[HN Gopher] OrbStack: The fast, light, and easy way to run Docke...
___________________________________________________________________
OrbStack: The fast, light, and easy way to run Docker containers
and Linux
Author : rpgbr
Score : 270 points
Date : 2024-09-02 01:35 UTC (21 hours ago)
(HTM) web link (orbstack.dev)
(TXT) w3m dump (orbstack.dev)
| ta988 wrote:
| Also a bit more expensive than docker desktop for companies.
| Dansvidania wrote:
| perhaps, but much better in my experience.
| dmeijboom wrote:
| Happy user since day one. Since adopting Orbstack most of our
| frustrations with Docker on Mac OS are gone.
| kdrag0n wrote:
| Nice to see this here :)
|
| I work on OrbStack. Happy to answer questions!
| txdv wrote:
| Is the underlying kernel emulated in QEMU?
| kdrag0n wrote:
| We use a custom virtualization stack instead of QEMU. It
| makes a lot of performance and stability improvements
| possible.
| saagarjha wrote:
| What exactly is an Orb Stack
| highwaylights wrote:
| What's the security model for OrbStack and its containers?
|
| Is OrbStack rootless? Where is the security boundary for the
| containers? (Are they sandboxed completely from the host?)
|
| How does the virtualisation work? (I'd assume
| Virtualization.framework, so I can run it without Rosetta if
| all containers will share host architecture?)
|
| Does it support Docker-in-Docker and Docker-out-of-Docker? (M1
| and M2 Mac's don't have hardware for nested virtualisation so I
| assume this also prevents DiD with OrbStack?)
|
| Thanks in advance, eager to try it out.
| kdrag0n wrote:
| It's a shared VM and kernel, so the security boundary between
| containers is only as strong as typical Linux containers, and
| we don't really use the VM as a strong security boundary
| right now. The security model is similar to running Docker
| containers on a native Linux machine for development.
|
| Admin privileges aren't required on the macOS side. You can
| optionally allow a privileged helper for some small niceties,
| but the VM process never runs as root.
|
| The virtualization stack is custom, which allows for a lot of
| performance and stability improvements. It's not
| Virtualization.framework or QEMU.
|
| Containers don't require virtualization, so Docker-in-Docker
| works. Not sure what you mean by Docker-out-of-Docker, but
| you can run Docker in OrbStack Linux machines, and you can
| use the managed engine from macOS.
| weikju wrote:
| Please keep in mind I'm asking with genuine interest as I am a
| happy OrbStack user otherwise, (for private use).
|
| What is the reason Orbstack needs a connection to your license
| server for continued operation?
|
| I was moving and during nearly a month there was no home
| internet. My server was happily chugging along on wifi though,
| but one day I connected to it and saw a message that OrbStack
| couldn't contact the license server and soon stop functioning.
|
| This put me off a bit and made me consider whether I want to
| run anything I depend on using this.
| password4321 wrote:
| As you appear to be aware per the prefix to your question,
| this is the nature of all subscription software... what
| alternative would you choose if you were the author?
| Requiring the personal use edition to phone home once a month
| probably increases the potential sale price of the business
| by at least one order of magnitude.
|
| It would be more interesting to know the plans for tracking
| down commercial users abusing the personal license, maybe
| Oracle VirtualBox Extension Pack reverse IP address lookup
| style. The ins and outs of software license enforcement
| doesn't play well on HN, though I'm guessing there are few
| complaints about OrbStack requiring a subscription because
| they offer a free personal use license and the entry level
| commercial use license is so cheap vs. the value provided.
|
| It's actually exciting to see a dev tool where the developers
| have a sustainable business model, but this usually means
| there will be plenty of offers to cash out.
| rfoo wrote:
| Hi, is it possible to add a virtual machine mode to OrbStack?
| See https://news.ycombinator.com/item?id=41423667 for why. I'm
| okay with most (or all) nice integrations unavailable.
|
| Basically I want a true UTM replacement, the one I can run my
| own kernel.
| kdrag0n wrote:
| Sorry, no plans for that. That vertical integration is a key
| part of OrbStack -- it's not just for nice
| extras/integrations.
| rfoo wrote:
| Fair enough. Thanks for answering.
|
| Well, as someone who still lives in stone age (I guess?) I
| always run headless Linux VM on Windows/macOS and have all
| my projects/files inside VM so I unfortunately don't use
| your Docker/Kubernetes features, and fast file sharing is a
| nice to have.
|
| But, you and your team seems to really care about client
| virtualization on macOS, more so than Apple. So while being
| a niche, I sincerely hope you may consider this sometimes
| later.
| nrvn wrote:
| I have been using colima as a lightweight alternative to docker
| desktop and the likes of it for almost two years. Looking at
| the comparison provided on the orbstack website
| (https://docs.orbstack.dev/compare/colima) it seems to be not
| very accurate or at least requires some
| explanations/clarifications.
|
| For instance: Low power/CPU usage is advertised as non-existent
| in colima. This is simply not true. Based on my perception I
| can't tell whether colima VM is running or not. Unlike docker
| desktop, especially with kubernetes on. Does not drain my
| battery, does not bog my CPU down unless I intentionally spin
| up something resource hungry.
|
| ease of use/performance: not everyone needs GUI. colima is fine
| UX/devex wise with fast startup times. What does "fast network"
| even mean?
|
| Linux machines/distros: not a fair comparison. colima stands
| for "containers on Lima" where lima is "linux machines" on
| macos. I.e. if you want arbitrary vms, use lima directly.
| colima is specifically built to spin up docker/containerd/k3s
| vms.
|
| containers/kubernetes networking: this is opinionated and
| depends on a specific use case. In general I prefer the idea
| when my local kubernetes setup looks like the end production
| setup in the sense that I cannot mess up much with networking,
| access clusterip services directly from localhost because
| clusterip services are supposed to be accessible from inside
| the cluster itself, not from outside. loadbalancer IP is
| accessible through NodePorts anyways.
|
| containers file access: there are plenty of ways you can access
| files in containers and images. But again, probably there are
| people who like to browse the guts of a kubernetes node in
| MacOS Finder. When it comes to files and networking I want to
| be able to re-use my toolbox used for dealing with remote
| kubernetes clusters and docker/containerd instances to my local
| ones. Creating a special case with convenient but non-standard
| ways to access files as if they were part of my host filesystem
| may be good for someone, but wrong for someone else because at
| times when something goes wrong this special case will work as
| an excuse for "works on my machine".
|
| Please take the above as my personal experience. And I am in
| the herd of those who tend to keep everything as minimal and
| bare as possible with as much standartization/ lack of
| deviations across different environments as possible. Came to
| colima after years of minikube just because minikube's
| experience was no longer good with apple silicon. And there
| must be a very strong reason to switch to something new when
| what you have already is good enough.
|
| Also, when it comes to GUI, what about Rancher Desktop?
| nkmnz wrote:
| One reason I'm still using docker desktop in my (small) company
| is that our production systems are using docker compose and the
| networking with domains does not translate 1:1 between orbstack
| locally and docker compose + nginx in production. Is there an
| easy way to solve this?
| kdrag0n wrote:
| OrbStack domains can be nice but you don't have to use them.
| It's fully compatible with Compose, so you can just run the
| same commands with no changes to your setup. Did that not
| work for you?
| styfle wrote:
| I have a machine with Colima and don't want to bork it if I try
| Orbstack.
|
| I think I used "brew install docker docker-compose colima" and
| then "colima start".
|
| Is "brew install orbstack" a drop in replacement for colima or
| does it install other things that might conflict?
| kdrag0n wrote:
| Drop-in: "orb" to start, stop it + uninstall + restart Colima
| to revert.
|
| It can optionally install OrbStack's bundled `docker` and
| `docker compose` binaries, but you can also keep using the
| Homebrew ones.
| _joel wrote:
| use docker contexts, much easier :)
|
| # Switch to OrbStack
|
| docker context use orbstack
|
| # Switch to Colima
|
| docker context use colima
| SEJeff wrote:
| I love that you can simply type `orb` and get dropped into a
| Linux vm. Some of the cpu features are super weird (cat
| /proc/cpuinfo and it is unlike literally any x86 cpu I've seen
| before), but unless you happen to build stuff that depends on
| lots of specific cpu features like I do, it works well enough.
| jbverschoor wrote:
| Please try out my Docker shell container -
| https://github.com/jrz/container-shell which works great with
| orbstack
| saagarjha wrote:
| I assume it matches whatever Rosetta advertises?
| kdrag0n wrote:
| It's because Rosetta doesn't seem to emulate /proc/cpuinfo,
| so the contents reflect that of the arm64 host.
| SEJeff wrote:
| Yeah, it makes for VERY confused builds when you select on
| cpu features available.
| withinboredom wrote:
| I love how there is absolutely no mention that it is mac-only (or
| even what versions of mac are supported), even on the download
| page.
| saagarjha wrote:
| Which other platform would you expect it to be for?
| fulafel wrote:
| It advertises as an alternative to Docker Desktop which is
| for Windows and Linux as well.
| knallfrosch wrote:
| Asked the other way around, why would anyone think a Docker
| container runner would be tied to MacOS?
| saagarjha wrote:
| Because Windows users are unlikely to care about Docker and
| Linux people don't pay for stuff
| withinboredom wrote:
| I work on Windows, but mostly just use it for windowing.
| Almost all my work is done in WSL2 and Docker. The only
| things running natively are my IDE, my web browser, and
| slack.
| vultour wrote:
| This is hilarious and perfectly sums up my experience
| with Mac developers. Half of them have no idea Docker
| Desktop actually installs a Linux VM. They think how
| amazing their incredibly expensive system is, yet it's
| mostly a glorified text editor. The WSL experience on
| Windows convinced me buying a MacOS machine makes no
| sense.
| saagarjha wrote:
| Glad the humor landed
| eropple wrote:
| So I use WSL2 regularly on Windows, but I don't agree at
| all that buying a Mac doesn't make sense. WSL2 is _great_
| , and Windows 10/11 are fine after doing some
| cleanup...on a desktop. My experience with Windows on
| even modern laptops is pretty bad.
|
| It's very hard to find something with the build quality
| and affordances of a Mac. Razer makes a good machine but
| tbh I'd be embarrassed to bring one to a meeting, and I
| don't like how newer Thinkpads feel and I don't trust
| Framework to exist in a few years. It's then complicated
| while seeking reasonably comparable specs--and I'm not a
| "oh Apple Silicon sounds warmer" sort of person, amd64 is
| just fine with me, but AMD's high-end IGPs generally keep
| pace with base-model Macbooks, and start to fall behind
| pretty significantly when you move up to a Pro or a Max.
| You can add a discrete GPU, but, me, I like battery life,
| and mobile dGPUs are a mess of compromises anyway.
|
| Even if you get over that hurdle, I think Windows _feels
| bad_ when you 're using a touchpad. They haven't cracked
| that one despite how long they've had to work on it. I
| wouldn't want to work on a Windows laptop without an
| external trackball; I carry one with my Mac but rarely
| use it unless I'm going to be working for a pretty long
| stretch and I want to save my hands.
|
| Windows is still generally my pick for desktops for a lot
| of reasons (I don't even dual-boot Linux right now!) but
| this kind of sneering is weird and uncalled-for.
| baq wrote:
| Macs have great hardware (as in, great display and a
| great touchpad - and the best thing is the computer wakes
| from sleep when you open the lid, every time; I don't
| particularly care about the M-series except that it runs
| super duper cool for how fast it is).
|
| That said I've been tooting the horn that they are _not_
| good software development machines for about 2 years now
| (incidentally matches exactly with when I got a work
| macbook pro).
| yunohn wrote:
| The vast majority of devs use windows for dev, esp with
| Docker. Why wouldn't they care about it?
| Animats wrote:
| Yes. I'd like to have something that runs Docker images on
| desktop but doesn't require a privileged daemon, users, groups,
| etc.
| suprjami wrote:
| Is Podman Desktop available on your platform?
|
| Podman is rootless containers done correctly.
| Animats wrote:
| Thanks. I will try that.
|
| (I want to run Open Drone Map on Ubuntu desktop. ODM is a
| collection of image processing software from OpenCV and
| similar sources loosely bolted together to merge aerial
| photos from drones into a 3D model. So it has the install
| from hell unless containerized. ODM had a snap version, but
| the snap maintainer left the project.)
| PhilipRoman wrote:
| Probably not what you're looking for but I just wanted to
| mention Apptainer (previously Singularity). I find that it is
| usually easier to integrate and doesn't rely on a daemon. You
| can still use docker images as base.
| mrbluecoat wrote:
| Agreed. Apptainer is great for this use case.
| raffraffraff wrote:
| Was just about to post this. Apple heads tend to think that Mac
| is the default. Funny when you realise that the problem
| OrbStack is trying to fix is that MacOS isn't Linux.
| pjmlp wrote:
| Rather people using a UNIX, that isn't GNU/Linux, instead of
| sponsoring Linux OEMs.
| withinboredom wrote:
| Pretty sure orbstack won't run on other unix systems.
| pjmlp wrote:
| Buying a Linux powered laptop would have sorted out the
| problem in first place.
| withinboredom wrote:
| Yeah, because it won't ever wake up from sleep. :p
| me551ah wrote:
| Windows already has WSL2 and Docker would run natively on Linux
| anyway.
| inopinatus wrote:
| It's in the page title.
| mkl wrote:
| Conveniently left out of the HN link, and mentioned nowhere
| in the page body.
| globular-toast wrote:
| Yeah, I was quite confused, especially by the title "docker
| containers _and_ Linux "? What does that mean? If you can run
| Linux you can run docker. I thought it might have been a
| batteries included Linux distro at first.
| jchw wrote:
| I don't generally prefer to work on macOS, but if I wind up using
| macOS to do work, I often find myself working a lot on things in
| virtual machines and containers.
|
| Using Docker Desktop to compile Envoy using the standard Docker
| build process took somewhere in the ball park of 3 to 4 hours
| depending on my luck. OrbStack, on the other hand, brought it
| down to a bit under an hour, much closer to inline with a fresh
| compilation natively. Needless to say, the kinds of performance
| benefits I was seeing with OrbStack were game changers, and
| absolutely justify the cost.
|
| Even if Docker Desktop improves to match the performance,
| OrbStack brings basically the whole WSL2 + Docker experience to
| macOS, while Docker just brings the usual Docker experience. If
| you get the value of WSL2 on Windows, you'll probably understand
| the value of OrbStack on macOS.
|
| Sure, macOS is a UNIX environment, so a lot of the same software
| as Linux does run natively. However, a lot of Linux technologies
| don't really map to Darwin, so if you're working on Linux stuff
| on your macOS machine, there are plenty of use cases for virtual
| machines (case in point, Docker itself) not to mention simply
| being able to test software and build processes on Linux. The
| tight integration that OrbStack gives you is far better than just
| using Parallels or VMware. I have licenses for both at varying
| versions, but they're largely collecting dust on macOS, as now I
| basically only ever use traditional virtual machine products on
| macOS for the purpose of running Windows VMs.
|
| I'm sure some people don't have any use for this: their Docker
| performance is fine, they don't need Linux for anything else,
| etc. However, for me, it's one of those things that makes macOS
| much more usable for development work.
| magnio wrote:
| Funny how WSL2 makes Windows much more usable than macOS for
| development. None of the free options (colima, multipass, etc)
| I've tried on macOS are as smooth, though OrbStack might be it.
|
| I have also moved towards using devcontainers for my projects
| whenever I can, so that I can spin up my environment on
| whatever machine I have, or connect to a remote one if the
| machine doesn't allow it.
| jchw wrote:
| > None of the free options (colima, multipass, etc) I've
| tried on macOS are as smooth, though OrbStack might be it.
|
| Yes, I am generally not terribly impressed by colima. Of
| course, it's great to have as an option, but in practice I
| ran into issues trying to use it in various places. One issue
| that I am sure isn't a huge deal to most users is that as far
| as I could tell, colima did not support IPv6.
|
| I didn't try multipass, but I did try Podman Desktop. It had
| its niceities but largely was behind even Docker Desktop.
|
| If you really miss WSL2 on macOS, you might genuinely find
| OrbStack enticing. Then again, it's not free, and obviously,
| I don't want to give anyone false hope. For "home" use, I
| just run desktop Linux, using native containers and libvirt
| for everything. If I had to pay for a decent development
| experience on my personal machines, I would definitely
| struggle to justify a subscription charge even if it was
| good. On the flip side, it's easy to budget OrbStack into the
| equation for professional use. For your employer it's
| virtually a no-brainer.
| talldayo wrote:
| Imagine paying a subscription service to use something
| slower than QEMU. Yikes...
| jchw wrote:
| OK, I'll try to imagine that.
| gigatexal wrote:
| Lima ssh and you have WSL more or less. What are people
| missing?
| jchw wrote:
| For me, the primary draw of OrbStack is that it is very
| fast, which matters for me, as I wind up doing a lot of
| compute-bound things in containers. The fact that it
| provides a great dev experience similar to WSL2 is just a
| bonus.
| gigatexal wrote:
| what's the magic sauce that makes it so fast? custom vm
| engine? using apple's HVF? firecracker vm from AWS?
| jchw wrote:
| I think the main bottleneck in most macOS virtualization
| solutions winds up being I/O related. Docker Desktop and
| OrbStack both have custom solutions for bidirectional
| filesystem bridging and network integration, but for me
| OrbStack is much faster. OrbStack also can choose between
| using Apple Rosetta and qemu usermode for running Intel
| software on Apple Silicon.
| pjmlp wrote:
| Only because it is a Linux VM, and people insist on using
| Linux specific stuff instead of UNIX, to the point younger
| generations have no clue about the difference.
|
| Even the BSDs and Solaris/Illumos have add to add Linux
| translation layers.
|
| Sad state where POSIX hardly matters for portable UNIX code.
| AYBABTME wrote:
| Can you make containers in Darwin?
| pjmlp wrote:
| Yes, the macOS way, with Virtualization Framework.
| saagarjha wrote:
| (No.)
| nyrikki wrote:
| The insane stability of the Linux ABI is partially what
| makes containers useful.
|
| The fact that containers can reliably depend on the ABI
| contract, thus placing almost any clib they wish they
| want inside the container is fairly unique.
|
| That extreme stability of that contract is awesome for
| namespace decoupling. Unfortunately Apple and Microsoft
| do not have such stable interfaces.
|
| Remember containers are just namespaces.
| pjmlp wrote:
| Only in the context of Linux containers, not in general,
| starting with HP-UX Vaults on UNIX land.
| pxc wrote:
| Besides the way Apple puts a hard limit on the number of
| those you can spin up, don't they also virtualize
| hardware and run their own kernels? That's just not the
| kind of virtualization that containers are.
| zamalek wrote:
| Virtualization is not containerization. Linux has
| namespaces, BSD has jails, and even _Windows_ has Windows
| containers (thought doubt anyone actually uses them). If
| that 's the MacOS way, then the MacOS way must be
| incompetence.
| shepherdjerred wrote:
| https://darwin-containers.github.io/
| unilynx wrote:
| To mirror the sibling comment, where's the POSIX
| container/zone/vm whatever specification? If the BSDs and
| Linux can agree on a meaningful subset, macOS might
| actually follow
| pjmlp wrote:
| There isn't any in POSIX, then again, it isn't as if we
| now need containers for every executable for any magical
| reason.
|
| Also, just like in the good old days, it isn't hard to
| have something dealing with HP-UX Vaults, Aix logical
| partitions, Solaris/Ilumnos Zones, BSD jails, macOS
| Virtualiztion Framework,....
| saagarjha wrote:
| Just listing technologies that sound kind of similar
| isn't enough to actually answer the problems people want
| solved. The "good old days" were basically just people
| crying about being unable to have any of the features we
| have now because they don't match up or differ in subtly
| different ways.
| pjmlp wrote:
| Best way to solve problems is not to have them in first
| place, like getting a Linux laptop for doing Linux work.
| FpUser wrote:
| Words of wisdom. I do not really have any dev related
| problems with WSL2 either. Normally I develop and debug
| on Windows and deploy to Linux as my code compiles and
| works natively on both. It is mostly C++ backends lately
| so I suspect I am in tiny minority.
| saagarjha wrote:
| I like my laptop though.
| pjmlp wrote:
| Then use it as Apple decides it is in our best interest
| to do so, :)
| unilynx wrote:
| I was responding to 'people insist on using Linux
| specific stuff instead of UNIX'. As far as I can tell
| there is no way to do containers without doing highly
| platform specific stuff. It would be very useful if the
| platforms worked towards a common 'more than chroot'
| thing.
|
| As far as not really needing it, it's not like computers
| themselves are anywhere near the bottom of Maslow's
| pyramid, but that doesn't make them any less useful
| talldayo wrote:
| > Sad state where POSIX hardly matters for portable UNIX
| code.
|
| Given the current state of POSIX applications, I would
| actually argue that the BSD/Linux hegemony we enjoy is the
| best possible outcome. The only people that are mad are the
| people paying for UNIX and expecting to get something
| better for it. _Those_ people should have learned their
| lesson in the 90s, I have no empathy for POSIX apologists
| in 2024.
|
| The only "sad state" is one where everyday people don't
| have access to free software. Mac users have always paid a
| time premium and a performance premium for access to normal
| development features, this ignorance of MacOS is a pattern
| that persists since the 90s. _Of course_ nobody is bending
| over backwards to test portability with a proprietary OS.
| majormajor wrote:
| I've never found working on WSL2 to be quite as smooth as
| working on Ubuntu or Fedora directly. I don't really
| understand why I'd keep Windows in the loop there if I was on
| non-Mac hardward.
|
| And I've also found WSL2 less smooth than just working on Mac
| natively w/o containers. Containers are a necessary evil for
| testing certain types of things locally, but even the free
| tools for working with them on Mac seem fine, though
| Orbstack's gui is very nice.
|
| (Is there a similar GUI for Linux container management? I've
| just been running shell commands for years now...)
|
| Instead of moving more towards containers I've just been
| moving towards simpler, easier-to-set-up-on-Linux-or-Mac
| toolchains. But I don't have Windows as a target anyway, so
| that removes one huge need for containers.
| justin_oaks wrote:
| I've used Portainer, which works ok. It's web-based and is
| easy enough to run as a container itself.
|
| My preferred UI for managing containers is Lazydocker. It's
| a terminal UI, so I can run it on servers too.
|
| For the most part I just use the command line on Linux, but
| when I need to go through a large list of containers,
| images, or volumes to clean up, lazydocker is much better
| than the command line.
| madeofpalk wrote:
| > Funny how WSL2 makes Windows much more usable than macOS
| for development
|
| As long as you use VS Code. Using another editor through the
| network share isnt great and runs into all sorts of other
| compatibility issues otherwise. I've also ran into a bunch of
| networking quirks with WSL2 + Docker that were frustrating to
| sort out.
|
| WSL2 makes *nix development on Windows great, but I would
| still much prefer to just be in a native environment.
| novolunt wrote:
| The problem with wsl2 is that it not only requires a virtual
| machine, but also uses the windows kernel, not the linux kernel
| dwattttt wrote:
| WSL2 doesn't run under the Windows kernel, it runs the Linux
| kernel under the Windows hypervisor, side-by-side with the
| Windows kernel (in another lightweight VM). Honestly it's kinda
| crazy that Windows natively now runs as a VM.
| haberman wrote:
| I have been happily using OrbStack for a while now, and I've had
| nothing but good experiences. The UI is polished and responsive,
| the containers have great performance and nice integration with
| the host, and overall the product seems to be constantly pushing
| itself to be even better.
|
| I admit my greatest confusion about this software is how a
| product that appears to be a one-man show so quickly became more
| compelling than the well-funded incumbent (Docker Desktop). This
| is even more impressive considering that the developer appears to
| be a college student.
|
| Hats off, this is amazing work.
| saagarjha wrote:
| I'll let the actual developer respond but OrbStack has several
| people working on it now.
| kdrag0n wrote:
| Love to hear that. We're actually a small team at OrbStack now!
| xyst wrote:
| I'm curious how orbstack is able to achieve the performance they
| claim.
| sunaookami wrote:
| They have an architecture overview here:
| https://docs.orbstack.dev/architecture
| quantumwoke wrote:
| This is pretty light on the details.
| moondev wrote:
| It appears to be lxd, I assume a single vm with multiple lxd
| inside.
|
| https://github.com/orbstack/orbstack/issues/461#issuecomment...
| kdrag0n wrote:
| The issue submitter just happened to be running LXD in their
| OrbStack machine.
| marvin-hansen wrote:
| I switched to Orbstack about 2 weeks ago after having read about
| it here on HN.
|
| I develop a cloud native system entirely writen in Rust. All my
| own containers are build without Docker thanks to rules oci in
| Bazel. However, for integration testing, I'm using internal tools
| that fire up, say a database container and run the tests all from
| within Bazel to leverage test caching and parallelization.
|
| For a while, i was struggling to get around Dockers slow startup
| time on Mac. My CI server uses Firecracker VM's to isolate OCI
| containers so it's really only a docker on Mac issue.
|
| My main take away:
|
| - I am so close to delete Docker permanently. There is no
| comparison, not even close. All integration tests run so much
| faster.
|
| - Especially parallel container starts a noticable faster.
|
| - I've developed custom docker utils for testing and, believe me,
| the official Docker API is a humongous pile of garbage that I
| ended up re-implementing everything by wrapping the Docker
| command line. To nobody's surprise, even the custom docker utils
| work way faster and more reliable with OrbStack.
|
| - Zero issues. I am still a little bit puzzled that OrbStack
| basically runs bug-free no matter what I throw at it. Take it as
| a compliment.
|
| What I would like to see:
|
| - A Ressource monitor or at least some graph that plots CPU and
| memory usage. In some rare cases the application in the container
| runs close to the limit probably because a query takes too long,
| a process got stuck or whatever. Stuff just happenens. Point is,
| having an eye on ressource usage helps to spot those corner cases
| early on.
|
| For me, OrbStack is a clear win and a clear keeper. Well done Orb
| team and I wish you guys all the success in the world.
| oarmstrong wrote:
| > My CI server uses Firecracker VM's to isolate OCI containers
|
| Is this something you built yourself? I've been looking for a
| CI tool that uses Firecracker but never found anything, I
| started building something myself but it never really got
| finished. Would love to drop that project and use something off
| the shelf.
| aayushshah15 wrote:
| I'm obviously biased here but this is what we do at
| blacksmith dot sh. We run you GitHub Actions on consumer
| grade desktop CPUs with high single core performance, all
| inside ephemeral Firecracker VMs. Give us a shot!
| marvin-hansen wrote:
| BuildBuddy. Google it.
|
| It's totally next level. My build is 70 crates, hundreds of
| unit tests, integration tests, multi platform docker images
| for two platforms, and everything is done in under 2 minutes,
| if it's slow(!). If I hit only an incremental change, build
| is completed within 30 seconds.
|
| The future is now!
| rfoo wrote:
| I'm in a similar position but I need to make sure I run distro
| kernel (because that's part of integration) instead of whatever
| OrbStack shipped.
|
| In the end I just run a Linux VM and run everything inside.
| Zero issues by definition.
|
| I'd actually love to use OrbStack Machines cause it feels much
| nicer than UTM, but, well, I can't run OrbStack's patched Linux
| kernel :(
| totetsu wrote:
| I did the same thing. Docker Desktop for Macos kept going into
| resource saving mode and then not responding to anything after
| some time, so I tried Orbstack after seeing it here.
| princevegeta89 wrote:
| I've been using Colima which has been great, and much better
| than Docker Desktop which sucked ass for me.
|
| With Colima, file mounting and sharing caused reliability and
| permission issues for me though I've applied some workarounds
| with success. To avoid this mess, I'd much rather move to a VM
| though. I used VMWare Fusion and UTM but I still had the
| struggles with file sharing between host and the guest.
|
| So I took a lot of steps back and I'm currently running a Lima
| VM with headless Ubuntu and things are great so far. For Vscode
| we got the remote SSH plugin and then there is the Jetbrains
| Gateway as well.
|
| I'm sharing my experiences for people in similar shoes to try
| these out, if that helps!
| commandersaki wrote:
| OrbStack is by far some of the best software I've encountered on
| Mac, but unfortunately I have difficulty convincing my employer
| to pay for a commercial license, and with my sparse Docker usage,
| I'm confined to using it only for personal/hobby usage.
|
| What's amazing is it fixes an (almost) show stopper bug when
| using libuv (or software that uses it like CMake) with Rosetta 2
| [1], with the bug present on all Docker/VMs I've tried except
| OrbStack. It just seems to get everything right.
|
| [1]: https://github.com/libuv/libuv/issues/4279
| cedws wrote:
| Sorry to be blunt but your employer must be real penny
| pinchers, it's not that expensive, and it's a tool that would
| help you get the job done.
| commandersaki wrote:
| Fair criticism and I agree -- to that point, we're asked to
| bring our own devices to work without any compensation or the
| like (though it does have its advantages). I've considered
| paying out of my own pocket, but I just don't use Docker
| outside of work, and that's kind of where I draw the line at
| paying for software to do work.
| DandyDev wrote:
| You have to bring your own device? Do you have a major
| stake in the company you work for? Do you get an
| outrageously high salary? If the answer is no on both, you
| are taken major advantage of and you should quit asap
| danmur wrote:
| Spent all the budget on Apple hardware
| nkmnz wrote:
| MacBook Air M2 16gb ram leasing: 30EUR per month
|
| orbstack pro business license: 10EUR per month
|
| I don't think the hardware cost is prohibitive here. It's
| the death of a thousand paper cuts of a startup. I agree
| that orbstack would be a good investment, though.
| danmur wrote:
| My (somewhat sarcastic) comment was just that Apple
| hardware is more expensive than Linux/Windows hardware.
| If you use Linux then I would say the docker experience
| is quite good. I wonder if Linux hardware was an option;
| seems odd to require running stuff under docker but also
| force people to use macbooks...
| _joel wrote:
| Some places don't allow it due to MDM not being
| available/beta/untested for linux, althogh that has
| changed quite a bit over the past couple of years.
| password4321 wrote:
| > _MacBook Air M2 16gb ram leasing: 30EUR per month_
|
| How/where does one do this?
| nkmnz wrote:
| First hit on google for me:
| https://www.maclease.de/apple-macbook-
| air-m2-leasen-20211164...
|
| It's a 5 year contract, but the now 4 year old M1 16gb
| ram is still perfectly capable of running regular
| containerized web dev workloads (e.g. running supabase +
| 4 node applications)
| _joel wrote:
| $8 a month/user for the speed and productivity improvement
| seems, err, shortsighted.
| talldayo wrote:
| On the flip side, I empathize with the employer wondering why
| their "developer laptop" needs a monthly subscription to do
| what their Production server does for free. Maybe they should
| just use UTM in the meantime.
| _joel wrote:
| I'm not sure what you mean by prod server in this context,
| we deploy to k8s. We use testcontainers[1] that run locally
| on the laptop via IntelliJ. There's a bunch of integration
| tests that take a good while to boot via docker-desktop. If
| these tests can be sped up significantly then it's worth
| that $8 a month. I'd like to remind you that technically
| docker desktop isn't free, either. Nor is pushing tests to
| run via CI/CD first. That iteration cycle would take even
| longer.
|
| [1] https://testcontainers.com/
| renewiltord wrote:
| Orbstack is great. I use it in order to build a library cross-
| platform (Linux/Mac amd64/aarch64 all combinations) and it's
| great how I can do it on my Mac. You can even run a quick shell
| in a VM that has all your stuff mounted. Perfect user experience.
| mkermani144 wrote:
| It's not as battery-hungry as official Docker desktop. That's the
| main reason I switched to it. Now, I'm happier than before.
| webprofusion wrote:
| Err, you guys know that about 80% of desktops are Windows right?
| There's a bit of a myth that developers are all using macOS but
| in practice that's not really the case.
| selcuka wrote:
| I can't see how 80% of desktops being Windows is proof that
| most developers use macOS is a myth. Developers probably
| represent much less than 20% of all desktops, so it's a moot
| point.
| EasyMark wrote:
| Maybe they like developing for Mac and that's their niche, at
| least to begin with? You have to start somewhere.
| cedws wrote:
| Have been using OrbStack since beta and with a commercial license
| since February. I can't praise it enough, it's elegant,
| performant software that just works.
| KingMob wrote:
| OrbStack is great in a lot of ways, and I universally prefer it
| over Docker for Mac.
|
| That being said, it wasn't always been smooth sailing. Under the
| hood, OrbStack uses an 8TB sparse disk image, which doesn't play
| nice with most backup software.
|
| https://github.com/orbstack/orbstack/issues/29
|
| It caused me problems with Backblaze, but the Github issues for
| this show that it also breaks all sorts of backup software,
| including tarsnap, Druva inSync, Carbon Cloner, iDrive,
| Carbonite, and even Time Machine itself when formatted with HFS+,
| apparently.
|
| The official position for a year was "won't fix", because it's an
| Apple technology, and backup software should support that. While
| technically correct, realistically, sparse image backup support
| was not very widespread at the time. (I have no idea about now,
| since I gave up trying to back up my Orbstack image with my whole
| disk backup.)
|
| I like Orbstack, but I wish the devs had moved to exclude the
| disk image from backups immediately, instead of arguing with
| people about it for a year first.
|
| All that being said, I do still like OrbStack a lot, and I hope
| to never see a repeat of this problem and how it was handled.
| nwienert wrote:
| The first reply on the issue you linked seems incredibly
| professional and well handled, and even recommends excluding
| the file from backups, I can't see a single issue there.
| KingMob wrote:
| Being polite is not quite the same thing as being handled
| professionally, and definitely not the same thing as handling
| it correctly.
|
| Telling people to exclude the file from backup came too late
| for many. E.g., Time Machine users with older disks formatted
| with HFS+ would find their drives crashed/corrupted/wiped,
| and lost all their backups. Only afterwards would they start
| googling to see what happened. (Even now, the relevant FAQ
| still says "Time Machine supports them, so your backups will
| not be affected" which is not always correct.)
|
| From the time the issue was opened, to the time they said
| they admitted they were wrong and excluded the Orbstack image
| from backups by default, was _13 months_. Even if other
| solutions were on the table, the _professional_ thing to do
| would have been to exclude the images ASAP, so customers
| weren 't at risk of data loss, and then work on alternatives
| afterwards.
| ignoramous wrote:
| > _I like Orbstack, but I wish the devs..._
|
| devs? afaik, it is just one teenager, Danny Lin (he might be 20
| by now, though).
| kdrag0n wrote:
| A small team now :)
|
| (not back then though)
| rahen wrote:
| I'm not sure I fully understand the technical differences between
| an OrbStack VM and a container, as both seem to use a shared
| kernel.
|
| What would be the closest alternative on Linux? LXD? I've grown
| accustomed to the convenience of OrbStack.
| suprjami wrote:
| A Buildroot VM which runs just enough Linux to provide Docker
| and virtio file sharing?
|
| You can achieve almost the same thing with Alpine Linux, that's
| how I run all my containers, one VM per container.
|
| Edit: Further down the comments it says OrbStack is a single
| Linux VM running LXD containers. Oh well, I was close.
| rahen wrote:
| I currently use Vagrant on Linux, but it's slow and resource
| heavy.
|
| With OrbStack, the ability to set up an Ubuntu or Fedora 'VM'
| in a few seconds, then install even complex SDN workloads
| inside is incredible.
|
| Now I want something similar on Linux, especially once I
| switch to Asahi. I haven't tried LXD yet, but it seems to
| work similarly to OrbStack with the added benefit of having a
| full Linux kernel and the ability to modprobe modules and
| create snapshots, something that isn't possible with
| OrbStack. I'll have to give it a try.
| suprjami wrote:
| LXD is a manager for LXC containers. I have the vague idea
| that it's like k8s for LXC but I don't really know either
| orchestration tools well enough to say.
|
| LXC containers are like Docker/Podman containers except
| they usually run an init process, so you're not running
| just one binary inside the container.
|
| You can make LXC "app containers" which just run one binary
| Docker/Podman containers.
| rahen wrote:
| Answering my own question for anyone else who might be curious:
| OrbStack is essentially LXD for macOS, so on Linux, LXD indeed
| provides an identical workflow.
|
| In fact, LXD is a bit better. The command line is more
| powerful, it supports snapshots, the network configuration is
| more comprehensive, there's a direct access to the host kernel,
| and the web UI is a nice touch since it can work from a
| headless VM if needed.
|
| This was one of the few things I was missing on Asahi and Linux
| in general. Feels good.
| fake-name wrote:
| OrbStack: The fast, light, and easy way to run Docker containers
| and Linux*
|
| * On MacOS Hosts only.
|
| I feel like there should be a rule that if the submission is
| basically a "Show HN" style post (or a link to s piece of
| software), it should be mentioned in the title if its platform
| specific.
| rudi_mk wrote:
| OrbStack has been an absolute lifesaver. Rancher Desktop was
| great for running a quick K3s cluster locally, but OrbStack's VMs
| are just great. For someone who likes to run separate envs on
| Linux, Orb's VMs are great. Pretty performant on my older M1 MBP
| too.
| pawelduda wrote:
| OrbStack is great for me on MacOS and nothing else I tried comes
| close.
| Quarrel wrote:
| It would be handy if it mentioned somewhere near the top of the
| front page that OrbStack is a macOS utility.
|
| So that Linux & Windows people know they can look away. (Looks
| like a cool tool though!)
| fnordlord wrote:
| Does anyone know if you can run arm64 images on a x86 Linux
| machine? I'm currently doing it with Docker and QEMU but it is
| super slow.
| _joel wrote:
| Emulation will generally be pretty slow, much slower than
| native virtualisation (although Rosetta has tricks to make this
| quicker).
|
| Ideally use multi-arch images or build your own.
| vinnymac wrote:
| I have been using OrbStack for 8 months now for personal use. I
| haven't experienced a single issue in that time, and use it
| daily.
|
| Can't say that for much software to be honest.
| julian37 wrote:
| kdrag0n's first post about this on HN, afaict:
| https://news.ycombinator.com/item?id=34100779
|
| Amazing how far they've got since, in just two years. As others
| have pointed out, it's already "boring" software in that it just
| works. And that's no small feat because this kind of tool
| requires all kinds of low-level hackery to make work, and make
| work fast. Hats off!
|
| (Happy user here if you couldn't tell.)
| shepherdjerred wrote:
| The absolute best feature that OrbStack has is debug shells.
| Essentially, it lets you attach to any container with all of your
| favorite tools already present, e.g. vim.
|
| https://docs.orbstack.dev/features/debug
|
| OrbStack is well worth the price IMO
| hinkley wrote:
| How the hell do they do that?
| omnicognate wrote:
| There's a "how it works" bit at
| https://orbstack.dev/blog/debug-shell
|
| > In particular, mount namespaces are what Docker and runc
| use to give each container its own image and view of the
| filesystem. But unlike chroot(2), you can copy an existing
| mount namespace into a new one. Debug Shell uses this to copy
| a container's namespace, creating a new view where we can
| inject things without them showing up in the original mount
| namespace or filesystem.
| atombender wrote:
| Linux, at the kernel level, doesn't have any concept of a
| "container". What you have instead are namespaces. File
| systems, process lists, networking etc. are all namespaced,
| and you can set these up "a la carte".
|
| For example, you can create a new process that has as its
| file system root /home/blah. It will see every process in the
| system, it can do networking, etc. -- but "ls" can only show
| the files under /home/blah, which appears as /. Inside this
| process, you can't see any files above this directory.
|
| A Docker container is simply a process which has set all its
| namespaces in such a way as to isolate it from others.
|
| "Entering" a Docker container is done by setting up your
| namespace to be the same as that of the container. For
| example, you can create a new process (a shell, for example)
| that is a normal process in every way -- full access to the
| root file system and networking and so on -- but has the
| process tree root as the container. The process will see only
| the processes inside the container.
|
| You can do this on Linux today using the nsenter [1] tool.
| (This is also a way to create simple namespaced processes
| without Docker.) This allows a mix of namespaces; you can
| enter the container's namespaces but also retain the ability
| to run tools that aren't available inside the container.
|
| In short, I assume the OrbStack debug command does the exact
| same thing. It's coincidentally the same concept as an
| ephemeral container on Kubernetes.
|
| [1] https://man7.org/linux/man-pages/man1/nsenter.1.html
| mootpt wrote:
| also supports ipv6.
| zero0529 wrote:
| Wished they had a Nix package, but looks good I will check it
| out! (Request to devs please a nix package, nix-darwin is very
| good for defining work machines)
| oars wrote:
| Great alternative to Docker Desktop on MacOS.
___________________________________________________________________
(page generated 2024-09-02 23:01 UTC)