Develop

.github/workflows/test.yaml

@@ -15,13 +15,15 @@ jobs:
       matrix:
         features:
           - bpftool
+          - cni-plugins
           - docsify
           - grafanactl
           - gocover
           - go-ebpf
           - go-mod-upgrade
           - goreportcard
           - local-pkgsite
+          - nerdctl
           - pin-github-action
           - wal-wahl
         baseImage:

.vscode/extensions.json

@@ -0,0 +1,5 @@
+{
+    "recommendations": [
+        "mads-hartmann.bash-ide-vscode"
+    ]
+}

README.md

@@ -14,6 +14,9 @@ Alpine](https://github.com/devcontainers/features/blob/091886b3568dad70f835cc428
   https://github.com/libbpf/bpftool binary releases, especially avoiding the
   usual pain of upstream Debian/Ubuntu kernel-specific bpftool packages.
 
+- [cni-plugins](src/cni-plugins/README.md) – installs CNI plugins directly from
+  upstream https://github.com/containernetworking/plugins binary releases.
+
 - [docsify](src/docsify/README.md) – automatically serves ./docs workspace
   directory via `docsify serve` in the background (with the specific workspace
   location being configurable).
@@ -40,6 +43,9 @@ Alpine](https://github.com/devcontainers/features/blob/091886b3568dad70f835cc428
 - [local-pkgsite](src/local-pkgsite/README.md) – a local Go pkgsite serving the
   module documentation, with automatic project reload and browser refresh. 
 
+- [nerdctl](src/nerdctl/README.md) – installs `nerdctl` directly from upstream
+  https://github.com/containerd/nerdctl binary releases.
+
 - [pin-github-action](src/pin-github-action/README.md) – provides mheaps's
   `pin-github-action` for pinning GitHub actions to specific hashes.
 

devcontainer-features.code-workspace

@@ -0,0 +1,8 @@
+{
+	"folders": [
+		{
+			"path": "."
+		}
+	],
+	"settings": {}
+}

src/cni-plugins/NOTES.md

@@ -0,0 +1,11 @@
+## OS Support
+
+Tested with:
+- [ghcr.io/almalinux/almalinux](https://ghcr.io/almalinux/almalinux),
+- [mcr.microsoft.com/devcontainers/base:debian](https://mcr.microsoft.com/en-us/artifact/mar/devcontainers/base/about#about:_debian),
+- [fedora](https://hub.docker.com/_/fedora),
+- [mcr.microsoft.com/devcontainers/base:ubuntu](https://mcr.microsoft.com/en-us/artifact/mar/devcontainers/base/about#about:_ubuntu).
+
+## Acknowledgement
+
+[@containernetworking/plugins](https://github.com/containernetworking/plugins)

src/cni-plugins/README.md

@@ -0,0 +1,36 @@
+
+# CNI Plugins (cni-plugins)
+
+Installs CNI plugins from upstream.
+
+## Example Usage
+
+```json
+"features": {
+    "ghcr.io/thediveo/devcontainer-features/cni-plugins:0": {}
+}
+```
+
+## Options
+
+| Options Id | Description | Type | Default Value |
+|-----|-----|-----|-----|
+| version | version of cni-plugins to install | string | latest |
+| plugins-path | path to install the CNI plugins into | string | /usr/lib/cni |
+
+## OS Support
+
+Tested with:
+- [ghcr.io/almalinux/almalinux](https://ghcr.io/almalinux/almalinux),
+- [mcr.microsoft.com/devcontainers/base:debian](https://mcr.microsoft.com/en-us/artifact/mar/devcontainers/base/about#about:_debian),
+- [fedora](https://hub.docker.com/_/fedora),
+- [mcr.microsoft.com/devcontainers/base:ubuntu](https://mcr.microsoft.com/en-us/artifact/mar/devcontainers/base/about#about:_ubuntu).
+
+## Acknowledgement
+
+[@containernetworking/plugins](https://github.com/containernetworking/plugins)
+
+
+---
+
+_Note: This file was auto-generated from the [devcontainer-feature.json](https://github.com/thediveo/devcontainer-features/blob/main/src/cni-plugins/devcontainer-feature.json).  Add additional notes to a `NOTES.md`._

src/cni-plugins/devcontainer-feature.json

@@ -0,0 +1,18 @@
+{
+    "name": "CNI Plugins",
+    "id": "cni-plugins",
+    "version": "0.0.1",
+    "description": "Installs CNI plugins from upstream.",
+    "options": {
+        "version": {
+            "type": "string",
+            "default": "latest",
+            "description": "version of cni-plugins to install"
+        },
+        "plugins-path": {
+            "type": "string",
+            "default": "/usr/lib/cni",
+            "description": "path to install the CNI plugins into"
+        }
+    }
+}

src/cni-plugins/install.sh

@@ -0,0 +1,162 @@
+#!/usr/bin/env bash
+
+# Distribution and package manager detection are licensed by Microsoft
+# Corporation under the MIT License, please refer to:
+# https://github.com/devcontainers/features/blob/main/src/go/install.sh:
+#
+# Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the
+# MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license
+# information
+
+set -e
+
+CNIPLUGINS_VERSION="${VERSION:-"latest"}"
+CNIPLUGINS_PATH="${PLUGINS_PATH:-"/usr/lib/cni"}"
+
+REPOSLUG="containernetworking/plugins"
+QUERYLATEST_URL="https://api.github.com/repos/${REPOSLUG}/releases/latest"
+RELEASE_URL="https://github.com/${REPOSLUG}/releases/download/"
+
+echo "installing feature cni-plugins..."
+
+if [ "$(id -u)" -ne 0 ]; then
+    echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
+    exit 1
+fi
+
+# Bring in ID, ID_LIKE, VERSION_ID, VERSION_CODENAME
+. /etc/os-release
+# Get an adjusted ID independent of distro variants
+MAJOR_VERSION_ID=$(echo ${VERSION_ID} | cut -d . -f 1)
+if [ "${ID}" = "debian" ] || [ "${ID_LIKE}" = "debian" ]; then
+    ADJUSTED_ID="debian"
+elif [[ "${ID}" = "rhel" || "${ID}" = "fedora" || "${ID}" = "mariner" || "${ID_LIKE}" = *"rhel"* || "${ID_LIKE}" = *"fedora"* || "${ID_LIKE}" = *"mariner"* ]]; then
+    ADJUSTED_ID="rhel"
+    if [[ "${ID}" = "rhel" ]] || [[ "${ID}" = *"alma"* ]] || [[ "${ID}" = *"rocky"* ]]; then
+        VERSION_CODENAME="rhel${MAJOR_VERSION_ID}"
+    else
+        VERSION_CODENAME="${ID}${MAJOR_VERSION_ID}"
+    fi
+else
+    echo "Linux distro ${ID} not supported."
+    exit 1
+fi
+
+if [ "${ADJUSTED_ID}" = "rhel" ] && [ "${VERSION_CODENAME-}" = "centos7" ]; then
+    # As of 1 July 2024, mirrorlist.centos.org no longer exists.
+    # Update the repo files to reference vault.centos.org.
+    sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo
+    sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo
+    sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo
+fi
+
+# Setup INSTALL_CMD & PKG_MGR_CMD
+if type apt-get > /dev/null 2>&1; then
+    PKG_MGR_CMD=apt-get
+    INSTALL_CMD="${PKG_MGR_CMD} -y install --no-install-recommends"
+elif type microdnf > /dev/null 2>&1; then
+    PKG_MGR_CMD=microdnf
+    INSTALL_CMD="${PKG_MGR_CMD} ${INSTALL_CMD_ADDL_REPOS} -y install --refresh --best --nodocs --noplugins --setopt=install_weak_deps=0"
+elif type dnf > /dev/null 2>&1; then
+    PKG_MGR_CMD=dnf
+    INSTALL_CMD="${PKG_MGR_CMD} ${INSTALL_CMD_ADDL_REPOS} -y install --refresh --best --nodocs --noplugins --setopt=install_weak_deps=0"
+else
+    PKG_MGR_CMD=yum
+    INSTALL_CMD="${PKG_MGR_CMD} ${INSTALL_CMD_ADDL_REPOS} -y install --noplugins --setopt=install_weak_deps=0"
+fi
+
+# Clean up
+clean_up() {
+    case ${ADJUSTED_ID} in
+        debian)
+            rm -rf /var/lib/apt/lists/*
+            ;;
+        rhel)
+            rm -rf /var/cache/dnf/* /var/cache/yum/*
+            rm -rf /tmp/yum.log
+            rm -rf ${GPG_INSTALL_PATH}
+            ;;
+    esac
+}
+clean_up
+
+pkg_mgr_update() {
+    case $ADJUSTED_ID in
+        debian)
+            if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
+                echo "Running apt-get update..."
+                ${PKG_MGR_CMD} update -y
+            fi
+            ;;
+        rhel)
+            if [ ${PKG_MGR_CMD} = "microdnf" ]; then
+                if [ "$(ls /var/cache/yum/* 2>/dev/null | wc -l)" = 0 ]; then
+                    echo "Running ${PKG_MGR_CMD} makecache ..."
+                    ${PKG_MGR_CMD} makecache
+                fi
+            else
+                if [ "$(ls /var/cache/${PKG_MGR_CMD}/* 2>/dev/null | wc -l)" = 0 ]; then
+                    echo "Running ${PKG_MGR_CMD} check-update ..."
+                    set +e
+                    ${PKG_MGR_CMD} check-update
+                    rc=$?
+                    if [ $rc != 0 ] && [ $rc != 100 ]; then
+                        exit 1
+                    fi
+                    set -e
+                fi
+            fi
+            ;;
+    esac
+}
+
+# Checks if packages are installed and installs them if not
+check_packages() {
+    case ${ADJUSTED_ID} in
+        debian)
+            if ! dpkg -s "$@" > /dev/null 2>&1; then
+                pkg_mgr_update
+                ${INSTALL_CMD} "$@"
+            fi
+            ;;
+        rhel)
+            if ! rpm -q "$@" > /dev/null 2>&1; then
+                pkg_mgr_update
+                ${INSTALL_CMD} "$@"
+            fi
+            ;;
+    esac
+}
+
+case $(uname -m) in
+    x86_64) ARCH="amd64";;
+    aarch64 | armv8*) ARCH="arm64";;
+    *) echo "Unsupported architecture: $(uname -m)"; exit 1;;
+esac
+
+export DEBIAN_FRONTEND=noninteractive
+
+if ! type curl > /dev/null 2>&1; then
+    check_packages curl
+fi
+
+if [ "$CNIPLUGINS_VERSION" = "latest" ]; then
+    # get latest release    
+    CNIPLUGINS_VERSION=$(curl -s ${QUERYLATEST_URL} | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
+fi
+
+echo version: $CNIPLUGINS_VERSION
+echo for arch: $ARCH
+
+URL="${RELEASE_URL}${CNIPLUGINS_VERSION}/cni-plugins-linux-${ARCH}-${CNIPLUGINS_VERSION}.tgz"
+echo "${URL}"
+
+curl -sSL -o /tmp/cni-plugins.tgz "${URL}"
+ls -lH /tmp/cni-plugins.tgz
+mkdir -p "${CNIPLUGINS_PATH}"
+tar xzof /tmp/cni-plugins.tgz -C "${CNIPLUGINS_PATH}"
+rm /tmp/cni-plugins.tgz
+
+clean_up
+
+echo "Done!"

src/nerdctl/NOTES.md

@@ -0,0 +1,33 @@
+## Combining with `docker-in-docker` Feature
+
+Please note that the `docker-in-docker` feature is only available for
+Debian/Docker-based base images.
+
+In order to use nerdctl with the `containerd` included in the
+[`docker-in-docker`](https://github.com/devcontainers/features/tree/main/src/docker-in-docker)
+feature, you need to explicitly configure the non-standard API endpoint URL for
+`containerd` as follows:
+
+```json
+    "features": {
+        "ghcr.io/devcontainers/features/docker-in-docker:2": {
+            "dockerDashComposeVersion": "none",
+            "installDockerBuildx": false
+        },
+        "ghcr.io/devcontainers/features/nerdctl:0": {
+            "containerd-api": "unix:///run/docker/containerd/containerd.sock"
+        }
+    }
+```
+
+## OS Support
+
+Tested with:
+- [ghcr.io/almalinux/almalinux](https://ghcr.io/almalinux/almalinux),
+- [mcr.microsoft.com/devcontainers/base:debian](https://mcr.microsoft.com/en-us/artifact/mar/devcontainers/base/about#about:_debian),
+- [fedora](https://hub.docker.com/_/fedora),
+- [mcr.microsoft.com/devcontainers/base:ubuntu](https://mcr.microsoft.com/en-us/artifact/mar/devcontainers/base/about#about:_ubuntu).
+
+## Acknowledgement
+
+[@containerd/nerdctl](https://github.com/containerd/nerdctl)

src/nerdctl/README.md

@@ -0,0 +1,58 @@
+
+# containerd control CLI (nerdctl)
+
+Installs nerdctl from upstream.
+
+## Example Usage
+
+```json
+"features": {
+    "ghcr.io/thediveo/devcontainer-features/nerdctl:0": {}
+}
+```
+
+## Options
+
+| Options Id | Description | Type | Default Value |
+|-----|-----|-----|-----|
+| version | version of cni-plugins to install | string | latest |
+| containerd-api | path to containerd API endpoint | string | unix:///run/containerd/containerd.sock |
+
+## Combining with `docker-in-docker` Feature
+
+Please note that the `docker-in-docker` feature is only available for
+Debian/Docker-based base images.
+
+In order to use nerdctl with the `containerd` included in the
+[`docker-in-docker`](https://github.com/devcontainers/features/tree/main/src/docker-in-docker)
+feature, you need to explicitly configure the non-standard API endpoint URL for
+`containerd` as follows:
+
+```json
+    "features": {
+        "ghcr.io/devcontainers/features/docker-in-docker:2": {
+            "dockerDashComposeVersion": "none",
+            "installDockerBuildx": false
+        },
+        "ghcr.io/devcontainers/features/nerdctl:0": {
+            "containerd-api": "unix:///run/docker/containerd/containerd.sock"
+        }
+    }
+```
+
+## OS Support
+
+Tested with:
+- [ghcr.io/almalinux/almalinux](https://ghcr.io/almalinux/almalinux),
+- [mcr.microsoft.com/devcontainers/base:debian](https://mcr.microsoft.com/en-us/artifact/mar/devcontainers/base/about#about:_debian),
+- [fedora](https://hub.docker.com/_/fedora),
+- [mcr.microsoft.com/devcontainers/base:ubuntu](https://mcr.microsoft.com/en-us/artifact/mar/devcontainers/base/about#about:_ubuntu).
+
+## Acknowledgement
+
+[@containerd/nerdctl](https://github.com/containerd/nerdctl)
+
+
+---
+
+_Note: This file was auto-generated from the [devcontainer-feature.json](https://github.com/thediveo/devcontainer-features/blob/main/src/nerdctl/devcontainer-feature.json).  Add additional notes to a `NOTES.md`._

src/nerdctl/devcontainer-feature.json

@@ -0,0 +1,18 @@
+{
+    "name": "containerd control CLI",
+    "id": "nerdctl",
+    "version": "0.0.1",
+    "description": "Installs nerdctl from upstream.",
+    "options": {
+        "version": {
+            "type": "string",
+            "default": "latest",
+            "description": "version of cni-plugins to install"
+        },
+        "containerd-api": {
+            "type": "string",
+            "default": "unix:///run/containerd/containerd.sock",
+            "description": "path to containerd API endpoint"
+        }
+    }
+}