To truly guarantee reliability and fix the hardest bugs, we have to look beneath the glass floor.

There is no magic in computer science. A container is not a lightweight virtual machine, it is just a normal Linux process that has been heavily restricted and lied to by the host operating system.

In this live, 100% terminal-based session (hopefully the demo gods are with us at that time), we are going to strip away Docker, containerd and every other high-level runtime. We will manually construct a fully functional container from absolute scratch using nothing but raw Linux kernel commands to see exactly how these platform abstractions physically manifest on the server.

### What We Will Cover in This Session:

• The Great Unshare (Namespaces): We will use the `unshare` command to detach a regular bash shell from the host system’s process tree, hostname and inter-process communication layers.
• Jailing the Filesystem (`pivot_root`): A container needs its own world. We will ditch the insecure `chroot` and manually execute a `pivot_root` swap to securely lock our process inside a downloaded Alpine Linux filesystem (trying to find if there's even better option, if you find one lemme know and i will replace it with that), unmounting the host entirely.
• Enforcing the Limits (`cgroups v2`): This is where platform resilience lives. We will manually create a control group and assign strict CPU and memory quotas to our isolated process. Time permitting, let's also explore the differences between `cgroups vs` vs `cgroups v2`
• Triggering a Bare-Metal Crash: To connect this back to Kubernetes, we will intentionally breach our manual `cgroup` memory limit by executing a memory leak inside our handcrafted container, watching the Linux kernel immediately step in to kill the process (reproducing a raw `OOMKilled` event).

### What You Will Gain:

• Deep Diagnostic Context: You will stop guessing why a Kubernetes pod is crashing or throttling and start understanding exactly how the underlying host kernel is reacting to the resource limits.
• X-Ray Vision for Abstractions: A crystal-clear mental model of how high-level YAML files translate directly into system-level files and rules on the worker node.
• Advanced Troubleshooting Confidence: The ability to debug complex multi-tenant constraints, networking isolation issues and platform resilience failures at the bare-metal level.
• A "No-Magic" Mindset: Stripping away the black-box mentality of container runtimes and realizing that under the hood, it's all just Linux.

### Who Should Attend:

• Platform Engineers & SREs: Looking to deepen their understanding of host-level resource constraints and build more resilient internal developer platforms.
• Kubernetes Administrators: Wanting to know exactly what the `kubelet` and container runtimes are doing behind the scenes.
• Curious Software Engineers: Anyone who uses Docker daily but wants to finally understand how the magic trick actually works.
• Tech Enthusiasts: If you enjoy watching a presenter attempt to type complex Linux kernel commands live without breaking their own machine, this is the session for you.

### Why This Matters Now:

As the cloud-native ecosystem grows more complex with tools, meshes and operators, the fundamentals remain unchanged. Drawing on close to 20 years of navigating IT infrastructure, it becomes clear that tools come and go, but system primitives endure. Whether you are managing a handful of nodes or operating a massive multi-tenant platform, possessing a rock-solid understanding of these low-level mechanics is the ultimate engineering superpower.