I just wonder if there are any practical drawbacks to using OCI images, as they are seemingly easier to make and host (as Docker’s ecosystem is more mature) compared to images created with distrobuilder.
While docker’s ecosystem is more mature, incus’ OCI ecosystem is less mature than that of incus system containers. There are also some differences in what’s expected from an image. For example, it’s expected that a system container is responsible for its network administration while the same is not true for OCI containers. In general, docker or incus administer the network stack for an OCI container. In the end, the underlying technology under incus is to run both system and application (oci) containers as lxc containers.
I don’t see any of those differences as drawbacks. It’s your choice for which you choose to run your workload. Hope I didn’t make any mistake in my understanding though as I’m no expert.
A system container behaves like a virtual machine. You start a system container, install services and keep using until you decide to shutdown and remove. The OCI images are for application containers. An OCI image is targeted to doing one thing, running one application.
Therefore, I would use the terminology of system containers vs application containers. And with Incus you are spoilt for choice. You would use a VM if you need big separation of the workload, a system container if it is OK to go for a lightweight VM and an application container if you have put together the application in an image (or found such a suitable image in the repositories).
2 Likes