FWWI, we did evaluate and benchmark microVMs back in 2020. Back then it was not really seen worth it the maintenance cost compared to what it brought to the table, but it makes sense to re-evaluate that again soonish; with native dynamic load balancing and affinity rules (and further orchestration improvements being lined up) they might be better leveraged today.
Oh, and mailing lists are a bliss to use compared to (barely loading) forges, at least to me and especially with public inbox and tools like b4 and lei for patch review, management and applying. For the sending side it's basically a git send-email command to pve-devel@list.proxmox.com, see https://git-send-email.io for a simple tutorial.
show comments
wereHamster
I was just looking into microvm (via microvm.nix) to isolate coding agents. While the machine starts quickly, as in the article, the userspace (nixos) takes much longer. I'd probably need to spend some time to strip the system of all non-essential services. I also briefly considered running the agent harness as PID 0. That would speed things up, but also mean a lot of responsibility on my end. My biggest struggle is how to imperatively manage agent microvms on nixos. microvm.nix isn't really well suited for that task. For longer-running VMs, that I can manage via my nixos config, I'm quite happy with microvm.nix. Related article by Michael Stapelberg: https://michael.stapelberg.ch/posts/2026-02-01-coding-agent-...
alexellisuk
This is clever work, especially given that Proxmox is already a very viable VMware replacement and wasn’t originally designed around microVMs as the primary abstraction. I’m glad this is working well for you.
We’ve been on a similar journey, but came at it from the opposite direction. We started SlicerVM in 2022 after seeing how slow Multipass felt when launching more than one Linux VM, even though it is relatively lean. Tearing them down was slower.. we made it seconds either way for a 30 node cluster and kept it internal until August last year.
With Slicer, microVMs are the native primitive: API launch, guest-agent exec/shell/cp/forward workflows, isolated networking, and agent sandboxes are built into the control plane.
That was not our first use case. Back then we were standing up Kubernetes clusters quickly for OpenFaaS e2e testing and customer scale-out support across multiple machines. The agent/sandbox workflows came naturally after that.
We do see people come over from Proxmox when they want something more directly driven from code, especially with a deeper guest-agent model: exec, file copy, port forwarding, fs watches, etc. When you string it all together it becomes very powerful and what we've gradually dogfooded for our code review bot that started out by using SSH/SFTP to completely native SDK (Go/TS).
One thing I’d separate in the benchmarks is in-guest boot time vs. actual time-to-interactive/useful. For agent-style workloads, the number that tends to matter is: API request made -> VM created/cloned -> network policy applied -> guest agent reachable -> exec/shell/cp/forward works. Snapshot cloning, network device setup, and control-plane readiness all show up there.
TTI can also be moved around depending on tradeoffs: no real init system, snapshot resume, CrosVM-style lower-level primitives, or a VMM built for one narrow job. We use systemd in the guest, so we’re intentionally carrying some weight there.
I also liked that you retained module support for Docker. Supporting Docker, Kubernetes-ish workloads, and eBPF tends to add a lot of useful weight back in.
There’s room for several tools here. The space is moving quickly, and I’m looking forward to seeing which approaches consolidate.
If folks are looking to scratch that microVM, or programmable / bash / agent / SDK driven primitive, you're welcome to check us out and join the Discord.
show comments
mtron_
< 300ms boot with HW isolation sounds very nice but the pve-daemon patching approach is risky and might break at every eye-blink.
apitman
My favorite microVM discovery recently has been tools built around libkrun. See smolvm[0].
The killer feature still missing from microVMs for me is the ability to enable CUDA support without passing through the entire GPU. vfio is just too much of a pain and too limiting. Sometimes I want to use my GPU on the host. Vulkan works fairly well with virtio-gpu and Venus, but I need CUDA. Venus is also still missing some important things like accelerated video encoding.
I’ve also been wanting a setup like this but don’t have to courage to use pve-microvm. First class microVM support would be very nice.
tobwen
Thanks for the write-up, I like the integration in the Proxmox VE environment.
Given some similarities, I’d like to briefly mention `krun` here. Although it’s an OCI-compatible container runtime, it uses MicroVMs with a similar approach. Perhaps we can exchange ideas here? I recall that GPU passthrough is also a recurring topic there.
Am I understanding the ballooning part right that this doesn't allocate all of the VM memory from the host until it's needed, and releases memory automatically when it's not needed anymore? So you can overprovision memory with multiple guests as long as the guests aren't using the memory at the same time?
show comments
dobin
Wow thats pretty cool. Even with plan9 images!
I would love to use this in production, but dont know how much it can break things. Proxmox should just implement this in mainline.
fransje26
Not running a Proxmox system, would it be possible to setup something similar directly with QEMU?
LorenDB
One of my Proxmox hosts is glacially slow at running VMs. (Dell R520; I have a same-generation server that is fine at VMs, so not sure what the root cause is). I wonder if this would help performance.
mkesper
Tangentially, in theory, k3s + kubevirt + microvms sounds like the optimal combination for lightweight but isolated deployment.
Does anyone have experience with that?
show comments
j45
I'm curious if there's more than one way to achieve this.
Creating a single VM, with vm within vm (performance hit would be negligible for the orchestration work of agents), and it might offer some alternatives without having to customize Proxmox as much?
FWWI, we did evaluate and benchmark microVMs back in 2020. Back then it was not really seen worth it the maintenance cost compared to what it brought to the table, but it makes sense to re-evaluate that again soonish; with native dynamic load balancing and affinity rules (and further orchestration improvements being lined up) they might be better leveraged today.
Oh, and mailing lists are a bliss to use compared to (barely loading) forges, at least to me and especially with public inbox and tools like b4 and lei for patch review, management and applying. For the sending side it's basically a git send-email command to pve-devel@list.proxmox.com, see https://git-send-email.io for a simple tutorial.
I was just looking into microvm (via microvm.nix) to isolate coding agents. While the machine starts quickly, as in the article, the userspace (nixos) takes much longer. I'd probably need to spend some time to strip the system of all non-essential services. I also briefly considered running the agent harness as PID 0. That would speed things up, but also mean a lot of responsibility on my end. My biggest struggle is how to imperatively manage agent microvms on nixos. microvm.nix isn't really well suited for that task. For longer-running VMs, that I can manage via my nixos config, I'm quite happy with microvm.nix. Related article by Michael Stapelberg: https://michael.stapelberg.ch/posts/2026-02-01-coding-agent-...
This is clever work, especially given that Proxmox is already a very viable VMware replacement and wasn’t originally designed around microVMs as the primary abstraction. I’m glad this is working well for you.
We’ve been on a similar journey, but came at it from the opposite direction. We started SlicerVM in 2022 after seeing how slow Multipass felt when launching more than one Linux VM, even though it is relatively lean. Tearing them down was slower.. we made it seconds either way for a 30 node cluster and kept it internal until August last year.
With Slicer, microVMs are the native primitive: API launch, guest-agent exec/shell/cp/forward workflows, isolated networking, and agent sandboxes are built into the control plane.
That was not our first use case. Back then we were standing up Kubernetes clusters quickly for OpenFaaS e2e testing and customer scale-out support across multiple machines. The agent/sandbox workflows came naturally after that.
We do see people come over from Proxmox when they want something more directly driven from code, especially with a deeper guest-agent model: exec, file copy, port forwarding, fs watches, etc. When you string it all together it becomes very powerful and what we've gradually dogfooded for our code review bot that started out by using SSH/SFTP to completely native SDK (Go/TS).
One thing I’d separate in the benchmarks is in-guest boot time vs. actual time-to-interactive/useful. For agent-style workloads, the number that tends to matter is: API request made -> VM created/cloned -> network policy applied -> guest agent reachable -> exec/shell/cp/forward works. Snapshot cloning, network device setup, and control-plane readiness all show up there.
TTI can also be moved around depending on tradeoffs: no real init system, snapshot resume, CrosVM-style lower-level primitives, or a VMM built for one narrow job. We use systemd in the guest, so we’re intentionally carrying some weight there.
I also liked that you retained module support for Docker. Supporting Docker, Kubernetes-ish workloads, and eBPF tends to add a lot of useful weight back in.
There’s room for several tools here. The space is moving quickly, and I’m looking forward to seeing which approaches consolidate.
If folks are looking to scratch that microVM, or programmable / bash / agent / SDK driven primitive, you're welcome to check us out and join the Discord.
< 300ms boot with HW isolation sounds very nice but the pve-daemon patching approach is risky and might break at every eye-blink.
My favorite microVM discovery recently has been tools built around libkrun. See smolvm[0].
The killer feature still missing from microVMs for me is the ability to enable CUDA support without passing through the entire GPU. vfio is just too much of a pain and too limiting. Sometimes I want to use my GPU on the host. Vulkan works fairly well with virtio-gpu and Venus, but I need CUDA. Venus is also still missing some important things like accelerated video encoding.
[0]: https://smolmachines.com/
proxmox has been great although it comes with a learning curve
back when I used to use cursor I build this mcp but it should work for codex or claude
it lets me easily spin up vms with specs
its tough to create boxes now due to ram prices but got mine at a great time when it was very cheap; i just wish i had bought more then
https://github.com/agentify-sh/cursor-proxmox-mcp
I see Proxmox blog post I upvote.
I’ve also been wanting a setup like this but don’t have to courage to use pve-microvm. First class microVM support would be very nice.
Thanks for the write-up, I like the integration in the Proxmox VE environment.
Given some similarities, I’d like to briefly mention `krun` here. Although it’s an OCI-compatible container runtime, it uses MicroVMs with a similar approach. Perhaps we can exchange ideas here? I recall that GPU passthrough is also a recurring topic there.
https://github.com/containers/crun/blob/main/krun.1.md
Am I understanding the ballooning part right that this doesn't allocate all of the VM memory from the host until it's needed, and releases memory automatically when it's not needed anymore? So you can overprovision memory with multiple guests as long as the guests aren't using the memory at the same time?
Wow thats pretty cool. Even with plan9 images!
I would love to use this in production, but dont know how much it can break things. Proxmox should just implement this in mainline.
Not running a Proxmox system, would it be possible to setup something similar directly with QEMU?
One of my Proxmox hosts is glacially slow at running VMs. (Dell R520; I have a same-generation server that is fine at VMs, so not sure what the root cause is). I wonder if this would help performance.
Tangentially, in theory, k3s + kubevirt + microvms sounds like the optimal combination for lightweight but isolated deployment. Does anyone have experience with that?
I'm curious if there's more than one way to achieve this.
Creating a single VM, with vm within vm (performance hit would be negligible for the orchestration work of agents), and it might offer some alternatives without having to customize Proxmox as much?