Compare commits
2 Commits
d56031146b
...
534516b8a9
| Author | SHA1 | Date |
|---|---|---|
 Amolith
|
534516b8a9
|
|
|
Amolith
|
5db46fda6e
|
|
|
@ -17,8 +17,8 @@ cover: ./cover.png
|
|||
|
||||
This is a blog post version of a talk I presented at both Ubuntu Summit 2022 and
|
||||
SouthEast LinuxFest 2023. The first was not recorded, but the second was and is
|
||||
on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible, but
|
||||
there's unfortunately nothing I can do about that.
|
||||
on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible audio,
|
||||
but there's unfortunately nothing I can do about that.
|
||||
|
||||
[selfpeertube]: https://peertube.linuxrocks.online/w/hjiTPHVwGz4hy9n3cUL1mq?start=1m
|
||||
|
||||
|
|
@ -40,50 +40,81 @@ as soon as there's an installable release.
|
|||
- **Isolation:** we don't want an attacker to get into our webserver and be able
|
||||
to gain access to our email server
|
||||
- **Flexibility:** <abbr title="Virtual Machines">VMs</abbr> and containers only
|
||||
use the resources they've been given
|
||||
use the resources they've been given. If you tell the VM it has 200 MBs of
|
||||
RAM, it's going to make do with 200 MBs of RAM and the kernel's <abbr
|
||||
title="Out Of Memory">OOM</abbr> killer is going to have a fun time 🤠
|
||||
- **Portability:** once set up and configured, VMs and containers can mostly be
|
||||
treated as black boxes; as long as the surrounding environment is similar to
|
||||
the previous in terms of communication, they can just be picked up and dropped
|
||||
on bare metal servers as necessary.
|
||||
- **Density:**
|
||||
- **Cleanliness:**
|
||||
to various machines and hosts as necessary.
|
||||
- **Density:** applications are usually much lighter than the systems they're
|
||||
running on, so it makes sense to run many applications on one system. VMs and
|
||||
containers facilitate that without sacrificing security.
|
||||
- **Cleanliness:** VMs and containers are black boxes. When you're done with it,
|
||||
you can just throw the box in the trash (delete it) and everything related to
|
||||
that application is gone.
|
||||
|
||||
## Virtual machines
|
||||
|
||||
```goat
|
||||
.---------------------------------.
|
||||
| .-------. .-------. .-------. |
|
||||
| | Guest | | Guest | | Guest | |
|
||||
| | OS | | OS | | OS | |
|
||||
| .---+---' .---+---' .---+---' |
|
||||
| .--+----. .--+----. .--+----. |
|
||||
| | Guest | | Guest | | Guest | |
|
||||
| | Kernel | | Kernel | | Kernel | |
|
||||
| .---+---' .---+---' .---+---' |
|
||||
| .--+----------+----------+----. |
|
||||
| | Hypervisor | |
|
||||
| .--------------+--------------' |
|
||||
| .-------------+---------------. |
|
||||
| | Host Kernel | |
|
||||
| .-----------------------------' |
|
||||
.---------------------------------'
|
||||
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
|
||||
title: |md
|
||||
# Virtual machines
|
||||
| { near: top-center }
|
||||
|
||||
direction: up
|
||||
|
||||
k1: Guest kernel
|
||||
k2: Guest kernel
|
||||
k3: Guest kernel
|
||||
os1: Guest OS
|
||||
os2: Guest OS
|
||||
os3: Guest OS
|
||||
app1: Many apps
|
||||
app2: Many apps
|
||||
app3: Many apps
|
||||
|
||||
Host kernel -> Hypervisor
|
||||
Hypervisor -> k1 -> os1 -> app1
|
||||
Hypervisor -> k2 -> os2 -> app2
|
||||
Hypervisor -> k3 -> os3 -> app3
|
||||
```
|
||||
|
||||
## Containers
|
||||
|
||||
```goat
|
||||
Application containers System containers
|
||||
.---------------------------------. .------------------------------.
|
||||
| .-------. .-------. .-------. | | .------. .------. .------. |
|
||||
| | App 01 | | App 02 | | App 03 | | | | Guest | | Guest | | Guest | |
|
||||
| '---+---' '---+---' '---+---' | | | OS | | OS | | OS | |
|
||||
| .--+----------+----------+----. | | '---+--' '---+--' '---+--' |
|
||||
| | Hypervisor | | | .--+---------+---------+---. |
|
||||
| '--------------+--------------' | | | Host Kernel | |
|
||||
| .-------------+---------------. | | '--------------------------' |
|
||||
| | Host Kernel | | '------------------------------'
|
||||
| '-----------------------------' |
|
||||
'---------------------------------'
|
||||
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
|
||||
title: |md
|
||||
# Application containers
|
||||
| { near: top-center }
|
||||
|
||||
direction: up
|
||||
|
||||
app1: App
|
||||
app2: App
|
||||
app3: App
|
||||
|
||||
Host kernel -> Hypervisor
|
||||
Hypervisor -> app1
|
||||
Hypervisor -> app2
|
||||
Hypervisor -> app3
|
||||
```
|
||||
|
||||
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
|
||||
title: |md
|
||||
# System containers
|
||||
| { near: top-center }
|
||||
|
||||
direction: up
|
||||
|
||||
os1: Guest OS
|
||||
os2: Guest OS
|
||||
os3: Guest OS
|
||||
app1: Many apps
|
||||
app2: Many apps
|
||||
app3: Many apps
|
||||
|
||||
Host kernel -> os1 -> app1
|
||||
Host kernel -> os2 -> app2
|
||||
Host kernel -> os3 -> app3
|
||||
```
|
||||
|
||||
## When to use which
|
||||
|
|
|
|||
|
|
@ -0,0 +1,114 @@
|
|||
{{- /* Last modified: 2023-06-30T12:24:14-07:00 */}}
|
||||
|
||||
{{- /*
|
||||
Copyright 2023 Veriphor LLC
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
use this file except in compliance with the License. You may obtain a copy of
|
||||
the License at
|
||||
|
||||
https://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations under
|
||||
the License.
|
||||
*/}}
|
||||
|
||||
{{- /*
|
||||
Renders an SVG image of a diagram from a textual description using the Kroki service.
|
||||
|
||||
References:
|
||||
|
||||
- https://kroki.io/
|
||||
- https://kroki.io/#examples
|
||||
|
||||
@context {map} Attributes The markdown attributes from the info string.
|
||||
@context {string} Inner The content between the leading and trailing code fences, excluding the info string.
|
||||
@context {map} Options The highlighting options from the info string.
|
||||
@context {int} Ordinal The zero-based ordinal of the code block on the page.
|
||||
@context {page} Page A reference to the page containing the code block.
|
||||
@context {text.Position} Position The position of the code block within the page content.
|
||||
@context {string} Type The first word of the info string.
|
||||
|
||||
@param {string} Attributes.type The type of diagram to render
|
||||
|
||||
@returns {template.html}
|
||||
*/}}
|
||||
|
||||
{{- /* Initialize. */}}
|
||||
{{- $renderHookName := "kroki" }}
|
||||
|
||||
{{- /* Verify minimum required version. */}}
|
||||
{{- $minHugoVersion := "0.114.0" }}
|
||||
{{- if lt hugo.Version $minHugoVersion }}
|
||||
{{- errorf "The %q code block render hook requires Hugo v%s or later." $renderHookName $minHugoVersion }}
|
||||
{{- end }}
|
||||
|
||||
{{- /* Get context. */}}
|
||||
{{- $attrs := .Attributes }}
|
||||
{{- $inner := trim .Inner "\n\r" }}
|
||||
{{- $ordinal := .Ordinal }}
|
||||
{{- $position := .Position }}
|
||||
|
||||
{{- /* Initialize. */}}
|
||||
{{- $apiEndpoint := "https://kroki.io/" }}
|
||||
{{- $diagramType := $attrs.type | lower }}
|
||||
|
||||
{{- /* Validate diagram type. */}}
|
||||
{{- $supportedTypes := slice
|
||||
"actdiag" "blockdiag" "bpmn" "bytefield" "ditaa" "d2" "dbml" "erd" "graphviz"
|
||||
"mermaid" "nomnoml" "nwdiag" "packetdiag" "pikchr" "plantuml" "rackdiag"
|
||||
"seqdiag" "structurizr" "svgbob" "umlet" "vega" "vegalite" "wavedrom"
|
||||
"wireviz"
|
||||
}}
|
||||
{{- $typesDelimited := delimit $supportedTypes ", " ", and " }}
|
||||
{{- if not (in $supportedTypes $diagramType) }}
|
||||
{{- errorf "The %q code block render hook does not support diagram type %q. Valid types are %s. See %s" $renderHookName $attrs.type $typesDelimited $position }}
|
||||
{{- end }}
|
||||
|
||||
{{- /* Determine class attribute. */}}
|
||||
{{- $class := printf "diagram diagram-kroki diagram-kroki-%s" $diagramType }}
|
||||
{{- with $attrs.class }}
|
||||
{{- $class = printf "%s %s" $class . }}
|
||||
{{- end }}
|
||||
|
||||
{{- /* Determine id attribute. */}}
|
||||
{{- $id := printf "h-rh-cb-kroki-%d" $ordinal }}
|
||||
{{- with $attrs.id }}
|
||||
{{- $id = . }}
|
||||
{{- end }}
|
||||
|
||||
{{- /* Merge class and id attributes. */}}
|
||||
{{- $attrs = merge $attrs (dict "class" $class "id" $id "alt" "diagram") }}
|
||||
|
||||
{{- $diagram_opts := dict "theme" $attrs.d2theme }}
|
||||
{{- if $attrs.d2sketch }}
|
||||
{{- $diagram_opts = merge $diagram_opts (dict "sketch" "") }}
|
||||
{{- end }}
|
||||
|
||||
{{- /* Get diagram. */}}
|
||||
{{- $body := dict "diagram_source" $inner "diagram_type" $diagramType "output_format" "SVG" "diagram_options" $diagram_opts | jsonify }}
|
||||
{{- $opts := dict "method" "post" "body" $body }}
|
||||
{{- with resources.GetRemote $apiEndpoint $opts }}
|
||||
{{- with .Err }}
|
||||
{{- errorf "The %q code block render hook was unable to get the remote diagram. See %s. %s" $renderHookName $position . }}
|
||||
{{- else }}
|
||||
{{- $attrs = merge $attrs (dict "src" .RelPermalink) }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
{{- errorf "The %q code block render hook was unable to get the remote diagram. See %s" $renderHookName $position }}
|
||||
{{- end }}
|
||||
|
||||
{{- /* Render. */}}
|
||||
<img
|
||||
{{- range $k, $v := $attrs }}
|
||||
{{- if not (eq $k "type") }}
|
||||
{{- if $v }}
|
||||
{{- printf " %s=%q" $k (string $v) | safeHTMLAttr }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
>
|
||||
{{- /**/ -}}
|
||||
Loading…
Reference in New Issue