[mberning]

The container landscape is getting crowded. As a person who just wants to get things done with containers it’s not immediately obvious where I should be focusing my efforts due to the proliferation of “container solutions”. It seems especially bad on the mac right now.

[qbasic_forever]

Colima is all you need now, it's basically a drop in replacement for docker desktop. There are actually very few container runtime engines (containerd and runc are the big ones) and all the tools you read about just wrap that lower level container runtime. They're all the same when you get down to it and just have different opinions about config, networking and storage.

[idontwantthis]

Every tool says its the same but they aren't. You'll eventually run into some issue that wouldn't have happened on Docker, and as soon as a dev spends two hours on it you've paid more than you would have paid for a Docker Desktop license for that dev for the year.

[nickcox]

To be fair, you'll run into issues with Docker Desktop too though. I've found Rancher Desktop to be as reliable or better than Docker for my needs.

[nextos]

Why not using Nix? No container needed, so it's much simpler, and the software selection for aarch64 (i.e. M1) is enormous.

[behnamoh]

Doesn't NixOS require reboot after each software install? I don't remember the last time I restarted my Mac or even PC.

[geofft]

I believe NixOS does not (there's a "nixos-rebuild switch" command that sounds vaguely like it requires a reboot, and NixOS does aim for declarative confgs, but it knows how to restart services etc. without rebooting your whole machine - see chapter 3 of the NixOS manual: https://nixos.org/manual/nixos/stable/index.html#sec-changin...)

But the proposal here isn't about running NixOS as your OS, since we're talking about macOS. It's about using Nix as an additional package/environment manager on top of another OS/kernel, in this case macOS, though of course Linux is well-supported too.

Each file in Nix is stored in a path that's computed based on the hash of the relevant source code, and depends on other files (e.g., libraries) via their hash-based paths, too. So you can straightforwardly have multiple execution environments with their own dependencies that don't interfere. It's an alternative solution to the dependency problem: containers leave paths alone, but create a new root filesystem for each container. Nix programs all share one root filesystem, but modify the paths so nothing uses e.g. /usr/bin or /usr/lib.

Precisely because Nix binaries isolate themselves from /usr and carry their own dependencies, the Nix packaging repo "nixpkgs" can be used on any Linux machine, not just NixOS ones. And the Nix folks also build nixpkgs for macOS, so most software in nixpkgs can be installed on a macOS machine too. This gets you a solution to the dependency problem on macOS itself (because there are no Linux-style containers on macOS). If you want, it also gets you a relatively consistent dev environment for applications that will be eventually deployed on Linux: although the kernel is different and of course the binaries are compiled for different kernels, the entire userspace can be the same on macOS and Linux.

[nextos]

I mean Nix on a Mac, as a package manager, not full NixOS. Linux is still not totally ready on M1 machines.

And of course it does not require a reboot.

[e44858]

No

[evol262]

`containerd` invokes `runc` (and `docker` can also invoke `containerd` via its API, which then invokes `runc`). The "lower level container runtime" is cgroups and various kernel namespaces (primarily process and network, but some others are included). There's no magic there.

They are not all the same when you get down to it, though. The "different opinions" about how to plumb traffic back out from a container (DNAT/SNAT via a bridge, macvlan, whether using a CNI directly is supported), whether a service/daemon should be the primary entrypoint (docker, containerd) or whether it's optional (podman), whether they speak to runc at all (containerd/docker yes, podman defaults to crun, kata is also an option, and others), what kind of storage overlays and plugins are allowed, etc are more than "opinions".

The devil is in the details. Colima is "basically a drop in replacement for docket desktop" under the assumption that you aren't doing anything very complex with Docker. In particular, complex networking is likely to fail/explode.

[MrBuddyCasino]

I recently switched from Docker Desktop to Rancher and it seems to not slow down my Mac so much.

Does Colima work with Docker Compose?

[rollcat]

Compose is a layer on top of the Docker client/API, so the container runtime provider shouldn't matter, I guess as long as there's a real dockerd under the hood, and modulo any bugs.

[MrBuddyCasino]

Rancher lets you choose between dockerd and moby. Does that mean Colima also uses dockerd?

[idontwantthis]

I think you'd need a particular reason to not use Docker.

[jlokier]

Last time I tried using Docker Desktop on my MBP (x86), the reason to not use Docker was that it was excruciatingly slow for the test suite I had to run in it, compared with Docker on Linux.

I abandoned Docker on the Mac because of that, and haven't touched it since. That was early 2021; maybe it's faster now.

[deergomoo]

It’s the cross-OS filesystem stuff that always killed it on Docker for Mac (and to a lesser extent Docker for Windows).

I believe improvements have been made, but a lot of people these days check out their code directly in the container rather than using bind mounts, leveraging the fact that a lot of editors/IDEs now will interface directly with the containers.

[idontwantthis]

That’s been massively improved with VirtioFS. I work with mounted code and I agree it wouldn’t be possible without it.

[asah]

Docker Mac m1 is my daily driver. Painless performance.

But... watch out for software compatibility: m1/m2 requires recompiling from source which is painless... when it works. I recently needed syslinux and had to move to x86 cloud instance. Fortunately, docker made that easy.

[_8j50]

It takes more time and effort than just running the damn script! Is that not good enough?

I mean I want to use containers but on top of setting up the host, they require composing containers (even when ready made for customizations), networking, logging and fight for more memory when using memory hungry stuff in conjunction (like elastic or other db).

If my main job was devops, I suppose I would make myself more valuable by doing everything in containers but when I deploy an app it is because I have to on top of many other duties so being able to not only setup but troubleshoot and fix outages quickly is most important (and I hope a full time devops person, if I ever get one) will help me migrate all that some day so it looks nice and neat.

[idontwantthis]

If you don't want to use containers at all then that's a different question than the one I I was responding to.

[_8j50]

Fair enough.

[sneak]

Docker Desktop is:

- spyware (transmits private data off your machine without consent when it crashes, which it does a lot)

- nonfree software

- has a git repo so you don't notice it's nonfree software

[antihero]

Does docker support true x86_64 emulation on arm64 hosts?

[idontwantthis]

No, and that’s a pretty good reason to not use it if you really need that.

What can you use to do that?

[antihero]

Currently using straight up lima and software emulation. It’s slow but it just about works.

I think there’s stuff that uses it under the hood like colima and rancher.

Basically the issue is that quite a lot of software is amd64 only and they haven’t cross complied binary layers for arm64.

So for local development you have to emulate.

It’s a shame there’s not a way to leverage rosetta2 really.

[ta988]

There is, it works wonderfully well but you have to do a lot of things manually for now.

[happymellon]

I thought that was a limitation that Apple put in place.

You can either run an alternative architecture or an alternative OS. Running MacOS software for x86 is running through an interpreter.

If you want to run x86 Linux software, then MacOS on Arm is just one too many steps away.

[xmonkee]

I do have a particular reason - memory use. I am running postgres and redis locally for dev work, but I would love to use Docker so that I can standardize it for my team, but it just takes up to much ram on m1.

[idontwantthis]

I don't mean to sound flippant, but that sounds like you're using a computer for business that can't handle the work you are trying to do. If 32/64GB isn't enough memory then yeah, I guess you need something else, but if your machine has less than that then it sounds like you need to buy the right computer for the job.

Also, are you using AMD or ARM images for those?

[sqlcommando]

I dunno about the m1 aspect of this but postgres and redis for typical dev work shouldn't require more than a gigabyte or two of RAM when running together. 32-64GB is more like heavy traffic enterprise DB territory...

[dijit]

guess the parent is annoyed at spending 2-3GiB of ram on the VM itself.

even if the containers themselves only use 128MiB total: the VM will cordon off everything it's told to; which most people are unlikely to change until there's an issue, and is configurable down to 1GiB as a minimum.

FWIW Docker Desktop on my machine (M2 Macbook Air; 24GiB Ram) defaulted to using 8GiB of RAM.

[rch]

They're also trivial to install without virtualization. Postgres has been one of the first things I install on a new laptop for over a decade now.

[happymellon]

Also, stop using a Mac if they aren't suitable for your usecase. There are just so many layers of emulation for this, it's an absolute waste of resources.

[thunky]

This is the right answer.

Scratching my head as to why devs are buying up these new macs knowing up front that they will not work well for the job they were bought for.

Why not make it easier for yourself and have your dev machine match up with prod?

[machiaweliczny]

You can setup how much ram is allowed in docker. Generally software will use as much as you allow (especially DB)

[pmontra]

Your team might want to use asdf https://github.com/asdf-vm/asdf to run multiple native versions of PostgreSQL and Redis in parallel. Even with one project you might have multiple versions of those tools in different releases of the project. You standardize by using a .tool-versions file. I've been using that for a team targeting Linux and developing on Ubuntu, Mac and WSL (or was that an Ubuntu VM in Windows?)

[vineyardmike]

Many companies run dev work in a dedicated cloud VM.. incl well known companies like Google or Amazon.

You can run a constant VM with 2/4/8/128gb of ram or whatever you need. I use one at work for years and I think mine is 16gb of ram and it’s way over provisioned most of the time. Unlike how you might expect, treat the cloud vm like a work laptop not a production service. Let people write scripts that stay there, let people keep it on 24/7, available on demand, etc. It’s a cloud laptop not a production VM.

[Lio]

Depending on your workloads that sounds like a very expensive way to do development compared to just having a dedicated but efficiently set up work laptop.

Even giving people a headless Intel NUC to connect their laptops too would be way, way cheaper (assuming you're just doing development).

[vineyardmike]

Where I work, they used to give you desktop computers (pre Covid) for the workstation purpose, but post-covid they just provision a VM for you. Honestly, its probably cheaper in short-term and only mildly more expensive long term. No real IT work needed (since <cloud provider> handles the hardware), and automatic upgrades if more ram/GPU/etc is needed. Even a really big VM ($80/m) wouldn’t be crazy compared to the logistics of managing/storing/powering/networking a bunch of desktops across an office.

[robertlagrant]

This is what I wonder. A powerful local laptop is so useful - instant feedback; works on the train or any other offline/low-connectivity setting; the only engineer you need looking after it really is the one who has it.

Having said that, cloud development means you don't need big capex orders for laptops all the time, and it's probably easier to secure.

[ehutch79]

I use a 16gb m1 air. I'm running docker desktop with mysql, redis, 2 containers doing python, a node container and an nginx container. I'm not noticing any impact on performance. MS Teams hurts more to run. Though I have adjusted the resources docker uses.

[epgui]

I never understand the "docker takes up too much space/ram" objection. Isn't that configurable/manageable even from the GUI?

[davewritescode]

Colima or Rancher Desktop seem to be what most developers at my place of work have coalesced around these days.

Colima is a little but lower level but works very well. Rancher Desktop had some struggles a while back but most of the developers who are new to the company seem to be using it for local kubernetes.

[perryizgr8]

Just use docker. It always works well enough and there is tons of support available online for any conceivable situation you might find yourself in.

[throwme_123]

Title says "on macOS".

That's the key part: Your positive experience is with PCs running linux I guess.

[spyremeown]

I know this is a stupid argument from my part, but I see this enormous effort to use tools that work really really well on Linux, but on a Mac. Why not just use Linux and save yourself the effort, performance overheads and whatnot? 99% of the time the loads are being deployed on Linux servers, why not use it in the workstation as well? Is it worth JUST for the hardware?

[throwme_123]

Replying here also for the other comments.

Imho Mac hardware, especially with M1/M2 is the best value for money one can buy right now. Performance is outstanding, coupled with all day battery life. Build is also super premium including the keyboard now. I tried Lenovo X1, Dell XPS 13 which are supposedly the best PC laptops and found them way inferior... and more expensive!

Regarding macOS, I completely understand that some people like it, some don't. But we all want good tools on that hardware :)

[heurisko]

Mac seems to offer a more similar experience to Windows when it comes to corporate remote administration.

So Macs are what corporate provides to developers.

[cpach]

The hardware is great, but it’s not just the hardware.

There are also some pretty good apps for macOS that just aren’t available on Linux.

And then some of us really enjoy the desktop experience of macOS.

When I need Linux tools they are easy to access via Lima. (One could also use Parallels or VirtualBox, but IMHO Lima is far more ergonomic.)

[quonn]

It works well on a mac. Only arm64 is a challenge.

[porker]

But do any of these alternatives perform better on macOS? Under the hood they end up using the same underlying technologies, so there shouldn't be much performance difference between them.

[syntaxing]

Dockerfile + Docker compose is the way to go. With Portainer, you'll be up and running in less than 30 min.