A Modern Proxmox Docker Architecture with Disposable VMs, VirtIO-FS, and ZFS
6 hours ago
- #Proxmox
- #Docker
- #Virtualization
- Modern Proxmox Docker architecture addresses Linux kernel security model changes by replacing fragile Docker-in-LXC setups with lightweight VMs via cloud-init linked clones, rootless Docker namespaces for service isolation, and VirtIO-FS with VFS idmapped mounts for efficient ZFS storage passthrough.
- The architecture separates persistent data (encrypted, backed up) from ephemeral data (disposable Docker layers) on ZFS pools, using VirtIO-FS with ID-mapping to avoid network overhead and permission issues, and employs Git-based configuration tracking for organization.
- Deployment involves creating disposable VMs from a qcow2 template, with two VM types: heavyweight (single service per VM for mission-critical apps) and lightweight (multi-tenant with rootless namespaces for smaller services), automated via cron and Ansible for updates.