docker

Docker Desktop alternatives on macOS: podman, nerdctl, Rancher Desktop

Michael Friedrich

Mar 15, 2022 • 10 min read

Docker changed its subscription model including Docker Desktop, thus generating more demand for alternatives. In this blog post, we look into podman, nerdctl, and Rancher Desktop as Docker Desktop alternatives on macOS.

The Docker Desktop subscription changes required a new agreement until January 31, 2022. I won't go into detail on the changes, except for describing my use case and what I am looking for when evaluating alternatives. If you are only interested in the alternatives, navigate into the following chapters:

Podman
nerdctl and containerd
Rancher Desktop
Conclusion

My use case: Docker for Mac

I've been using Docker on the CLI to run development environments and demos with docker-compose stacks. The transparent port-forwarding from the underlying VM hypervisor is nice and always has been my favorite compared to custom docker-machine VMs with Parallels many years ago. Docker buildx works great for multi-arch builds, my suggestion is to move the builds into CI/CD pipelines.

Architecture

I'm still using Intel x86, MacBook refreshment happens in 2023. The Apple Silicon M1 will introduce arm64 as architecture, where an additional requirement is to run arm64 and cross-build x86 container images, for example following this post.

Local Kubernetes?

Docker Desktop ships with Kubernetes. I've never used it though, maybe I missed the use case. When working with Kubernetes, I am thinking of network reachable clusters and deployments, not necessarily on my Macbook. I also wanted to shift to managed k8s or k3s cloud offerings instead. Looking at AWS EKS (tip: eksctl), Google Cloud GKE, and Civo Cloud, there are many affordable offerings in the market, with the benefit of allowing global collaboration.

Resources shifted to the cloud

My Macbook already runs hot with an external display attached, local resources are limited in my case. Docker Desktop comes with Dev Environments allowing you to share the container in a team namespace on Docker Hub; I haven't tried it though.

My workloads shifted into the cloud: o11y.love is built using GitLab's Web IDE and Gitpod. The latter allows you to run docker-compose too and share with your team. I think that's an interesting alternative to keep in mind too.

What do I really need?

A container CLI (& daemon, if root access is required) on macOS, with native port-forwarding and volume bind mounting. That's the thing.

Everything else is either in CI/CD workflows or cloud-native deployments.

Let's see if there are alternatives to Docker Desktop on macOS to help my requirements.

Alternative: Podman

This is a CLI-only solution. podman is an alternative for Docker on the CLI, a desktop variant is discussed in this proposal:

If you don't need a UI, you can follow this blog post to migrate to podman CLI. More insights can be found in this thread on Hacker News. I'll share my steps below for macOS.

Following the documentation for macOS, podman provides a VM to run Linux containers, which is fedora-coreos-35.20220116.2.1-qemu.x86_64 by default as of writing (2022-01-31).

$ brew install podman

$ podman machine init

$ podman machine start

Test port-forwarding with running the nginx image and try accessing port 8080.

$ podman run -ti -d -p 8080:80 nginx:latest

You can create a shell alias for docker for example in ZSH with Oh-My-ZSH:

$ vim $HOME/.oh-my-zsh/custom/aliases.zsh


alias docker=podman

Remote volume mounts with podman

They do not work by default, thus /Users is not available like know from Docker Desktop.

The following blog post describes an alternative with preparing the podman machine for volume mounts on macOS:

podman on Silicon M1

Running x86 container images on arm64 architecture is not yet supported, as it needs changes to the underlying qemu virtualization with podman machine. You can follow the discussion and change request.

Docker Compose with Podman

Docker compose is available as podman-compose using PyPi. Install Python using Homebrew, if you have not, and use pip3 to install podman-compose. Then add a shell alias, if needed.

$ brew install python

$ pip3 install podman-compose

$ vim $HOME/.oh-my-zsh/custom/aliases.zsh

alias docker-compose='podman-compose'

A quick test with the Docker Hub Limit Exporter shows it working.

$ git clone https://gitlab.com/gitlab-de/docker-hub-limit-exporter.git
$ cd docker-hub-limit-exporter/example/docker-compose

$ podman-compose up -d

More advanced configuration is not yet supported and made me stop evaluating podman as alternative for the moment. I've then evaluated the next alternative.

Alternative: nerdctl and containerd

This is a CLI-only solution. The installation requires to install Lima as VM where containerd is spawning the containers.

$ brew install lima
$ limactl start

$ lima nerdctl run -d --name nginx -p 127.0.0.1:8080:80 nginx:alpine

Lima runs qemu to spawn the virtual machine. The process reminds me of how Vagrant boots a VM.

The port-forwarding works flawlessly.

Docker compose with nerdctl

Following the documentation, this can be done with nerdctl compose inside lima. Unfortunately, it does not like the entry point with multiple strings.

Needs a workaround, but I did not want to modify the docker-compose.yml file. The problem is listed in the incompatibility section in the nerdctl documentation. This led me to focus on the next alternative.

Alternative: Rancher Desktop

Rancher Desktop supports macOS (Apple Silicon, Intel CPUs), Windows, Linux. Quoting Rancher Desktop's docs:

Container Management

Rancher Desktop provides the ability to build, push, and pull container images along with the ability to run containers. This is provided by either the Docker CLI (when you choose Moby/dockerd as you engine) or nerdctl (when you choose containerd as your engine). nerdctl is a "Docker-compatible CLI for containerd" provided by the containerd project.

Kubernetes

Kubernetes is built in to Rancher Desktop. Kubernetes is provided by k3s, a lightweight certified distribution. With Rancher Desktop you have the ability to choose your version of Kubernetes and reset Kubernetes or Kubernetes and the whole container runtime with the click of a button.

Summary:

I can select to use Moby/dockerd as an engine and get the docker CLI command.
Alternatively, nerdctl provides a compatible CLI command, using containerd.
k3s as a lightweight alternative to Kubernetes (k8s) comes built-in from the maintainers, Rancher. 1.1.0 allows disabling Kubernetes.

Migration Steps from Docker to Rancher Desktop

Uninstall Docker Desktop
Install Rancher Desktop
Install docker-compose with Homebrew
Verify shell aliases and dotfiles dependencies

Remove Docker Desktop

Follow the steps in the Docker documentation.

The uninstall method doesn't clean up everything, unfortunately. This article can help, below I'll share my steps. Note that they are "advanced" deletes without trash bin usage. In case of reverts, you'll need to reinstall the Docker desktop app again.

Open Activity Monitor (cmd+space and type Activity followed selection with enter) and search Docker to verify that no further processes run. In my case, com.docker.vmnetd is the network bridge between the hypervisor VM and host system.

Force quit when asked. You might get asked for your password.

Install Rancher Desktop

Navigate to https://rancherdesktop.io/ and select the platform to download.

If you are unsure about your Mac CPU, open About this Mac in the upper left corner of the menu.

Verify the Processor entry being Intel or Silicon.

Open the downloaded DMG file and drag&drop Rancher Desktop into Applications.

Open Rancher Desktop using your preferred way. I am using Raycast instead of Spotlight to quickly open apps with cmd + space searching for Rancher and enter. Agree to open an application from the Internet.

When asked for Docker or nerdctl, decide whether you'd like

Keep Docker compatibility and use docker-compose
Try a new way with containerd and nerdctl.

I'll go with Docker compatibility first (dockerd (moby)) and later try containerd.

The Settings can be accessed from the menu icon.

The General overview allows you to opt-out from automatic updates (recommend to leave enables for security updates) and anonymous statistics (I'm leaving them enabled to support the free project).

You can change the settings in Kubernetes Settings > Container Runtime to select whether dockerd/moby or containerd. Resources can also be managed. You can also opt-in to disable Kubernetes to save CPU cycles. I've disabled Kubernetes, reducing workload on my Intel CPU.

Rancher Desktop will ask for elevated permissions to manage its installation directory (/opt/rancher-desktop), Lima environment (the virtual machine environment, learn more in this article), Docker socket (for communicating with dockerd/moby from the CLI).

Rancher Desktop also creates symlinks to support docker, kubectl and nerdctl natively in the system PATH from /usr/local/bin. No further configuration is necessary to make things work on the CLI.

The Troubleshooting section allows to view the logs and do a factory reset.

"Migration" aka does my use case still work?

docker info output.

Running an image works reliably fast, depending on the internet connection.

Docker Compose CLI with Rancher Desktop

By selecting dockerd/moby as container engine, the docker.sock socket is exposed and can be consumed by the docker-compose CLI tool. The symlink update is recommended if you have been using Docker Desktop before. More tips can be found in the Rancher Desktop FAQ.

$ brew install docker-compose

$ ln -sfn /usr/local/opt/docker-compose/bin/docker-compose /usr/local/bin/docker-compose

A quick test in the Docker Hub Limits Exporter project shows it is working.

$ git clone https://gitlab.com/gitlab-de/docker-hub-limit-exporter.git
$ cd docker-hub-limit-exporter/example/docker-compose

$ docker-compose up -d

Problems and notes with Rancher Desktop

When v1.0.0 was released, a lot of feedback was generated which got addressed with the current v1.1.0 release.

Rancher desktop runs a local k3s cluster which you will see with docker pstoo. This consumes more resources on your Macbook, qemu-system-x86_64 is the process inside Activity Monitor. Solution: Use v1.1.0 and disable Kubernetes.
host.docker.internal is not resolved inside containers inside the lima VM. Fixed in v1.1.0.
The port-forwarding UI was missing on macOS, and was added in v1.1.0.

The only concern remaining is

M1 installations still require Rosetta 2 https://github.com/rancher-sandbox/rancher-desktop/issues/1416

Conclusion

Running containers on macOS always requires a virtualized Linux environment in the background; there's no native support in the macOS kernel. Therefore all solutions will require virtualization resources.

Innovative ideas and OSS are a great combination, and we are lucky to have many great free resources as alternatives to Docker desktop. Podman, nerdctl and lima are good CLI-only solutions.

Rancher Desktop looks really promising, and the developers quickly addressed the most common requests, including the proposal to only run the container engine and not k3s.

TheNewStack said it best in their headline: "The Time to decide on Docker Desktop has arrived."

I've evaluated and researched a lot while writing this blog post in the past month. Thanks to many GitLab team members who helped evaluate different solutions, and provided valuable feedback for the tools described in this blog post and the GitLab handbook.

I'll go with Rancher Desktop - let's chat at KubeCon EU about experiences, and see how container live demos go :-)

Super stoked about speaking at #KubeCon EU in May 🤩

From Monitoring to Observability: Left Shift your SLOs with Chaos

Come and say hi, in person 🤗https://t.co/Hnj3boVZp6 #o11ylove https://t.co/2hbuLT09PK pic.twitter.com/Hv9X5HEO4c
— Michael Friedrich 🏳️‍🌈 🇺🇦 🌐 (@dnsmichi) March 9, 2022