Finch
The Finch CLI is an open source client for container development
Install / Use
/learn @runfinch/FinchREADME
Hello, Finch
<!-- markdownlint-restore -->
Finch is an open source client for container development. Its simple installer provides a minimal native client along with an opinionated distribution of other open source components. Rather than creating even more options to reason about and choose from, Finch aims to help promote other projects by making it easy to install and use them, while offering a simple native client to tie it all together.
Finch provides a simple client which is integrated with nerdctl. For the core build/run/push/pull commands, Finch depends upon nerdctl to handle the heavy lifting. It works with containerd for container management, and with BuildKit to handle Open Container Initiative (OCI) image builds. These components are all pulled together and run within a virtual machine managed by Lima.
With Finch, you can leverage these existing projects without chasing down all the details. Just install and start running and building your containers!
Getting Started with Finch
The project will in the near future have a more full set of documentation and tutorials. For now let's get started here. As mentioned above, finch integrates with nerdctl. While Finch doesn't implement 100% of the upstream commands, the most common commands are in place and working. The nerdctl Command Reference can be relied upon as a starting point for documentation.
Installing Finch
macOS
To get started with Finch on macOS, the prerequisites are:
- macOS catalina (10.15) or higher, newer versions are tested on a best-effort basis
- Intel or Apple Silicon M1 system for macOS
- Recommended minimum configuration is 2 CPU, 4 GB memory
Download a release package for your architecture from the project's GitHub releases page, and once downloaded double click and follow the directions.
Installing Finch via brew
brew install --cask finch
Windows
To get started with Finch on Windows, the prerequisites are:
- Windows 10 version 2004 and higher (Build 19041 and higher)
- AMD64 based Windows system
- WSL 2 installed (
wsl --install)
Download an MSI installer from the project's GitHub releases page, and once downloaded double click and follow the directions.
Once the installation is complete, finch vm init is required once to set up the underlying system. This initial setup usually takes about a minute.
finch vm init
INFO[0000] Initializing and starting Finch virtual machine...
..
INFO[0067] Finch virtual machine started successfully
Linux
To get started with Finch on Linux, the prerequisites are:
- Linux system capable of running containerd 1.7.x (generally, this means at least Linux kernel 4.x)
Currently, Finch installers are packaged and distributed on Amazon Linux. If you are not using Amazon Linux, you can download the binary from the GitHub releases page and install/configure the dependencies, following the convention in the finch.spec file. Detailed instructions are available on runfinch.com.
Running containers and building images
You can now run a test container. If you're familiar with container development, you can use the run command as you'd expect.
finch run --rm public.ecr.aws/finch/hello-finch
If you're new to containers, that is so exciting! Give the command above a try after you've installed and initialized Finch. The run command pulls an image locally if it's not already present, and then creates and runs a container for you. Note the handy --rm option will delete the container instance once it's done executing.
To build an image, try a quick example from the finch client repository.
git clone https://github.com/runfinch/finch.git
cd finch/contrib/hello-finch
finch build . -t hello-finch
..
Again if you're new to containers, you just built a container image. Nice!
The build command will work with the build system (the Moby Project's BuildKit in Finch's case) to create an OCI image from a Dockerfile, which is a special sort of recipe for creating an image. This image can then be used to create containers. You can see your locally pulled and built images with the finch images command.
Finch makes it easy to build and run containers across architectures with the --platform option. When used with the run command, it will create a container using the specified architecture. For example, on an Apple Silicon M1 system, --platform=amd64 will create a container and run processes within it using an x86-64 architecture.
uname -ms
Darwin arm64
finch run --rm --platform=amd64 public.ecr.aws/amazonlinux/amazonlinux uname -ms
Linux x86_64
You can also use the --platform option with builds, making it easy to create multiplatform images.
Working with Finch
We have plans to create some more documentation and tutorials here geared toward users who are new to containers, as well as some tips and tricks for more advanced users. For now, if you're ready to kick the tires, please do! You'll find most commands and options you're familiar with from other tools to present, and as you'd expect (or, as they are documented upstream with nerdctl). Most of the commands we use every day are covered, including volume and network management as well as Compose support. If Finch doesn't do something you want it to, please consider opening an Issue or a Pull Request.
Finch and other tools
The installer will install Finch and its dependencies in its own area of your system, and it can happily coexist with other container development tools. Finch is a new project and not meant to be a direct drop-in replacement for other tools. Therefore, we don't recommend aliasing or linking other command names to finch.
Configuration
Finch has a simple and extensible configuration.
macOS
A configuration file at ${HOME}/.finch/finch.yaml will be generated on first run. Currently, this config file has options for system resource limits for the underlying virtual machine. These default limits are generated dynamically based on the resources available on the host system, but can be changed by manually editing the config file.
For a full list of configuration options, check the finch struct for macOS.
An example finch.yaml looks like this:
# cpus: the amount of vCPU to dedicate to the virtual machine. (required)
cpus: 4
# memory: the amount of memory to dedicate to the virtual machine. (required)
memory: 4GiB
# snapshotters: the snapshotters a user wants to use (the first snapshotter will be set as the default snapshotter)
# Supported Snapshotters List:
# - soci https://github.com/awslabs/soci-snapshotter/tree/main
# Once the option has been set the snapshotters will be installed on either finch vm init or finch vm start.
# The snapshotters binary will be downloaded on the virtual machine and will be configured and ready for use.
# To change your default snpahotter back to overlayfs, simply remove the snapshotters value from finch.yaml or set snapshotters to `overlayfs`
# To completely remove the snapshotters' binaries, shell into your VM and remove /usr/local/bin/{snapshotter binary}
# and remove the snapshotter configuration in the containerd config file found at /etc/containerd/config.toml
snapshotters:
- soci
# creds_helpers: a list of credential helpers which can be used by Finch's container runtime stack. (optional)
#
# Finch currently supports Linux based credential helpers through its guest machine for macOS and Windows or natively
# for Linux. All credential helpers are expected to have `docker-credential-*` naming convention.
# Finch provides two modes of operation for credential helpers: managed and bring-your-own.
#
# Managed credential helpers:
# Managed credential helpers are installed and configured by Finch. This means the credential helper binary will be downloaded
# to the host machine and a config.json will be created and configured inside the $HOME/.finch directory if it does not already exist.
# Finch will ensure the credential helper binary is made available to its container runtime stack with no additional action required by
#
