VSCode dev containers with Podman
Developing with containers is now simple with VSCode's Remote Development extension. Any serious project where I use VSCode now has a devcontainer.json (including this blog), yet I've never been happy about using Docker on my personal machines. The install process is a little invasive, containers run as root by default, and I never liked the daemon running on my laptop all of the time. I recently switched my desktop and laptop from Fedora to Ubuntu, as my wife is very close to trying a Linux over Windows and I wanted to see what the state of the world was like for non-technical folk (quick summary - once setup, it's pretty good), and with a nice clean system I wanted to see if I could avoid using Docker and do everything with Podman.
Podman is a daemonless container engine for linux that's a breeze to install and use, and has a nice docker wrapper (podman-docker) that I tried today with VSCode, and with a minor tweak to my test devcontainer.json, it just worked.
I'm on Ubuntu at the moment, so installation was sudo apt install podman podman-docker, but you'll be able to do the same thing with pacman, dnf, or whatever.
To test, I'm using this Hugo devcontainer.json, which builds this blog, and is based on mcr.microsoft.com/vscode/devcontainers/javascript-node.
Running as root worked immediately, and if you want to go that route, just remove the remoteUser field in your devcontainer.json, if there happens to be one. To run rootless, however, I needed to fix two things: 1. give the user permissions to save files; and 2. run the VSCode server from /home/node instead of /root. The below did just that:
"runArgs": ["--userns=keep-id"],
"containerEnv": { "HOME": "/home/node" }
From Should you use the --user flag in rootless containers?:
The
keep-idoption tells Podman to create a user namespace where the current rootless user's UID:GID maps to the same values in the container. When the container is launched, it is running as your UID inside the container and on the host. Many HPC (High-Performance Computing) environments are using this flag and running the entire container with a single non-root UID.
And the other line just sets the home environment variable.
What I haven't tested, is what this will do on someones machine running docker. That's a bridge I may never need to cross, so it can wait until then.
Good luck and let me know about your experiences getting this working on your setup.