Compare commits

..

No commits in common. "534516b8a9c7e5df7d22c4620f0b39a77dc671ec" and "d56031146b0075bde20804a4c65593ea4a80f48b" have entirely different histories.

2 changed files with 36 additions and 181 deletions

View File

@ -17,8 +17,8 @@ cover: ./cover.png
This is a blog post version of a talk I presented at both Ubuntu Summit 2022 and This is a blog post version of a talk I presented at both Ubuntu Summit 2022 and
SouthEast LinuxFest 2023. The first was not recorded, but the second was and is SouthEast LinuxFest 2023. The first was not recorded, but the second was and is
on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible audio, on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible, but
but there's unfortunately nothing I can do about that. there's unfortunately nothing I can do about that.
[selfpeertube]: https://peertube.linuxrocks.online/w/hjiTPHVwGz4hy9n3cUL1mq?start=1m [selfpeertube]: https://peertube.linuxrocks.online/w/hjiTPHVwGz4hy9n3cUL1mq?start=1m
@ -40,81 +40,50 @@ as soon as there's an installable release.
- **Isolation:** we don't want an attacker to get into our webserver and be able - **Isolation:** we don't want an attacker to get into our webserver and be able
to gain access to our email server to gain access to our email server
- **Flexibility:** <abbr title="Virtual Machines">VMs</abbr> and containers only - **Flexibility:** <abbr title="Virtual Machines">VMs</abbr> and containers only
use the resources they've been given. If you tell the VM it has 200 MBs of use the resources they've been given
RAM, it's going to make do with 200 MBs of RAM and the kernel's <abbr
title="Out Of Memory">OOM</abbr> killer is going to have a fun time 🤠
- **Portability:** once set up and configured, VMs and containers can mostly be - **Portability:** once set up and configured, VMs and containers can mostly be
treated as black boxes; as long as the surrounding environment is similar to treated as black boxes; as long as the surrounding environment is similar to
the previous in terms of communication, they can just be picked up and dropped the previous in terms of communication, they can just be picked up and dropped
to various machines and hosts as necessary. on bare metal servers as necessary.
- **Density:** applications are usually much lighter than the systems they're - **Density:**
running on, so it makes sense to run many applications on one system. VMs and - **Cleanliness:**
containers facilitate that without sacrificing security.
- **Cleanliness:** VMs and containers are black boxes. When you're done with it,
you can just throw the box in the trash (delete it) and everything related to
that application is gone.
## Virtual machines ## Virtual machines
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true} ```goat
title: |md .---------------------------------.
# Virtual machines | .-------. .-------. .-------. |
| { near: top-center } | | Guest | | Guest | | Guest | |
| | OS | | OS | | OS | |
direction: up | .---+---' .---+---' .---+---' |
| .--+----. .--+----. .--+----. |
k1: Guest kernel | | Guest | | Guest | | Guest | |
k2: Guest kernel | | Kernel | | Kernel | | Kernel | |
k3: Guest kernel | .---+---' .---+---' .---+---' |
os1: Guest OS | .--+----------+----------+----. |
os2: Guest OS | | Hypervisor | |
os3: Guest OS | .--------------+--------------' |
app1: Many apps | .-------------+---------------. |
app2: Many apps | | Host Kernel | |
app3: Many apps | .-----------------------------' |
.---------------------------------'
Host kernel -> Hypervisor
Hypervisor -> k1 -> os1 -> app1
Hypervisor -> k2 -> os2 -> app2
Hypervisor -> k3 -> os3 -> app3
``` ```
## Containers ## Containers
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true} ```goat
title: |md Application containers System containers
# Application containers .---------------------------------. .------------------------------.
| { near: top-center } | .-------. .-------. .-------. | | .------. .------. .------. |
| | App 01 | | App 02 | | App 03 | | | | Guest | | Guest | | Guest | |
direction: up | '---+---' '---+---' '---+---' | | | OS | | OS | | OS | |
| .--+----------+----------+----. | | '---+--' '---+--' '---+--' |
app1: App | | Hypervisor | | | .--+---------+---------+---. |
app2: App | '--------------+--------------' | | | Host Kernel | |
app3: App | .-------------+---------------. | | '--------------------------' |
| | Host Kernel | | '------------------------------'
Host kernel -> Hypervisor | '-----------------------------' |
Hypervisor -> app1 '---------------------------------'
Hypervisor -> app2
Hypervisor -> app3
```
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
title: |md
# System containers
| { near: top-center }
direction: up
os1: Guest OS
os2: Guest OS
os3: Guest OS
app1: Many apps
app2: Many apps
app3: Many apps
Host kernel -> os1 -> app1
Host kernel -> os2 -> app2
Host kernel -> os3 -> app3
``` ```
## When to use which ## When to use which

View File

@ -1,114 +0,0 @@
{{- /* Last modified: 2023-06-30T12:24:14-07:00 */}}
{{- /*
Copyright 2023 Veriphor LLC
Licensed under the Apache License, Version 2.0 (the "License"); you may not
use this file except in compliance with the License. You may obtain a copy of
the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations under
the License.
*/}}
{{- /*
Renders an SVG image of a diagram from a textual description using the Kroki service.
References:
- https://kroki.io/
- https://kroki.io/#examples
@context {map} Attributes The markdown attributes from the info string.
@context {string} Inner The content between the leading and trailing code fences, excluding the info string.
@context {map} Options The highlighting options from the info string.
@context {int} Ordinal The zero-based ordinal of the code block on the page.
@context {page} Page A reference to the page containing the code block.
@context {text.Position} Position The position of the code block within the page content.
@context {string} Type The first word of the info string.
@param {string} Attributes.type The type of diagram to render
@returns {template.html}
*/}}
{{- /* Initialize. */}}
{{- $renderHookName := "kroki" }}
{{- /* Verify minimum required version. */}}
{{- $minHugoVersion := "0.114.0" }}
{{- if lt hugo.Version $minHugoVersion }}
{{- errorf "The %q code block render hook requires Hugo v%s or later." $renderHookName $minHugoVersion }}
{{- end }}
{{- /* Get context. */}}
{{- $attrs := .Attributes }}
{{- $inner := trim .Inner "\n\r" }}
{{- $ordinal := .Ordinal }}
{{- $position := .Position }}
{{- /* Initialize. */}}
{{- $apiEndpoint := "https://kroki.io/" }}
{{- $diagramType := $attrs.type | lower }}
{{- /* Validate diagram type. */}}
{{- $supportedTypes := slice
"actdiag" "blockdiag" "bpmn" "bytefield" "ditaa" "d2" "dbml" "erd" "graphviz"
"mermaid" "nomnoml" "nwdiag" "packetdiag" "pikchr" "plantuml" "rackdiag"
"seqdiag" "structurizr" "svgbob" "umlet" "vega" "vegalite" "wavedrom"
"wireviz"
}}
{{- $typesDelimited := delimit $supportedTypes ", " ", and " }}
{{- if not (in $supportedTypes $diagramType) }}
{{- errorf "The %q code block render hook does not support diagram type %q. Valid types are %s. See %s" $renderHookName $attrs.type $typesDelimited $position }}
{{- end }}
{{- /* Determine class attribute. */}}
{{- $class := printf "diagram diagram-kroki diagram-kroki-%s" $diagramType }}
{{- with $attrs.class }}
{{- $class = printf "%s %s" $class . }}
{{- end }}
{{- /* Determine id attribute. */}}
{{- $id := printf "h-rh-cb-kroki-%d" $ordinal }}
{{- with $attrs.id }}
{{- $id = . }}
{{- end }}
{{- /* Merge class and id attributes. */}}
{{- $attrs = merge $attrs (dict "class" $class "id" $id "alt" "diagram") }}
{{- $diagram_opts := dict "theme" $attrs.d2theme }}
{{- if $attrs.d2sketch }}
{{- $diagram_opts = merge $diagram_opts (dict "sketch" "") }}
{{- end }}
{{- /* Get diagram. */}}
{{- $body := dict "diagram_source" $inner "diagram_type" $diagramType "output_format" "SVG" "diagram_options" $diagram_opts | jsonify }}
{{- $opts := dict "method" "post" "body" $body }}
{{- with resources.GetRemote $apiEndpoint $opts }}
{{- with .Err }}
{{- errorf "The %q code block render hook was unable to get the remote diagram. See %s. %s" $renderHookName $position . }}
{{- else }}
{{- $attrs = merge $attrs (dict "src" .RelPermalink) }}
{{- end }}
{{- else }}
{{- errorf "The %q code block render hook was unable to get the remote diagram. See %s" $renderHookName $position }}
{{- end }}
{{- /* Render. */}}
<img
{{- range $k, $v := $attrs }}
{{- if not (eq $k "type") }}
{{- if $v }}
{{- printf " %s=%q" $k (string $v) | safeHTMLAttr }}
{{- end }}
{{- end }}
{{- end -}}
>
{{- /**/ -}}