Currently I’m running some services though Docker on a Proxmox VM. Before I had Proxmox, I thought containers were a very clean way of organizing my system. I’m currently wondering if I can just install the services I always use on the VM directly. What are the pros and cons of that?

  • traches@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    12 days ago

    Cons of containers are slightly worse disk and memory consumption.

    Pros:

    • ease of installation
    • declarative, consistent configuration
    • security some degree of sandboxing
    • dependency management is solved

    Stick with the containers

    • gazter@aussie.zone
      link
      fedilink
      English
      arrow-up
      4
      ·
      19 days ago

      Wait, ease of installation? As someone who had to walk away from a semi-homebrew, mildly complicated cloud storage setup recently, that’s not the experience I had. Networks within networks, networks next to networks not talking to each other, mapped volumes, even checking logs is made more complicated by containerising. Sure, I’m a noob, but that only reinforces my point.

      • traches@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        19 days ago

        I definitely see your point, but the difference is that it’s one thing to learn. Once you know docker, you can deploy and manage anything.

    • vegetaaaaaaa@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      16 days ago

      security

      with containers, software maintainers also need to keep their image up-to-date with latest security fixes (most of them don’t) - whereas these are usually handled by unattended-upgrades or similar in a VM. Then put out a new release and expect users to upgrade ASAP. Or rebuild and encourage redeploying the latest image every day or so, which is bad for other reasons (no warning for breaking changes, the software must be tested thoroughly after every commit to master).

      In short this adds the burden of proper OS/image maintenance for developers, something usually handled by distro maintainers.

      trivy is helpful in assessing the maintenance/vulnerability level of OCI images.