Containers/ Blueprint

Purpose

The containers/ domain organizes everything related to container engines, images, runtime behavior, orchestration, and ecosystem tooling.

It separates engine-specific docs (Docker, Podman) from cross-engine concepts like images, networks, volumes, and orchestration (Compose/Kubernetes).

This prevents duplication and keeps the collection evolving smoothly as new tools (Buildah, Skopeo, Finch, Rancher, etc.) join the ecosystem.

Folder layout (future-proof)

cheatsheets/
└─ containers/
β”œβ”€ _index.md                       # High-level overview (OCI standard, purpose, tools)
β”œβ”€ engines/
β”‚  β”œβ”€ docker.md                    # Install, daemon, BuildKit, Compose v2
β”‚  β”œβ”€ podman.md                    # Install, rootless, pods, Quadlet, docker.sock compat
β”‚  └─ notes.md                     # Common engine quirks or comparisons
β”œβ”€ images/
β”‚  β”œβ”€ building.md                  # Dockerfile / Containerfile, multi-arch, BuildKit vs Buildah
β”‚  β”œβ”€ scanning.md                  # Image scanning (trivy, grype)
β”‚  └─ caching.md                   # Layers, pruning, build cache
β”œβ”€ registries/
β”‚  β”œβ”€ auth.md                      # Login, creds store, auth.json, helper tools
β”‚  └─ push-pull.md                 # Tagging, pushing, pulling, skopeo copy
β”œβ”€ runtime/
β”‚  β”œβ”€ run-basics.md                # run/start/stop/logs/exec equivalents
β”‚  β”œβ”€ pods-vs-compose.md           # When to use Pods (Podman) vs Compose (Docker)
β”‚  └─ systemd-quadlet.md           # systemd integration for containers
β”œβ”€ networking/
β”‚  β”œβ”€ basics.md                    # bridge/host/macvlan modes, ports
β”‚  └─ dns.md                       # Container DNS, resolv.conf, hosts mapping
β”œβ”€ storage/
β”‚  β”œβ”€ volumes.md                   # Named/bind mounts, persistence, SELinux :Z flags
β”‚  └─ layers.md                    # OverlayFS, pruning, cleanup strategies
β”œβ”€ orchestration/
β”‚  β”œβ”€ compose.md                   # Compose schema, common stack patterns
β”‚  β”œβ”€ kubernetes.md                # Core K8s concepts, manifests, migration from Compose
β”‚  └─ quadlet.md                   # Podman Quadlet + systemd unit patterns
β”œβ”€ templates/
β”‚  β”œβ”€ compose/                     # Prebuilt service templates (MySQL, Redis, Nginx, etc.)
β”‚  β”œβ”€ quadlet/                     # Systemd unit templates for rootless containers
β”‚  └─ k8s/                         # Optional: minimal Deployment/Service manifests
β”œβ”€ security/
β”‚  β”œβ”€ rootless.md                  # User namespaces; Podman’s approach
β”‚  β”œβ”€ capabilities.md              # cap drop/add, seccomp, SELinux/AppArmor
β”‚  └─ supply-chain.md              # SBOMs, signatures, provenance
β”œβ”€ troubleshooting/
β”‚  β”œβ”€ inspect-and-logs.md          # inspect, logs, events, journald
β”‚  └─ cleanup.md                   # prune, orphan cleanup, storage reset
└─ _meta/
└─ blueprint.md                 # (this file)

````

---

## File naming & style rules

- **One concept per file.**
  Keep each note focused β€” e.g., `volumes.md`, `building.md`, `run-basics.md`.
- **Use kebab-case** filenames (consistent with URLs).
- **Front matter metadata** aligns with the rest of your cheatsheets:

```md
---
title: Podman β€” Rootless Mode
tags: [containers, podman, rootless]
summary: Understanding rootless containers and user namespaces in Podman.
aliases:
---

  • Titles: β€œEngine β€” Concept” or β€œConcept β€” Focus”

  • Examples: Docker β€” Daemon & Compose, Images β€” Building, Networking β€” Basics.

  • Cross-link pages frequently (e.g., link from images/building.md to registries/push-pull.md).

Optional: README.md Index per subfolder

Example: containers/runtime/README.md

---
title: Container Runtime β€” Index
tags: [containers, runtime]
summary: Container lifecycle, logs, and system integration.
---

- [Run Basics](./run-basics.md)
- [Pods vs Compose](./pods-vs-compose.md)
- [Systemd & Quadlet](./systemd-quadlet.md)

Quick rename / migration guidance

  • Existing single-page Docker notes β†’ move to engines/docker.md
  • Short templates (e.g., MySQL, Redis, Nginx Compose files) β†’ templates/compose/
  • Rootless systemd or Quadlet examples β†’ templates/quadlet/
  • Conceptual guides (volumes, networking, etc.) β†’ respective subfolders

Future directions (for when you scale)

  • Add containers/tools/ for Buildah, Skopeo, Trivy, Grype.
  • Add containers/integration/ for CI/CD, GitHub Actions, image signing.
  • Add containers/_meta/summary.md β€” yearly reflection on what grew, what merged, what’s deprecated.

Core principle

Organize by concept, not by engine. Engines change; concepts survive.

Every folder should answer one enduring question:

  • Images/ β€” How do we build and move container blueprints?
  • Runtime/ β€” How do we run and manage containers locally?
  • Orchestration/ β€” How do we run multiple containers together?
  • Security/ β€” How do we trust, sign, and isolate them?
  • Troubleshooting/ β€” How do we inspect and fix them?

That’s how you future-proof containers/ without overcomplicating it today.