Ivan on Containers, Kubernetes, and Backend Development

Hi friends!

It's Ivan again, with my traditional roundup of all things around iximiuz.com.

Remember that article on Kubernetes I mentioned last time? While I was finishing the last month's issue, the article made it to the front page of Hacker News, thanks to its controversial title: How Kubernetes Reinvented Virtual Machines. When I was done with the newsletter work, I got pleasantly surprised by the number of new readers on the blog. At moments like that, you know for sure that all these hours of ~~suffering~~ writing are worth it!

And now to the updates & announcements!

SPONSORED How Passwordless Works is yet another masterpiece from Teleport. Not a typical shallow corporate blog publication but a deep technical write-up explaining how the new Web Authentication protocol works. If everything goes well, we'll soon be having one more key on our physical keychains, and the days of passwords and password managers will be gone.

Announcements

I've been dodging invitations to speak since forever (well, I'm a writing guy), but this month I finally decided to give it a try:

On August 31st, Martin Wimpress and I will join David Flanagan on his YouTube channel to talk about DockerSlim. One of the things I admire about the RawKode Academy is that all events there end up being truly hands-on, and this one should not be an exception!
On September 15th, I'll be conducting a virtual workshop devoted to one of my favorite Cloud-Native tools - containerd. Thanks to Saim Safdar for being so kind and inviting me to join the Cloud Native Islamabad community.

I'm looking forward to these streams (but, hell, am I nervous!), and I hope you'll tune in too!

What I Was Working On

I've been doing a lot of research this month on how to produce small(er), fast(er), and secure(r) container images. Most of the results are yet to become articles, but I already have something to share: In Pursuit of Better Container Images: Alpine, Distroless, Apko, Chisel, DockerSlim, oh my!

On the birdy-side of things, there was a bunch of tweets that attracted people's attention:

🔥 Debunking Container Myths - summary of my series of articles with the same name. Rather a fun read.
Linux vs GNU/Linux vs Alpine Linux - a thread about the terminology nuances and the Linux distro peculiarities.
Container Base Image: Debian vs Ubuntu? - if you've ever wondered which one to choose, or how having a company behind a Linux distro results in much faster patching of CVEs, thanks to the public security SLA.
Why Container Images Should Be Slim - a screencast of my favorite developer portal helping me deal with container images (disclaimer: since May, I work there, but it became my beloved tool well before I joined the company).
socat is one love - a quick Linux networking lesson showing how to spin up a simple TCP reverse proxy with just a single (and pretty simple) command.

What I Was Reading

Docker and the OCI container ecosystem - good overview & summary of the container ecosystem, starting from the explanation of how Docker became the de facto standard container implementation and then touching upon the most popular tools in the area like Docker, containerd, runc, Podman, cri-o, etc. A great addition to my Journey From Containerization To Orchestration And Beyond.
Who Should Write the Terraform? - experience-based reflection on the evolution of Admins and Coders into Developers and SREs with a touch upon platform engineering. Good read! Reminded me of my DevOps, SRE, and Platform Engineering.
Developers Should Deploy Their Own Code - agree with the main theme and most of the points.
Designing Developer Velocity - a great checklist for anyone concerned with DevEx!
Personal Security Posture: How I Keep My Cybersecurity Game Strong - pragmatic piece of advice by Corey Quinn suitable for most of the software folks out there: understand your threats and choose the defense means accordingly.
Corey asked, "What’s the current state of the art for rapid iteration against a development environment k8s cluster" and after getting a myriad of replies, all mentioning a different piece of tech, brilliantly answered the question himself, "the state of the art has yet to emerge".
acorn.io - [an attempt to answer the above question by the creators of Rancher] - a containerized application packaging framework that simplifies deployment on Kubernetes. Check out this dope intro by Saiyam Pathak.
Concurrency Compared: AWS Lambda, AWS App Runner, and AWS Fargate - worthwhile overview; App Runner sounds like my new (would-be) fave way to run containerized web services. And I'm still of the opinion that AWS Lambda is good only for ad-hoc/event/pure FaaS use cases and inflicts pain in others.
github.com/sieve-project/sieve - an interesting way to auto-test Kubernetes controllers. At first, it may sound too fancy/complicated, but after reading the testing strategies, it starts sounding much more reasonable.
Living with Kubernetes: 12 Commands to Debug Your Workloads - an old but gold article offering a handy set of commands to debug and troubleshoot Kubernetes workloads.
The API Object Lifecycle - simple but important considerations for handling DELETING objects; must-read for all controller developers.
The Value is in the API - on how the API matters more than the implementation behind it and on the importance of good APIs (including the one provided by Kubernetes).
Slim and Secure Containers: DevOps and Docker Live Show - the Slim.AI portal is featured on Bret Fisher's show. See how to inspect your container images and scan them for vulnerabilities right in your browser.
Vulnerability scanners 101 by Dan Lorenc, Chainguard's founder & CEO. TL;DR - Scanners ain't magic (yet?)

Stay Tuned

Well, that was a big one... But I want to believe I shared only the worthy bits! I should probably start sending this newsletter twice a month to make it more digestible, though 😇

Stay safe and healthy!

Cheers,

Ivan Velichko