Sign in Subscribe
Latest issue

Apple container setup notes

I upgraded to MacOS 26 this week, and first thing I've wanted to try is the new native container support. I've been content with OrbStack but a lot of the time it's overkill when I just want to test something on the MacBook. Docker and Podman even more so. From an initial hour playing around, it's quick and easy and works fine if you don't need docker compose in your testing workflow.

❯ brew install --cask container

❯ container system start
Verifying apiserver is running...
No default kernel configured.
Install the recommended default kernel from [https://github.com/kata-containers/kata-containers/releases/download/3.17.0/kata-static-3.17.0-arm64.tar.xz]? [Y/n]:
Installing kernel...

~ took 32s

❯ container run --rm docker.io/library/alpine:latest sh -c 'echo hello world'
hello world

~ took 10s

That's it for the install and getting the service running.

All these tools use the standardized OCI image spec, which means I can just grab one from Docker Hub or another registry, and run it. This example runs a command and then the --rm deletes the image when it's done.

❯ container run --detach --name web docker.io/library/nginx:alpine
web

~ took 3s

❯ container ls -a
ID   IMAGE                           OS     ARCH   STATE    ADDR          CPUS  MEMORY
web  docker.io/library/nginx:alpine  linux  arm64  running  192.168.64.3  4     1024 MB

❯ container exec web ps
PID   USER     TIME  COMMAND
    1 root      0:00 nginx: master process nginx -g daemon off;
   25 nginx     0:00 nginx: worker process
   26 nginx     0:00 nginx: worker process
   27 nginx     0:00 nginx: worker process
   28 nginx     0:00 nginx: worker process
   29 root      0:00 ps

I like that you get virtual IPs, and there's even a DNS system which simplifies my type of testing where I routinely want to build and test a few hosts that need to talk to each other.

And when I'm done?

❯ container system status
apiserver is running
application data root: /Users/mmayo/Library/Application Support/com.apple.container/
application install root: /usr/local/
container-apiserver version: container-apiserver version 0.5.0 (build: release, commit: 48230f3)
container-apiserver commit: 48230f380499efecd663fdc6749a2cbaf2f8ed76

~
❯ container system stop

❯ container system status
apiserver is not running and not registered with launchd

The whole thing is just gone. YASSSS.

There's lots of great examples and documentation on the container GitHub page.

It's not a polished end product, but for me I like the simplicity, the firewalled networking and DNS, effective containment, and ease of firing the whole thing up or down when I need it without bloating my whole Mac. Pretty sweet.

Subscribe to the vmunix blues

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe