Software Engineer at day. Tech Storyteller at night. Helping people master Containers.
Ivan on Containers, Kubernetes, and Backend Development
Hi friends!
Ivan's here, with a monthly roundup from iximiuz.com.
I just finished an article on Kubernetes, and as always, it took me million hours to get from the first draft to a decent quality write-up. For better or for worse, there is no such thing for me as quick writing. But now it's getting late over here, so I'll have to keep the newsletter rather short.
SPONSORED Passwords are secrets, but secrets tend to leak. Certificates might be superior to passwords in many cases, but they are also secrets after all. Check out this good read by Teleport to learn How to Access Infrastructure Without Usernames and Passwords using provable identities. The future is bright and passwordless!
What I Was Working On
Continuing the June theme, I managed to find some time in July to work on my (not so) secret Kubernetes UI. The visualizations are much smoother now (check out that rolling Deployment recording below), but the rest of the changes were mostly plumbing and hardening, so no new functional to demo yet.
What I Was Writing
There is one but rather big article I'd like to share this month: How Kubernetes Reinvented Virtual Machines. This article might feel less technical than my usual writing, but the intent was to tell a relatable story. It's based on my 10+ years of experience and observation of how people develop, deploy, and operate web services. And it's an illustrated one! Just to give you some taste:
I've also been pretty active on Twitter and published a few threads you may find interesting (or controversial):
- Why AWS Lambda is great for pure FaaS and poor for generic HTTP workloads
- Kubernetes basics explained by analogy (kinda-sorta spin-off of the blog article)
- How knowing Container Fundamentals helps you use Kubernetes more efficiently
- Kubernetes Service Misconceptions
Last but not least, DockerSlim officially announced its Docker Compose support. Now you can optimize images that are a part of the compose service definition with a single command. And while I didn't participate in the technical implementation of this feature, I'm happy to share the news 🎉
What I Was Reading
- K8s Gateway API is here - what's in it for you? - Hard to tell for me at the moment how handy they actually will be, but I definitely like the new, more fine-grained separation of concerns the mechanism of Gateways provides.
- The Kubernetes Networking Guide - A hot find from Anaïs Urlichs' last newsletter issue. "A resource providing an overview of various Kubernetes networking components with a specific focus on EXACTLY HOW they implement the required functionality."
- Dockerfiles now Support Multiple Build Contexts - Well, this feature enables quite some new interesting use cases (and workarounds). I'll probably explore it more deeply and share my findings.
- What happens when you press a key in your terminal? and A toy remote login server - A pair from Julia Evans on how terminals actually work. This ancient tech is behind such commonly used tools as SSH or docker and kubectl exec commands, so definitely worth a read.
- Understanding AWS Lambda scaling and throughput - A link to an AWS blog is not something I'd typically share. But this one has some exceptional drawings.
- An Ubuntu kernel bug causes container crashes - Versioning is hard. Kernel versioning is even harder. "Maintaining an out-of-tree kernel patch for any length of time is an arduous task." Enjoyed the read.
- Node.js Rocks in Docker by Bret Fisher - That leap from being able to run Node.js in a container to getting a production-ready image...
- A Look Into My Development Stack - A pragmatic look on development environments by Matt Rickard. "Even though I helped build minikube, I don't have the time to debug issues anymore, so I use Docker Desktop." You got my point 😉
- Remote Development at Slack - I've been saying it for ages, one project - one virtual machine.
- Stacked Pull Requests - If you never felt the need, you're a lucky one. Every other my feature results in a series of pull requests with one based on another, and cascading rebase is no fun.
Stay Tuned
And this is it for July. Stay safe and healthy!
Cheers,
Ivan Velichko
Ivan Velichko
Software Engineer at day. Tech Storyteller at night. Helping people master Containers.
Hello friends! Ivan's here - with a well overdue February roundup of all things Linux, Containers, Kubernetes, and Server-Side craft 🧙 What I was working on A lot of stuff on the dev side - not so much on the content side. But things are soon to reverse 🤞 Announcing labCTL - the long-awaited iximiuz Labs CLI A dozen people have asked me over the past year-ish if there'll be access to the playgrounds from the local terminal and not only from the browser. And while I myself wanted this feature...
Hello there! 👋 Debugging containerized applications is... challenging. Debugging apps that use slim variants of container images is double challenging. And debugging slim containers in hardened production environments is often close to impossible. Before jumping to the DevOps problems that I prepared for you this week, let's review a few tricks that can be used to troubleshoot containers. If the container has a shell inside, running commands in it with docker exec (or kubectl exec) is...
Hey hey! Are you ready for your next DevOps challenge? Last week, we all witnessed yet another terrifying cyber-security event, and this time, it was a direct hit - researchers from Snyk discovered a way to break out of containers! 🤯 The vulnerability was found in the fundamental component of the containerization ecosystem - the most popular implementation of the (low-level) OCI container runtime - runc. Notice how, on the diagram above, most high-level container runtimes actually rely on the...