Docker

CT or VM as your Docker host?

The VM clearly wins in terms of flexibility and security. The KVM VM is much better isolated from the host than the CT, can have full root rights, use features such as GPU pass-through and supports live migration.

Nalle

Nalle

4 min read
Share
CT or VM as your Docker host?
Photo by Aron Yigin / Unsplash

CT or VM as the Docker host?

The official Proxmox documentation also recommends implementing Docker hosts as VMs. But, it's possible to use a container but remember the security issues with LXC containers.

Docker VM

The typical OS for a Docker VM has been, for a long time, Ubuntu LTS versions. But, if you like something smaller, Alpine is fantastic.

Set up basics

Create a VM and give it a high number (60xxx), and a descriptive but short name.

ℹ️
I use high numbers for special VMs like Template VM (98xxx) and Templates (99xxx).

Select the Storage location, then the ISO Image, and select Next.

Change the SystemDisksCPUMemory, and Network. Click the QEMU-Guest-Agent. After all the settings have been configured to your specifications, confirm the settings and create the VM. Check the setup and edit if needed; add devices, set startup order and delays. Then start the VM. If you come from Windows, you will be astonished how little resources are needed.

ℹ️
It's easy to add resources, if needed, after testing the app.

During the installation you will be setting up the OS according to your liking.

After a reboot into the OS (Ubuntu for this guide). Log in with the username and password you configured, then update the system.

apt-get update && apt-get upgrade -y

Install Docker

 These commands are taken directly from the official Docker documentation and are the prerequisites needed to install the latest version.

sudo apt-get update && sudo apt-get install ca-certificates curl -y
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

After the commands above are run, copy and run the command below.

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Finally, update the system.

sudo apt-get update

After all that, run the command below to install Docker.

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Add a GUI

You might like to add a GUI to Docker like Portainer or Dockge

Portainer

Add a volume for the Portainer database 

docker volume create portainer_data
docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:lts
ℹ️
By default, Portainer generates and uses a self-signed SSL certificate to secure port: 9443. Alternatively, you can provide your own SSL certificate during installation or via the Portainer UI after installation is complete.
ℹ️
If you require HTTP port 9000 open for legacy reasons, add the following to your docker run command: -p 9000:9000

Portainer Server has now been installed.

Dockge

Create directories that store your stacks and stores Dockge's stack

mkdir -p /opt/stacks /opt/dockge && cd /opt/dockge

Download the compose.yaml

curl https://raw.githubusercontent.com/louislam/dockge/master/compose.yaml --output compose.yaml

Start the server

docker compose up -d

If you are using docker-compose V1 or Podman

docker-compose up -d

References

Dockge [1] Portainer [2] Docker [3]

  1. Dockge on GitHub ↩︎

  2. Portainer installation ↩︎

  3. Docker Convenience Script for easy installation page ↩︎

Read more