Hello friends!
Ivan's here - with a monthly roundup of all things Linux, Containers, Kubernetes, and Server-Side craft. ๐ง
November was a busy but productive month:
๐ท The client-go-examples collection was overhauled to support Kubernetes 1.25-1.28 and Go 1.21. If you're learning how to access the Kubernetes API from Go or writing Kubernetes controllers, this GitHub project and the corresponding online development environment will definitely come in handy.
๐งช All iximiuz Labs VMs have gotten a kernel upgrade with eBPF support. It was rather challenging to come up with the right kernel config, but it definitely was worth the effort - now you can play with Cilium, Tracee, and other eBPF-powered software right in your browser.
๐ง A new three-fold Tetragon playground and the eponymous tutorial were added. With this hot new security observability [sic] tool, you can track syscalls, file system- and network access in Kubernetes, Docker, and bare Linux environments.
๐งฑ Another mini-LAN playground showed up - with three interconnected vanilla Ubuntu servers. Unlike its sibling where Docker is preinstalled, this playground doesn't "spoil" the experiment when you want to play with provisioning a ZooKeeper cluster or try Kelsey Hightower's Kubernetes The Hard Way - No Cloud edition (which I highly recommend - it's like constructing Kubernetes from LEGO bricks).
๐ป The multi-node K3s cluster has gotten one more VM with Docker and other dev tools preinstalled. This is the most popular playground, and many people asked to add Docker to it so that they could develop apps and build images closer to the test cluster. The feature request made total sense, but I really wanted to keep the K3s installation free of any side artifacts, and while expensive, adding a separate dev host sounded like the only clean solution. Enjoy!
๐งโ๐ Last but not least, How Container Networking Works - Building a Linux Bridge Network From Scratch. If you want to strengthen your understanding of Docker and Kubernetes networking, I reworked one of my most popular blog posts into an interactive tutorial. It should be much easier to follow now.
When I came across Cilium for the first time, I struggled to classify this piece of software into one (or even a few) categories. Is it a networking tool? Is it a security tool? Is it an observability tool? Is it a service mesh? Is it a load balancer? The answer to all of these questions is Yes, but a very solid understanding of how Kubernetes networking works under the hood is required to truly comprehend it. Starting with the CNIs - the term which is widely missused in the Kubernetes context, IMO.
So, in December, I'll be working on a series (or a mini-course, if you will) to demystify the Container Network Interface (CNI). If all goes well, eventually, this effort will evolve into a learning path:
If you find it useful or have an idea of what topics I should add (or remove), drop me a message. And if you want to support and speed up this work, there is a good way ๐ patreon.com/iximiuz.
Usage of iximiuz Labs keeps growing ๐ In November, almost 1500 playgrounds were started by hundreds of active users. The three most popular playgrounds have been the multi-node K3s cluster, Ubuntu Linux, and Docker, while the honorable mentions are due for the mini-LAN and Kubernetes client-go sandboxes.
The content section of the site has also doubled in traffic, and with this steep uptrend, it'll soon beat my old blog ๐คฏ
The platform even appeared in a couple of YouTube videos - and I wasn't involved in any way. These amazing creators somehow discovered it and decided to use a Kubernetes playground for their content:
All this makes me very proud and happy, and I'm sure we're only at the beginning of a much wider adoption ๐ช
So, I wanted to reiterate the value that you can derive from this platform.
If you have a GitHub account and are ready to go through a quick "Sign Up" procedure (which is required mainly to protect the platform from bots), you'll get a whole bunch of tools to help you in your Cloud Native journey - totally free of charge!
You can get an Ubuntu, Rocky Linux, or an Alpine VM with a single click. They boot up almost instantly, come with 1-2 CPUs and 2-4 GB RAM, and support port publishing. You can even share your VM with a friend or colleague to collaborate on a problem:
โNot every container is worth running locally. The speed of a conference or hotel Wi-Fi is preventing you from running a compose file? Use a remote VM with Docker engine preinstalled ๐ Curious if an image will work with Podman but don't feel like installing it alongside Docker? I've got you covered, too. Want to access a container registry with crane or regctl? Debug a container with cdebug? Inspect an image with dive? All playgrounds come with these and other batteries included.
Did you know that you can get a three-node K3s cluster bundled with an IDE-enabled dev machine and a shared container registry in under 10 seconds? I use it daily for all sorts of Kubernetes experiments, and it's also the most frequently started playground at the moment, platform-wise.
There are other Kubernetes playgrounds, too - a barebones K3s cluster, a K0s cluster, and a preconfigured dev environment for writing Kubernetes controllers. Of course, even more playgrounds will be coming soon. Ah, and did I mention the visual Kubernetes explorer? All playgrounds have it built in.
I need to come up with a better name, but this category of playgrounds is really powerful. The idea is that when a few hosts are connected in a tiny little LAN, you can expand the scope of your experiments almost indefinitely. Don't feel like running your apps in Kubernetes? Try Docker Swarm or Basecamp Kamal. Want to configure your own HA load balancer with keepalived, test ZooKeeper's behavior during a network split, or learn how to bootstrap a Kubernetes cluster with kubeadm? Go spin up three interconnected Ubuntu VMs on iximiuz Labs, and see how far it can get you ๐
This part of the platform is also growing. There are already four tutorials and a half-baked course, but more quality content is coming soon.
I get it - no one likes paywalls. I hate it when the content is paywalled, too. That's why I'm trying to share as much as possible for free. All things mentioned above are free. But to sustain this effort and to keep the platform afloat, there should be a way to fund this work - to pay for the servers, to cover my time, and, potentially, attract other great authors to the platform.
So, not all parts of iximiuz Labs' can be entirely free of charge.
Here is what you can currently get in the "premium" tier:
At the moment, there are ~100 paid users on the platform, including several "team subscriptions" (this part makes me especially happy).
But there is no "Buy" button on the site! How can I get premium access?
Starting from the new year, I'll integrate Gumroad (or the like) to let people obtain premium access in an automated fashion. For now, though, Patreon is the way - if you become a supporter, I'll send you the activation code, likely with a little delay, but also with a personal greeting ๐
Have a wonderful weekend ahead!
Cheers
Ivan
P.S. No "What I was reading" section this month, sorry. I'll compensate in December ๐
Building labs.iximiuz.com - a place to help you learn Containers and Kubernetes the fun way ๐
Hello ๐ Ivan's here with a slightly delayed September roundup of all things Linux, Containers, Kubernetes, and Server Side ๐ง What I was working on This month, I worked on an assorted set of topics. Skill Paths First off, the skill paths! I finally finished the underlying machinery, and now iximiuz Labs supports a new type of content - short roadmaps that you can use to develop or improve a specific skill: how to debug distroless containers, how to copy images from one repository to another,...
Hello friends! Ivan's here with another monthly roundup of all things Linux, Containers, Kubernetes, and Server Side ๐ง The issue's main topic is iximiuz Labs' largest-ever upgrade: Fresher and more streamlined look of the frontend UI ๐ A new 5.10 Linux kernel built with nftables support (finally, we can try out kube-proxy's nftables mode). New default playground user - laborant (yep, rootless containers learning for). New playgrounds: Ubuntu 24.04, Debian Trixie, Fedora, and Incus (yay! more...
Hello friends! Ivan's here with a slightly delayed July roundup of all things Linux, Containers, Kubernetes, and Server Side ๐ง What I was working on This month, I got nerd-sniped by cgroups. It all started when I ran into a pretty significant difference in how Docker and Kubernetes handle the OOM events. When you limit the memory usage of a multi-process Docker container, the OOM killer often terminates only one of the processes if the container runs out of memory. If this process is not the...