Having the ability to import OCI images and run them in an LXC is fabulous! Thank you Proxmox team. This is a useful and necessary first step to a container runtime environment that may one day reduce the desire to run Docker/Podman VMs (or, though not advised, LXCs).
Unfortunately, this initial capability provides only a very static model of importing and running an OCI container. As valuable as that is, the OCI model really shines in a much more dynamic container orchestration environment. In order to get to that with PVE several more things needed:
The abiliity to update/replace and the image from the OCI repo
The ability to "mount" volumes into the container (PVE already provides wonder virtual disk integrations that could help develop this)
A solid integration of PVEs SDN model with LXC containers
The ability to specify Environment Variables for the container
A good way for containers to read the state of the Proxmox environment state and subscribe to updates in that state so that tools like Traefik, etc., could automate exposing ports
Likely some extensions to the existing PVE "labels" concepts.
Some of these may be major - but many of them are reasonably achievable.
Thoughts? Am I missing something? Is it silly to go this direction (i.e., does the world really need another container orchestration platform when you can just run Docker/Podman/K8s inside Proxmox today)?
Mounting host folders is already possible using pct set or directly editing the LXC config file after creation. (i.e. mp0: /test,mp=/test)
It would be more straightforward to expose this in the GUI, but there are security concerns:
Since 4.2 it is possible to create a mount in the graphical assistant or with the API but actually it does something different by creating a separate disk. (By the way this is not clear to me what the expected JSON structure to pass.)
So I like to know if it possible to create a bind mount through...
Environment variables are available in the Options tab once the LXC is created, but currently not during initialisation.
What you see here is that you want to be able to define these during creation in order to succesfully deploy the OCI container at once. Pretty much like you currently do in for example docker compose or Portainer.
I also wonder how this could would work with stacked containers like for example Immich. Interesting use case for Proxmox OCI.
Non-destructive updating of OCI containers is obviously the most important and will probably be the most requested missing feature. A roadmap would be great!
regarding the bindmounts like in docker. just use the gui and the additional mountpoints. you are creating a seperated "docker volume" like an image and mount it inside. it does not matter where it is on the host. just setup the storage in the datacenter.
sure, for shared data between lxc/oci (how does it called now? lxc docker - im confused already) you need bindmounts via host. but then you need to check the permissions between the container.
A good way for containers to read the state of the Proxmox environment state and subscribe to updates in that state so that tools like Traefik, etc., could automate exposing ports
Likely some extensions to the existing PVE "labels" concepts.
had this in mind, too. i love traefik for docker stuff. maybe i'll fiddle arround with, shoot myself into my foot or someone else's.
maybe you need to use the file provider/dynamic router for this. im not sure.
