Pika

They are very nice. They share kernelspace so I can understand wanting isolation but, the ability to just throw a base Debian container on, assign it a resource pool and resource allocation, and install a service directly to it, while having it isolated from everything without having to use Docker’s emphereal by design system(which does have its perks but I hate troubleshooting containers on it) or having to use a full VM is nice.

And yes, by Docker file I would mean either the Docker file or the compose file(usually compose). By straight on the container I mean on the container, My CTs don’t run Docker period, aside from the one that has the primary Docker stack. So I don’t have that layer to worry about on most CT’s

As for the memory thing, I was just mentioning that Docker does the same thing that containers do if you don’t have enough RAM for what’s been provisioned. The way I had taken that original post is that specifying 2 gigs of RAM to the point the system exhausts it’s ram would cause corruption and the system crashes, which is true but docker falls for the same issue if the system exhausts it’s ram. That’s all I meant by it. Also cgroups sound cool, I gotta say I haven’t messed with them a whole lot. I wish proxmox had a better resource share system to designate a specific group as having X amount of max resources, and then have the CT or vm’s be using those pools.

Yea I plan to try out the new Proxmox version at some point to try that out, thank you again.

Will be looking into that, I haven’t upgraded from 8.4 yet. That sounds like a pretty decent thing to have. Thanks!

Your statements are surprising to me, because when I initially set this system up I tested against that because I had figured similar.

My original layout was a full docker environment under a single VM which was only running Debian 12 with docker.

I remember seeing a good 10gb different with ram usage between offloading the machines off the docker instance onto their own CT’s and keeping them all as one unit. I guess this could be chalked down to the docker container implementation being bad, or something being wrong with the vm. It was my primary reason for keeping them isolated, it was a win/win because services had better performance and was easier to manage.

Sorry, make legal requires the lawyer subroutine which requires full access to everything to verify you have the money to be able to make such a claim

as much as I would love this. If it ever did become a thing, what you would see wouldn’t be companies taking the fine, you would see companies “off-branching” and having income be reported on a parent company that is contracted to the offending company. like in the case of alphabet, they would likely just migrate the android division to be a contractee that they have full control over that they never terminate the contract for. They no longer “own” android legally, they contract android to do their bidding. So when it ends up in court, it ends up as a “well Android did it not us” much like how Amazons third party delivery services worked when they tried to enforce unionization laws.

some important clarification though, that is a hard cap, realistically it will likely be quite a bit less.

Concidering that they were estimated to be making 31 billion USD off the android ecosystem alone back in 2016 over 10 years 2006-2016, im sure it’s not even a drop in the bucket now.

are you are saying running docker in a container setup(which at this point would be 2 layers deep) uses less resources than 10 single layer deep containers?

I can agree with the statement that a single VM running docker with 10 containers uses less than 10 CT’s with docker installed then running their own containers(but that’s not what I do, or what I am asking for).

I currently do use one CT that has docker installed with all my docker images, which I wouldn’t do if I had the ability not to but some apps require docker) but this removes most of the benefits you get using proxmox in the first place.

One of the biggest advantages of using the hypervisor as a whole is the ability to isolate and run services as their own containers, without the need of actually entering the machine. (like for example if I"m screwing with a server, I can just snapshot the current setup and then rollback if it isn’t good) Throwing everything into a VM with docker bypasses that while adding headway to the system. I would need to backup the compose file (or however you are composing it) and the container, and then do my changes. My current system is a 1 click make my changes, if bad one click to revert.

For resource explanation. Installing docker into a VM on proxmox then running every container in that does waste resources. You have the resources that docker requires to function (which is currently 4 gigs of ram per their website but when testing I’ve seen as low as 1 gig work fine)+ cpu and whatever storage it takes up which is about half a gig or so) in a VM(which also uses more processing and ram than CT’s do as they no longer share resources). When compared to 10 CT’s that are finetuned to their specific app, you will have better performance running the CT’s than a VM running everything, while keeping your ability to snapshot and removing the extra layer and ephemeral design that docker has(this can be a good and bad thing, but when troubleshooting I learn towards good).

edit: clarification and general visibility so it wasnt bunched together.

I don’t like how everything is docker containerized.

I already run proxmox, which containerizes things by design with their CT’s and VM’s

Running a docker image ontop of that is just wasting system resources. (while also complicating the troubleshooting process) It doesn’t make sense to run a CT or VM for a container, just to put docker on it and run another container via that. It also completly bypasses everything that proxmox provides you for snapshotting and backup because proxmox’s system is for the entire container, and if all services are running on the same container all services are going to be snapshotted.

My current system allows me to have per service snapshots(and backups), all within the proxmox webUI, all containerized, and all restricted to their own resources. Docker is just not needed at this point.

A docker system just adds extra headway that isn’t needed. So yes, just give me a standard installer.

X to doubt. Considering that they already had issues with censorship which is labeled as “bugs”.

The bug wasn’t that the message wasn’t sending, the bug was that you were able to detect that the message wasn’t sending.

That’s how X/Twitter works. They don’t “censor” anything, they de-prioritize it things that don’t match current ideologies.

They can call it whatever they want, the fact that the bugs only happens on specific topic points, and not on others, tells you that something was changed that was regarding those topic points which was causing the issue in the first place. What else would they be changing that required those specific topic points if not either a de-prioritization or a censorship.

Being said, the article makes some good points, but also fails to realize that it’s twitter/X was the same boat. Many people had to choose either to make a political statement or to keep their current friends or influences. I lost access to almost every content creator I followed when I left twitter. plus, you can tell when people leave a platform, the effect is very noticeable. On the individual level they are probably right, but on the majority level it will be noticeable.

If there’s a way of pulling a Docker container and running it directly as a CT on Proxmox, please fill me in. I’ve been using it for a year and a half to two years now, but I haven’t seen any ability to directly use a Docker container as an LXC.

For VMs, I fully agree with you, but the best part about Proxmox is the ability to use containers, or CTs, which share system resources. So unlike a VM, if you specify a container has two gigs of RAM, that just means that it has two gigs of RAM that it can use, unlike the VM where it’s going to use that amount (and will crash if it can’t get that amount)

These CT’s do the equivalent of what docker does, which is share the system space with other services with isolation, While giving an easy to administrate and backup system, while keeping it able to be seperate by service.

For example, with a Proxmox CT, I can do snapshots of the container itself before I do any type of work, if where if I was using Docker on a primary machine, I would need to back up the Docker container completely. Additionally, having them as CTs mean that I can run straight on the container itself instead of having to edit a Docker file which by design is meant to be ephemeral. If I had to take troubleshooting bare bones versus troubleshooting a Docker container, I’m going to choose bare bones every step of the way.(You can even run an Alpine CT if you would rather keep the average Docker container setup)

Also for the over committing thing, be aware that your issue you’ve stated there will happen with a Docker setup as well. Docker doesn’t care about the amount of RAM the system is allotted. And when you over-allocate the system, RAM-wise, it will start killing containers potentially leaving them in the same state.

Anyway, long story short, Docker containers do basically the same thing that a Proxmox CT does. it’s just ephemeral instead of persistent, And designed to be plug-and-go, which I’ve found in the case of running a Proxmox-style setup, isn’t super handy due to the fact that a lot of times I would want to share resources such as having a dedicated database or caching system, Which is generally a pain in the butt to try to implement on Docker setups.

I’m sick of everything moving to a docker image myself. I understand on a standard setup the isolation is nice, but I use Proxmox and would love to be able to actually use its isolation capabilities. The environment is already suited for the program. Just give me a standard installer for the love of tech.

Yeah, sadly, I’m aware. I know that Wayland is making its rounds. I’m not looking forward to it. I try it every once in a while to see if it’s gotten better, but so far, every time I’ve tried, I have artifacting and tearing, which just doesn’t happen on X11

That sounds absolutely amazing and something that I’m definitely going to be looking up when I go on my desktop later. Thank you for informing me

Part of NORAD already allows both Canada and the US to enter each other’s airspace in the interest of dealing with threats. This is an existing negotiation.

What the ambassador is stating is that if Canada does decide to backtrack on the program (which full disclosure I agree with because they failed to meet their deadline and the cost overrun is through the roof), In order to “prevent gaps”, they would increase their f35 presence Which is also why they referenced that they would need to alter the current NORAD plan.

This is a quote from one of the sources that the article uses for its claims.

“NORAD would have to be altered,” U.S. Ambassador to Canada Pete Hoekstra told CBC News in an exclusive interview at Luke Air Force Base in Arizona. He says the United States would likely need to purchase more of the advanced fighter aircraft for its own air force, and would fly them more often into Canadian airspace to address threats approaching the U.S. “If Canada is no longer going to provide that [capability], then we have to fill those gaps,” said Hoekstra.

The Posted article cherry-picks the hell out of its sources to try and make a mountain out of a mole hill.

The entire article could be summarized with “US ambassador states that if Canada backs out of F-35 deal, US will need to increase resources to fill the gap” But instead of doing so, the author decided to make a title that makes it indicate that the US ambassador is threatening to invade Canada over it. Disingenuous reporting.

You can almost hear the legacy programmers screaming about Haskel and C from here. /j

what do those do? I run x11 but never knowingly used them

I just had my standard blood draw and it was 550$ so yea 2k defo look into that.