Hello everyone, I’m Zhang Jintao.

Docker Inc. (Docker) has suddenly changed its pricing and strategy. Docker Desktop for Mac/Win is no longer free for individuals in large enterprises.

As for the terms involved in this news, it will not be introduced here. I’m here to introduce containerd & Lima, a free, open source alternative to Docker for Mac.

You just need to execute the following command to quickly experience:

$ brew install lima
$ limactl start
$ lima nerdctl run -it --rm alpine
Copy the code

Note: You will need to install an additional PATCH for QEMU on an Arm Mac, please refer to the Lima documentation.

What is Containerd? What is nerdCTL?

Containerd is an open source container runtime that is used by many projects, including Docker, and many cloud vendor default Kubernetes clusters, such as AKS, EKS, and GKE.

Because the core scope of the Containerd project is limited to non-user-facing areas, it is difficult for users to interact directly with Containerd. So we recently contributed a humanized CLI as a non-core subproject of Containerd: NerdCTL.

Nerdctl has almost the same functionality and usage as the Docker CLI, but nerdctl also supports several cutting-edge features of Containerd that do not exist in Docker. Such capabilities include but are not limited to lazy pull (STARGZ) and running encrypted images (Ocicrypt).

Nerdctl: Docker-compatible CLI for contaiNERD nerdctl: Docker-compatible CLI for contaiNERD

What is Lima?

Lima (Linux MAchines) can start Linux virtual MAchines with automatic file sharing, port forwarding, and containerd.

Lima has 3k Star on GitHub as of September 1, 2021.

We originally created Lima to promote Containerd and NerdCTL to Mac users, but Lima can also be used with other container engines, such as Podman and even non-containerized applications.

Lima’s design is similar to Windows L2, but Lima uses MacOS as its primary target host. Lima does not currently support Windows hosts, but we can consider supporting Windows if required.

Technical details of Lima

Here are the technical details of Lima:

  • Management program: QEMU, withhvf(Hypervisor.framework) accelerator;
  • Guest operating systems: Ubuntu (default), Debian, Fedora, Alpine, Arch, and openSUSE;
  • File sharing (host->guset) : the current version uses “Reverse SSHFS”, which may change in the future and may switch to Samba;
  • Guset ->host: WebDAV over SSH (at github.com/lima-vm/ssh… Medium experiment);
  • Port forwarding:ssh -LThere is an Agent process listening on guest/proc/net/tcp*
  • Network: SliRP is used in user space by default. It is also supported through Sudo and VDEvmnet.frameworkFor advanced network configuration, seeGithub.com/lima-vm/vde… ;
  • Security: It is not required by design to use root privileges on the host, except optionalvmnet.frameworkSupport;

Quick start

Install the Lima

If you are using An Intel Mac, just run the following brew command:

$ brew install lima
Copy the code

If you are using an Arm Mac (M1), you currently need to install a path version of QUME to enable HVF acceleration, and this patch may be incorporated upstream to QUME in the near future. Please refer to the Lima documentation

Start the Lima

Run limactl start and press Enter to select Proceed with the Default Configuration. After a few minutes, Lima will automatically download the VM image and start the VM.

$ limactl start
? Creating an instance "default"  [Use arrows to move, type to filter]
> Proceed with the default configuration
  Open an editor to override the configuration
  Exit
...
INFO[0111] READY. Run `lima` to open the shell.
Copy the code

After seeing the READY output, run Lima uname -a to confirm that the virtual machine is already running.

$Lima uname -a Linux lima-default 5.11.0-31-generic#33-Ubuntu SMP Wed Aug 11 13:19:04 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Copy the code

uselima nerdctlBuild and run a container

Create a file ~/lima-test/Dockerfile on the host and write the following:

FROM nginx
RUN  echo "hello lima" > /usr/share/nginx/html/index.html
Copy the code

Then use the following command to build a container image named lima-test:

$ lima nerdctl build -t lima-test ~/lima-test
Copy the code

Lima mounts the host’s home directory to the guest file system, so nerdctl in guest can seamlessly access the ~/ Lima-test directory on the host. For security purposes, the home directory is mounted read-only by default, but it can also be mounted in read-write mode by modifying the configuration when executing limactl start.

You can run the following command to start the lima-test image:

$Lima nerdctl run -d -p 127.0.0.1:8080:80 lima-testCopy the code

The Lima file maps the guest VM address 127.0.0.1:8080 that has been mapped to port 80 in the container to 127.0.0.1:8080 on the host. So you can access the Lima-test container directly by opening http://127.0.0.1:8080/ in Safari.

Rancher Desktop & GUI

Rancher Desktop has been adapted with Lima to run K3S on macOS. (I wrote about this project in K8S Ecology Weekly.)

Although Lima and Nerdctl do not currently include a GUI control surface, Rancher Desktop has provided a cool GUI using Electron.

In the future, upstream Lima and NerdCTL may also have their own GUIs, depending on demand (and contributions) from the community.

Original address: medium.com/nttlabs/con… Translated with authorization from original author Akihiro Suda

Please feel free to subscribe to my official account [MoeLove]