Docker, LXC and storage

Y

yeetistan

New Member
Feb 15, 2021
2
0
1
Hi everyone,

i want to restructure my services at home to all run on my proxmox-machine.
At the moment i have some containers with single services running on them.

My other apps are running as docker-containers on a raspberry pi and they will be moved to PVE.
The raspberry is also running smb with a 8TB external drive.

Now for my concerns/questions:
1. Since running docker in lxc requires some modifications regarding apparomor and cgroups, is it "safe" to run docker there, or should i just create a standard qemu-vm ?
2. Does it make sense to plug in the drive as PVE-storage and attach it to the machines as mountpoints, or is that considered bad/unsafe ?

As of now i have the following scenarios in mind:
Container-focused
- Attach the drive via usb, mount it in PVE and pass it through via mountpoints to LXC
- Modify the lxc to be able to run docker
Pro: easy setup, lower idle-load and thus poweruse
Cons: potentially unsafe
"Security"-focused
- Create a VM, pass the whole drive through as USB-device and run a nfs-server
- Create a VM as dockerhost, access the storage via NFS
Pro: Safer?
Cons: More setup required, more idle-load

Appreciate any input.
 
hi,

yeetistan said:
1. Since running docker in lxc requires some modifications regarding apparomor and cgroups, is it "safe" to run docker there, or should i just create a standard qemu-vm ?
Click to expand...
you should use a VM for better separation and less trouble, it's possible to run docker in lxc as you say, but nesting containers isn't a very good idea in general

yeetistan said:
2. Does it make sense to plug in the drive as PVE-storage and attach it to the machines as mountpoints, or is that considered bad/unsafe ?
Click to expand...
it's not unsafe unless you configure it unsafe :) (meaning privileges and rights)


for your setup both scenarios you mentioned should work, you'll have to decide what is better for your use-case.

if these services won't be accessible from the outside internet then it might be okay to do the docker setup in lxc
 
  • Like
Reactions: yeetistan
Hi Oguz, thanks for the quick answer!

Since some services will be accessible from the outside, i will run the qemu-variant to be safe.
Since the VMs dont support mountpoints, i guess thats off the table as well and i will be setting up a nfs-server in a vm.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back