Ivan on Containers, Kubernetes, and Backend Development


Hi, it's Ivan from iximiuz.com.

First off, I'm sorry I missed the last month's send-out, but for a few weeks, I simply couldn't pull myself together because of the situation in Ukraine and in... Russia. I have strong connections with both countries, so this is quite personal for me.

Can't say March's been a productive month for me either - the first few weeks my brain was rather half-dead, and there was absolutely zero motivation to continue working on the blog or pet projects with all the grim news coming from every channel. At some point, I was close to losing my faith in humanity completely - we were supposed to start fixing the climate together, but instead, we got into a new nuclear crisis...

But then I figured that being desperate is a road to nowhere. Regardless of the chances to succeed, we should strive to make this world a better place. Otherwise, we're already doomed. And my current way of contributing to this common goal is through my blog. Of course, my posts can't help stop wars, but they can help someone prepare for a job interview, or become a better specialist, or maybe find a passion for technology. Therefore, keeping my blog up and running has all the chances to improve someone else's life, not just mine.

So, before this newsletter turns into a personal diary, I'm stopping ranting and starting sharing tech stuff again.


What I Was Working On

After a few weeks of the break, I returned to the Working with the Kubernetes API series. In March, I published one new write-up on how Custom Resources, Custom Controllers, and Admission Webhooks, when combined, is just a fancy way to write new Kubernetes APIs. For some reason, it took me a while to realize it, even though it sounds obvious in hindsight. The kubebuilder project even states it explicitly in the project's description: "Kubebuilder - SDK for building Kubernetes APIs using CRDs." As always, it's been hidden in plain sight.

Research for the above post produced plenty of materials that can be used for a more practical spin-off article. The plan now is to prepare a tutorial on how to develop a new Kubernetes API. First, I'll manually follow all the necessary steps (registering a custom resource, configuring RBAC, writing a custom controller, setting up admission webhooks, etc.), and then I'll show how using the kubebuilder and controller-runtime projects can drastically reduce the amount of boilerplate code and speed up the initial phase of development.

Another project that got some love in March was my client-go-examples repo - a few examples were added/updated, including a mini-program showing how to use the work queue - a basis behind almost every Kubernetes controller.

Lastly, one piece from February that I haven't had a chance to share here yet - a blog post with a bizarre title: The Influence of Plumbing on Programming - a story about T-shaped I/O pipelines in Go - io.TeeReader and io.MultiWriter. Pretty handy stuff to write concise and efficient I/O-intensive code.

SPONSORED but 100% relevant. Check out this blog post by Teleport: Authentication (AuthN) and Authorization (AuthZ) Tutorial for Kubernetes - an overview of the building blocks to secure the Kubernetes API access.


What I Was Reading

A lot of Kubernetes articles this month.

  • ​Kubernetes Controllers at Scale: Clients, Caches, Conflicts, Patches Explained - a large collection of tips, tricks, pitfalls, and best practices for writing Kubernetes controllers. Not a good first blog post on the topic, but an invaluable piece of information for more experienced Kubernetes developers looking for ways to improve their code.
  • ​The Missing Kubernetes Type System by Daniel Mangum - β€œKubernetes API as a [distributed] type system” and β€œwho is supposed to write Controllers.” (spoiler: subject matter experts, and not specially trained controller developers). More philosophical than practical write-up, but definitely worth reading since this is an opinion from a person deeply involved in the development of Crossplane - a universal controlplane atop Kubernetes.
  • Amazing series Life of a Packet in Kubernetes (Part 1, Part 2, Part 3) - in particular, I like the chosen explanation order - it starts from lower-level container networking, then goes to a network fabric as a means of cross-node communication, and finally touches upon higher-level networking concepts like service discovery and network policies.
  • ​Mermaid - "Javascript based diagramming and charting tool that renders Markdown-inspired text definitions to create and modify diagrams dynamically." Seems like a nice library, and I'm already looking for a way to use it on my blog to make the content more dynamic (since it's generated diagrams, I could use some scripting to animate the end result). By the way, Kubernetes docs use it as well!
  • ​Sandboxing and Workload Isolation - a thorough overview of workload isolation means starting from chroot and ending with AWS Firecracker by fly.io folks.

Tech News I've Come Across


Until next time

Well, this is it for today. It's been a rough month, and it's not over yet, but I truly hope things will start getting better soon. Unless we're all nuked, of course. But until then, make code, not war!

Stay strong,

Ivan Velichko

Ivan Velichko

Building labs.iximiuz.com - a place to help you learn Containers and Kubernetes the fun way πŸš€

Read more from Ivan Velichko
Diagram showing desired network policy configuration between frontend and backend pods

Hey, fellow server dweller πŸ‘‹ Ivan here with an exciting iximiuz Labs update! The month isn't over yet, so it's not quite time for the traditional monthly roundup. However, there have been so many updates on the platform in the past couple of weeks that they couldn't possibly fit into a single email. So, let's dive in πŸš€ Backend Revamp: Faster, Smarter, Stronger Over the past few weeks, I rolled out a significant backend rewrite at iximiuz Labs, and I couldn't be more excited to share the...

Hello πŸ‘‹ Ivan's here with November's roundup of all things Linux, Containers, Kubernetes, and Server Side πŸ§™ What I was working on This month was (extremely) development-heavy. Two-thirds of it went into the implementation of custom playground machinery and a new Kubernetes "Omni" playground, and in the last part, I was unexpectedly busy with expanding the platform's capacity and launching a new server in India πŸŽ‰ The latter became possible thanks to the support of all of you who got the premium...

Hello, fellow server dweller πŸ‘‹ I've got two exciting announcements to make. Starting with the shorter one, this year, I decided to give Black Friday a try. This is an experiment - iximiuz Labs hasn't done sales before and won't have any in the foreseeable future, at least not until next November. So, if you wanted to get a premium membership but the price felt too high, this is your rare chance to get it with a 50% discount. The offer is limited to exactly one week. Now, to the second, much...