Forem: Sergio Méndez

Goodbye Ingress, Hello Gateway API: Migrating the Right Way

Sergio Méndez — Fri, 27 Mar 2026 00:48:48 +0000

Hi, dear community of readers, continuing with this blog posts to learn called Learning Kubernetes, this time is the time to learn about how to use the Gateway API. Now all the teams are looking to migrate, so my goal with this post is to help you with a quick start guide to understand and use the Gateway API with the implementation created by NGINX. I know that a lot of people used the NGINX Ingress Controller in their clusters, so makes sense to continue in that way but using the Gateway API. So let's summarize my goals:

Start using Gateway API
Setup a functional Gateway API with NGINX for your services So let's start with this content, I know you want to now how to use the Gateway API.

What you will learn

In this blog post you will learn how to:

Install the Gateway API & NGINX Gateway Fabric
Create and use Gateways and HTTP Routes
Configure Cert-Manager for TLS for your Gateways

Requirements

A Kubernetes Cluster
Access to the cluster using kubectl

Install the Gateway API & NGINX Gateway Fabric

To install the Gateway API & NGINX Gateway Fabric follow these steps:
1. Install Gateway API & NGINX Gateway Fabric CRDs:

kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v2.4.2" | kubectl apply -f -

2. Install the NGINX Gateway Fabric using Helm

helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric --create-namespace -n nginx-gateway

Create and use Gateways and HTTP Routes

Now let's create a simple deployment wiht a Gateway and HTTP Route by following the next steps:
1. Install the following application waiting for the Public api created by the Gateway :

kubectl apply -f - <<EOF
apiVersion: v1
kind: Namespace
metadata:
  creationTimestamp: null
  name: mynamespace
spec: {}
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: myapp
  name: myapp
  namespace: mynamespace
spec:
  replicas: 1
  selector:
    matchLabels:
      app: myapp
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: myapp
    spec:
      containers:
      - image: nginx
        name: nginx
        resources: {}
status: {}
---
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: myapp
  name: myapp
  namespace: mynamespace
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: myapp
  type: ClusterIP
status:
  loadBalancer: {}
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: mygateway
  namespace: mynamespace
spec:
  gatewayClassName: nginx
  listeners:
  - name: http
    port: 80
    protocol: HTTP
EOF

2. Get the IP assigned to the Gateway using the following command:

export GW=$(kubectl get svc mygateway-nginx -n mynamespace -o jsonpath='{.status.loadBalancer.ingress[0].ip}')

Note: You have to wait for some minutes in order that the cloud provider assign an external IP to the Gateway created.
3. Create the route to expose the application:

kubectl apply -f - <<EOF
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: approute
  namespace: mynamespace
spec:
  parentRefs:
  - name: mygateway
  hostnames:
  - "$GW.nip.io"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: myapp
      port: 80
EOF

4. Test the Application by using curl as follows:

curl http://$GW.nip.io

And that's it now it works, now let's move on using TLS.

Configure Cert-Manager for TLS for your Gateways

Now let's configure the Cert-Manage to generate a certificate for your app by following these steps:
0. (Optional) Delete the previous gateway and route as follows:

kubectl delete gateway mygateway -n mynamespace
kubectl delete httproute approute -n mynamespace

1. Add the cert-manager helm chart

helm repo add jetstack https://charts.jetstack.io
helm repo update

2. Add the cert-manager helm chart
Install the cert-manager, and enable the GatewayAPI feature gate:

helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --set config.apiVersion="controller.config.cert-manager.io/v1alpha1" \
  --set config.kind="ControllerConfiguration" \
  --set config.enableGatewayAPI=true \
  --set crds.enabled=true

3. Create a ClusterIssuer to use to generate your certicate:

export EMAIL="your_name@domain.tld"
kubectl apply -f - <<EOF
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: $EMAIL
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: issuer-account-key
    solvers:
    - http01:
        gatewayHTTPRoute:
          parentRefs:
          - name: gateway
            namespace: default
            kind: Gateway
EOF

4. Change your current Gateway as follows:

kubectl apply -f - <<EOF
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: mygateway
  namespace: mynamespace
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  gatewayClassName: nginx
  listeners:
  - name: http
    port: 80
    protocol: HTTP
  - name: https
    hostname: "$GW.nip.io"
    port: 443
    protocol: HTTPS
    tls:
      mode: Terminate
      certificateRefs:
      - kind: Secret
        name: tls-secret
EOF

Note: Use the previous GW value the first time, then check for the service called mygateway-nginx using the following command:

kubectl get svc -n mynamespace

Then update the value GW with the following command:

export GW=$(kubectl get svc mygateway-nginx -n mynamespace -o jsonpath='{.status.loadBalancer.ingress[0].ip}')

And apply the YAML again to point to the correct URL.
5. Now modify your HTTP Route as follows:

kubectl apply -f - <<EOF
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: approute
  namespace: mynamespace
spec:
  parentRefs:
  - name: mygateway
    sectionName: https
  hostnames:
  - "$GW.nip.io"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: myapp
      port: 80
EOF

6. Now test your application by running the following command:

curl https://$GW.nip.io

And that's it, now you have learned how to use the Gateway API with the NGINX Fabric Gateway implementation using also TLS with Cert-Manager. Take a look to the Links in the references for more theory and examples, of course if you need something more complicated :).

References

The Ingress API itself is NOT deprecated. The GA Ingress API (networking.k8s.io/v1) remains fully supported in Kubernetes. You can still create and use Ingress resources without any issue.
• Ingress controllers as a category are NOT deprecated. Only the specific ingress-nginx project (maintained by Kubernetes SIG Network) was retired. Alternatives like Traefik, Kong, HAProxy, and others are alive and well.

Conclusion about the Gateway API with NGINX

Well, a lot of companies are getting into chaos because that Kubernetes deprecate the ingress-nginx project maintained by Kubernetes SIG Network. But Ingress API itself is NOT deprecated, (networking.k8s.io/v1) remains fully supported in Kubernetes. I want to clarify that Ingress controllers as a category are NOT deprecated. Alternatives like Traefik, Kong, HAProxy, and others still alive. Also my experience configuring the Gateway API, it was not as complicated for simple configuration like the one I showed in the post. I hope this can help as an initial configuration that you can expand for your needs. Well this Gateway API is the future for Kubernetes to have something more stable to manage. I am curious to test another implementations. But it seems that works, maybe the documentation is not as well designed but you can find the necessary parts that you need in the links before. Thanks to Chad M. Crowell to clarify the whole context about how the state of the Gateway API and Ingress Controllers are right now.

So what implementation of Gateway API are you going to use, write a comment below :).

That a lot for me this time, see you the next one. I hope so hehehe.

Follow me

These are my social networks:

https://www.linkedin.com/in/sergioarmgpl
https://sergiops.xyz
https://x.com/sergioarmgpl
https://www.instagram.com/sergioarmgpl/

KubeVirt to run VMs in your K8s cluster

Sergio Méndez — Fri, 19 Dec 2025 23:23:14 +0000

Hi, dear readers I am starting a new series of blog posts called Learning Kubernetes with different complementing the traditional knowledge of Kubernetes. In this first post that I am going to share with my students in the university is about how to use KubeVirt in Kubernetes. One of my main topics in my course is virtualization so let me summarize my goals for writing this blog post:

Use VMs in container environments
Test how easy to use is KubeVirt
Customize my own VMs on a Kubernetes environment
Install KubeVirt on any Cloud Provider(GCP in specific) So let's start with the tutorial using KubeVirt. Let's have fun.

What you will learn

In this blog post you will learn how to:

Install KubeVirt bypassing the default requirements
Create a custom VM image in qcow2 with Qemu
Package your qcow2 image in a container image
Create a VM and expose VM services in KubeVirt

Requirements

A GKE cluster (Kubernetes cluster managed by Google Cloud) with N1 virtual machine type with nested virtualization enabled
Access to the cluster using kubectl
Preinstalled qemu in your distro (Let's asume Ubuntu) So let's get started with this tutorial. :)

Install KubeVirt bypassing the default requirements

To install KubeVirt get the KubeVirt latest stable version running the following steps:
1. Download the kubevirt-operator.yaml file and remove the affinity and tolerations:

export VERSION=$(curl -s https://storage.googleapis.com/kubevirt-prow/release/kubevirt/kubevirt/stable.txt)
wget https://github.com/kubevirt/kubevirt/releases/download/${VERSION}/kubevirt-operator.yaml

Note: This downloads the kubevirt-operator.yaml file that you have to change to install the operator in any cloud provider like GKE, AKS or EKS. You have to change this file to remove the affinity and tolerations that the operator looks to deploy its components. KubeVirt looks for a control-plane node for security reason to deploy the operator.
2. Install the operator with the modified kubevirt-operator.yaml file

kubectl create -f kubevirt-operator.yaml

3. Create a KubeVirt definition to deploy the custom resource definitions:

cat << END > kubevirt-cr.yaml
apiVersion: kubevirt.io/v1
kind: KubeVirt
metadata:
  name: kubevirt
  namespace: kubevirt
spec:
  certificateRotateStrategy: {}
  configuration:
    developerConfiguration:
      featureGates: []
  customizeComponents: {}
  imagePullPolicy: IfNotPresent
  workloadUpdateStrategy: {}
  infra:
    nodePlacement: {}
  workloads:
    nodePlacement: {}
END

4. Deploy the definitions

kubectl apply -f kubevirt-cr.yaml

5. Wait for the deployments to be ready you

kubectl get all -n kubevirt

Create a custom VM image in qcow2 with Qemu

Assuming that you have an Ubuntu OS run the following steps:
1. Install Qemu:

sudo apt install qemu-kvm qemu-utils libvirt-daemon-system libvirt-clients bridge-utils

2. In a directory create a disk for your VM, we are going to use Alpine for our VM:

qemu-img create -f qcow2 alpine_disk.qcow2 1G

3. Download the ISO image for your Alpine VM

wget https://dl-cdn.alpinelinux.org/alpine/v3.23/releases/x86_64/alpine-standard-3.23.2-x86_64.iso

4. Start the new Qemu VM and install the OS:

sudo qemu-system-x86_64 -enable-kvm -m 2G -cpu host -smp 2 -cdrom alpine-standard-3.22.0-x86_64.iso -drive file=alpine_disk.qcow2,format=qcow2 -boot d

5. Boot from disk instead of the CD-ROM and install your software:

sudo qemu-system-x86_64   -enable-kvm   -m 2G   -cpu host   -smp 2   -drive file=alpine_disk.qcow2,format=qcow2

6. Your new image alpine_disk.qcow2 its ready to be used.

Package your qcow2 image in a container image

Assuming that you have a Docker Hub user and you are login in your account run the following steps:
1. Create the Dockerfile to package for image

cat << END > Dockerfile
FROM scratch
ADD --chown=107:107 alpine_disk.qcow2 /disk/
END

2. Tag you image with your Docker user

docker build -t <docker_hub_user>/alpineimage:latest .
docker push <docker_hub_user>/alpineimage:latest

Create a VM a expose VM services in KubeVirt

To create a basic KubeVirt VM follow the next steps:
1. Create the KubeVirt VM definition

cat << END > vm.yaml
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
  name: alpinevm
spec:
  runStrategy: Halted
  template:
    metadata:
      labels:
        kubevirt.io/size: small
        kubevirt.io/domain: alpineso1
    spec:
      domain:
        devices:
          disks:
            - name: containerdisk
              disk:
                bus: virtio
          interfaces:
          - name: default
            masquerade: {}
        resources:
          requests:
            memory: 200M
      networks:
      - name: default
        pod: {}
      volumes:
        - name: containerdisk
          containerDisk:
            image: <docker_hub_user>/alpineimage
END

2. Apply the definition

kubectl apply -f vm.yaml

3. Check for the vm to be created

kubectl get vms

You will see the VM in the stopped state
4. Install virtctl CLI

VERSION=$(kubectl get kubevirt.kubevirt.io/kubevirt -n kubevirt -o=jsonpath="{.status.observedKubeVirtVersion}")
ARCH=$(uname -s | tr A-Z a-z)-$(uname -m | sed 's/x86_64/amd64/') || windows-amd64.exe
echo ${ARCH}
curl -L -o virtctl https://github.com/kubevirt/kubevirt/releases/download/${VERSION}/virtctl-${VERSION}-${ARCH}
sudo install -m 0755 virtctl /usr/local/bin

5. Start the VM

virtctl start alpinevm

6. Expose any service you have on the VM

virtctl expose vm alpinevm--port=<PORT_NUMBER>--name=<NEW_SERVICE_NAME> --type=ClusterIP

7. Now you can access the service of your VM in any Kubernetes Pod, Deployment, etc.

Conclusion about KubeVirt

KubeVirt is a technology that can be used when your applications are difficult to convert to containers or there is an specific situation where containers are not suitable to be used. Also for security reasons some systems prefer the use of VMs instead of containers and already have a Kubernetes environment that should interact with this VMs.

KubeVirt its an option option for VMs. In the university, we are testing KubeVirt to run some experiments with cloud native technologies. It was nice to create a VM using Qemu again and see that virtual machines needs to be used also in containerized environments. So it was a nice experience playing with KubeVirt a little bit.

See you on my next post with something interesting again.

Follow me

These are my social networks:

https://www.linkedin.com/in/sergioarmgpl
https://sergiops.xyz
https://x.com/sergioarmgpl
https://www.instagram.com/sergioarmgpl/

Please contribute to this awesome project:

https://kubevirt.io

Zot and ORAS to create & manage edge container registries

Sergio Méndez — Mon, 17 Mar 2025 06:00:00 +0000

Hi dear readers after been busy the last two weeks, I am back for Day 3 of my series 30DaysOfIoTEdge. Now it's time to learn about a container registry that you can run on devices with ARM microprocessors and that is compatible with OCI artifacts.

As the CNCF website on the sandbox projects page says "Zot is an OCI-native container registry for distributing container images and OCI artifacts". This means that you can not just only push containers or helm charts in your registry, but also you can push any type of file. For example, configuration files, ML models, images, etc. So you can deploy something similar to Docker Hub. But is completely free to use, as common in open source software. Check its official website for more in deep information about this project: https://zotregistry.dev/.

Based on the edu.chainguard.dev website and OCI artifact is "OCI artifacts are a way of using OCI registries, or container registries that are compliant with specifications set by the Open Container Initiative, to store arbitrary files.". Now we are clear that we can use the registries as a way to store. Something similar to having your own S3 storage. So let's start with the technical side of my blog post.

What you will learn

In this blog post you will learn:

Install Zot on ARM Devices (like a RPi).
Push & Pull a container into Zot
Push & Pull files as OCI artifacts into Zot using ORAS

Requirements

Raspberry Pi or ARM instance in the cloud.
Ubuntu >= 22.04
Install docker (default installation)

Let's put our hands on Zot.

Install Zot on ARM Devices

1. Install containerd running the following command:

sudo apt-get update
sudo apt-get install -y docker.io

These commands install Docker as your container runtime.

2. Install Zot to run in the port 5000 running following command:

docker run --name=zot -p 5000:5000 -d ghcr.io/project-zot/zot-linux-arm64:latest

Push & Pull a container into Zot

1. Pull the nginx image with the docker command:

docker pull nginx

2. Tag the image to push it with the name webserver into the Zot registry:

docker tag nginx localhost:5000/<NAMESPACE>/webserver:latest

NAMESPACE: Refers to any string that is going to simulate a project or user space in the registry. Because this is a basic installation you can use for it whatever string that you want.
3. Push the container into Zot as a image called webserver:latest, for this run the following command:

docker push localhost:5000/<NAMESPACE>/webserver:latest

4. Pull the previous container from the Zot registry as follows:

docker pull localhost:5000/<NAMESPACE>/webserver:latest

As you can see it works as any other registry. Let's move to work with OCI Artifacts.

Push/Pull files as OCI artifacts into Zot using ORAS

1. Install ORAS using snap:

snap install oras --classic

2. Create 2 files in your current directory:

echo 1 > file1.txt
echo 2 > file1.txt

3. Push the files as OCI artifacts into the repo as follows:

oras push localhost:5000/<NAMESPACE>/files:latest file1.txt file2.txt

You will see an output like this:

✓ Exists    application/vnd.oci.empty.v1+json                          2/2  B 100.00%     0s
  └─ sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
✓ Exists    file1.txt                                                  2/2  B 100.00%     0s
  └─ sha256:4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
✓ Exists    file2.txt                                                  2/2  B 100.00%     0s
  └─ sha256:53c234e5e8472b6ac51c1ae1cab3fe06fad053beb8ebfd8977b010655bfdd3c3
✓ Uploaded  application/vnd.oci.image.manifest.v1+json             795/795  B 100.00%    6ms
  └─ sha256:a3ca9cc257cce158f8d94674c70ce67ee8fa6f19eea3cebe368ce1c140be9dfd
Pushed [registry] localhost:5000/test1/files:latest
ArtifactType: application/vnd.unknown.artifact.v1
Digest: sha256:a3ca9cc257cce158f8d94674c70ce67ee8fa6f19eea3cebe368ce1c140be9dfd

This command create an OCI artifact called files with the tag latest which contains the files file1.txt and file2.txt.
4. Pull the files inside the OCI artifacts files:latest using the following command:

oras pull --plain-http localhost:5000/<NAMESPACE>/files:latest

You will see that the files will be unpackaged in your current directory and an output as follows:

✓ Pulled      file2.txt                                                2/2  B 100.00%  472µs
  └─ sha256:53c234e5e8472b6ac51c1ae1cab3fe06fad053beb8ebfd8977b010655bfdd3c3
✓ Pulled      file1.txt                                                2/2  B 100.00%    2ms
  └─ sha256:4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
✓ Pulled      application/vnd.oci.image.manifest.v1+json           795/795  B 100.00%  113µs
  └─ sha256:a3ca9cc257cce158f8d94674c70ce67ee8fa6f19eea3cebe368ce1c140be9dfd
Pulled [registry] localhost:5001/test1/files:latest
Digest: sha256:a3ca9cc257cce158f8d94674c70ce67ee8fa6f19eea3cebe368ce1c140be9dfd

Try to run this command on an empty directory to check if the artifact is unpackaged in that directory.

Zot UI

Do you want to use UI? Zot provides a UI for you, it looks like this in the main page:

And if you check an artifact looks like this:

Advanced options

Zot also provides more advance options like:

Supports helm charts
TLS support
Authentication
OCI Compatible
ARM support

Just to mention some of the features that are included. Its pretty easy to use and lightweight for edge solutions.

Are there another Registries that runs on ARM? Yes

You can use Distribution which is another option that runs on ARM.

Conclusion about Zot and ORAS

After testing Zot, its ARM compatible, lightweight and with enough features to implement a secure implementation for edge use cases. You can start quick to configure your own registry pretty quick with Zot. You can go wrong with it. Also with ORAS you can take advantage of pushing files like ML models, configurations and other kind of files that sometimes you need to store for temporary use, thats will be ideal for edge computing. So when using Zot and ORAS you get a full setup to create and manage your registries compatible with OCI artifacts.

What do you think about Zot and ORAS? Tell me, post your comment.

See you on my next post.

Follow me

These are mi social networks:

This blog post is an extended version content of my book:

https://amzn.to/3Vx6pnt

Creating containers with containerd & nerdctl on ARM

Sergio Méndez — Mon, 24 Feb 2025 06:00:00 +0000

Hi Folks, this is the Day 2 of my series 30DaysOfIoTEdge. Its time to learn more in deep how to create containers with a lightweight container runtime containerd together with nerdctl to create containers. nerdctl provides to the users to interact with the containerd to create containers as same as Docker.

containerd provides similar functionalities like Docker but in a small memory and CPU footprint which is ideal for IoT or edge solutions when using containers, also we are using ARM microprocessor that has a good balance between energy and CPU consumption, so that's the reason about why containerd fits and match nicely with ARM.

Also, Containers are the tool when you want to speed your process of updating your software and get modularity and portability when deploying your solutions. In this post you will learn how containerd together with nerdctl can help you with this use case scenario. Check their official websites for more info https://containerd.io and https://github.com/containerd/nerdctl.

What you will learn

In this blog post you will learn:

Install the containerd container runtime on ARM Devices (Rasberry Pi).
Install nerdctl to use containerd to create containers.
Create a basic container with nerdctl command line.

Requirements

Raspberry Pi or ARM instance in the cloud.
Ubuntu >= 22.04
Install containerd
Install CNI plugin
Install nerdctl

So Let's create containers with containerd.

Creating Python containers for ARM

1. Install containerd running the following command:

sudo apt-get update
sudo apt-get install -y containerd

This commands install containerd in your device.

2. Install nerdctl with the following commands:

NERDCTL_VERSION=2.0.3
wget https://github.com/containerd/nerdctl/releases/download/v2.0.3/nerdctl-$NERDCTL_VERSION-linux-arm64.tar.gz 
tar -xzvf nerdctl-$NERDCTL_VERSION-linux-arm64.tar.gz -C /sbin
CNI_VERSION=1.6.2
wget https://github.com/containernetworking/plugins/releases/download/v$CNI_VERSION/cni-plugins-linux-arm64-v$CNI_VERSION.tgz
mkdir -p /opt/cni/bin
tar -xzvf cni-plugins-linux-arm64-v$CNI_VERSION.tgz -C /opt/cni/bin

3. Create a container with nerdctl
Create an NGINX container exposing the port 80 to the 8080 in the host:

sudo nerdctl run --restart always -d -p 80:80 --name=nginx nginx

4. Test the container
Create the file with the following command:

curl localhost:8080

Note: This returns It works.

Extra commands

You can use the following commands for containerd:
1. To restart the service run:

sudo systemctl restart containerd

You can use the following commands for nerdctl:
2. List images

sudo nerdctl images

3. Push images

sudo nerdctl images

4. Pull images

sudo nerdctl images

5. Build images in the current directory

sudo nerdctl build .

6. Tag images

sudo nerdctl tag old_image:old_tag new_image:new_tag

Where is Podman, Docker and CRI-O?

Wait a moment. Let me tell you that there are alternatives, but containerd in particular has a low memory and CPU footprint so it's ideal for IoT and Edge devices. Podman could fit these needs and interact directly with RunC, which is daemonless. Docker because has more options and its daemon consumes more resources maybe doesn't fit IoT needs. CRI-O it could be but was designed to be lightweight and fit OCI compliance. Also, ask yourself if you need ARM support. The final decision depends on how much energy you want to consume, features, etc. With containerd, you can go wrong with IoT and Edge. In the future, I will add some table of comparison about footprint consumption. But try this tutorial to see how containerd performs.

Thank you and follow me

If you liked my blog post comment 😀
Also follow me at:

This blog post is an extended version of my book:

https://amzn.to/3Vx6pnt

Python containers for ARM

Sergio Méndez — Tue, 18 Feb 2025 05:34:22 +0000

Hi, this is the beginning of my blog post series called, 30DaysOfIoTEdge, you will learn about how to use Kubernetes, ARM, and container on the Edge, something that you can use to solve problems around Iot and Edge stuff. So, let's start with Day 1 creating a container for Python that runs on ARM.

What you will learn

In this blog post you will learn:

What you need to compile for ARM.
Create a basic container for Python using Flask as a basic API.
Adapt your container to run on ARM devices.

Requirements

Raspberry Pi or ARM instance in the cloud.
Docker installed
Ubuntu >= 22.04

So Let's get started with this post.

Creating Python containers for ARM

1. Install Docker with permission to execute the command without sudo. For this run the following commands:

sudo apt-get update
sudo apt-get install -y docker.io
sudo groupadd docker
sudo usermod -aG docker $USER

This commands install Docker in your machine, then restarts your terminal, in order to run docker without sudo. This is something that you will like to do instead of putting sudo before the docker command every time.

2. Create your Dockerfile
Create the file with the following command:

cat > Dockerfile <<-EOF
FROM python:3-alpine

WORKDIR /app

COPY requirements.txt .
RUN pip install -r requirements.txt

COPY . .

CMD ["ash", "-c", "python main.py"]
EOF

3. Create your main.py
Create the file with the following command:

cat > main.py <<-EOF
from flask import Flask
import os
import socket

app = Flask(__name__)

@app.route('/')
def index():
    return "Hello ARM Container"


if __name__ == '__main__':
    app.run(host='0.0.0.0', port=5000), debug=True)
EOF

4. Create the requeriments.txt
Create the file with the following command:

cat > requeriments.txt <<-EOF
flask
EOF

Note: This file includes all the dependencies of libraries using in your code. In this case we just use Flask, the other libraries are by default included.

5. Login into your registry
For this run the following command:

docker login

Enter your user from DockerHub or specify the registry your are using to push your container like ECR, GCR, AZR or Harbor as an open source container or artifact registry.
6. Build and push your container
For this run the following command:

docker buildx build --platform linux/arm64 \
-t <USERNAME>/<CONTAINER_NAME>:<TAG> --push .

Note: --platform specify the platform where the container is going to run. Common platforms used for ARM are linux/arm64 for ARM v8 and, linux/arm/v7 for v7. Also you can use x86_64 for Intel and Nuc devices.

7. Test your container.
For this run the following command:

docker run -it -p 5000:5000 <USERNAME>/<CONTAINER_NAME>:<TAG>

8. Test your API
For this use curl to test the API running:

curl http://<HOST_IP>:5000

It shows the Hello ARM Container

Tricks

In some cases, you can find precompiled packages or wheels for Python. Let's say for example that you are building for a Raspberry Pi device using Raspbian as its operating system. Raspbian uses some specific wheels precompiled for Raspbian but you can use it for another operating system. Why? Sometimes the libraries in Python are not compiled for ARM and when you build the container it detects that the library needs to be compiled for ARM and fails. You can solve it but it's easier to use the Python wheels precompiled for Raspbian. How you can use that wheels, just by running the following command:

RUN pip install --index-url=https://www.piwheels.org/simple --no-cache-dir -r requirements.txt

Instead of

RUN pip install -r requirements.txt

Thank you and follow me

If you liked my blog post comment 😀
Also follow me at:

This blog post is an extender version of my book:

https://amzn.to/3Vx6pnt

My 2023 in review

Sergio Méndez — Tue, 23 Jan 2024 03:31:46 +0000

Hi, you all, this is my very first time writing this kind of post. So, I want to say how was my 2023 in context of tech content, speaking sessions and my tech career in general.

I can summarize it like this:

24 speaking sessions
5 videos in my Youtube channel
3 KCDs
15 Working sessions for our Cloud Native Group.

I also participated in working sessions and created content in:

2 tags tag-environmental-sustainability, we were part of the sustainability week and for higher-ed (a future TAG), just participating to build something around university contents.

I participated in the several events or groups:

Cloud Native Guatemala Chapter
Cloud Native Amsterdam
KCD Colombia
KCD El Salvador
KCD Guatemala
Civo Navigate NA, Tampa
Civo Navigate Europe, London
KubeConNA, Chicago
Sustainability Week Guatemala

My best moments in the year:

I was selected to be a CNCF Ambassador after serveral years
Hosted an in-person KCD with my students
Talked with Bart Farrel about life and things
Talked with Cortney Nickerson at KubeConNA, Chicago
Talked with Ramiro Berrelleza in different events
Christmas breakfast with Cloud Native Guatemala Chapter organizers
Funny moments with Alessadro Civo, Dario Trankitela
Met in person Kunal Kushwaha
Shared in the KCD boot in the KCD about Guatemala in KubeConNA, Chicago
In deep conversation about life with Tiffany Jatcha

The event and moment I loved the most was Cloud Native Amsterdam.

Also, I learned from Bart Farrel, that you are not alone when you have problems, your friends support you, also I have a lot of friends in the ecosystem that loves me.

Now, this year 2024, for me is the year to thing about me, grow up, and explore new things, I want to try to create content by myself, I mean, be my own brand, like a kind of DevRel. I will take the advice of a close friend of mine, that said me about build a community around me. I will try, let's see if I can build that community.

Finally, I want to visit Europe again to be in other events. If I am lucky I would like to be in Japan, but first I have to build that dream, let's see if the happens.

I have a lot of pending videos to upload from 2023, a lot of content coming. So, that was my 2023 in review, what about yours? any 2024 resolutions?

BTW, follow me on Twitter as @sergioarmgpl

See you the next time!

How I became a Linkerd Hero?

Sergio Méndez — Wed, 12 May 2021 21:49:11 +0000

Hi, Dev.to community this is my first post, and I want to share how I became a Linkerd Hero. This is more or less a large story, let me introduce myself first. I am Sergio Méndez. I was born in Guatemala, I represent that part of underrepresented technology groups, actually, I am working as a DevOps Engineer at Yalo, and I am also an Operating Systems professor at USAC, Guatemala.

I remember that this story started when I talked at the 2018 OSCON conference, in that moment I was starting to experiment with Cloud Native technologies, some months before that, I was working for a Telco company here in Guatemala, I was building a tool to create custom chatbots using Kubernetes and OpenFaaS. I was a novice at that time and for sure it wasn’t my best experience talking in a conference, but it was challenging, me giving a talk in English outside my country, who would have imagined. As I mentioned it wasn’t my best experience. After that, I tried to prove to myself that I could do it better, so I was looking for another opportunity.

Next year, influenced by one of the organizers of O'Reilly, the one who pushed me to talk for the first time, I decided to send a talk proposal to KubeConEU 2020, and by my surprise, my talk was selected. My talk was about how to implement canary deployments using OpenFaaS and Linkerd. I remember that the creator of OpenFaaS contacted me and introduced me to the CTO of Buoyant, Buoyant is the company behind Linkerd.

Later 2020 I decided to include Linkerd in the final project of my course, and give the challenge to my students to build a basic distributed system using Kubernetes and Linkerd, I also mentioned this project to the Linkerd people, because I was moving a lot of service meshes topics Linkerd invited me to their Anchor Program to tell other what I was doing part of that was to participate on one of their Linkerd Community calls to share about our project.

At the beginning of January 2021, we presented the project to the Linkerd community with my students with the challenge to speak in another language but it was a really nice experience. I felt that we broke the language gap at that moment. A month later the Linkerd community nominated me to be the Linkerd Hero of February and by my surprise, I won.

Linkerd opened a lot of doors to be visible to the cloud native world. I really appreciate that, I love Linkerd is a really special community.

Things that I Learned:

Be ready when the moment and the opportunity comes
You won’t be successful all the time but you have to persist
Help others around to break technology frontiers
Diversity and inclusion matters
Nothing it's impossible if you are working to build it

And my final thought is:

Contribute is not just coding it could be teaching, speaking and create content for people in other languages, don’t get frustrated

Do you want to see the moment when we present the project with my students?

Here is it:

And if you like the academic side feel free to contribute to our repo:

https://github.com/sergioarmgpl/operating-systems-usac-course

Thanks, Dev.to Community, I hope you enjoy my first post.

Follow me if you liked this post :D.

Twitter: https://twitter.com/sergioarmgpl
Website: https://sergiops.xyz

Thanks to Justin Dorfman of Curiefense for reviewing this post.