A modern Proxmox Docker architecture with disposable VMs, VirtIO-FS, and ZFS state separation

1.2K

•

A modern Proxmox Docker architecture with disposable VMs, VirtIO-FS, and ZFS state separation (du.nkel.dev)

Archive: (broken)

From the post:

>TL;DR The Linux kernel's security model is constantly evolving. In 2026, my Docker-in-LXC nesting became increasingly fragile and needed a replacement. Here I describe a state of the art architecture for Proxmox. The post outlines deploying lightweight VMs via cloud-init linked clones, isolating services in rootless Docker namespaces, and using VirtIO-FS with native VFS idmapped mounts for ressource efficient ZFS storage passthrough.

Archive: (broken) From the post: >>TL;DR The Linux kernel's security model is constantly evolving. In 2026, my Docker-in-LXC nesting became increasingly fragile and needed a replacement. Here I describe a state of the art architecture for Proxmox. The post outlines deploying lightweight VMs via cloud-init linked clones, isolating services in rootless Docker namespaces, and using VirtIO-FS with native VFS idmapped mounts for ressource efficient ZFS storage passthrough.

Be the first to comment!

Login or register