Hello 👋

Ivan's here with November's roundup of all things Linux, Containers, Kubernetes, and Server Side 🧙

What I was working on

This month was (extremely) development-heavy. Two-thirds of it went into the implementation of custom playground machinery and a new Kubernetes "Omni" playground, and in the last part, I was unexpectedly busy with expanding the platform's capacity and launching a new server in India 🎉

The latter became possible thanks to the support of all of you who got the premium membership during the Black Friday / Cyber Monday sale. I still cannot believe that iximiuz Labs has made over $25K in sales in just one week. As promised, I'm reinvesting all this money back into the platform's development - and the first $4K has already been spent on the new (pretty big) bare-metal server in Mumbai to improve the experience for my Asia-based users 🚀

Speaking of sales, this is the last day - if you wanted to get iximiuz Labs Premium for 50% of its usual price, this is your last chance.

The offer is valid until tomorrow noon, Amsterdam time.

Custom Playgrounds on iximiuz Labs

I dedicated the mid-month newsletter issue to this shiny new capability of the platform, and here is a quick recap:

• iximiuz Labs playgrounds have gotten the support of cloud-init-like provisioning script.
• You can create your own playgrounds by adding custom scripts that install and/or configure additional software.
• By default, custom playgrounds are visible only to you, but you can also share them publicly (or with a limited set of users).

The original goal was to make the dynamic provisioning possible (e.g., when you need to, say, apply a helm chart after boot) and also automate some tedious, repetitive setup steps if you often install the same tools to the off-the-shelf playground like Docker or K3s, but the actual implementation came out (much) more powerful, and enabled a few interesting playground use cases:

• Demos - you can now create a sample setup and include it in your blog post or "take it with you" to a conference (and forget about the cranky demo gods).
• Collaboration - illustrate your problem or a design idea to your colleagues and friends (with a shareable link).
• Workshops - give all your students an identical starting point for a lesson or a home assignment (potentially restricting access to a limited number of users).

To give you some examples and food for thought, here are two public custom playgrounds I prepared in almost no time using the new feature:

• ​Getting Started with Istio - A simple K3s cluster with Istio service mesh and the sample Bookinfo app pre-deployed.
• ​2048 Game (Kubernetes Edition) - A sample Kubernetes app (by Digital Ocean) running on a K3s cluster.

Kubernetes "Omni" Playground

Using the custom playground machinery, I also prepared a new 6-in-1 Kubernetes playground, which you can use to practice all sorts of cluster ops and also to prepare for CKA/CKAD/CKS certification.

The multi-node cluster is bootstrapped with kubeadm and a few init scripts. Since the playground relies on the new custom playground magic, you can "clone" and "fork" it to prepare your own "flavor" of a Kubernetes cluster, possibly changing the container runtime or using a different networking plugin.

New Region - Asia 🎉

I'm super excited about this expansion. A great number of people who got the premium membership are based outside of the EU, but I only had the playground servers in this region. I have been surveying the latency numbers for a long time, and I know that some of you were more satisfied than others. So, I'm happy to present you with the new option - (preferred) Playground Region.

Given that the latency in the western direction from Europe seems to be less of a problem, I'm starting the expansion from the East. If you're located in the region and weren't fully satisfied with the terminal latency in the playground, there is a new knob on the dashboard page - give it a try!

Since this is an experimental deployment, I'm also testing another thing that has been on my radar for way too long - device mapper. Playgrounds spawned up in Asia have twice as much disk space, thanks to the copy-on-write magic of the new "storage driver" I implemented this weekend (but all sorts of bugs are expected - hence, the Experimental status).

What I was reading

​Wolfi Distroless Images - A helpful guide on using the Chainguard ecosystem for free — not some marketing fluff, but a hands-on technical post about composing Wolfi-based images manually.

​When is read-only not read-only? - A short note by Rory McCune on the intricacies of Kubernetes RBAC. Would you ever guess that the SPDY to WebSocket transition for kubectl exec (which happened in Kubernetes 1.31) could have changed the way some RBAC rules are interpreted? 🤯

​Security Is A Useless Controls Problem - The post is worth reading, not just for the vivid chimps-and-banana metaphor it uses in the opening but also for its broader insights. Question everything! This advice applies not only to cybersecurity but to software engineering in general.

​Quoting Simon Willison quoting Carson Gross (because I wouldn’t say it better and it perfectly matches my own approach) - “My preferred approach in many projects is to do some unit testing, but not a ton, early on in the project and wait until the core APIs and concepts of a module have crystallized. At that point I then test the API exhaustively with integrations tests. In my experience, these integration tests are much more useful than unit tests, because they remain stable and useful even as you change the implementation around. They aren’t as tied to the current codebase, but rather express higher level invariants that survive refactors much more readily.” By the way, the original post is also worth reading - for the very least, to get a healthy dose of anti-dogmatism.

​The magic of keeping one level of abstraction per function - Since we’re talking about programming techniques (and tactics). A rare post on an unnamed technique I exercise myself. Even though the article uses React/JavaScript examples, the advice is not specific to frontend development. The resulting code tends to be much more readable and maintainable, so it’s surprising that this trick is not widely known.

​containerd v2.0, nerdctl v2.0, and Lima v1.0 by Akihiro Suda - This smells like a playground (and course) revamp for me. But progress is always good!

Wrapping up

That is it for November! It was the craziest and the most successful month for iximiuz Labs so far, but I believe it's just the beginning. To the new highs!

Kind reminder - it's the end of the year, and if you have a learning and development budget in your company, it's often "use it or lose it." If you like what we're doing here, there is always a way to support my work!

Cheers

Ivan