running a virtualized environment for the container, which is then running a virtualized environment for the Docker container.
Neither Linux containers nor Docker containers are virtualized.
- Posts
- 6
- Comments
- 1416
- Joined
- 3 yr. ago
- Posts
- 6
- Comments
- 1416
- Joined
- 3 yr. ago
are you are saying running docker in a container setup(which at this point would be 2 layers deep) uses less resources than 10 single layer deep containers?
If those 10 single layer deep containers are Proxmox’s LXC containers then yes, absolutely. OCI containers are isolated processes that run single services, usually just a single binary. There’s no OS, no init system. They’re very lightweight with very little overhead. They’re “containerized services”. LXC containers on the other hand are very heavy “system containers” that have a full OS and user space, init system, file systems etc. They are one step removed from being full size VMs, short of the fact that they can share the hosts kernel and don’t need to virtualize. In short, your single LXC running docker and a bunch of containers inside of it is far more resource efficient than running a bunch of separate LXC containers.
One of the biggest advantages of using the hypervisor as a whole is the ability to isolate and run services as their own containers, without the need of actually entering the machine
I mean that’s exactly what docker containers do but more efficiently.
I can just snapshot the current setup and then rollback if it isn't good
I mean that’s sort of the entire idea behind docker containers as well. It can even be automated for zero downtime updates and deployments, as well as rollbacks.
When compared to 10 CT's that are finetuned to their specific app, you will have better performance running the CT's than a VM running everything
That is incorrect. Let’s break away from containers and VMs for a second and look deeper into what is happening under the hood here.
Option A (Docker + containers): One OS, One Init system, one full set of Linux libraries.
Option B (10 LXC containers): Ten operating systems, ten separate init systems, 10 separate sets of full Linux libraries.
Option A is far more lightweight, and becomes a more attractive option the more services you add.
And not only that, but as you found out, you don’t need to run a full VM for your docker host. You could just use an LXC. Though in that case I’d still prefer the one VM, so that your containers aren’t sharing your Proxmox Host’s kernel.
Like LXCs do have a use case, but it sounds like you’re using them to an alternative to regular service containers and that’s not really what it’s for.
Nothing is “docker containerized”. Docker is just a daemon and set of tools for managing OCI compliant containers.
Running a docker image ontop of that is just wasting system resources.
No? If you spun up one VM in Proxmox and installed docker and used it to run 10 containers, that would use fewer system resources than running 10 LXC containers directly on Proxmox.
Like… you don’t like that the industry has adapted this efficient, portable, interchangeable, flexible, lightweight, mature technology, because you prefer the one that is heavier, less flexible, less portable, non-OCI compliant alternative?
I’m really confused here, you don’t like how everything is containerized, and your preferred method is to run Proxmox and containerize everything, but in an ecosystem with less portability and tooling?
This is a crazy take. Docker doesn’t involve much overhead. I’m not sure where your 150GB hard drive space commend comes from, as I just dozens of containers on machines with 30-50GB of hard drive space. There’s no nested computer, as docker containers are not virtualization. Containers have nothing to do with a single projects “dependency hell”, they’re for your dependency hell when trying to run a bunch of different services on one machine, or reproducing them quickly and easily across machines.
100 containers isn’t really a lot. Projects often use 2-3 containers. Thats only something like 30-50 services.
True, but this developer has done this before. Theres currently no reason not to have faith in them.
Also the ratio of people that want to be in a union to positions available in a union is like 1000:1
I’m an infrastructure guy, I manage a few datacenters that host some backends for ~100,000 IoT devices and some web apps that serve a few million requests a day each. It sounds like a lot, but the only real difference between my work and yours is that at the scale I’m working with, things have to be built in a way that they run uninterrupted with as little interaction from me as possible. You see fewer GUIs, and things stop being super quick and easy to initially get up and running, but the extra effort spent architecting things right rewards you with a much lighter troubleshooting and firefighting workload.
You sorta stop being a mechanic that maintenances and fixes problem cars, and start being an engineer that builds cars to have as few problems as possible. You lose the luxury of being able to fumble around under a car and visually find an oil filter to change, and start having to make decisions on where to put the oil filter from scratch, but to me it is far more rewarding and satisfying. And ultimately the way that self hosting works these days, it has embraced the latter over the former. It’s just a different mindset from the legacy click-ops sysadmin days of IT.
What this looks like to me in your example is, when I have users of my selfhosted stuff complain about something not working, I’m not envisioning yet another car rolling into the shop for me to fix. I envision a puzzle that must be solved. Something that needs optimization or rearchitecting that will make the problem that user had go away, or at the very least fix itself, or alert me so I can fix it before the user complains.
This paradigm I work under is more work, but the work is rewarding and it’s “fun” when I identify a problem that needs solving and solve it. If that isn’t “fun” to you, then all you’re left is the bunch more work part.
So ultimately what you need to figure out is what your goal is. If you’re not interested in this new paradigm and you just want turnkey solutions there are ways of self hosted that are more suited to that mindset. You get less flexibility, but there’s less work involved. And to be clear there’s absolutely nothing wrong with that. At the end of the day you have to do what works for you.
My recommendations to you assuming you just want to self hosted with as little work and maintenance as possible:
- Stick with projects that are simple to set up and are low maintenance. If a project seems like a ton of work get going, just don’t use it. Take the time to shop around for something simpler. Even I do this a lot.
- Try some more turn key self hosting solutions. Anything with an App Store for applications. UnRAID, CasaOS, things of that nature that either have one click deploy apps, or at least have pre-filled templates where all you need to do is provide a couple variable values. You won’t learn as much career wise this way, but it’ll take a huge mental load off.
- When it comes to tools your family is likely to depend on and thus complain about, instead of selfhosting those things perhaps look for a non-big tech alternative. For example, self hosting email can be a lot of work. But you don’t have to use Gmail either. Move your family to ProtonMail or Tutanota, or other similar privacy friendly alternatives. Leave your self hosting for less critical apps that nobody will really care if it goes down and you can fix at your leisure.
You’ve completely misread everything I’ve said.
Let’s make a few things clear here.
My response is not “Git gud”. My response is that sometimes there are selfhosted projects that are really cool and many people recommend, but the set up for them is genuinely more complex than it should be, and you’re better off avoiding them instead of banging your head against a wall and stressing yourself out. Selfhosting should work for you, not against you. You can always take another crack at a project later when you’ve got more hands on experience.
Secondly, it’s not a matter of whether OP “has what it takes” in his career. I simply pointed out the fact that everything he seems to hate about selfhosting, are fundamental core principals of working in IT. My response to him isn’t that he can’t hack it, it seems more like he just genuinely doesn’t like it. I’m suggesting that it won’t get better because this is what IT is. What that means to OP is up to him. Maybe he doesn’t care because the money is good which is valid. But maybe he considers eventually moving into a career he doesn’t hate, and then the selfhosting stuff won’t bother him so much. As a matter of fact, OP himself didn’t take offense to that suggestion the way you did. He agreed with my assessment.
As you learn more about self hosting, you’ll find that certain things like reverse proxy set up isn’t always included in the documentation because it’s not really a part of the project. How reverse proxies (And by extension http as a whole) work is a technology to learn on its own. I rarely have to read documentation on RP for a project because I just know how reverse proxying works. It’s not really the responsibility of a given project to tell you how to do it, unless their project has a unique gotcha involved. I do however love when they do include it, as I think that selfhosting should be more accessible to people who don’t work in IT.
Perhaps this new European government push to get away from American Big Tech will free you guys of this burden
I wouldn’t call being forced to use a privacy invading, personal data harvesting, foreign-owned communications platform by nearly every facet of your society “weird”. I’d call it “deeply troubling”.
None of our doctors, in network or otherwise force us to Zuck’s apps lol.
Nobody is interested in seriously engaging with your sophomoric “you criticize society yet you participate in it” nonsense. We get it, you’re 14 and think you’re deep.
As an American the thought of your doctor requiring WhatsApp to communicate with you is just a foreign concept lol
Lemmy might fit within the technical definition of social media, but don’t be so obtuse as to equate an anonymous community message board with the likes of Facebook and IG that are tied to your identity, and are designed algorithmically to keep you engaged as long as possible while pressuring you to share more and more of your personal life.
The “If social media bad, why on Lemmy?” Thing is the epitome of halfwit false equivalency.
If a project doesn’t make it dead simple to manage via docker compose and environment variables, just don’t use it.
I run close to 100 services all using docker compose and it’s an incredibly simple, repeatable, self documenting process. Spinning up some new things is effortless and takes minutes to have it set up, accessible from the internet, and connected to my SSO.
Sometimes you see a program and it starts with “Clone this repo” and it has a docker compose file, six env files, some extra fig files, and consists of a front end container, back end container. Database container, message queueing container, etc… just close that web page and don’t bother with that project lol.
That being said, I think there’s a bigger issue at play here. If you “work in IT” and are burnt out from “15 containers and a lack of a gui” I’m afraid to say you’re in the wrong field of work and you’re trying to jam a square peg in a round hole
the number that the computer spits out is literally a spreadsheet sum of all the line items.
Yes a spreadsheet sum of potentially incorrect items, which the only way you’d know about is if you see the items, not the summary. Hence OPs post.
Yeah fuck no. Left side should only be a jumping spider lol
This was added in Proxmox 9.1