Add a devcontainer configuration (#7583)

VS Code [devcontainers][dc] provide a way to define a reproducible,
customizable developer environment. This should lower the barrier to
entry for contributors and reduce the maintenance burden for existing
developers, as a docker daemon is now basically all that's needed to get
up and running.

This change adds a devcontainer for the Linkerd2 project. Its container
starts in the host's network so that it can easily access k3d clusters
running on the host's docker daemon.

[dc]: https://code.visualstudio.com/docs/remote/containers

Signed-off-by: Oliver Gould <ver@buoyant.io>

.devcontainer/Dockerfile

@@ -0,0 +1,59 @@
+FROM docker.io/golang:1.17-bullseye
+
+# Note: we do *not* delete the apt cache so subsequent steps (like docker,
+# dotfiles) need not pull the cache again. This comes at the cost of a fatter
+# container image.
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt update && apt upgrade -y
+RUN apt install -y \
+    clang \
+    cmake \
+    libssl-dev \
+    lldb \
+    lsb-release \
+    npm \
+    sudo \
+    time
+RUN npm install markdownlint-cli@0.23.1 --global
+
+ARG USER=code
+ARG USER_UID=1000
+ARG USER_GID=1000
+RUN groupadd --gid=$USER_GID $USER \
+    && useradd --uid=$USER_UID --gid=$USER_GID -m $USER \
+    && echo "$USER ALL=(root) NOPASSWD:ALL" >/etc/sudoers.d/$USER \
+    && chmod 0440 /etc/sudoers.d/$USER
+
+# Install a Docker client that uses the host's Docker daemon
+ARG USE_MOBY=false
+ENV DOCKER_BUILDKIT=1
+RUN curl --proto '=https' --tlsv1.3 -vsSfL https://raw.githubusercontent.com/microsoft/vscode-dev-containers/main/script-library/docker-debian.sh \
+    | bash -s --  true /var/run/docker-host.sock /var/run/docker.sock "${USER}" "${USE_MOBY}" latest
+
+RUN (echo "LC_ALL=en_US.UTF-8" \
+    && echo "LANGUAGE=en_US.UTF-8") >/etc/default/locale
+
+USER $USER
+ENV USER=$USER
+ENV HOME=/home/$USER
+RUN mkdir -p $HOME/bin
+ENV PATH=$HOME/bin:$PATH
+
+RUN curl --proto '=https' --tlsv1.3 -vsSfLo $HOME/kubectl "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" \
+    && chmod 755 $HOME/kubectl
+RUN curl --proto '=https' --tlsv1.3 -vsSfL https://raw.githubusercontent.com/rancher/k3d/main/install.sh \
+    | USE_SUDO=false K3D_INSTALL_DIR=$HOME/bin bash
+
+RUN curl --proto '=https' --tlsv1.3 -vsSfL https://sh.rustup.rs \
+    | sh -s -- -y --default-toolchain 1.56.1 -c rustfmt -c clippy -c rls
+
+RUN mkdir /tmp/cargo-deny && cd /tmp/cargo-deny && \
+    curl --proto '=https' --tlsv1.3 -vsSfL https://github.com/EmbarkStudios/cargo-deny/releases/download/0.11.0/cargo-deny-0.11.0-x86_64-unknown-linux-musl.tar.gz | tar zxf - && \
+    mv cargo-deny-0.11.0-x86_64-unknown-linux-musl/cargo-deny $HOME/bin && \
+    cd .. && rm -rf /tmp/cargo-deny
+
+RUN curl --proto '=https' --tlsv1.3 -vsSfL https://run.linkerd.io/install-edge | sh \
+    && ln -s $(readlink ~/.linkerd2/bin/linkerd) ~/bin/linkerd
+
+ENTRYPOINT ["/usr/local/share/docker-init.sh"]
+CMD ["sleep", "infinity"]

.devcontainer/README.md

@@ -0,0 +1,37 @@
+# devcontainer
+
+This directory provides a _devcontainer_ configuration that configures a
+reproducible development environment for this project.
+
+## Docker
+
+This configuration currently uses the parent host's Docker daemon (rather than
+running a separate docker daemon within in the container). It creates
+devcontainers on the host network so it's easy to use k3d clusters hosted in the
+parent host's docker daemon.
+
+## Customizing
+
+This configuration is supposed to provide a minimal setup without catering to
+any one developer's personal tastes. Devcontainers can be extended with per-user
+configuration.
+
+To add your own extensions to the devcontainer, configure default extensions in
+your VS Code settings:
+
+```jsonc
+    "remote.containers.defaultExtensions": [
+        "eamodio.gitlens",
+        "GitHub.copilot",
+        "GitHub.vscode-pull-request-github",
+        "mutantdino.resourcemonitor",
+        "stateful.edge"
+    ],
+```
+
+Furthermore, you can configure a _dotfiles_ repository to perform customizations
+with a configuration like:
+
+```jsonc
+    "dotfiles.repository": "https://github.com/olix0r/dotfiles.git",
+```

.devcontainer/devcontainer.json

@@ -0,0 +1,28 @@
+{
+    "name": "linkerd2",
+    "image": "ghcr.io/linkerd/dev:v4",
+    // "dockerFile": "./Dockerfile",
+    "extensions": [
+        "DavidAnson.vscode-markdownlint",
+        "matklad.rust-analyzer",
+        "NathanRidley.autotrim",
+        "samverschueren.final-newline",
+        "streetsidesoftware.code-spell-checker",
+        "tamasfe.even-better-toml",
+        "vadimcn.vscode-lldb",
+        "zxh404.vscode-proto3"
+    ],
+    "runArgs": [
+        "--init",
+        // Use the host network so we can access k3d, etc.
+        "--net=host",
+        // For lldb
+        "--cap-add=SYS_PTRACE",
+        "--security-opt=seccomp=unconfined"
+    ],
+    "overrideCommand": false,
+    "remoteUser": "code",
+    "mounts": [
+        "source=/var/run/docker.sock,target=/var/run/docker-host.sock,type=bind"
+    ]
+}

.github/workflows/codecov.yml

@@ -50,7 +50,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 15
     container:
-      image: docker://rust:1.56.0
+      image: docker://rust:1.56.1
       options: --security-opt seccomp=unconfined
     steps:
       - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579

.github/workflows/policy_controller.yml

@@ -24,7 +24,7 @@ jobs:
     timeout-minutes: 5
     runs-on: ubuntu-latest
     container:
-      image: docker://rust:1.56.0
+      image: docker://rust:1.56.1
     steps:
       - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
       - run: rustup component add rustfmt
@@ -50,7 +50,7 @@ jobs:
     timeout-minutes: 5
     runs-on: ubuntu-latest
     container:
-      image: docker://rust:1.56.0
+      image: docker://rust:1.56.1
     steps:
       - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
       - run: rustup component add clippy
@@ -60,7 +60,7 @@ jobs:
     timeout-minutes: 20
     runs-on: ubuntu-latest
     container:
-      image: docker://rust:1.56.0
+      image: docker://rust:1.56.1
     steps:
       - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
       # Check each crate independently to ensure its Cargo.toml is sufficient.
@@ -77,7 +77,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 15
     container:
-      image: docker://rust:1.56.0
+      image: docker://rust:1.56.1
     steps:
       - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
       - run: cargo test --workspace --no-run

bin/markdownlint

@@ -4,16 +4,17 @@ set -eu
 
 bindir=$( cd "${0%/*}" && pwd )
 rootdir=$( cd "$bindir"/.. && pwd )
-markdownlintbin="$rootdir/node_modules/.bin/markdownlint"
 
-markdownlint_version=0.23.1
+version=0.23.1
 
-if [ ! -x "$markdownlintbin" ] || [ "$($markdownlintbin -V)" != $markdownlint_version ]; then
+export PATH="$rootdir/node_modules/.bin:$PATH"
+
+if ! command -v markdownlint >/dev/null || [ "$(markdownlint -V)" != "$version" ]; then
     if ! [ -x "$(command -v npm)" ]; then
-        echo 'Error: npm required to install markdownlint command'
+        echo 'Error: npm required to install markdownlint command' >&2
         exit 1
     fi
-    npm install markdownlint-cli@$markdownlint_version
+    npm install "markdownlint-cli@$version"
 fi
 
-"$markdownlintbin" "$@"
+markdownlint "$@"

policy-controller/amd64.dockerfile

@@ -1,4 +1,4 @@
-ARG RUST_IMAGE=docker.io/library/rust:1.56.0
+ARG RUST_IMAGE=docker.io/library/rust:1.56.1
 ARG RUNTIME_IMAGE=gcr.io/distroless/cc
 
 # Builds the controller binary.
@@ -7,7 +7,7 @@ ARG TARGETARCH
 WORKDIR /build
 COPY Cargo.toml Cargo.lock policy-controller/ /build/
 RUN --mount=type=cache,target=target \
-    --mount=type=cache,from=rust:1.56.0,source=/usr/local/cargo,target=/usr/local/cargo \
+    --mount=type=cache,from=rust:1.56.1,source=/usr/local/cargo,target=/usr/local/cargo \
     cargo build --locked --target=x86_64-unknown-linux-gnu --release --package=linkerd-policy-controller && \
     mv target/x86_64-unknown-linux-gnu/release/linkerd-policy-controller /tmp/
 

policy-controller/arm.dockerfile

@@ -1,4 +1,4 @@
-ARG RUST_IMAGE=docker.io/library/rust:1.56.0
+ARG RUST_IMAGE=docker.io/library/rust:1.56.1
 ARG RUNTIME_IMAGE=gcr.io/distroless/cc
 
 FROM $RUST_IMAGE as build
@@ -11,7 +11,7 @@ WORKDIR /build
 COPY Cargo.toml Cargo.lock policy-controller/ /build/
 # XXX(ver) we can't easily cross-compile against openssl, so use rustls on arm.
 RUN --mount=type=cache,target=target \
-    --mount=type=cache,from=rust:1.56.0,source=/usr/local/cargo,target=/usr/local/cargo \
+    --mount=type=cache,from=rust:1.56.1,source=/usr/local/cargo,target=/usr/local/cargo \
     cargo build --locked --release --target=armv7-unknown-linux-gnueabihf \
         --package=linkerd-policy-controller --no-default-features --features="rustls" && \
     mv target/armv7-unknown-linux-gnueabihf/release/linkerd-policy-controller /tmp/

policy-controller/arm64.dockerfile

@@ -1,4 +1,4 @@
-ARG RUST_IMAGE=docker.io/library/rust:1.56.0
+ARG RUST_IMAGE=docker.io/library/rust:1.56.1
 ARG RUNTIME_IMAGE=gcr.io/distroless/cc
 
 FROM $RUST_IMAGE as build
@@ -11,7 +11,7 @@ WORKDIR /build
 COPY Cargo.toml Cargo.lock policy-controller/ /build/
 # XXX(ver) we can't easily cross-compile against openssl, so use rustls on arm.
 RUN --mount=type=cache,target=target \
-    --mount=type=cache,from=rust:1.56.0,source=/usr/local/cargo,target=/usr/local/cargo \
+    --mount=type=cache,from=rust:1.56.1,source=/usr/local/cargo,target=/usr/local/cargo \
     cargo build --locked --release --target=aarch64-unknown-linux-gnu \
         --package=linkerd-policy-controller --no-default-features --features="rustls" && \
     mv target/aarch64-unknown-linux-gnu/release/linkerd-policy-controller /tmp/

rust-toolchain

@@ -1 +1 @@
-1.56.0
+1.56.1