I recently learned of OrbStack and it feels like the only product that actually makes an effort to integrate VMs and Containers correctly and consistently into macOS.
Docker Desktop and Podman Desktop are both a treadmill made of Lego bricks.
Have you tried Apple's container CLI[0]? I'm still mostly using OrbStack, but container gives me some hope for the future that Apple cares about this experience.
I do all my dev inside docker/orbstack environments. I've been using a Tailscale sidecar for each, which has let me easily spin up second (and third!) copy of each repo without having to worry about them interfering with each other (the same open ports etc.). I've not extended to using worktrees, as right now I prefer entirely separate clone's of a repo, but that may well change and I suspect this would work well for that too.
Also has the handy effect of making it super easy to share my dev environment with anyone else on my tailnet, though this could be locked down if needed.
I do yeah, Tailscale is generous with the "device" counts so I'm not worried about using them up -- especially as I spin them up as ephemeral, so as soon as I shutdown the stack they're gone, but the "random" name persists across shutdowns as I store it in a file that stays out of git.
The subdomain routing then works by pointing to that ephemeral machines ip, and my site in dev mode populates the sidebar with active links for this so it's not like I have to keep updating bookmarks etc. Super convenient. It's probably the weakest part of the setup (no https) but works fine for my needs.
OrbStack is great, it makes everything so easy - like networking: VMs and containers can talk to the host and to each other using hostnames; and file sharing: there are automatic mounts between host and guest; and sshing around just works.
Part of that though requires adopting a security model where thats OK. As I’ve started sprinkling MacOS hosts and guests throughout my network, I’ve needed to adopt other vz tactics.
OPs use of Tailscale mirrors my own, but given the security model of OrbStack it’s mostly a convenience rather than a hard security partition within the lan or even the host.
I use tailscale with Orbstack so that my agents on the vm can use tailscale serve to share dashboards I can view on my phone. Works out nicely.
One thing I noticed though, is that even if I set up the VM as a tagged device with limited access rules, if my host machine (the laptop) is connected as my user (which has less limited permissions), the vm uses my host's user permissions, which isn't really what I want. If I disconnect tailscale on the mac and leave the vm tailscale connected it works as intended though - so that's something to look out for.
Also, if you're using orbstack as an agent sandbox, just be aware that they only recently added an option for true filesystem isolation, the default setup doesn't really sandbox effectively.
It sounds like you have tailscale setup in the container with userspace networking — which works smoothly for incoming traffic, but for outgoing traffic to use the container’s tailscale device it has to be routed through a proxy that tailscaled runs, otherwise it goes over the host’s network.
I haven’t tried with orbstack, but it is possible to setup containers to use tailscale with kernel networking by mounting /dev/net/tun into the container. With that setup outgoing traffic will automatically route to the tailnet as the container’s device (and you don’t need tailscale on the host at all).
reply