Comment by 3abiton

3 days ago

I am curious performance wise about the performance difference between podman and incus. I found incus to be also extremly flexible.

5 comments

3abiton

Reply
seabrookmx  3 days ago

They both utilize all the linux c-group magic to containerize. So performance is roughly the same.

Incus is an LXD fork, and focuses on "system" containers. You basically get a full distro, complete with systemd, sshd, etc. etc. so it is easy to replace a VM with one of these.

podman and docker are focused on OCI containers which typically run a single application (think webserver, database, etc).

I actually use them together. My host machine runs both docker and incus. Docker runs my home server utilities (syncthing, vaultwarden, etc) and Incus runs a system container with my development environment in it. I have nested c-groups enabled so that incus container actually runs another copy of docker _within itself_ for all my development needs (redis, postgres, etc).

What's nice about this is that the development environment can easily be backed up, or completely nuked without affecting my host. I use VS Code remote SSH to develop in it.

The host typically uses < 10GB RAM with all this stuff running.. about half what it did when I was using KVM instead of Incus.

  • shellwizard  3 days ago

    If you use the non LTS branch of incus it supports OCI containers. Have you tried that instead of running docker inside of a LXC container?

    • seabrookmx  2 days ago

      That feature might be able to replace my docker usage on the host, so I don't need it and incus side by side. Which would be pretty neat.

      Within the incus dev environment container though I'm pretty sure I want to keep docker, as I have a lot of tooling that expects it for better or worse (docker compose especially). It also doesn't appear incus integrates buildkit etc. so even if I used it here, I'd still need something else to _build_ OCI images.

esseph  3 days ago

These seem like two very different stacks designed to solve quite different problems (incus v podman)

lotharcable  2 days ago

If you are using podman "rootless" mode prior to 5.3 then typically you are going to be using the rootless networking, which is based around slirp4netns.

That is going to be slower and limited compared to rootful solutions like incus. The easy work around is to use 'host' networking.

If you are using rootful podman then normal Linux network stack gets used.

Otherwise they are all going to execute at native speed since they all use the same Linux facilities for creating containers.

Note that from Podman 5.3 (Nov 24) and newer they switched to "pasta" networking for rootless containers. Which is a lot better, performance wise.

edit:

There are various other tricks you can use for improving podman "rootless" networking, like using systemd socket activation. This way if you want to host services this way you can setup a reverse proxy and such things that runs at native speeds.