Hello friends!
It's Ivan Velichko, a software engineer and a technical storyteller, with my traditional monthly roundup.
I'd like to start this issue with the exciting personal news. I'm joining the Slim.AI team to build cool stuff for all of us dealing with containers.
I've been an old fan of the Slim.AI SaaS - a service where you can search images on multiple container registries simultaneously and inspect the image content right in the browser. I also admire the magic behind their OSS DockerSlim project - this tool can trim down a container image by some tens of percents without requiring much of the user input. And of course, there is a lot to come.
So, my innate interest in containers and solid ops experience made this role sound like a perfect opportunity - I'll be spending even more time tinkering with Docker and Kubernetes (meaning more insights on the blog and twitter 😉), and, hopefully, it'll result into something the whole DevOps guild could benefit from. Looking forward to my first day next week!
SPONSORED Kubernetes API Access Security Hardening - a worthwhile post by Teleport. Extremely relevant for those of us who's concerned with securing Kubernetes API access. Do recommend if you need to implement strong authN/authZ in Kubernetes clusters.
Somehow, this month I switched the gears from Kubernetes back to Containers. I'm not done with the Working With Kubernetes API series yet, and I still have at least three WiP articles - a "how to write a custom controller" primer, a client-go walkthrough, and a client-go "advanced stuff" article with the explanation of informers, work queues, and alike. But none of them were finished this month.
It all started from me running into this DockerSlim bug. While fixing it, I had to remember a few clever tricks:
April 3rd 2022
|
But after a week spent debugging containers, I couldn't already help but think of dumping my fresh Container thoughts to the blog:
While preparing materials for one of these posts, I came up with a nasty technique - writing an entire Go program in a Dockerfile. It's obviously a very bad idea, especially for production use, but nevertheless, I shared it on Twitter, and it took off...
The above stuff took a surprisingly long time to write down, and by the end of the month, I felt bad that I didn't spend enough time working on my Kubernetes API series, so I ended up drawing this diagram on how to extend the Kubernetes API using Custom Resources, Admission Webhooks, and Controllers. Kind of a teaser of the future work:
Well, this is it for this month. A lot of stuff, but even more to come! Stay safe and healthy, friends! And make code, not war!
Cheers,
Ivan Velichko
P.S. If you find this newsletter helpful, please spread the word - forward this email to your friend :)
Building labs.iximiuz.com - a place to help you learn Containers and Kubernetes the fun way 🚀
Hello 👋 Ivan's here with a slightly delayed September roundup of all things Linux, Containers, Kubernetes, and Server Side 🧙 What I was working on This month, I worked on an assorted set of topics. Skill Paths First off, the skill paths! I finally finished the underlying machinery, and now iximiuz Labs supports a new type of content - short roadmaps that you can use to develop or improve a specific skill: how to debug distroless containers, how to copy images from one repository to another,...
Hello friends! Ivan's here with another monthly roundup of all things Linux, Containers, Kubernetes, and Server Side 🧙 The issue's main topic is iximiuz Labs' largest-ever upgrade: Fresher and more streamlined look of the frontend UI 💙 A new 5.10 Linux kernel built with nftables support (finally, we can try out kube-proxy's nftables mode). New default playground user - laborant (yep, rootless containers learning for). New playgrounds: Ubuntu 24.04, Debian Trixie, Fedora, and Incus (yay! more...
Hello friends! Ivan's here with a slightly delayed July roundup of all things Linux, Containers, Kubernetes, and Server Side 🧙 What I was working on This month, I got nerd-sniped by cgroups. It all started when I ran into a pretty significant difference in how Docker and Kubernetes handle the OOM events. When you limit the memory usage of a multi-process Docker container, the OOM killer often terminates only one of the processes if the container runs out of memory. If this process is not the...