Hello 👋

I've got a double portion of good news!

Nested virtualization support

Have you ever wanted to run a Firecracker microVM in a playground? Or perhaps play with Kata Containers? Use QEMU without the full CPU emulation overhead? Or try that fancy agent sandboxing tool?

Historically, none of the above was possible because Firecracker doesn't expose the host's CPU virtualization capabilities (Intel's VMX or AMD's SVM) to its microVMs. Without it, the microVM's kernel cannot activate KVM, so the guest OS in the playground cannot start its own "nested" virtual machines.

But Firecracker has a less hyped yet more potent twin brother, Cloud Hypervisor, which seemingly follows a different project philosophy and doesn't try to cut every VM to the bone.

Cloud Hypervisor has been on my radar for almost as long as Firecracker, but I've been hesitant to add it as an "alternative" backend for iximiuz Labs playgrounds because its extra power comes with a larger attack surface.

For instance, to enable nested virtualization, Cloud Hypervisor's VMs would need to run as a user with a kvm group membership. Not as bad as root , but definitely way more privileged compared to the powerless temporary users I run my Firecracker microVMs under.

But the importance (and popularity) of workload sandboxing keeps growing - there are so many interesting projects I'd like to cover in the labs, including Kubernetes' own shiny new Sandbox CRD, that I decided that the risk is worth it. Starting today, it is possible to run playgrounds with Nested Virtualization.

Here is a quick way to get started:

1. Go to the Kubernetes Omni Playground.
2. Switch the Backend of every VM to "Cloud Hypervisor".
3. Start the playground and wait until it's warmed up.
4. Install the official Kata Containers Helm chart.
5. Deploy a Pod using the following manifest:

As a result, you will get an Nginx pod running in a non-emulated QEMU VM, all within the playground's own microVM 🚀

Of course, you can use the new Cloud Hypervisor backend in other playgrounds, too. For instance, it has finally become possible to try Incus VMs (via incus launch --vm), and you can even preset the backend in a custom playground to avoid flipping the settings in the UI - just like I did in this Kata Containers Demo playground.

Ah, and if you start playgrounds from the CLI, you can use the new --backend flag:

labctl playground start --backend cloud-hypervisor

Enjoy!

Pricing pilot

About a month ago, I turned off the "recovery" sale, and revenue has been at rock bottom ever since. This week, the platform brought in just under $1,400 in gross, making it nowhere near a sustainable business.

At the same time, I keep asking people about the price, and the absolute majority says it's either fine or even a bit too low.

Yet no one upgrades memberships when there is no sale...

This kept puzzling me, and I started running "black marketing" tests, splitting the audience into two groups and showing different prices (sorry). And after a few weeks of doing it, I have hard proof that lower prices have a significantly higher conversion rate.

It's super scary, but I'm willing to give it a shot. Let's call it a pilot. In an unprecedented move, I'm cutting all prices by 40% 🥳

• Lifetime $299 → $175
• Annual $120 → $70
• Monthly $20 → $12

YOLO! May reconsider, so don't wait too long if you like the update.

Wrapping up

The platform usage keeps growing. In March, a whopping 14,000 playgrounds were launched, adding a very solid bar to the chart.

The Daily Practice dashboard, released on March 27, has had a very positive impact on the number of challenges solved per day, so April will have a good shot at setting another all-time high.

But there is one concerning trend, too. For the past couple of months, I've been focusing on what's potentially the least-performing topic ever: building and working with container images. While critical to day-to-day work, posts about it rarely attract many views on LinkedIn and X, and without these two channels, iximiuz Labs' traffic stagnated.

This is a pity because it looks like the existing users are enjoying the platform and the new learning materials. So any help spreading the word is much appreciated:

• Tell your friends and colleagues about iximiuz Labs (serverlabs.io)
• Post about us on Reddit, in Discord communities, and private Slack channels
• Share your experience learning at iximiuz Labs on LinkedIn, X, and YouTube

Happy hacking & Many thanks!

Ivan