DEV Community: Sandesh Ojha The latest articles on DEV Community by Sandesh Ojha (@sandeshojha). https://dev.to/sandeshojha https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3871836%2F884cd9e3-43ff-42c3-856b-d6dea4c5ce08.png DEV Community: Sandesh Ojha https://dev.to/sandeshojha en Building a Kubernetes Operator from Scratch with operator-sdk Sandesh Ojha Mon, 08 Jun 2026 03:45:21 +0000 https://dev.to/sandeshojha/building-a-kubernetes-operator-from-scratch-with-operator-sdk-576k https://dev.to/sandeshojha/building-a-kubernetes-operator-from-scratch-with-operator-sdk-576k <blockquote> <p><strong>GitHub Repo</strong>: <a href="https://github.com/SandeshOjha06/k8-operator" rel="noopener noreferrer">SandeshOjha06/k8-operator</a> — Clone this to follow along with the code.</p> </blockquote> <h2> The Problem </h2> <p>Standard Kubernetes primitives keep containers running, but they are fundamentally ignorant of your application's business logic. If you deploy a complex database or a custom backend, raw <code>Deployment</code>s and <code>StatefulSet</code>s are not enough. They cannot execute automated schema migrations, sequence complex initialization steps, or prevent a developer from manually scaling a pod via <code>kubectl scale</code> and accidentally breaking application state.</p> <p>That is the exact problem <strong>Operators</strong> solve. An Operator is a custom Go controller running inside the cluster that extends the Kubernetes API by encoding human operational knowledge directly into software. Instead of writing a runbook for your team to follow when things go wrong, you build an Operator that constantly observes the cluster, detects configuration drift, and forces compliance without any human intervention.</p> <h2> What We're Building </h2> <p>We are going to build a fully functional control plane for a custom resource called a <strong>WebApp</strong>.</p> <p>Instead of manually wiring up and managing standard Kubernetes objects, users submit a single declarative YAML file defining just two spec fields: their desired <code>replicas</code> and the container <code>image</code>. Our Operator will:</p> <ul> <li>Catch that custom API request and dynamically translate it</li> <li>Automatically provision both a core <code>Deployment</code> and a <code>NodePort</code> <code>Service</code> </li> <li>Continuously watch for <strong>configuration drift</strong> — if an unauthorized user modifies the running Deployment, the Operator instantly detects the deviation and reverts it</li> <li>Report live application health back via a native Kubernetes <strong>Status subresource</strong>, exposing the current <code>Phase</code> and <code>AvailableReplicas</code> </li> </ul> <h2> Scaffolding with operator-sdk </h2> <p>We don't write an Operator from an empty directory. We use the <code>operator-sdk</code> CLI to generate the project scaffold so we can focus entirely on application logic.</p> <p><strong>Initialize the project:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>operator-sdk init <span class="nt">--domain</span> sandesh.dev <span class="nt">--repo</span> github.com/sandesh-ojha/webapp-operator </code></pre> </div> <p>This scaffolds the standard Kubebuilder project layout, including the <code>main.go</code> entrypoint and a comprehensive <code>Makefile</code> that handles compiling, testing, and deploying.</p> <p><strong>Generate the CRD and controller:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>operator-sdk create api <span class="nt">--group</span> apps <span class="nt">--version</span> v1 <span class="nt">--kind</span> WebApp <span class="nt">--resource</span> <span class="nt">--controller</span> </code></pre> </div> <ul> <li> <code>--resource</code> generates the Go structs that define your custom API schema</li> <li> <code>--controller</code> scaffolds the <code>Reconciler</code> file where the active management logic will live</li> </ul> <p>This generates two critical files:</p> <ul> <li> <strong><code>api/v1/webapp_types.go</code></strong> — defines the Go structs representing the schema of our custom <code>WebApp</code> resource</li> <li> <strong><code>internal/controller/webapp_controller.go</code></strong> — houses the <code>Reconciler</code>, the control loop where our logic executes</li> </ul> <p>The SDK also generates <code>// +kubebuilder:</code> comment markers above our controller functions. These are not standard comments — they are <strong>compiler directives</strong>. When we run <code>make manifests</code>, the SDK reads these markers to automatically generate the strict RBAC YAML that grants our Operator permission to read, create, and update standard Kubernetes <code>Deployment</code>s and <code>Service</code>s.</p> <h2> Defining the CRD </h2> <p>Open <code>api/v1/webapp_types.go</code>. This is where we define the schema for our custom resource.</p> <p>Kubernetes strictly separates <em>what the user wants</em> from <em>what actually exists</em>. We mirror this by defining two distinct Go structs: <code>WebAppSpec</code> and <code>WebAppStatus</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">WebAppSpec</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Replicas</span> <span class="kt">int32</span> <span class="s">`json:"replicas"`</span> <span class="n">Image</span> <span class="kt">string</span> <span class="s">`json:"image"`</span> <span class="p">}</span> <span class="k">type</span> <span class="n">WebAppPhase</span> <span class="kt">string</span> <span class="k">const</span> <span class="p">(</span> <span class="n">PhaseScaling</span> <span class="n">WebAppPhase</span> <span class="o">=</span> <span class="s">"Scaling"</span> <span class="n">PhaseRunning</span> <span class="n">WebAppPhase</span> <span class="o">=</span> <span class="s">"Running"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">WebAppStatus</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Phase</span> <span class="n">WebAppPhase</span> <span class="s">`json:"phase,omitempty"`</span> <span class="n">AvailableReplicas</span> <span class="kt">int32</span> <span class="s">`json:"availableReplicas"`</span> <span class="p">}</span> </code></pre> </div> <p><code>WebAppSpec</code> holds the data the user submits in their YAML. <code>WebAppStatus</code> holds the live state our Operator reports back: the <code>AvailableReplicas</code> currently running and a <code>Phase</code> (<code>Scaling</code> or <code>Running</code>) indicating overall health.</p> <p>Further up the file, just above the main <code>WebApp</code> struct, we add the kubebuilder markers:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// +kubebuilder:object:root=true</span> <span class="c">// +kubebuilder:subresource:status</span> <span class="c">// +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=".status.phase"</span> <span class="c">// +kubebuilder:printcolumn:name="Replicas",type="integer",JSONPath=".spec.replicas"</span> <span class="c">// +kubebuilder:printcolumn:name="Available",type="integer",JSONPath=".status.availableReplicas"</span> <span class="c">// +kubebuilder:resource:scope=Namespaced,shortName=wa</span> <span class="k">type</span> <span class="n">WebApp</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">metav1</span><span class="o">.</span><span class="n">TypeMeta</span> <span class="s">`json:",inline"`</span> <span class="n">metav1</span><span class="o">.</span><span class="n">ObjectMeta</span> <span class="s">`json:"metadata,omitempty"`</span> <span class="n">Spec</span> <span class="n">WebAppSpec</span> <span class="s">`json:"spec,omitempty"`</span> <span class="n">Status</span> <span class="n">WebAppStatus</span> <span class="s">`json:"status,omitempty"`</span> <span class="p">}</span> </code></pre> </div> <p>Two of these markers are vital for a production-grade Operator:</p> <p><strong><code>+kubebuilder:subresource:status</code></strong> — tells Kubernetes to expose a dedicated <code>/status</code> endpoint for this resource. This is critical: it allows our Operator to update the status safely without accidentally modifying the user's desired spec or triggering an infinite reconcile loop.</p> <p><strong><code>+kubebuilder:printcolumn</code></strong> — maps our internal JSON fields to human-readable columns in the terminal. When a user types <code>kubectl get webapps</code>, they immediately see the <code>Phase</code>, desired <code>Replicas</code>, and <code>Available</code> replicas — not just the resource name.</p> <p>And the <code>WebAppList</code> type required by the SDK:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// +kubebuilder:object:root=true</span> <span class="k">type</span> <span class="n">WebAppList</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">metav1</span><span class="o">.</span><span class="n">TypeMeta</span> <span class="s">`json:",inline"`</span> <span class="n">metav1</span><span class="o">.</span><span class="n">ListMeta</span> <span class="s">`json:"metadata,omitempty"`</span> <span class="n">Items</span> <span class="p">[]</span><span class="n">WebApp</span> <span class="s">`json:"items"`</span> <span class="p">}</span> <span class="k">func</span> <span class="n">init</span><span class="p">()</span> <span class="p">{</span> <span class="n">SchemeBuilder</span><span class="o">.</span><span class="n">Register</span><span class="p">(</span><span class="o">&amp;</span><span class="n">WebApp</span><span class="p">{},</span> <span class="o">&amp;</span><span class="n">WebAppList</span><span class="p">{})</span> <span class="p">}</span> </code></pre> </div> <h2> The Reconciler </h2> <p>If the CRD is the API, the Reconciler is the brain. Open <code>internal/controller/webapp_controller.go</code>.</p> <p>This is where we implement the infinite control loop that constantly drives the cluster toward our desired state. We'll break the <code>Reconcile</code> function down exactly as it executes sequentially: <strong>Observe → Create → Correct → Report</strong>.</p> <h3> RBAC Markers </h3> <p>Before the function itself, we declare the permissions our controller needs. These markers generate the RBAC manifests automatically when you run <code>make manifests</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// +kubebuilder:rbac:groups=apps.sandesh.dev,resources=webapps,verbs=get;list;watch;create;update;patch;delete</span> <span class="c">// +kubebuilder:rbac:groups=apps.sandesh.dev,resources=webapps/status,verbs=get;update;patch</span> <span class="c">// +kubebuilder:rbac:groups=apps.sandesh.dev,resources=webapps/finalizers,verbs=update</span> <span class="c">// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete</span> <span class="c">// +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete</span> </code></pre> </div> <h3> Step 1 — The Function Signature and the Fetch Block </h3> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">WebAppReconciler</span><span class="p">)</span> <span class="n">Reconcile</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">req</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">(</span><span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">logger</span> <span class="o">:=</span> <span class="n">logf</span><span class="o">.</span><span class="n">FromContext</span><span class="p">(</span><span class="n">ctx</span><span class="p">)</span> <span class="n">app</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">appsv1</span><span class="o">.</span><span class="n">WebApp</span><span class="p">{}</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">req</span><span class="o">.</span><span class="n">NamespacedName</span><span class="p">,</span> <span class="n">app</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">if</span> <span class="n">apierrors</span><span class="o">.</span><span class="n">IsNotFound</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// ...</span> </code></pre> </div> <p>Notice what <code>req ctrl.Request</code> receives — <strong>not</strong> the actual <code>WebApp</code> object or its state, only a name and a namespace. Kubernetes is highly asynchronous. By the time the Reconciler runs, the object might have changed again. Therefore, the very first step is to <code>Get</code> the absolute latest state of our <code>WebApp</code> resource directly from the API. If it returns a <code>NotFound</code> error, the user deleted the resource and we exit safely.</p> <h3> Step 2 — Deployment Reconciliation: Creation &amp; Owner References </h3> <p>Next, we check if the underlying Nginx pods exist by attempting to fetch a standard Kubernetes <code>Deployment</code> with the same name as our <code>WebApp</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">foundDep</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">k8sappsv1</span><span class="o">.</span><span class="n">Deployment</span><span class="p">{}</span> <span class="n">err</span> <span class="o">=</span> <span class="n">r</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">types</span><span class="o">.</span><span class="n">NamespacedName</span><span class="p">{</span><span class="n">Name</span><span class="o">:</span> <span class="n">app</span><span class="o">.</span><span class="n">Name</span><span class="p">,</span> <span class="n">Namespace</span><span class="o">:</span> <span class="n">app</span><span class="o">.</span><span class="n">Namespace</span><span class="p">},</span> <span class="n">foundDep</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="o">&amp;&amp;</span> <span class="n">apierrors</span><span class="o">.</span><span class="n">IsNotFound</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">{</span> <span class="n">dep</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">deploymentForWebApp</span><span class="p">(</span><span class="n">app</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">Create</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">dep</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{</span><span class="n">Requeue</span><span class="o">:</span> <span class="no">true</span><span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>If the Deployment is missing, we build it. Inside our <code>deploymentForWebApp</code> helper, there is one critical line:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">WebAppReconciler</span><span class="p">)</span> <span class="n">deploymentForWebApp</span><span class="p">(</span><span class="n">app</span> <span class="o">*</span><span class="n">appsv1</span><span class="o">.</span><span class="n">WebApp</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">k8sappsv1</span><span class="o">.</span><span class="n">Deployment</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">ls</span> <span class="o">:=</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span><span class="p">{</span><span class="s">"app"</span><span class="o">:</span> <span class="n">app</span><span class="o">.</span><span class="n">Name</span><span class="p">}</span> <span class="n">replicas</span> <span class="o">:=</span> <span class="n">app</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Replicas</span> <span class="n">dep</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">k8sappsv1</span><span class="o">.</span><span class="n">Deployment</span><span class="p">{</span> <span class="n">ObjectMeta</span><span class="o">:</span> <span class="n">metav1</span><span class="o">.</span><span class="n">ObjectMeta</span><span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="n">app</span><span class="o">.</span><span class="n">Name</span><span class="p">,</span> <span class="n">Namespace</span><span class="o">:</span> <span class="n">app</span><span class="o">.</span><span class="n">Namespace</span><span class="p">,</span> <span class="p">},</span> <span class="n">Spec</span><span class="o">:</span> <span class="n">k8sappsv1</span><span class="o">.</span><span class="n">DeploymentSpec</span><span class="p">{</span> <span class="n">Replicas</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">replicas</span><span class="p">,</span> <span class="n">Selector</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">metav1</span><span class="o">.</span><span class="n">LabelSelector</span><span class="p">{</span> <span class="n">MatchLabels</span><span class="o">:</span> <span class="n">ls</span><span class="p">,</span> <span class="p">},</span> <span class="n">Template</span><span class="o">:</span> <span class="n">corev1</span><span class="o">.</span><span class="n">PodTemplateSpec</span><span class="p">{</span> <span class="n">ObjectMeta</span><span class="o">:</span> <span class="n">metav1</span><span class="o">.</span><span class="n">ObjectMeta</span><span class="p">{</span><span class="n">Labels</span><span class="o">:</span> <span class="n">ls</span><span class="p">},</span> <span class="n">Spec</span><span class="o">:</span> <span class="n">corev1</span><span class="o">.</span><span class="n">PodSpec</span><span class="p">{</span> <span class="n">Containers</span><span class="o">:</span> <span class="p">[]</span><span class="n">corev1</span><span class="o">.</span><span class="n">Container</span><span class="p">{{</span> <span class="n">Name</span><span class="o">:</span> <span class="s">"webapp"</span><span class="p">,</span> <span class="n">Image</span><span class="o">:</span> <span class="n">app</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Image</span><span class="p">,</span> <span class="n">Ports</span><span class="o">:</span> <span class="p">[]</span><span class="n">corev1</span><span class="o">.</span><span class="n">ContainerPort</span><span class="p">{{</span> <span class="n">ContainerPort</span><span class="o">:</span> <span class="m">80</span><span class="p">,</span> <span class="n">Protocol</span><span class="o">:</span> <span class="n">corev1</span><span class="o">.</span><span class="n">ProtocolTCP</span><span class="p">,</span> <span class="p">}},</span> <span class="p">}},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">}</span> <span class="c">// This is the critical line — sets the Owner Reference</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">SetControllerReference</span><span class="p">(</span><span class="n">app</span><span class="p">,</span> <span class="n">dep</span><span class="p">,</span> <span class="n">r</span><span class="o">.</span><span class="n">Scheme</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">dep</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p><code>ctrl.SetControllerReference(app, dep, r.Scheme)</code> sets an <strong>Owner Reference</strong>. Kubernetes needs to know that our <code>WebApp</code> is the parent and this <code>Deployment</code> is the child. When a user runs <code>kubectl delete webapp sandy-app</code>, the Kubernetes garbage collector reads this reference and automatically deletes the child <code>Deployment</code>s and <code>Service</code>s. Without this, you create zombie resources that run forever.</p> <h3> Step 3 — Deployment Reconciliation: Drift Detection </h3> <p>If the Deployment does exist, we don't just move on. We execute drift detection logic. <strong>This is what separates a fire-and-forget script from a true Operator.</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">desiredReplicas</span> <span class="o">:=</span> <span class="n">app</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Replicas</span> <span class="n">desiredImage</span> <span class="o">:=</span> <span class="n">app</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Image</span> <span class="n">actualImage</span> <span class="o">:=</span> <span class="n">foundDep</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Template</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Containers</span><span class="p">[</span><span class="m">0</span><span class="p">]</span><span class="o">.</span><span class="n">Image</span> <span class="k">if</span> <span class="o">*</span><span class="n">foundDep</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Replicas</span> <span class="o">!=</span> <span class="n">desiredReplicas</span> <span class="o">||</span> <span class="n">actualImage</span> <span class="o">!=</span> <span class="n">desiredImage</span> <span class="p">{</span> <span class="n">logger</span><span class="o">.</span><span class="n">Info</span><span class="p">(</span><span class="s">"Drift detected! Updating Deployment"</span><span class="p">,</span> <span class="s">"DesiredReplicas"</span><span class="p">,</span> <span class="n">desiredReplicas</span><span class="p">,</span> <span class="s">"ActualReplicas"</span><span class="p">,</span> <span class="o">*</span><span class="n">foundDep</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Replicas</span><span class="p">,</span> <span class="s">"DesiredImage"</span><span class="p">,</span> <span class="n">desiredImage</span><span class="p">,</span> <span class="s">"ActualImage"</span><span class="p">,</span> <span class="n">actualImage</span><span class="p">,</span> <span class="p">)</span> <span class="n">foundDep</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Replicas</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">desiredReplicas</span> <span class="n">foundDep</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Template</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Containers</span><span class="p">[</span><span class="m">0</span><span class="p">]</span><span class="o">.</span><span class="n">Image</span> <span class="o">=</span> <span class="n">desiredImage</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">Update</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">foundDep</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{</span><span class="n">Requeue</span><span class="o">:</span> <span class="no">true</span><span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>We compare the <strong>Desired</strong> state (from our <code>WebApp</code>) against the <strong>Actual</strong> state (from the running <code>Deployment</code>). If an unauthorized user uses <code>kubectl scale</code> to crank replicas up to 10, or swaps the image to a vulnerable version, this <code>if</code> block catches it, overwrites the corrupted values in memory, and pushes the correction back to the cluster via <code>r.Update()</code>.</p> <h3> Step 4 — Service Reconciliation </h3> <p>Once the compute layer is aligned, we repeat the exact same pattern for networking. We check if the <code>Service</code> exists, and if not, we create it. Because we need this exposed locally on Minikube, we provision a <code>NodePort</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">foundSvc</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">corev1</span><span class="o">.</span><span class="n">Service</span><span class="p">{}</span> <span class="n">err</span> <span class="o">=</span> <span class="n">r</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">types</span><span class="o">.</span><span class="n">NamespacedName</span><span class="p">{</span><span class="n">Name</span><span class="o">:</span> <span class="n">app</span><span class="o">.</span><span class="n">Name</span> <span class="o">+</span> <span class="s">"-service"</span><span class="p">,</span> <span class="n">Namespace</span><span class="o">:</span> <span class="n">app</span><span class="o">.</span><span class="n">Namespace</span><span class="p">},</span> <span class="n">foundSvc</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="o">&amp;&amp;</span> <span class="n">apierrors</span><span class="o">.</span><span class="n">IsNotFound</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">{</span> <span class="n">svc</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">serviceForWebApp</span><span class="p">(</span><span class="n">app</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">Create</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">svc</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{</span><span class="n">Requeue</span><span class="o">:</span> <span class="no">true</span><span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>And the helper:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">WebAppReconciler</span><span class="p">)</span> <span class="n">serviceForWebApp</span><span class="p">(</span><span class="n">app</span> <span class="o">*</span><span class="n">appsv1</span><span class="o">.</span><span class="n">WebApp</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">corev1</span><span class="o">.</span><span class="n">Service</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">ls</span> <span class="o">:=</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span><span class="p">{</span><span class="s">"app"</span><span class="o">:</span> <span class="n">app</span><span class="o">.</span><span class="n">Name</span><span class="p">}</span> <span class="n">svc</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">corev1</span><span class="o">.</span><span class="n">Service</span><span class="p">{</span> <span class="n">ObjectMeta</span><span class="o">:</span> <span class="n">metav1</span><span class="o">.</span><span class="n">ObjectMeta</span><span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="n">app</span><span class="o">.</span><span class="n">Name</span> <span class="o">+</span> <span class="s">"-service"</span><span class="p">,</span> <span class="n">Namespace</span><span class="o">:</span> <span class="n">app</span><span class="o">.</span><span class="n">Namespace</span><span class="p">,</span> <span class="p">},</span> <span class="n">Spec</span><span class="o">:</span> <span class="n">corev1</span><span class="o">.</span><span class="n">ServiceSpec</span><span class="p">{</span> <span class="n">Selector</span><span class="o">:</span> <span class="n">ls</span><span class="p">,</span> <span class="n">Type</span><span class="o">:</span> <span class="n">corev1</span><span class="o">.</span><span class="n">ServiceTypeNodePort</span><span class="p">,</span> <span class="n">Ports</span><span class="o">:</span> <span class="p">[]</span><span class="n">corev1</span><span class="o">.</span><span class="n">ServicePort</span><span class="p">{{</span> <span class="n">Protocol</span><span class="o">:</span> <span class="n">corev1</span><span class="o">.</span><span class="n">ProtocolTCP</span><span class="p">,</span> <span class="n">Port</span><span class="o">:</span> <span class="m">80</span><span class="p">,</span> <span class="n">TargetPort</span><span class="o">:</span> <span class="n">intstr</span><span class="o">.</span><span class="n">FromInt</span><span class="p">(</span><span class="m">80</span><span class="p">),</span> <span class="p">}},</span> <span class="p">},</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">SetControllerReference</span><span class="p">(</span><span class="n">app</span><span class="p">,</span> <span class="n">svc</span><span class="p">,</span> <span class="n">r</span><span class="o">.</span><span class="n">Scheme</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">svc</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <h3> Step 5 — Status Updates </h3> <p>Finally, when we are certain the resources exist and are correctly configured, we report the application's health back to the user:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">available</span> <span class="o">:=</span> <span class="n">foundDep</span><span class="o">.</span><span class="n">Status</span><span class="o">.</span><span class="n">AvailableReplicas</span> <span class="n">app</span><span class="o">.</span><span class="n">Status</span><span class="o">.</span><span class="n">AvailableReplicas</span> <span class="o">=</span> <span class="n">available</span> <span class="k">if</span> <span class="n">available</span> <span class="o">==</span> <span class="n">app</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Replicas</span> <span class="p">{</span> <span class="n">app</span><span class="o">.</span><span class="n">Status</span><span class="o">.</span><span class="n">Phase</span> <span class="o">=</span> <span class="n">appsv1</span><span class="o">.</span><span class="n">PhaseRunning</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="n">app</span><span class="o">.</span><span class="n">Status</span><span class="o">.</span><span class="n">Phase</span> <span class="o">=</span> <span class="n">appsv1</span><span class="o">.</span><span class="n">PhaseScaling</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">Status</span><span class="p">()</span><span class="o">.</span><span class="n">Update</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">app</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>We don't count pods ourselves — we read the <code>AvailableReplicas</code> reported by the native Kubernetes <code>Deployment</code> controller, copy that into our <code>WebApp</code> status, determine the <code>Phase</code>, and push the update.</p> <blockquote> <p>⚠️ <strong>Critical</strong>: Notice we use <code>r.Status().Update()</code> instead of <code>r.Update()</code>. Kubernetes intentionally separates the Spec endpoint from the Status endpoint. If you update Status using the main <code>r.Update()</code> method, Kubernetes sees a modification to the primary object and instantly triggers another <code>Reconcile</code> loop — an infinite crash loop. The dedicated Status endpoint prevents this. This is why the <code>+kubebuilder:subresource:status</code> marker exists.</p> </blockquote> <h2> Testing on Minikube </h2> <p>With the logic complete, let's deploy the Operator and watch it enforce desired state. Open two terminal windows.</p> <p><strong>Terminal 1: Install the CRD and start the Operator</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>make <span class="nb">install </span>make run </code></pre> </div> <p>You'll see <code>controller-runtime</code> logs start up and wait for events.</p> <p><strong>Terminal 2: Deploy the Custom Resource</strong></p> <p>Create <code>my-app.yaml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps.sandesh.dev/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">WebApp</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">sandy-app</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">default</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">3</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx:1.25-alpine</span> </code></pre> </div> <p>Apply it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl apply <span class="nt">-f</span> my-app.yaml webapp.apps.sandesh.dev/sandy-app created </code></pre> </div> <p>Check the custom resource. Notice how our <code>printcolumn</code> markers format the output with live state:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get webapps NAME PHASE REPLICAS AVAILABLE sandy-app Running 3 3 </code></pre> </div> <p>Verify the Operator provisioned the underlying resources:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get pods NAME READY STATUS RESTARTS AGE sandy-app-7c8585559-2mxgk 1/1 Running 0 45s sandy-app-7c8585559-8pabc 1/1 Running 0 45s sandy-app-7c8585559-xy9jz 1/1 Running 0 45s </code></pre> </div> <h2> Demo: Drift Detection </h2> <p>Simulate an unauthorized user bypassing the custom resource and manually scaling the Deployment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl scale deployment sandy-app <span class="nt">--replicas</span><span class="o">=</span>10 deployment.apps/sandy-app scaled </code></pre> </div> <p>Immediately look at Terminal 1. The Operator catches it instantly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>INFO Drift detected! Updating Deployment {"DesiredReplicas": 3, "ActualReplicas": 10} </code></pre> </div> <p>Check the pods — the Operator has already crushed the unauthorized change:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get pods NAME READY STATUS RESTARTS AGE sandy-app-7c8585559-2mxgk 1/1 Running 0 2m sandy-app-7c8585559-8pabc 1/1 Running 0 2m sandy-app-7c8585559-xy9jz 1/1 Running 0 2m sandy-app-7c8585559-zbt99 0/1 Terminating 0 12s sandy-app-7c8585559-plk22 0/1 Terminating 0 12s </code></pre> </div> <p>Kubernetes is terminating the excess pods. Within seconds, only the original 3 remain.</p> <p>While this recovery is happening, our Status update block reports the degraded state in real time:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get webapps NAME PHASE REPLICAS AVAILABLE sandy-app Scaling 3 10 </code></pre> </div> <p>Once the cluster fully converges, the phase automatically switches back to <code>Running</code>.</p> <h2> What I Learned / What's Next </h2> <p>Building this Operator demystified a lot of the "magic" of Kubernetes. The biggest hurdle wasn't Go syntax — it was wrapping my head around the <strong>asynchronous, declarative nature of the Reconcile loop</strong>. You don't write scripts that execute step-by-step; you write a state machine that constantly compares <em>what is</em> versus <em>what should be</em> and corrects the difference.</p> <p>Mastering this control loop pattern was exactly what I needed for my next step. For the upcoming Fall LFX Mentorship term, my target is <strong>containerd</strong>. Since containerd relies entirely on this same highly concurrent, API-driven Go architecture to manage low-level Linux primitives, building this Operator gave me the exact foundation to start contributing to the core daemon and the runtime shim.</p> <p><em>If you have questions or want to dig into the code, the full repo is at <a href="https://github.com/SandeshOjha06/k8-operator" rel="noopener noreferrer">SandeshOjha06/k8-operator</a>. Drop a comment below — happy to discuss the controller-runtime internals.</em></p> kubernetes go devops cloud I built a Redis clone in C: From blocking I/O to epoll to crash safe persistence Sandesh Ojha Sat, 23 May 2026 03:21:47 +0000 https://dev.to/sandeshojha/i-built-a-redis-clone-in-c-from-blocking-io-to-epoll-to-crash-safe-persistence-4imh https://dev.to/sandeshojha/i-built-a-redis-clone-in-c-from-blocking-io-to-epoll-to-crash-safe-persistence-4imh <p>I had been hearing about sockets, TCP connections, and networking for years without truly understanding what any of it meant at the code level. Building C-dis changed that. I learned the full socket lifecycle, what happens on both sides of a connection, how the kernel manages buffers, and how to handle non-blocking I/O states inside a manual event loop.What surprised me most was that a single-threaded architecture using epoll could handle tens of thousands of requests per second: no threads, no locking, no complexity. Architectural efficiency beats brute-force processing more often than people realize.The problem: One client at a timeMy first version was a simple blocking server. It worked, but the limitation became obvious immediately.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">while</span> <span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="p">{</span> <span class="kt">int</span> <span class="n">client_fd</span> <span class="o">=</span> <span class="n">accept</span><span class="p">(</span><span class="n">server_fd</span><span class="p">,</span> <span class="p">(</span><span class="k">struct</span> <span class="n">sockaddr</span> <span class="o">*</span><span class="p">)</span><span class="o">&amp;</span><span class="n">client_addr</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">client_len</span><span class="p">);</span> <span class="c1">// Server is completely frozen here until this client finishes</span> <span class="n">handle_client</span><span class="p">(</span><span class="n">client_fd</span><span class="p">,</span> <span class="n">ht</span><span class="p">);</span> <span class="n">close</span><span class="p">(</span><span class="n">client_fd</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><br> c<br> While handle_client is running, the server cannot accept new connections, cannot read from other clients, and cannot do anything else. One client holds the entire server hostage. A second client connecting during this time sits in the kernel's backlog queue, waiting silently with no feedback. In production, this means a slow client degrades the experience for every other user on the server.The fix isn't to add threads. The fix is to stop blocking.The data engine: Building a hash table from scratchBefore writing the network layer, I needed somewhere to store data. The obvious choice was a simple array with linear search, but that is O(n) lookup. For a database, that is unacceptable.I looked at how Redis 2.0 approached this. Hash tables. O(1) average lookup, regardless of how many keys are stored. I implemented one from scratch using the djb2 hash function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">static</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="nf">hash</span><span class="p">(</span><span class="k">const</span> <span class="kt">char</span> <span class="o">*</span><span class="n">key</span><span class="p">)</span> <span class="p">{</span> <span class="kt">unsigned</span> <span class="kt">long</span> <span class="kt">int</span> <span class="n">hashval</span> <span class="o">=</span> <span class="mi">5381</span><span class="p">;</span> <span class="kt">int</span> <span class="n">c</span><span class="p">;</span> <span class="k">while</span> <span class="p">((</span><span class="n">c</span> <span class="o">=</span> <span class="o">*</span><span class="n">key</span><span class="o">++</span><span class="p">))</span> <span class="n">hashval</span> <span class="o">=</span> <span class="p">((</span><span class="n">hashval</span> <span class="o">&lt;&lt;</span> <span class="mi">5</span><span class="p">)</span> <span class="o">+</span> <span class="n">hashval</span><span class="p">)</span> <span class="o">+</span> <span class="n">c</span><span class="p">;</span> <span class="k">return</span> <span class="n">hashval</span> <span class="o">&amp;</span> <span class="p">(</span><span class="n">HASH_SIZE</span> <span class="o">-</span> <span class="mi">1</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The (hashval &lt;&lt; 5) + hashval is equivalent to hashval * 33, a multiplier chosen because it distributes keys evenly across buckets with minimal clustering. The &amp; (HASH_SIZE - 1) replaces modulo with a bitwise AND, which is faster when the table size is a power of two.When two keys hash to the same bucket (a collision) they chain together in a linked list.</p> <p>Lookup walks the chain comparing keys until it finds a match or hits NULL. With a good hash function and a reasonable load factor, chains stay short and lookup stays effectively O(1).select vs epoll: The architecture that makes this fast to handle multiple clients without threads, I needed I/O multiplexing: a way to ask the kernel "which of these sockets has data ready?" and act only on those.I implemented select first, then replaced it with epoll. The difference taught me more about systems design than any other part of this project.The problem with select:Every time you call select, you rebuild the entire watch list from scratch and hand it to the kernel. The kernel scans every file descriptor in the set (whether active or idle) and returns a modified bitmask showing which ones are ready. With 1,000 connected clients and only 1 active, the kernel scans all 1,000 every time. That is O(n) per event loop iteration.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">while</span> <span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="p">{</span> <span class="n">fd_set</span> <span class="n">readfds</span><span class="p">;</span> <span class="n">FD_ZERO</span><span class="p">(</span><span class="o">&amp;</span><span class="n">readfds</span><span class="p">);</span> <span class="n">FD_SET</span><span class="p">(</span><span class="n">server_fd</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">readfds</span><span class="p">);</span> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">MAX_CLIENTS</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">)</span> <span class="k">if</span> <span class="p">(</span><span class="n">clients</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">!=</span> <span class="o">-</span><span class="mi">1</span><span class="p">)</span> <span class="n">FD_SET</span><span class="p">(</span><span class="n">clients</span><span class="p">[</span><span class="n">i</span><span class="p">],</span> <span class="o">&amp;</span><span class="n">readfds</span><span class="p">);</span> <span class="c1">// rebuild every iteration </span> <span class="n">select</span><span class="p">(</span><span class="n">max_fd</span> <span class="o">+</span> <span class="mi">1</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">readfds</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">);</span> <span class="c1">// now scan all fds again to find which ones triggered</span> <span class="p">}</span> </code></pre> </div> <p>How epoll fixes it:epoll moves the interest list into the kernel permanently. You register a file descriptor once with epoll_ctl. The kernel maintains it. When you call epoll_wait, it returns only the file descriptors that are actually ready, not all of them.<br> C<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// register once epoll_ctl(epfd, EPOLL_CTL_ADD, client_fd, &amp;ev); // wait: returns only ready fds int n = epoll_wait(epfd, events, 64, -1); for (int i = 0; i &lt; n; i++) { // every event here is guaranteed ready handle(events[i].data.fd); } </code></pre> </div> <p>This is a synchronous benchmark. Each command waits for a response before sending the next. It measures worst case single client throughput. Pipelining multiple commands per connection would push this significantly higher.Zero memory leaks across 40,000 operations verified with valgrind --leak-check=full. Every malloc in the hash table has a matching free in ht_destroy.What is nextThe next project is a container runtime: implementing Linux namespaces, cgroups, and pivot_root in C to build a minimal docker run from scratch. Understanding how containers actually work at the kernel level, not just how to use them.The code for C-dis is on GitHub. If you are building something similar or have questions about the epoll implementation, I am happy to talk through it in the comments below!</p> database networking showdev systems SHELL PROJECT - LEXER Sandesh Ojha Thu, 23 Apr 2026 16:28:55 +0000 https://dev.to/sandeshojha/shell-project-lexer-20nd https://dev.to/sandeshojha/shell-project-lexer-20nd <p>I've spent the past few weeks going deep on Unix and Linux systems programming — reading TLPI, working through CS:APP, writing C daily. Today I started the project that ties it all together: building a shell from scratch in C.<br> The shell has a modular structure. Each component has one job. The first component I wrote today is the lexer.<br> **<br> What a lexer does**<br> The user types a string. Your program needs structured data. The lexer bridges that gap.<br> It takes a raw input string like:<br> '''bash<br> ls -la | grep txt &gt; out.txt<br> '''<br> And converts it into an array of typed tokens:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">[</span>WORD:<span class="s2">"ls"</span><span class="o">]</span> <span class="o">[</span>WORD:<span class="s2">"-la"</span><span class="o">]</span> <span class="o">[</span>PIPE] <span class="o">[</span>WORD:<span class="s2">"grep"</span><span class="o">]</span> <span class="o">[</span>WORD:<span class="s2">"txt"</span><span class="o">]</span> <span class="o">[</span>REDIR_OUT] <span class="o">[</span>WORD:<span class="s2">"out.txt"</span><span class="o">]</span> <span class="o">[</span>EOF] </code></pre> </div> <p>Each token has a type and a value string for word tokens. The parser takes this token array and figures out what it means.</p> <p>The implementation<br> The lexer is a state machine. It reads characters one at a time and decides what to do:</p> <ul> <li>whitespace — finish any word in progress, skip</li> <li>| — emit a PIPE token</li> <li>&gt; — peek at the next character: &gt;&gt; emits REDIR_APPEND, &gt; alone emits REDIR_OUT</li> <li>&lt; — emit REDIR_IN</li> <li>anything else — accumulate into the current word </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="cp">#include</span> <span class="cpf">"shell.h"</span><span class="cp"> </span> <span class="kt">int</span> <span class="nf">lexer</span><span class="p">(</span><span class="k">const</span> <span class="kt">char</span> <span class="o">*</span><span class="n">input</span><span class="p">,</span> <span class="n">Token</span> <span class="o">*</span><span class="n">tokens</span><span class="p">,</span> <span class="kt">int</span> <span class="n">max_tokens</span><span class="p">)</span> <span class="p">{</span> <span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="kt">int</span> <span class="n">t</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="kt">int</span> <span class="n">w</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="kt">char</span> <span class="n">word</span><span class="p">[</span><span class="n">MAX_INPUT</span><span class="p">];</span> <span class="k">while</span> <span class="p">(</span><span class="n">input</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">!=</span> <span class="sc">'\0'</span> <span class="o">&amp;&amp;</span> <span class="n">t</span> <span class="o">&lt;</span> <span class="n">max_tokens</span> <span class="o">-</span> <span class="mi">1</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">input</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">==</span> <span class="sc">' '</span> <span class="o">||</span> <span class="n">input</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">==</span> <span class="sc">'\t'</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">w</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="n">word</span><span class="p">[</span><span class="n">w</span><span class="p">]</span> <span class="o">=</span> <span class="sc">'\0'</span><span class="p">;</span> <span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">type</span> <span class="o">=</span> <span class="n">TOKEN_WORD</span><span class="p">;</span> <span class="n">strncpy</span><span class="p">(</span><span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">value</span><span class="p">,</span> <span class="n">word</span><span class="p">,</span> <span class="n">MAX_INPUT</span> <span class="o">-</span> <span class="mi">1</span><span class="p">);</span> <span class="n">t</span><span class="o">++</span><span class="p">;</span> <span class="n">w</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> <span class="n">i</span><span class="o">++</span><span class="p">;</span> <span class="k">continue</span><span class="p">;</span> <span class="p">}</span> <span class="k">if</span> <span class="p">(</span><span class="n">input</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">==</span> <span class="sc">'|'</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">w</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="n">word</span><span class="p">[</span><span class="n">w</span><span class="p">]</span> <span class="o">=</span> <span class="sc">'\0'</span><span class="p">;</span> <span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">type</span> <span class="o">=</span> <span class="n">TOKEN_WORD</span><span class="p">;</span> <span class="n">strncpy</span><span class="p">(</span><span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">value</span><span class="p">,</span> <span class="n">word</span><span class="p">,</span> <span class="n">MAX_INPUT</span> <span class="o">-</span> <span class="mi">1</span><span class="p">);</span> <span class="n">t</span><span class="o">++</span><span class="p">;</span> <span class="n">w</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> <span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">type</span> <span class="o">=</span> <span class="n">TOKEN_PIPE</span><span class="p">;</span> <span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">value</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">=</span> <span class="sc">'\0'</span><span class="p">;</span> <span class="n">t</span><span class="o">++</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">;</span> <span class="k">continue</span><span class="p">;</span> <span class="p">}</span> <span class="k">if</span> <span class="p">(</span><span class="n">input</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">==</span> <span class="sc">'&gt;'</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">w</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="n">word</span><span class="p">[</span><span class="n">w</span><span class="p">]</span> <span class="o">=</span> <span class="sc">'\0'</span><span class="p">;</span> <span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">type</span> <span class="o">=</span> <span class="n">TOKEN_WORD</span><span class="p">;</span> <span class="n">strncpy</span><span class="p">(</span><span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">value</span><span class="p">,</span> <span class="n">word</span><span class="p">,</span> <span class="n">MAX_INPUT</span> <span class="o">-</span> <span class="mi">1</span><span class="p">);</span> <span class="n">t</span><span class="o">++</span><span class="p">;</span> <span class="n">w</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> <span class="k">if</span> <span class="p">(</span><span class="n">input</span><span class="p">[</span><span class="n">i</span> <span class="o">+</span> <span class="mi">1</span><span class="p">]</span> <span class="o">==</span> <span class="sc">'&gt;'</span><span class="p">)</span> <span class="p">{</span> <span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">type</span> <span class="o">=</span> <span class="n">TOKEN_REDIR_APPEND</span><span class="p">;</span> <span class="n">i</span> <span class="o">+=</span> <span class="mi">2</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">type</span> <span class="o">=</span> <span class="n">TOKEN_REDIR_OUT</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">;</span> <span class="p">}</span> <span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">value</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">=</span> <span class="sc">'\0'</span><span class="p">;</span> <span class="n">t</span><span class="o">++</span><span class="p">;</span> <span class="k">continue</span><span class="p">;</span> <span class="p">}</span> <span class="k">if</span> <span class="p">(</span><span class="n">input</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">==</span> <span class="sc">'&lt;'</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">w</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="n">word</span><span class="p">[</span><span class="n">w</span><span class="p">]</span> <span class="o">=</span> <span class="sc">'\0'</span><span class="p">;</span> <span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">type</span> <span class="o">=</span> <span class="n">TOKEN_WORD</span><span class="p">;</span> <span class="n">strncpy</span><span class="p">(</span><span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">value</span><span class="p">,</span> <span class="n">word</span><span class="p">,</span> <span class="n">MAX_INPUT</span> <span class="o">-</span> <span class="mi">1</span><span class="p">);</span> <span class="n">t</span><span class="o">++</span><span class="p">;</span> <span class="n">w</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> <span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">type</span> <span class="o">=</span> <span class="n">TOKEN_REDIR_IN</span><span class="p">;</span> <span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">value</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">=</span> <span class="sc">'\0'</span><span class="p">;</span> <span class="n">t</span><span class="o">++</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">;</span> <span class="k">continue</span><span class="p">;</span> <span class="p">}</span> <span class="n">word</span><span class="p">[</span><span class="n">w</span><span class="o">++</span><span class="p">]</span> <span class="o">=</span> <span class="n">input</span><span class="p">[</span><span class="n">i</span><span class="o">++</span><span class="p">];</span> <span class="p">}</span> <span class="k">if</span> <span class="p">(</span><span class="n">w</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="n">word</span><span class="p">[</span><span class="n">w</span><span class="p">]</span> <span class="o">=</span> <span class="sc">'\0'</span><span class="p">;</span> <span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">type</span> <span class="o">=</span> <span class="n">TOKEN_WORD</span><span class="p">;</span> <span class="n">strncpy</span><span class="p">(</span><span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">value</span><span class="p">,</span> <span class="n">word</span><span class="p">,</span> <span class="n">MAX_INPUT</span> <span class="o">-</span> <span class="mi">1</span><span class="p">);</span> <span class="n">t</span><span class="o">++</span><span class="p">;</span> <span class="p">}</span> <span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">type</span> <span class="o">=</span> <span class="n">TOKEN_EOF</span><span class="p">;</span> <span class="n">tokens</span><span class="p">[</span><span class="n">t</span><span class="p">].</span><span class="n">value</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">=</span> <span class="sc">'\0'</span><span class="p">;</span> <span class="n">t</span><span class="o">++</span><span class="p">;</span> <span class="k">return</span> <span class="n">t</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Why separate lexer from the parser?<br> While designing, i learned about splitting responsibilities.</p> <p>The lexer only cares about about the character or sequence. It knows nothing about a valid structure. That is the parser's problem.</p> <p>The parser inquires about what the token or sequence mean and not about the raw characters.</p> <p>If you combine them into one function you get something complex and hard to test. Separate them and each is small enough to hold in your head at once. I can test the lexer by printing its output before the parser ever runs.</p> cli linux programming c I wrote 1 byte to a 10GB file and used almost no disk space Sandesh Ojha Sun, 19 Apr 2026 14:03:05 +0000 https://dev.to/sandeshojha/i-wrote-1-byte-to-a-10gb-file-and-used-almost-no-disk-space-cf3 https://dev.to/sandeshojha/i-wrote-1-byte-to-a-10gb-file-and-used-almost-no-disk-space-cf3 <p>I used to think of a file as a solid block of data. 10GB file, 10GB on disk. That's just something you'd normally assume, right?<br> I was wrong.<br> I'm a CS student currently going deep on systems programming — reading TLPI, writing C daily, learning how the OS actually works under the hood. This week I was working through file I/O and had one of those moments where something you thought you understood turns out to be completely different one level down.<br> You can seek past the end of a file and write there. The filesystem won't fill the gap with real data. It just remembers that the gap exists.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="cp">#include</span> <span class="cpf">&lt;fcntl.h&gt;</span><span class="cp"> #include</span> <span class="cpf">&lt;unistd.h&gt;</span><span class="cp"> #include</span> <span class="cpf">&lt;stdio.h&gt;</span><span class="cp"> #include</span> <span class="cpf">&lt;stdlib.h&gt;</span><span class="cp"> </span> <span class="kt">int</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span> <span class="kt">int</span> <span class="n">fd</span> <span class="o">=</span> <span class="n">open</span><span class="p">(</span><span class="s">"huge_file"</span><span class="p">,</span> <span class="n">O_WRONLY</span> <span class="o">|</span> <span class="n">O_CREAT</span> <span class="o">|</span> <span class="n">O_TRUNC</span><span class="p">,</span> <span class="mo">0644</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">fd</span> <span class="o">==</span> <span class="o">-</span><span class="mi">1</span><span class="p">)</span> <span class="p">{</span> <span class="n">perror</span><span class="p">(</span><span class="s">"open"</span><span class="p">);</span> <span class="n">exit</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// seek to the 10GB mark without writing anything</span> <span class="k">if</span> <span class="p">(</span><span class="n">lseek</span><span class="p">(</span><span class="n">fd</span><span class="p">,</span> <span class="mi">10LL</span> <span class="o">*</span> <span class="mi">1024</span> <span class="o">*</span> <span class="mi">1024</span> <span class="o">*</span> <span class="mi">1024</span><span class="p">,</span> <span class="n">SEEK_SET</span><span class="p">)</span> <span class="o">==</span> <span class="o">-</span><span class="mi">1</span><span class="p">)</span> <span class="p">{</span> <span class="n">perror</span><span class="p">(</span><span class="s">"lseek"</span><span class="p">);</span> <span class="n">exit</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// write exactly one byte</span> <span class="k">if</span> <span class="p">(</span><span class="n">write</span><span class="p">(</span><span class="n">fd</span><span class="p">,</span> <span class="s">"X"</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="o">==</span> <span class="o">-</span><span class="mi">1</span><span class="p">)</span> <span class="p">{</span> <span class="n">perror</span><span class="p">(</span><span class="s">"write"</span><span class="p">);</span> <span class="n">exit</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span> <span class="p">}</span> <span class="n">close</span><span class="p">(</span><span class="n">fd</span><span class="p">);</span> <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Run this and check the file two different ways:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">ls</span> <span class="nt">-lh</span> huge_file <span class="c"># 10G</span> <span class="nb">du</span> <span class="nt">-h</span> huge_file <span class="c"># 4.0K</span> </code></pre> </div> <p>The file reports 10GB in size. It uses 4KB of actual disk. Both numbers are telling the truth.<br> ls -lh shows the logical size — where the last byte lives relative to the start of the file. The filesystem knows the file is 10GB in the sense that if you read from byte 0, you'll eventually reach byte 10GB.<br> du -h shows allocated blocks — the physical disk space actually consumed. There's one 4KB block holding your single X. Everything before it is a hole: a range of offsets the filesystem tracks in metadata without backing it with real storage. Reading from a hole returns zero bytes. No disk access needed — there's nothing to read.</p> <p>This isn't just a curiosity. It's the mechanism behind tools you use every day.<br> When you create a virtual machine in VirtualBox or QEMU and tell it "this VM gets a 100GB disk," you're not consuming 100GB immediately. The disk image is a sparse file. It grows as the VM writes data. The "100GB" is just a ceiling.<br> Docker layers work on the same idea — copy-on-write means a layer only allocates blocks when data actually changes. Database engines use sparse files for pre-allocated tables that fill in over time without ever needing to write zeros to reserve space.</p> <p>The thing that stuck with me isn't the trick itself. It's what it reveals about how the filesystem actually thinks.<br> A file isn't a sequence of bytes on disk. It's a mapping from logical offsets to physical blocks — and some offsets don't map to anything. The OS constructs the illusion of a contiguous sequence on demand.<br> Once you see that, other things start clicking too. Why copying a sparse file with plain cp can suddenly consume far more disk than the original — it materializes the holes. Why rsync has a --sparse flag. Why checking disk usage with ls alone will mislead you.<br> Systems programming keeps doing this to me. I think I understand something, and then one level lower the actual mechanism is completely different from the abstraction I was using. The abstraction is useful. But knowing what's underneath makes you a better engineer, not just someone who knows how to use the tools.</p> c linux systems beginners