Is it recommended to run systemd inside docker container?

Question

I am planning to use 'systemd' inside the container. Based on the articles I have read, it is preferable to limit only one process per container.

But if I configure 'systemd' inside the container, I will end up running many processes.

It would be great to understand the pros and cons of using systemd inside the container before I take any decision.

Answer 1

I'd advise you to avoid systemd in a container if at all possible.

Systemd mounts filesystems, controls several kernel parameters, has its own internal system for capturing process output, configures system swap space, configures huge pages and POSIX message queues, starts an inter-process message bus, starts per-terminal login prompts, and manages a swath of system services. Many of these are things Docker does for you; others are system-level controls that Docker by default prevents (for good reason).

Usually you want a container to do one thing, which occasionally requires multiple coordinating processes, but you usually don't want it to do any of the things systemd does beyond provide the process manager. Since systemd changes so many host-level parameters you often need to run it as --privileged which breaks the Docker isolation, which is usually a bad idea.

As you say in the question, running one "piece" per container is usually considered best. If you can't do this then a light-weight process manager like supervisord that does the very minimum an init process is required to is a better match, both for the Docker and Unix philosophies.