diff --git a/content/posts/lxd-containers-for-human-beings.md b/content/posts/lxd-containers-for-human-beings.md index 7b75639..2f60bfb 100644 --- a/content/posts/lxd-containers-for-human-beings.md +++ b/content/posts/lxd-containers-for-human-beings.md @@ -88,23 +88,17 @@ issue instructions to the CPU, etc. [vb]: https://www.virtualbox.org/ ```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true} -direction: up - hk: Host kernel -hk.1h: Type 1 hypervisor -k1: Guest kernel -k2: Guest kernel -k3: Guest kernel -os1: Guest OS -os2: Guest OS -os3: Guest OS -app1: Many apps -app2: Many apps -app3: Many apps - -app1 <- os1 <- k1 <- hk -app2 <- os2 <- k2 <- hk -app3 <- os3 <- k3 <- hk +hk.h: Type 1 hypervisor +hk.h.k1: Guest kernel +hk.h.k2: Guest kernel +hk.h.k3: Guest kernel +hk.h.k1.os1: Guest OS +hk.h.k2.os2: Guest OS +hk.h.k3.os3: Guest OS +hk.h.k1.os1.app1: Many apps +hk.h.k2.os2.app2: Many apps +hk.h.k3.os3.app3: Many apps ``` ### Type 2 hypervisors @@ -114,59 +108,58 @@ hypervisors have to first go through the operating system, adding an additional layer to the stack. ```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true} -direction: up - hk: Host kernel -os: Operating system -os.2h: Type 2 hypervisor -k1: Guest kernel -k2: Guest kernel -k3: Guest kernel -os1: Guest OS -os2: Guest OS -os3: Guest OS -app1: Many apps -app2: Many apps -app3: Many apps - -os <- hk -app1 <- os1 <- k1 <- os -app2 <- os2 <- k2 <- os -app3 <- os3 <- k3 <- os +hk.os: Host OS +hk.os.h: Type 2 hypervisor +hk.os.h.k1: Guest kernel +hk.os.h.k2: Guest kernel +hk.os.h.k3: Guest kernel +hk.os.h.k1.os1: Guest OS +hk.os.h.k2.os2: Guest OS +hk.os.h.k3.os3: Guest OS +hk.os.h.k1.os1.app1: Many apps +hk.os.h.k2.os2.app2: Many apps +hk.os.h.k3.os3.app3: Many apps ``` ## Containers +As most people know them right now, containers are exclusive to Linux.[^1] This is +because they use namespaces and cgroups to achieve isolation. + +- **[Linux namespaces]** partition kernel resources like process IDs, hostnames, + user IDs, directory hierarchies, network access, etc. +- **[Cgroups]** limit, track, and isolate the hardware resource use of a set of + processes + +[Linux namespaces]: https://en.wikipedia.org/wiki/Linux_namespaces +[Cgroups]: https://en.wikipedia.org/wiki/Cgroups + +### Application containers + ```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true} -title: |md - # Application containers -| { near: top-center } +Host kernel.Container runtime.c1: Container +Host kernel.Container runtime.c2: Container +Host kernel.Container runtime.c3: Container -direction: up - -Host kernel -> Hypervisor -Hypervisor -> One app -Hypervisor -> Few apps -Hypervisor -> Full OS -> Many apps +Host kernel.Container runtime.c1.One app +Host kernel.Container runtime.c2.Few apps +Host kernel.Container runtime.c3.Full OS.Many apps ``` +### System containers + ```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true} -title: |md - # System containers -| { near: top-center } - -direction: up - -os1: Full OS -os2: Full OS -os3: Full OS -app1: Many apps -app2: Many apps -app3: Many apps - -Host kernel -> os1 -> app1 -Host kernel -> os2 -> app2 -Host kernel -> os3 -> app3 +hk: Host kernel +hk.c1: Container +hk.c2: Container +hk.c3: Container +hk.c1.os1: Full OS +hk.c2.os2: Full OS +hk.c3.os3: Full OS +hk.c1.os1.app1: Many apps +hk.c2.os2.app2: Many apps +hk.c3.os3.app3: Many apps ``` ## When to use VMs @@ -200,10 +193,10 @@ See Drew DeVault's blog post [_In praise of qemu_](https://earl.run/rmBs) for a {{< adm type="note" >}} **Note:** the instructions below say to install LXD using [Snap.][snap] I -personally dislike Snap, but LXD is a Canonical product and Canonical is doing -their best to push Snap down everyone's throats ¯\\\_(ツ)\_/¯ One of the first -things the Incus project did was [rip out Snap support,][rsnap] and I can't wait -until they have proper `.deb`s 😁 +personally dislike Snap, but LXD is a Canonical product and they're doing their +best to prmote it as much as possible. One of the first things the Incus project +did was [rip out Snap support,][rsnap] so it will eventually be installable as a +proper native package. [snap]: https://en.wikipedia.org/wiki/Snap_(software) [rsnap]: https://github.com/lxc/incus/compare/9579f65cd0f215ecd847e8c1cea2ebe96c56be4a...3f64077a80e028bb92b491d42037124e9734d4c7 @@ -222,3 +215,5 @@ until they have proper `.deb`s 😁 ### Usage {install my URL shortener} + +[^1]: Docker containers on Windows and macOS actually run in a Linux VM.