@@ -17,8 +17,8 @@ cover: ./cover.png
This is a blog post version of a talk I presented at both Ubuntu Summit 2022 and
SouthEast LinuxFest 2023. The first was not recorded, but the second was and is
-on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible, but
-there's unfortunately nothing I can do about that.
+on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible audio,
+but there's unfortunately nothing I can do about that.
[selfpeertube]: https://peertube.linuxrocks.online/w/hjiTPHVwGz4hy9n3cUL1mq?start=1m
@@ -40,50 +40,81 @@ as soon as there's an installable release.
- **Isolation:** we don't want an attacker to get into our webserver and be able
to gain access to our email server
- **Flexibility:** <abbr title="Virtual Machines">VMs</abbr> and containers only
- use the resources they've been given
+ use the resources they've been given. If you tell the VM it has 200 MBs of
+ RAM, it's going to make do with 200 MBs of RAM and the kernel's <abbr
+ title="Out Of Memory">OOM</abbr> killer is going to have a fun time 🤠
- **Portability:** once set up and configured, VMs and containers can mostly be
treated as black boxes; as long as the surrounding environment is similar to
the previous in terms of communication, they can just be picked up and dropped
- on bare metal servers as necessary.
-- **Density:**
-- **Cleanliness:**
+ to various machines and hosts as necessary.
+- **Density:** applications are usually much lighter than the systems they're
+ running on, so it makes sense to run many applications on one system. VMs and
+ containers facilitate that without sacrificing security.
+- **Cleanliness:** VMs and containers are black boxes. When you're done with it,
+ you can just throw the box in the trash (delete it) and everything related to
+ that application is gone.
## Virtual machines
-```goat
- .---------------------------------.
-| .-------. .-------. .-------. |
-| | Guest | | Guest | | Guest | |
-| | OS | | OS | | OS | |
-| .---+---' .---+---' .---+---' |
-| .--+----. .--+----. .--+----. |
-| | Guest | | Guest | | Guest | |
-| | Kernel | | Kernel | | Kernel | |
-| .---+---' .---+---' .---+---' |
-| .--+----------+----------+----. |
-| | Hypervisor | |
-| .--------------+--------------' |
-| .-------------+---------------. |
-| | Host Kernel | |
-| .-----------------------------' |
-.---------------------------------'
+```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
+title: |md
+ # Virtual machines
+| { near: top-center }
+
+direction: up
+
+k1: Guest kernel
+k2: Guest kernel
+k3: Guest kernel
+os1: Guest OS
+os2: Guest OS
+os3: Guest OS
+app1: Many apps
+app2: Many apps
+app3: Many apps
+
+Host kernel -> Hypervisor
+Hypervisor -> k1 -> os1 -> app1
+Hypervisor -> k2 -> os2 -> app2
+Hypervisor -> k3 -> os3 -> app3
```
## Containers
-```goat
- Application containers System containers
- .---------------------------------. .------------------------------.
-| .-------. .-------. .-------. | | .------. .------. .------. |
-| | App 01 | | App 02 | | App 03 | | | | Guest | | Guest | | Guest | |
-| '---+---' '---+---' '---+---' | | | OS | | OS | | OS | |
-| .--+----------+----------+----. | | '---+--' '---+--' '---+--' |
-| | Hypervisor | | | .--+---------+---------+---. |
-| '--------------+--------------' | | | Host Kernel | |
-| .-------------+---------------. | | '--------------------------' |
-| | Host Kernel | | '------------------------------'
-| '-----------------------------' |
-'---------------------------------'
+```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
+title: |md
+ # Application containers
+| { near: top-center }
+
+direction: up
+
+app1: App
+app2: App
+app3: App
+
+Host kernel -> Hypervisor
+Hypervisor -> app1
+Hypervisor -> app2
+Hypervisor -> app3
+```
+
+```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
+title: |md
+ # System containers
+| { near: top-center }
+
+direction: up
+
+os1: Guest OS
+os2: Guest OS
+os3: Guest OS
+app1: Many apps
+app2: Many apps
+app3: Many apps
+
+Host kernel -> os1 -> app1
+Host kernel -> os2 -> app2
+Host kernel -> os3 -> app3
```
## When to use which