vscode-remote-release icon indicating copy to clipboard operation
vscode-remote-release copied to clipboard

Published 20 hours ago verified publisher icon microsoft

[Containers] Support using nerdctl to connect to a containerd backend

Open MurzNN opened this issue 3 years ago • 15 comments

Kubernetes deprecated Docker as a container runtime after v1.20 at the end of 2020 year with removing in v1.22 in late 2021.

So now there is more and more servers, that uses other container runtimes (containerd, CRI-O) instead of Docker.

But Visual Studio Code Remote - Containers extension doesn't see CRI containers, that using runtime other than Docker, because instead of list of containers I see the placeholder:

Get started with containers by installing Docker or by visiting the help view.

So, is it possible to add support for other container runtimes to VS Code Remote Containers extension?

MurzNN avatar Dec 08 '21 12:12 MurzNN

Now we have nerdctl as a Docker-compatible CLI for containerd, maybe we can reuse it instead of docker backend to manage container operations for VS Code Remote Containers extension?

MurzNN avatar Dec 08 '21 12:12 MurzNN

Removing Dockershim and Docker support from Kubernetes is scheduled for Kubernetes v1.24.

MurzNN avatar Dec 08 '21 13:12 MurzNN

You can use a Docker compatible CLI by changing this setting: image

When I tried nerdctl with lima a while ago, it looked like it was not fully compatible with the Docker CLI yet.

chrmarti avatar Dec 10 '21 17:12 chrmarti

We should make this more specific about nerdctl. Updating the subject.

Remote - Containers does not touch container engines or daemons directly but rather interacts with CLIs. It makes no assumptions about how the engine functions. There's no "containerd, CRI-O" CLI per-se. For example, Docker itself uses containerd on Linux, so really it's already supported. Dockershim going away will not have any affect.

The issue is that each CLI that needs to be supported will require separate work unless it supports everything the docker CLI does with the same arguments. Podman is closest but there are always nuances.

While the nerdctl CLI is part of the containerd project, it currently has gaps most notably around the missing --mount property that has replaced -v and automatic creation of named volumes in either syntax (nerdctl requires a separate command be called). Would love to see those gaps resolved.

Chuxel avatar Dec 15 '21 23:12 Chuxel

nerdctl is only one option, most easier to integrate (because of Docker compatibility), but we have also crictl that must give compatibility with any CRI-compatible container engine!

So maybe split the issue to 2 parts - nerdctl and crictl?

MurzNN avatar Dec 16 '21 04:12 MurzNN

We should track crictl as a separate issue. Each CLI will be a separate effort. Raised #6075

Chuxel avatar Dec 16 '21 14:12 Chuxel

FYI - For those not aware, the dev container CLI is now open source and is what the extension uses to interoperate with container engines if anyone has interest in contributing. https://github.com/devcontainers/cli

Chuxel avatar Oct 12 '22 13:10 Chuxel

Any updates on this?

Anutrix avatar Mar 28 '23 09:03 Anutrix

FYI - For those not aware, the dev container CLI is now open source and is what the extension uses to interoperate with container engines if anyone has interest in contributing. https://github.com/devcontainers/cli

@Chuxel I checked the devcontainers/cli repo and searched for APIVersion and got no results. This leads me to believe the change we need is not in that repo, since the command VSCode runs when spinning up a devcontainer (when trying finch) is finch version --format {{.Server.APIVersion}}.

Is the code for this extension not open? This repo is just for feedback, correct?

kidbrax avatar Dec 14 '23 15:12 kidbrax

FYI - For those not aware, the dev container CLI is now open source and is what the extension uses to interoperate with container engines if anyone has interest in contributing. https://github.com/devcontainers/cli

@Chuxel I checked the devcontainers/cli repo and searched for APIVersion and got no results. This leads me to believe the change we need is not in that repo, since the command VSCode runs when spinning up a devcontainer (when trying finch) is finch version --format {{.Server.APIVersion}}.

Is the code for this extension not open? This repo is just for feedback, correct?

Yeah, I'd recommend opening an issue in the CLI repository to discuss the specific scenario you are looking into.

@chrmarti is the version check in the CLI or extension? Generally, seems like these kinds of checks should end up in the CLI (if not the broader spec) so they can be contributed, but I'm not sure if this is a proposed feature.

Chuxel avatar Dec 14 '23 21:12 Chuxel

The version check is in the extension. Making that more tolerant now.

chrmarti avatar Dec 18 '23 15:12 chrmarti

nerdctl and finch also don't support --sig-proxy=false This appears to be a fixed parameter in devcontainer when using single-container devcontainer configurations. https://github.com/containerd/nerdctl/blob/main/docs/command-reference.md#whale-nerdctl-attach

(Offending Line in devcontainer code: https://github.com/devcontainers/cli/blob/f7d4c853bf8c284d784173f3e915a34d961b0b55/src/spec-node/singleContainer.ts#L396 )

jsamuel1 avatar Jan 02 '24 05:01 jsamuel1

I'm hesitant to make details like --sig-proxy=false conditional on the detected CLI as that might quickly become a long list of cases to distinguish given the growing list of Docker-like CLIs.

The more tolerant version check is available in Dev Containers extension 0.330.0-pre-release.

chrmarti avatar Jan 09 '24 15:01 chrmarti

I'm hesitant to make details like --sig-proxy=false conditional on the detected CLI as that might quickly become a long list of cases to distinguish given the growing list of Docker-like CLIs.

Hi @chrmarti ,

In this case, for docker, you are tuning off the feature... and this feature doesn't even exists in nerdctl... you can safely be "non conditional" just detecting you are using nerdctl (which it already do) and not sending the argument.

Could that be a solution?

Bigous avatar Jan 18 '24 16:01 Bigous

A --sig-proxy change was merged to nerdctl yesterday that should supports the flag in run https://github.com/containerd/nerdctl/pull/3043

CodeChanning avatar Jun 25 '24 18:06 CodeChanning

I tried substituting the docker command with nerdctl using the --docker-path option.
The issue I encountered was with the additional_contexts support detection logic, and possibly also with parseVersion.

The CLI always determined that nerdctl compose was unsupported, which caused the build to fail.

ERROR [internal] load metadata for docker.io/library/dev_container_feature_content_temp:latest

For reference, my nerdctl is integrated with version 0.19:

 buildctl:
  Version:	0.19.0

I wish the docker compose module of the CLI to be refactored into a class, so we can inject the differences as functions into the constructor (or extract the differences to the constructor).

midnight-wonderer avatar Feb 11 '25 11:02 midnight-wonderer

I tried this today with version 0.409.0 of this extension with finch, which uses nerdctl, instead of docker and I am able to spin up a devcontainer!

Not sure where the rough edges are yet but this is now possible today.

cmullark avatar Apr 18 '25 20:04 cmullark

Finch's devcontainer Mac integration worked for me: https://runfinch.com/docs/integrations/mac/devcontainers. Consider tweaking the default config (cups, memory, ...): https://runfinch.com/docs/configuration-reference/.

subesokun avatar Apr 23 '25 01:04 subesokun