SlideShare a Scribd company logo

[KubeCon EU 2022] Running containerd and k3s on macOS

A
Akihiro Suda

The document discusses the use of Lima to run containerd and k3s on macOS, which facilitates automatic host filesystem sharing and port forwarding, addressing the challenges of existing solutions like Docker Desktop and virtualization tools. It highlights Lima's capabilities, including support for multiple architectures (amd64 and arm64), and additional functionality for Docker and Podman integration. The paper also outlines Lima's development progress, community involvement, and future prospects for enhancing container management on macOS.

Software
1 of 28
Downloaded 31 times
1
2
3
Most read
4
5
Most read
6
7
8
9
10
11
12
13
14
15
16
Most read
17
18
19
20
21
22
23
24
25
26
27
28
Running containerd and k3s on macOS Akihiro Suda, NTT Jan Dubois, SUSE 1
Why run containers on macOS? ● 2022 is The Year of the Linux Desktop™… ● But ordinary developers still need macOS (or Windows) ● Almost solely for the dev & test environment ● Not the best fit for running a production server 2
Existing methods ● Docker Desktop for Mac has been the popular solution ● Supports automatic host filesystem sharing ● Supports automatic port forwarding ● But proprietary 3
Existing methods Just install Docker and Kubernetes inside a Linux VM? Maybe via minikube? ● VMware Fusion and Parallels are proprietary ● VirtualBox is FLOSS but won’t support M1 ● QEMU is FLOSS and supports M1, but still ○ Not easy to access the host FS from the containers ○ Not easy to access the container ports from the host 4
Our solution: Lima ● Similar to WSL2 but for macOS hosts ● Automatic host filesystem sharing ● Automatic port forwarding ● Built-in integration for containerd 5 https://github.com/lima-vm/lima $ brew install lima $ limactl start $ lima nerdctl run ...
Lima = LInux MAchine ● Originally designed as “containerd machine” to mimic Docker Machine ● The scope was extended immediately to cover other use cases too ● Still focuses on containerd and k3s 6
containerd with Lima containerd: the de facto standard container runtime ● CNCF Graduated project ● Not just made for Kubernetes ● Provides the docker-compatible CLI too: containerdctl ● With a lot of cutting-edge features ○ Lazy-pulling, IPFS, OCIcrypt, Faster rootless … 7 $ nerdctl build -t foo . $ nerdctl run -d -p 127.0.0.1:80:80 foo
containerd with Lima Lima provides built-in support for containerd 8 $ lima nerdctl build -t foo . $ lima nerdctl run -d -p 127.0.0.1:80:80 foo Build an image from a Dockerfile on the macOS home directory Expose the container’s port 80 as the macOS’s http://localhost
containerd with Lima 9 $ lima nerdctl build --platform=amd64,arm64 ... $ lima nerdctl run --platform=amd64 ... Run an AMD64 container on M1 (ARM64) Build an AMD64/ARM64 dual-platform image Even supports running Intel (AMD64) containers on M1 (ARM64) and vice versa, using tonistiigi/binfmt
k3s with Lima k3s: Lightweight Kubernetes ● CNCF Sandbox project ● Adopts containerd as the CRI runtime ● Works with Lima too 10 $ limactl start template://k3s $ limactl shell k3s sudo cat /etc/rancher/k3s/k3s.yaml ⧵ >~/.kube/config $ kubectl ...
Extra: Docker with Lima The original design was only to support containerd, but the scope is now expanded to support Docker Engine too (Docker Engine: Apache License 2.0, no proprietary GUI) 11 $ limactl start template://docker $ brew install docker $ docker context create lima --docker ⧵ "host=unix://$HOME/.lima/docker/sock/docker.sock" $ docker context use lima $ docker run ...
Extra: Podman with Lima And even Podman 12 $ limactl start template://podman $ brew install podman $ podman system connection add lima ⧵ "unix://$HOME/.lima/podman/sock/podman.sock" $ podman system connection default lima $ podman run ...
How it works: Hypervisor ● Vanilla QEMU ● Supports both Intel and ARM ● Even supports Intel-on-ARM and ARM-on-Intel (slow though) ● FAQ: why not use Apple’s Virtualization.framework? ○ Proprietary ○ Limited functionalities 13
How it works: Filesystem sharing ● Lima < 1.0: reverse SSHFS ○ macOS works as an SSH client but as an SFTP server ○ Linux works an SSH server but as an SFTP client ● Lima ≥ 1.0: virtio-9p-pci , aka virtfs (not virtio-fs) ○ Less weirdness ○ Lima 1.0 is probably available by the time of KubeCon (This session was pre-recorded in April) 14
How it works: Filesystem sharing ● FAQ: why not use virtio-fs (faster than virtfs) ? ○ QEMU still doesn’t implement virtio-fs for macOS hosts ○ Apple’s Virtualization.framework implements virtio-fs, but it is proprietary and lacks other functionalities 15
How it works: Port forwarding ● The guest is accessible as localhost from the host ● Watch guest events, and run ssh -L to let SSH forward TCP ports ● Event sources: ○ /proc/net/{tcp,tcp6}: For non-CNI ports ○ iptables, AUDIT_NETFILTER_CFG: For CNI ports 16
WELCOME TO VALENCIA 17 The speaker switches here
Enterprise DNS Requirements ● Use nameservers from VPN connections ● Support for split-DNS Other QEMU DNS limitations ● Picks single random nameserver from /etc/resolv.conf ● Cannot support mDNS ● Doesn’t load /etc/hosts from the host 18
How it works: Host Resolver 19
How it works: Proxy Settings ① Network settings ② lima.yaml ③ Environment variable ● Change 127.0.0.1 to 192.168.5.2 ● Create matching uppercase and lowercase variants ● Store in /etc/environment 20 ① ② ③
Port Forwarding Limitations ● Port forwarding is delayed up to 3s due to polling ● Port may already be in use on the host ● Guest IP ≠ Host IP breaks external IP for k8s services ● UDP is not supported by ssh port forwarding 21
How it works: vde_vmnet 22
Lima community after one year ● 45 contributors ● 400 merged pull requests ● 26 releases ● 8k stars on GitHub 23
Third party FOSS projects 24 Lima-GUI https://github.com/afbjorklund/lima-gui Colima https://github.com/abiosoft/colima Rancher Desktop https://github.com/rancher-sandbox/rancher-desktop
Rancher Desktop ● GUI for containerd, moby, and k3s ● Rancher Dashboard for Kubernetes ● Test Kubernetes version upgrades ● Image scanning with Trivy ● Also works on Linux & Windows (WSL2) ● Free and open source 25
Recap Lima provides a quick way to run containerd and k3s on macOS ● With automatic host filesystem sharing ● With automatic port forwarding 26 $ brew install lima $ limactl start $ lima nerdctl run -d -p 127.0.0.1:80:80 nginx:alpine $ curl http://localhost
Join us! ● GitHub Discussions: https://github.com/lima-vm/lima/discussions ● Slack: #lima channel at https://slack.rancher.io/ Colocated with #rancher-desktop (Lima is not a Rancher project) 27 https://github.com/lima-vm/lima
WELCOME TO VALENCIA 28

More Related Content

What's hot (20)

PDF
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
Akihiro Suda
 
PDF
Introduction and Deep Dive Into Containerd
Kohei Tokunaga
 
PDF
Launch the First Process in Linux System
Jian-Hong Pan
 
PDF
[KubeConEU2023] Lima pavilion
Akihiro Suda
 
PDF
Rootless Kubernetes
Akihiro Suda
 
PDF
BPF Internals (eBPF)
Brendan Gregg
 
PDF
Rootless Containers
Akihiro Suda
 
PDF
Linux Networking Explained
Thomas Graf
 
PDF
KVM tools and enterprise usage
vincentvdk
 
PDF
Blazing Performance with Flame Graphs
Brendan Gregg
 
PDF
Velocity 2017 Performance analysis superpowers with Linux eBPF
Brendan Gregg
 
PDF
Docker Introduction
Peng Xiao
 
PPTX
Demystifying openvswitch
Prasad Mukhedkar
 
PDF
Faster Container Image Distribution on a Variety of Tools with Lazy Pulling
Kohei Tokunaga
 
PDF
eStargzイメージとlazy pullingによる高速なコンテナ起動
Kohei Tokunaga
 
PDF
Introduction to kubernetes
Gabriel Carro
 
PDF
왜 쿠버네티스는 systemd로 cgroup을 관리하려고 할까요
Jo Hoon
 
PDF
Comparing Next-Generation Container Image Building Tools
Akihiro Suda
 
PDF
How VXLAN works on Linux
Etsuji Nakai
 
PDF
[CNCF TAG-Runtime 2022-10-06] Lima
Akihiro Suda
 
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
Akihiro Suda
 
Introduction and Deep Dive Into Containerd
Kohei Tokunaga
 
Launch the First Process in Linux System
Jian-Hong Pan
 
[KubeConEU2023] Lima pavilion
Akihiro Suda
 
Rootless Kubernetes
Akihiro Suda
 
BPF Internals (eBPF)
Brendan Gregg
 
Rootless Containers
Akihiro Suda
 
Linux Networking Explained
Thomas Graf
 
KVM tools and enterprise usage
vincentvdk
 
Blazing Performance with Flame Graphs
Brendan Gregg
 
Velocity 2017 Performance analysis superpowers with Linux eBPF
Brendan Gregg
 
Docker Introduction
Peng Xiao
 
Demystifying openvswitch
Prasad Mukhedkar
 
Faster Container Image Distribution on a Variety of Tools with Lazy Pulling
Kohei Tokunaga
 
eStargzイメージとlazy pullingによる高速なコンテナ起動
Kohei Tokunaga
 
Introduction to kubernetes
Gabriel Carro
 
왜 쿠버네티스는 systemd로 cgroup을 관리하려고 할까요
Jo Hoon
 
Comparing Next-Generation Container Image Building Tools
Akihiro Suda
 
How VXLAN works on Linux
Etsuji Nakai
 
[CNCF TAG-Runtime 2022-10-06] Lima
Akihiro Suda
 

Similar to [KubeCon EU 2022] Running containerd and k3s on macOS (20)

PDF
Docker for Mac and Windows: The Insider's Guide by Justin Cormack
Docker, Inc.
 
PDF
[KubeCon NA 2020] containerd: Rootless Containers 2020
Akihiro Suda
 
PDF
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
dotCloud
 
PDF
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Docker, Inc.
 
PDF
Janus & docker: friends or foe
Alessandro Amirante
 
PDF
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Phil Estes
 
PDF
LXC, Docker, and the future of software delivery | LinuxCon 2013
dotCloud
 
PDF
LXC Docker and the Future of Software Delivery
Docker, Inc.
 
PPTX
Running .NET on Docker
Ben Hall
 
PDF
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
Yandex
 
PDF
The internals and the latest trends of container runtimes
Akihiro Suda
 
PDF
State of Containers and the Convergence of HPC and BigData
inside-BigData.com
 
PDF
How Can OpenNebula Fit Your Needs: A European Project Feedback
NETWAYS
 
PDF
OpenNebulaConf 2013 - How Can OpenNebula Fit Your Needs: A European Project F...
OpenNebula Project
 
PPTX
Docker meetup
syed1
 
PDF
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containers
Antoni Segura Puimedon
 
ODP
Armbian linux
igorpecovnik
 
PDF
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
CloudOps2005
 
PDF
How can OpenNebula fit your needs - OpenNebulaConf 2013
Maxence Dunnewind
 
PDF
Managing ejabberd Platforms with Docker - ejabberd Workshop #1
Mickaël Rémond
 
Docker for Mac and Windows: The Insider's Guide by Justin Cormack
Docker, Inc.
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
Akihiro Suda
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
dotCloud
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Docker, Inc.
 
Janus & docker: friends or foe
Alessandro Amirante
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Phil Estes
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
dotCloud
 
LXC Docker and the Future of Software Delivery
Docker, Inc.
 
Running .NET on Docker
Ben Hall
 
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
Yandex
 
The internals and the latest trends of container runtimes
Akihiro Suda
 
State of Containers and the Convergence of HPC and BigData
inside-BigData.com
 
How Can OpenNebula Fit Your Needs: A European Project Feedback
NETWAYS
 
OpenNebulaConf 2013 - How Can OpenNebula Fit Your Needs: A European Project F...
OpenNebula Project
 
Docker meetup
syed1
 
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containers
Antoni Segura Puimedon
 
Armbian linux
igorpecovnik
 
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
CloudOps2005
 
How can OpenNebula fit your needs - OpenNebulaConf 2013
Maxence Dunnewind
 
Managing ejabberd Platforms with Docker - ejabberd Workshop #1
Mickaël Rémond
 
Ad

More from Akihiro Suda (20)

PDF
20250617 [KubeCon JP 2025] containerd - Project Update and Deep Dive.pdf
Akihiro Suda
 
PDF
20250616 [KubeCon JP 2025] VexLLM - Silence Negligible CVE Alerts Using LLM.pdf
Akihiro Suda
 
PDF
20250403 [KubeCon EU] containerd - Project Update and Deep Dive.pdf
Akihiro Suda
 
PDF
20250403 [KubeCon EU Pavilion] containerd.pdf
Akihiro Suda
 
PDF
20250402 [KubeCon EU Pavilion] Lima.pdf_
Akihiro Suda
 
PDF
20241115 [KubeCon NA Pavilion] Lima.pdf_
Akihiro Suda
 
PDF
20241113 [KubeCon NA Pavilion] containerd.pdf
Akihiro Suda
 
PDF
【情報科学若手の会 (2024/09/14】なぜオープンソースソフトウェアにコントリビュートすべきなのか
Akihiro Suda
 
PDF
【Vuls祭り#10 (2024/08/20)】 VexLLM: LLMを用いたVEX自動生成ツール
Akihiro Suda
 
PDF
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
Akihiro Suda
 
PDF
20240321 [KubeCon EU Pavilion] Lima.pdf_
Akihiro Suda
 
PDF
20240320 [KubeCon EU Pavilion] containerd.pdf
Akihiro Suda
 
PDF
20240201 [HPC Containers] Rootless Containers.pdf
Akihiro Suda
 
PDF
[Podman Special Event] Kubernetes in Rootless Podman
Akihiro Suda
 
PDF
[KubeConNA2023] Lima pavilion
Akihiro Suda
 
PDF
[KubeConNA2023] containerd pavilion
Akihiro Suda
 
PDF
[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf
Akihiro Suda
 
PDF
[CNCF TAG-Runtime] Usernetes Gen2
Akihiro Suda
 
PDF
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
Akihiro Suda
 
PDF
[KubeConEU2023] containerd pavilion
Akihiro Suda
 
20250617 [KubeCon JP 2025] containerd - Project Update and Deep Dive.pdf
Akihiro Suda
 
20250616 [KubeCon JP 2025] VexLLM - Silence Negligible CVE Alerts Using LLM.pdf
Akihiro Suda
 
20250403 [KubeCon EU] containerd - Project Update and Deep Dive.pdf
Akihiro Suda
 
20250403 [KubeCon EU Pavilion] containerd.pdf
Akihiro Suda
 
20250402 [KubeCon EU Pavilion] Lima.pdf_
Akihiro Suda
 
20241115 [KubeCon NA Pavilion] Lima.pdf_
Akihiro Suda
 
20241113 [KubeCon NA Pavilion] containerd.pdf
Akihiro Suda
 
【情報科学若手の会 (2024/09/14】なぜオープンソースソフトウェアにコントリビュートすべきなのか
Akihiro Suda
 
【Vuls祭り#10 (2024/08/20)】 VexLLM: LLMを用いたVEX自動生成ツール
Akihiro Suda
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
Akihiro Suda
 
20240321 [KubeCon EU Pavilion] Lima.pdf_
Akihiro Suda
 
20240320 [KubeCon EU Pavilion] containerd.pdf
Akihiro Suda
 
20240201 [HPC Containers] Rootless Containers.pdf
Akihiro Suda
 
[Podman Special Event] Kubernetes in Rootless Podman
Akihiro Suda
 
[KubeConNA2023] Lima pavilion
Akihiro Suda
 
[KubeConNA2023] containerd pavilion
Akihiro Suda
 
[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf
Akihiro Suda
 
[CNCF TAG-Runtime] Usernetes Gen2
Akihiro Suda
 
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
Akihiro Suda
 
[KubeConEU2023] containerd pavilion
Akihiro Suda
 
Ad

Recently uploaded (20)

PDF
How to Hire AI Developers_ Step-by-Step Guide in 2025.pdf
DianApps Technologies
 
PPTX
Agentic Automation Journey Series Day 2 – Prompt Engineering for UiPath Agents
klpathrudu
 
PDF
IDM Crack with Internet Download Manager 6.42 Build 43 with Patch Latest 2025
bashirkhan333g
 
PPTX
Transforming Mining & Engineering Operations with Odoo ERP | Streamline Proje...
SatishKumar2651
 
PPTX
In From the Cold: Open Source as Part of Mainstream Software Asset Management
Shane Coughlan
 
PPTX
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
Shane Coughlan
 
PDF
Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pdf
Varsha Nayak
 
PPTX
Agentic Automation Journey Session 1/5: Context Grounding and Autopilot for E...
klpathrudu
 
PDF
AI + DevOps = Smart Automation with devseccops.ai.pdf
Devseccops.ai
 
PDF
4K Video Downloader Plus Pro Crack for MacOS New Download 2025
bashirkhan333g
 
PDF
HiHelloHR – Simplify HR Operations for Modern Workplaces
HiHelloHR
 
PPTX
Hardware(Central Processing Unit ) CU and ALU
RizwanaKalsoom2
 
PPTX
Finding Your License Details in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
PDF
MiniTool Partition Wizard 12.8 Crack License Key LATEST
hashhshs786
 
PPTX
Agentic Automation: Build & Deploy Your First UiPath Agent
klpathrudu
 
PPTX
Tally_Basic_Operations_Presentation.pptx
AditiBansal54083
 
PDF
vMix Pro 28.0.0.42 Download vMix Registration key Bundle
kulindacore
 
PDF
Generic or Specific? Making sensible software design decisions
Bert Jan Schrijver
 
PPTX
Foundations of Marketo Engage - Powering Campaigns with Marketo Personalization
bbedford2
 
PDF
The 5 Reasons for IT Maintenance - Arna Softech
Arna Softech
 
How to Hire AI Developers_ Step-by-Step Guide in 2025.pdf
DianApps Technologies
 
Agentic Automation Journey Series Day 2 – Prompt Engineering for UiPath Agents
klpathrudu
 
IDM Crack with Internet Download Manager 6.42 Build 43 with Patch Latest 2025
bashirkhan333g
 
Transforming Mining & Engineering Operations with Odoo ERP | Streamline Proje...
SatishKumar2651
 
In From the Cold: Open Source as Part of Mainstream Software Asset Management
Shane Coughlan
 
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
Shane Coughlan
 
Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pdf
Varsha Nayak
 
Agentic Automation Journey Session 1/5: Context Grounding and Autopilot for E...
klpathrudu
 
AI + DevOps = Smart Automation with devseccops.ai.pdf
Devseccops.ai
 
4K Video Downloader Plus Pro Crack for MacOS New Download 2025
bashirkhan333g
 
HiHelloHR – Simplify HR Operations for Modern Workplaces
HiHelloHR
 
Hardware(Central Processing Unit ) CU and ALU
RizwanaKalsoom2
 
Finding Your License Details in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
MiniTool Partition Wizard 12.8 Crack License Key LATEST
hashhshs786
 
Agentic Automation: Build & Deploy Your First UiPath Agent
klpathrudu
 
Tally_Basic_Operations_Presentation.pptx
AditiBansal54083
 
vMix Pro 28.0.0.42 Download vMix Registration key Bundle
kulindacore
 
Generic or Specific? Making sensible software design decisions
Bert Jan Schrijver
 
Foundations of Marketo Engage - Powering Campaigns with Marketo Personalization
bbedford2
 
The 5 Reasons for IT Maintenance - Arna Softech
Arna Softech
 

[KubeCon EU 2022] Running containerd and k3s on macOS

  • 1. Running containerd and k3s on macOS Akihiro Suda, NTT Jan Dubois, SUSE 1
  • 2. Why run containers on macOS? ● 2022 is The Year of the Linux Desktop™… ● But ordinary developers still need macOS (or Windows) ● Almost solely for the dev & test environment ● Not the best fit for running a production server 2
  • 3. Existing methods ● Docker Desktop for Mac has been the popular solution ● Supports automatic host filesystem sharing ● Supports automatic port forwarding ● But proprietary 3
  • 4. Existing methods Just install Docker and Kubernetes inside a Linux VM? Maybe via minikube? ● VMware Fusion and Parallels are proprietary ● VirtualBox is FLOSS but won’t support M1 ● QEMU is FLOSS and supports M1, but still ○ Not easy to access the host FS from the containers ○ Not easy to access the container ports from the host 4
  • 5. Our solution: Lima ● Similar to WSL2 but for macOS hosts ● Automatic host filesystem sharing ● Automatic port forwarding ● Built-in integration for containerd 5 https://github.com/lima-vm/lima $ brew install lima $ limactl start $ lima nerdctl run ...
  • 6. Lima = LInux MAchine ● Originally designed as “containerd machine” to mimic Docker Machine ● The scope was extended immediately to cover other use cases too ● Still focuses on containerd and k3s 6
  • 7. containerd with Lima containerd: the de facto standard container runtime ● CNCF Graduated project ● Not just made for Kubernetes ● Provides the docker-compatible CLI too: containerdctl ● With a lot of cutting-edge features ○ Lazy-pulling, IPFS, OCIcrypt, Faster rootless … 7 $ nerdctl build -t foo . $ nerdctl run -d -p 127.0.0.1:80:80 foo
  • 8. containerd with Lima Lima provides built-in support for containerd 8 $ lima nerdctl build -t foo . $ lima nerdctl run -d -p 127.0.0.1:80:80 foo Build an image from a Dockerfile on the macOS home directory Expose the container’s port 80 as the macOS’s http://localhost
  • 9. containerd with Lima 9 $ lima nerdctl build --platform=amd64,arm64 ... $ lima nerdctl run --platform=amd64 ... Run an AMD64 container on M1 (ARM64) Build an AMD64/ARM64 dual-platform image Even supports running Intel (AMD64) containers on M1 (ARM64) and vice versa, using tonistiigi/binfmt
  • 10. k3s with Lima k3s: Lightweight Kubernetes ● CNCF Sandbox project ● Adopts containerd as the CRI runtime ● Works with Lima too 10 $ limactl start template://k3s $ limactl shell k3s sudo cat /etc/rancher/k3s/k3s.yaml ⧵ >~/.kube/config $ kubectl ...
  • 11. Extra: Docker with Lima The original design was only to support containerd, but the scope is now expanded to support Docker Engine too (Docker Engine: Apache License 2.0, no proprietary GUI) 11 $ limactl start template://docker $ brew install docker $ docker context create lima --docker ⧵ "host=unix://$HOME/.lima/docker/sock/docker.sock" $ docker context use lima $ docker run ...
  • 12. Extra: Podman with Lima And even Podman 12 $ limactl start template://podman $ brew install podman $ podman system connection add lima ⧵ "unix://$HOME/.lima/podman/sock/podman.sock" $ podman system connection default lima $ podman run ...
  • 13. How it works: Hypervisor ● Vanilla QEMU ● Supports both Intel and ARM ● Even supports Intel-on-ARM and ARM-on-Intel (slow though) ● FAQ: why not use Apple’s Virtualization.framework? ○ Proprietary ○ Limited functionalities 13
  • 14. How it works: Filesystem sharing ● Lima < 1.0: reverse SSHFS ○ macOS works as an SSH client but as an SFTP server ○ Linux works an SSH server but as an SFTP client ● Lima ≥ 1.0: virtio-9p-pci , aka virtfs (not virtio-fs) ○ Less weirdness ○ Lima 1.0 is probably available by the time of KubeCon (This session was pre-recorded in April) 14
  • 15. How it works: Filesystem sharing ● FAQ: why not use virtio-fs (faster than virtfs) ? ○ QEMU still doesn’t implement virtio-fs for macOS hosts ○ Apple’s Virtualization.framework implements virtio-fs, but it is proprietary and lacks other functionalities 15
  • 16. How it works: Port forwarding ● The guest is accessible as localhost from the host ● Watch guest events, and run ssh -L to let SSH forward TCP ports ● Event sources: ○ /proc/net/{tcp,tcp6}: For non-CNI ports ○ iptables, AUDIT_NETFILTER_CFG: For CNI ports 16
  • 17. WELCOME TO VALENCIA 17 The speaker switches here
  • 18. Enterprise DNS Requirements ● Use nameservers from VPN connections ● Support for split-DNS Other QEMU DNS limitations ● Picks single random nameserver from /etc/resolv.conf ● Cannot support mDNS ● Doesn’t load /etc/hosts from the host 18
  • 19. How it works: Host Resolver 19
  • 20. How it works: Proxy Settings ① Network settings ② lima.yaml ③ Environment variable ● Change 127.0.0.1 to 192.168.5.2 ● Create matching uppercase and lowercase variants ● Store in /etc/environment 20 ① ② ③
  • 21. Port Forwarding Limitations ● Port forwarding is delayed up to 3s due to polling ● Port may already be in use on the host ● Guest IP ≠ Host IP breaks external IP for k8s services ● UDP is not supported by ssh port forwarding 21
  • 22. How it works: vde_vmnet 22
  • 23. Lima community after one year ● 45 contributors ● 400 merged pull requests ● 26 releases ● 8k stars on GitHub 23
  • 24. Third party FOSS projects 24 Lima-GUI https://github.com/afbjorklund/lima-gui Colima https://github.com/abiosoft/colima Rancher Desktop https://github.com/rancher-sandbox/rancher-desktop
  • 25. Rancher Desktop ● GUI for containerd, moby, and k3s ● Rancher Dashboard for Kubernetes ● Test Kubernetes version upgrades ● Image scanning with Trivy ● Also works on Linux & Windows (WSL2) ● Free and open source 25
  • 26. Recap Lima provides a quick way to run containerd and k3s on macOS ● With automatic host filesystem sharing ● With automatic port forwarding 26 $ brew install lima $ limactl start $ lima nerdctl run -d -p 127.0.0.1:80:80 nginx:alpine $ curl http://localhost
  • 27. Join us! ● GitHub Discussions: https://github.com/lima-vm/lima/discussions ● Slack: #lima channel at https://slack.rancher.io/ Colocated with #rancher-desktop (Lima is not a Rancher project) 27 https://github.com/lima-vm/lima