Docker in CT or VM - best practices?

Feb 21, 2023
30
0
6
I am just about to setup my second docker host in my proxmox cluster and would like to do it the best possible way.

As I am using SMB/CIFS within some of my docker-containers

CT vs VM?

Pros/cons?
 
Hello

Quoted from the Documentation:

If you want to run application containers, for example, Docker images, itis recommended that you run them inside a Proxmox QEMU VM. This will give youall the advantages of application containerization, while also providing thebenefits that VMs offer, such as strong isolation from the host and the abilityto live-migrate, which otherwise isn’t possible with containers.
 
  • Like
Reactions: Claoudj and UdoB
<---- Using Ubuntu and Debian for Docker containers. However, it's your preference. I just found those two reliable for my use case; I use the docker.io provided package repositories instead of the distro ones. Another thing is that it can be much easier with the documentation as well, as there are lots out there for the aforementioned distros. [Digital Ocean has excellent tutorial documents.]

As an aside, if you end up using tun devices for your docker containers, it is a much better idea to do this via a VM, as it avoids many problems with overlays and the proxmox host. It's much, much more secure to do this in VM. [My use case had ZeroTier running on the proxmox host and a tun device being accessed via the LXC containers, a great many of years ago. This allowed SMB access over Zerotier to the containers. But, not doing it that way again, all in VMs these days.]
 
  • Like
Reactions: JTjones
Thank you for providing a clear response. Moving on to the next question: Which distribution is recommended for the virtual machine (running Docker)? Does Proxmox have any preferred distributions, or should I choose one that Docker prefers?
Alpine/RancherOS linux looks like the best choice for that.
 
Use what you know and love (like @Nuke Bloodaxe ) or go with an established docker-centric distribution (@Admiral Awesome) if you're John Snow with respect to distributions.

Also, consider using podman, which gets more and more traction and has better out-of-the-box security than Docker.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!