Even when just developing locally I never work directly from the root user.
The reason is that I don't want by accident to create new files with root privileges which then can't run in a cluster since the containers typically don't have root privileges.
In this blog we will se how we can create an dev environment able to:
- Run containers without root privileges (non-root user)
- Install dotnet sdk
- Add dotnet tools
- Run additional servers
And while we are at it - let's use our own drive name instead of the default "workspace" folder created when running the devcontainer.
Documentation you should differently read in order to understand the selected configurations in the following files:
Decontainers: add-nonroot-user
Unserstanding the docker user instruction
Change the default mount
.devcontainer/devcontainer.json
{ "name": "alpine-nvim-dev-environment", "service": "dev-machine", "dockerComposeFile": "nvim-d-c.yml", "workspaceFolder": "/home/container-user/project", "remoteUser": "container-user", "mounts": [ "source=${localWorkspaceFolder}/.devcontainer/nvim,target=/home/container-user/.config/nvim,type=bind", "source=${localWorkspaceFolder}/.devcontainer/.alpine/.bashrc,target=/home/container-user/.bashrc,type=bind", "source=${localWorkspaceFolder}/.devcontainer/.alpine/test.txt,target=/home/container-user/test.txt,type=bind" ], "customizations": { "vscode": { "extensions": [ "jebbs.plantuml", "ms-dotnettools.dotnet-interactive-vscode", "ms-dotnettools.csdevkit", "EditorConfig.EditorConfig", "ms-vscode.test-adapter-converter", "Continue.continue" ] } } } .devcontainer/Dockerfile.dev-image
FROM alpine:3.20.3 ENV USER_ID=1000 ENV GROUP_ID=1000 ENV USER_NAME=container-user ENV GROUP_NAME=container-user RUN addgroup -g $GROUP_ID $GROUP_NAME && \ adduser --shell /bin/bash --disabled-password \ --uid $USER_ID --ingroup $GROUP_NAME $USER_NAME # Ensure /home/container-user is owned by container-user RUN mkdir -p /home/container-user/.vscode-server && \ chown -R $USER_NAME:$GROUP_NAME /home/container-user RUN mkdir -p /home/container-user/project && \ chown -R $USER_NAME:$GROUP_NAME /home/container-user RUN apk update && \ apk add --no-cache \ yarn \ git \ neovim \ neovim-doc \ ripgrep \ bash \ curl \ nodejs \ npm \ sudo \ grep \ dotnet8-sdk ENV ENV=/$USER_NAME/.profile USER $USER_NAME ENV PATH="$PATH:/home/container-user/.dotnet/tools" RUN dotnet tool install --global dotnet-format RUN dotnet tool install --global Nuke.GlobalTool .devcontainer/nvim-d-c.yml
name: nvim-d-c-x services: dev-machine: build: context: . dockerfile: Dockerfile.dev-image volumes: - ..:/home/container-user/project networks: - internal command: ["sleep", "infinity"] plantuml: image: plantuml/plantuml-server:jetty networks: - internal ports: - "8080:8080" networks: internal: driver: bridge 
Top comments (0)