Member-only story
DIY Docker: Rolling Your Own Container Runtime With LinuxKit
You most likely already had contact with Docker and Kubernetes. Both are popular in the container ecosystem. Linux and Windows have builtin container engines for them: containerd on Linux and Windows Containers. The Mac does not have a builtin container engine. Containerd on Linux, used by Docker and Kubernetes, is currently the most popular container runtime out there. It’s used by Docker Desktop on macOS, and on Windows as an alternative to Windows Containers. Let’s have a look at some of the insides of the Docker Engine and Kubernetes, and how they manage to run Linux containers with containerd on both macOS, Windows and Linux.
In order to run containers within macOS one usually has to rely on Docker Engine, the service that drives Docker Desktop, and communicate with it through its Unix socket. Something that isn’t possible when a Mac app is sandboxed. Sandboxing Mac apps is a requirement for publishing it in the Mac App Store. A very reasonable security concept introduced by Apple. An alternative to the Unix socket is to communicate with the Docker Engine over TCP which currently requires socat on the Mac. Docker Desktop for Mac itself is currently not capable of exposing its TCP port 2375.
If you want to run containers inside a self-contained and sandboxed Mac App, you need to “dismantle” Docker and roll your…
