Hello friends!

Ivan's here - with a monthly roundup of all things Linux, Containers, Kubernetes, and Server-Side craft. 🧙

---

What I was working on

November was a busy but productive month:

👷 The client-go-examples collection was overhauled to support Kubernetes 1.25-1.28 and Go 1.21. If you're learning how to access the Kubernetes API from Go or writing Kubernetes controllers, this GitHub project and the corresponding online development environment will definitely come in handy.

🧪 All iximiuz Labs VMs have gotten a kernel upgrade with eBPF support. It was rather challenging to come up with the right kernel config, but it definitely was worth the effort - now you can play with Cilium, Tracee, and other eBPF-powered software right in your browser.

🧐 A new three-fold Tetragon playground and the eponymous tutorial were added. With this hot new security observability [sic] tool, you can track syscalls, file system- and network access in Kubernetes, Docker, and bare Linux environments.

🧱 Another mini-LAN playground showed up - with three interconnected vanilla Ubuntu servers. Unlike its sibling where Docker is preinstalled, this playground doesn't "spoil" the experiment when you want to play with provisioning a ZooKeeper cluster or try Kelsey Hightower's Kubernetes The Hard Way - No Cloud edition (which I highly recommend - it's like constructing Kubernetes from LEGO bricks).

💻 The multi-node K3s cluster has gotten one more VM with Docker and other dev tools preinstalled. This is the most popular playground, and many people asked to add Docker to it so that they could develop apps and build images closer to the test cluster. The feature request made total sense, but I really wanted to keep the K3s installation free of any side artifacts, and while expensive, adding a separate dev host sounded like the only clean solution. Enjoy!

🧑‍🎓 Last but not least, How Container Networking Works - Building a Linux Bridge Network From Scratch. If you want to strengthen your understanding of Docker and Kubernetes networking, I reworked one of my most popular blog posts into an interactive tutorial. It should be much easier to follow now.

---

What I will be working on

When I came across Cilium for the first time, I struggled to classify this piece of software into one (or even a few) categories. Is it a networking tool? Is it a security tool? Is it an observability tool? Is it a service mesh? Is it a load balancer? The answer to all of these questions is Yes, but a very solid understanding of how Kubernetes networking works under the hood is required to truly comprehend it. Starting with the CNIs - the term which is widely missused in the Kubernetes context, IMO.

So, in December, I'll be working on a series (or a mini-course, if you will) to demystify the Container Network Interface (CNI). If all goes well, eventually, this effort will evolve into a learning path:

• ​How Container Networking Works.
• CNIs - what are they, and how container runtimes and Kubernetes use them.
• Kubernetes network model and the myriad of ways to implement it.
• Higher-level Kubernetes networking (Services, Ingress, Gateway API, and service meshes).

If you find it useful or have an idea of what topics I should add (or remove), drop me a message. And if you want to support and speed up this work, there is a good way 👉 patreon.com/iximiuz.

---

Increasing efficiency of learning

Usage of iximiuz Labs keeps growing 🚀 In November, almost 1500 playgrounds were started by hundreds of active users. The three most popular playgrounds have been the multi-node K3s cluster, Ubuntu Linux, and Docker, while the honorable mentions are due for the mini-LAN and Kubernetes client-go sandboxes.

The content section of the site has also doubled in traffic, and with this steep uptrend, it'll soon beat my old blog 🤯

The platform even appeared in a couple of YouTube videos - and I wasn't involved in any way. These amazing creators somehow discovered it and decided to use a Kubernetes playground for their content:

All this makes me very proud and happy, and I'm sure we're only at the beginning of a much wider adoption 💪

So, I wanted to reiterate the value that you can derive from this platform.

If you have a GitHub account and are ready to go through a quick "Sign Up" procedure (which is required mainly to protect the platform from bots), you'll get a whole bunch of tools to help you in your Cloud Native journey - totally free of charge!

​Ephemeral Linux VMs - just one click and ~5 seconds away​

• If you want to try out a shiny new CLI before deciding whether to install it locally or not.
• If you're on an Arm laptop but need to test your app on an Intel host.
• If you need to debug a potentially disruptive script or command.
• If you're working on a new tool and need to test the installation on a fresh system.

You can get an Ubuntu, Rocky Linux, or an Alpine VM with a single click. They boot up almost instantly, come with 1-2 CPUs and 2-4 GB RAM, and support port publishing. You can even share your VM with a friend or colleague to collaborate on a problem:

​

​Docker, Podman, containerd, nerdctl - all main containerization options in one place​

Not every container is worth running locally. The speed of a conference or hotel Wi-Fi is preventing you from running a compose file? Use a remote VM with Docker engine preinstalled 😉 Curious if an image will work with Podman but don't feel like installing it alongside Docker? I've got you covered, too. Want to access a container registry with crane or regctl? Debug a container with cdebug? Inspect an image with dive? All playgrounds come with these and other batteries included.

​Ephemeral Kubernetes clusters and controller development environments​

Did you know that you can get a three-node K3s cluster bundled with an IDE-enabled dev machine and a shared container registry in under 10 seconds? I use it daily for all sorts of Kubernetes experiments, and it's also the most frequently started playground at the moment, platform-wise.

There are other Kubernetes playgrounds, too - a barebones K3s cluster, a K0s cluster, and a preconfigured dev environment for writing Kubernetes controllers. Of course, even more playgrounds will be coming soon. Ah, and did I mention the visual Kubernetes explorer? All playgrounds have it built in.

​Networking/architecture playgrounds - deploy apps to multiple VMs​

I need to come up with a better name, but this category of playgrounds is really powerful. The idea is that when a few hosts are connected in a tiny little LAN, you can expand the scope of your experiments almost indefinitely. Don't feel like running your apps in Kubernetes? Try Docker Swarm or Basecamp Kamal. Want to configure your own HA load balancer with keepalived, test ZooKeeper's behavior during a network split, or learn how to bootstrap a Kubernetes cluster with kubeadm? Go spin up three interconnected Ubuntu VMs on iximiuz Labs, and see how far it can get you 🚀

​Tutorials and courses with challenging problems and interactive solution checker​

This part of the platform is also growing. There are already four tutorials and a half-baked course, but more quality content is coming soon.

What's the deal with "premium" access? 🙄

I get it - no one likes paywalls. I hate it when the content is paywalled, too. That's why I'm trying to share as much as possible for free. All things mentioned above are free. But to sustain this effort and to keep the platform afloat, there should be a way to fund this work - to pay for the servers, to cover my time, and, potentially, attract other great authors to the platform.

So, not all parts of iximiuz Labs' can be entirely free of charge.

Here is what you can currently get in the "premium" tier:

• Unlimited daily playtime (the free tier is capped at two hours a day).
• Up to four concurrent playgrounds (the free tier allows just one).
• Twice bigger VMs - i.e., more CPU cores and RAM.
• x10 faster disk and network (the bot protection limits the performance of the free tier).
• Unrestricted egress (thanks to spammers and cryptominers again, the free tier has a strict firewall, but I'm actually gladly adding legitimate addresses to the allowlist when people reach out to me and explain their use case).
• Additional content - almost all content is free now, but there will be a fraction of (new) paid content in the future.

At the moment, there are ~100 paid users on the platform, including several "team subscriptions" (this part makes me especially happy).

But there is no "Buy" button on the site! How can I get premium access?

Starting from the new year, I'll integrate Gumroad (or the like) to let people obtain premium access in an automated fashion. For now, though, Patreon is the way - if you become a supporter, I'll send you the activation code, likely with a little delay, but also with a personal greeting 😉

Have a wonderful weekend ahead!

Cheers

Ivan

P.S. No "What I was reading" section this month, sorry. I'll compensate in December 🙈