Compare commits
No commits in common. "534516b8a9c7e5df7d22c4620f0b39a77dc671ec" and "d56031146b0075bde20804a4c65593ea4a80f48b" have entirely different histories.
534516b8a9
...
d56031146b
|
@ -17,8 +17,8 @@ cover: ./cover.png
|
||||||
|
|
||||||
This is a blog post version of a talk I presented at both Ubuntu Summit 2022 and
|
This is a blog post version of a talk I presented at both Ubuntu Summit 2022 and
|
||||||
SouthEast LinuxFest 2023. The first was not recorded, but the second was and is
|
SouthEast LinuxFest 2023. The first was not recorded, but the second was and is
|
||||||
on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible audio,
|
on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible, but
|
||||||
but there's unfortunately nothing I can do about that.
|
there's unfortunately nothing I can do about that.
|
||||||
|
|
||||||
[selfpeertube]: https://peertube.linuxrocks.online/w/hjiTPHVwGz4hy9n3cUL1mq?start=1m
|
[selfpeertube]: https://peertube.linuxrocks.online/w/hjiTPHVwGz4hy9n3cUL1mq?start=1m
|
||||||
|
|
||||||
|
@ -40,81 +40,50 @@ as soon as there's an installable release.
|
||||||
- **Isolation:** we don't want an attacker to get into our webserver and be able
|
- **Isolation:** we don't want an attacker to get into our webserver and be able
|
||||||
to gain access to our email server
|
to gain access to our email server
|
||||||
- **Flexibility:** <abbr title="Virtual Machines">VMs</abbr> and containers only
|
- **Flexibility:** <abbr title="Virtual Machines">VMs</abbr> and containers only
|
||||||
use the resources they've been given. If you tell the VM it has 200 MBs of
|
use the resources they've been given
|
||||||
RAM, it's going to make do with 200 MBs of RAM and the kernel's <abbr
|
|
||||||
title="Out Of Memory">OOM</abbr> killer is going to have a fun time 🤠
|
|
||||||
- **Portability:** once set up and configured, VMs and containers can mostly be
|
- **Portability:** once set up and configured, VMs and containers can mostly be
|
||||||
treated as black boxes; as long as the surrounding environment is similar to
|
treated as black boxes; as long as the surrounding environment is similar to
|
||||||
the previous in terms of communication, they can just be picked up and dropped
|
the previous in terms of communication, they can just be picked up and dropped
|
||||||
to various machines and hosts as necessary.
|
on bare metal servers as necessary.
|
||||||
- **Density:** applications are usually much lighter than the systems they're
|
- **Density:**
|
||||||
running on, so it makes sense to run many applications on one system. VMs and
|
- **Cleanliness:**
|
||||||
containers facilitate that without sacrificing security.
|
|
||||||
- **Cleanliness:** VMs and containers are black boxes. When you're done with it,
|
|
||||||
you can just throw the box in the trash (delete it) and everything related to
|
|
||||||
that application is gone.
|
|
||||||
|
|
||||||
## Virtual machines
|
## Virtual machines
|
||||||
|
|
||||||
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
|
```goat
|
||||||
title: |md
|
.---------------------------------.
|
||||||
# Virtual machines
|
| .-------. .-------. .-------. |
|
||||||
| { near: top-center }
|
| | Guest | | Guest | | Guest | |
|
||||||
|
| | OS | | OS | | OS | |
|
||||||
direction: up
|
| .---+---' .---+---' .---+---' |
|
||||||
|
| .--+----. .--+----. .--+----. |
|
||||||
k1: Guest kernel
|
| | Guest | | Guest | | Guest | |
|
||||||
k2: Guest kernel
|
| | Kernel | | Kernel | | Kernel | |
|
||||||
k3: Guest kernel
|
| .---+---' .---+---' .---+---' |
|
||||||
os1: Guest OS
|
| .--+----------+----------+----. |
|
||||||
os2: Guest OS
|
| | Hypervisor | |
|
||||||
os3: Guest OS
|
| .--------------+--------------' |
|
||||||
app1: Many apps
|
| .-------------+---------------. |
|
||||||
app2: Many apps
|
| | Host Kernel | |
|
||||||
app3: Many apps
|
| .-----------------------------' |
|
||||||
|
.---------------------------------'
|
||||||
Host kernel -> Hypervisor
|
|
||||||
Hypervisor -> k1 -> os1 -> app1
|
|
||||||
Hypervisor -> k2 -> os2 -> app2
|
|
||||||
Hypervisor -> k3 -> os3 -> app3
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Containers
|
## Containers
|
||||||
|
|
||||||
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
|
```goat
|
||||||
title: |md
|
Application containers System containers
|
||||||
# Application containers
|
.---------------------------------. .------------------------------.
|
||||||
| { near: top-center }
|
| .-------. .-------. .-------. | | .------. .------. .------. |
|
||||||
|
| | App 01 | | App 02 | | App 03 | | | | Guest | | Guest | | Guest | |
|
||||||
direction: up
|
| '---+---' '---+---' '---+---' | | | OS | | OS | | OS | |
|
||||||
|
| .--+----------+----------+----. | | '---+--' '---+--' '---+--' |
|
||||||
app1: App
|
| | Hypervisor | | | .--+---------+---------+---. |
|
||||||
app2: App
|
| '--------------+--------------' | | | Host Kernel | |
|
||||||
app3: App
|
| .-------------+---------------. | | '--------------------------' |
|
||||||
|
| | Host Kernel | | '------------------------------'
|
||||||
Host kernel -> Hypervisor
|
| '-----------------------------' |
|
||||||
Hypervisor -> app1
|
'---------------------------------'
|
||||||
Hypervisor -> app2
|
|
||||||
Hypervisor -> app3
|
|
||||||
```
|
|
||||||
|
|
||||||
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
|
|
||||||
title: |md
|
|
||||||
# System containers
|
|
||||||
| { near: top-center }
|
|
||||||
|
|
||||||
direction: up
|
|
||||||
|
|
||||||
os1: Guest OS
|
|
||||||
os2: Guest OS
|
|
||||||
os3: Guest OS
|
|
||||||
app1: Many apps
|
|
||||||
app2: Many apps
|
|
||||||
app3: Many apps
|
|
||||||
|
|
||||||
Host kernel -> os1 -> app1
|
|
||||||
Host kernel -> os2 -> app2
|
|
||||||
Host kernel -> os3 -> app3
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## When to use which
|
## When to use which
|
||||||
|
|
|
@ -1,114 +0,0 @@
|
||||||
{{- /* Last modified: 2023-06-30T12:24:14-07:00 */}}
|
|
||||||
|
|
||||||
{{- /*
|
|
||||||
Copyright 2023 Veriphor LLC
|
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
|
||||||
use this file except in compliance with the License. You may obtain a copy of
|
|
||||||
the License at
|
|
||||||
|
|
||||||
https://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
|
||||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
License for the specific language governing permissions and limitations under
|
|
||||||
the License.
|
|
||||||
*/}}
|
|
||||||
|
|
||||||
{{- /*
|
|
||||||
Renders an SVG image of a diagram from a textual description using the Kroki service.
|
|
||||||
|
|
||||||
References:
|
|
||||||
|
|
||||||
- https://kroki.io/
|
|
||||||
- https://kroki.io/#examples
|
|
||||||
|
|
||||||
@context {map} Attributes The markdown attributes from the info string.
|
|
||||||
@context {string} Inner The content between the leading and trailing code fences, excluding the info string.
|
|
||||||
@context {map} Options The highlighting options from the info string.
|
|
||||||
@context {int} Ordinal The zero-based ordinal of the code block on the page.
|
|
||||||
@context {page} Page A reference to the page containing the code block.
|
|
||||||
@context {text.Position} Position The position of the code block within the page content.
|
|
||||||
@context {string} Type The first word of the info string.
|
|
||||||
|
|
||||||
@param {string} Attributes.type The type of diagram to render
|
|
||||||
|
|
||||||
@returns {template.html}
|
|
||||||
*/}}
|
|
||||||
|
|
||||||
{{- /* Initialize. */}}
|
|
||||||
{{- $renderHookName := "kroki" }}
|
|
||||||
|
|
||||||
{{- /* Verify minimum required version. */}}
|
|
||||||
{{- $minHugoVersion := "0.114.0" }}
|
|
||||||
{{- if lt hugo.Version $minHugoVersion }}
|
|
||||||
{{- errorf "The %q code block render hook requires Hugo v%s or later." $renderHookName $minHugoVersion }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- /* Get context. */}}
|
|
||||||
{{- $attrs := .Attributes }}
|
|
||||||
{{- $inner := trim .Inner "\n\r" }}
|
|
||||||
{{- $ordinal := .Ordinal }}
|
|
||||||
{{- $position := .Position }}
|
|
||||||
|
|
||||||
{{- /* Initialize. */}}
|
|
||||||
{{- $apiEndpoint := "https://kroki.io/" }}
|
|
||||||
{{- $diagramType := $attrs.type | lower }}
|
|
||||||
|
|
||||||
{{- /* Validate diagram type. */}}
|
|
||||||
{{- $supportedTypes := slice
|
|
||||||
"actdiag" "blockdiag" "bpmn" "bytefield" "ditaa" "d2" "dbml" "erd" "graphviz"
|
|
||||||
"mermaid" "nomnoml" "nwdiag" "packetdiag" "pikchr" "plantuml" "rackdiag"
|
|
||||||
"seqdiag" "structurizr" "svgbob" "umlet" "vega" "vegalite" "wavedrom"
|
|
||||||
"wireviz"
|
|
||||||
}}
|
|
||||||
{{- $typesDelimited := delimit $supportedTypes ", " ", and " }}
|
|
||||||
{{- if not (in $supportedTypes $diagramType) }}
|
|
||||||
{{- errorf "The %q code block render hook does not support diagram type %q. Valid types are %s. See %s" $renderHookName $attrs.type $typesDelimited $position }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- /* Determine class attribute. */}}
|
|
||||||
{{- $class := printf "diagram diagram-kroki diagram-kroki-%s" $diagramType }}
|
|
||||||
{{- with $attrs.class }}
|
|
||||||
{{- $class = printf "%s %s" $class . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- /* Determine id attribute. */}}
|
|
||||||
{{- $id := printf "h-rh-cb-kroki-%d" $ordinal }}
|
|
||||||
{{- with $attrs.id }}
|
|
||||||
{{- $id = . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- /* Merge class and id attributes. */}}
|
|
||||||
{{- $attrs = merge $attrs (dict "class" $class "id" $id "alt" "diagram") }}
|
|
||||||
|
|
||||||
{{- $diagram_opts := dict "theme" $attrs.d2theme }}
|
|
||||||
{{- if $attrs.d2sketch }}
|
|
||||||
{{- $diagram_opts = merge $diagram_opts (dict "sketch" "") }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- /* Get diagram. */}}
|
|
||||||
{{- $body := dict "diagram_source" $inner "diagram_type" $diagramType "output_format" "SVG" "diagram_options" $diagram_opts | jsonify }}
|
|
||||||
{{- $opts := dict "method" "post" "body" $body }}
|
|
||||||
{{- with resources.GetRemote $apiEndpoint $opts }}
|
|
||||||
{{- with .Err }}
|
|
||||||
{{- errorf "The %q code block render hook was unable to get the remote diagram. See %s. %s" $renderHookName $position . }}
|
|
||||||
{{- else }}
|
|
||||||
{{- $attrs = merge $attrs (dict "src" .RelPermalink) }}
|
|
||||||
{{- end }}
|
|
||||||
{{- else }}
|
|
||||||
{{- errorf "The %q code block render hook was unable to get the remote diagram. See %s" $renderHookName $position }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- /* Render. */}}
|
|
||||||
<img
|
|
||||||
{{- range $k, $v := $attrs }}
|
|
||||||
{{- if not (eq $k "type") }}
|
|
||||||
{{- if $v }}
|
|
||||||
{{- printf " %s=%q" $k (string $v) | safeHTMLAttr }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end -}}
|
|
||||||
>
|
|
||||||
{{- /**/ -}}
|
|
Loading…
Reference in New Issue