Without aim for completeness, to summarize my learnings. Context is having custom backend software already bundled as Docker (or OCI) images, so far running under Linux using docker-compose (or lately podman-compose). And now exploring a migration path to FreeBSD, with first step as migrating the binaries (instead of actually building on FreeBSD, yet).
About the use of containers and their plumbing-config:
One could say this could be automated (for example, taking the runj project above and adapting it to run Linux containers using Linux mode?), but I tend to believe if one wants to target multiple platforms, the docker-compose level at least is not the right level of abstraction. I prefer to write some higher-level description (what service should be isolated from what else, what should be connected etc), and generate some target-specific realization of that semi-automatically.
About the use of containers and their plumbing-config:
- The containers serve two main purposes: they have the executable binary and all its deps in a self-contained way; also they specify some defaults like environment vars, command-line arguments, exposed ports..
- The docker-compose config then takes the containers to create running instances, and maybe overrides some parameters, bind-mounts (input) data and (persistent) storage directories at the appropriate places, and dictates which instances get placed in which networks (as crude isolated zones).
- As for the binaries and their dependencies part: we can unpack them, put them in a jail under /compat/linux - they will form the Linux userland, and run them using Linux mode.
- As for supplying all the arguments and network isolation - that sounds like the job for the jails setup.
One could say this could be automated (for example, taking the runj project above and adapting it to run Linux containers using Linux mode?), but I tend to believe if one wants to target multiple platforms, the docker-compose level at least is not the right level of abstraction. I prefer to write some higher-level description (what service should be isolated from what else, what should be connected etc), and generate some target-specific realization of that semi-automatically.