The CNCF Technical Oversight Committee (TOC) has voted to accept Lima as a CNCF incubating project. Lima enables secure, isolated environments for running cloud native and AI workloads.
What is Lima? Where Does It Fit in the Cloud Native Landscape?
Lima, short for “Linux Machines,” provides Linux virtual machines optimized for running containers in local development environments. Lima comes with built-in integration for the following container engines:
- containerd [CNCF Graduated] (default)
- Docker
- Podman [CNCF Sandbox]
- Kubernetes [CNCF Graduated]
- k3s [CNCF Sandbox]
- k0s [CNCF Sandbox]
- Usernetes
- RKE2
- Apptainer
Use cases
Lima is also known to be useful for a variety of other use cases beyond containerization. One of the most edgy use cases is to run an AI coding agent inside a VM in order to isolate the agent from direct access to host files and commands. This setup ensures that even if an AI agent is deceived by malicious instructions searched from the Internet (e.g., fake package installations), any potential damage is confined within the VM or limited to files specified to be mounted from the host. The Lima website features several examples of hardening AI agents:
- Aider
- Claude Code
- Codex
- Gemini
- GitHub Copilot CLI
- GitHub Copilot in Visual Studio Code
Lima’s Beginnings and Growth
The Lima project was launched in May 2021 by Akihiro Suda, a maintainer of containerd and numerous other projects in the container ecosystem. The project was initially designed as a “containerd machine” aiming to demonstrate and promote containerd, including nerdctl (contaiNERD CTL), to Mac users. Later the project scope was expanded to support other container engines and non-container applications as well. Lima supports non-macOS hosts, such as Linux, NetBSD, and Windows.
Lima joined the Cloud Native Computing Foundation in September 2022 as a Sandbox project. Since then, the project has successfully seen continuous growth in contributions and adoptions, with the number of GitHub stars doubling.
Notable adopters include:
- Colima
- Rancher Desktop
- AWS Finch
- Podman Desktop [CNCF Sandbox] (as an extension)
Also see other user stories in GitHub Discussions.
Maintainer Perspective
“I’m glad that Lima has evolved from a simple demo tool to becoming a foundational modern container ecosystem, under the guidance of CNCF. I hope that Lima will see more adoptions, especially in the context of sandboxing AI coding agents.”
– Akihiro Suda, Founding Maintainer of Lima, NTT
“I’m thrilled to see developers already experimenting with Lima 2.0’s external driver API, trying Apple Containers, libkrun, and Proxmox. The ability to extend Lima without touching the core makes me excited to see how the community explores and expands local virtualization.”
– Jan Dubois, Maintainer of Lima, SUSE
From the TOC
“As AI and cloud native converge, Lima plays an important role in providing secure, isolated environments for testing and development. Its lightweight VM approach supports workloads that need extra protection or reproducibility without sacrificing speed or usability. The project’s inclusion in CNCF incubation reflects both its technical maturity and its growing impact across developer and AI communities.”
— Ricardo Rocha, CNCF TOC Sponsor
“Lima captures the practical, community-driven innovation that defines cloud native. By making it easy to run Linux VMs with container-like workflows, Lima bridges local development and production environments with security and consistency. I’m excited to see how Lima further continues to develop and expand its impact.”
— Chad Beaudin, CNCF TOC Sponsor
Main Components:
- limactl CLI
- containerd, as the default container engine, with optional feature enablers:
- gomodjail, for enhanced supply chain security
- bypass4netns, for accelerating rootless networking
- eStargz, for accelerating container start-up time
- Ubuntu, as the default guest OS
- Templates
- Alternative container engines (Docker, Podman, etc.)
- Alternative guest OS (AlmaLinux, Debian, Fedora, openSUSE, etc.)
- VM drivers
- Virtualization.framework (system component of macOS)
- QEMU
- WSL2
- Filesystem drivers
- virtiofs (provided by Virtualization.framework)
- 9p (provided by QEMU)
- reverse-sshfs
- Network drivers
- User-mode networking based on gVisor
- vzNAT (provided by Virtualization.framework), for direct IP access and faster throughput
- socket_vmnet for advanced networking modes
- Port forwarders
- eBPF port scanner
- Kubernetes port scanner
- SSH transport
- gRPC transport
Notable Milestones
- 18,200+ GitHub Stars
- 2,600+ Pull Requests
- 1,200+ Issues
- 78 Releases
- 160 Contributors
- 8 Maintainers from independent organizations and individuals
Latest release
The project also celebrates its v2.0 release, featuring:
- Plug-in subsystem for VM drivers, to allow implementing a third-party VM driver without modifying the upstream
- Support for GPU acceleration, using krunkit VM driver
- Model Context Protocol (MCP) server, to allow securing AI coding agents running outside a VM
- Many CLI improvements
Learn more about the project milestones on GitHub.
As a CNCF-hosted project, Lima is part of a neutral foundation aligned with its technical interests, as well as the larger Linux Foundation, which provides governance, marketing support, and community outreach. Lima joins incubating technologies Backstage, Buildpacks, cert-manager, Chaos Mesh, CloudEvents, Container Network Interface (CNI), Contour, Cortex, CubeFS, Dapr, Dragonfly, Emissary-Ingress, Falco, gRPC, in-toto, Keptn, Keycloak, Knative, KubeEdge, Kubeflow, KubeVela, KubeVirt, Kyverno, Litmus, Longhorn, NATS, Notary, OpenFeature, OpenKruise, OpenMetrics, OpenTelemetry, Operator Framework, Thanos, and Volcano. For more information on maturity requirements for each level, please visit the CNCF Graduation Criteria.