LXC vs Docker - What's the best for your website? (bobcares.com)
Lxc is similar to docker but aims more to be an OS container instead of just application containers
LXC containers can execute multiple applications and processes, while Docker containers are restricted to a single application or a service.
So LXC containers can be used to host virtual environments for private hosting, just like how VMs are used.
LXC containers are complete virtualization entities with its own file system. So any data updated in an LXC container, will always be retrievable.
In a Docker container, on the other hand, changes made to the data cannot persist beyond a restart.
As a result, Docker containers are often considered ‘stateless’ and cannot be edited once deployed. LXC, on the other hand, is stateful and stores data.
So, if you want a single container solution to manage data belonging to multiple applications and services, LXC is the ideal choice over Docker.
Designing a Docker system to support multiple applications require complex setup and coding, which is a waste of time, whereas LXC readily provides that feature.
MicroK8s in LXD
MicroK8s can also be installed inside an LXD VM. This is a great way, for
example, to test out clustered MicroK8s without the need for multiple physical
hosts.
Why an LXD virtual machine and not a container? In order to run certain Kubernetes services, the LXD container would need to be a privileged container. While this is possible, it is not the recommended pattern as it allows the root user in the container to be the root user on the host. Also, newer versions of Ubuntu and systemd require operations (such as mounting to the /proc directory) that cannot be safely handled with privileged containers. By using virtual machines, we ensure that the Kubernetes environment remains well isolated.
difference between lxc launch and lxc launch --vm
lxc launch creates a container for lightweight, shared-kernel environments, while lxc launch --vm creates a full virtual machine for enhanced isolation and independent operating system environments.
LXD — A few facts that could be of interest
· it is image based. That is, you start usually by running pre-existing images — like ubuntu, archlinux, centos, etc.
· containers are usually started without privileges — good for security, but things can be tuned
· it uses storage from so called “storage pools”, which can be offered by various backends — directory, lvm, btrfs, zfs, ceph — each with its own list of features and capabilities
·
you can configure networking devices for each container
(device names, mac addresses, bridges, etc).
- can help if you want to get a fixed IP, simulate a specific device, or get an
IP from an external dhcp server
· you can add “proxies" — for example to expose services from the container to the outside — in case you don’t want to use container’s IP
·
you can mount various directories inside it from the
host system
- super useful for development environments!
·
it is structured in 2 parts: the server — which manages the
actual containers, storage, etc, and which offers an API ; and a client for
easy access to all of it.
Because of this separation, you can easily manage containers over the network,
on remote nodes.
· it offers container migrations between nodes, including live migration
· resource allocation control (cpu, memory, etc)
· device passthrough — usb, gpu, block devices, etc
· you do not need ssh server to get access into the container (you run lxc exec [remote/]container)
· you can create ‘profiles’ where you define various commonly used settings, and then attach those to a container. You could have a profile that defines settings to allow more privileges for the container, one that allows to run a program with access to your XServer, one that defines the ethernet device to get its IP from an external DHCP server, etc
When to use — quick list
· you want to learn about Linux but in a safer way
· you need to test a new program before installing it on your machine/server
· you need a constrained or separate development environment(s) for whatever system you are creating
· when hardware resources are low for a full virtual machine (or too low to host many VMs)
· you want to test a new Linux distribution — usually console based
· you need to do Linux package management
· you have to run an application that is made of multiple components, for which a set of docker images and setup do not exist yet or are hard to do
· similar to the one above: you need to run some legacy application(s)
· you need to create a docker container 😃
· you need to have a more complex setup, closer to providing infrastructure services. And maybe even provide them to Docker/Kubernetes — like some storage cluster
· alternative to Virtualbox/Vagrant for development environments
· for hosters — offering their products inside virtual OSes — better Wordpress hosting for example
· offering lightweight virtual Linux systems, in addition to normal VMs, in dedicated cloud management interfaces (OpenNebula, OpenStack)
· running multi-node, multi-version Kubernetes cluster on your local machine
· run Steam games in a more controlled environment — see this