Docker Desktop alternatives on macOS: podman, nerdctl, Rancher Desktop
Docker changed its subscription model including Docker Desktop, thus generating more demand for alternatives. In this blog post, we look into podman, nerdctl, and Rancher Desktop as Docker Desktop alternatives on macOS.
The Docker Desktop subscription changes required a new agreement until January 31, 2022. I won't go into detail on the changes, except for describing my use case and what I am looking for when evaluating alternatives. If you are only interested in the alternatives, navigate into the following chapters:
My use case: Docker for Mac
I've been using Docker on the CLI to run development environments and demos with docker-compose stacks. The transparent port-forwarding from the underlying VM hypervisor is nice and always has been my favorite compared to custom docker-machine VMs with Parallels many years ago. Docker buildx works great for multi-arch builds, my suggestion is to move the builds into CI/CD pipelines.
Architecture
I'm still using Intel x86, MacBook refreshment happens in 2023. The Apple Silicon M1 will introduce arm64 as architecture, where an additional requirement is to run arm64 and cross-build x86 container images, for example following this post.
Local Kubernetes?
Docker Desktop ships with Kubernetes. I've never used it though, maybe I missed the use case. When working with Kubernetes, I am thinking of network reachable clusters and deployments, not necessarily on my Macbook. I also wanted to shift to managed k8s or k3s cloud offerings instead. Looking at AWS EKS (tip: eksctl), Google Cloud GKE, and Civo Cloud, there are many affordable offerings in the market, with the benefit of allowing global collaboration.
Resources shifted to the cloud
My Macbook already runs hot with an external display attached, local resources are limited in my case. Docker Desktop comes with Dev Environments allowing you to share the container in a team namespace on Docker Hub; I haven't tried it though.
My workloads shifted into the cloud: o11y.love is built using GitLab's Web IDE and Gitpod. The latter allows you to run docker-compose too and share with your team. I think that's an interesting alternative to keep in mind too.
What do I really need?
A container CLI (& daemon, if root access is required) on macOS, with native port-forwarding and volume bind mounting. That's the thing.
Everything else is either in CI/CD workflows or cloud-native deployments.
Let's see if there are alternatives to Docker Desktop on macOS to help my requirements.
Alternative: Podman
This is a CLI-only solution. podman is an alternative for Docker on the CLI, a desktop variant is discussed in this proposal:
If you don't need a UI, you can follow this blog post to migrate to podman CLI. More insights can be found in this thread on Hacker News. I'll share my steps below for macOS.
Following the documentation for macOS, podman provides a VM to run Linux containers, which is fedora-coreos-35.20220116.2.1-qemu.x86_64
by default as of writing (2022-01-31).
$ brew install podman
$ podman machine init
$ podman machine start
Test port-forwarding with running the nginx
image and try accessing port 8080.
$ podman run -ti -d -p 8080:80 nginx:latest
You can create a shell alias for docker
for example in ZSH with Oh-My-ZSH:
$ vim $HOME/.oh-my-zsh/custom/aliases.zsh
alias docker=podman
Remote volume mounts with podman
They do not work by default, thus /Users
is not available like know from Docker Desktop.
The following blog post describes an alternative with preparing the podman machine for volume mounts on macOS:
podman on Silicon M1
Running x86 container images on arm64 architecture is not yet supported, as it needs changes to the underlying qemu virtualization with podman machine. You can follow the discussion and change request.
Docker Compose with Podman
Docker compose is available as podman-compose
using PyPi. Install Python using Homebrew, if you have not, and use pip3
to install podman-compose
. Then add a shell alias, if needed.
$ brew install python
$ pip3 install podman-compose
$ vim $HOME/.oh-my-zsh/custom/aliases.zsh
alias docker-compose='podman-compose'
A quick test with the Docker Hub Limit Exporter shows it working.
$ git clone https://gitlab.com/gitlab-de/docker-hub-limit-exporter.git
$ cd docker-hub-limit-exporter/example/docker-compose
$ podman-compose up -d
More advanced configuration is not yet supported and made me stop evaluating podman as alternative for the moment. I've then evaluated the next alternative.
Alternative: nerdctl and containerd
This is a CLI-only solution. The installation requires to install Lima as VM where containerd is spawning the containers.
$ brew install lima
$ limactl start
$ lima nerdctl run -d --name nginx -p 127.0.0.1:8080:80 nginx:alpine
Lima runs qemu to spawn the virtual machine. The process reminds me of how Vagrant boots a VM.
The port-forwarding works flawlessly.
Docker compose with nerdctl
Following the documentation, this can be done with nerdctl compose
inside lima. Unfortunately, it does not like the entry point with multiple strings.
Needs a workaround, but I did not want to modify the docker-compose.yml file. The problem is listed in the incompatibility section in the nerdctl documentation. This led me to focus on the next alternative.
Alternative: Rancher Desktop
Rancher Desktop supports macOS (Apple Silicon, Intel CPUs), Windows, Linux. Quoting Rancher Desktop's docs:
Container Management
Rancher Desktop provides the ability to build, push, and pull container images along with the ability to run containers. This is provided by either the Docker CLI (when you choose Moby/dockerd as you engine) or nerdctl (when you choose containerd as your engine). nerdctl is a "Docker-compatible CLI for containerd" provided by the containerd project.
Kubernetes
Kubernetes is built in to Rancher Desktop. Kubernetes is provided by k3s, a lightweight certified distribution. With Rancher Desktop you have the ability to choose your version of Kubernetes and reset Kubernetes or Kubernetes and the whole container runtime with the click of a button.
Summary:
- I can select to use Moby/dockerd as an engine and get the docker CLI command.
- Alternatively,
nerdctl
provides a compatible CLI command, using containerd. - k3s as a lightweight alternative to Kubernetes (k8s) comes built-in from the maintainers, Rancher. 1.1.0 allows disabling Kubernetes.
Migration Steps from Docker to Rancher Desktop
- Uninstall Docker Desktop
- Install Rancher Desktop
- Install docker-compose with Homebrew
- Verify shell aliases and dotfiles dependencies
Remove Docker Desktop
Follow the steps in the Docker documentation.
The uninstall method doesn't clean up everything, unfortunately. This article can help, below I'll share my steps. Note that they are "advanced" deletes without trash bin usage. In case of reverts, you'll need to reinstall the Docker desktop app again.
Open Activity Monitor
(cmd+space and type Activity
followed selection with enter) and search Docker
to verify that no further processes run. In my case, com.docker.vmnetd
is the network bridge between the hypervisor VM and host system.
Force quit
when asked. You might get asked for your password.
Install Rancher Desktop
Navigate to https://rancherdesktop.io/ and select the platform to download.
If you are unsure about your Mac CPU, open About this Mac
in the upper left corner of the menu.
Verify the Processor
entry being Intel
or Silicon
.
Open the downloaded DMG file and drag&drop Rancher Desktop into Applications.
Open Rancher Desktop using your preferred way. I am using Raycast instead of Spotlight to quickly open apps with cmd + space
searching for Rancher
and enter
. Agree to open an application from the Internet.
When asked for Docker or nerdctl, decide whether you'd like
- Keep Docker compatibility and use docker-compose
- Try a new way with containerd and nerdctl.
I'll go with Docker compatibility first (dockerd (moby)) and later try containerd.
The Settings can be accessed from the menu icon.
The General
overview allows you to opt-out from automatic updates (recommend to leave enables for security updates) and anonymous statistics (I'm leaving them enabled to support the free project).
You can change the settings in Kubernetes Settings > Container Runtime
to select whether dockerd/moby or containerd. Resources can also be managed. You can also opt-in to disable Kubernetes to save CPU cycles. I've disabled Kubernetes, reducing workload on my Intel CPU.
Rancher Desktop will ask for elevated permissions to manage its installation directory (/opt/rancher-desktop
), Lima environment (the virtual machine environment, learn more in this article), Docker socket (for communicating with dockerd/moby from the CLI).
Rancher Desktop also creates symlinks to support docker
, kubectl
and nerdctl
natively in the system PATH from /usr/local/bin
. No further configuration is necessary to make things work on the CLI.
The Troubleshooting
section allows to view the logs and do a factory reset.
"Migration" aka does my use case still work?
docker info
output.
Running an image works reliably fast, depending on the internet connection.
Docker Compose CLI with Rancher Desktop
By selecting dockerd/moby
as container engine, the docker.sock
socket is exposed and can be consumed by the docker-compose
CLI tool. The symlink update is recommended if you have been using Docker Desktop before. More tips can be found in the Rancher Desktop FAQ.
$ brew install docker-compose
$ ln -sfn /usr/local/opt/docker-compose/bin/docker-compose /usr/local/bin/docker-compose
A quick test in the Docker Hub Limits Exporter project shows it is working.
$ git clone https://gitlab.com/gitlab-de/docker-hub-limit-exporter.git
$ cd docker-hub-limit-exporter/example/docker-compose
$ docker-compose up -d
Problems and notes with Rancher Desktop
When v1.0.0 was released, a lot of feedback was generated which got addressed with the current v1.1.0 release.
- Rancher desktop runs a local k3s cluster which you will see with
docker ps
too. This consumes more resources on your Macbook,qemu-system-x86_64
is the process insideActivity Monitor
. Solution: Use v1.1.0 and disable Kubernetes. host.docker.internal
is not resolved inside containers inside the lima VM. Fixed in v1.1.0.- The port-forwarding UI was missing on macOS, and was added in v1.1.0.
The only concern remaining is
- M1 installations still require Rosetta 2 https://github.com/rancher-sandbox/rancher-desktop/issues/1416
Conclusion
Running containers on macOS always requires a virtualized Linux environment in the background; there's no native support in the macOS kernel. Therefore all solutions will require virtualization resources.
Innovative ideas and OSS are a great combination, and we are lucky to have many great free resources as alternatives to Docker desktop. Podman, nerdctl and lima are good CLI-only solutions.
Rancher Desktop looks really promising, and the developers quickly addressed the most common requests, including the proposal to only run the container engine and not k3s.
TheNewStack said it best in their headline: "The Time to decide on Docker Desktop has arrived."
I've evaluated and researched a lot while writing this blog post in the past month. Thanks to many GitLab team members who helped evaluate different solutions, and provided valuable feedback for the tools described in this blog post and the GitLab handbook.
I'll go with Rancher Desktop - let's chat at KubeCon EU about experiences, and see how container live demos go :-)