Today’s Drop focuses on all things containers, and you’ll be glad to hear that I curbed my pun enthusiasm (e.g., no “contain yourself” or shipping references) for the entire issue. I think that warrants a 🍪 indulgence for me, today.

Keen-eyed M-F readers will also notice there are four sections, today, as I’ve included one from the first “Bonus Drop” as promised.

Touring The Container Developer Tooling Landscape

The Drops will be lightly peppered with a few FOSDEM `23 links over the coming weeks, since I spent much of the recent “covid time” plowing through them. I won't be linking to all the talks, but fitting in selected ones where appropriate.

Phil Estes is a Principal Engineer at Amazon Web Services (AWS) working on core container technologies within AWS’ compute organization. He’s also a member of the Open Container Initiative (OCI) Technical Oversight Board and a maintainer of the CNCF containerd container runtime project.

Phil gave a 👍🏽 FOSDEM talk — video / slides — on the landscape of container developer tooling in use today.

It's been almost 10 years since the demonstration of the earliest Docker client. Sure, containers, and container ops were around before the Docker hype machine kicked in. The last 10 years have seen an explosion of tools, integrations, and production services all built on container runtime technologies similar to that early Docker engine project.

Docker engine, and the companion Docker Desktop product are definitely widely used. But, the creation of the OCI standards and the launching of the CNCF has allowed for a wide array of projects that also provide developers tools and capabilities to create, build, and run containers plus interoperate with container registries.

Phil examines the current world of open-source developer tools, including podman, the early containerd clients, nerdctl, and the advent of non-Linux platform support built alongside these tools, such as Rancher Desktop, Lima/colima, Finch, and Podman Desktop.

You'll get some solid deets about each of the container developer tool platforms, what open-source components they are built from, and how to see them in context with the other alternatives in this space.

Phil also covers the similarities and differences of the various bits of tooling, and shows how standards help support interoperability between container ecosystems.

It's one of the best overviews of the modern container space I've seen in quite a while.

A Rosetta (Stone) For Docker

(This section originally appeared in a Bonus Drop.)

One of the downsides of running Docker on Apple Silicon was that, until now, one had to suffer through rebuilding containers to work with the arm64 architecture or some hacky use of QEMU.

Starting in release 4.16.0, users on Apple Silicon running macOS 13 (Ventura) can enable “Rosetta for Linux” for faster emulation of Intel-based images.

You do need to add some command line options to tell Docker you want to use this experimental feature:

docker build --platform linux/amd64 -t super-awesome-image .
docker run --platform linux/amd64 super-awesome-image

I had started to use my home “data science” server for amd64 Docker work, and will likely do so for most of the heavy lifting. It will be very nice, though, not having to (except that I’m now using what’s covered in the last section).

If you provide Docker instructions for things you build or showcase, make sure to provide --platform linux/amd64 guidance for the ever-increasing number of Apple Silicon users out there.

Bitnami ARM Containers

If you have ever done the docker run … dance, chances are that you have used a Bitnami [GH] container.

Bitnami (now owned by VMware) is a library of installers or software packages for web applications and software stacks as well as virtual appliances. They “make it easy to get your favorite open-source software up and running on any platform, including your laptop, Kubernetes and all the major clouds”.

Their container images have a history of being well-built, provide a solid foundation for pretty much anything you can think of building, and have in excess of 200 million monthly pulls just from Docker Hub.

As noted in the previous section, until recently Linux containers have been in a weird place on Apple Silicon Macs. Not all container images had/have arm64 support, making some portion of your favorite container registry unavailable on that architecture.

Macs aren't the only place this has been a tad annoying. Amazon has arm64 Graviton nodes, Azure has arm64 support, as do other hyperscaler

Now, Bitnami has added arm64 support to their entire container catalog, which makes Docker Desktop's Rosetta 2 support a tad less 🎉 and necessary, and also makes it easier for developers and organizations to take advantage of cheaper and (usually) faster processors.

OrbStack

OrbStack [GH] is a relatively new way to deal with containers and lightweight VMs on macOS. I've been in the preview for a few weeks, but those pesky spike proteins have not provided much opportunity to work with it outside some “trivial” workloads. One of those is the use of containers and VMs to test potentially sketchy operations like the way to prevalent copypasta “curl piped to shell” commands. Another is any “docker run” commands I use on the regular (it fully replaces Docker and — so far for me, at least — supports all Docker ops).

OrbStack has (likely temporarily) fully replaced Docker Desktop on my personal Apple Silicon Mac.

Here's their pitch:

• Starts in 2 seconds, optimized networking and disk,

• Low CPU and disk usage, works with less memory, native Swift app.

• Minimal setup, seamless Docker, 2-way CLI integration, file access from Mac and Linux, works with VPNs and editors like VS Code via SSH.

• Run Docker containers, full Linux distros, (Kubernetes coming soon). No admin/root required.

• Network works with IPv6, ICMP, traceroute — you name it.

• No more worrying about disk space or clock drift.

• Git and SSH keys just work with seamless agent forwarding.

Like Docker Desktop and Colima, OrbStack supports x86 runtimes via Rosetta 2.

The container ops space is pretty “crowded”, and OrbStack is macOS-only, which could make it harder for mixed teams to buy into (though the Docker compatibility may make that point moot). Plus, it's either going to be freemium or a fully pay-to-play offering (that's not a judgement call, Docker's lack of a business strategy out of the gate almost killed them as a company). Still, it dropped in seamlessly, is ridiculously fast, and feels way less cumbersome than Docker Desktop-proper.

The devs seemed to be in a bit of a rush to get OrbStack in front of 👀. Their website is scant on documentation, and the pace of updates would make ⚡️ The Flash ⚡️ a bit jealous. If you’re not comfortable bumbling around in an opaque playground, you might want to hold off playing with OrbStack. But, if you do wish to give it a go on your own, hit up their early access form.

Share

FIN

Two months down!

Year progress: ▓▓▓░░░░░░░░░░░░░░░░░ [16%] ☮