container tools red hat enterprise linux 8 · red hat® enterprise linux® (podman, buildah, and...
TRANSCRIPT
![Page 1: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/1.jpg)
RED HAT ENTERPRISE LINUX 8CONTAINER TOOLSUnderstanding how Red Hat Enterprise Linux 8 provides a foundation for building and deploying containers
Dan WalshSenior Distinguished Engineer
May 2019
Scott McCartyPrincipal Technology Product Manager
![Page 2: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/2.jpg)
Please Stand
![Page 3: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/3.jpg)
Please read out loud all
text in RED
![Page 4: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/4.jpg)
I Promise
![Page 5: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/5.jpg)
To say Make a copyRather than
Make a Xerox
![Page 6: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/6.jpg)
I Promise
![Page 7: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/7.jpg)
To say Tissue
Rather than Kleenex
![Page 8: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/8.jpg)
I Promise
![Page 9: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/9.jpg)
To say Container Registries
Rather than Docker registries
![Page 10: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/10.jpg)
I Promise
![Page 11: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/11.jpg)
To say Container Images
Rather than Docker images
![Page 12: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/12.jpg)
I Promise
![Page 13: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/13.jpg)
To say Containers
OrOCI Containers
Rather than Docker Containers
![Page 14: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/14.jpg)
Sit Down
![Page 15: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/15.jpg)
TRADITIONAL DEVELOPMENT
THE JOURNEY
Find Run Build
Single node
![Page 16: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/16.jpg)
THE JOURNEY
TRADITIONAL DEVELOPMENT
Find Run Build Share
Single node+
![Page 17: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/17.jpg)
THE JOURNEY
TRADITIONAL DEVELOPMENT
Find Run Build Share
CLOUD-NATIVE
Integrate Deploy
Multinode
![Page 18: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/18.jpg)
Red Hat® Enterprise Linux®
(Podman, Buildah, and Skopeo, Universal Base Image)
THE JOURNEY
TRADITIONAL DEVELOPMENT
Find Run Build Share
CLOUD-NATIVE
Integrate Deploy
Red Hat Quay
Red Hat OpenShift® Container Platform (Kubernetes)
Can start anywhere
![Page 19: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/19.jpg)
CUSTOMER NEEDS
CAPABILITY TECHNOLOGY PRODUCTS
Single node
Multinode
Linux andcontainer tools
Linux andKubernetes
![Page 20: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/20.jpg)
UNDERSTANDING CONTAINER TOOLS
![Page 21: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/21.jpg)
CONTAINERS DON’T RUN “ON” DOCKER
Containers are processes—they run on a container host. Containers are Linux.
Containers are defined by the Open Containers Initiative (OCI), a collaborative project hosted by the Linux Foundation.
The docker daemon is one of the many user space tools/libraries that talk to the kernel to set up containers.
![Page 22: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/22.jpg)
![Page 23: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/23.jpg)
CONTAINER HOST PROCESSESRegular processes, daemons, and containers all run side by side
Tightly coupled communication through the kernel—all-or-nothing feature support:
Operating system (kernel)
Container runtime (runC)
Container engine
The whole stack is responsible for containers—the container host
Regularprocesses
systemd
Containerizedprocesses
CONTAINER ENGINE
LINUX KERNEL
Namespaces
Iptables
SELinux
UDP
Capabilities
TCP
Cgroups
Overlay
Seccomp
XFS
Graph driver
VFS
Runtimes
Container engine
![Page 24: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/24.jpg)
SKOPEO
TECHNOLOGIES
Sign
Inspect
Verify
Move
CHI
Graph drivers
JSON
OCI dist spec
TAR
GZIP
CONTAINER HOST STORAGEInspect, move, sign, and verify image layers
Container engines and runtimes rely on the kernel for storage:
Cached container images map to layered file system
Running containers often use an extra copy on write layer
Container registry Container host
Image layer
Container repository
Container repository
Image layer
Image layer
Image layer
Graph driver
push/pull
![Page 25: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/25.jpg)
INTRODUCING RED HAT ENTERPRISE LINUX 8 CONTAINER TOOLS MODULE
![Page 26: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/26.jpg)
APPLICATION STREAMS USE MODULESEach module defines its own life cycle, which is closer to the natural life
of the application rather than the Red Hat Enterprise Linux life cycle.
1
UPDATES BY YEAR
8
PostgreSQL 9.4 stream
PostgreSQL 10 stream
PHP 7.1 stream
PHP 7.2 stream
2 3 4 5 6 7
![Page 27: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/27.jpg)
THE CONTAINER TOOLS MODULE
One module delivered with multiple application streams based on different use cases:
● The Red Hat Enterprise Linux 8 stream delivers new versions for developers● The versioned, stable streams provide stability for operations
1 8
RHEL 8fast stream
V1stable stream
V2stable stream
2 3 4 5 6 7
UPDATES BY YEAR
![Page 28: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/28.jpg)
MAJOR TOOLS IN THE MODULE
skopeo
![Page 29: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/29.jpg)
Replacing Docker With Podman
By Dan Walsh @rhatdan
![Page 30: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/30.jpg)
dnf install -y podman
![Page 31: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/31.jpg)
dnf install -y podman
alias docker=podman
![Page 32: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/32.jpg)
QuestionsBlog: https://podman.io/blogsGithub:
● https://github.com/projectatomic/libpod (podman)● https://github.com/containers/storage● https://github.com/containers/image● https://github.com/containers/buildah
IRC: freenode: #podmanSite: https://cri-o.io
![Page 33: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/33.jpg)
![Page 34: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/34.jpg)
DEMO
#nobigfatdaemons
![Page 35: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/35.jpg)
MODERN CONTAINER TOOLSProviding stability, flexibility, and performance with containers and images
skopeo
Container-tools – OCI tooling to create, run, and manage Linux containers with an enterprise life cycle
Conform to the OCI image and runtime specifications
Daemon-less, OS-native container tooling
Separation of concerns
![Page 36: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/36.jpg)
CONTAINER TOOLSImproved security model, stability, and life cycle
A daemon-less CLI/API for running, managing, and debugging OCI containers and pods
Fast and lightweight
Uses runC
Provides a “docker-style” syntax for working with containers
Standard CNI networking
Remote management API via Varlink
Provides systemd integration and advanced namespace isolationRED HAT ENTERPRISE LINUX KERNEL
![Page 37: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/37.jpg)
Deliver image to a local store or remote OCI/Docker registry
Commit storage and generate the image manifest
CONTAINER TOOLSImproved security model, stability, and life cycle
A daemon-less tool for building and modifying OCI/Docker images
Preserves existing Dockerfile workflow
Allows fine-grained control over image layers, the content, and commits
Lets you minimize container images by using tools from the container host rather than adding them in the image
Shares the underlying image and storage components with Podman and CRI-O
Start from an existing image or from scratch
Generate new layers and/or run commands on existing layers
![Page 38: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/38.jpg)
CONTAINER TOOLSImproved security model, stability, and life cycle
skopeo A comprehensive tool and library to inspect, sign, and transfer images.
Inspect image manifests
Sign and verify image manifests
Push/pull images
Currently the only tool capable of copying images between registries
Disconnected environments
Same code base as the/containers/image library which is used by buildah, podman, and CRI-O
Inspect
Sign/verify
Transfer between registries
![Page 39: CONTAINER TOOLS RED HAT ENTERPRISE LINUX 8 · Red Hat® Enterprise Linux® (Podman, Buildah, and Skopeo, Universal Base Image) THE JOURNEY TRADITIONAL DEVELOPMENT Find Run Build Share](https://reader035.vdocument.in/reader035/viewer/2022071010/5fc8087883914757f363b818/html5/thumbnails/39.jpg)