Hello friends!
Ivan's here with November's roundup of all things Containers, Kubernetes, and Server-Side craft!
This time I've got for you:
Let's get started!
β
Some time ago, I asked on Twitter how people would react if I created a Patreon page:
The poll results came out rather positive, so I decided to give it a try π
There are two main goals that I'm pursuing with my Patreon campaign:
The blog articles and the newsletter will remain free - I want my technical content to reach as many people as just possible, especially in places where $5 a month is a shit load of money. So, here is my ask for those of you who find my work helpful and can afford to spend a few bucks a month on virtual coffee for an internet stranger - go become a patron.
However, I don't want it to look like a charity campaign. Over the years, I've learned quite a few tricks on how to write online, how to produce memorable diagrams, and how to grow the audience on different platforms. Traditionally, I've been keeping notes, but I haven't been sharing them with anyone π So, here is my offer: I'll start sharing the technical writing advice and insights into my creative process with those of you who become patrons. This will definitely come in handy for folks looking to start their own technical blogs or grow their twitter following.
The promise? I'm serious about that learning platform! And when I deliver it, patrons will be generously rewarded with all sorts of discounts.
β
The development of the new port-forward command took an unexpectedly long time (that's why this newsletter issue is smaller than usual), but it did worth it! Now you can "publish" ports of already running containers and even access services listening on the container's localhost with ease:
You can read more about cdebug and what makes it stand out from similar container debugging tools in the last issue of the CTTT newsletter.
The plan for cdebug now is to replicate the exec and port-forwarding functionality for other container runtimes, and the containerd support is already in the works.
β
The pretty successful Visual Guide to SSH Tunnels was a by-product of cdebug development. To design the port-forwarding command well, I had to study the ssh tunneling capabilities in great detail. This month, I had to do a similar exercise but for container port publishing. Do you know what actually happens when you publish a port in Docker? What is the difference between Docker Engine's port publishing implementation and Docker Desktop's? I do know now, and I gladly share my knowledge with you in this blog article.
Here is a sneak peek:
By the way, the post also covers containerd, nerdctl, and Lima!
β
βAccountability in Software Development by Kent Beck (the person who virtually introduced me to programming many years ago) - this is how I want to work myself (I must admit it hasn't always been the case) and what I want to see in my colleagues. The principle of accountability is so generic that it applies in daily life too: I'm accountable to my family, and I expect the same from my partner. But back to programming... Here is an unobvious example of accountability: "The tests are an account of my thoughts as I program." When we write code that covers only the happy path, or (even worse) we think that it does, we fall short of accountability.
First, Adam and now Craig - Kubernetes Podcast will never be the same for me. These two voices will forever be the sounding of Kubernetes for me. But Craig Box is now a newsletter author! Go check it out.
βThe State of Frontend in 2022 - Some interesting stats (and thoughts) by Gergely Orosz based on a survey of more than 3000 frontend developers. I used to be doing (a little bit of) frontend in the past, and while I gave up on keeping my fronted skills up to date, it's still interesting for me to read such (thoroughly compiled!) reports. By the way, while it's not a part of this particular piece, I do think that the familiarity with how things are done on the frontend makes you better on the backend too - you can borrow some cool tricks and apply them on the server- of infra-side and it also helps you develop better APIs.
βCrowdStrike Identifies New Kiss-a-Dog Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Infrastructure - clear and highly-technical analysis of the recent crypojacking campaign. Once you get through the marketing fluff in the first part of the article, you'll be able to see how the malicious workload gets into a publicly exposed Docker instance, how it breaks out of a container using volume mounts, and how it moves laterally by compiling C++ code right on your servers and starting Redis servers as backdoors. An atypically good technical read for this sort of publication!
βExploiting Distroless Images - what a fun terrifying read. GoogleContainerTools/distroless base images lack shells, but thanks to the openssl binary that is almost always there you an attacker can read files with a simple `docker exec -it <distroless-container> /usr/bin/openssl enc -in /etc/passwd`. And with slightly more effort you can even execute arbitrary base64-encoded binaries.
βThe Finch CLI from AWS - a first-ever βLima distributionβ? Lima is a way to run containers on non-Linux hosts, especially on macOS. It's based on containerd paired with BuildKit running in a VM and frontend by a docker-like nerdctl CLI. Flinch brings another OS-native client (called flinch) and promises a handy installer to get Lima and its subcomponents to your system. To be honest, I still donβt see the point for those of us who's not bound to AWS ecosystem - installing and updating Lima hasnβt been that complicated. But for people with tighter AWS binds this intro mentions some AWS integrations that can be bundled with Lima using Flinch, so maybe there is some value in the end. Anyways, the good part here is that itβll make AWS folks contribute back to Lima, containerd, and nerdctl, strengthening these amazing open-source projects.
βTechnical Posts Overview and Roundup by Matt Rickard - I'll just list a few titles here: "Non-obvious Docker uses," "An Overview of Docker Desktop Alternatives," "Why Did Heroku Fail," "What Comes After Git," "Don't Use Kubernetes, Yet" and more. An invaluable collection.
βHow to Tail Kubernetes Logs: Using the Kubectl Command to See Pod, Container, and Deployment Logs - a handy collection of commands to get all sorts of Kubernetes logs (apiserver, kubelet, kube-proxy, pods, deployments, etc).
That's it for November. Hope you enjoyed the issue. But in any case, hit reply and share your thoughts, I'm always looking forward to your emails!
Cheers
Ivan
β
Building labs.iximiuz.com - a place to help you learn Containers and Kubernetes the fun way π
Hey, fellow server dweller π Ivan here with an exciting iximiuz Labs update! The month isn't over yet, so it's not quite time for the traditional monthly roundup. However, there have been so many updates on the platform in the past couple of weeks that they couldn't possibly fit into a single email. So, let's dive in π Backend Revamp: Faster, Smarter, Stronger Over the past few weeks, I rolled out a significant backend rewrite at iximiuz Labs, and I couldn't be more excited to share the...
Hello π Ivan's here with November's roundup of all things Linux, Containers, Kubernetes, and Server Side π§ What I was working on This month was (extremely) development-heavy. Two-thirds of it went into the implementation of custom playground machinery and a new Kubernetes "Omni" playground, and in the last part, I was unexpectedly busy with expanding the platform's capacity and launching a new server in India π The latter became possible thanks to the support of all of you who got the premium...
Hello, fellow server dweller π I've got two exciting announcements to make. Starting with the shorter one, this year, I decided to give Black Friday a try. This is an experiment - iximiuz Labs hasn't done sales before and won't have any in the foreseeable future, at least not until next November. So, if you wanted to get a premium membership but the price felt too high, this is your rare chance to get it with a 50% discount. The offer is limited to exactly one week. Now, to the second, much...