Ivan Velichko

Ivan on Containers, Kubernetes, and Backend Development

Published almost 2 years ago • 4 min read

Hello friends!

It's Ivan Velichko, a software engineer and a technical storyteller, with my traditional monthly roundup.

I'd like to start this issue with the exciting personal news. I'm joining the Slim.AI team to build cool stuff for all of us dealing with containers.

I've been an old fan of the Slim.AI SaaS - a service where you can search images on multiple container registries simultaneously and inspect the image content right in the browser. I also admire the magic behind their OSS DockerSlim project - this tool can trim down a container image by some tens of percents without requiring much of the user input. And of course, there is a lot to come.

So, my innate interest in containers and solid ops experience made this role sound like a perfect opportunity - I'll be spending even more time tinkering with Docker and Kubernetes (meaning more insights on the blog and twitter 😉), and, hopefully, it'll result into something the whole DevOps guild could benefit from. Looking forward to my first day next week!

SPONSORED Kubernetes API Access Security Hardening - a worthwhile post by Teleport. Extremely relevant for those of us who's concerned with securing Kubernetes API access. Do recommend if you need to implement strong authN/authZ in Kubernetes clusters.

What I Was Working On

Somehow, this month I switched the gears from Kubernetes back to Containers. I'm not done with the Working With Kubernetes API series yet, and I still have at least three WiP articles - a "how to write a custom controller" primer, a client-go walkthrough, and a client-go "advanced stuff" article with the explanation of informers, work queues, and alike. But none of them were finished this month.

It all started from me running into this DockerSlim bug. While fixing it, I had to remember a few clever tricks:

twitter profile avatar
Ivan Velichko
Twitter Logo
April 3rd 2022

But after a week spent debugging containers, I couldn't already help but think of dumping my fresh Container thoughts to the blog:

While preparing materials for one of these posts, I came up with a nasty technique - writing an entire Go program in a Dockerfile. It's obviously a very bad idea, especially for production use, but nevertheless, I shared it on Twitter, and it took off...

The above stuff took a surprisingly long time to write down, and by the end of the month, I felt bad that I didn't spend enough time working on my Kubernetes API series, so I ended up drawing this diagram on how to extend the Kubernetes API using Custom Resources, Admission Webhooks, and Controllers. Kind of a teaser of the future work:

What I Was Reading

Stay Tuned

Well, this is it for this month. A lot of stuff, but even more to come! Stay safe and healthy, friends! And make code, not war!


Ivan Velichko

P.S. If you find this newsletter helpful, please spread the word - forward this email to your friend :)

Ivan Velichko

Software Engineer at day. Tech Storyteller at night. Helping people master Containers.

Read more from Ivan Velichko

Hello there! 👋 Debugging containerized applications is... challenging. Debugging apps that use slim variants of container images is double challenging. And debugging slim containers in hardened production environments is often close to impossible. Before jumping to the DevOps problems that I prepared for you this week, let's review a few tricks that can be used to troubleshoot containers. If the container has a shell inside, running commands in it with docker exec (or kubectl exec) is...

10 days ago • 1 min read

Hey hey! Are you ready for your next DevOps challenge? Last week, we all witnessed yet another terrifying cyber-security event, and this time, it was a direct hit - researchers from Snyk discovered a way to break out of containers! 🤯 The vulnerability was found in the fundamental component of the containerization ecosystem - the most popular implementation of the (low-level) OCI container runtime - runc. Notice how, on the diagram above, most high-level container runtimes actually rely on the...

29 days ago • 1 min read

Hello friends! Ivan's here - with my traditional monthly roundup of all things Linux, Containers, Kubernetes, and Server-Side craft 🧙 What I was working on After my announcement of the iximiuz Labs GA earlier this month, the platform's usage has more than doubled, so I had to focus on the system's stability and UX. As a result, I increased observability and test coverage, added one more bare-metal server, streamlined a bunch of use cases, and fixed a few bugs. The most notable user-facing...

about 1 month ago • 3 min read
Share this post