Hello friends!
Ivan's here with a traditional monthly round-up of all things Linux, Containers, and Kubernetes. In this issue:
Let's get started!
I started July with a strong desire to write a Kubernetes tutorial (or two) leveraging the shiny new platform.
|
However, as it usually happens, I quickly found myself working on something very different. Turns out, if you want to run a web app in an online playground, you have to implement port publishing first. And my long-awaited Kubernetes resource visualizer is a web app... But so is any online IDE or the Prometheus UI, and since I wanted to have all of them eventually available on the platform, I decided to postpone the content creation for a bit longer and keep my mad scientist engineer's hat on.
The idea behind port publishing is simple - you run a service in an online playground and it gets exposed via a random-looking HTTP host.
...but the implementation became one of the most complicated parts of the entire system! Wildcard DNS records and SSL certificates, dynamic service discovery and custom authZ filters in Envoy, a new authentication flow, and a whole bunch of e2e tests - it all took me like two weeks to implement properly.
However, when the work on port publishing was finished, adding VS Code support to all playgrounds took me less than an hour β€οΈβπ₯
Here is what you can do on iximiuz Labs now:
βThe very first Kubernetes playground on iximiuz Labs was (and still is) K3s-based. I liked it overall, but I kept looking for something even more lightweight. Here is what I tried:
Remember my collection of client-go examples? What if we combine it with a (slightly) faster Kubernetes playground and an online IDE? Right, we'll get a perfect place to learn how to call the Kubernetes API from Go.
Enjoy! π
The new port publishing capability is nice but it has a significant limitation - by default, it can be used only to expose HTTP services. What if you want to expose a database or any other TCP service? WebSockets to the rescue!
In this short video, I demonstrate how to use websocat to connect a MongoDB instance launched in a Docker playground with my laptop's localhost to then use a UI client (MongoDB Compass). A handy trick for your arsenal π
Don't judge the quality of the above video too seriously, though - it was my very first one. So many new things to learn, but I'll keep at it because I have a whole bunch of topics that can be covered in the video format more efficiently than in writing:
If you missed this month's CTTT issue, here is a sneak peek:
βUpdate your AMD hosts now to mitigate the Zenbleed exploit by Alex Ellis - two things: even virtual machines don't provide sufficient workload isolation 100% of the time and apt-get update && apt-get upgrade remains one of the most powerful vulnerability mitigation means π
βComparing Resource Consumption in K0s vs K3s vs Microk8s by Neil Cresswell - a pragmatic comparison. TL;DR: Neither microk8s, nor k0s, nor k3s can be reliably used on a node with 1GB RAM or less. In resource-limited environments, Docker or even Podman remains a much more efficient choice.
βVirtualized Linux on macOS Internals by Matt Rickard - a brief but informative overview of available virtualization options if you want to build you own Docker Desktop for macOS (like OrbStack) from a person who spent a great deal of time working on minikube.
βWe Raised A Bunch Of Money by Kurt Mackey (fly.io) - a spicy read. There are companies selling products, and there are companies selling philosophy, or religion if you will, behind their product. Fly.io is definitely in the second category, and their reads and doings do resonate with my vision of an ideal platform for my services.
βCompounding Optimism by Morgan Housel - probably off-topic for this newsletter, but I've been a long time fan of author's writing style and ideas, and I admire absolutely everything in this particular piece. Morgan Housel has this unique ability to tell a vivid real-world story and then use it to back the main idea of the article. I wish I could do the same in my technical writing.
βOn Compounding, Matt Rickard again - continuing the topic of compounding, consistency is king - whatever you're doing, keep at it πͺ
Wow, that was another lengthy read. Definitely didn't see this one coming! I'd better return to my coding now, and I suggest you have some fun with the new playgrounds. π
As a kind reminder, please consider becoming a patron to support my work. It's likely you can expense it in your learning and development budget!
Cheers
Ivan
Building labs.iximiuz.com - a place to help you learn Containers and Kubernetes the fun way π
Hey there π I spent a few weeks deep diving into cgroup v2, and I'm happy to share my findings with you! Everyone knows that Docker and Kubernetes use cgroups to limit the resources of containers and Pods. But did you know that it's very easy to run an arbitrary Linux process in a cgroup using much more basic tools? The only kernel's interface for cgroups is the virtual filesystem called cgroupfs typically mounted at /sys/fs/cgroup. Creating folders there and writing to files in them is...
Hello friends! Ivan's here with the June roundup of all things Linux, Containers, Kubernetes, and Server-Side craft π§ What I was working on The first two lessons (and a few challenges) of my "Alternative Introduction to Dagger" course have not sparked much interest among my students, so I had to put this work on pause. With a heavy heart, though, because I do like Dagger, and I was enjoying working on the content about it. But no interest means fewer iximiuz Labs Premium subscribers, and I...
Hello friends! It's time for my traditional monthly roundup of all things Linux, Containers, Kubernetes, and Server-Side craft π§ Before we get started, I want you to know that this newsletter's previous issue (dispatched mid-May) was delivered to only about 1/5th of my usual email audience due to an unfortunate DNS misconfiguration. The good news is that you can still find it and all previous issues on newsletter.iximiuz.com. Also, if you reply to this email, it'd help to restore the domain's...