Hello friends!
Ivan's here with November's roundup of all things Containers, Kubernetes, and Server-Side craft!
This time I've got for you:
Let's get started!
โ
Some time ago, I asked on Twitter how people would react if I created a Patreon page:
The poll results came out rather positive, so I decided to give it a try ๐
There are two main goals that I'm pursuing with my Patreon campaign:
The blog articles and the newsletter will remain free - I want my technical content to reach as many people as just possible, especially in places where $5 a month is a shit load of money. So, here is my ask for those of you who find my work helpful and can afford to spend a few bucks a month on virtual coffee for an internet stranger - go become a patron.
However, I don't want it to look like a charity campaign. Over the years, I've learned quite a few tricks on how to write online, how to produce memorable diagrams, and how to grow the audience on different platforms. Traditionally, I've been keeping notes, but I haven't been sharing them with anyone ๐ So, here is my offer: I'll start sharing the technical writing advice and insights into my creative process with those of you who become patrons. This will definitely come in handy for folks looking to start their own technical blogs or grow their twitter following.
The promise? I'm serious about that learning platform! And when I deliver it, patrons will be generously rewarded with all sorts of discounts.
โ
The development of the new port-forward command took an unexpectedly long time (that's why this newsletter issue is smaller than usual), but it did worth it! Now you can "publish" ports of already running containers and even access services listening on the container's localhost with ease:
You can read more about cdebug and what makes it stand out from similar container debugging tools in the last issue of the CTTT newsletter.
The plan for cdebug now is to replicate the exec and port-forwarding functionality for other container runtimes, and the containerd support is already in the works.
โ
The pretty successful Visual Guide to SSH Tunnels was a by-product of cdebug development. To design the port-forwarding command well, I had to study the ssh tunneling capabilities in great detail. This month, I had to do a similar exercise but for container port publishing. Do you know what actually happens when you publish a port in Docker? What is the difference between Docker Engine's port publishing implementation and Docker Desktop's? I do know now, and I gladly share my knowledge with you in this blog article.
Here is a sneak peek:
By the way, the post also covers containerd, nerdctl, and Lima!
โ
โAccountability in Software Development by Kent Beck (the person who virtually introduced me to programming many years ago) - this is how I want to work myself (I must admit it hasn't always been the case) and what I want to see in my colleagues. The principle of accountability is so generic that it applies in daily life too: I'm accountable to my family, and I expect the same from my partner. But back to programming... Here is an unobvious example of accountability: "The tests are an account of my thoughts as I program." When we write code that covers only the happy path, or (even worse) we think that it does, we fall short of accountability.
First, Adam and now Craig - Kubernetes Podcast will never be the same for me. These two voices will forever be the sounding of Kubernetes for me. But Craig Box is now a newsletter author! Go check it out.
โThe State of Frontend in 2022 - Some interesting stats (and thoughts) by Gergely Orosz based on a survey of more than 3000 frontend developers. I used to be doing (a little bit of) frontend in the past, and while I gave up on keeping my fronted skills up to date, it's still interesting for me to read such (thoroughly compiled!) reports. By the way, while it's not a part of this particular piece, I do think that the familiarity with how things are done on the frontend makes you better on the backend too - you can borrow some cool tricks and apply them on the server- of infra-side and it also helps you develop better APIs.
โCrowdStrike Identifies New Kiss-a-Dog Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Infrastructure - clear and highly-technical analysis of the recent crypojacking campaign. Once you get through the marketing fluff in the first part of the article, you'll be able to see how the malicious workload gets into a publicly exposed Docker instance, how it breaks out of a container using volume mounts, and how it moves laterally by compiling C++ code right on your servers and starting Redis servers as backdoors. An atypically good technical read for this sort of publication!
โExploiting Distroless Images - what a fun terrifying read. GoogleContainerTools/distroless base images lack shells, but thanks to the openssl binary that is almost always there you an attacker can read files with a simple `docker exec -it <distroless-container> /usr/bin/openssl enc -in /etc/passwd`. And with slightly more effort you can even execute arbitrary base64-encoded binaries.
โThe Finch CLI from AWS - a first-ever โLima distributionโ? Lima is a way to run containers on non-Linux hosts, especially on macOS. It's based on containerd paired with BuildKit running in a VM and frontend by a docker-like nerdctl CLI. Flinch brings another OS-native client (called flinch) and promises a handy installer to get Lima and its subcomponents to your system. To be honest, I still donโt see the point for those of us who's not bound to AWS ecosystem - installing and updating Lima hasnโt been that complicated. But for people with tighter AWS binds this intro mentions some AWS integrations that can be bundled with Lima using Flinch, so maybe there is some value in the end. Anyways, the good part here is that itโll make AWS folks contribute back to Lima, containerd, and nerdctl, strengthening these amazing open-source projects.
โTechnical Posts Overview and Roundup by Matt Rickard - I'll just list a few titles here: "Non-obvious Docker uses," "An Overview of Docker Desktop Alternatives," "Why Did Heroku Fail," "What Comes After Git," "Don't Use Kubernetes, Yet" and more. An invaluable collection.
โHow to Tail Kubernetes Logs: Using the Kubectl Command to See Pod, Container, and Deployment Logs - a handy collection of commands to get all sorts of Kubernetes logs (apiserver, kubelet, kube-proxy, pods, deployments, etc).
That's it for November. Hope you enjoyed the issue. But in any case, hit reply and share your thoughts, I'm always looking forward to your emails!
Cheers
Ivan
โ
Building labs.iximiuz.com - a place to help you learn Containers and Kubernetes the fun way ๐
Hello ๐ It's this time of the month again! My traditional roundup of all things Linux, Containers, Kubernetes, and Server Side, delivered straight into your inbox ๐ฌ What I was working on October was very productive for me - I shipped no major iximiuz Labs features (it's always hard to resist the temptation!) and instead dedicated all my available time to content work. The main focus was on Container Images. It's the subject of the first module of my "panoramic" Docker course, and it is almost...
Hey there, Iโve just finished putting together everything I know about Node.js container images and figured you might find the write-up useful. If youโre working with Node.js in Docker, chances are youโve been hit by the dilemma of which base image to use. Do you go for the default node:latest, the slimmer node:22-slim, or something super minimal like a distroless image? What about Bitnamiโs alternative โ how does it stack up? Before you jump headfirst into your next build, you might want to...
Hello ๐ Ivan's here with a slightly delayed September roundup of all things Linux, Containers, Kubernetes, and Server Side ๐ง What I was working on This month, I worked on an assorted set of topics. Skill Paths First off, the skill paths! I finally finished the underlying machinery, and now iximiuz Labs supports a new type of content - short roadmaps that you can use to develop or improve a specific skill: how to debug distroless containers, how to copy images from one repository to another,...