Ivan Velichko
@iximiuz.bsky.social
Software Engineer. Educator. Entrepreneur. Bootstrapping labs.iximiuz.com - a learning platform to help you master Linux, Containers, and Kubernetes 🚀
Reposted by Ivan Velichko
Following up on my etcd playgrounds, here is a sneak peek of my latest work: a @containerd.dev playground.
As usual, it will be available on @iximiuz.bsky.social labs soon.
As usual, it will be available on @iximiuz.bsky.social labs soon.
June 24, 2025 at 1:29 PM
Following up on my etcd playgrounds, here is a sneak peek of my latest work: a @containerd.dev playground.
As usual, it will be available on @iximiuz.bsky.social labs soon.
As usual, it will be available on @iximiuz.bsky.social labs soon.
Reposted by Ivan Velichko
Starting some more looking into k8s things the way I usually do now, with a nice ephemeral k8s-omni playground from @iximiuz.bsky.social
May 30, 2025 at 5:52 PM
Starting some more looking into k8s things the way I usually do now, with a nice ephemeral k8s-omni playground from @iximiuz.bsky.social
Reposted by Ivan Velichko
Following up on my previous post, here is another tutorial about operating @openbao-official.bsky.social and @hashicorp.com Vault on @iximiuz.bsky.social Labs.
Auto Unseal OpenBao/Vault with the Transit Secrets Engine: labs.iximiuz.com/tutorials/o...
bsky.app/profile/did...
Auto Unseal OpenBao/Vault with the Transit Secrets Engine: labs.iximiuz.com/tutorials/o...
bsky.app/profile/did...
Márk Sági-Kazár (@sagikazarmark.com)
1/4 Secret management is a critical yet often overlooked aspect of DevOps. (Raise your hand if you've ever intentionally committed secrets to a Git repository.)
This is why I've begun creating a series of educational content on the subject.
bsky.app
May 19, 2025 at 6:42 PM
Following up on my previous post, here is another tutorial about operating @openbao-official.bsky.social and @hashicorp.com Vault on @iximiuz.bsky.social Labs.
Auto Unseal OpenBao/Vault with the Transit Secrets Engine: labs.iximiuz.com/tutorials/o...
bsky.app/profile/did...
Auto Unseal OpenBao/Vault with the Transit Secrets Engine: labs.iximiuz.com/tutorials/o...
bsky.app/profile/did...
Reposted by Ivan Velichko
1/4 Secret management is a critical yet often overlooked aspect of DevOps. (Raise your hand if you've ever intentionally committed secrets to a Git repository.)
This is why I've begun creating a series of educational content on the subject.
This is why I've begun creating a series of educational content on the subject.
May 17, 2025 at 3:51 PM
1/4 Secret management is a critical yet often overlooked aspect of DevOps. (Raise your hand if you've ever intentionally committed secrets to a Git repository.)
This is why I've begun creating a series of educational content on the subject.
This is why I've begun creating a series of educational content on the subject.
Reposted by Ivan Velichko
TIL that adding CAP_SYS_ADMIN to a k8s pod has different behaviour depending on the backing CRI. With Containerd it does nothing (you need to call it SYS_ADMIN) but on CRI-O it will add ok. Also TIL k8s doesn't validate the capabilities you add to pods!
April 21, 2025 at 8:15 PM
TIL that adding CAP_SYS_ADMIN to a k8s pod has different behaviour depending on the backing CRI. With Containerd it does nothing (you need to call it SYS_ADMIN) but on CRI-O it will add ok. Also TIL k8s doesn't validate the capabilities you add to pods!
Reposted by Ivan Velichko
Experimenting with using @iximiuz.bsky.social labs for interactive blog content, so I re-worked one of my container security fundamentals blogs labs.iximiuz.com/tutorials/co... . Interested in any feedback on what people reckon to the format :)
Containers are processes | iximiuz Labs
In this brief tutorial we'll explore the idea that Docker containers are just processes, from the perspective of the operating system. Based on this Securitylabs blog post https://securitylabs.datadog...
labs.iximiuz.com
April 8, 2025 at 9:46 AM
Experimenting with using @iximiuz.bsky.social labs for interactive blog content, so I re-worked one of my container security fundamentals blogs labs.iximiuz.com/tutorials/co... . Interested in any feedback on what people reckon to the format :)
This is the way! 🚀
Doing the KCP Workshop at #kubecon and thought "it'd be really useful to have an isolated env to run all this code" , one labctl command later, I've got a @iximiuz.bsky.social labs playground spun up and ready to go!
April 2, 2025 at 10:26 AM
This is the way! 🚀
Reposted by Ivan Velichko
A Visual Guide to SSH Tunnels: Local and Remote Port Forwarding - Article by Ivan Velichko @iximiuz.bsky.social #Network #SysAdmin
A Visual Guide to SSH Tunnels: Local and Remote Port Forwarding
SSH port forwarding explained in a clean and visual way. How to use local and remote port forwarding. What sshd settings may need to be adjusted. How to memorize the right flags.
iximiuz.com
March 28, 2025 at 8:10 PM
A Visual Guide to SSH Tunnels: Local and Remote Port Forwarding - Article by Ivan Velichko @iximiuz.bsky.social #Network #SysAdmin
Reposted by Ivan Velichko
labs.iximiuz.com a browser-based env's where anyone, from beginners to experienced engineers, can get hands-on experience with containers, K8S, DevOps tools, CI/CD pipelines, observability & loads more.
Listen to @iximiuz.bsky.social how it's all started, current adaption: youtu.be/kHjAW7f0EPo
Listen to @iximiuz.bsky.social how it's all started, current adaption: youtu.be/kHjAW7f0EPo
March 23, 2025 at 6:48 PM
labs.iximiuz.com a browser-based env's where anyone, from beginners to experienced engineers, can get hands-on experience with containers, K8S, DevOps tools, CI/CD pipelines, observability & loads more.
Listen to @iximiuz.bsky.social how it's all started, current adaption: youtu.be/kHjAW7f0EPo
Listen to @iximiuz.bsky.social how it's all started, current adaption: youtu.be/kHjAW7f0EPo
Reposted by Ivan Velichko
Please join me and thank @iximiuz.bsky.social for giving us a bunch of free premium accounts we can give away to our viewers on our twitch channel ! First two will be offered today !!
@iximiuz.bsky.social really rocks ! Please take a look at his amazing labs !
@iximiuz.bsky.social really rocks ! Please take a look at his amazing labs !
March 3, 2025 at 2:06 PM
Please join me and thank @iximiuz.bsky.social for giving us a bunch of free premium accounts we can give away to our viewers on our twitch channel ! First two will be offered today !!
@iximiuz.bsky.social really rocks ! Please take a look at his amazing labs !
@iximiuz.bsky.social really rocks ! Please take a look at his amazing labs !
Reposted by Ivan Velichko
Most of the issues with container images are not b/c of the app being containerized but a poorly written/structured docker file @iximiuz.bsky.social Kyle Quest will offer optimizations for improvements in size, security, & build speed, check out: gooddockerfiles.com
February 24, 2025 at 3:57 PM
Most of the issues with container images are not b/c of the app being containerized but a poorly written/structured docker file @iximiuz.bsky.social Kyle Quest will offer optimizations for improvements in size, security, & build speed, check out: gooddockerfiles.com
Reposted by Ivan Velichko
@iximiuz.bsky.social's journey of transitioning from traditional textual and visual explanations in his blog posts to creating interactive, reproducible tutorials -> labs.iximiuz.com has attracted 18,000 registered users, with around 2,000 active users per month.
Full Ep -> youtu.be/kHjAW7f0EPo
Full Ep -> youtu.be/kHjAW7f0EPo
February 19, 2025 at 2:13 PM
@iximiuz.bsky.social's journey of transitioning from traditional textual and visual explanations in his blog posts to creating interactive, reproducible tutorials -> labs.iximiuz.com has attracted 18,000 registered users, with around 2,000 active users per month.
Full Ep -> youtu.be/kHjAW7f0EPo
Full Ep -> youtu.be/kHjAW7f0EPo
Kubernetes "native" sidecars are slated for GA in 1.33, so it's a good time to brush up on how (and why) to use them.
Solve this practical challenge by reworking a flawed pod, making it use a native sidecar:
> Kubernetes Pod With a Faulty Init Sequence
labs.iximiuz.com/challenges/k...
Solve this practical challenge by reworking a flawed pod, making it use a native sidecar:
> Kubernetes Pod With a Faulty Init Sequence
labs.iximiuz.com/challenges/k...
February 18, 2025 at 11:55 AM
Kubernetes "native" sidecars are slated for GA in 1.33, so it's a good time to brush up on how (and why) to use them.
Solve this practical challenge by reworking a flawed pod, making it use a native sidecar:
> Kubernetes Pod With a Faulty Init Sequence
labs.iximiuz.com/challenges/k...
Solve this practical challenge by reworking a flawed pod, making it use a native sidecar:
> Kubernetes Pod With a Faulty Init Sequence
labs.iximiuz.com/challenges/k...
Reposted by Ivan Velichko
If you are into #docker and #containers you must check @iximiuz.bsky.social feed. His content is amazing.
February 13, 2025 at 9:28 AM
If you are into #docker and #containers you must check @iximiuz.bsky.social feed. His content is amazing.
Unpopular opinion: The main value of CKA, CKAD, and CKS is not in the certificate itself but in the preparation phase.
Having said that, allow me to present a new iximiuz Labs challenge by Adam Leskis 👏
CKA Practice: Upgrade Multi-Node Kubernetes Cluster
labs.iximiuz.com/challenges/c...
Having said that, allow me to present a new iximiuz Labs challenge by Adam Leskis 👏
CKA Practice: Upgrade Multi-Node Kubernetes Cluster
labs.iximiuz.com/challenges/c...
CKA Practice: Upgrade Multi-Node Kubernetes Cluster | Challenge
This exercise tests your ability to safely upgrade a multi-node Kubernetes cluster from version 1.30 to 1.31 following the standard upgrade procedure.
labs.iximiuz.com
February 9, 2025 at 11:46 AM
Unpopular opinion: The main value of CKA, CKAD, and CKS is not in the certificate itself but in the preparation phase.
Having said that, allow me to present a new iximiuz Labs challenge by Adam Leskis 👏
CKA Practice: Upgrade Multi-Node Kubernetes Cluster
labs.iximiuz.com/challenges/c...
Having said that, allow me to present a new iximiuz Labs challenge by Adam Leskis 👏
CKA Practice: Upgrade Multi-Node Kubernetes Cluster
labs.iximiuz.com/challenges/c...
It's very easy to start a Docker container:
docker run nginx ☑️
But can you explain what actually happens when you run this command?
I prepared a Docker 101 challenge that helps you explore the internals of Linux containers - check it out: labs.iximiuz.com/challenges/s...
docker run nginx ☑️
But can you explain what actually happens when you run this command?
I prepared a Docker 101 challenge that helps you explore the internals of Linux containers - check it out: labs.iximiuz.com/challenges/s...
February 5, 2025 at 1:11 PM
It's very easy to start a Docker container:
docker run nginx ☑️
But can you explain what actually happens when you run this command?
I prepared a Docker 101 challenge that helps you explore the internals of Linux containers - check it out: labs.iximiuz.com/challenges/s...
docker run nginx ☑️
But can you explain what actually happens when you run this command?
I prepared a Docker 101 challenge that helps you explore the internals of Linux containers - check it out: labs.iximiuz.com/challenges/s...
How to Limit CPU and Memory Usage of a Linux Process 🔽
Of course, using cgroups! But there is a number of ways to do it:
- Manually editing the cgroupfs filesystem
- Using libcgroup's cgcreate and cgexec
- Using the mighty systemd-run
Practice here 👉 labs.iximiuz.com/challenges/l...
Of course, using cgroups! But there is a number of ways to do it:
- Manually editing the cgroupfs filesystem
- Using libcgroup's cgcreate and cgexec
- Using the mighty systemd-run
Practice here 👉 labs.iximiuz.com/challenges/l...
Limit CPU and Memory Usage of a Linux Process | Challenge
Start a Linux process and limit its CPU and memory usage with cgroups.
labs.iximiuz.com
February 3, 2025 at 7:49 PM
How to Limit CPU and Memory Usage of a Linux Process 🔽
Of course, using cgroups! But there is a number of ways to do it:
- Manually editing the cgroupfs filesystem
- Using libcgroup's cgcreate and cgexec
- Using the mighty systemd-run
Practice here 👉 labs.iximiuz.com/challenges/l...
Of course, using cgroups! But there is a number of ways to do it:
- Manually editing the cgroupfs filesystem
- Using libcgroup's cgcreate and cgexec
- Using the mighty systemd-run
Practice here 👉 labs.iximiuz.com/challenges/l...
Reposted by Ivan Velichko
k'exp by @iximiuz.bsky.social is a visual Kubernetes explorer #madewithvuejs that lets you explore Kubernetes capabilities & helps you with application development ✨ - https://madewithvuejs.com/kexp
February 2, 2025 at 12:28 PM
k'exp by @iximiuz.bsky.social is a visual Kubernetes explorer #madewithvuejs that lets you explore Kubernetes capabilities & helps you with application development ✨ - https://madewithvuejs.com/kexp
How do you containerize a Python app the right way? 🤔
Building small and secure images for Python projects is surprisingly hard:
- Which base image to choose?
- How to manage dependencies?
- How to structure the Dockerfile?
Learn more (with solutions): labs.iximiuz.com/challenges/d...
Building small and secure images for Python projects is surprisingly hard:
- Which base image to choose?
- How to manage dependencies?
- How to structure the Dockerfile?
Learn more (with solutions): labs.iximiuz.com/challenges/d...
February 1, 2025 at 6:24 PM
How do you containerize a Python app the right way? 🤔
Building small and secure images for Python projects is surprisingly hard:
- Which base image to choose?
- How to manage dependencies?
- How to structure the Dockerfile?
Learn more (with solutions): labs.iximiuz.com/challenges/d...
Building small and secure images for Python projects is surprisingly hard:
- Which base image to choose?
- How to manage dependencies?
- How to structure the Dockerfile?
Learn more (with solutions): labs.iximiuz.com/challenges/d...
Container images to avoid in production - part II:
python:3
Yes, it's a Docker Official Image, and it's a good image to build your app, but:
- It has TWO pythons inside 🐍 x 2 = 🤯
- It brings 800MB+ of dev/build packages.
What to use instead in production 👉 python:3-slim
python:3
Yes, it's a Docker Official Image, and it's a good image to build your app, but:
- It has TWO pythons inside 🐍 x 2 = 🤯
- It brings 800MB+ of dev/build packages.
What to use instead in production 👉 python:3-slim
January 27, 2025 at 2:28 PM
Container images to avoid in production - part II:
python:3
Yes, it's a Docker Official Image, and it's a good image to build your app, but:
- It has TWO pythons inside 🐍 x 2 = 🤯
- It brings 800MB+ of dev/build packages.
What to use instead in production 👉 python:3-slim
python:3
Yes, it's a Docker Official Image, and it's a good image to build your app, but:
- It has TWO pythons inside 🐍 x 2 = 🤯
- It brings 800MB+ of dev/build packages.
What to use instead in production 👉 python:3-slim
SSH Tunnels: An age-old trick that's still widely used
- Expose a local service to the Internet
- Map a remote service to a local port
- Query an AWS RDS database with a local GUI client
- Access a server in your private VPC from a dev machine
...and a lot more. Visual memo 👇
- Expose a local service to the Internet
- Map a remote service to a local port
- Query an AWS RDS database with a local GUI client
- Access a server in your private VPC from a dev machine
...and a lot more. Visual memo 👇
January 24, 2025 at 5:33 PM
SSH Tunnels: An age-old trick that's still widely used
- Expose a local service to the Internet
- Map a remote service to a local port
- Query an AWS RDS database with a local GUI client
- Access a server in your private VPC from a dev machine
...and a lot more. Visual memo 👇
- Expose a local service to the Internet
- Map a remote service to a local port
- Query an AWS RDS database with a local GUI client
- Access a server in your private VPC from a dev machine
...and a lot more. Visual memo 👇
What's Inside Distroless Container Images: Taking a Closer Look 🧐
Distroless images come in many flavors, and it might not be obvious which one (if any!) is the best fit for your application.
Here is my attempt to explain the difference and use cases on a single diagram:
Distroless images come in many flavors, and it might not be obvious which one (if any!) is the best fit for your application.
Here is my attempt to explain the difference and use cases on a single diagram:
January 23, 2025 at 5:52 PM
What's Inside Distroless Container Images: Taking a Closer Look 🧐
Distroless images come in many flavors, and it might not be obvious which one (if any!) is the best fit for your application.
Here is my attempt to explain the difference and use cases on a single diagram:
Distroless images come in many flavors, and it might not be obvious which one (if any!) is the best fit for your application.
Here is my attempt to explain the difference and use cases on a single diagram:
Pulling and Pushing Container Images 🔽
Did you know that the below commands:
docker pull nginx
docker pull nginx:latest
docker pull library/nginx:latest
docker pull docker[.]io/library/nginx:latest
...pull exactly the same Docker Hub image?
Learn more 👉 labs.iximiuz.com/skill-paths/...
Did you know that the below commands:
docker pull nginx
docker pull nginx:latest
docker pull library/nginx:latest
docker pull docker[.]io/library/nginx:latest
...pull exactly the same Docker Hub image?
Learn more 👉 labs.iximiuz.com/skill-paths/...
January 19, 2025 at 8:28 PM
Pulling and Pushing Container Images 🔽
Did you know that the below commands:
docker pull nginx
docker pull nginx:latest
docker pull library/nginx:latest
docker pull docker[.]io/library/nginx:latest
...pull exactly the same Docker Hub image?
Learn more 👉 labs.iximiuz.com/skill-paths/...
Did you know that the below commands:
docker pull nginx
docker pull nginx:latest
docker pull library/nginx:latest
docker pull docker[.]io/library/nginx:latest
...pull exactly the same Docker Hub image?
Learn more 👉 labs.iximiuz.com/skill-paths/...
Building container images FROM scratch? Then you need to be aware of these pitfalls 👇
By default, scratch containers lack:
- Rootfs layout
- CA certificates
- Time zone info
- Shared libraries
- /etc/{passwd,group}
Learn more in my new blog post:
labs.iximiuz.com/tutorials/pi...
By default, scratch containers lack:
- Rootfs layout
- CA certificates
- Time zone info
- Shared libraries
- /etc/{passwd,group}
Learn more in my new blog post:
labs.iximiuz.com/tutorials/pi...
Building Container Images FROM Scratch: 6 Pitfalls That Are Often Overlooked | iximiuz Labs
While "FROM scratch" containers may seem functional,
they often lack essential components that programs expect to find in their execution environment.
Discover the most common pitfalls of building con...
labs.iximiuz.com
January 14, 2025 at 3:44 PM
Building container images FROM scratch? Then you need to be aware of these pitfalls 👇
By default, scratch containers lack:
- Rootfs layout
- CA certificates
- Time zone info
- Shared libraries
- /etc/{passwd,group}
Learn more in my new blog post:
labs.iximiuz.com/tutorials/pi...
By default, scratch containers lack:
- Rootfs layout
- CA certificates
- Time zone info
- Shared libraries
- /etc/{passwd,group}
Learn more in my new blog post:
labs.iximiuz.com/tutorials/pi...
How To Build a Production-Ready Container Image For a Go App 🔽
Is "FROM scratch" good enough for you? Check out these hands-on challenges to learn about the most typical Go container pitfalls:
- static linking labs.iximiuz.com/challenges/d...
- dynamic linking labs.iximiuz.com/challenges/d...
Is "FROM scratch" good enough for you? Check out these hands-on challenges to learn about the most typical Go container pitfalls:
- static linking labs.iximiuz.com/challenges/d...
- dynamic linking labs.iximiuz.com/challenges/d...
January 10, 2025 at 5:11 PM
How To Build a Production-Ready Container Image For a Go App 🔽
Is "FROM scratch" good enough for you? Check out these hands-on challenges to learn about the most typical Go container pitfalls:
- static linking labs.iximiuz.com/challenges/d...
- dynamic linking labs.iximiuz.com/challenges/d...
Is "FROM scratch" good enough for you? Check out these hands-on challenges to learn about the most typical Go container pitfalls:
- static linking labs.iximiuz.com/challenges/d...
- dynamic linking labs.iximiuz.com/challenges/d...