Description

  • Buildah: is used to build Open Container Initiative (OCI) format or Docker format container images without the need for a daemon.

  • Podman: provides the ability to directly run container images without a daemon. Podman can pull container images from a container registry, if they are not available locally.

  • Skopeo: offers features for pulling and pushing containers to registries. Moving containers between registries is supported. Container image inspection is also offered and some introspective capabilities can be performed, without first downloading the container itself.

Podman

for WSL

  • Warning due to the Filesystem
1wsl --set-version Ub22 2

1sudo mount --make-rshared /

Podman Usage

  • Login and handle connexion to registry
 1# Set CA cert for Podman 
 2sudo mkdir /etc/containers/certs.d/my-registry.example.com/
 3openssl s_client -showcerts -connect my-registry.example.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > /etc/containers/certs.d/my-registry.example.com/ca.crt
 4
 5# Login 
 6podman login --get-login
 7podman login -u init -p xxxxxxxxxxxxxx  quay.example.com:8443
 8podman login -u registry-admin -p <PWD> registry.k3s.example.com
 9
10# Check podman context
11podman info
  • View
1# List containers
2podman ps -a 
3
4# List images 
5podman images
  • Cleanup
 1# Kill containers 
 2podman kill $(podman ps -q)
 3
 4# remove containers
 5podman rm $(podman ps -qa)
 6
 7# remove all images
 8podman rmi $(podman images -qa) -f
 9
10# Remove everything
11podman system reset
  • Export/Import images
 1# Export and Load an image 
 2podman pull docker.io/gitea/gitea:1-rootless
 3podman save docker.io/gitea/gitea:1-rootless -o gitea-rootless.tar
 4podman load < gitea-rootless.tar
 5
 6# Import in registry
 7podman load < kibana.tar
 8podman tag docker.elastic.co/kibana/kibana:8.5.3 quay.example.com:8443/kibana/kibana:8.5.3
 9podman push quay.example.com:8443/kibana/kibana:8.5.3
10podman pull quay.example.com:8443/kibana/kibana:8.5.3
  • Run a container
1podman run --rm -it registry.access.redhat.com/rhel7 /bin/bash             # run image and kill once you exit (just for test purpose) 
2podman run --rm -it rhel7 /usr/sbin/ip a                                   # the ip command does not exist in the conteneur 
3podman run -v /usr/sbin:/usr/sbin --rm -it rhel7 /usr/sbin/ip a            # so map /usr/sbin inside destination /usr/sbin then you get the ip command
4
5# Web app in workdir /opt
6podman run -d -p 8080:8000 --name="python_web" \
7       -w /opt \
8       -v /opt/rhel_data:/var/www/html ubi8/python-39 \
9       -- python -m http.server -d /var/www/html
  • Inspect from a container
1# Get the IP
2sudo podman inspect --format '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' gitea-db
3
4# State / Started At
5podman inspect -f {{.State.StartedAt}} python_web
  • Handle and check logs
1# Follow logs since 10 min 
2podman logs -f --since 10m <ContainerID>
3
4# mount log 
5podman run -v /dev/log:/dev/log --rm ubi8 logger Testing logging to the host
6journalctl | grep "Testing logging"

Skopeo

1skopeo inspect docker://registry.access.redhat.com/ubi8

Buildah

Sources

Tutorial