containerd & Lima: Open source alternative to Docker for Mac

Today, the community was shocked by the sudden news that Docker Desktop for Mac/Win is no longer free [-as-in-beer] for “professional use in larger businesses”.

But we have a free, libre, and open source alternative of Docker for Mac: containerd & Lima.

$ brew install lima
$ limactl start
$ lima nerdctl run -it --rm alpine

(NOTE: ARM Mac requires installing a patched version of QEMU, see Lima documentation)

What is containerd? And what is nerdctl?

containerd is an open source container runtime used by several projects including Docker and typical set-up of Kubernetes such as AKS, EKS, and GKE.

As the core scope of the containerd project is limited to non-user facing area, it had been difficult for users to directly interact with containerd.
So, we recently contributed a human-friendly CLI as a non-core subproject of containerd: “nerdctl”.

GitHub - containerd/nerdctl: Docker-compatible CLI for containerd, with support for Compose

The features and the usage of nerdctl are almost identical as Docker CLI, however, nerdctl also supports several cutting-edge features of containerd that are not present in Docker. Such features include, but not limited to, lazy-pulling (stargz) and running encrypted images (ocicrypt).

See my previous blog post in March for the further information.

nerdctl: Docker-compatible CLI for contaiNERD

What is Lima?

Lima (LInux MAchines) launches Linux virtual machines with automatic file sharing, port forwarding, and containerd.

GitHub - lima-vm/lima: Linux virtual machines, on macOS (aka "Linux-on-Mac", "macOS subsystem for…

Lima already gained 3,000 stars on GitHub as of the time of writing (Sep 1, 2021).

https://github.com/lima-vm/lima

We initially created Lima for the sake of promoting containerd and nerdctl to Mac users, however, Lima can be also used for other container engines such as Podman, and even for non-container applications.

The design of Lima is similar to WSL2, but Lima focuses on macOS as the primary target host. Lima currently does not support Windows hosts, but we can consider supporting Windows hosts too if there is a demand.

Technical details of Lima

Here are the technical details of Lima, for those who are interested in:

• Hypervisor: QEMU, with hvf accelerator ( Hypervisor.framework )
• Supported guest OS: Ubuntu (default), Debian, Fedora, Alpine, Arch, and openSUSE
• File sharing (host → guest): “Reverse SSHFS” in the current version, but subject to change in a future version. Probably we will switch to Samba.
• File sharing (guest → host): WebDAV over SSH (experimented in https://github.com/lima-vm/sshwebdav)
• Port forwarding: ssh -L , with an agent process that watches /proc/net/tcp* inside the guest
• Networking: user-mode networking (“slirp”) by default. Advanced networking with vmnet.framework is also supported with sudo and VDE (https://github.com/lima-vm/vde_vmnet)
• Security: designed not to require the root privilege (sudo) on the host, except for optional vmnet.framework support

Quick start

Installing Lima

If you are using an Intel Mac, just run the following brew command, and you are all set.

$ brew install lima

If you are using an ARM Mac, currently you have to install a patched version of QEMU to enable hvf accelerator. The patch will be probably merged into the upstream of QEMU in the near future. See Lima documentation.

Starting Lima

Run limactl start , and press the return key to choose Proceed with the default configuration . Wait for a few minutes until Lima completes downloading and launching the VM image.

$ limactl start
? Creating an instance "default"  [Use arrows to move, type to filter]
> Proceed with the default configuration
  Open an editor to override the configuration
  Exit
...
INFO[0111] READY. Run `lima` to open the shell.

After seeing “READY” output, run lima uname -a to confirm that the VM is now running.

$ lima uname -a
Linux lima-default 5.11.0-31-generic #33-Ubuntu SMP Wed Aug 11 13:19:04 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Building and running a container with `lima nerdctl`

Create ~/lima-test/Dockerfile on the host filesystem with the following content:

FROM nginx
RUN  echo "hello lima" > /usr/share/nginx/html/index.html

Then build an image named lima-test with the following command:

$ lima nerdctl build -t lima-test ~/lima-test

Lima mounts the host home directory into the guest filesystem, so nerdctl inside the guest can access ~/lima-test on the host seamlessly. The home directory is mounted as read-only by default for safety, but can be also mounted as read/write mode, by modifying the config at the time of running limactl start .

The lima-test image can be started with the following command:

$ lima nerdctl run -d -p 127.0.0.1:8080:80 lima-test

Lima automatically maps 127.0.0.1:8080 of the guest VM (which is mapped to the port 80 of the container) to 127.0.0.1:8080 of the host, so you can just click this http://127.0.0.1:8080 link via Safari to access the lima-test container.

Accessing http://127.0.0.1:8080 of the guest VM via Safari

Rancher Desktop & GUI

Lima is already adopted by Rancher Desktop to run k3s on macOS.

GitHub - rancher-sandbox/rancher-desktop: Kubernetes and container management to the desktop

Just double-click the dmg, and drag the app icon into the Applications folder

While Lima and nerdctl themselves do not have the GUI control panel currently, Rancher Desktop already provides cool GUI using Electron.

Rancher Desktop GUI (v0.4.1)

Rancher Desktop running Lima under the hood

Future upstream version of Lima and nerdctl may have the GUI too, depending on the demand (and contribution) from the community.

NTT is hiring!

We NTT are looking for engineers who work in Open Source communities like containerd, Docker/Moby, Kubernetes, and their relevant projects. Visit https://www.rd.ntt/e/sic/recruit/ to see how to join us.

私たちNTTは、containerd 、Docker/Moby、 Kubernetes などのオープンソースコミュニティで共に活動する仲間を募集しています。ぜひ弊社採用情報ページをご覧ください: https://www.rd.ntt/sic/recruit/