Building labs.iximiuz.com - a place to help you learn Containers and Kubernetes the fun way π
Ivan on Containers, Kubernetes, and Backend Development
Hello friends!
Ivan's here with a traditional monthly round-up of all things Linux, Containers, and Kubernetes. In this issue:
- iximiuz Labs update - port publishing, VS Code, and new Kubernetes playgrounds π§ͺ
- My very first YouTube video - how to expose a TCP port over HTTP π¬
- A long form write-up of the month - how cross-platform containers work π€
- As usual, a few good reads I've come across over the past few weeks in the end π
Let's get started!
iximiuz Labs are getting better
I started July with a strong desire to write a Kubernetes tutorial (or two) leveraging the shiny new platform.
|
However, as it usually happens, I quickly found myself working on something very different. Turns out, if you want to run a web app in an online playground, you have to implement port publishing first. And my long-awaited Kubernetes resource visualizer is a web app... But so is any online IDE or the Prometheus UI, and since I wanted to have all of them eventually available on the platform, I decided to postpone the content creation for a bit longer and keep my mad scientist engineer's hat on.
The idea behind port publishing is simple - you run a service in an online playground and it gets exposed via a random-looking HTTP host.
...but the implementation became one of the most complicated parts of the entire system! Wildcard DNS records and SSL certificates, dynamic service discovery and custom authZ filters in Envoy, a new authentication flow, and a whole bunch of e2e tests - it all took me like two weeks to implement properly.
However, when the work on port publishing was finished, adding VS Code support to all playgrounds took me less than an hour β€οΈβπ₯
Here is what you can do on iximiuz Labs now:
- Use playground-tailored online IDEs with handy extensions preinstalled (Docker, Kubernetes, Go, etc).
- Share a terminal session between devices or send it to a friend (w/ and w/o authentication).
- Expose a web application on a custom URL.
- Expose a non-HTTP service with a little help of WebSockets (more below).
New K0s and client-go playgrounds
βThe very first Kubernetes playground on iximiuz Labs was (and still is) K3s-based. I liked it overall, but I kept looking for something even more lightweight. Here is what I tried:
- kind - dismissed because it runs clusters inside containers hiding the details and the details is what we're up to here, right?
- minikube with --driver none and --container-runtime containerd|cri-o - dismissed because even in this "bare" configuration it still depends on the docker binary for some reason...
- microk8s - a promising option but can be installed only via snap which in turn requires systemd, but I don't have either of them running during my rootfs build step, so dismissed too, at least for now...
- k0s - pleasantly easy to install and get up and running, hence we're all getting a new Kubernetes playground π₯
Remember my collection of client-go examples? What if we combine it with a (slightly) faster Kubernetes playground and an online IDE? Right, we'll get a perfect place to learn how to call the Kubernetes API from Go.
Enjoy! π
Smaller features and bug fixes in July
- The terminal buffer was significantly increased, and cmd + k now clears it (in addition to the standard ctrl + l, which clears the visual part of it).
- Searching in the terminal with ctrl|cmd + f is finally available π
- Doubled the disk size for all playgrounds, started using more powerful CPUs, and doubled the CPUs for the free tier in container-related playgrounds.
- Added VS Code extensions to the Docker and Kubernetes playgrounds.
- Added k9s to the Kubernetes playgrounds.
- Fixed the annoying disconnect issue, the scrolling behavior, and the visual artifacts after using the hotkeys in xterm.
Debuting on YouTube
The new port publishing capability is nice but it has a significant limitation - by default, it can be used only to expose HTTP services. What if you want to expose a database or any other TCP service? WebSockets to the rescue!
In this short video, I demonstrate how to use websocat to connect a MongoDB instance launched in a Docker playground with my laptop's localhost to then use a UI client (MongoDB Compass). A handy trick for your arsenal π
Don't judge the quality of the above video too seriously, though - it was my very first one. So many new things to learn, but I'll keep at it because I have a whole bunch of topics that can be covered in the video format more efficiently than in writing:
- How to troubleshoot CI/CD pipelines leveraging online playgrounds.
- How to debug containers using cdebug (and not only).
- How to learn Kubernetes using my noname resource visualizer.
- How to develop Kubernetes controllers with Kubebuilder and controller-runtime.
- et cetera, et cetera...
Diving into cross-platform containers implementation
If you missed this month's CTTT issue, here is a sneak peek:
What I was reading
βUpdate your AMD hosts now to mitigate the Zenbleed exploit by Alex Ellis - two things: even virtual machines don't provide sufficient workload isolation 100% of the time and apt-get update && apt-get upgrade remains one of the most powerful vulnerability mitigation means π
βComparing Resource Consumption in K0s vs K3s vs Microk8s by Neil Cresswell - a pragmatic comparison. TL;DR: Neither microk8s, nor k0s, nor k3s can be reliably used on a node with 1GB RAM or less. In resource-limited environments, Docker or even Podman remains a much more efficient choice.
βVirtualized Linux on macOS Internals by Matt Rickard - a brief but informative overview of available virtualization options if you want to build you own Docker Desktop for macOS (like OrbStack) from a person who spent a great deal of time working on minikube.
βWe Raised A Bunch Of Money by Kurt Mackey (fly.io) - a spicy read. There are companies selling products, and there are companies selling philosophy, or religion if you will, behind their product. Fly.io is definitely in the second category, and their reads and doings do resonate with my vision of an ideal platform for my services.
βCompounding Optimism by Morgan Housel - probably off-topic for this newsletter, but I've been a long time fan of author's writing style and ideas, and I admire absolutely everything in this particular piece. Morgan Housel has this unique ability to tell a vivid real-world story and then use it to back the main idea of the article. I wish I could do the same in my technical writing.
βOn Compounding, Matt Rickard again - continuing the topic of compounding, consistency is king - whatever you're doing, keep at it πͺ
Wrapping up
Wow, that was another lengthy read. Definitely didn't see this one coming! I'd better return to my coding now, and I suggest you have some fun with the new playgrounds. π
As a kind reminder, please consider becoming a patron to support my work. It's likely you can expense it in your learning and development budget!
Cheers
Ivan
Ivan Velichko
Building labs.iximiuz.com - a place to help you learn Containers and Kubernetes the fun way π
Hey there π I spent a few weeks deep diving into cgroup v2, and I'm happy to share my findings with you! Everyone knows that Docker and Kubernetes use cgroups to limit the resources of containers and Pods. But did you know that it's very easy to run an arbitrary Linux process in a cgroup using much more basic tools? The only kernel's interface for cgroups is the virtual filesystem called cgroupfs typically mounted at /sys/fs/cgroup. Creating folders there and writing to files in them is...
Hello friends! Ivan's here with the June roundup of all things Linux, Containers, Kubernetes, and Server-Side craft π§ What I was working on The first two lessons (and a few challenges) of my "Alternative Introduction to Dagger" course have not sparked much interest among my students, so I had to put this work on pause. With a heavy heart, though, because I do like Dagger, and I was enjoying working on the content about it. But no interest means fewer iximiuz Labs Premium subscribers, and I...
Hello friends! It's time for my traditional monthly roundup of all things Linux, Containers, Kubernetes, and Server-Side craft π§ Before we get started, I want you to know that this newsletter's previous issue (dispatched mid-May) was delivered to only about 1/5th of my usual email audience due to an unfortunate DNS misconfiguration. The good news is that you can still find it and all previous issues on newsletter.iximiuz.com. Also, if you reply to this email, it'd help to restore the domain's...