Hi all, first post from me. After much internal debate and poc'ing where I can in hyperv between truenas 24.10 with docker versus proxmox with truenas vm and docker lxc, I went with the latter option on the grounds of better virtualisation and cluster support.
Currently I have my truenas vm using disks via hba in passthrough, with nfs shares made available through autofs mounts on the host, then bind mount those host folders in the lxc for use by my docker stacks, I used a privileged container to avoid all the uid/gid mappings for now. I also need igpu access for jellyfin etc.
Rather than having the user mapping can of worms with an unprivileged container I'm thinking of moving my docker stacks to a vm and having autofs setup within that for truenas access, better isolation and easier to manage that way leaving the host to be a host only I am a little concerned with dmesg activity around eth0 renaming on the host from the lxc proxy containers I have which is another reason I am looking at vm isolation.
I would normally go with debian but resource usage is obviously way more than the lxc container setup I have, any distros worth considering purely for this function instead ti reduce footprint? The lxc way is soooo lightweight it's spoilt me!
Alternatively is it worth biting the bullet and going unprivileged with lxc and sorting mappings out? I have all my docker containers running as either root for network stuff or as an apps user/group. I would also need to figure out the proxy stuff....I'm just thinking the vm approach simplifies it all at the cost of an extra core and a few gb of memory, something I can live with for now I guess.
Thanks for any insight
Currently I have my truenas vm using disks via hba in passthrough, with nfs shares made available through autofs mounts on the host, then bind mount those host folders in the lxc for use by my docker stacks, I used a privileged container to avoid all the uid/gid mappings for now. I also need igpu access for jellyfin etc.
Rather than having the user mapping can of worms with an unprivileged container I'm thinking of moving my docker stacks to a vm and having autofs setup within that for truenas access, better isolation and easier to manage that way leaving the host to be a host only I am a little concerned with dmesg activity around eth0 renaming on the host from the lxc proxy containers I have which is another reason I am looking at vm isolation.
I would normally go with debian but resource usage is obviously way more than the lxc container setup I have, any distros worth considering purely for this function instead ti reduce footprint? The lxc way is soooo lightweight it's spoilt me!
Alternatively is it worth biting the bullet and going unprivileged with lxc and sorting mappings out? I have all my docker containers running as either root for network stuff or as an apps user/group. I would also need to figure out the proxy stuff....I'm just thinking the vm approach simplifies it all at the cost of an extra core and a few gb of memory, something I can live with for now I guess.
Thanks for any insight
Last edited: