Following up on my etcd playgrounds, here is a sneak peek of my latest work: a @containerd.dev⬠playground.
As usual, it will be available on @iximiuz.bsky.social labs soon.
screenshot of a terminal running the labctl playground start command to create a new kubernetes cluster
Starting some more looking into k8s things the way I usually do now, with a nice ephemeral k8s-omni playground from @iximiuz.bsky.social
Following up on my previous post, here is another tutorial about operating @openbao-official.bsky.social and @hashicorp.com Vault on @iximiuz.bsky.social Labs.
Auto Unseal OpenBao/Vault with the Transit Secrets Engine: labs.iximiuz.com/tutorials/o...
bsky.app/profile/did...
1/4 Secret management is a critical yet often overlooked aspect of DevOps. (Raise your hand if you've ever intentionally committed secrets to a Git repository.)
This is why I've begun creating a series of educational content on the subject.
TIL that adding CAP_SYS_ADMIN to a k8s pod has different behaviour depending on the backing CRI. With Containerd it does nothing (you need to call it SYS_ADMIN) but on CRI-O it will add ok. Also TIL k8s doesn't validate the capabilities you add to pods!
Great research! Looking forward to a blog post!
Well done! It would be nice to see a custom cover image for this post. I'm a big fan of colorful diagrams, you know :)
Experimenting with using @iximiuz.bsky.social labs for interactive blog content, so I re-worked one of my container security fundamentals blogs labs.iximiuz.com/tutorials/co... . Interested in any feedback on what people reckon to the format :)
This is the way! π
A Visual Guide to SSH Tunnels: Local and Remote Port Forwarding - Article by Ivan Velichko @iximiuz.bsky.social #Network #SysAdmin
Thatβs great news! Looking forward to dive 2.0!
Great question! Not really. I'm looking for a good tool like that myself. Dive is aging, and its more or less maintained fork was also archived a couple of days ago github.com/joschi/dive. And ima.ge.cx/ghcr.io/eda-... fails for your image, too :)
labs.iximiuz.com a browser-based env's where anyone, from beginners to experienced engineers, can get hands-on experience with containers, K8S, DevOps tools, CI/CD pipelines, observability & loads more.
Listen to @iximiuz.bsky.social how it's all started, current adaption: youtu.be/kHjAW7f0EPo
Please join me and thank @iximiuz.bsky.social for giving us a bunch of free premium accounts we can give away to our viewers on our twitch channel ! First two will be offered today !!
@iximiuz.bsky.social really rocks ! Please take a look at his amazing labs !
Most of the issues with container images are not b/c of the app being containerized but a poorly written/structured docker file @iximiuz.bsky.social Kyle Quest will offer optimizations for improvements in size, security, & build speed, check out: gooddockerfiles.com
@iximiuz.bsky.social's journey of transitioning from traditional textual and visual explanations in his blog posts to creating interactive, reproducible tutorials -> labs.iximiuz.com has attracted 18,000 registered users, with around 2,000 active users per month.
Full Ep -> youtu.be/kHjAW7f0EPo
Kubernetes "native" sidecars are slated for GA in 1.33, so it's a good time to brush up on how (and why) to use them.
Solve this practical challenge by reworking a flawed pod, making it use a native sidecar:
> Kubernetes Pod With a Faulty Init Sequence
labs.iximiuz.com/challenges/k...
Trying my best :) Itβs simply a matter of iterating on it long enough
Thank you for the shoutout, Martin!
If you are into #docker and #containers you must check @iximiuz.bsky.social feed. His content is amazing.
Works for me π
Unpopular opinion: The main value of CKA, CKAD, and CKS is not in the certificate itself but in the preparation phase.
Having said that, allow me to present a new iximiuz Labs challenge by Adam Leskis π
CKA Practice: Upgrade Multi-Node Kubernetes Cluster
labs.iximiuz.com/challenges/c...
It's very easy to start a Docker container:
docker run nginx βοΈ
But can you explain what actually happens when you run this command?
I prepared a Docker 101 challenge that helps you explore the internals of Linux containers - check it out: labs.iximiuz.com/challenges/s...
How to Limit CPU and Memory Usage of a Linux Process π½
Of course, using cgroups! But there is a number of ways to do it:
- Manually editing the cgroupfs filesystem
- Using libcgroup's cgcreate and cgexec
- Using the mighty systemd-run
Practice here π labs.iximiuz.com/challenges/l...
k'exp by @iximiuz.bsky.social is a visual Kubernetes explorer #madewithvuejs that lets you explore Kubernetes capabilities & helps you with application development β¨ - https://madewithvuejs.com/kexp
How do you containerize a Python app the right way? π€
Building small and secure images for Python projects is surprisingly hard:
- Which base image to choose?
- How to manage dependencies?
- How to structure the Dockerfile?
Learn more (with solutions): labs.iximiuz.com/challenges/d...
Container images to avoid in production - part II:
python:3
Yes, it's a Docker Official Image, and it's a good image to build your app, but:
- It has TWO pythons inside π x 2 = π€―
- It brings 800MB+ of dev/build packages.
What to use instead in production π python:3-slim
SSH Tunnels: An age-old trick that's still widely used
- Expose a local service to the Internet
- Map a remote service to a local port
- Query an AWS RDS database with a local GUI client
- Access a server in your private VPC from a dev machine
...and a lot more. Visual memo π
Learn more about distroless container images in my latest post:
labs.iximiuz.com/tutorials/gc...
What's Inside Distroless Container Images: Taking a Closer Look π§
Distroless images come in many flavors, and it might not be obvious which one (if any!) is the best fit for your application.
Here is my attempt to explain the difference and use cases on a single diagram:
