Ivan on Containers, Kubernetes, and Backend Development


Hello friends!

It's been a while... but I'm back! We're not exactly at the end of the month, but I'm here for the traditional roundup, and after that, I'll try my best to stick with the original cadence - one mid-month issue with practical container tips and tricks and one monthly summary issue.

The main theme of today's issue is the same thing that caused a half-a-year hiatus of this newsletter - iximiuz Labs. The platform has been in public beta for about a month now, and it's already gaining some traction:

I configured analytics a few days after the launch, so the actual numbers are even higher - for instance, there are more than 500 registered users (Plausible says it's only ~350). And the number of active plays (a play is an instance of a playground in my design) is simply mind-boggling. The traffic has also started increasing - and I'm ramping up the content creation, so it may very well outgrow the blog by the end of the year!


You can help iximiuz Labs evolve (and keep this newsletter going) by supporting my work on Patreon. Patrons get extra insights into my development and creative processes, premium Labs access, and invite to a private Discord community of container and Cloud Native enthusiasts πŸ˜‰


Learning Containers: The Guided Way

Speaking of the content, I'm still experimenting with the formats, but the first chunk has already been shipped - two lessons of my course on containerd are now available on the platform. You can learn how to use containerd from the command line, get acquainted with its default CLI client (ctr), and through that, improve your understanding of containers and/or hone your debugging skills. The beauty of containerd is that it's a relatively low-level runtime, so by simply playing with it, you're getting lots of insights into what containers actually are (and in this course, I'm doing my best to guide you through the process).

Every course lesson is accompanied by a playground (i.e., a web terminal on the side) where you can try showcased ctr commands without leaving the browser. But that's not only it! For me, the coolest part is the practice sections after every lesson! Copy-pasting (or better retyping) the commands from the theoretical part is a necessary first step, but free-form exercises are going to prepare you for the tough reality of production much better - and the automatic verification of solutions should make the experience quite engaging, just check out the video:

​

Learning Containers: The Freestyle Way

Courses and tutorials are great, but sometimes you need a place for freestyle experimentation. Well, at least I do, often. Sandbox environments should get you covered - with Docker, Kubernetes, Podman, containerd, nerdctl, or just vanilla Ubuntu, Alpine, or Rocky Linux machines that start almost instantly and can be disposed of after every experiment. I'm constantly polishing these environments, adding various handy tools (but hopefully not overdoing it):

​

The Internal Kitchen of The Labs

Over the past six months, many people asked me about the internals of iximiuz Labs - I'm always happy to share my learnings, but this time the scope was so big that I've been postponing the blog post for way too long. And this makes me double excited to announce that it's finally out! Almost 5000 words and a ton of visuals - How I built my own learning-by-doing platform.

Here is a sneak peek - the high-level architecture of the platform:

And here is my attempt to answer the most popular question - how the networking part of the playgrounds is done:


What I was reading

Likely much like yours, my feeds have been dominated by posts on ChatGPT and the like. While the technology is worthy (well, without Copilot, I'd still be halfway through the development of the Labs, and ChatGPT helped me out on several occasions, including chasing and fixing some sneaky bugs), the content quality about it is typically mediocre at best. So I won't be retranslating most of it except when it's an intersection of AI and one of my traditional spheres of interest.

​Exploring Firecracker MicroVMs for Multi-Tenant Dagger CI/CD Pipelines - A topic close to the heart. Felipe Cruz from Docker describes his journey with making use of Firecracker MicroVMs. It's so close to what I've been doing, and the read is so good that I decided not to write such a post myself and instead focus on the specifics of my platform. Definitely worth your time if you want to play with Firecracker.

​Fun with Containers - Adding tracking to your images - An ingenious way to track every time someone pulls your image (stored on any registry, including Docker Hub). Curious to see how people actually may use it in the real world.

​Cloud Native Security Talks - Rory McCune keeps educating people on cybersecurity. This (newborn) collection is a truly herculean effort.

​LocalStack: Why Local Development for Cloud Workloads Makes Sense - I’ve been very skeptical about LocalStack, but if Corey says it’s good enough… So, decent local mocking is possible, after all. Is it just a matter of how big the pain of not having those mocks is?

​Imperative, Declarative, Interrogative, and Exclamative Interfaces - There are four different types of sentences in English: imperative, declarative, interrogative, and exclamative. In programming, the imperative and declarative paradigms are already widespread, and the interrogative paradigm is becoming more and more popular with the rise of chats. But Matt [Rickard] goes one step further - what if the exclamative programming parading is about to emerge? When the task is too complex to program the solution right away or describe the desired solution to an LLM, the only thing that's left is to keep shouting at the model until it produces a good enough result.

​Reflections on 10,000 Hours of DevOps - Matt Rickard again. A great list of tips & tricks, likely learned the hard way.

​Distributed Systems and AI - OpenAI runs on Kubernetes. "Even in a world where AI-assisted code reigns β€” being a distributed systems expert might be the key to unlocking AI in every program." Hey, we're not losing our jobs just yet! Jokes aside, we may very well all stop writing code soon (and start reading/editing tons of generated code instead), but the hardest thing to replace with AI will be all sorts of system design (and operation) skills - something I'll be focusing more and more in my Labs.

​I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase - Ok, some good use of the (in)famous tech here. And I've heard Snyk has already productized something like it (but I haven't had a chance to try it myself).

​All the Hard Stuff Nobody Talks About when Building Products with LLMs - Finally, someone's being real and pragmatic about adding LLM-powered features to an existing product. TL;DR It's challenging, potentially dangerous (due to prompt injections), with questionable usefulness of the produced results, and a lot of "prompt engineering" alchemy (that may work today and stop working tomorrow).

​I’m Now a Full-Time Professional Open Source Maintainer - An interesting read on how one can start making a (pretty good) living as a full-time OSS maintainer. TL;DR Make a few companies using your OSS projects to sign retainer agreements with you offering them some peace of mind and potential impact on the projects' roadmaps, and then get back to your beloved code. I kinda liked it.


Wrapping up

This was probably the largest issue so far, but I had a lot to share after such a long break. And it feels good to be back! The next (mid-month) issue will likely be on OrbStack - a promising high-level container runtime for macOS that claims to be (yet another) Docker Desktop replacement (although I'm personally more interested in its VM- than container capabilities - still missing Vagrant and VirtualBox on Apple Silicon).

Until then, have fun with the Labs, and please consider supporting my work!

Cheers

Ivan

Ivan Velichko

Building labs.iximiuz.com - a place to help you learn Containers and Kubernetes the fun way πŸš€

Read more from Ivan Velichko

Hello πŸ‘‹ Ivan's here with a slightly delayed September roundup of all things Linux, Containers, Kubernetes, and Server Side πŸ§™ What I was working on This month, I worked on an assorted set of topics. Skill Paths First off, the skill paths! I finally finished the underlying machinery, and now iximiuz Labs supports a new type of content - short roadmaps that you can use to develop or improve a specific skill: how to debug distroless containers, how to copy images from one repository to another,...

Hello friends! Ivan's here with another monthly roundup of all things Linux, Containers, Kubernetes, and Server Side πŸ§™ The issue's main topic is iximiuz Labs' largest-ever upgrade: Fresher and more streamlined look of the frontend UI πŸ’™ A new 5.10 Linux kernel built with nftables support (finally, we can try out kube-proxy's nftables mode). New default playground user - laborant (yep, rootless containers learning for). New playgrounds: Ubuntu 24.04, Debian Trixie, Fedora, and Incus (yay! more...

Hello friends! Ivan's here with a slightly delayed July roundup of all things Linux, Containers, Kubernetes, and Server Side πŸ§™ What I was working on This month, I got nerd-sniped by cgroups. It all started when I ran into a pretty significant difference in how Docker and Kubernetes handle the OOM events. When you limit the memory usage of a multi-process Docker container, the OOM killer often terminates only one of the processes if the container runs out of memory. If this process is not the...