From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 9CFC51FF16F
	for <inbox@lore.proxmox.com>; Thu, 13 Mar 2025 19:12:57 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id EC8C21F049;
	Thu, 13 Mar 2025 19:12:46 +0100 (CET)
Date: Thu, 13 Mar 2025 11:03:48 -0700
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
MIME-Version: 1.0
Message-ID: <mailman.32.1741889565.416.pve-devel@lists.proxmox.com>
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
From: Raven King via pve-devel <pve-devel@lists.proxmox.com>
Precedence: list
Cc: Raven King <thekingofravens@disroot.org>
X-Mailman-Version: 2.1.29
X-BeenThere: pve-devel@lists.proxmox.com
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
Subject: [pve-devel] Proposal For Podman Container Support
Content-Type: multipart/mixed; boundary="===============7272848956388337369=="
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

This is a multi-part message in MIME format.
--===============7272848956388337369==
Content-Type: message/rfc822
Content-Disposition: inline

Return-Path: <thekingofravens@disroot.org>
X-Original-To: pve-devel@lists.proxmox.com
Delivered-To: pve-devel@lists.proxmox.com
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by lists.proxmox.com (Postfix) with ESMTPS id 7A35CC8B59
	for <pve-devel@lists.proxmox.com>; Thu, 13 Mar 2025 19:12:45 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 60FED1F016
	for <pve-devel@lists.proxmox.com>; Thu, 13 Mar 2025 19:12:45 +0100 (CET)
Received: from layka.disroot.org (layka.disroot.org [178.21.23.139])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by firstgate.proxmox.com (Proxmox) with ESMTPS
	for <pve-devel@lists.proxmox.com>; Thu, 13 Mar 2025 19:12:43 +0100 (CET)
Received: from mail01.disroot.lan (localhost [127.0.0.1])
	by disroot.org (Postfix) with ESMTP id E419A25DA9
	for <pve-devel@lists.proxmox.com>; Thu, 13 Mar 2025 19:03:55 +0100 (CET)
X-Virus-Scanned: SPAM Filter at disroot.org
Received: from layka.disroot.org ([127.0.0.1])
 by localhost (disroot.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id wD-EKbKQRHEh for <pve-devel@lists.proxmox.com>;
 Thu, 13 Mar 2025 19:03:51 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail;
	t=1741889030; bh=ObkJ1Fwlz0A3gft01ohWP9qvUldWE2KsEttK7AvIEeM=;
	h=Date:To:From:Subject;
	b=C5acsh1CQ1Q4DClT5HQUpjpS3iLbd6f6t8KbjOeEJ1pZqYTQ0AgzUAzYyEHLwREXR
	 adGJlDrR9fetvp8QIXMcGEfFR//jc8qkbABgf0YHzicNGSM38ORsC+18WDLpbS6MG7
	 fg+1ibCdtnsjyLHyv4mOU0MmnkQN/Gvgs4fHIFahBd2ByL3Ahuqrb7ERYLKK/sVmk9
	 rwagIpcCD3AF63CvJXP0uEg9u7tmT7A2n/dS24D0fMGxOJJ7TbO757Lpt8AmGf+luk
	 N0Vc7fYJCTh3Z9N8uSlk403oNDUX5bq7BIMQfnzurHIVIP6dFbkDaB3bLXiDbhchXA
	 XLQgMkFwyLm8g==
Message-ID: <e0a39815-26cc-4530-9bcd-5e5e2f1f1ae4@disroot.org>
Date: Thu, 13 Mar 2025 11:03:48 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Language: en-US
From: Raven King <thekingofravens@disroot.org>
Subject: Proposal For Podman Container Support
X-SPAM-LEVEL: Spam detection results:  0
	BAYES_50                  0.8 Bayes spam probability is 40 to 60%
	DKIM_SIGNED               0.1 Message has a DKIM or DK signature, not necessarily valid
	DKIM_VALID               -0.1 Message has at least one valid DKIM or DK signature
	DKIM_VALID_AU            -0.1 Message has a valid DKIM or DK signature from author's domain
	DKIM_VALID_EF            -0.1 Message has a valid DKIM or DK signature from envelope-from domain
	DMARC_PASS               -0.1 DMARC pass policy
	HTML_MESSAGE            0.001 HTML included in message
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED  0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked.  See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
	RCVD_IN_VALIDITY_RPBL_BLOCKED  0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked.  See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
	RCVD_IN_VALIDITY_SAFE_BLOCKED  0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked.  See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_PASS               -0.001 SPF: sender matches SPF record
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.29

Hello,

This is my first time writing to this mailing list. I have never 
contributed to proxmox but I would like to try and write a feature that 
allows native container support (not inside an LXC or VM).
My goal would be that you could manage those containers much like 
LXC/VMs with similar UI behavior (resource usage views, easy access to 
container console, and resource sharing).
Its a large undertaking, and I would probably want to get a little 
experience with the proxmox codebase first.

*Why do this?*
     1. It is parroted by users frequently. Just look up "run docker in 
proxmox" and you will see dozens.
     2. It would add a major use case to proxmox.
     3. For me personally, it removes a major pain point of using 
proxmox, which is setting up an LXC to then share resources with to then 
setup a docker image to then share resources with.
         Or using docker directly and tearing my hair out as it 
magically breaks all my proxmox network config.

*Why Podman?*
     1. Easy enough to use.
     2. Packaging. The support in debian is straightforward and won't 
confuse anyone. This means the project won't have to maintain podman 
itself in any way.
     3. Security. Podman needs limited privileges to operate compared to 
docker. This makes it easier to mesh with things such as user accounts.
     4. Interop. It easily goes to/from kubernetes, which can help in 
some enterprise use cases. Also doesn't interact in ways that break 
existing pve config mechanisms.

*What does podman offer an LXC doesn't?*
     1. Easy deployment, you can just pull images that someone prebuilt 
for a purpose, including most docker images.
     2. Directly sharing a host directory (not a whole drive) such as 
single zfs datastore. While achievable in LXC, you have to do a bunch of 
user mapping and the setup is rather involved.

*What drawbacks have I considered?
*1. Using privileged ports in a podman container is a little tricky 
without root. Proxmox mostly runs as root though, so this is really only 
a problem for secondary users.
2. I will take a lot of work to ensure the networking works in a way 
consistent with other networking in proxmox.
3. Increase support burden as users who aren't entirely familiar with 
docker/podman containers ask questions that could be answered through 
research.
4. Some services people might want to run, such as nginx proxy manager, 
are gonna be very hard to use in this way due to number 1.

I am writing to the mailing list before even beginning on this endeavor 
to get several questions answered:

1. Do y'all have any general tips and pointers about navigating and 
working with the proxmox codebase?
2. Where is a good list to grab bugs to get familiar with proxmox 
structure and what functionality is where? I have some hardware, but I 
am not capable of testing stuff like multi-gpu setups.
     I see 
https://bugzilla.proxmox.com/describecomponents.cgi?product=pve but 
there is a lot of components to proxmox. I have a hard time picking a 
spot to start.
3. Are there any major drawbacks to container support that need 
consideration?
4. Are there specific drawbacks to podman that need consideration?
5. Anything else I am overlooking with this idea?

Sincerely,

Raven King

--===============7272848956388337369==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

--===============7272848956388337369==--