All Docker containers in 1 VM or 1 VM per container?

D

dwrighty

New Member
Feb 10, 2024
2
0
1
Hi all

Homelab here!

Been using Docker for about 12 months and recently started using Proxmox and gone all in with two nodes for replication and a backup server, my NAS doesn't have enough space to use for HA bit I'm working on that.

Currently I have all my Docker containers running on a single VM.

I can't find any advice/guidance on whether this is the best way to run them or have a VM for each container.

I have 32 GB in each of my Proxmox servers so RAM isn't a problem - I've given 16 GB to my VM. Would just like to have my containers running as efficiently as possible.

Could anybody suggest any guidance please?

Thanks

- D
 
dwrighty said:
Could anybody suggest any guidance please?
Click to expand...
As usual: it depends. On your expectations, requirements and your personal fault tolerance.

Of course this behavior is obvious:
  • with multiple dockers in one VM: ALL services fail if this single VM fails
  • with a single docker in a separate VM: only one service fails if his VM fails
Multiple VMs create a large overhead. You need to manage/monitor/update all of them, one by one.

Me, personally, opt for independent multiple VMs. That said..., I opt also for services in VMs, not using docker at all.

Did I say "it depends"? ;-)
 
  • Like
Reactions: dwrighty
UdoB said:
As usual: it depends. On your expectations, requirements and your personal fault tolerance.

Of course this behavior is obvious:
  • with multiple dockers in one VM: ALL services fail if this single VM fails
  • with a single docker in a separate VM: only one service fails if his VM fails
Multiple VMs create a large overhead. You need to manage/monitor/update all of them, one by one.

Me, personally, opt for independent multiple VMs. That said..., I opt also for services in VMs, not using docker at all.

Did I say "it depends"? ;-)
Click to expand...
That's good advice, thanks @UdoB , I'll give it some thought.

- D
 
UdoB said:
Did I say "it depends"? ;-)
Click to expand...
Would have also been my answer ;)

In addition to @UdoB's answer:
Keep also in mind how you would secure your ingress and egress package flows to/from the VM and to/from the containers. If you want to secure the containers from each other (e.g. one stack per host), you would have a better control over the package flow.

We use different VMs for services, depending on their security requirements.
 
You must log in or register to reply here.
Top Bottom