Software Engineer at day. Tech Storyteller at night. Helping people master Containers. All things Cloud Native → https://t.co/PE0hfGjrL3
5 added to My Authors
Apr 27 • 10 tweets • 3 min read
How to master Container Management Commands 🧵
🤔 docker create vs. docker start
🤨 docker start vs. docker run
🙄 docker run vs. docker exec
🥺 docker exec vs. docker attach
🤯 docker attach vs. docker logs
It's hard to memorize the difference. But there might be no need! 🔽
Two simplifications that speed up the adoption of containers:
- Use `docker run` everywhere
- Containers are just processes
Both are of great help in the short run. But eventually, you need to get over them to really understand the containers.
It's 🗝️ to mastering Docker CLI.
Apr 3 • 4 tweets • 2 min read
How to debug issues in containers 🔽
You started a server in a container. It's supposed to open a bunch of ports. The container is running fine, but you cannot connect to some of the ports from the outside. You exec into the container, but `ss` is not there. Now what?
Installing extra tools to container images is rarely a good idea. Slim production images are generally faster and safer.
Knowledge of the containerization theory to the rescue!
A container is an isolated execution environment for a process. But this environment can be shared 😉
Apr 2 • 7 tweets • 3 min read
Working with Kubernetes API 🧵
A work-in-progress series of articles on how to consume and extend the Kubernetes API for:
- Writing efficient Custom Controllers
- Automation and Platform Engineering
- Better understanding of Kubernetes itself 🔽
Prometheus scrapes metrics from instances (read, servers) it monitors. The same metric can be collected from multiple instances.
How to differentiate samples produced by different instances? Label them!
*Labels usage is broader than that, but this is a good start.
Dec 30, 2021 • 5 tweets • 3 min read
I often search for container images, and here is my pain:
- There is more than one place to go - Docker Hub, GCR, Quay
- Some software has multiple image providers - e.g Envoy
- Image trustworthiness and difference are obscure
My recent cool finding - slim.ai 🔽
I'm always hesitant to add a new tool to my toolset - in the end, it's yet another dependency and extra time investment.
But Slim .AI has all the chances to pass my high barrier 🙃
Seems like it can really help me start with the right image faster.
Dec 22, 2021 • 24 tweets • 2 min read
Kubernetes UI/GUI/CLI projects
Gathered a list of (mostly open-source) projects offering Kubernetes UX enhancements.
Starting from the well-known solutions and down to projects mounting the Kubernetes API as a FUSE filesystem 🔽
stats: TypeScript / 16.8k stars
descr: Lens - The way the world runs Kubernetes
Dec 8, 2021 • 7 tweets • 3 min read
How to Run a FaaS Platform On Your Own Terms
FaaS is a higher-level kind of Serverless tech where the smallest deployable unit is a Function.
AWS Lambda, Azure Functions, GCP Cloud Function are all super handy, but what if you can't use them for some reason?
Meet OpenFaaS! 🔽
OpenFaaS is an open-source project that turns a piece of lower-level infra into a high-level FaaS solution.
Sounds too abstract?
Kubernetes cluster + OpenFaaS = FaaS API
Single VM + containerd + OpenFaaS = same FaaS API!
where FaaS API is:
- mgmt. methods
- invoke functions
Oct 30, 2021 • 6 tweets • 2 min read
How Kubernetes differs from Docker in the way it deals with containers 🔽
Under the hood, Kubernetes and Docker both rely on the same/similar lower-level components to run containers.
Often, both use containerd and runc. However, Kubernetes makes the container runtime pluggable
Even when Kubernetes uses exactly the same container runtime as Docker, the implementation of Pods differs from the implementation of Containers.
Pods are more than just groups of containers. Containers in a pod share net, ipc, and uts namespaces making pods more similar to VMs.
Oct 20, 2021 • 8 tweets • 3 min read
Computer Networking in Layman's Terms (thread)
L2 - Ethernet
L3 - IP
L4 - TCP
L7 - HTTP
Lots of server-side folks are fluent with L4/L7 concepts. But understanding L2/L3 is often important too!
Especially if you deal with containers, Kubernetes, or DC networking constraints 🔽
By default, Docker/podman/containerd/etc. use a `bridge` network to interconnect containers on a single host. But what is a Bridge?
In the case of containers, a Bridge is a virtual device. However, it simulates a real-world L2/L3 networking device called a Switch.
Oct 3, 2021 • 7 tweets • 3 min read
Cloud-Native Learn-by-Doing Platforms (part 2) ✏️
I closely reviewed 10+ platforms providing a hands-on learning experience to study:
- other Cloud-Native stuff
A really massive platform for individuals and businesses.
- 360+ courses and 1,600+ hands-on labs
- Clouds: AWS, GCP, etc.
- Tech: Kubernetes, Docker, Serverless
- Temporary cloud accounts
Aug 30, 2021 • 6 tweets • 3 min read
iptables - a userspace program to configure IP packets filtration and modification rules.
It's a dated but still widely used tool:
- Linux firewall
- Container egress (SNAT) and port publishing (DNAT)
- Kubernetes service discovery
- Service Mesh transparent injection
- etc. 🔽
iptables comes with its own terminology:
...that might be challenging to grasp. Here is how I approach it.
1. Come up with a logical model of packet processing inside the Linux kernel. Give meaningful names to stages.
Aug 22, 2021 • 8 tweets • 3 min read
How to Expose Multiple Containers On the Same Port
First off, why you may need it:
- Load Balancing - more containers mean more capacity
- Redundancy - if one container dies, there won't be downtime
- Single Facade - run multiple apps behind one frontend
Interested? Read on!🔽
Docker doesn't support binding multiple containers to the same host port.
Instead, it suggests using an extra container with a reverse proxy like Nginx, HAProxy, or Traefik.
Here are two ways you can trick Docker and avoid adding the reverse proxy:
1. SO_REUSEPORT 2. iptables
Aug 21, 2021 • 7 tweets • 2 min read
Containers are Virtual Machines (controversial thread)
Some mental gymnastics. Bear with me.
Person A comes to Containers with prior VM experience.
Dockerfiles start FROM debian/centos/etc.
docker run/exec feels like SSH-ing sessions into servers.
Containers are VMs!
A container starts in less than a second
A VM takes tens of seconds to start
A bare-metal server can run hundreds of containers
Only a few VMs can coexist on a server
Person A starts digging into the internals to understand the difference between containers and VMs.
Aug 15, 2021 • 13 tweets • 4 min read
Grasping Kubernetes Networking (Mega Thread)
- What is Kubernetes Service?
- When to use ClusterIP, NodePort, or LoadBalancer?
- How does multi-cluster service work?
- Why both Ingress and Ingress Controller?
The answers become clear when things are explained bottom-up! 🔽
1. Low-level Kubernetes Networking Guarantees
To make Pods mimicking traditional VMs, Kubernetes defines its networking model as follows:
- Every Pod gets its own IP address
- Pods talk to other Pods directly (no visible sNAT)
- Containers in a pod communicate via localhost
Aug 10, 2021 • 5 tweets • 1 min read
How to become a server-side ninja (thread)
1. Try different programming paradigms
My personal recommendation
- PHP - simplest, traditional
- Python - more generic, traditional
- Go - learn goroutines
- Scala/Clojure - functional
2. Try different server-side frameworks
Don't try to learn all ins and outs. Instead, learn what's common for all frameworks.
- Request handling - processes, threads, coroutines
- Request routing - how to bind code to requests attrs
- ORM integrations
Aug 9, 2021 • 7 tweets • 1 min read
The idea of Kubernetes Operators is simple and attractive.
But as it usually happens, the devil is in the details. I've been working on an operator for the past few weeks, and the learning curve is quite steep, actually.
Here are some projects that may help 🔽
GitHub says it's an "SDK for building Kubernetes APIs using CRDs."
But you can scaffold an operator project with it.
Aug 7, 2021 • 24 tweets • 6 min read
How to grasp Containers and Docker (Mega Thread)
When I started using containers back in 2015, I thought they were tiny virtual machines with a subsecond startup time.
It was easy to follow tutorials from the Internet on how to put your Python or Node.js app into a container...
But thinking of containers as of VMs is an extremely leaking abstraction. It doesn't allow you to judge:
- what's doable and what's not
- what's idiomatic and what's not
- what's safe enough and what's not
So, I started looking for the Docker implementation details.
Jul 31, 2021 • 9 tweets • 2 min read
DevOps, SRE, and Platform Engineering (thread)
Sharing my understanding of things after working in this domain for about two years.
Starting from the clearest one.
Dev - this is about application development, aka business logic. The only one that makes money for a company.
Ops - this is about the efficient deployment of the stuff created by Dev.
How to ship code - CI/CD, GitOps, etc. Plus, other things improving the Dev velocity but not concerned with the actual application business logic.
Jun 15, 2021 • 6 tweets • 2 min read
I spend a lot of time in the terminal. But I never touch Enter or arrow keys. Here is what makes me productive:
Command history navigation
ctrl + p - previous command
ctrl + n - next command
ctrl + r - history search
ctrl + m - enter
Can't imagine my life without these hotkeys
ctrl + a - jump to the beginning
ctrl + e - jump to the end
ctrl + u - del from cursor till the beginning
ctrl + k - del from cursor till the end
Jun 14, 2021 • 17 tweets • 4 min read
Algorithms and Data Structures at work
Long story short: I solved hundreds of LeetCode and HackerRank problems, and I do find this experience useful for my day job.
Here is why (thread)
Sometimes, a developer may stumble upon a purely algorithmic task.
In my very first company, I wrote a GUI framework for SmartTV devices. These sets were quite slow back in 2011, so I needed to make the framework really lightweight and fast because even jQuery would be too heavy