profile

Ivan Velichko

Ivan on Containers, Kubernetes, and Backend Development

Published 9 months agoΒ β€’Β 5 min read

Hello friends!

Ivan's here with a traditional monthly round-up of all things Linux, Containers, and Kubernetes. In this issue:

  • iximiuz Labs update - port publishing, VS Code, and new Kubernetes playgrounds πŸ§ͺ
  • My very first YouTube video - how to expose a TCP port over HTTP 🎬
  • A long form write-up of the month - how cross-platform containers work πŸ€“
  • As usual, a few good reads I've come across over the past few weeks in the end πŸ“š

Let's get started!


iximiuz Labs are getting better

I started July with a strong desire to write a Kubernetes tutorial (or two) leveraging the shiny new platform.

twitter profile avatar
Ivan Velichko
Twitter Logo
Twitter Logo
@iximiuz
12:6 AM β€’ Jul 13, 2023
4
Retweets
43
Likes
​

However, as it usually happens, I quickly found myself working on something very different. Turns out, if you want to run a web app in an online playground, you have to implement port publishing first. And my long-awaited Kubernetes resource visualizer is a web app... But so is any online IDE or the Prometheus UI, and since I wanted to have all of them eventually available on the platform, I decided to postpone the content creation for a bit longer and keep my mad scientist engineer's hat on.

The idea behind port publishing is simple - you run a service in an online playground and it gets exposed via a random-looking HTTP host.

...but the implementation became one of the most complicated parts of the entire system! Wildcard DNS records and SSL certificates, dynamic service discovery and custom authZ filters in Envoy, a new authentication flow, and a whole bunch of e2e tests - it all took me like two weeks to implement properly.

However, when the work on port publishing was finished, adding VS Code support to all playgrounds took me less than an hour ❀️‍πŸ”₯

Here is what you can do on iximiuz Labs now:

  • Use playground-tailored online IDEs with handy extensions preinstalled (Docker, Kubernetes, Go, etc).
  • Share a terminal session between devices or send it to a friend (w/ and w/o authentication).
  • Expose a web application on a custom URL.
  • Expose a non-HTTP service with a little help of WebSockets (more below).
Help iximiuz Labs evolve faster by supporting my work on Patreon. As a patron, you'll get more powerful playgrounds, access to premium content, and an invite to a private Discord community. Does your company have a learning and development budget? Then this expense most likely can be reimbursed 😎

New K0s and client-go playgrounds

​The very first Kubernetes playground on iximiuz Labs was (and still is) K3s-based. I liked it overall, but I kept looking for something even more lightweight. Here is what I tried:

  • kind - dismissed because it runs clusters inside containers hiding the details and the details is what we're up to here, right?
  • minikube with --driver none and --container-runtime containerd|cri-o - dismissed because even in this "bare" configuration it still depends on the docker binary for some reason...
  • microk8s - a promising option but can be installed only via snap which in turn requires systemd, but I don't have either of them running during my rootfs build step, so dismissed too, at least for now...
  • k0s - pleasantly easy to install and get up and running, hence we're all getting a new Kubernetes playground πŸ”₯

Remember my collection of client-go examples? What if we combine it with a (slightly) faster Kubernetes playground and an online IDE? Right, we'll get a perfect place to learn how to call the Kubernetes API from Go.

​

Enjoy! πŸ˜‰


Smaller features and bug fixes in July

  • The terminal buffer was significantly increased, and cmd + k now clears it (in addition to the standard ctrl + l, which clears the visual part of it).
  • Searching in the terminal with ctrl|cmd + f is finally available πŸŽ‰
  • Doubled the disk size for all playgrounds, started using more powerful CPUs, and doubled the CPUs for the free tier in container-related playgrounds.
  • Added VS Code extensions to the Docker and Kubernetes playgrounds.
  • Added k9s to the Kubernetes playgrounds.
  • Fixed the annoying disconnect issue, the scrolling behavior, and the visual artifacts after using the hotkeys in xterm.

Debuting on YouTube

The new port publishing capability is nice but it has a significant limitation - by default, it can be used only to expose HTTP services. What if you want to expose a database or any other TCP service? WebSockets to the rescue!

In this short video, I demonstrate how to use websocat to connect a MongoDB instance launched in a Docker playground with my laptop's localhost to then use a UI client (MongoDB Compass). A handy trick for your arsenal πŸ‘‡

video preview​

Don't judge the quality of the above video too seriously, though - it was my very first one. So many new things to learn, but I'll keep at it because I have a whole bunch of topics that can be covered in the video format more efficiently than in writing:

  • How to troubleshoot CI/CD pipelines leveraging online playgrounds.
  • How to debug containers using cdebug (and not only).
  • How to learn Kubernetes using my noname resource visualizer.
  • How to develop Kubernetes controllers with Kubebuilder and controller-runtime.
  • et cetera, et cetera...

Diving into cross-platform containers implementation

If you missed this month's CTTT issue, here is a sneak peek:


What I was reading

​Update your AMD hosts now to mitigate the Zenbleed exploit by Alex Ellis - two things: even virtual machines don't provide sufficient workload isolation 100% of the time and apt-get update && apt-get upgrade remains one of the most powerful vulnerability mitigation means πŸ™ˆ

​Comparing Resource Consumption in K0s vs K3s vs Microk8s by Neil Cresswell - a pragmatic comparison. TL;DR: Neither microk8s, nor k0s, nor k3s can be reliably used on a node with 1GB RAM or less. In resource-limited environments, Docker or even Podman remains a much more efficient choice.

​Virtualized Linux on macOS Internals by Matt Rickard - a brief but informative overview of available virtualization options if you want to build you own Docker Desktop for macOS (like OrbStack) from a person who spent a great deal of time working on minikube.

​We Raised A Bunch Of Money by Kurt Mackey (fly.io) - a spicy read. There are companies selling products, and there are companies selling philosophy, or religion if you will, behind their product. Fly.io is definitely in the second category, and their reads and doings do resonate with my vision of an ideal platform for my services.

​Compounding Optimism by Morgan Housel - probably off-topic for this newsletter, but I've been a long time fan of author's writing style and ideas, and I admire absolutely everything in this particular piece. Morgan Housel has this unique ability to tell a vivid real-world story and then use it to back the main idea of the article. I wish I could do the same in my technical writing.

​On Compounding, Matt Rickard again - continuing the topic of compounding, consistency is king - whatever you're doing, keep at it πŸ’ͺ


Wrapping up

Wow, that was another lengthy read. Definitely didn't see this one coming! I'd better return to my coding now, and I suggest you have some fun with the new playgrounds. πŸ˜‰

As a kind reminder, please consider becoming a patron to support my work. It's likely you can expense it in your learning and development budget!

Cheers

Ivan

Ivan Velichko

Software Engineer at day. Tech Storyteller at night. Helping people master Containers.

Read more from Ivan Velichko

Hello friends! Ivan's here - with a well overdue February roundup of all things Linux, Containers, Kubernetes, and Server-Side craft πŸ§™ What I was working on A lot of stuff on the dev side - not so much on the content side. But things are soon to reverse 🀞 Announcing labCTL - the long-awaited iximiuz Labs CLI A dozen people have asked me over the past year-ish if there'll be access to the playgrounds from the local terminal and not only from the browser. And while I myself wanted this feature...

about 1 month agoΒ β€’Β 7 min read

Hello there! πŸ‘‹ Debugging containerized applications is... challenging. Debugging apps that use slim variants of container images is double challenging. And debugging slim containers in hardened production environments is often close to impossible. Before jumping to the DevOps problems that I prepared for you this week, let's review a few tricks that can be used to troubleshoot containers. If the container has a shell inside, running commands in it with docker exec (or kubectl exec) is...

about 2 months agoΒ β€’Β 1 min read

Hey hey! Are you ready for your next DevOps challenge? Last week, we all witnessed yet another terrifying cyber-security event, and this time, it was a direct hit - researchers from Snyk discovered a way to break out of containers! 🀯 The vulnerability was found in the fundamental component of the containerization ecosystem - the most popular implementation of the (low-level) OCI container runtime - runc. Notice how, on the diagram above, most high-level container runtimes actually rely on the...

2 months agoΒ β€’Β 1 min read
Share this post