Building labs.iximiuz.com - a place to help you learn Containers and Kubernetes the fun way 🚀
DevOps Challenge of the Week - Issue #3
Hey hey!
Are you ready for your next DevOps challenge?
Last week, we all witnessed yet another terrifying cyber-security event, and this time, it was a direct hit - researchers from Snyk discovered a way to break out of containers! 🤯
The vulnerability was found in the fundamental component of the containerization ecosystem - the most popular implementation of the (low-level) OCI container runtime - runc.
Notice how, on the diagram above, most high-level container runtimes actually rely on the same low-level component. Shout-out to Podman for using an alternative implementation (crun) 💪
Unfortunately, Kubernetes and its derivatives are impacted, too. Containers on the cluster nodes are managed by a CRI implementation, and unless you live in the Red Hat universe (CRI-O), it likely means the same containerd ↔ runc joint.
The problem is that even though all of us have heard of Docker, Kubernetes, and some even about containerd, runc often remains a secret hero.
The widespreadness on the one hand and the lack of awareness on the other make the Leaky Vessels breakout vulnerability particularly dangerous.
People need to know their heroes, in particular, to be aware of their weaknesses. Hence, this week's challenge - Go learn what runc is used for in the containerization ecosystem 🧐
Good luck!
Ivan Velichko
Building labs.iximiuz.com - a place to help you learn Containers and Kubernetes the fun way 🚀
Hey, fellow server dweller 👋 Ivan here with an exciting iximiuz Labs update! The month isn't over yet, so it's not quite time for the traditional monthly roundup. However, there have been so many updates on the platform in the past couple of weeks that they couldn't possibly fit into a single email. So, let's dive in 🚀 Backend Revamp: Faster, Smarter, Stronger Over the past few weeks, I rolled out a significant backend rewrite at iximiuz Labs, and I couldn't be more excited to share the...
Hello 👋 Ivan's here with November's roundup of all things Linux, Containers, Kubernetes, and Server Side 🧙 What I was working on This month was (extremely) development-heavy. Two-thirds of it went into the implementation of custom playground machinery and a new Kubernetes "Omni" playground, and in the last part, I was unexpectedly busy with expanding the platform's capacity and launching a new server in India 🎉 The latter became possible thanks to the support of all of you who got the premium...
Hello, fellow server dweller 👋 I've got two exciting announcements to make. Starting with the shorter one, this year, I decided to give Black Friday a try. This is an experiment - iximiuz Labs hasn't done sales before and won't have any in the foreseeable future, at least not until next November. So, if you wanted to get a premium membership but the price felt too high, this is your rare chance to get it with a 50% discount. The offer is limited to exactly one week. Now, to the second, much...