RHEL8 Container toolkit

Share this link

Overview

Due to the Docker replacement and following the Unix/Linux philosophy (avoid having one binary/command to do everything), new tools have been created:

  • buildah: A tool and library for building Open Container Initiative (OCI) container images.
  • podman: A daemon-less CLI/API for running, managing, and debugging OCI containers and pods.
  • scopeo: A command line utility that performs various operations on container images and image repositories.

Buildah

buildah features

A daemon-less tool for building and modifying OCI/Docker images that:

  • Preserves existing Dockerfile workflow
  • Allows fine-grained control over image layers, the content, and   commits
  • Lets you minimize container images by using tools from the   container host rather than adding them in the image
  • Shares the underlying image and storage components with Podman   and CRI-O

Additional Characteristics

  • It is a tool and library for building Open Container Initiative (OCI) container images.
  • It creates a rootfs directory on disk and allow other tools to populate the directory, then creates the container configuration JSON file.
  • It allows you to push images to a container registry where it could be used by any container engine, like Docker, Podman, CRI-O, or another Buildah.
  • It supports Dockerfiles.
  • It allows developers to build images without root.

Some Examples

  • Build a container from a Dockerfile: use a Dockerfile to build a new container image (buildah bud).
  • Build a container from another image or scratch: build a new container, starting with an existing base image (buildah from <imagename>) or from scratch (buildah from scratch).
  • Inspecting a container or image: view metadata associated with the container or image (buildah inspect).
  • Mount a container: mount a container’s root filesystem to add or change content (buildah mount).
  • Create a new container layer: use the updated contents of a container’s root filesystem as a filesystem layer to commit content to a new image (buildah commit).
  • Unmount a container: unmount a mounted container (buildah umount).
  • Delete a container or an image: remove a container (buildah rm) or a container image (buildah rmi).

Podman

podman features

A daemon-less CLI/API for running, managing, and debugging OCI   containers and pods.

Main features

  • Fast and lightweight
  • More secure: no daemon
  • Uses runC
  • Provides a ‘docker-style’ syntax for working with containers
  • Standard CNI networking
  • Remote management API via Varlink
  • Provides Systemd integration and advanced namespace isolation
  • Compatible with Docker images
  • More than just Docker, it can also manage pods

Syntax

  • Podman syntax is identical to Docker’s in most cases
  • Tip: alias docker=’podman’

Scopeo

scopeo features

A comprehensive tool and library to inspect, sign, and transfer images.

Main features

  • Inspect image manifests
  • Sign and verify image manifests
  • Push/pull images
  • Currently the only tool capable of copying images between registries
  • Disconnected environments
  • Same code base as the/containers/image library which is used by buildah, podman, and CRI-O

Some examples

  • It is a command line utility that performs various operations on container images and image repositories.
  • It allows to copy an image from and to various storage mechanisms. For example you can copy images from one registry to another, without requiring privilege.
  • It can inspect a remote image showing its properties including its layers, without requiring you to pull the image to the host.
  • It can delete an image from an image repository.
  • When required by the repository, skopeo can pass the appropriate credentials and certificates for authentication.
  • It can sign and verify image manifests.

Source: Crunchtools website.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Upcoming Events (Local Time)

  1. Jan
    31
    Fri

    1. 9:00 am - View Details
      CentOS: Dojo, Brussels, Belgium.

RHCSA7: Task of the day

Allowed time: 5 minutes.
Create a new user account called "bob" with password "redhat" and set expiration in one week.

RHCE7: Task of the day

Allowed time: 10 minutes.
Set up a caching-only DNS server.

Follow me on Twitter

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...