Deploying apps in lxc or in docker

K

kbirger

New Member
Oct 24, 2024
6
0
1
I've been reading some content on this subject, but I'm still not sure I get the advantage of running apps as lxcs vs docker on an lxc. Many people on here and out there on the web are prescribing lxc by default.

As I understand it, the main advantages are:
- easier hardware forwarding
- less performance overhead
- automatic snapshots

The first two are sort of edge cases in my opinion. You frequently don't need that level of performance or hardware. Snapshots are nice, but seem fairly inefficient, because you have to snapshot the entire lxc.


With docker, you can do snapshot backups of your mounted volumes. That's really the only stuff that needs to be persisted. Everything else is supposed to be fungible.

The drawbacks of lxc as I see them are that you have more manual steps for upgrades. With docker, I pull the new image, it does any migrations if they are necessary (containers frequently provide this out of the box) and it works. With the lxc, if the new version of the application requires a different version of some dependency, you have to do that yourself, right?

Can someone break this down for me?

Ps: currently running an lxc with Ubuntu and docker with all of my containers and full pci passthrough
 
Hrello @kbirger

this is hard to answer as both solutions are fully different approach (depends on app type, performance, dependencies, maintenance mode etc..) and there no general "best" approach, but I would suggest to avoid LXC with Docker, at least for PROD deployment use full VM, due to kernel isolation, security and stability.

L.
 
Hi @Lukas Moravek , thanks for your response. Yes, agreed, it would be absurd to call one approach as best in all cases. I am looking to gain a better understanding of advantages and disadvantages, and not to have easy answers thrust in my direction.

In that regard, I appreciate the tip regarding using a VM.

I'm still not really clear though... If for a given application, docker performance is acceptable, and it is possible to get docker to interact with the hardware in an acceptable way, what are the benefits of using an LXC? Wouldn't it be better to snapshot the container's external volumes?
 
We use LXC for testing / non critical deployments (internal use, utils etc ...) for apps which are not in docker (lets say old way). Mostly there is no such different performance benefit for us comparing VM. In enterprise there ale lot of probes and security mechanisms which took much more performance.

With our approach I don't want to say that LXC is bad, is very very good and helpful, but each business is different with different requirements.

What is you purpose of use ?
 
You must log in or register to reply here.
Top Bottom
Back