Amolith
/
secluded
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

make progress on LXD post

This commit is contained in:
Amolith 2023-08-17 20:04:07 -06:00
parent 5db46fda6e
commit 534516b8a9
Signed by: Amolith
GPG Key ID: 8AE30347CE28D101
1 changed files with 67 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
content/posts/lxd-containers-for-human-beings.md
View File

@ -17,8 +17,8 @@ cover: ./cover.png
This is a blog post version of a talk I presented at both Ubuntu Summit 2022 and This is a blog post version of a talk I presented at both Ubuntu Summit 2022 and
SouthEast LinuxFest 2023. The first was not recorded, but the second was and is SouthEast LinuxFest 2023. The first was not recorded, but the second was and is
on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible, but on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible audio,
there's unfortunately nothing I can do about that. but there's unfortunately nothing I can do about that.
[selfpeertube]: https://peertube.linuxrocks.online/w/hjiTPHVwGz4hy9n3cUL1mq?start=1m [selfpeertube]: https://peertube.linuxrocks.online/w/hjiTPHVwGz4hy9n3cUL1mq?start=1m
@ -40,50 +40,81 @@ as soon as there's an installable release.
- **Isolation:** we don't want an attacker to get into our webserver and be able - **Isolation:** we don't want an attacker to get into our webserver and be able
to gain access to our email server to gain access to our email server
- **Flexibility:** <abbr title="Virtual Machines">VMs</abbr> and containers only - **Flexibility:** <abbr title="Virtual Machines">VMs</abbr> and containers only
use the resources they've been given use the resources they've been given. If you tell the VM it has 200 MBs of
RAM, it's going to make do with 200 MBs of RAM and the kernel's <abbr
title="Out Of Memory">OOM</abbr> killer is going to have a fun time 🤠
- **Portability:** once set up and configured, VMs and containers can mostly be - **Portability:** once set up and configured, VMs and containers can mostly be
treated as black boxes; as long as the surrounding environment is similar to treated as black boxes; as long as the surrounding environment is similar to
the previous in terms of communication, they can just be picked up and dropped the previous in terms of communication, they can just be picked up and dropped
on bare metal servers as necessary. to various machines and hosts as necessary.
- **Density:** - **Density:** applications are usually much lighter than the systems they're
- **Cleanliness:** running on, so it makes sense to run many applications on one system. VMs and
containers facilitate that without sacrificing security.
- **Cleanliness:** VMs and containers are black boxes. When you're done with it,
you can just throw the box in the trash (delete it) and everything related to
that application is gone.
## Virtual machines ## Virtual machines
```goat ```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
.---------------------------------. title: |md
| .-------. .-------. .-------. | # Virtual machines
| | Guest | | Guest | | Guest | | | { near: top-center }
| | OS | | OS | | OS | |
| .---+---' .---+---' .---+---' | direction: up
| .--+----. .--+----. .--+----. |
| | Guest | | Guest | | Guest | | k1: Guest kernel
| | Kernel | | Kernel | | Kernel | | k2: Guest kernel
| .---+---' .---+---' .---+---' | k3: Guest kernel
| .--+----------+----------+----. | os1: Guest OS
| | Hypervisor | | os2: Guest OS
| .--------------+--------------' | os3: Guest OS
| .-------------+---------------. | app1: Many apps
| | Host Kernel | | app2: Many apps
| .-----------------------------' | app3: Many apps
.---------------------------------'
Host kernel -> Hypervisor
Hypervisor -> k1 -> os1 -> app1
Hypervisor -> k2 -> os2 -> app2
Hypervisor -> k3 -> os3 -> app3
``` ```
## Containers ## Containers
```goat ```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
Application containers System containers title: |md
.---------------------------------. .------------------------------. # Application containers
| .-------. .-------. .-------. | | .------. .------. .------. | | { near: top-center }
| | App 01 | | App 02 | | App 03 | | | | Guest | | Guest | | Guest | |
| '---+---' '---+---' '---+---' | | | OS | | OS | | OS | | direction: up
| .--+----------+----------+----. | | '---+--' '---+--' '---+--' |
| | Hypervisor | | | .--+---------+---------+---. | app1: App
| '--------------+--------------' | | | Host Kernel | | app2: App
| .-------------+---------------. | | '--------------------------' | app3: App
| | Host Kernel | | '------------------------------'
| '-----------------------------' | Host kernel -> Hypervisor
'---------------------------------' Hypervisor -> app1
Hypervisor -> app2
Hypervisor -> app3
```
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
title: |md
# System containers
| { near: top-center }
direction: up
os1: Guest OS
os2: Guest OS
os3: Guest OS
app1: Many apps
app2: Many apps
app3: Many apps
Host kernel -> os1 -> app1
Host kernel -> os2 -> app2
Host kernel -> os3 -> app3
``` ```
## When to use which ## When to use which