Add support for vscode devcontainers with containderd (nerdctl) engine

[marknefedov]

Problem Description

Currently, only dockerd(moby) supported.

Proposed Solution

Add support for https://github.com/devcontainers/cli which is now open source.

Additional Information

Currently, it looks like /tmp/ is not mapped to qemu, however I don't understand why it works with dockerd.

[ericpromislow]

Could you work inside /tmp/rancher-desktop ? We don't mount all of /tmp to the VM, but do provide this one directory.

[marknefedov]

It looks like there is no controls yet where devcontainers cli will create its temporary folders. It passes some stages if I add /tmp/devcontainers-username/, but there are more incompatibilities, like when trying to pull some microsoft dev_container_feature_content_temp image nerdctl errors out with pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed, while rd's docker works fine.

[ericpromislow]

Thanks. I still need a bit more info to understand this. Also while screenshots are always good, plain text copypastas help us reproduce reported issues.

[marknefedov]

First, looks like devcontainers create tmp folders with somewhat random names, e.g /tmp/buildkit-mount1867675823

❯ node devcontainer.js up --docker-path nerdctl  --workspace-folder .
[19 ms] @devcontainers/cli 0.20.0. Node.js v16.16.0. linux 6.0.0-1-default x64.
[1925 ms] Start: Run: nerdctl build -t dev_container_feature_content_temp -f /tmp/devcontainercli-mark/container-features/0.20.0-1665782348253/Dockerfile.buildContent /tmp/devcontainercli-mark/container-features/0.20.0-1665782348253
[+] Building 0.2s (5/5) FINISHED                                                
 => [internal] load .dockerignore                                          0.0s
 => => transferring context: 2B                                            0.0s
 => [internal] load build definition from Dockerfile.buildContent          0.1s
 => => transferring dockerfile: 95B                                        0.0s
 => [internal] load build context                                          0.0s
 => => transferring context: 27.36kB                                       0.0s
 => CACHED [1/1] COPY . /tmp/build-features/                               0.0s
 => exporting to oci image format                                          0.1s
 => => exporting layers                                                    0.0s
 => => exporting manifest sha256:3596494c48d7502bc49f886d1619d6ce2d4dbc63  0.0s
 => => exporting config sha256:cf60a1622aaf32b0e285ef4f0ae049e59da65b1c89  0.0s
 => => sending tarball                                                     0.1s
unpacking docker.io/library/dev_container_feature_content_temp:latest (sha256:3596494c48d7502bc49f886d1619d6ce2d4dbc63198e1dc6f39beb4263665c1b)...done
[2452 ms] Start: Run: nerdctl build -f /tmp/devcontainercli-mark/container-features/0.20.0-1665782348253/Dockerfile-with-features -t vsc-cli-6ed371ce4dc6e9dcb885e041a8ecc907 --target dev_containers_target_stage --build-arg VARIANT=16-bullseye --build-arg _DEV_CONTAINERS_BASE_IMAGE=dev_container_auto_added_stage_label --build-arg _DEV_CONTAINERS_IMAGE_USER=node --build-arg _DEV_CONTAINERS_FEATURE_CONTENT_SOURCE=dev_container_feature_content_temp /home/mark/Code/temp/cli/.devcontainer
[+] Building 0.1s (2/2) FINISHED                                                
 => [internal] load .dockerignore                                          0.0s
 => => transferring context: 2B                                            0.0s
 => [internal] load build definition from Dockerfile-with-features         0.1s
 => => transferring dockerfile: 2B                                         0.0s
error: failed to solve: failed to read dockerfile: open /tmp/buildkit-mount1867675823/Dockerfile-with-features: no such file or directory
FATA[0000] unrecognized image format                    
Error: Command failed: nerdctl build -f /tmp/devcontainercli-mark/container-features/0.20.0-1665782348253/Dockerfile-with-features -t vsc-cli-6ed371ce4dc6e9dcb885e041a8ecc907 --target dev_containers_target_stage --build-arg VARIANT=16-bullseye --build-arg _DEV_CONTAINERS_BASE_IMAGE=dev_container_auto_added_stage_label --build-arg _DEV_CONTAINERS_IMAGE_USER=node --build-arg _DEV_CONTAINERS_FEATURE_CONTENT_SOURCE=dev_container_feature_content_temp /home/mark/Code/temp/cli/.devcontainer
    at buildAndExtendImage (/home/mark/Code/temp/cli/dist/spec-node/singleContainer.js:238:15)
    at async buildNamedImageAndExtend (/home/mark/Code/temp/cli/dist/spec-node/singleContainer.js:109:16)
    at async openDockerfileDevContainer (/home/mark/Code/temp/cli/dist/spec-node/singleContainer.js:40:25)
    at async resolveWithLocalFolder (/home/mark/Code/temp/cli/dist/spec-node/configContainer.js:75:18)
    at async launch (/home/mark/Code/temp/cli/dist/spec-node/devContainers.js:46:20)
    at async doProvision (/home/mark/Code/temp/cli/dist/spec-node/devContainersSpecCLI.js:217:24)
    at async provision (/home/mark/Code/temp/cli/dist/spec-node/devContainersSpecCLI.js:202:20)
{"outcome":"error","message":"Command failed: nerdctl build -f /tmp/devcontainercli-mark/container-features/0.20.0-1665782348253/Dockerfile-with-features -t vsc-cli-6ed371ce4dc6e9dcb885e041a8ecc907 --target dev_containers_target_stage --build-arg VARIANT=16-bullseye --build-arg _DEV_CONTAINERS_BASE_IMAGE=dev_container_auto_added_stage_label --build-arg _DEV_CONTAINERS_IMAGE_USER=node --build-arg _DE

But It looks like there are still outstanding issues, on nerdctl side (https://github.com/containerd/nerdctl/issues/1027), and it would be easier to add persistent mappings to devcontainers(https://github.com/devcontainers/cli/issues/230).