How to start a Docker Image within Promox ?

ikus060

New Member
Nov 18, 2021
13
6
3
36
Hello,


Using Proxmox VE for quite a while with VM and LXC on 5 physical servers.


Too many times, we find ourselves creating a VM or an LXC container for a single Docker application. Mainly, we are creating an additional Linux server for the sole purpose of installing docker within it and starting our Docker image.


This process is starting to cost us in maintenance. About 50% of the VM/LXC are placeholders for Docker ! The reason why it's costing us is maintaining those servers up to date with patches and other stuff. Again, simply to run a single docker image.


As a user, I would love to get a more bearable approach where we could simply run the docker image directly within Proxmox. Without the need of installing an additional OS.

Question:

Is it possible to start a Docker image within LXC without the need for an additional OS ?

Maybe using podman or LXC in an exotic way ?

Maybe by converting the docker image into a LXC compatible templates ?

What is the solutions available ?
 
Oct 7, 2019
154
34
33
Docker is not supported and AFAIK there are no plans to support it on Proxmox hosts.

One option would be to set up a few VM's and deploy all your dockers in them using an orchestrator like Rancher or Kubernetes.
 

auser

Active Member
Jul 17, 2014
36
5
28
Hello,


Using Proxmox VE for quite a while with VM and LXC on 5 physical servers.


Too many times, we find ourselves creating a VM or an LXC container for a single Docker application. Mainly, we are creating an additional Linux server for the sole purpose of installing docker within it and starting our Docker image.


This process is starting to cost us in maintenance. About 50% of the VM/LXC are placeholders for Docker ! The reason why it's costing us is maintaining those servers up to date with patches and other stuff. Again, simply to run a single docker image.


As a user, I would love to get a more bearable approach where we could simply run the docker image directly within Proxmox. Without the need of installing an additional OS.

Question:

Is it possible to start a Docker image within LXC without the need for an additional OS ?

Maybe using podman or LXC in an exotic way ?

Maybe by converting the docker image into a LXC compatible templates ?

What is the solutions available ?
Hi there.
Fortunately there exists a production ready alternative to the Docker problem.
It is called Podman.

https://podman.io/

You can run 'Docker' containers with minimal-to-no changes.
When you get used to it, it is a far superior platform and technology suite to 'Docker' TM
and you will likely find it more convenient to abandon the 'Docker' compatibilty almost entirely.

Don't waste your time with obsolete builds from distros,

There are ready-to-go builds available here:

https://build.opensuse.org/package/show/devel:kubic:libcontainers:stable/podman
https://build.opensuse.org/repositories/devel:kubic:libcontainers:stable/podman

hope that Helps!
;-)
 

ikus060

New Member
Nov 18, 2021
13
6
3
36
Hi @VictorSTS

Thanks for your reply. I know Proxmox is not supporting Docker deamon. And it's not really what I'm looking for either. I'm looking for a way to start a docker image. Similar to LXC where we start a full OS, I'm looking for a way to start a single application within LXC.

Again, the goal is to reduce the number of OS to manage. Creating more VMs to install Rancher or k8s goes in opposite direction of what we are looking for.

I know Proxmox team is reticent to support anything related to Docker. I'm not sure to understand the rational behind it. Containers are here to stay. Various ways of spinning them exist. LXC is one, Docker deamon and podman are another.


The best would be some kind of wrapper for LXC to start a single Docker image with podman. That would be fantastic.
 
Oct 7, 2019
154
34
33
Not a docker user yet, unfortunately... But as each dockerized app runs isolated from the rest of apps, why not lots of dockers in the same VM and orchestrate all dockers in a few VMs which act as docker servers? Even if apps are unrelated that seems possible.

Yes, you would need a few extra VM's for the orchestrator, but then you could move from 1VM/LXC==1 dockerized app to 1VM==n dockerized apps.

I'm probably missing something here as my docker experience nears zero, so bear with me please :)
 

ikus060

New Member
Nov 18, 2021
13
6
3
36
@VictorSTS

> Yes, you would need a few extra VM's for the orchestrator, but then you could move from 1VM/LXC==1 dockerized app to 1VM==n dockerized apps.

We started that way, and soon realize the number of Dockerized App is growing and so are the VMs to host them. This causes issues in term of flexibility. Replication, migration, backup and networking are all defined at VM level. e.g.: When migrating the VM, we need to migrate everything at once. It's far from ideal.
 

ikus060

New Member
Nov 18, 2021
13
6
3
36
Hi there.
Fortunately there exists a production ready alternative to the Docker problem.
It is called Podman.

https://podman.io/

You can run 'Docker' containers with minimal-to-no changes.
When you get used to it, it is a far superior platform and technology suite to 'Docker' TM
and you will likely find it more convenient to abandon the 'Docker' compatibilty almost entirely.

Don't waste your time with obsolete builds from distros,

There are ready-to-go builds available here:

https://build.opensuse.org/package/show/devel:kubic:libcontainers:stable/podman
https://build.opensuse.org/repositories/devel:kubic:libcontainers:stable/podman

hope that Helps!
;-)
@auser

Thanks for your reply. I've use podman a bit, but I'm not a power user.

Do you know a way to integrated with LXC ? Maybe I could create a LXC template with only podman ?
 

auser

Active Member
Jul 17, 2014
36
5
28
Hi @ikus060
So I made the choice to move away from using LXC for hosting containerised workloads.
I did consider LXD at length, but it is not integrated into PVE and does not 'just work' with the large and growing variety of 'dockerized' workloads.

For me, the advantages from managing your containerised workload _within_ a VM are various, but compelling.

Isolation is better in a VM and the interaction of network <-> VM can be managed transparently (as perceived by the container manager as well as the containerised application)

Similarly, I would say this to you, it _is_ a security improvement to move away from the Docker Daemon to a unix-style 'process running in a namespace'

Architecturally, this is similar to the appreciation that the KVM Hypervisor implementation integrated into the linux kernel, where each VM is running as a native unix Process that you can interact with in the usual way,
is fundamentally superior to the XEN model where each VM is its own island and the 'Host Kernel' is entirely divorced.

It sounds from your description that what mostly concerns you is ease of Administration.
One of the great advantages of moving to Podman is the flexibility that it brings.
The networking uses the open source CNI and the runtime can be selected as either runc or crun.
It is a great stepping stone platform if you may wish to migrate workloads to k8s or openshift in future.

You can use the systems that you are already familiar with for Process Management.

You can write systemd unit files to manage the lifecycle of your services
and Podman with systemd can handle the cgroups2 resource management largely transparently for you (if you want).
Of course you could administer everything with ansible if you want! ;-)

Hope that helps!
;-)
 
  • Like
Reactions: egberts

ikus060

New Member
Nov 18, 2021
13
6
3
36
What about using LXC to run a OCI image (namely a Docker image).

According to this article LXC is support OCI.

https://www.buzzwrd.me/index.php/2021/03/10/creating-lxc-containers-from-docker-and-oci-images/

> Like every container technology and their dog, LXC nowadays supports OCI images. The Open Container Initiative was created to manage open-sourced parts of Docker. They basically donated image specification, the low lever container runtime, and a few other key system components. OCI images are nowadays the defacto way of handling image Compatability between container runtime platforms.

Is it possible to get is started from proxmox ?
 
  • Like
Reactions: egberts

ikus060

New Member
Nov 18, 2021
13
6
3
36
I tried the command line `lxc-create name -t oci -- --url docker://alpine:latest` but it complains about missing `skopeo` which is only available on debian bullseye.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!