MMS • Matt Campbell
AWS has released Finch, an open-source, cloud-agnostic, command-line client for building, running, and publishing Linux containers. Finch bundles together a number of open-source components such as Lima, nerdctl, containerd, and BuildKit. At the time of release, Finch is a native macOS client with support for all Mac CPU architectures.
According to Phil Estes, Principle Engineer at AWS, and Chris Short, Senior Developer Advocate at AWS, “Finch is our response to the complexity of curating and assembling an open source container development tool for macOS initially, followed by Windows and Linux in the future”. They note that the core Finch client will always be comprised of curated open-source, vendor-neutral projects.
In a conversation on the CNCF Slack, Estes elaborated on the focus for Finch:
We are focused on the command line client that can help with the developer’s “inner loop” on a Mac: build, run, push/pull of Linux containers. We also are focused on being an opinionated distribution such that we have a signed .pkg installer that makes it easy for companies that need to plug in Finch to their device management suite (jamf for example).
Some questioned the rationale behind building another tool for container management. User Flakmaster92 wondered on a recent Reddit post “what Finch can— or will— do today that something like Podman can’t do?” Jeongmin Hong, on the CNCF Slack #finch channel, also wondered the same thing, “I wonder how different Docker Desktop or Podman Desktop and this project [are]. What is [the] difference between them?”
The main difference is that Podman uses CRI-O (or CRI-O libs at least) while Finch uses containerd. At AWS we have chosen containerd for operation at scale, and run incredibly large numbers of containerd tasks for customers of AWS Fargate.
Estes also stated that while Finch is based on many of the same components (Lima, containerd, nerdctl) as tools like Rancher and Docker Desktop, Finch is focused entirely on the command line client.
As Finch is based on nerdctl, most of the nerdctl commands and options work the same as if the tool was running natively on Linux. Finch allows for pulling images from registries, running containers locally, and building images using Dockerfiles. Via emulation, Finch can build and run images for either amd64 or arm64 architectures.
While the Finch core will remain focused on vendor-neutral projects, Estes and Short shared that future plans for Finch include support for downstream consumers to create their own extensions and features. AWS-specific extensions will be opt-in to not “impact or fragment the open source core or upstream dependencies that Finch depends on”. The plan is for extensions to be maintained in their own projects with distinct release cycles.
Once installed, the Finch virtual environment must be initialized via
finch vm init. After that, Finch can be started using
finch vm start. Running a container can be done via the
run command, for example:
finch run --rm public.ecr.aws/finch/hello-finch
run command will pull the image if it is not present, then create and start the container. The optional
--rm flag will delete the container once the container command exits.
Finch only supports macOS at this time with the team stating that there is a desire for Windows and Linux support in the future. The prerequisites for macOS include a minimum of macOS Catalina (10.15), an Intel or Apple Silicon M1 system, and a minimum configuration of two CPUs and 4 GB of memory.