@@ -88,23 +88,17 @@ issue instructions to the CPU, etc.
[vb]: https://www.virtualbox.org/
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
-direction: up
-
hk: Host kernel
-hk.1h: Type 1 hypervisor
-k1: Guest kernel
-k2: Guest kernel
-k3: Guest kernel
-os1: Guest OS
-os2: Guest OS
-os3: Guest OS
-app1: Many apps
-app2: Many apps
-app3: Many apps
-
-app1 <- os1 <- k1 <- hk
-app2 <- os2 <- k2 <- hk
-app3 <- os3 <- k3 <- hk
+hk.h: Type 1 hypervisor
+hk.h.k1: Guest kernel
+hk.h.k2: Guest kernel
+hk.h.k3: Guest kernel
+hk.h.k1.os1: Guest OS
+hk.h.k2.os2: Guest OS
+hk.h.k3.os3: Guest OS
+hk.h.k1.os1.app1: Many apps
+hk.h.k2.os2.app2: Many apps
+hk.h.k3.os3.app3: Many apps
```
### Type 2 hypervisors
@@ -114,59 +108,58 @@ hypervisors have to first go through the operating system, adding an additional
layer to the stack.
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
-direction: up
-
hk: Host kernel
-os: Operating system
-os.2h: Type 2 hypervisor
-k1: Guest kernel
-k2: Guest kernel
-k3: Guest kernel
-os1: Guest OS
-os2: Guest OS
-os3: Guest OS
-app1: Many apps
-app2: Many apps
-app3: Many apps
-
-os <- hk
-app1 <- os1 <- k1 <- os
-app2 <- os2 <- k2 <- os
-app3 <- os3 <- k3 <- os
+hk.os: Host OS
+hk.os.h: Type 2 hypervisor
+hk.os.h.k1: Guest kernel
+hk.os.h.k2: Guest kernel
+hk.os.h.k3: Guest kernel
+hk.os.h.k1.os1: Guest OS
+hk.os.h.k2.os2: Guest OS
+hk.os.h.k3.os3: Guest OS
+hk.os.h.k1.os1.app1: Many apps
+hk.os.h.k2.os2.app2: Many apps
+hk.os.h.k3.os3.app3: Many apps
```
## Containers
-```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
-title: |md
- # Application containers
-| { near: top-center }
+As most people know them right now, containers are exclusive to Linux.[^1] This is
+because they use namespaces and cgroups to achieve isolation.
-direction: up
+- **[Linux namespaces]** partition kernel resources like process IDs, hostnames,
+ user IDs, directory hierarchies, network access, etc.
+- **[Cgroups]** limit, track, and isolate the hardware resource use of a set of
+ processes
-Host kernel -> Hypervisor
-Hypervisor -> One app
-Hypervisor -> Few apps
-Hypervisor -> Full OS -> Many apps
+[Linux namespaces]: https://en.wikipedia.org/wiki/Linux_namespaces
+[Cgroups]: https://en.wikipedia.org/wiki/Cgroups
+
+### Application containers
+
+```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
+Host kernel.Container runtime.c1: Container
+Host kernel.Container runtime.c2: Container
+Host kernel.Container runtime.c3: Container
+
+Host kernel.Container runtime.c1.One app
+Host kernel.Container runtime.c2.Few apps
+Host kernel.Container runtime.c3.Full OS.Many apps
```
+### System containers
+
```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
-title: |md
- # System containers
-| { near: top-center }
-
-direction: up
-
-os1: Full OS
-os2: Full OS
-os3: Full OS
-app1: Many apps
-app2: Many apps
-app3: Many apps
-
-Host kernel -> os1 -> app1
-Host kernel -> os2 -> app2
-Host kernel -> os3 -> app3
+hk: Host kernel
+hk.c1: Container
+hk.c2: Container
+hk.c3: Container
+hk.c1.os1: Full OS
+hk.c2.os2: Full OS
+hk.c3.os3: Full OS
+hk.c1.os1.app1: Many apps
+hk.c2.os2.app2: Many apps
+hk.c3.os3.app3: Many apps
```
## When to use VMs
@@ -200,10 +193,10 @@ See Drew DeVault's blog post [_In praise of qemu_](https://earl.run/rmBs) for a
{{< adm type="note" >}}
**Note:** the instructions below say to install LXD using [Snap.][snap] I
-personally dislike Snap, but LXD is a Canonical product and Canonical is doing
-their best to push Snap down everyone's throats ¯\\\_(ツ)\_/¯ One of the first
-things the Incus project did was [rip out Snap support,][rsnap] and I can't wait
-until they have proper `.deb`s 😁
+personally dislike Snap, but LXD is a Canonical product and they're doing their
+best to prmote it as much as possible. One of the first things the Incus project
+did was [rip out Snap support,][rsnap] so it will eventually be installable as a
+proper native package.
[snap]: https://en.wikipedia.org/wiki/Snap_(software)
[rsnap]: https://github.com/lxc/incus/compare/9579f65cd0f215ecd847e8c1cea2ebe96c56be4a...3f64077a80e028bb92b491d42037124e9734d4c7
@@ -222,3 +215,5 @@ until they have proper `.deb`s 😁
### Usage
{install my URL shortener}
+
+[^1]: Docker containers on Windows and macOS actually run in a Linux VM.