[pve-devel] Proposal For Podman Container Support

[Raven King via pve-devel <pve-devel@lists.proxmox.com>]

[-- Attachment #1: Type: message/rfc822, Size: 7068 bytes --]

From: Raven King <thekingofravens@disroot.org>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Proposal For Podman Container Support
Date: Thu, 13 Mar 2025 11:03:48 -0700
Message-ID: <e0a39815-26cc-4530-9bcd-5e5e2f1f1ae4@disroot.org>

Hello,

This is my first time writing to this mailing list. I have never 
contributed to proxmox but I would like to try and write a feature that 
allows native container support (not inside an LXC or VM).
My goal would be that you could manage those containers much like 
LXC/VMs with similar UI behavior (resource usage views, easy access to 
container console, and resource sharing).
Its a large undertaking, and I would probably want to get a little 
experience with the proxmox codebase first.

*Why do this?*
     1. It is parroted by users frequently. Just look up "run docker in 
proxmox" and you will see dozens.
     2. It would add a major use case to proxmox.
     3. For me personally, it removes a major pain point of using 
proxmox, which is setting up an LXC to then share resources with to then 
setup a docker image to then share resources with.
         Or using docker directly and tearing my hair out as it 
magically breaks all my proxmox network config.

*Why Podman?*
     1. Easy enough to use.
     2. Packaging. The support in debian is straightforward and won't 
confuse anyone. This means the project won't have to maintain podman 
itself in any way.
     3. Security. Podman needs limited privileges to operate compared to 
docker. This makes it easier to mesh with things such as user accounts.
     4. Interop. It easily goes to/from kubernetes, which can help in 
some enterprise use cases. Also doesn't interact in ways that break 
existing pve config mechanisms.

*What does podman offer an LXC doesn't?*
     1. Easy deployment, you can just pull images that someone prebuilt 
for a purpose, including most docker images.
     2. Directly sharing a host directory (not a whole drive) such as 
single zfs datastore. While achievable in LXC, you have to do a bunch of 
user mapping and the setup is rather involved.

*What drawbacks have I considered?
*1. Using privileged ports in a podman container is a little tricky 
without root. Proxmox mostly runs as root though, so this is really only 
a problem for secondary users.
2. I will take a lot of work to ensure the networking works in a way 
consistent with other networking in proxmox.
3. Increase support burden as users who aren't entirely familiar with 
docker/podman containers ask questions that could be answered through 
research.
4. Some services people might want to run, such as nginx proxy manager, 
are gonna be very hard to use in this way due to number 1.

I am writing to the mailing list before even beginning on this endeavor 
to get several questions answered:

1. Do y'all have any general tips and pointers about navigating and 
working with the proxmox codebase?
2. Where is a good list to grab bugs to get familiar with proxmox 
structure and what functionality is where? I have some hardware, but I 
am not capable of testing stuff like multi-gpu setups.
     I see 
https://bugzilla.proxmox.com/describecomponents.cgi?product=pve but 
there is a lot of components to proxmox. I have a hard time picking a 
spot to start.
3. Are there any major drawbacks to container support that need 
consideration?
4. Are there specific drawbacks to podman that need consideration?
5. Anything else I am overlooking with this idea?

Sincerely,

Raven King

[-- Attachment #2: Type: text/plain, Size: 160 bytes --]

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel