Readit News logoReadit News
kdrag0n commented on Bocker: Docker implemented in around 100 lines of Bash (2015)   github.com/p8952/bocker... · Posted by u/emersonrsantos
jml78 · 9 months ago
My main dev machine is Linux so I use Rancher Desktop but I also have a MacBook Pro m1 machine. Orbstack is so much better than rancher and docker desktop. I know they are a small company but hell if their product isn’t significantly more efficient and better.
kdrag0n · 9 months ago
Love to hear that :) sent you an email about the k8s IPv6 issue — should be able to get it fixed in OrbStack
kdrag0n commented on OrbStack: The fast, light, and easy way to run Docker containers and Linux   orbstack.dev/... · Posted by u/rpgbr
ignoramous · a year ago
> I like Orbstack, but I wish the devs...

devs? afaik, it is just one teenager, Danny Lin (he might be 20 by now, though).

kdrag0n · a year ago
A small team now :)

(not back then though)

kdrag0n commented on OrbStack: The fast, light, and easy way to run Docker containers and Linux   orbstack.dev/... · Posted by u/rpgbr
styfle · a year ago
I have a machine with Colima and don’t want to bork it if I try Orbstack.

I think I used “brew install docker docker-compose colima” and then “colima start”.

Is “brew install orbstack” a drop in replacement for colima or does it install other things that might conflict?

kdrag0n · a year ago
Drop-in: "orb" to start, stop it + uninstall + restart Colima to revert.

It can optionally install OrbStack's bundled `docker` and `docker compose` binaries, but you can also keep using the Homebrew ones.

kdrag0n commented on OrbStack: The fast, light, and easy way to run Docker containers and Linux   orbstack.dev/... · Posted by u/rpgbr
moondev · a year ago
It appears to be lxd, I assume a single vm with multiple lxd inside.

https://github.com/orbstack/orbstack/issues/461#issuecomment...

kdrag0n · a year ago
The issue submitter just happened to be running LXD in their OrbStack machine.
kdrag0n commented on OrbStack: The fast, light, and easy way to run Docker containers and Linux   orbstack.dev/... · Posted by u/rpgbr
rfoo · a year ago
Hi, is it possible to add a virtual machine mode to OrbStack? See https://news.ycombinator.com/item?id=41423667 for why. I'm okay with most (or all) nice integrations unavailable.

Basically I want a true UTM replacement, the one I can run my own kernel.

kdrag0n · a year ago
Sorry, no plans for that. That vertical integration is a key part of OrbStack — it's not just for nice extras/integrations.
kdrag0n commented on OrbStack: The fast, light, and easy way to run Docker containers and Linux   orbstack.dev/... · Posted by u/rpgbr
nkmnz · a year ago
One reason I'm still using docker desktop in my (small) company is that our production systems are using docker compose and the networking with domains does not translate 1:1 between orbstack locally and docker compose + nginx in production. Is there an easy way to solve this?
kdrag0n · a year ago
OrbStack domains can be nice but you don't have to use them. It's fully compatible with Compose, so you can just run the same commands with no changes to your setup. Did that not work for you?
kdrag0n commented on OrbStack: The fast, light, and easy way to run Docker containers and Linux   orbstack.dev/... · Posted by u/rpgbr
highwaylights · a year ago
What’s the security model for OrbStack and its containers?

Is OrbStack rootless? Where is the security boundary for the containers? (Are they sandboxed completely from the host?)

How does the virtualisation work? (I’d assume Virtualization.framework, so I can run it without Rosetta if all containers will share host architecture?)

Does it support Docker-in-Docker and Docker-out-of-Docker? (M1 and M2 Mac’s don’t have hardware for nested virtualisation so I assume this also prevents DiD with OrbStack?)

Thanks in advance, eager to try it out.

kdrag0n · a year ago
It's a shared VM and kernel, so the security boundary between containers is only as strong as typical Linux containers, and we don't really use the VM as a strong security boundary right now. The security model is similar to running Docker containers on a native Linux machine for development.

Admin privileges aren't required on the macOS side. You can optionally allow a privileged helper for some small niceties, but the VM process never runs as root.

The virtualization stack is custom, which allows for a lot of performance and stability improvements. It's not Virtualization.framework or QEMU.

Containers don't require virtualization, so Docker-in-Docker works. Not sure what you mean by Docker-out-of-Docker, but you can run Docker in OrbStack Linux machines, and you can use the managed engine from macOS.

kdrag0n commented on OrbStack: The fast, light, and easy way to run Docker containers and Linux   orbstack.dev/... · Posted by u/rpgbr
saagarjha · a year ago
I assume it matches whatever Rosetta advertises?
kdrag0n · a year ago
It's because Rosetta doesn't seem to emulate /proc/cpuinfo, so the contents reflect that of the arm64 host.

u/kdrag0n

KarmaCake day856January 28, 2020
About
Building OrbStack, a fast, light, and simple alternative to Docker Desktop: https://orbstack.dev

https://kdrag0n.dev

Email: hn@<username>.dev

View Original