Docker and Proxmox

Q - Can I run Docker Containers on Proxmox?‌‌‌‌ A - Yes and no. Running #docker in #proxmox is a good way of controlling the total setup. There is 2 ways to do this, use a CT or a VM. I will try to explain the main points

Docker and Proxmox

What to remember is to be careful out there

Q - Can I run Docker Containers on Proxmox?‌‌‌‌
A - Yes and no.

Confused?

Yes, you can install and run Docker and Containers on the server but they will run alongside Proxmox and not in Proxmox. This leads to a situation where cpu and memory disappears from use and you do not know why. Also the benefit of Proxmox is totally missed. This means you should just run Docker and not Proxmox on that server.

Running Docker in Proxmox is a good way of controlling the total setup.

There is 2 ways to do this, use a CT or a VM. There is a lot of positives and negatives in both ways of running a service in a VM or CT. I can not list all but I will try to explain the main points.

Docker in a CT

The CT is much smaller than the VM. The CT is smaller because its not a full OS. It takes more time to migrate a CT than a VM. It can't be live-migrate and has to be stopped first. Then you can transferred to a other node and restart.

A CT runs as root out of the box and needs thus security measures to be implemented. It's more secure to run if we do not use the root user.‌‌

Minimums: Add a user and give sudo privileges.
Block SSH as root.
Don't use passwords for login, certificates are the way to go.

A CT can not run the Qemu-Guest-Agent but you will see info in the summary.

I have 70% of my apps running on CT's.

Docker in a VM

A VM has a full OS and is bigger. I prefer Ubuntu as the OS for the VM. The main benefit is that migrating a VM can be very fast if the disk is on remote storage. This is needed in HA systems. You have all features and controls as on a hard metal server. It's easy to mount disks and directories to the VM in fstab or by editing the setup.

The Qemu-Guest-Agent helps controlling (start/stop/migrating) the VM and gives more info of the VM's use of CPU and Memory.

A use VM's for critical apps, FW's and other security apps, critical resourses and 24/7 apps.