From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id A79B61FF17C for ; Wed, 9 Jul 2025 14:35:45 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C77E3B689; Wed, 9 Jul 2025 14:35:36 +0200 (CEST) From: Filip Schauer To: pve-devel@lists.proxmox.com Date: Wed, 9 Jul 2025 14:34:30 +0200 Message-ID: <20250709123435.64796-14-f.schauer@proxmox.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250709123435.64796-1-f.schauer@proxmox.com> References: <20250709123435.64796-1-f.schauer@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.414 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_ASCII_DIVIDERS 0.8 Email that uses ascii formatting dividers and possible spam tricks KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH docs v3 13/13] ct: add OCI image docs X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Signed-off-by: Filip Schauer --- Introduced in v3 pct.adoc | 72 +++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 64 insertions(+), 8 deletions(-) diff --git a/pct.adoc b/pct.adoc index 529b72f..b538f56 100644 --- a/pct.adoc +++ b/pct.adoc @@ -54,15 +54,22 @@ the cluster setup, and they can use the same network and storage resources as virtual machines. You can also use the {pve} firewall, or manage containers using the HA framework. -Our primary goal is to offer an environment that provides the benefits of using a -VM, but without the additional overhead. This means that Proxmox Containers can -be categorized as ``System Containers'', rather than ``Application Containers''. +Our primary goal has traditionally been to offer an environment that provides +the benefits of using a VM, but without the additional overhead. This means that +Proxmox Containers have been primarily categorized as ``System Containers''. -NOTE: If you want to run application containers, for example, 'Docker' images, it -is recommended that you run them inside a Proxmox QEMU VM. This will give you -all the advantages of application containerization, while also providing the -benefits that VMs offer, such as strong isolation from the host and the ability -to live-migrate, which otherwise isn't possible with containers. +With the introduction of OCI (**O**pen **C**ontainer **I**nitiative) image support, +Proxmox VE now also integrates ``Application Containers''. When creating a +container from an OCI image, the image is automatically converted to the +LXC stack that Proxmox VE uses. + +This approach allows users to benefit from a wide ecosystem of pre-packaged +applications while retaining the robust management features of Proxmox VE. + +While running lightweight ``Application Containers'' directly offers significant +advantages over a full VM, for use cases demanding maximum isolation and +the ability to live-migrate, nesting containers inside a Proxmox QEMU VM remains +a recommended practice. Technology Overview @@ -256,6 +263,12 @@ Container Images Container images, sometimes also referred to as ``templates'' or ``appliances'', are `tar` archives which contain everything to run a container. +Proxmox VE can utilize two main types of images: *System Container Templates* +for creating full virtual environments, and *Application Container Images* based +on the OCI standard for running specific applications. + +System Container Templates +~~~~~~~~~~~~~~~~~~~~~~~~~~ {pve} itself provides a variety of basic templates for the xref:pct_supported_distributions[most common Linux distributions]. They can be @@ -336,6 +349,49 @@ delete that image later with: # pveam remove local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz ---- +Open Container Initiative (OCI) Images (Experimental) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Proxmox VE can also use OCI images to create containers. This makes it easy to +run pre-packaged applications. A container created from an OCI image still uses +the existing LXC framework. + +Obtaining OCI Images +~~~~~~~~~~~~~~~~~~~~ + +An OCI image can be pulled from a registry and saved as a `tar` archive. You can +use tools like `docker`, `podman`, or `skopeo` for this. For example, to obtain +the Apache HTTP Server (httpd) image from Docker Hub: + +Using Docker: + +---- +# docker pull httpd +# docker save httpd > httpd.tar +---- + +Using Podman: + +When using Podman, the archive format must be explicitly specified as +`oci-archive`. + +---- +# podman pull httpd +# podman save --format=oci-archive httpd > httpd.tar +---- + +Using skopeo: + +---- +# skopeo copy docker://httpd:latest oci-archive:httpd.tar:latest +---- + +The resulting `httpd.tar` archive is an OCI image. It can be uploaded to a +Proxmox VE storage that supports container templates via the *Upload* button in +the storage content view of the web interface. + +Once the template is on a storage, you can create the container with +`pct create` or use the wizard in the web interface. [[pct_settings]] Container Settings -- 2.47.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel