Get the top HN stories in your inbox every day.
LooerCell
shad42
Replaced Desktop with `colima` as well few months ago. I've been using it daily since then. I did not have any issue, sometimes I just delete / start a instance to upgrade the docker version, it only takes few minutes.
I like the fact that I decide when I upgrade, not Docker Desktop nagging me every week.
swyx
i wrote a quick howto a while ago for anyone looking to try this out https://www.swyx.io/running-docker-without-docker-desktop
jzelinskie
Looking to convert, but I still can't understand how this is more performant. Docker Desktop has lots of engineering going into performance crossing the host/VM barrier. IIRC lima just pipes over SSH. How could that be faster?
cosmotic
Docker is an electron app which might explain some of the performance and battery differences. The containers don't run in electron but that extra copy of chrome is always running in the background.
russelg
It's quite trivial to have both installed and you can easily switch between Colima and Docker, I think it's worth testing it out.
drcongo
I only use Docker Desktop for one thing - to see if one of my containers has accidentally started itself as amd64 instead of arm64. Sadly Colima doesn't seem to provide a way to do that.
throwawaaarrgh
Best part: it's QEMU so you can choose your CPU architecture and run x86_64 containers on ARM Macs
Hasnep
I've been telling my colleagues with M1 Macs to use the
--platform linux/arm64
ec109685
x86_64 containers on ARM mac are extremely slow.
anentropic
It seems this may get better soon, when they run via Rosetta 2 rather than QEMU(?)
dmix
I found even with ARM Docker containers were already slow as it was.
I also never understood the justification for the added complexity it created, but I also don't have a dedicated ops team at my job to solve my problems.
Art9681
Podman works the same way.
dilyevsky
That works via qemu userspace emulation inside of VM so docker desktop has it too (might need to install qemu binfmt_misc hooks package)
user-
my personal experience. Much earlier this year at work, we migrated everyone to colima and I had to support devs with their issues. So many small issues kept popping up, and was definitely not a drop in replacement for us.
The higher ups eventually let us just buy docker desktop and we are all happier now.
jonwest
Exact same experience here to the point where I wasn’t sure if we worked together haha
onetimeuse1234
Please help me understanding: Why is `brew install docker` not sufficient, why do you also need Colima or Docker Desktop? Is it so that there is a docker _daemon_ installed which `docker` doesn't ship with?
ZiiS
OSX dose not support running docker containers (or vis versa depending on your point of view). Instead you need a VM running Linux. Docker Desktop / Colima runs this VM for you.
undefined
dinosaurdynasty
I assume `brew install docker` just installs the docker CLI/etc, which can run on non-Linux OSes. However the docker daemon can only run on Linux, so something needs to setup a VM for it.
eropple
Homebrew handles this kinda poorly, so people are often confused. `brew install docker` installs the Docker CLI. `brew install --cask docker` installs Docker Desktop, and if you've permanently tapped homebrew-cask you'll get that instead of the Docker CLI.
chisquared
Same. My requirements are very basic, so the switch to colima was basically seamless. I also appreciated being able to avoid Docker Desktop constantly trying to update itself (which is what ultimately motivated me to make the switch).
As a bonus, you can install the Docker CLI (e.g. `brew install --formula docker`) and use that to interact with any containers you start with colima.
twalla
Switched to colima a while back after the licensing debacle and have been mostly happy with it. Only real issue has been with some tools making assumptions about the docker socket location, which was easy to fix in the config file.
vbezhenar
Thanks for sharing. I missed something like that. Docker is too enterprisy to my taste. I'm using VPS with docker right now which works good enough, but no volume mounts is not very nice.
magicpointer
There's also Rancher Desktop in the same space, which includes k3s as a local K8s solution.
For personal use I found it great and lighter than Docker Desktop. At work, unfortunately all options but Docker Desktop have issues with either 1) Our Cisco AnyConnect VPN, or 2) Our authenticated http proxy. Couldn't find anything else providing a container runtime + a local k8s on MacOS that works in this environment. So we just got Docker Desktop licenses.
blibble
> For personal use I found it great and lighter than Docker Desktop.
I don't know what Docker Desktop is doing but on a top end i9 with 128gb of ram it still takes 60 seconds to start
and the UI takes forever to do anything
it makes Teams look responsive
mfer
I user Rancher Desktop on an i9 with 32gb of RAM. Starts in less than a minute. I also have Teams and slack. Sometimes I have over 200 browser tabs open (yes, I have a problem). The UI is responsive pretty quickly.
A lot of delays has to do with starting VMs. You need this for Linux on Mac/Windows.
Disclaimer: I started Rancher Desktop. I might be biased.
alex3305
Last week I switched from Rancher Desktop back to Docker Desktop because I couldn't get VSCode Dev Containers to work properly. I was stumped because it should work out of the box. However it didn't work on a fresh install of Docker Desktop either. Apparently when Rancher Desktop was first released I've installed it and setup a Docker alias in my ~/.zshrc:
alias docker=nerdctl
blibble
raw "wsl --shutdown" followed by "wsl" takes maybe a second tops
andrewaylett
It seems like some folks' idea of "far too many" tabs is significantly lower than my idea of a "normal" number.
Currently at 220 in one window, 350 in another, and eight in a third.
dmix
> Sometimes I have over 200 browser tabs open
This is where those extensions (or native Firefox) is good for auto-sleeping tabs you haven't looked at in the last 10-20min. Saves so much CPU.
anderspitman
Starting a WHPX-accelerated VM with QEMU on Windows takes less than 15 seconds with a minimal init. Is Hyper-V really that much slower?
fuckstick
> I user Rancher Desktop on an i9 with 32gb of RAM. Starts in less than a minute.
This is considered good?
PaulWaldman
Are you on Windows? I believe it is using Hyper-V and running containers in a VM. The loading time is probably how long it takes to start the VM.
giobox
"Docker Desktop" uses a VM for container execution on all supported OSes - Windows, macOS and Linux - default installs are not running "docker" natively at your local CLI if you are using "Docker Desktop" to run docker, even on Linux.
> https://www.docker.com/blog/the-magic-behind-the-scenes-of-d...
> https://docs.docker.com/desktop/install/linux-install/
> https://docs.docker.com/desktop/faqs/linuxfaqs/#what-is-the-...
"Docker Desktop on Linux runs a Virtual Machine (VM) so creates and uses a custom docker context desktop-linux on startup." I had previously assumed it would be native on Linux, but apparently not. To be clear, this only applies when talking about "Docker Desktop" installations - not the same thing as "docker" etc etc.
I also think the performance is pretty bad, and I've used it on all three OSes at one time or another. I simply never install "Docker Desktop" on Linux typically anyway - it adds so little value over a basic native local docker install there.
The only thing I think "Docker Desktop" is really great at is creating FUD regarding using the alternatives or even plain ole free "docker", but that is probably its primary means of generating revenue for the company - I've seen docker desktop licences get deployed everywhere recently, regardless of the merits. So many users I encounter don't even understand the distinction now between docker/docker-desktop, or that there is one.
FireBeyond
Yup. I have a Mac Pro 2019, 12 core Xeon, 192GB, and the Desktop app and VM location reside on a RAID0 M.2 array that can throughput 6GB/s. Still a minute+.
gbraad
You can use wsl-gvproxy(*), which uses our CRC usermode network stack to allow use with VPN. We are working on making this an option for podman machine. Alternatively, or to test, you can use CRC from our crc-org project and run the podman preset. This uses a dedicated VM using native hypervisors and the gvproxy setup.
I am the teamlead of CRC and work on the Windows enablement of podman machine, with the podman desktop team. Gladly take questions here or by email.
(*) also known as wsl-vpnkit
magicpointer
Unfortunately I'm on MacOS and not Windows. But I'll pass this info to my Windows-using colleagues, thanks!
alphalima
I had similar issues with a different VPN/Proxy at an earlier role. I solved with https://github.com/sakai135/wsl-vpnkit and trusting the root certificate of the proxy on the rancher desktop WSL2 vm (Assuming you're on Windows as I was).
Docker desktop pays for itself by solving these issues though IMO (I wasn't able to get a licence at the old role however)
undefined
MrBuddyCasino
I suppose Docker Compose won‘t work with those alternatives?
jchw
Podman works with Docker Compose enough to run stuff I've had to deal with at work and home. I prefer to use the podman-compose script usually, since it does offer some small advantages when using Podman. That said, even with the podman-compose script, I ran into an issue where some syntax somewhere needed to be adjusted for Podman; I can't remember exactly what and I don't have access to the repository to check, but it was a security-related flag, and it was fixed in master at some point, I believe.
Getting Podman to run CUDA/Nvidia workloads was a bit more challenging, but that can also be done.
depereo
Compose works (with caveats, sometimes significant ones) with podman.
Rancher desktop works seamlessly with docker-compose. No issues at all.
Macha
Docker Compose works fine with Rancher Desktop. You can use it with Podman on Linux too, you just need to enable the socket since normally Podman does without - I'd imagine there's some way to enable this on Podman desktop too.
mfer
For Rancher Desktop, Docker Compose works with Rancher Desktop when you choose dockerd (moby). If you choose to use straight containerd (with nerdctl as a CLI) than compose isn't going to work.
matamagu
If you choose to use straight containerd then you can use nerdctl compose too.
sgarland
I ran into this issue[0] when trying to use docker-compose locally, connecting to a Podman VM.
raro11
Docker Desktop for Mac released an experimental file sharing implementation back in March[0]. It made working with Docker bearable.
Does anyone know how well Podman performs on Mac? Especially file sharing.
Edit: A quick Google led me back to this HackerNews comment[1]. Looks like Docker for Mac is faster.
[0] https://www.docker.com/blog/speed-boost-achievement-unlocked...
gbraad
At the moment podman machine on macOS uses Qemu and their filesharing stack. Qemu allowed us to move quickly utilizing the same deployment stategy. However I work on CRC (a related project) and we have a driver based on virtualization framework using virtiofs. We hope to integrate this in `podman machine` soon as it will improve performance. Ideally we want to boot with the kernel and ramdisk provided by the image, though this isn't the case until macOS 13 (which brings EFI support). So, yes... hopefully soon. We just want to make sure we provide a stable and maintainable solution.
gpanders
This is exciting news! Is there an issue or something similar I can subscribe to to track progress?
gbraad
The current driver lives at http://github.com/crc-org/vfkit and is being tested in crc. It would be ideal if you put the request out via an issue https://github.com/containers/podman/issues/new/choose I will follow-up on this. Community feedback will lead to a demand/request as it speaks louder
anderspitman
Do you have a link to that virtiofs implementation?
gbraad
The virtiofs implementation we use is the native one provided by Apple according to our virtiofs spec. https://virtio-fs.gitlab.io/
You can try running https://github.com/crc-org/crc with the podman preset (!) to test it. It would not be exactly the same how podman machine will use it eventually, but might help to give an idea of performance or issues we can improve on. We have seen a lot of users being more than content as it also works in a vpn environment. Note that the CRC tool primarily aims at OpenShift deployment... This is a different preset (resource intensive). Only available as an installer with our tray (sorry about this).
The driver we use is https://github.com/crc-org/vfkit and I am sure Christophe could share a method to just run the VM with our driver. HMU by email if you prefer.
moondev
I have been experimenting with the arm64 windows dev kit, neither docker desktop, podman desktop or rancher desktop had arm64 builds. Installing the amd64 builds did not work either.
I was surprised to find out wsl2 now supports systemd
https://devblogs.microsoft.com/commandline/systemd-support-i...
I was able to install docker normally inside wsl2 and it worked perfectly. No "desktop" app needed. This will be a game changer when it hits GA
gbraad
I work on the Windows enablement team of podman machine andam glad to take question or feature requests.
We are looking into enabling systemd, though as said, this isn't GA yet. The functionality would only work for Win11, so we have to enable a win10 workaround for this (we have), but this has to be based on feature detection.
Arm binaries is being looked at, but can't commit to a timeframe when this will be delivered.
gbraad
Note: the Arm binary I suggest is an rnd to end solution with the WSL2 environment and client binaries.
If you dont mind some tinkering, a fedora Aarch64 container base image can be imported to wsl2 to install podman.
nickjj
I've been running Docker on WSL 2 for a while now, without systemd or Docker Desktop. There's no need to wait for systemd.
You can install Docker following their Linux guide and then in your shell's profile file add:
if grep -q "microsoft" /proc/version &>/dev/null; then
if service docker status 2>&1 | grep -q "is not running"; then
wsl.exe --distribution "${WSL_DISTRO_NAME}" --user root \
--exec /usr/sbin/service docker start >/dev/null 2>&1
fi
fi
JoyrexJ9
Been running Docker under WSL for a few years. Don't need systemd if you're either happy to start it manually with an alias or poke it into one of your profile/logon scripts.
The experience is light-years ahead of the monstrosity that is Docker Desktop
seabrookmx
Thanks for this! I was curious if the windows dev kit would be a good arm64 container build box, but I wasn't sure if getting Docker or buildah etc. on there would be a pain. Sounds like this is totally doable.
florentbenoit
Podman Desktop will release Windows arm64 binaries if there is a demand for it
dboreham
I've been using this approach for some time on my Pro X. I wrote a script to start the docker daemon on first shell startup prior to systemd support.
candiddevmike
The problem with podman at the moment (IMO) is version drift. RHEL/Fedora and friends get the latest and greatest (4), Debian/Ubuntu are stuck on 3.x. This isn't a problem with Docker, which has tight control over what is deployed. This means how you use Podman directly or indirectly via tools and plugins may change.
mbreese
> This isn't a problem with Docker, which has tight control over what is deployed.
That contention is heavily dependent upon how Docker was installed. Docker desktop, yes. Command line Docker on Linux? That used to be much more complicated and depended on if you had an OS vendor provided version or had a Docker provided repo install.
RHEL’s repo version always seemed particularly out of date to me.
rjh29
Yeah, fortunately it's two lines of shell to add Docker's community repo to CentOS/Rocky Linux.
gbraad
The latest version of podman is always available at https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podma...
sudo dnf copr enable rhcontainerbot/podman-next -y
sudo dnf install podman
However the versions provided by the distro have gone through more tests. We are still improving this part as ideally you should be able to pick a version
idoubtit
> The problem with podman at the moment (IMO) is version drift. RHEL/Fedora and friends get the latest and greatest (4), Debian/Ubuntu are stuck on 3.x.
Podman has no control on this. Each Linux distribution deals with packaging in its own way. If this packaging is not to your taste, podman can easily be installed from alternatives sources: unofficial deb packages, or plain binaries.
BTW, podman v4 is in debian/experimental. I don't know why it didn't land into unstable yet.
> This isn't a problem with Docker, which has tight control over what is deployed.
AFAIK, Docker (now Moby) has no control over what is packaged in Debian/Ubuntu (unless the Debian maintainer works for Moby?). If you install Docker from the official Debian repositories, the "docker" package is an alias for "docker.io", which is a version 20.10.19 in debian/unstable. The latest 20.10.21 is not yet packaged by Debian.
tkhattra
a workaround to get the latest and greatest podman on debian/ubuntu is to use opensuse's kubic repo - it's even mentioned on the podman installation page [0]. but they don't recommend it for production use (though i haven't noticed any issues so far on ubuntu 22.04 and 22.10).
gbraad
Latest and greatest we publish on https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podma...
Will check if we need to change the docs.
But your recommendation remains. Better to use the latest release as indicated on the GitHub releases of podman. These have seen more tests and integration use/tests
Alternatively you can run `podman machine` which sets up a VM with the stable version.
florentbenoit
It might be possible to use a Podman machine on Linux as well. ( You may loose performance but could update as soon it's available)
galleywest200
I really tried to use Podman, but I kept running into issues trying to get a rootless deployment on RHEL that used a protected port (53) and it gave me so much trouble that I uninstalled Podman and installed Docker.
Maybe I can try again, but it was frustrating enough to turn me away for a while.
BeefWellington
If you want something as non-root to bind below 1024, there's a sysctl for it.[1]
Docker bypasses this essentially because it uses root privs to set up the port forwarding rules.
[1]: https://www.kernel.org/doc/html/latest/networking/ip-sysctl.... -> ip_unprivileged_port_start
sph
It's not enough in some cases, in a multi container pod (with `podman play kube`) I still got permission issues binding to privileged ports (which were permitted by the sysctl). There was some github issue about it.
In my experience, if you need to bind to < 1024 ports, just run the container as root. Also if you want finer-grained control of host-side permissions of your mounts (i.e. map host uid 1000 to container uid 99). Otherwise rootless is fine.
BeefWellington
Note that that sysctl indicates it's namespace-specific, so it's possible it needs to be set for the application's namespace (maybe as well) via `--sysctl` on the podman command line.
I did a quick test and it works ok for me to bind to low numbered ports just passing that param to podman run.
doublepg23
Running into edge issues and always trying to figure out if it was my container, Podman, or SELinux is making me very close to installing regular docker.
bongobingo1
I want to love SELinux, sounds great, I can see the real value in it. Tried to deploy some containers on an SE system and it would block everything. Ok expected, it actually has great tools for discovering, suggesting and creating rules to poke holes where needed, but it only suggests those things post-facto.
So basically you're left deploying a container and waiting for something to break, then inspecting SE logs and patching rules in (and folding all that back into your ansible or whatever).
Maybe this is OK if its your application and you can dump it on a staging environment and push it through your 100% coverage end to end test suite to capture all requirements, but if its a third party - or maybe your test coverage isn't quite where you want it to be - you're basically walking out on the rope bridge blind.
Not sure there is really a way to solve that. Perhaps it there was a `pledge`/`unveil` like system where all requirements can be discovered up front... Otherwise it felt like yours stuck running in SEDisable or SEPermissive for months collecting data (after every deploy).
Maybe I just missed an obvious route to disable swaths of SELinux for rootless containers - where it probably doesn't have as much of an application.
Sorry Dan Walsh :(
yrro
> Maybe I just missed an obvious route to disable swaths of SELinux for rootless containers
Yeah you can put container_t into permissive mode:
# semanage permissive -a container_t
AVC denials will still be logged but the operations won't be denied.
spinachsalad
> Maybe I just missed an obvious route to disable swaths of SELinux for rootless containers - where it probably doesn't have as much of an application.
podman run --security-opt label=disable
Note: Labeling can be disabled for all containers by setting label=false in the containers.conf(5) file.
But more secure way would be to add ":z" or ":Z" to volume and podman will auto-relabel source dir. Finally you can use nuclear option: "--privileged". It's still more secure than docker's one because you are limited by your user's capabilities.
smcleod
Note: This is quite a big heavy Electron app, if you don't need truly a GUI I'd recommend Colima. https://github.com/abiosoft/colima
matai_kolila
Am I just a dum dum for not getting this to drop-in replace Docker Desktop for my relatively simple projects? Has anyone else experienced the problematic practicalities of switching, or should I just spend a bit more time with it?
hbn
I'm pretty sure the main reason there's a push to move from Docker Desktop now is because earlier this year they started charging larger businesses/teams to use it.
So if you're just using it for yourself you probably don't need to bother
matai_kolila
Oh I'm aware of that, my point is that it isn't the smooth transition folks seem to make it out to be (unless, of course, I'm a dum dum which is possible).
antifa
I tried it in debian/ubuntu and it didn't work at all, but I got the vibe the tool was maintained by non-debian using individuals.
AnonCoward42
For me the main reason to use Podman over Docker is rootless containers. Another one is also that Docker is really not pleasant to install on Linux.
rjh29
It's not pleasant? I don't know what Docker Desktop is (or what the point is) but Docker Server is two lines of shell on most distros (add repo and install).
I use CentOS, Ubuntu and Arch and have to regularly use third-party repos, PPAs or the AUR - this isn't a particularly uncommon thing to do when installing software. And it beats running a shell script, which is how k8s stuff works most of the time :P
petre
And pods and not needing a daemon to run them among other things. Docker is still easier precisely because it has a daemon that automatically just starts up your countainers thay you've configured to run at startup, without the need to create systemd unit files.
nicholasjarnold
> Another one is also that Docker is really not pleasant to install on Linux.
I'm curious on which Linux did you encounter issues while installing Docker? I cannot comment on the (to me somewhat pointless) Docker Desktop GUI installation on Linux, but I can confidently report that installing and using docker engine on Ubuntu, at least, is quite trivial and clearly documented[0] on the website.
cmeacham98
Not them, but my employer makes it a major PITA to add non-standard repositories on the corporate Ubuntu image because of the weird and non-standard way Apt is configured. The "docker.io" package available in the official Ubuntu repository is typically horribly out of date.
Additionally, (and admittedly this isn't really Docker's fault), the default IP range for Docker's network happens to conflict with my employer's internal network, which is great fun to debug if you forget to change it.
AnonCoward42
First of: It has been some time since I last installed Docker. It actually was on Ubuntu and a properly current version was not in the distro repositories, so I had to add a new repository and it installed plenty of extra dependencies. It's not hard, but also not really pleasant.
It also seems like Docker is now able to run rootless as well, so my nitpicks are actually more minor than I originally thought. It's still not daemonless, but it would work for my use case still I think.
2OEH8eoCRo0
I experienced issues on Fedora because back then Docker did not support cgroups v2.
onlycoffee
Weird, I have no need I can see for rootless and on multiple machines no issues installing Docker on Ubuntu including using either the Ubuntu repo or the Docker repo. It just works.
Demonsult
Besides the licensing issues, I found it bloated and flaky. For me, the friendly GUI just added pain. I use docker in Hyper-V as my home media server instead. WSL2 also works.
florentbenoit
They can run side by side and Podman Desktop is also able to show you all Docker containers, images, etc.
overlisted
For GNOME users: I recommend trying this frontend https://github.com/marhkb/pods
kodisha
Hyped by those comments, I went and tried both colima and podman.
My use case is the simplest of them all:
A docker compose file for postgres12 with a folder attached as permanent volume.
- colima couldnt do chmod, and it failed when i tried to restore database to folder. I tracked an issue on github, known stuff, issue is couple of years old.
- podman made it work somehow, data restore was under way - it run out of file descriptors, again - know bug with postgres and other scenarios, tracked on github for few years.
turned off, fired docker again, it works.
meh :(
jscheel
I'd just love to know if Docker is ever going to fix the issue where my computer kernel panics when going into hibernation if my macbook is unplugged and docker is running. Had an open, reproducible issue for a quite while that has affected lots of other folks too, but no real recognition from Docker.
onlycoffee
Google Mac hibernate issues. Over 1 million results. Windows, over 3 million.
I gave up on hibernation being a valid concept in the 1990's, there's too many things that can go wrong and computers are more complex today.I don't use hibernation and Docker has no issues.
jscheel
I mean, I've never had any other issue with it. This is clearly a docker problem.
onlycoffee
1 million Mac and 3 million Windows users most of whom probably don't know what docker is let alone run it; would like to disagree.
jamesvnz
huh, so that's what's happening to me. I was wondering what the likely cause of the kernel panic issue might be. This might be the impetus I needed to try one of these Mac docker alternatives.
tkiolp4
Talking about containers: is there an easy way to run “system” containers? This is, containers that run systemd and everything else you would expect to be running on a normal Linux OS. I rely heavily on VMs to simulate cloud environments, but I would love to use lightweight containers instead. Also, these “system” containers should be able to run containers inside them as well (docker in docker?).
I saw something on github the other day that may work (can’t remember the name, something about “box”), but it wasn’t available for Macos.
rmolina
You are probably referring to Sysbox (https://github.com/nestybox/sysbox), which I believe will meet your requirements (systemd, inner containers, security, etc).
Btw, Sysbox is already supported in Docker-Desktop (business tier only), so you can easily do what you want with this instruction:
$ docker run -it --rm -e SYSBOX_SYSCONT_MODE=TRUE ghcr.io/nestybox/ubuntu-focal-systemd-docker:latest bash
Disclaimer: I'm Sysbox's co-creator and currently working for Docker.
gbraad
Not entirely sure about the usecase, but podman itself integrates well with systemd, like creating services. But it feels like you want a full systemd OS in a container instead of a VM. Not the best practice. VM might better for this, though Podman can run systemd based services. And Podman in docker or podman in podman is not an issue.
https://blog.while-true-do.io/podman-systemd-in-containers/
Podman machine starts a VM that is just a Fedora distro, with systemd and you can create multiple instances. This way you can run these system containers easily.
dinosaurdynasty
systemd-nspawn, LXC, and podman should all be able to do that (though doing recursive containers can be kind of weird). In theory https://github.com/firecracker-microvm/firecracker should as well, it runs very lightweight VMs.
moondev
kind (kubernetes inside docker) does this by building a specialized container that includes and uses systemd as the entrypoint:
https://github.com/kubernetes-sigs/kind/blob/main/images/bas...
You could run this as a standalone container
docker run --rm -d --name my-node --volume=/lib/modules:/lib/modules:ro --volume=/var --volume=/kind --privileged docker.io/kindest/node:v1.25.3
docker exec -it my-node bashMikeKusold
Proxmox allows you to launch LXC containers via a UI. I use it at home and I'm able to run Docker in both a privileged LXC and an unprivileged LXC.
rb12345
LXC/LXD are probably the closest to that on Linux, although I'm not sure about nesting containers.
CoolCold
It works. Used it just 1 hour ago last time.
lxc launch ubuntu:22.04 docktest -c security.nest
More on https://bobcares.com/blog/lxd-and-docker-containers-nesting/
Woeps
"these “system” containers should be able to run containers inside them as well (docker in docker?)."
I think you can run podman in podman. But your comment actually makes me wonder how easy it would be to run docker/podman in chroot
CoolCold
One more vote for LXD/LXC. Very neat and quick
Get the top HN stories in your inbox every day.
Recently I started using colima[0], a drop in replacement for Docker Desktop on Mac, and have seen an increase in performance and battery life. You can use all the normal docker and docker compose commands. It does not have a GUI but you can use the Docker extension on VS Code to have an overview of running containers.
[0]https://github.com/abiosoft/colima