Hello friends! Ivan's here with another monthly roundup of all things Linux, Containers, Kubernetes, and Server Side š§ The issue's main topic is iximiuz Labs' largest-ever upgrade:
...and more! iximiuz Labs UI redesignAugust is traditionally one of the quietest months, so I decided to use it as an opportunity to work on the long-wanted platform overhaul. One of the recurring topics in my conversations with iximiuz Labs users is the "understandability" of the site's design. I often get complimented on the clarity of my (technical) writing, but when it comes to iximiuz Labs features and intended user flows, I often get to explain how to use the platform in personal conversations. I'm always happy to do that, but it's also likely an indication that I could have done a better job with the UI. So, here is my layman's attempt at streamlining the user experience. 1. Add more text explaining the main types of content (and why and how to consume it best): 2. Add even more text elements with hints and "pro tips": 3. Unify all content "card" elements, highlighting the type and the category of the content (e.g., a Tutorial on Containers, a Challenge on Kubernetes, or a Linux Playground): The latter, in particular, will allow adding clear Skill Paths - a special "learning path" kind of content that organizes multiple seemingly disjoint tutorials, challenges, and playgrounds into a content sequence that will help you build a certain skill (debugging containers, controlling process resources in Linux, etc.). Check the new look out and let me know what you think about it š Major backend overhaulSince the platform's original release almost two years ago, I have desperately wanted two features: a non-root default user and nftables support in my custom Firecracker kernel build.
While it was possible to cover many learning scenarios with just the root user and legacy iptables, it wasn't the most future-proof setup, and it bothered me. It took me a week of full-time work (thankfully, I'm on vacation), and I managed to implement both! Now you can play with nftables kube-proxy mode (beta in the recently released Kubernetes 1.31), rootless Docker containers, a "modern, secure and powerful" Incus container runtime, and more in the revamped setup š Four new playgrounds
The latter one is particularly hot. I'll definitely write about it separately, but here is a sneak peak:
The above simple command launches a Linux container. Similarly to Docker's (OCI) containers, it's isolated with namespaces and cgroups. But unlike Docker containers, it has systemd running inside! So, containerizing a whole bunch of "alternative" applications (legacy or not) with Incus becomes so much easier. And that's not it! With a slight tweak of the above
Last but not least, Incus can also work as a simple orchestrator launching containers and VMs on a pull of servers š¤Æ So, we've got a Docker Swarm and Kubernetes competitor here, folks! Solving challenges with labctlWeb terminals are handy for quick experimentation, but when you're working on a longer task, you might prefer the UX of your favorite local terminal emulator like iTerm2. And it's now possible with a handy Web terminal improvementsThe web terminal wasn't forgotten either! A number of people reported performance issues in non-chrome browsers, and xterm.js' change log had a whole bunch of relevant fixes, so I bumped up its version. Since I'd have to retest all playgrounds after this upgrade, I decided to combine it with a long-wanted "font change" feature. And I couldn't be happier with the results! I'm currently working from a Wrapping upThere were a whole bunch of other improvements and fixes, very important for the platform's healthy future but less visible for the end users. From September on, I'm returning to the content work, including the Skill Paths and my Docker course (and challenges), but there is already a lot of things to play with on iximiuz Labs after this release. My dream is coming true, and I'm now only 80% employed at my regular job, so I have three days a week to work on iximiuz Labs (Friday-Sunday). But this also makes iximiuz Labs my official source of income, making monetizing the project one of my top priorities. The new features I shipped this month have made the platform more valuable, and I will reflect it in the Premium tier pricing. From the second week of September, it'll become $12/mo ($100/year), so if you wanted to get premium access, now is the best time to do it at the lower price. For my friends outside of the EU and the US, I tried enabling the PPP discount, and it was kinda painful, so I gave up. But I'm always happy to mint a personal discount code! Just send me an email briefly explaining your situation, and I'll get back to you as soon as possible. Have a creative month! Ivan |
Building labs.iximiuz.com - a place to help you learn Containers and Kubernetes the fun way š
Hello š Ivan's here with a slightly delayed September roundup of all things Linux, Containers, Kubernetes, and Server Side š§ What I was working on This month, I worked on an assorted set of topics. Skill Paths First off, the skill paths! I finally finished the underlying machinery, and now iximiuz Labs supports a new type of content - short roadmaps that you can use to develop or improve a specific skill: how to debug distroless containers, how to copy images from one repository to another,...
Hello friends! Ivan's here with a slightly delayed July roundup of all things Linux, Containers, Kubernetes, and Server Side š§ What I was working on This month, I got nerd-sniped by cgroups. It all started when I ran into a pretty significant difference in how Docker and Kubernetes handle the OOM events. When you limit the memory usage of a multi-process Docker container, the OOM killer often terminates only one of the processes if the container runs out of memory. If this process is not the...
Hey there š I spent a few weeks deep diving into cgroup v2, and I'm happy to share my findings with you! Everyone knows that Docker and Kubernetes use cgroups to limit the resources of containers and Pods. But did you know that it's very easy to run an arbitrary Linux process in a cgroup using much more basic tools? The only kernel's interface for cgroups is the virtual filesystem called cgroupfs typically mounted at /sys/fs/cgroup. Creating folders there and writing to files in them is...