Ivan Velichko

Ivan on Containers, Kubernetes, and Backend Development

Published 10 months agoΒ β€’Β 5 min read

Hello friends!

It's been a while... but I'm back! We're not exactly at the end of the month, but I'm here for the traditional roundup, and after that, I'll try my best to stick with the original cadence - one mid-month issue with practical container tips and tricks and one monthly summary issue.

The main theme of today's issue is the same thing that caused a half-a-year hiatus of this newsletter - iximiuz Labs. The platform has been in public beta for about a month now, and it's already gaining some traction:

I configured analytics a few days after the launch, so the actual numbers are even higher - for instance, there are more than 500 registered users (Plausible says it's only ~350). And the number of active plays (a play is an instance of a playground in my design) is simply mind-boggling. The traffic has also started increasing - and I'm ramping up the content creation, so it may very well outgrow the blog by the end of the year!

You can help iximiuz Labs evolve (and keep this newsletter going) by supporting my work on Patreon. Patrons get extra insights into my development and creative processes, premium Labs access, and invite to a private Discord community of container and Cloud Native enthusiasts πŸ˜‰

Learning Containers: The Guided Way

Speaking of the content, I'm still experimenting with the formats, but the first chunk has already been shipped - two lessons of my course on containerd are now available on the platform. You can learn how to use containerd from the command line, get acquainted with its default CLI client (ctr), and through that, improve your understanding of containers and/or hone your debugging skills. The beauty of containerd is that it's a relatively low-level runtime, so by simply playing with it, you're getting lots of insights into what containers actually are (and in this course, I'm doing my best to guide you through the process).

Every course lesson is accompanied by a playground (i.e., a web terminal on the side) where you can try showcased ctr commands without leaving the browser. But that's not only it! For me, the coolest part is the practice sections after every lesson! Copy-pasting (or better retyping) the commands from the theoretical part is a necessary first step, but free-form exercises are going to prepare you for the tough reality of production much better - and the automatic verification of solutions should make the experience quite engaging, just check out the video:


Learning Containers: The Freestyle Way

Courses and tutorials are great, but sometimes you need a place for freestyle experimentation. Well, at least I do, often. Sandbox environments should get you covered - with Docker, Kubernetes, Podman, containerd, nerdctl, or just vanilla Ubuntu, Alpine, or Rocky Linux machines that start almost instantly and can be disposed of after every experiment. I'm constantly polishing these environments, adding various handy tools (but hopefully not overdoing it):


The Internal Kitchen of The Labs

Over the past six months, many people asked me about the internals of iximiuz Labs - I'm always happy to share my learnings, but this time the scope was so big that I've been postponing the blog post for way too long. And this makes me double excited to announce that it's finally out! Almost 5000 words and a ton of visuals - How I built my own learning-by-doing platform.

Here is a sneak peek - the high-level architecture of the platform:

And here is my attempt to answer the most popular question - how the networking part of the playgrounds is done:

What I was reading

Likely much like yours, my feeds have been dominated by posts on ChatGPT and the like. While the technology is worthy (well, without Copilot, I'd still be halfway through the development of the Labs, and ChatGPT helped me out on several occasions, including chasing and fixing some sneaky bugs), the content quality about it is typically mediocre at best. So I won't be retranslating most of it except when it's an intersection of AI and one of my traditional spheres of interest.

​Exploring Firecracker MicroVMs for Multi-Tenant Dagger CI/CD Pipelines - A topic close to the heart. Felipe Cruz from Docker describes his journey with making use of Firecracker MicroVMs. It's so close to what I've been doing, and the read is so good that I decided not to write such a post myself and instead focus on the specifics of my platform. Definitely worth your time if you want to play with Firecracker.

​Fun with Containers - Adding tracking to your images - An ingenious way to track every time someone pulls your image (stored on any registry, including Docker Hub). Curious to see how people actually may use it in the real world.

​Cloud Native Security Talks - Rory McCune keeps educating people on cybersecurity. This (newborn) collection is a truly herculean effort.

​LocalStack: Why Local Development for Cloud Workloads Makes Sense - I’ve been very skeptical about LocalStack, but if Corey says it’s good enough… So, decent local mocking is possible, after all. Is it just a matter of how big the pain of not having those mocks is?

​Imperative, Declarative, Interrogative, and Exclamative Interfaces - There are four different types of sentences in English: imperative, declarative, interrogative, and exclamative. In programming, the imperative and declarative paradigms are already widespread, and the interrogative paradigm is becoming more and more popular with the rise of chats. But Matt [Rickard] goes one step further - what if the exclamative programming parading is about to emerge? When the task is too complex to program the solution right away or describe the desired solution to an LLM, the only thing that's left is to keep shouting at the model until it produces a good enough result.

​Reflections on 10,000 Hours of DevOps - Matt Rickard again. A great list of tips & tricks, likely learned the hard way.

​Distributed Systems and AI - OpenAI runs on Kubernetes. "Even in a world where AI-assisted code reigns β€” being a distributed systems expert might be the key to unlocking AI in every program." Hey, we're not losing our jobs just yet! Jokes aside, we may very well all stop writing code soon (and start reading/editing tons of generated code instead), but the hardest thing to replace with AI will be all sorts of system design (and operation) skills - something I'll be focusing more and more in my Labs.

​I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase - Ok, some good use of the (in)famous tech here. And I've heard Snyk has already productized something like it (but I haven't had a chance to try it myself).

​All the Hard Stuff Nobody Talks About when Building Products with LLMs - Finally, someone's being real and pragmatic about adding LLM-powered features to an existing product. TL;DR It's challenging, potentially dangerous (due to prompt injections), with questionable usefulness of the produced results, and a lot of "prompt engineering" alchemy (that may work today and stop working tomorrow).

​I’m Now a Full-Time Professional Open Source Maintainer - An interesting read on how one can start making a (pretty good) living as a full-time OSS maintainer. TL;DR Make a few companies using your OSS projects to sign retainer agreements with you offering them some peace of mind and potential impact on the projects' roadmaps, and then get back to your beloved code. I kinda liked it.

Wrapping up

This was probably the largest issue so far, but I had a lot to share after such a long break. And it feels good to be back! The next (mid-month) issue will likely be on OrbStack - a promising high-level container runtime for macOS that claims to be (yet another) Docker Desktop replacement (although I'm personally more interested in its VM- than container capabilities - still missing Vagrant and VirtualBox on Apple Silicon).

Until then, have fun with the Labs, and please consider supporting my work!



Ivan Velichko

Software Engineer at day. Tech Storyteller at night. Helping people master Containers.

Read more from Ivan Velichko

Hello friends! Ivan's here - with a well overdue February roundup of all things Linux, Containers, Kubernetes, and Server-Side craft πŸ§™ What I was working on A lot of stuff on the dev side - not so much on the content side. But things are soon to reverse 🀞 Announcing labCTL - the long-awaited iximiuz Labs CLI A dozen people have asked me over the past year-ish if there'll be access to the playgrounds from the local terminal and not only from the browser. And while I myself wanted this feature...

about 1 month agoΒ β€’Β 7 min read

Hello there! πŸ‘‹ Debugging containerized applications is... challenging. Debugging apps that use slim variants of container images is double challenging. And debugging slim containers in hardened production environments is often close to impossible. Before jumping to the DevOps problems that I prepared for you this week, let's review a few tricks that can be used to troubleshoot containers. If the container has a shell inside, running commands in it with docker exec (or kubectl exec) is...

about 2 months agoΒ β€’Β 1 min read

Hey hey! Are you ready for your next DevOps challenge? Last week, we all witnessed yet another terrifying cyber-security event, and this time, it was a direct hit - researchers from Snyk discovered a way to break out of containers! 🀯 The vulnerability was found in the fundamental component of the containerization ecosystem - the most popular implementation of the (low-level) OCI container runtime - runc. Notice how, on the diagram above, most high-level container runtimes actually rely on the...

2 months agoΒ β€’Β 1 min read
Share this post