So I wanted to get a bit of a native Linux feel when running containers, and I decided to go with WSL (since it's the only viable option while I'm on Windows). This setup ultimately uses fewer system resources—especially CPU and RAM—and also supports systemd, which is a huge win compared to using Podman or Docker Desktop.
First thing is, once you've installed WSL running Ubuntu:
🔗 https://learn.microsoft.com/en-us/windows/wsl/systemd
You can check and set the default distro with:
wsl -l -v
wsl --set-default Ubuntu
wsl -d Ubuntu You can then run the following to make sure systemd is running as PID 1, which is crucial in order to be able to run Docker as a service:
ps -p 1 -o comm=This should show
systemdas the top-level PID. If not, you may need to update your WSL setup, as per the docs linked above.
Now, this is where it gets a little more interesting:
sudo apt update && sudo apt upgrade -ysudo apt install -y ca-certificates curl gnupg lsb-release
ca-certificates: This will verify the Docker packages and the identity of the servers.gnupg: GPG is useful for handling the keys that the Docker packages that are installed haven't been tampered with.lsb-release: This gives you the release name of the Ubuntu version you are running.
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpgecho \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/nullExample output: You can view this file manually also to see if its been appropriately populated /etc/apt/sources.list.d/docker.list.
deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu jammy stable
At this point we want to update the APT index so that it knows what packages docker offers, if this is not run, apt wouldn't know if docker exists on the system.
sudo apt updatesudo apt install -y docker-ce docker-ce-cli containerd.ioNow this is the best part—interacting with Docker as a proper service in your WSL environment:
sudo systemctl enable docker
sudo systemctl start dockersudo systemctl status dockerExample snippet of output:
State: running
Units: 347 loaded
Jobs: 0 queued
Failed: 0 units
Since: Tue 2025-04-08 00:20:56 BST; 12h ago
systemd: 255.4-1ubuntu8.6
CGroup: /
├─init.scope
│ ├─ 1 /usr/lib/systemd/systemd
sudo docker version
sudo docker run hello-world
sudo docker info | grep -i cgroupExpected output snippet:
Cgroup Driver: systemd
Cgroup Version: 2
cgroupns
- Create the Docker group (if it doesn’t already exist):
sudo groupadd docker- Add your user to the group:
sudo usermod -aG docker $USER- Apply group changes to current session:
newgrp docker- Test:
docker ps -aNote: Docker group gives root-equivalent permissions. Avoid using this in production as it may allow attackers to escape containers and access the host system.
Kind is a great tool for making a lightweight Kubernetes setup, I explore this more deeply in my falco-playground.
cd ~
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.22.0/kind-linux-amd64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kindHere are a few extra steps you could consider adding to your setup:
Append to your ~/.bashrc or ~/.zshrc:
sudo systemctl start docker >/dev/null 2>&1You can make this smoother with a conditional check to avoid errors if Docker is already running.
I have a repo where I explore using docker-compose to emulate an environment with an adversary container.
sudo apt install docker-compose-plugin
docker compose versiondocker system prune -a