profile

Ivan Velichko

Ivan on Containers, Kubernetes, and Backend Development

Published almost 2 years ago • 3 min read

Hello friends!

Ivan's here with a monthly roundup from iximiuz.com.

May was nuts! The new job and the first time ever KubeCon trip made it quite overwhelming for me. But it was definitely great!


SPONSORED (but highly relevant) Access Multiple Kubernetes Clusters - the right way. Yet another good read by Teleport with some practical advice sprinkled with a bit of Kubernetes API theory. Go check it out!


What I Was Working On

I started the month from digging into the DockerSlim codebase (Yay, I do open source for a living now!) The top-level idea of the DockerSlim project is simple - take a (potentially huge) container image, run it, collect the usage stats, and then build a new (hopefully slim) image putting into it only the tracked files. However, as always, the devil is in the details. So, I spent like a week learning the ins and outs. As usual, it ended up with a diagram:

How DockerSlim makes images, well, slim!

The DockerSlim project started more than 7 years ago, when Docker was (kinda sorta) the only option to run containers (hence, the project name), and most of the use cases were as simple as a single `docker run <image>`. Nowadays, though, you'll rarely find a production image that can run in isolation - all sorts of sidecars and external dependencies are expected. So, my first (non-trivial) DockerSlim contribution was adding the initial Kubernetes support. Instead of running a single container image locally, I'm teaching DockerSlim how to trace and minimize workloads running in a Kubernetes cluster!

The Kubernetes runtime support for DockerSlim is still WiP, but I managed to get the PoC done during the second week of May, so there was a good reason for us to go to KubeCon and get the initial feedback. KubeCon was awesome! I met the Slim.AI team, I met a number of great folks whom I knew from Twitter and other online communities, and I got tons of ideas and inspiration from hordes of like-minded people hanging around!

twitter profile avatar
Ivan Velichko
Twitter Logo
@iximiuz
May 18th 2022
7
Retweets
89
Likes

One of these ideas was actually an enhancement for DockerSlim! Keeping images slim is generally preferred, but there are downsides too. For instance, slim images typically lack debugging tools. So, inspired by the Kubernetes Ephemeral Containers talk, we decided to conduct a mini-hackathon right during KubeCon and implement the new `docker-slim debug` command. Surprisingly (never thought a conference might be the right place for coding), it went really well, and despite the maximum possible level of distraction, Dan Čermák made this new command happen, almost in no time. Kudos to Dan!


What I Was Writing

I'll be honest, it was quite challenging to find time for writing this month. But I managed to extend the Kubernetes API series a bit - the new article How To Develop Kubernetes CLIs Like a Pro shows how to use the `k8s.io/cli-runtime` library to build CLI tools that behave like and are as potent as the mighty `kubectl`. I also summarized my first impression from Kubernetes Ephemeral Containers and `kubectl debug` Command - check out this illustrated post where I explain the internal kitchen of ephemeral containers revealing a bunch of potential pitfalls.


What I Was Reading

Much like with writing, there was very little time for reading:


Stay Tuned

Well, this is it for the May roundup. See you in June! And until then, stay safe and healthy!

Cheers,

Ivan Velichko

Ivan Velichko

Software Engineer at day. Tech Storyteller at night. Helping people master Containers.

Read more from Ivan Velichko

Hello friends! Ivan's here - with a well overdue February roundup of all things Linux, Containers, Kubernetes, and Server-Side craft 🧙 What I was working on A lot of stuff on the dev side - not so much on the content side. But things are soon to reverse 🤞 Announcing labCTL - the long-awaited iximiuz Labs CLI A dozen people have asked me over the past year-ish if there'll be access to the playgrounds from the local terminal and not only from the browser. And while I myself wanted this feature...

about 1 month ago • 7 min read

Hello there! 👋 Debugging containerized applications is... challenging. Debugging apps that use slim variants of container images is double challenging. And debugging slim containers in hardened production environments is often close to impossible. Before jumping to the DevOps problems that I prepared for you this week, let's review a few tricks that can be used to troubleshoot containers. If the container has a shell inside, running commands in it with docker exec (or kubectl exec) is...

about 2 months ago • 1 min read

Hey hey! Are you ready for your next DevOps challenge? Last week, we all witnessed yet another terrifying cyber-security event, and this time, it was a direct hit - researchers from Snyk discovered a way to break out of containers! 🤯 The vulnerability was found in the fundamental component of the containerization ecosystem - the most popular implementation of the (low-level) OCI container runtime - runc. Notice how, on the diagram above, most high-level container runtimes actually rely on the...

2 months ago • 1 min read
Share this post