I built a Docker image that has a user named “appuser” and this user has a defined uid of 1001. On my test server, the account I’m using is named “marc”, and it also has the uid of 1001. When I start the container, the sleep command executes as appuser, because the Dockerfile contains the line “USER appuser”. But this really doesn’t make it run as appuser, it makes it run as the uid of the user that the Docker images knows as appuser.
https://medium.com/@mccode/understanding-how-uid-and-gid-work-in-docker-containers-c37a01d01cf
Tag: container
Container port…
[…] containerPort does not set the port that will be exposed, it is purely informational and had no effect on Kubernetes networking. It is however good practice to document the port that the container is listening on for the next poor soul that is trying to figure out your system.
https://stackoverflow.com/questions/55741170/container-port-pods-vs-container-port-service
The EXPOSE instruction informs Docker that the container listens on the specified network ports at runtime. It does not make the ports of the container accessible to the host. To do that, you must use the
https://stackoverflow.com/questions/35548843/does-ports-on-docker-compose-yml-have-the-same-effect-as-expose-on-dockerfile-pflag to publish a range of ports.
Container namespaces
Containers within same pod share network namespace and IPC namespace but they have separate mount namespace and filesystem. Hence we use volumes for sharing mounts.
https://stackoverflow.com/questions/62228843/does-every-container-in-same-pod-has-independent-file-system
Daniel Velasco (notes?) 