NTT Open Source

Lima is now a CNCF project 🎉

Akihiro Suda

4 min readOct 6, 2022

Lima, the Linux virtual machine for runningcontainerd on macOS, is now accepted inthe CNCF Sandbox (Sep 13) 🎉.

Lima in the CNCF Landscape (landscape.cncf.io)

This wasn’t possible without the help from the community. A huge thanks to all contributors! 😊

What is Lima?

Lima is a command line utility to runcontainerd andnerdctl (contaiNERD CTL) on macOS, via a Linux virtual machine with automatic filesystem sharing and port forwarding.

Just run 3 commands to get started:

brew install lima
limactl start
lima nerdctl run -d -p 127.0.0.1:80:80 nginx:alpine

http://localhost on macOS is forwarded to the localhost on Linux (which is forwarded to the container)

Lima is also used by third party projects such asColima andRancher Desktop.

Adoption of Lima in Rancher Desktop (rancherdesktop.io)

See also my blog article from the last year (Sep 1, 2021):

containerd & Lima: Open source alternative to Docker for Mac

Today, the community was shocked by the sudden news that Docker Desktop for Mac/Win is no longer free [-as-in-beer] for…

medium.com

Other updates

Sincemy previous article on Sep 1, 2021 (Lima v0.6.1), there were lots of other updates too.

Community growth

The community of Lima has been rapidly growing. Now we have nearly 10,000 stars ⭐ on GitHub.

We also have about 60 contributors so far, and we are looking forward to seeing more contributors 🙏.

Template for Docker

We originally designed Lima for running containerd. However, after getting the feedback from the community, we expanded the project scope to support other container engines such as Docker too.

To start Docker in a Lima virtual machine using thedocker template, run the following commands:

limactl start --name=default template://dockerbrew install dockerdocker context create lima-default \
  --docker "host=unix://$HOME/.lima/default/sock/docker.sock"docker context use lima-defaultdocker run hello-world

Lima also provides a lot oftemplates for running other containers and non-containers:

$ limactl start --list-templates
almalinux
alpine
archlinux
buildkit
centos-stream
debian
default
deprecated/centos-7
docker-rootful
docker
experimental/9p
experimental/almalinux-9
experimental/apptainer
experimental/centos-stream-9
experimental/opensuse-tumbleweed
experimental/oraclelinux-9
experimental/riscv64
experimental/rocky-9
faasd
fedora
k3s
k8s
nomad
opensuse
oraclelinux
podman-rootful
podman
rocky
singularity
ubuntu-lts
ubuntu
vmnet

Intel containers on ARM, ARM containers on Intel

Lima/nerdctl also supports running Intel containers on ARM (M1/M2), and vice versa, usingtonistiigi/binfmt :

lima sudo systemctl start containerd
lima sudo nerdctl run --privileged tonistiigi/binfmt --install all

e.g.,

$ lima nerdctl run --platform=amd64 alpine uname -m
x86_64$ lima nerdctl run --platform=arm64 alpine uname -m
aarch64

4x faster bridged networking

Thelocalhost (127.0.0.1) of the Linux guest are accessible as thelocalhost (127.0.0.1) from the macOS host by default.

In addition, Lima optionally supportsvmnet.framework for assigning “real” IP addresses that are accessible from the host (Shared/NAT mode) and even from other hosts (Bridged mode).

The stack for the optionalvmnet.framework support was replaced fromvde_vmnet tosocket_vmnet in Lima v0.12. This resulted in much faster networking: e.g, 0.31 Gbps → 1.23 Gbps (Bridged mode).

To enable thevmnet.framework support, installsocket_vmnet in addition to Lima, and run the following command to provide the limited root privilege to Lima:

limactl sudoers | sudo tee /etc/sudoers.d/lima

Then, runlimactl edit to open the YAML editor, and add the following configuration:

networks:
# Choose "shared" (NAT) or "bridged" (Bridged)
- lima: bridged

Switching away from reverse-sshfs

The default filesystem driver is planned to be changed fromreverse-sshfs to9p (virtio-9p-pci) soon, for better stability, security, and shorter boot time.

The9p support is currently experimentally available in theexpermental/9ptemplate:

limactl start --name=default template://experimental/9p

Changing the default driver is planned in Lima v1.0. Hope we can release Lima v1.0 by the end of the year.

Join the community

We are looking for more users and contributors 🙏

GitHub:https://github.com/lima-vm/lima
GitHub Discussions:https://github.com/lima-vm/lima/discussions
Slack:#lima channel inhttps://cloud-native.slack.com/
( New account:https://slack.cncf.io/ )

TAG-Runtime meeting on Oct 6 (Tomorrow)

Lima will be shown in theCNCF TAG-Runtime’s online meeting tomorrow:
Oct 6 (Thr), 08:00 PT / 11:00 ET / 15:00 UTC / 24:00 JST .

Seehttps://bit.ly/cncf-tag-runtime-meeting-notes .

NTT is hiring!

WeNTT are looking for engineers who work in Open Source communities like Lima, containerd, Docker/Moby, Kubernetes, and their relevant projects. Visithttps://www.rd.ntt/e/sic/recruit/ to see how to join us.

私たちNTTは、Lima、containerd 、Docker/Moby、 Kubernetes などのオープンソースコミュニティで共に活動する仲間を募集しています。ぜひ弊社採用情報ページをご覧ください:https://www.rd.ntt/sic/recruit/