With unprivileged containers we have sometime to map namespace id’s from host to containers to access mounts (https://github.com/lxc/lxd/blob/master/doc/userns-idmap.md), that means also setting subuid and subgid on lxd, and restart it.
Doing a restart make all containers restart too. Is there a way to prevent this?
So it depends, for the snap you can do systemctl reload snap.lxd.daemon but then again the snap doesn’t actually use /etc/subuid and /etc/subgid so that shouldn’t be needed in the first place.
For the deb, you can normally do systemctl restart lxd which shouldn’t impact running containers.
systemctl restart snap.lxd.daemon will restart all containers. systemctl reload snap.lxd.daemon only restarts the daemon/API.
For a certificate change, you definitely only need a systemctl reload.
The main catch is that reload isn’t instantaneous. The command will return immediately but LXD will only perform the reload once current API clients are all disconnected.
So if you have an existing lxc exec or similar command running, it can take up to 5 minutes for LXD to give up on it and disconnect it then reload.