Hey, hey!

It's Ivan Velichko, a software engineer and a technical storyteller. I brought you a monthly roundup of all things Containers, Kubernetes, and Backend development from iximiuz.com.

That's just my second newsletter send-out, so it's totally fine if you don't even remember me. Kind reminder, you subscribed to the updates from my blog somewhere over the past six months. If you don't want to receive emails from me (very sad), just hit unsubscribe at the bottom of this email. Otherwise, welcome!

Here is what I have for September.

I started the month from rethinking my understanding of containers. It's been a while since I adopted the saying containers are Linux processes. However, a thorough OCI Runtime Spec (re-)read changed my mind. Nope, containers aren't Linux processes. Even if we limit the scope to just Linux and OS-level virtualization means, it'd be more accurate to see containers as isolated and restricted execution environments. However, the OCI Runtime Spec doesn't restrict container implementation to just that, and VM-based containers are also a thing. You can read more about my findings here.

The above container rant sparked a few fruitful discussions on Twitter, and some really cool resources popped up:

• ​Interactive diagram explaining Kata Containers​
• ​Flowchart depicting a typical OCI runtime implementation​

I don't favour unfounded writing, so while preparing materials for the OCI Runtime blog post, I'd been validating a lot of assumptions of how low-level container runtimes work. And I found containerd extremely handy for that purpose. If you want to dig deeper into how containers are implemented, I do recommend spending a few hours playing with it. Here is my write-up on how you can start using containerd from the command-line without installing Docker.

Speaking of Docker, there was a lot of buzz this month caused by Docker's attempt to make some (rather big) users pay for the Docker Desktop product. I love Docker, their contribution to the Containerverse is just invaluable, and I always felt sorry to see how they struggle to get their work paid. Hopefully, this time it'll work out well. Thinking of all these not-so-technical problems reignited my interest in the company's history, and I was amazed by the story this container history lesson tells us. Maybe it's not 100% accurate, but it explains really well how dotCloud, a Heroku's competitor, became Docker, the container inventor company. Another good read on the same matter was published this month on InfoWorld. But be careful, the web browsing experience in 2021 can be really awful.

More Docker news, but this time highly technical. BuildKit 0.9 brought the Heredoc support for Dockerfiles! That's what you can do in a Dockerfile now:

Ivan Velichko @iximiuz Even cooler example - embed python scripts into Dockerfile! RUN python3 <<EOF with open("/hello", "w") as f: print("Hello", file=f) print("World", file=f) EOF docker.com/blog/introduct… Ivan Velichko @iximiuz More cool stuff here docker.com/blog/engineeri… September 10th 2021 4 Retweets 26 Likes

On a related note, my How to grasp Containers and Docker Mega Thread once again attracted some lovely attention - among many others, it got retweeted by Ian Coldwater and Grady Booch (yes, I still can't believe it happened). I've been thinking about converting this thread into a blog article for quite some time, and it seems like I've finally gotten a decent idea. Stay tuned!

Ian Coldwater 📦💥 @IanColdwater This is really solid. twitter.com/iximiuz/status… Ivan Velichko @iximiuz How to grasp Containers and Docker (Mega Thread) When I started using containers back in 2015, I thought they were tiny virtual machines with a subsecond startup time. It was easy to follow tutorials from the Internet on how to put your Python or Node.js app into a container... September 16th 2021 16 Retweets 124 Likes

Another Twitter thread of mine that was accepted pretty well - old but gold, Linux iptables!

Ivan Velichko @iximiuz iptables - a userspace program to configure IP packets filtration and modification rules. It's a dated but still widely used tool: - Linux firewall - Container egress (SNAT) and port publishing (DNAT) - Kubernetes service discovery - Service Mesh transparent injection - etc. 🔽 pic.twitter.com/dN4FsHs2Z9 August 30th 2021 62 Retweets 196 Likes

Last but not least, as someone trying to teach other people my craft, I always look for a more efficient and fun way of explaining things than plain writing. So far, I've been augmenting my articles with explanatory drawings and reproducible code snippets. However, I think that embedded interactive playgrounds can be a much more engaging format. I started looking into available Learn-By-Doing platforms, let's see if I can come up with some sort of a course on containers, Linux, or networking using one of them. Drop me a message if you know a platform that is not on the list or if you have some course/format/collaboration ideas.

Ivan Velichko @iximiuz Cloud-Native Learn-by-Doing platforms A list of sites with interactive playgrounds on [Linux/Container/Kubernetes/Clouds] acloudguru .com cloudacademy .com cloudyuga .guru instruqt .com katacoda .com kodekloud .com learning .oreilly .com play-with-docker .com play-with-k8s .com September 25th 2021 144 Retweets 552 Likes

And finally, some uncategorized but decent Containers materials I've come across during the past month:

• ​Video: How Docker Works - Intro to Namespaces​
• ​Video: Deepdive Containers - Kernel Sources and nsenter (video)​

Ok, it's time to stop writing and get some fresh air. If you find this newsletter helpful, please spread the word! Forward this email to your friends, follow me on Twitter, and if you have a blog, find an opportunity to mention some of my write-ups - every single backlink counts. And as always, feel free to reply to this email or drop me a message on Twitter!

Cheers,

Ivan Velichko