Readit Newskdrag0n commented on Bocker: Docker implemented in around 100 lines of Bash (2015) github.com/p8952/bocker... · Posted by u/emersonrsantos
My main dev machine is Linux so I use Rancher Desktop but I also have a MacBook Pro m1 machine. Orbstack is so much better than rancher and docker desktop. I know they are a small company but hell if their product isn’t significantly more efficient and better.
Love to hear that :) sent you an email about the k8s IPv6 issue — should be able to get it fixed in OrbStack
kdrag0n commented on OrbStack: The fast, light, and easy way to run Docker containers and Linux orbstack.dev/... · Posted by u/rpgbr
> I like Orbstack, but I wish the devs...
devs? afaik, it is just one teenager, Danny Lin (he might be 20 by now, though).
A small team now :)
(not back then though)
kdrag0n commented on OrbStack: The fast, light, and easy way to run Docker containers and Linux orbstack.dev/... · Posted by u/rpgbr
I have a machine with Colima and don’t want to bork it if I try Orbstack.
I think I used “brew install docker docker-compose colima” and then “colima start”.
Is “brew install orbstack” a drop in replacement for colima or does it install other things that might conflict?
Drop-in: "orb" to start, stop it + uninstall + restart Colima to revert.
It can optionally install OrbStack's bundled `docker` and `docker compose` binaries, but you can also keep using the Homebrew ones.
kdrag0n commented on OrbStack: The fast, light, and easy way to run Docker containers and Linux orbstack.dev/... · Posted by u/rpgbr
It appears to be lxd, I assume a single vm with multiple lxd inside.
https://github.com/orbstack/orbstack/issues/461#issuecomment...
The issue submitter just happened to be running LXD in their OrbStack machine.
kdrag0n commented on OrbStack: The fast, light, and easy way to run Docker containers and Linux orbstack.dev/... · Posted by u/rpgbr
Hi, is it possible to add a virtual machine mode to OrbStack? See https://news.ycombinator.com/item?id=41423667 for why. I'm okay with most (or all) nice integrations unavailable.
Basically I want a true UTM replacement, the one I can run my own kernel.
Sorry, no plans for that. That vertical integration is a key part of OrbStack — it's not just for nice extras/integrations.
kdrag0n commented on OrbStack: The fast, light, and easy way to run Docker containers and Linux orbstack.dev/... · Posted by u/rpgbr
One reason I'm still using docker desktop in my (small) company is that our production systems are using docker compose and the networking with domains does not translate 1:1 between orbstack locally and docker compose + nginx in production. Is there an easy way to solve this?
OrbStack domains can be nice but you don't have to use them. It's fully compatible with Compose, so you can just run the same commands with no changes to your setup. Did that not work for you?
kdrag0n commented on OrbStack: The fast, light, and easy way to run Docker containers and Linux orbstack.dev/... · Posted by u/rpgbr
What’s the security model for OrbStack and its containers?
Is OrbStack rootless? Where is the security boundary for the containers? (Are they sandboxed completely from the host?)
How does the virtualisation work? (I’d assume Virtualization.framework, so I can run it without Rosetta if all containers will share host architecture?)
Does it support Docker-in-Docker and Docker-out-of-Docker? (M1 and M2 Mac’s don’t have hardware for nested virtualisation so I assume this also prevents DiD with OrbStack?)
Thanks in advance, eager to try it out.
It's a shared VM and kernel, so the security boundary between containers is only as strong as typical Linux containers, and we don't really use the VM as a strong security boundary right now. The security model is similar to running Docker containers on a native Linux machine for development.
Admin privileges aren't required on the macOS side. You can optionally allow a privileged helper for some small niceties, but the VM process never runs as root.
The virtualization stack is custom, which allows for a lot of performance and stability improvements. It's not Virtualization.framework or QEMU.
Containers don't require virtualization, so Docker-in-Docker works. Not sure what you mean by Docker-out-of-Docker, but you can run Docker in OrbStack Linux machines, and you can use the managed engine from macOS.
kdrag0n commented on OrbStack: The fast, light, and easy way to run Docker containers and Linux orbstack.dev/... · Posted by u/rpgbr