Ivan Velichko

Ivan on Containers, Kubernetes, and Backend Development

Published 7 months agoย โ€ขย 6 min read

Hello friends!

Ivan's here - with a monthly roundup of all things Linux, Containers, Kubernetes, and Server-Side craft. ๐Ÿง™

What I was working on

November was a busy but productive month:

๐Ÿ‘ท The client-go-examples collection was overhauled to support Kubernetes 1.25-1.28 and Go 1.21. If you're learning how to access the Kubernetes API from Go or writing Kubernetes controllers, this GitHub project and the corresponding online development environment will definitely come in handy.

๐Ÿงช All iximiuz Labs VMs have gotten a kernel upgrade with eBPF support. It was rather challenging to come up with the right kernel config, but it definitely was worth the effort - now you can play with Cilium, Tracee, and other eBPF-powered software right in your browser.

๐Ÿง A new three-fold Tetragon playground and the eponymous tutorial were added. With this hot new security observability [sic] tool, you can track syscalls, file system- and network access in Kubernetes, Docker, and bare Linux environments.

๐Ÿงฑ Another mini-LAN playground showed up - with three interconnected vanilla Ubuntu servers. Unlike its sibling where Docker is preinstalled, this playground doesn't "spoil" the experiment when you want to play with provisioning a ZooKeeper cluster or try Kelsey Hightower's Kubernetes The Hard Way - No Cloud edition (which I highly recommend - it's like constructing Kubernetes from LEGO bricks).

๐Ÿ’ป The multi-node K3s cluster has gotten one more VM with Docker and other dev tools preinstalled. This is the most popular playground, and many people asked to add Docker to it so that they could develop apps and build images closer to the test cluster. The feature request made total sense, but I really wanted to keep the K3s installation free of any side artifacts, and while expensive, adding a separate dev host sounded like the only clean solution. Enjoy!

๐Ÿง‘โ€๐ŸŽ“ Last but not least, How Container Networking Works - Building a Linux Bridge Network From Scratch. If you want to strengthen your understanding of Docker and Kubernetes networking, I reworked one of my most popular blog posts into an interactive tutorial. It should be much easier to follow now.

What I will be working on

When I came across Cilium for the first time, I struggled to classify this piece of software into one (or even a few) categories. Is it a networking tool? Is it a security tool? Is it an observability tool? Is it a service mesh? Is it a load balancer? The answer to all of these questions is Yes, but a very solid understanding of how Kubernetes networking works under the hood is required to truly comprehend it. Starting with the CNIs - the term which is widely missused in the Kubernetes context, IMO.

So, in December, I'll be working on a series (or a mini-course, if you will) to demystify the Container Network Interface (CNI). If all goes well, eventually, this effort will evolve into a learning path:

  • โ€‹How Container Networking Works.
  • CNIs - what are they, and how container runtimes and Kubernetes use them.
  • Kubernetes network model and the myriad of ways to implement it.
  • Higher-level Kubernetes networking (Services, Ingress, Gateway API, and service meshes).

If you find it useful or have an idea of what topics I should add (or remove), drop me a message. And if you want to support and speed up this work, there is a good way ๐Ÿ‘‰

Increasing efficiency of learning

Usage of iximiuz Labs keeps growing ๐Ÿš€ In November, almost 1500 playgrounds were started by hundreds of active users. The three most popular playgrounds have been the multi-node K3s cluster, Ubuntu Linux, and Docker, while the honorable mentions are due for the mini-LAN and Kubernetes client-go sandboxes.

The content section of the site has also doubled in traffic, and with this steep uptrend, it'll soon beat my old blog ๐Ÿคฏ

The platform even appeared in a couple of YouTube videos - and I wasn't involved in any way. These amazing creators somehow discovered it and decided to use a Kubernetes playground for their content:

All this makes me very proud and happy, and I'm sure we're only at the beginning of a much wider adoption ๐Ÿ’ช

So, I wanted to reiterate the value that you can derive from this platform.

If you have a GitHub account and are ready to go through a quick "Sign Up" procedure (which is required mainly to protect the platform from bots), you'll get a whole bunch of tools to help you in your Cloud Native journey - totally free of charge!

โ€‹Ephemeral Linux VMs - just one click and ~5 seconds awayโ€‹

  • If you want to try out a shiny new CLI before deciding whether to install it locally or not.
  • If you're on an Arm laptop but need to test your app on an Intel host.
  • If you need to debug a potentially disruptive script or command.
  • If you're working on a new tool and need to test the installation on a fresh system.

You can get an Ubuntu, Rocky Linux, or an Alpine VM with a single click. They boot up almost instantly, come with 1-2 CPUs and 2-4 GB RAM, and support port publishing. You can even share your VM with a friend or colleague to collaborate on a problem:

video previewโ€‹

โ€‹Docker, Podman, containerd, nerdctl - all main containerization options in one placeโ€‹

Not every container is worth running locally. The speed of a conference or hotel Wi-Fi is preventing you from running a compose file? Use a remote VM with Docker engine preinstalled ๐Ÿ˜‰ Curious if an image will work with Podman but don't feel like installing it alongside Docker? I've got you covered, too. Want to access a container registry with crane or regctl? Debug a container with cdebug? Inspect an image with dive? All playgrounds come with these and other batteries included.

โ€‹Ephemeral Kubernetes clusters and controller development environmentsโ€‹

Did you know that you can get a three-node K3s cluster bundled with an IDE-enabled dev machine and a shared container registry in under 10 seconds? I use it daily for all sorts of Kubernetes experiments, and it's also the most frequently started playground at the moment, platform-wise.

There are other Kubernetes playgrounds, too - a barebones K3s cluster, a K0s cluster, and a preconfigured dev environment for writing Kubernetes controllers. Of course, even more playgrounds will be coming soon. Ah, and did I mention the visual Kubernetes explorer? All playgrounds have it built in.

โ€‹Networking/architecture playgrounds - deploy apps to multiple VMsโ€‹

I need to come up with a better name, but this category of playgrounds is really powerful. The idea is that when a few hosts are connected in a tiny little LAN, you can expand the scope of your experiments almost indefinitely. Don't feel like running your apps in Kubernetes? Try Docker Swarm or Basecamp Kamal. Want to configure your own HA load balancer with keepalived, test ZooKeeper's behavior during a network split, or learn how to bootstrap a Kubernetes cluster with kubeadm? Go spin up three interconnected Ubuntu VMs on iximiuz Labs, and see how far it can get you ๐Ÿš€

โ€‹Tutorials and courses with challenging problems and interactive solution checkerโ€‹

This part of the platform is also growing. There are already four tutorials and a half-baked course, but more quality content is coming soon.

What's the deal with "premium" access? ๐Ÿ™„

I get it - no one likes paywalls. I hate it when the content is paywalled, too. That's why I'm trying to share as much as possible for free. All things mentioned above are free. But to sustain this effort and to keep the platform afloat, there should be a way to fund this work - to pay for the servers, to cover my time, and, potentially, attract other great authors to the platform.

So, not all parts of iximiuz Labs' can be entirely free of charge.

Here is what you can currently get in the "premium" tier:

  • Unlimited daily playtime (the free tier is capped at two hours a day).
  • Up to four concurrent playgrounds (the free tier allows just one).
  • Twice bigger VMs - i.e., more CPU cores and RAM.
  • x10 faster disk and network (the bot protection limits the performance of the free tier).
  • Unrestricted egress (thanks to spammers and cryptominers again, the free tier has a strict firewall, but I'm actually gladly adding legitimate addresses to the allowlist when people reach out to me and explain their use case).
  • Additional content - almost all content is free now, but there will be a fraction of (new) paid content in the future.

At the moment, there are ~100 paid users on the platform, including several "team subscriptions" (this part makes me especially happy).

But there is no "Buy" button on the site! How can I get premium access?

Starting from the new year, I'll integrate Gumroad (or the like) to let people obtain premium access in an automated fashion. For now, though, Patreon is the way - if you become a supporter, I'll send you the activation code, likely with a little delay, but also with a personal greeting ๐Ÿ˜‰

Have a wonderful weekend ahead!



P.S. No "What I was reading" section this month, sorry. I'll compensate in December ๐Ÿ™ˆ

Ivan Velichko

Software Engineer at day. Tech Storyteller at night.

Building - a place to help you learn Containers and Kubernetes the fun way ๐Ÿš€

Read more from Ivan Velichko

Hello friends! It's time for my traditional monthly roundup of all things Linux, Containers, Kubernetes, and Server-Side craft ๐Ÿง™ Before we get started, I want you to know that this newsletter's previous issue (dispatched mid-May) was delivered to only about 1/5th of my usual email audience due to an unfortunate DNS misconfiguration. The good news is that you can still find it and all previous issues on Also, if you reply to this email, it'd help to restore the domain's...

18 days agoย โ€ขย 4 min read

Hello friends! Ivan's here - with another well overdue roundup of all things Linux, Containers, Kubernetes, and Server-Side craft ๐Ÿง™ This time, I have a great excuse - in April, we became parents of a lovely little boy. Expectedly, he immediately made us overly busy for a few weeks, but no complaints! I wouldn't trade this business for anything else in my life โค๏ธ Now, to more technical news. What I was working on My main focus remains on iximiuz Labs ๐Ÿš€ Content authoring redesign In March &...

about 1 month agoย โ€ขย 10 min read

Hello friends! Ivan's here - with a well overdue February roundup of all things Linux, Containers, Kubernetes, and Server-Side craft ๐Ÿง™ What I was working on A lot of stuff on the dev side - not so much on the content side. But things are soon to reverse ๐Ÿคž Announcing labCTL - the long-awaited iximiuz Labs CLI A dozen people have asked me over the past year-ish if there'll be access to the playgrounds from the local terminal and not only from the browser. And while I myself wanted this feature...

3 months agoย โ€ขย 7 min read
Share this post