Docker on TrueNAS scale

[NugentS]

Between the two can you elaborate on why you prefer 3 so far?

Because it works properly. Its repeatable (I use portainer and stacks) but docker with compose files would be just as good.

Because it doesn't have a routing bug that points all traffic from a container to the LAN at the default gateway and lets the gateway send it back to the LAN. There are workarounds - but I do not like the bug - it offends me.

I no longer use a VM to run portainer / docker. Why - because the VM essentially dedicated hardware to the job where with jailmaker I have can share access to the host CPU & Memory although as a consequence I have had to limit tdarr to a number of CPU's.

@Kailee71 has the right of it

 

[CJRoss]

Yes, you get a choice of how you network your jails. Mine all get their own individual ip adresses through dhcp. Static is also no problem. I have a seperate physical NIC available for my jails, which I assign no IP to, then create a bridge on that, also without IP, and then the jails connect to that bridge and pull individual IP as mentioned. Works a treat.

To come back to the OP; I also am extremely satisfied with Jailmaker and suggest to try it out. Bung a container on, install docker (or whatever you like), and you're smiling.

You're talking about jails, docker, or jailmaker? I know jails can get their own IP through dhcp as that's what I'm already doing. Docker unfortunately doesn't support this functionality. macvlan won't work with an external dhcp, only an internal docker one.

 

[CJRoss]

Because it works properly. Its repeatable (I use portainer and stacks) but docker with compose files would be just as good.

Because it doesn't have a routing bug that points all traffic from a container to the LAN at the default gateway and lets the gateway send it back to the LAN. There are workarounds - but I do not like the bug - it offends me.

I no longer use a VM to run portainer / docker. Why - because the VM essentially dedicated hardware to the job where with jailmaker I have can share access to the host CPU & Memory although as a consequence I have had to limit tdarr to a number of CPU's.

@Kailee71 has the right of it

What mechanism are you using to do the CPU limitation?

 

[NugentS]

In the stack:

Code:

tdarr:   
  deploy:
      resources:
        limits:
          cpus: "4.0"

 

[NugentS]

You're talking about jails, docker, or jailmaker? I know jails can get their own IP through dhcp as that's what I'm already doing. Docker unfortunately doesn't support this functionality. macvlan won't work with an external dhcp, only an internal docker one.

Yes it does. I am using jailmaker, with portainer and docker. I have a container nginx that I give a specific IP address to on the LAN

Code:

nginx:
    image: jc21/nginx-proxy-manager:latest
    container_name: nginx-proxy
    restart: unless-stopped
    hostname: nginx-proxy
    volumes:
      - /docker-remote/nginx/data:/data
      - /docker-remote/nginx/certs:/etc/letsencrypt
    ports:
      - 80:80
      - 81:81
      - 443:443
    networks:
      macvlan_NET:
        ipv4_address: 192.168.38.200

I can't persuade nginx to work properly - but thats a different issue
There is some portainer setup as well - setting up the macvlan_NET

 

[monovitae]

Because it works properly. Its repeatable (I use portainer and stacks) but docker with compose files would be just as good.

Because it doesn't have a routing bug that points all traffic from a container to the LAN at the default gateway and lets the gateway send it back to the LAN. There are workarounds - but I do not like the bug - it offends me.

I no longer use a VM to run portainer / docker. Why - because the VM essentially dedicated hardware to the job where with jailmaker I have can share access to the host CPU & Memory although as a consequence I have had to limit tdarr to a number of CPU's.

@Kailee71 has the right of it

I've just recently heard of this Jailmaker thing so I'm just beginning my research. Any particular guides or posts i should take a look at to jumpstart my journey?

 

[NugentS]

Not really. Its actually incredibly simple

 

[monovitae]

Not really. Its actually incredibly simple

Ok probably over thinking it. Looks like the documentation is pretty good.

 

[CJRoss]

Yes it does. I am using jailmaker, with portainer and docker. I have a container nginx that I give a specific IP address to on the LAN

Code:

nginx:
    image: jc21/nginx-proxy-manager:latest
    container_name: nginx-proxy
    restart: unless-stopped
    hostname: nginx-proxy
    volumes:
      - /docker-remote/nginx/data:/data
      - /docker-remote/nginx/certs:/etc/letsencrypt
    ports:
      - 80:80
      - 81:81
      - 443:443
    networks:
      macvlan_NET:
        ipv4_address: 192.168.38.200

I can't persuade nginx to work properly - but thats a different issue
There is some portainer setup as well - setting up the macvlan_NET

You didn't listen to what I said. I said you can't use it with external dhcp. I don't want a static IP. I handle all of those through static leases.

 

[FrankWard]

Docker in a VM is probably the best way to go.

This is the best solution, but be aware that I/O intensive apps like Plex may not perform as well. I had major issues with I/O blocking and other annoyances trying to do this with a Debian VM running Plex via Docker. I eventually gave up and ditched Docker via Linux VM and tried it with a Windows VM which has been flawless.

 

[Kailee71]

My plex server runs in an ubuntu jail as a non-docker app (added repo and install/update via apt). Also flawless, probably a bit more lightweight than VM, certainly more flexible in terms of mem/cpu allocation etc. I don't run any docker/k3s/whatever, just straight jails, "with stuff installed there".